Black List, White List, Sandbox

By cliangNo Comments
Malware is the key attack act in the cyber space. Black list is used in anti-malware protection, anti-spam or web site filters for blocking the bad.  This will require frequent update of the black list definition because new species will evade the filter.  Then we don't know what we don't know. To nail down to the scenario we know what we know, white list defines trusted components or connection and permits their execution.  Examples are application white listing technology or firewall rules. So, what about something in between?  This is because either white list or black list demands regular definition update for effective protection.  Sandbox technology provides an isolated environment to execute and observe behaviors of codes to determine if hostile or not. The ideal solution is a combination of these technologies for best defense.  Of course, this is still not 100% guaranteed to be cyber secure....
Read More

Grade of Protection

By cliangNo Comments
When we deploy protection, normally it might be of civilian grade even it appears harder to break in.  If attack is originated from state-level as a targeted attack, such civilian grade countermeasure won't be effective. That is why a 360 degree assessment is needed to decide threat actors, likelihood, consequence and then the corresponding countermeasures....
Read More

360

By cliangNo Comments
In physical world, 360 degree can further be 2D or 3D.  Anyway, it has the sense for a holistic view of the surrounding. In cyber world, there isn't any concept of dimension.  The cyber world is connected via different network, gateway and nodes.  The 360 approach is required to assess risks and attack paths to the cyber applications such that the optimal and effective controls can be deployed....
Read More

Zero

By cliangNo Comments
The topic can associate to many things The boundary between positive and negative value Calibration for instrumentation integrity Absolute zero (temperature) Zero-day exploit, attack One of the 2 binary digits From zero to hero Zero-trust ... The zero-trust model (or architecture) is chosen here.  In cyber space with zero-trust, every component needs to be re authenticated for trust even if inside the network.  This is to limit lateral movement when adversary once gains access to an insecure node. This model will reimagine the work process.  Of course, to what degree applying this model will be the trade off of security and productivity plus the risks tolerated....
Read More

The Human Factor

By cliangNo Comments
Email becomes part of our life in both cyber and physical worlds.  We execute actions in physical world based on email context in cyber world. Email is an example of mixed information classification because the sensitivity is content driven.  Therefore, applying protection per the highest sensitivity requirement will be the one-size-fits-all solution.  Typical email technical controls are S/MIME, TLS, RMS, 2FA etc. No matter how secure the protections are applied, a negligent but legitimate business user will defeat them all. Educate the consequence of improper usage will uplift the human awareness, and becoming the first line of defense....
Read More

100% Cyber Secure

By cliangNo Comments
Are you kidding?  Yes, there is.  These computers are 100% secure from cyber-attack, but ... What about physical threat? Are they still serving the intended purposes? Once these computers are power up (whether connect to network or not), there will be different degrees of cyber risk imposed. So, never expect a 100% cyber risk free solution....
Read More

Privacy

By cliangNo Comments
We all know the importance of privacy and the need to protect it. While protecting privacy, we need to look at regulation requirements in 360 degrees, i.e. we cannot hide something that is supposed mandatory for display. A question for reader: in postal mail, is the window envelop displaying both name and address violating privacy?...
Read More

Shadow IT

By cliangNo Comments
Gartner defines Shadow IT as IT devices, software and services outside the ownership or control of (IT) organizations. Given that information processing facilities or information containers are no longer centralized, the shadow IT is a common phenomenon.  Each one of us has a cellular phone that is indeed a powerful information processing facility and large storage device in the pocket. The extensive connectivity and cloud computing via access anywhere and any platform model further accelerate this situation.  Cyber risks are incurred to different degrees.  Various protection technologies are surfaced in the market: Mobile Device Management, end point lock down, cloud-based proxy, Data Leakage Protection, disk encryption and so forth; but they are never bullet proof. Organization needs to think about enablement (as well as empowerment) rather than prohibitive thru streamlined approach.  Policy formulation, usage guidance, risk management, user awareness and enforcement via disciplinary process are required to minimize the impacts....
Read More

Vulnerability Management

By cliangNo Comments
This is always a debating topic during audit or security assessment. Auditor: your control system lacks of the latest security patches installed and vulnerable to cyber attack Asset owner: security patches must be certified by OEM or else OEM will not be responsible for failure or damages due to non-certified changes made to the control system Whether patches are up to date isn't the key issue.  The bottom line is to understand if there is repeatable mechanism to manage security vulnerabilities.  After all, having all latest patches deployed doesn't mean the control system is secure while any missing patches doesn't mean control system is immediately at risk. The motto from VX Heaven gives a good inspiration: "Viruses don't harm, ignorance does!"...
Read More