Current Trends on Cybersecurity (Cont'd)

Week 10                                Current Trends in Cybersecurity

            As the world steadily move to IoT (Internet of Things) with driverless trucks and cars, cyber cars, the Roomba robot you just bought to help vacuum your house poses a security challenge as it can map your house and offer the information publicly to the highest bidder (smart home device manufacturers most probable). Is this an infringement on your right to privacy? iRobot end users license agreement (EULA)/ privacy notice would make this clearer. Are you planning to remodel your roof? Wait a second! Tesla can save 30 years of energy for you as its on-test launch for a new Solar Powered Roof (Crosbie, J., 2017). Similarly, the IT world is evolving from World Wide Web (Web 1.0), through Social Web (Web 2.0) to Semantic/Intelligent Web (Web 3.0). The Cyber world is not left behind; With the Siloed cyber (Cyber 1.0) start, through Integrated Cyber (Cyber 2.0), to Intelligent Cyber (Cyber 3.0) and the cloud that offers “machine learning to extract intelligence and content and machine generated signatures, accurate detection and classification of threats by fusing distinct dimensions ensuring continuous visibility and better control” as the threat environment becomes technologically more complex (Kellermann, T. TREND MICRO, 2012). Blockchain, an innovation to computing and information security (Google or Bitcoin blockchain, for example) is catching on, as well as cryptocurrencies. It is becoming popular in identity management, real estate, contracts and the energy industry. Actually, blockchain is a ledger arranged in batches (distributed design) of data or blocks that uses cryptographic hashing techniques for linkage and validation.

            What are the latest trends in ransomware and malware attacks as the world goes IoT? There has been steady growth at the rate which they spread, threat landscape and the change in targets. The IT world is increasingly experiencing malware worm spread through hub connected networks and devices causing greater infection of devices, systems and networks. Financial institutions such as banks, credit card companies, even churches, aside medical facilities and government establishments are becoming increasingly vulnerable targets for malware infection. Small organizations are not left out

The question at the back of the mind of most private and public organizations and government agencies’ decision makers, IT and information system security professional is, how can we effectively protect our critical resources? Microsoft Digital Crime unit, in collaboration with Dartmouth University, and NCMEC (National Center for Missing and Exploited Children) recently developed a crime and fraud mitigation program (Microsoft’s Photo DNA analyzer) to fight child abuse through the internet.

With increasing data breaches occurring in traditionally not-too-prone to attack organizations like churches, non-profit organizations, and some industries, mostly resulting from DDoS, the question at the back of the mind of the managers, IT and information security experts is, what can we do to provide a better security to our critical assets? First is to ensure data, file and message encryption. Strong password and internet use policy. Compliance to industry standards and government regulations. Biometrics access and authentication control system. Software and application patching and regular update. Firewall and IDS/IPS defense implementation. SETA and to effectively recover from ransomware attack, the need to ensure regular back up and agile and tested BC (Business Continuity) & DR (Disaster Recovery) program plan and team, and experienced IT and IS security team. For small businesses, the steps to ensure effective protection include: implementing multi-layered protection though endpoint and data/mobile/network device access protection; securing email servers and applications; backing up all critical information and offsite storage; education and security awareness training; patching and updating applications and software, and; protecting the cloud file sharing, hosted email, and more (Delany, R. Trend Micro, 2017)

References

Crosbie, J. Here’s How Much One of Tesla’s Amazing Solar Roofs Actually Costs.

(2017-5-8). Retrieved (2017-7-8) from https://www.inverse.com/article/35106-tesla-solar-roof-actual-price

Kellermann, T. The Evolution of Targeted Attacks in a Web 3.0 World. TREND Micro

(2012-2-7). Retrieved (2017-7-8) from https://blog.trendmicro.com/the-evolution-of-targeted-attacks-in-a-web-3-0-world/

Delany, R. Data Privacy Day 2017: Tips for Protecting Small Businesses. TREND

Micro. (2017-26-1). Retrieved (2017-7-8) from http://blog.trendmicro.com/data-privacy-day-2017-tips-protecting-small-businesses/

Current Trends on Cybersecurity

Week 9                       Reflections on Current Trends in Cybersecurity

Threat environment changes rapidly with evolving information technology and the IoT (Internet of Things). It is even difficult to keep up with methods and techniques to access and mitigate information system threats, vulnerabilities and business operations risks. However, a structured approach to threat modeling helps in the design of appropriate security architecture and control system in managing a distributed network system or any system. In implementing a resilient and responsive security control system, it is imperative to adopt multilevel and multilateral security system. After the information system security has been implemented, it is necessary to monitor and meter (audit, system evaluation and assurance) and gauge the performance of the controls as to ensure effectiveness and compliance to industry standards, government regulations, and meet business function needs.

The threat modeling process and tools used in the security analysis need be tested, evaluated, refined as to appropriately address identified IT risks and vulnerabilities that will impact organization critical assets. An Action Plan and Client Presentation to professionally present to the ERB (Executive Risk Board) security findings and recommendations to mitigate security gaps is a sine qua non. One thing I may wish to observe in the college Cybersecurity program, is an information security business management class to be able to put together an estimate, the cost-benefit (in terms of money value). The question the members of the executive risk board would have at the end of client presentation would be how much would it cost us to implement this recommendation and what is the time frame for it?

In threat modeling, one challenge to consider is the balance on trade-offs – avoiding, addressing, accepting, transferring, and ignoring risks. Another is threat modeling in technologies, cryptosystems, human factors and usability, and tricky areas, like web and cloud platforms.

In all, it is good for an information security professional to not only get the relevant certifications, but to keep abreast of the latest development, challenges and data compromises and mitigation or remediation response as to remain relevant in the ever-changing world of information security systems and business operations.

Current Trends in Cybersecurity

Week 9                       Reflections on Current Trends in Cybersecurity

Threat environment changes rapidly with evolving information technology and the IoT (Internet of Things). It is even difficult to keep up with methods and techniques to access and mitigate information system threats, vulnerabilities and business operations risks. However, a structured approach to threat modeling helps in the design of appropriate security architecture and control system in managing a distributed network system or any system. In implementing a resilient and responsive security control system, it is imperative to adopt multilevel and multilateral security system. After the information system security has been implemented, it is necessary to monitor and meter (audit, system evaluation and assurance) and gauge the performance of the controls as to ensure effectiveness and compliance to industry standards, government regulations, and meet business function needs.

The threat modeling process and tools used in the security analysis need be tested, evaluated, refined as to appropriately address identified IT risks and vulnerabilities that will impact organization critical assets. An Action Plan and Client Presentation to professionally present to the ERB (Executive Risk Board) security findings and recommendations to mitigate security gaps is a sine qua non. One thing I may wish to observe in the college Cybersecurity program, is an information security business management class to be able to put together an estimate, the cost-benefit (in terms of money value). The question the members of the executive risk board would have at the end of client presentation would be how much would it cost us to implement this recommendation and what is the time frame for it?

In threat modeling, one challenge to consider is the balance on trade-offs – avoiding, addressing, accepting, transferring, and ignoring risks. Another is threat modeling in technologies, cryptosystems, human factors and usability, and tricky areas, like web and cloud platforms.

In all, it is good for an information security professional to not only get the relevant certifications, but to keep abreast of the latest development, challenges and data compromises and mitigation or remediation response as to remain relevant in the ever-changing world of information security systems and business operations.