Week 2 - Lecture 2 - Cybersecurity Strategy and Framework PDF

Summary

This document is a lecture on cybersecurity strategy and framework, covering topics such as ransomware and its different types, how it works, and security controls. It also discusses physical security, data center security, and the human factors in security.

Full Transcript

CSEC1001K : Foundation of Computing and Cyber Security Week 2 Lecture 2: Cyber Security Strategy, Controls and Framework Outline Cyber Security Strategy Cyber Security Controls Cyber Security Framework Physical Security A Cyber Security Strategy...

CSEC1001K : Foundation of Computing and Cyber Security Week 2 Lecture 2: Cyber Security Strategy, Controls and Framework Outline Cyber Security Strategy Cyber Security Controls Cyber Security Framework Physical Security A Cyber Security Strategy A Cyber Security Strategy It is a high-level plan for how an organization will secure its assets during the next three to five years. As technology and cyber threats can both evolve unpredictably, the cyber security strategy is used to get updated sooner than three years. https://preyproject.com/blog/cybersecurity-frameworks-101 Cyber Security Controls Cyber Security Controls Security controls are countermeasures or safeguards used to reduce the chances that a threat will exploit a vulnerability. They are used to develop/implement your Cyber Security strategy. https://purplesec.us/security-controls/#SecurityControls Controls / Countermeasures From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Controls / Countermeasures https://purplesec.us/security-controls/#SecurityControls Top Security Threats Crypto Ransomware A type of malware that restricts access to the infected computer system in someway and demands that the user pay a ransom to the malware operators to remove the restriction. Examples: Encrypt personal files (images, movie files, documents, text files) Encrypt files on shared network drives/resources Lock system access using login Crash system through resource use How Does It Work? How is it injected? Botnet Phishing Email Drive-By Download Malicious App Malicious websites Legitimate websites that have malicious Security exploits code injected in vulnerable software >200 Crypto-Ransomware Families Badrabbit Wannacry LockDroid KeRanger CryptoApp PayCrypt Encryptor RaaS XRTN Job Cryptor Default payment method Troldesh VaultCrypt Hi Buddy Coinvault Tox Radamant Vipasana Zerolocker Cryptvault Unix.Ransomcrypt Hydracrypt Cryptowall TorrentLocker BandarChor CryptInfinite Umbrecrypt Gpcoder Reveton Urausy Nymaim Onion TeslaCrypt LowLevel404 Locky 2016 2005 - 2012 2013 2014 2015 2017 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Kovter Browlock Linkup Slocker Cryptolocker2015 Dumb Ransom32 73v3n CTB-Locker/Citron Simplocker Maboua OSX POC CryptoJocker Synclocker Pacman Power Worm Nanolocker To hide C&C server Virlock Pclock DMA-Locker LeChiffre Threat Finder Gomasom Magic Hidden Tear Chimera Locker Ginx ORX-Locker To Pay or Not to Pay! https://www.malwarebytes.com/pdf/white-papers/UnderstandingTheDepthOfRansomwareIntheUS.pdf WannaCry-Ransom Note (May 2017) What about the traceability of the bitcoin adresses? Security Controls to Address Ransomware A Cyber Security Framework A Cyber Security Framework A Cyber Security framework is a system of standards, guidelines, and best practices to manage risks that arise in the digital world. They typically match the objectives of your cyber security strategies, like avoiding unauthorized system access, with the proper security controls, like requiring a username and password. https://www.techtarget.com/searchsecurity/tip/How-to-develop-a-cybersecurity-strategy-Step-by-step-guide Cyber Security Strategy Physical Security Technology and Security “If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. “ --Bruce Schneier Physical Protection System Terminology – Safety refers to the systems that react to abnormal events by minimizing their impact, preserving human life, and protecting properties Event examples: fire, flood, earthquakes, natural or human accidents – Security represents the systems that delay, detect, prevent, respond to, interrupt a human adversary Event examples: industrial espionage, direct facility attack, insider theft, employee strike The Goal of Physical Security To provide a safe environment for all assets and interests of the organization. First Requirement Life Safety Safety of people is the primary concern. In an emergency situation, the organization must ensure the safety of personnel before the