Details: Written by: Meena; Category: Cybersecurity PRISM

What is Data Governance?

Most enterprises worldwide have fully acknowledged that their data is a strategic asset of the company to guide strategic decision-making, promote experimentation to learn and improve, and deliver better business results.

According to the Data Governance Institute (DGI), data governance is a system of 'decision rights' and 'accountabilities' for information-related processes which are executed according to agreed-upon models. Data Governance describes-- who can take what actions with what information, and when, under what circumstances, using what methods.

Gartner presents a macro perspective on Data Governance as it encompasses a collection of processes, roles, policies, standards, and metrics that guarantee the efficient and effective use of information, allowing an organization to reach its goals.

Details: Written by: Meena; Category: Cybersecurity PRISM

What is an Attack Vector?

In the context of information security, an attack vector is a specific path, method, or scenario that can be exploited by attackers to break into an IT system, thus compromising its security. The term was derived from the corresponding notion of 'vector' in biology.

Hackers would use a number of vectors to launch their attacks on your IT systems so that they can take advantage of weaknesses of any given IT system. You are very much familiar with so many of attack vectors, e.g., malwares, viruses, malicious email attachments, malicious weblinks, pop-up windows, instant messages, social engineering, unpatched vulnerabilities, etc.

Types of Attack Vectors

Most attack vectors can be classified in 2-categories:

Details: Written by: Meena; Category: Cybersecurity PRISM

Do you remember those times when IT companies used to release their Software or operating systems once in a while?

For example, there were considerable gaps of years between the releases of Windows 97, 98, NT, XP, Vista, Windows 7, 8, etc .

Similar practices were norm-of-the-day in case of all sorts of software/applications from most vendors...

It was so because it provided enough time for the code to go through quality assurance and security testing processes that were performed by separate specialized teams, whether internal or externally contracted. In those days, there were separate teams for 'development' of applications and 'testing' the security of those application, hence a longer software development lifecycle (SDLC).

But in last decade, there has been a considerable rise of public clouds, containers and micro-services model. The evolution of these, offered great opportunities for breaking large BIG applications down into smaller parts that can run independently.

As a result, this ability to break down the applications also had a direct impact on the way software is developed, leading to rolling releases and agile development practices where new features and code are continuously pushed into production at a rapid pace.

There is a growing use of 'automation' in these processes with the help of new technologies and tools. This is allowing software/application development companies to innovate faster and stay ahead of competitors.

By the time, a competitor is able to reengineer and replicate 1 of your new features, your development teams would bring 3-4 new features in the market. You competitor would be engaged forever in a chasing game...

This is nothing but what is called DevOps culture nowadays as seen in modern companies. Today most developers themselves can now provision and scale the infrastructure they need, without waiting for a separate infrastructure team to do it for them. All major cloud providers now offer APIs and configuration tools that allow treating infrastructure configuration as code using deployment templates. There is no need to go into those details here...

What is DevOps?

Details: Written by: Meena; Category: Cybersecurity PRISM

What are IOCs?

These are known as Indicators of Compromise...

IOCs are a little different from Indicators of Attack (IOAs), IOCs focus on examining what happened after an attack has occurred, whereas IOAs focus on identifying the activity associated with the attack while the attack is happening.

IOCs are pieces of actual forensic data or artifacts, or remnant of an intrusion that can identify potentially malicious activity on your networks and systems. These are markers of 'unusual activities' and serve as RED FLAGS that indicate a potential or in-progress attack that could lead to a data breach or systems compromise.

Details: Written by: Meena; Category: Cybersecurity PRISM

There are so many companies which think that their Point-of-Sales (POS) systems are merely an responsibility of their cashiers who sit behind a sales desk.

They literally forget that their POS systems face multiple-levels of risks, e.g., networking issues, open ports, cyber-attacks, accessibility issues, communication with a chain of their numerous back-end processes. More often these POS systems also communicate with company's most sensitive data, such as Personally Identifiable Information (PII) of their customers.

Your company, in fact every company, should consider its POS systems more accurately as an extension of your company's data-center, a remote branch of your critical applications. You should see them as high-threat environment and devise a targeted security strategy accordingly.

What is POS Security?

Details: Written by: Meena; Category: Cybersecurity PRISM

What is Deception Technology?

It is a cybersecurity defense practice that aims to deceive attackers by distributing a collection of 'traps' and 'decoys' across a company's IT infrastructure to imitate genuine assets.

The advent of Deception Technology can be attributed to the stark realization of the fact that your network-perimeter would eventually be breached, sooner than later. If it is to happen with a very high probability, then why not to misguide the intruders?

