This post gives a general and brief overview about cybersecurity. It also links to other posts within this blog where the information is expanded.
Definitions of Information Security and Cybersecurity
Information security is in charge of the security of all information within an organization, regardless its medium. Hard copies and papers are part of information security.
Cybersecurity deals only with digital information, it means that is coded in an electronic media.
Traditionally, IT Security covers 3 aspects of information in what is called the CIA tried:
- Confidentiality
- Integrity
- Availability
There are other models, but the CIA model is probably the most popular.
Important concepts that must be understood:
Concept of risk
Concept of threat
Concept of vulnerability
Concept of exploit
Cybersecurity Areas
Areas covered on cybersecurity department:
- GRC (Governance, Risk & Compliance)
- Threat Intelligence
- Vulnerability Assessment
- Penetration testing
- Incident Response
- Forensics
- Malware Analysis
- Privacy
- Identity & Authentication
- Awareness
Governance, Risk & Compliance (GRC)
Governance should start at organization level , in what is called enterprise governance. They should set or identify the organization objectives, plan an strategy and enable risk management.
Information Security should take into account the organization objectives and identified risks to define information security objectives. To achieve these goals, the IS strategy must be defined.
An information security program (ISP) should be define different elements, including IT Security policies, standards and procedures. To know more about ISP, please read this post.
Standards provide a framework of general solutions to be used (e.g., recommended applications) across the organization.
Procedures specify in more details that is outlined by the policies.
Policies would be like the constitution, while procedures are the laws.
Security Architecture consist of managing resources to set in place controls related to IT security.
Threat Intelligence
Organizations identifying threats:
OWASP Top 10
ENISA Thread Landscape (ETL) Report
Awesome Threat Intelligence is a list of resources about Threat Intelligence
https://github.com/hslatman/awesome-threat-intelligence
AlienVault Open Threat Exchange (OTX)
https://otx.alienvault.com/
Vulnerability assessment
Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities.
https://www.first.org/cvss/
http://nvd.nist.gov/cvss.cfm
MITRE Common Vulnerabilites and Exposures (CVE) is a list of publicly disclosed information security vulnerabilities and exposures.
https://cve.mitre.org/
MITRE Common Weakness Enumeration (CWE) is a community-developed list of software and hardware weakness types.
https://cwe.mitre.org/
OWASP Top 10 represents a broad consensus about the 10 most critical security risks to web applications.
https://owasp.org/www-project-top-ten/
ExploitDB is an archive of exploits for the purpose of public security, and it explains what can be found on the database
Penetration Testing
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Matrix is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
https://attack.mitre.org/
You can find a summary of common attacks on this external post.
Incident Response
A Security Operations Center (SOC) is a team within an organization that focus on incident response.
Monitoring is an important part of Incident Response.
It is important to take into account the Indicators of Attack (IoA) and Indicators of Compromise (IoC).
Forensics
ASR (Attack Surface Reduction)