Process – Page 4 – The SECOND Advisories Limited

Credential

24th May 202024th May 2020 By cliangNo Comments

It's the secret to access your protected resources in the network, or the cyber space. Therefore, you have to keep it to yourself only, traditionally. If we adopt the business continuity concept in personal life, then somehow the secret must be shared with your significant half or else the access is gone forever. Of couse, this must be arranged in advance like asset escrow but so far no credible service in the market for this cyber entity. For optimal & practical setup, use 2-step authentication (most portals now have this feature) and store the password in sealed envelop. This is a split secret arrangement. You hold the second factor with you to control access even the sealed envelop is compromised. ...

Anonymity

16th May 202016th May 2020 By cliangNo Comments

Privacy is a major concern nowadays. Sensitive info need to be tokenized or masked while leaving functional info unchanged during business analytic or conducting system tests. Nevertheless, a function might be uniquely provided by a particular individual within the information sample. In this case, even if the identity is masked, the functional aspect can also traced back to that particular individual. This is something like weak hashing function subject to reversible attack. This is the situation to watch out and need to voice out the limitation to data subject and data owner. ...

Recovery

27th April 202027th April 2020 By cliangNo Comments

We heard a lot to have frequent backup as mitigation measure to recover system from attack, most likely from ransomware. While periodic backup is important, the hard part is when do we know if the recovered system still carried the malicious codes that threat actor has planted? That said, the backup has already included the persistent threat. This is complex and situation specific. Some thoughts can be considered: Have digital forensic expert to examine the infected system, understand the attack path and the trigger for malicious codes, revalidate these behaviors after complete system recovery before back to businessSegregate contents from codes; so that a clean system can be built. The challenges are the configuration and data connector; whether persistent threat is stored as data (usually in external supplied content like readers' comment) There is no bullet proof solution but to maintain a hygiene information processing environment in reducing the likelihood: Adopt SecDevOps to address weakness during development and subsequent operationsConduct periodic holistic cybersecurity assessment...

Life Cycle Management #2

16th April 202016th April 2020 By cliangNo Comments

Like in physical world, automation components do have life time. Example is mechanical attributes of traditional hard disk drive, they are also subject to wear-and-tear during operating life. Storage technology now uses solid state without mechanical portion, we must not forget the underlying platform and applications. Apparently they won't have wear-and-tear operating condition, but the advancement of technology adoption will introduce obsolescence of the platform and applications. From vendors perspective, they will retire products not longer fit for purposes in the market and therefore drop resources to support. Hence, even if your automation components are still operating with minimal wear and tear condition, these components will still need to be refreshed for new version, bugs / vulnerabilities fixed, continuous vendor support in order to maintain the business outcome. Proper life cycle management of the ICT/ICS components cannot be overlooked. ...

Sense of Security

6th April 20206th April 2020 By cliangNo Comments

This is largely based on preception and trust. How do I trust if the infrastructure or system is secure? We need to look at these core elements: Any regulatory mandate in this industry sector? Pick public transportation as example, mandatory insurance coverage, regular inspection for license renewal, periodic operator training, compliance with safety regulations etc.How well is the service provider doing among peers? Let's say, the type and severity or incidents of this provider in past years among others, rating from customer reviews and comments.How does the service provider demonstrate what has been done to secure? Common examples are personal data handling transparency via the published privacy policy, alert end user on login from other rare locations, security tips in their official portal, committed service level pledge. All the above are applied in both the physical and cyber worlds. ...

Risk Taking

11th March 202011th March 2020 By cliangNo Comments

We can't have 100% secure solution in the course of business. We need to evalate risk and reduce to acceptable level to achieve our mission. The hard part is an objective assessment of risk with predicted likelihood and the associated value tied with the consequence. The decision support is to review the business outcome values vs the cost to reduce the likelihood. For cyber risk, it is more challenging since when new threats are uncovered, they become immediate impacts. The frequency cannot be predicted using traditional approach. At worst, be prepared bad thing happens with reasonable efforts to recover instead to prevent any KNOWN threats, because there are so many unknowns beyond imagination. ...

When Security System Fails

17th February 202017th February 2020 By cliangNo Comments

Security function of the business or physical process is protected by security system. Specific security system for the latter is the SIS (Safety Instrumented System). When security system fails, its intended function fails too. It could be lost of view, view being manipulated, sub-standard product produced, high value asset damage, environment pollution and most seriously human fatality. When assessing business impacts, we must not forget to assess the entire ecosystem including these auxiliary systems. ...

Broken Process

29th January 2020 By cliangNo Comments

Secure process by design should be secure if operated according to prescribed scenarios. Passenger screening for human and hand-carried items before entering the departure zone deploys multiple means: Administrative: limited quantity of fluid and no sharp objects, Technical enforcement: human and bags scanning to detect violation If everything goes into departure zone thru this process, then exception can be picked up and assure the policy mandate. But what about supplies to the shops inside the zone? Do these go thru similar process? If not, it's backdoor and a broken process....

Deception

9th January 2020 By cliangNo Comments

Everything on earth has good or evil perspectives, same for deception in cyber world. We heard a lot about phishing or scam that is the evil side of deception. However, there is the need for good deception in the cyber space. To understand how threat actors penetrate or launch attacks, honeypots are established to let them take the bait. Honeypots can be vulnerable web sites, decoy email address or decoy social network identity that are under monitoring. For vulnerable systems, researchers are able to understand the behaviors and TTP of threat actors from reconnaissance, access, ex-filtrate data, cover the track. Effective counter-measures can be developed in the cyber kill chain. For phishing, researchers are able to spot if new exploits are deployed in content rich email or attachment to masquerade the malicious attempts then alert the community. Scams from social network could also be traced to inform law enforcement agency to take down the malicious identities....

If Not Now, When?

13th November 2019 By cliangNo Comments

It has been used in S4x13 theme. This blog is part 1 of 2. Most often, security technology sales send security alerts to top management to demonstrate their value preposition. Top management is likely forward this "intel" to cybersecurity management team simply with "Please handle" to relieve their obligations from getting intel but do nothing. Cybersecurity management team obtains this directive, then drives the ICT/ICS workforce to apply the recommended work around (change system configuration, apply security patch) and compiles a dashboard for reporting completion status. The ICT/ICS workforce dare not to say no but to accommodate such executive order at extra work load from routine work. This isn't an effective cybersecuruty management. The proper means is to assess the threat, current protection and business consequence. The "Now, Next, Never" in S4x19 best describes the correct attitude. So, if not now, could be next or even never....