Details: Written by: Meena; Category: Cybersecurity PRISM

What is COBIT?

It is a very well-known framework for IT governance and management for 'enterprises' as proposed by ISACA.

The core idea behind COBIT is to combine 2-aspects of enterprises: 'Governance' and 'Management' techniques. While it seeks the same, COBIT provides you with some principles, practices, models and some analytical tools to you to consistently increase the value of IT system in your company.

The part of COBIT's success comes from its smooth integration with other frameworks of IT, such as RISK Management, ITIL, CMMI, TOGAF, ISO 27001 etc.

The latest one is COBIT 2019 framework. The previous one was COBIT 5.

Some Salient Features of COBIT 2019

1. Separation of Governance & Management.

The COBIT framework makes a clear distinction between governance and management. Because, these two disciplines encompass very different activities, and they require very different organizational structures and serve different purposes.

For example, you have to ensure that you have taken a very good care of Governance aspect. It means that you have taken elaborated approaches to fully understand and meet all the needs of key stakeholders. While doing so, you have understood and documented the all key 'conditions' and 'options' after a very careful evaluation of each, so that there is a consensus about enterprise objectives. The governance mandates that your company set the direction of IT through prioritization and clear decision-making. The on-going monitoring of performance of IT and its compliance-requirements is done 'against' the objectives and the direction as it was agreed upon.

In general, it is mandated the Board of Directors, (else Chairman) holds the responsibility of Governance. Though some of these responsibilities can be delegated to next appropriate level of special organizational structures, especially if yours is a big or complex enterprise.

Once the above aspect of governance is taken care of, now COBIT dwells onto Management aspect of it. The 'Management' aspect is about planning, building, running and monitoring all IT activities regularly, in the complete alignment with the direction as was set by the governance body, to support and achieve the business objectives of your enterprise.

By default, the management is the responsibility of the executive management under the leadership of the CEO of your company.

2. It envisages overall 40-objectives.

Since there is a separation of Governance & Management objectives, the total of 40 objectives have been divided in 5-domains, as given below:

Governance domain

Evaluate, Direct and Monitor (EDM)

Management domains

Align, Plan and Organize (APO)

Build, Acquire and Implement (BAI)

Deliver, Service and Support (DSS)

Monitor, Evaluate and Assess (MEA

Together all these 5-domains form the 'CORE' of COBIT framework.

You can prioritize or ignore these objectives based on the needs of your customers, stakeholders, users, and so on, allowing you to create comprehensive and bespoke IT strategies and frameworks for your company.

3. There are 6-governing principles of COBIT 2019.

Regardless of how you look at COBIT, it is built upon 5-fundamental principles:

I. It must identify your stakeholders' needs systematically and then meet them.

II. It must aim to achieve comprehensive 'End-to-end' coverage of your enterprise IT.

III. It must achieve integration with other frameworks, by offering or involving various models that support the communication between different software applications in a service-oriented architecture (SOA).

IV. It should follow a holistic approach, by looking at entire IT system as a whole and address its needs accordingly. It proscribe using small, micro solutions which are meant to improve isolated processes.

V. It must separate governance from management (explained above). Governance involves a system of checks and balances used to assess the effectiveness of a system, while management focuses on the approaches and decisions used to improve how an IT system functions.

VI. A governance system should be dynamic--If one or more of the design factors have changed (e.g., a change in strategy or technology), the enterprise must consider how this impacts the Entire IT system.

4. Focus-Area concepts

COBIT 2019 also introduced “focus area” concepts that describe specific governance topics and issues, which can be addressed by management or governance objectives. Some examples of these focus areas include small and medium enterprises, cybersecurity, digital transformation and cloud computing.

Focus areas will be added and changed as needed based on trends, research and feedback!

How COBIT is different from ITIL?

COBIT and ITIL both complement each other perfectly. While COBIT outlines what needs to be done, ITIL describes ways to do it.

With each iteration of ITIL, IT professionals get concrete, actionable steps they can implement to improve their service delivery.

Fortinet suggests that one of the easiest ways to use COBIT and ITIL together, is to identify a way to improve services using COBIT and then use ITIL to define the structure and processes you will use to make the improvements.

Who uses COBIT to do their job?

