Cyber security Flashcards
What can disruption look like
Stuxnet
Notpetya cyber attack
Solarwinds attack
microsoft exchange breach
Facebook data leaked
Crowdstrike EDR disruption
SANHLS
Definitions types aswell
Phishing
Whailing
Malware
Social engineering
DDos
Randsomeware process
Infection
Security key exchange
Encryption
Extortion
Recovery
What happens during a cyber secuirty attack
Intrusiojn
Lateral movement
Execution
Who is the mastermind behind this attack
Initial access broker
Randsomeware affiliate
data manager
Randsomeware operator
Negotiator
Chaser
Accountant
Team?
oa smart sat
Organisational Senior leaders Member of the Board of Directors, CEO, CFO, COO, CLO, CPO, CRO,
Product and Business line leaders, Communications/Public Relations
Director
Adjacent/Ancillary Roles Human Resources, Business Analysts, Internal Readiness/Training,
Internal and External Communications
Risk and Compliance Roles Risk Team, Compliance and Audit Team
Technology Senior Leaders CDO, CIO, CTO, CISO, Enterprise Security Integration, Technology
Directors, Security Directors
Architects Enterprise Architect, Security Architects, Infrastructure Architect,
Business Architect, Information Architect, Access Architect, Solution
Architect, Software/Application Architects
Managers Technology Manager, Security Manager, Security Operations (SecOps)
Manager, Product Line Manager, Product Owner
Security Posture Management Security Posture Management, Security Governance and Compliance
Management, People Security (User Education and Insider Risk)
Team introduction (2) – typical of a large organisation
Role Type Roles
Technical Engineering and
Operations
Cloud engineering and Operations, Endpoint/Productivity, Identity,
Infrastructure, Network, Data Security, Operational Technology (OT)
Security, Security Posture Engineering and Operations
Application and Product
Security
Application Team Manager, Software Security Engineer, Software
Developer, Internet of Things (IoT) Security
Security Operations Triage Analyst, Investigation Analyst, Threat Hunting, Detection
Engineering, Attack Simulation (Red and Purple Teaming), Incident
Management (IM), Threat Intelligence (TI)
The new rules of the game?
- Agile security (Long term initiative, start immediately on top
priorities) - Zero trust (protecting a warehouse)
- Assume failure, protect crown jewels, reduce blast radius
- Assume success, learn to adapt to risks, manage risks
- Failure is not an option – respond and recover with speed
The Zero trust commandments:
Practice Deliberate Security
Support Business Objectives
Develop a Security-Centric Culture
Deploy Agile and Adaptive Security
Practice Deliberate Security
Practice Deliberate Security
Secure Assets by Risk
Security controls shall be designed to protect business assets appropriate to required security posture, business value, and associated risk.
Validate Trust Explicitly
Security assurance shall rely on explicitly validating trust decisions using all relevant available information and telemetry.
Support Business Objectives
Support Business Objectives
Enable Modern Work
Security discipline shall enable productivity and manage risk as the organizational capabilities, goals, environment, and infrastructure continuously evolve.
Implement Asset-Centric Controls
Asset-specific security controls shall be implemented whenever available to minimize disruption of productivity, increase precision of security/business visibility, and improve data used to drive security compliance metrics.
Enable Sustainable Security
Security controls shall be sustainable across the full lifecycle of the business asset.
Develop a Security-Centric Culture
Develop a Security-Centric Culture
Practice Accountability
The entities responsible for accessing and handling assets shall be responsible for their protection and survival throughout their lifetime.
Enable Pervasive Security
Security discipline shall be explicitly included in the culture, norms, and processes throughout the organization.
Utilize Least Privilege
Access to systems and data shall be provided only as required, and access shall be removed when no longer required.
Deploy Simple Security
Security mechanisms shall be as simple as possible while retaining functionality and remaining pervasive, practicable, and scalable.
Deploy Agile and Adaptive Security
Deploy Agile and Adaptive Security
Make Informed Decisions
Security teams shall make decisions based on the best available information.
Improve and Evolve Security Controls
Security teams shall continuously evolve and improve to remain successful in an environment that constantly changes.
Utilize Defense in Depth
Security mechanisms and controls shall be layered to enhance resilience and preserve integrity.
Enable Resiliency
Security systems shall ensure the organization can operate normally under adverse conditions.
Zero trust definition, core principles, benefits, implementation and ZTA
Definition:
Zero Trust is an asset-centric security approach designed to protect data, applications, APIs, and integrations on any network, including cloud, internal, and public/untrusted networks.
Core Principles:
Focuses on data-centric security and policy-driven controls.
Incorporates modern identity management and establishes security zones/domains.
Benefits:
Provides flexibility, agility, and adaptability for businesses.
Ensures confidentiality, integrity, and availability of business assets.
Implementation:
Achieved through a comprehensive strategy that combines existing investments with new capabilities.
Zero Trust Architecture (ZTA):
The architectural framework for implementing Zero Trust using standards, technical patterns, and guidance tailored to organizations.
Zero trust key driver
Evolving business models
Evolving threat landscape
Emerging partnerships
rapid changing technology
Regulatory, Geopolitical and cultural forces
Disruptive events
sUPPORTING REMOTE WORK