Cyber Security Transformation and IT Governance, Risk, Compliance (GRC)

Cybersecurity Teaming Against Evolving Threat Landscape

Background
At early 2017, Govtech released an article which summarized the top cybersecurity prediction for 2017 from several organizations and companies. If we look back at 2016, cybersecurity attacks are evolved along with the rise of cloud computing, big data, social media, IoT, machine learning, AI, drones, etc. Cybersecurity has important roles to ensure and protect Confidentiality, Integrity, Availability, and Accountability with regard to the aspects of People, Process, and Technology.

Based on those predictions, most of organizations are mentioned IoT and Malware (including ransomware). For malware-related attack, we have heard about Advanced Persistent Threat (APT), Ransomware, and Fileless malware. I will explain more on other articles for these kind of malware-related attack. For IoT, surprisingly it can be used both as target and attack vector. One of well known IoT malware is Mirai. Mirai is a botnet which can perform DDoS attack by utilizing the infected IoT devices. We can find the analysis and (surprisingly) the source code.

I will not explain in detil regarding the cybersecurity predictions in this article.

Security Architecture
SABSA is the business-driven and risk-based methodology for developing Enterprise Security Architecture. Shorly, security is not just independently about People, Process, and Technology, but how we govern, manage, collaborate, and integrate those aspects. In my several engagements regarding enterprise security architecture or cybersecurity transformation, I always emphazise the importance of top-down approach. By the way, here is short explanation about SABSA.

Basically, security-related activities are part of risk management activities. Security practices are about how to minimize and mitigate risks, which can be a technical or process/procedural matter. If we look at top layer of SABSA, it is the same as first part in risk management, which is establishing context. Unclear context understanding will cause ineffectivity in managing and implementing cybersecurity program.

Why should we understand security architecture, while we want totalk about cybersecurity teaming? Let's continue tounderstand it.

Cybersecurity Team
Refer to this article, we can divide cybersecurity team in three categories: Red, Blue, Purple.
  • Red : Offensive team; consists of penetration tester (internal and external)
  • Blue : Defensive team; implement security technology; consists of cybersecurity engineer
  • Purple: Integration and collaboration of Red and Blue team


If we look at the team categories, do you feel that there is something missing? Correct. There is no role above which can translate the Contextual Security Architecture into Operational Security Architecture. Especially in FSI, the context of security can be driven by regulatory compliance (e.g. Central Bank Regulation) and certain standards (e.g. ISO 27K, PCI-DSS, HIPAA). Let us call it the "White Team", a team who has to:
  • understand how to fulfill the security requirements among the stakeholder of cybersecurity
  • understand what organization security posture and exposure
  • ensure that the organization comply with related regulation and standards
  • address the security risks and how to mitigate it
  • ensure that security practices covers the collaboration and integration of People, Process, and Technology
  • ensure that cybersecurity program align with the context ofthe organization in cybersecurity matter


Sample Case: Prevent Malware Attack
Assuming we want to prevent advanced malware attack. Here are the roles of each team:
  • White Team: Develop security control to prevent malware attack which refer to ISO27K, PCI-DSS and NIST SP 800-83; give awareness to information custodian and users regarding malware prevention
  • Blue Team: Enhance security technology capabilities; implement advanced threat defense solution, threat intelligence, and endpoint security; implement next generation SIEM to simplify monitoring process and improve visibility;
  • Red Team: Simulate malware attack (you can refer to Cyber Kill Chain)
  • Purple Team: Develop attack scenario using Cyber Kill Chain method or other approach; develop plan and evaluate active defense strategy


Note: Incident response and handling roles can be part of Blue or Purple team.

Conclusion
There are many attack scenario and active defense strategy we can develop to accomodate the effective method of preventing advanced attack and ensure that cybersecurity team have capabilities to identify, protect, detect, response, and recover the attack which more complicated along with the evolvement of threat landscape.
You must sign in to rate content.
(Unrated)

Comments

RE: Cybersecurity Teaming Against Evolving Threat Landscape

Great post!

Recently I am carrying out a research for my final year dissertation in Trinity College. The primary aim of my research is to explore the factors influencing the adoption of Information Security Management Systems (ISMS) standards and frameworks.

I would like to invite you to participate in this research project. You will be requested to complete a survey through SurveyMonkey, which should not be more than 15 minutes. This survey is totally anonymised. The research information sheet and participants consent form are at the first page of the online survey. It will provide detailed information about my research and the way in which I conduct my research.

Online survey link: https://www.surveymonkey.com/r/5BD9HVG

All information obtained will be treated confidentially and no name of individuals or organisations will be saved in any format throughout the process.

I can send you a copy of my final dissertation if you have interests. And it will be ready after 1st Sep 2017.

All your responses and suggestions are appreciated.  And thank you for your participating.

Many Thanks,

KAI720 at 6/13/2017 10:26 AM
You must sign in to rate content.
(Unrated)

RE: Cybersecurity Teaming Against Evolving Threat Landscape

Great post!

Recently I am carrying out a research for my final year dissertation in Trinity College. The primary aim of my research is to explore the factors influencing the adoption of Information Security Management Systems (ISMS) standards and frameworks.

I would like to invite you to participate in this research project. You will be requested to complete a survey through SurveyMonkey, which should not be more than 15 minutes. This survey is totally anonymised. The research information sheet and participants consent form are at the first page of the online survey. It will provide detailed information about my research and the way in which I conduct my research.

Online survey link: https://www.surveymonkey.com/r/5BD9HVG

All information obtained will be treated confidentially and no name of individuals or organisations will be saved in any format throughout the process.

I can send you a copy of my final dissertation if you have interests. And it will be ready after 1st Sep 2017.

All your responses and suggestions are appreciated.  And thank you for your participating.

Many Thanks,

KAI720 at 6/13/2017 10:26 AM
You must sign in to rate content.
(Unrated)

RE: Cybersecurity Teaming Against Evolving Threat Landscape

Great post!

Recently I am carrying out a research for my final year dissertation in Trinity College. The primary aim of my research is to explore the factors influencing the adoption of Information Security Management Systems (ISMS) standards and frameworks.

I would like to invite you to participate in this research project. You will be requested to complete a survey through SurveyMonkey, which should not be more than 15 minutes. This survey is totally anonymised. The research information sheet and participants consent form are at the first page of the online survey. It will provide detailed information about my research and the way in which I conduct my research.

Online survey link: https://www.surveymonkey.com/r/5BD9HVG

All information obtained will be treated confidentially and no name of individuals or organisations will be saved in any format throughout the process.

I can send you a copy of my final dissertation if you have interests. And it will be ready after 1st Sep 2017.

All your responses and suggestions are appreciated.  And thank you for your participating.

Many Thanks,

KAI720 at 6/13/2017 10:26 AM
You must sign in to rate content.
(Unrated)

Leave a Comment

You must be logged in to post a comment.