safety of the facility. Threats to Physical Security Natural/Environmental (e.g., earthquakes, floods, storms, hurricanes, fires) Threats to Physical Security Utility Systems (e.g., communication outages, power outages) Threats to Physical Security Human-Made/Political Events (e.g., explosions, vandalism, theft, terrorist attacks, riots) CPNI – Centre for the Protection of National Infrastructure The government authority for protective security advice to the UK national infrastructure. To protect national security by helping to reduce the vulnerability of the national infrastructure to terrorism and other threats. Accountable to the Director General of MI5 – Provide advice to industry – Publish free advice General Advice Physical Security Personnel Security Cyber Security https://www.cpni.gov.uk CBR – Chemical, Biological and Radiological defence – Filter Air Conditioning – Plan shutdown of systems that will spread airborne hazards (Fans, Computers) – Ensure doors and windows can be closed quickly – Have a plan https://www.dst.defence.gov.au/partnership/chemical-biological-and-radiological-defence-cooperative-program A Layered Defense Model Perimete r Building Grounds Building Entrance Building Floors/Office SuitesCenters Offices/Data Equipment/Supplies, Media Start with a Detailed Site Selection Process – Where and how a building should be built? Does your business have specific physical security concerns? Is it vulnerable to crime, riots, or terrorist attacks? Is it vulnerable to natural disasters? Where is it located in relationship to adjacent buildings and/or other businesses? How far away is it to other types of threats? What are neighborhood crime rates and types? SAPMA – Security Assessment for Protectively Marked Assets – Based on 3 primary elements: Delay Deter Detect – You have to get above a specific score to pass at a specific level Delay – Secure Storage Containers Locks – Perimeter Fences Building Entry Point Protection: Locks – Most accepted and used physical security device – To keep honest people out but for unauthorized people who wish to gain access, locks are easily picked and keys can be readily duplicated. – All lock types are subject to force and special tools that can be used to gain entry! – Should be just one aspect of many physical security controls! Building Entry Point Protection: Electronic Physical Controls – Card Access Controls or Biometric Systems Smart cards, Magnetic Stripe cards, etc. Fingerprint, retina scans, signature dynamics, voice recognition, etc. Deter – Entry Control – Visitor Control – Access Oversight Guards – Compliance Checks Searches Controlled Access Points: Fences – To enclose security areas and property boundaries. – Federal, state, or local codes may apply (depending on your location and industry). – No parking should be allowed near fences. Controlled Access Points: Gates & Bollards – Gates The number of gates should be kept to the minimum necessary. – Bollards Bollards have a variety of sizes and shapes depending on the use. Retractable bollards are designed for use in traffic control. Provides security against vehicles ramming into, or stopping near buildings. Guards and Guard Stations – Guards Can provide a deterrent Must be motivated and attentive What might happen if they – are bored or distracted (by TVs, surfing the Internet)? – Guard Stations Ensure clear sight lines and access to main doors If in a high threat environment, guard stations are constructed with bulletproof walls, doors, or windows. Data Center or Server Room Security – Walls: Construct the room as a single unit to prevent digging. – Solid, fire-proof, etc. – Multi-Factor Access Controls (badge/smart cards/biometric devices). – Post an access control list on the outside of the door, indicating who is allowed. – Have access control policies for daytime use, after-hour use, or during an emergency. – Closed-circuit television (CCTV) to view visitors. Detect – Guard Provision – Building Detection Intrusion Detection System (IDS) o Detection systems within a building CCTV o Also known as video surveillance – Perimeter Detection Perimeter Intruder Detection System (PIDS) o Detections systems around the perimeter of a site o CCTV Consider the human factors Pre-Employment Screening Ongoing Personnel Security Remote Working Security Culture Insider Threat Humans are the weakest link in any security system Motivation of Insider Threats – Financial gain – Competitive advantage – Political – Knowledge – Terrorism – Revenge – Power – Curiosity Questions

Use Quizgecko on...
Browser
Browser