If someone is applying for one of the following positions, he/she should become familiar with COBIT and related governance frameworks (Source: techtarget.com)

Chief information security consultant

Chief information security officer (CISO)

Director, security assurance

GRC consultant

Information assurance analyst

Information security administrator

Information security assurance analyst

Infosec risk analyst

IT governance analyst

IT security engineer

Principal cybersecurity manager

Principal information assurance officer

Regional information security analyst

Risk officer

Security systems administrator

Senior director of cybersecurity

Senior GRC analyst

Senior information security assurance consultant

Senior information security risk officer

Senior IT security consultant

Senior IT security operations specialist

Third-party risk management compliance analyst

COBIT does not make or prescribe any IT-related decisions. It will not tell you what the best IT strategy is, what the best architecture is, or how much IT can or should cost you. Rather, COBIT defines all the components that describe which decisions should be taken, and how and by whom they should be taken. It is suggestive in nature...

The latest version of COBIT integrates well with existing frameworks such as ITIL and TOGAF, etc. That enables you to utilize a combination of tools according to specific tasks and practices.

Whether you realizes or not, all IT frameworks have an underlying thread of 'Strategic' management from enterprises' perspective. Though most technical professionals struggle to get hold of this aspect... All IT frameworks are inherently geared to help companies improving their 'Business Objectives.' COBIT framework is no exception either!

I guess, the working knowledge of COBIT is expected from all SENIOR Cybersecurity professionals... You should not miss this point from this post!

Kindly write your comments on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.

You can also share with all of us if the information shared here helps you in some manner.

Life is small and make the most of it!

Also take care of yourself and your beloved ones…

With thanks,

Meena R.

Details: Written by: Meena; Category: Cybersecurity PRISM

Approximately 60-70% emails received are SPAM now a days.

The spam filters are very crucial though they don't provide 100% foolproof results, but are essential to keep spam away from your business. It is necessary to keep your network free from spams like phishing attacks, malware attachments, malicious web links and viruses.

Spam filters help in protecting your email servers a getting overloaded but also keeps spam email away from your users and network.

What is Spam-Filtering?

Details: Written by: Meena; Category: Cybersecurity PRISM

What is a Ping Of Death?

It is one of very old attack vectors which is used for DoS attacks.

Originally, there was a bug found in the TCP/IP framework in mid 1990s and it affected many Operating Systems of that time. An attacker would use Ping of Death attack to crash, destabilize, or freeze computers or services by targeting them with oversized data packets. This form of DoS attack typically targets and exploits 'legacy' weaknesses that your organization may have patched.

As you know already that a correct IPv4 packet is made of 65,535-bytes, most legacy computers and devices were not able to handle any packets which were larger than 65,535-bytes. Because when a ping larger than this is sent, it violates the Internet Protocol (IPv4).

Details: Written by: Meena; Category: Cybersecurity PRISM

What is Data EGRESS?

Egress is just another word for 'exit.' It may also mean the act of going out or coming out (of something).

For example, a fire-escape is defined as a “means of egress” because that’s how somebody can get out of a building if there was fire or any other emergency.

In our context of network security, egress means the data that is coming/going out of your network, devices or interfaces.

In a nutshell, data egress means the data is leaving your network and going to external location.

Egress happens whenever data leaves your organization’s network:

Details: Written by: Meena; Category: Cybersecurity PRISM

What is WAF?

WAF stands for Web Application Firewall.

You already know that your network firewalls are there to protect your network from outside threats, in particular. However, you cannot defend so very well your web-facing applications with the network-firewalls.

Historically, most companies who were to comply with the PCI-DSS, were mandated to implement Web Application Firewalls (WAF). Typically if you were a retailer or a financial service provider you would already be using WAF. In recent years, this has changed, as most cybersecurity professionals are beginning to realize that they can no longer afford to miss out the deployment of a WAF. Because now they fully realize that their unprotected web-applications are attractive targets for cybercriminals who are looking for easy entry points into their networks.

You web applications are consistently facing Cross-site Scripting (XSS), SQL-Injection, Application Layer DoS attacks along with regular man-in-middle, cookies hijacking types of attacks. For example in case of XSS, flaws in both application-code and the devices they run on that allow these attacks to succeed, are actually quite widespread. Successful attacks can occur anywhere your web application uses input from a user to modify the output it generates without first validating or encoding it.

The fact is, securing application environments presents a unique and consistent challenge to your security teams.

Commercial code (of your web applications) can also be vulnerable to things like poor security hygiene, especially when a lack of resources inhibits your security team from applying patches and security fixes as soon as they’re available.

If you have thought that here we are dealing with your external web-facing applications only, then you are wrong. External web applications are only the half of the problem.

Page 4 of 28

Knowledge Center

Popular Blog Posts

Management Consulting

Blog Feed