Unit 6 Risk-Based Cybersecurity, Change Management Exposure and Response Flashcards
6 OECD principles of governance
Fair and transparent markets All classes of shareholders treat the same Investments market duties Rights of stakeholders Clarity and accuracy of reporting Board responsibilities
PwC Ten guiding principles of change management
1, Address the human side of change systematically
2. Change starts at the top and begins on day one
3, Real change happens at the bottom
4. Confront reality, demonstrate faith and craft a vision
5. Create ownership not just buy in
6. Practice targeted over-communication
7. Explicitly address culture and attack the cultural centre
8. Assess the cultural landscape early
9. Prepare for the unexpected
10. Speak to the individual as well as to the institution
Best practice approach - 8 questions to ask?
Is employee and supplier security training mandatory?
Are employees unable to access organizational sensitive information on a personal device?
Do employees need to use more than 2 or 3 user names and passwords to access main business applications?
Can employees plug non organisational devices into main network without permission?
Do any key systems or applications fall over on week days?
Do employees and contractors feel organisation is a good place to work?
Has the organization been kept safe from cybersecurity breaches in last 12 months?
Does security extend to cloud, mobile, supplier services and social media service?
Contents of information asset register
List organisation’s assets
Identify key assets
Describe the assets
Identify the asset owners
What is SIEM?
Security incident event management
Two aspects of SIEM
Processes and capabilities
Five stages of SIEM process
Detection and reporting Verification Isolation (quarantining) Cleaning (mitigation and restoration) Review (analysis of patterns and process activities)
6 stages of attack Lockheed Martin kill chain
Reconnaissance Weaponisation Delivery Exploitation Installation Command and control
Six Lockheed Martin cyber kill chain defences
Detect - determine whether attacker investigating options
Deny - prevent information disclosure and unauthorized access
Disrupt - stop or change outbound traffic to atacker
Degrade - counter attack command and control
Deceive - interfere with command and control
Contain - network segmentation changes
8 emerging threats
More information More processing power More smaller devices Subscription business models Internet of things Augmented reality Nano technology Wet wiring (devices wired to human nervous system eg artificial limbs).
6 cyber security concerns related to Internet of Things
Critical functionality Replication Security assumptions Not easily patched Long life cycle Proprietary industry specific protocols Outside enterprise security perimeters
What is a security event?
A term used to describe a minor disruption to the digital landscape that is thought to be unintentional eg a single user forgetting a password.
Cybersecurity for beginners
What is a security incident?
Intentional damage, theft and/or unauthorised access that has a direct or indirect impact to any substantial part of an organisation’s information, systems, devices, services or products.
Cybersecurity for beginners
What is an alert status?
An escalation flag that can be assigned to a security incident to indicate that ir can not be managed inside allowable time limits or other acceptable tolerances that are defined by an organisation’s security processes.
Cybersecurity for beginners
What is a kill chain?
A conceptual cyber defence model that uses the structure of attack as a model to build a cyber defence strategy.
Cybersecurity for beginners