IN THIS LESSON
Mitigating risks
With the continuing expansion of the threat landscape, finding ways to prevent and mitigate cybersecurity threats before they occur are becoming more challenging. By implementing the proper security controls, you’re not only able to protect your data and most critical assets, but you reduce the overall attack surface of your organization. But you may be thinking, what are cyber security controls, and how do you implement them? I’ll cover that in the next section.
The National Institute of Standards and Technology (NIST) defines security controls as a safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements. In essence, security controls are designed to avoid, detect, prevent and mitigate risks and vulnerabilities within your organization. Having access to network topology diagrams and understanding the flow of your network data will help you in deciding where the proper placement of each security control should be. If you are unsure of which security controls you should implement for your organization, various frameworks are available online that you can reference and tailor so that you are able to meet your organizational regulations and requirements. Below is a list of the different types of security controls:
Technical: Safeguards or countermeasures for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system. Firewalls, encryption systems and authentication systems.
Managerial: Decision making or risk management, governance, and oversight. Risk assessments, project management.
Operational: Processes that are implemented and executed by people. Change management, training and testing.
Physical: Buildings and equipment. Gates, security guards, barricades, motion, thermal alarm systems.
Deterrent: Discourage a threat agent from acting. Cable locks, video surveillance, signs.
Preventative: Stops a threat agent from being successful.
Detective: Identify and report a threat. SIEM, motion detectors, video surveillance, security audits.
Corrective: minimize the impact of a threat agent or modify or fix a situation. IPS, Backup and Recover.
Ways to mitigate:
System Security: Ensuring your systems are properly patched and up to date on any antivirus, spyware, antimalware software.
Physical Security: Ensuring you have the proper physical controls in place such as guards, fences, locks, access control cards, biometric access control systems, sensors and surveillance cameras, to prevent unauthorized access and protect I/T assets.
Network Security: Ensuring you have the proper technical controls in place such as Firewalls, Host based IPS/IDS, Identity and Access Management (IAM). In addition to hardware security, make sure that you disable any TCP/UDP ports not in use and implement Access Control Lists (ACLs) that determines who’s allowed to access certain data, apps and resources.
Mobile Security: Mobile Device Management allows IT to automate, control, and secure administrative policies on laptops, smartphones, tablets, or any other device connected to an organization’s network.
Cloud Security: Implementing tools such as, Secure Web Gateway (SWG, Data Loss Prevention (DLP), Identity Access Management (IAM) and referencing the National Institute of Standard and Technology (NIST) cloud computing framework to maintain data asset security and accountability at the Enterprise level.
Wireless Networks: Avoid using default credentials and only use strong encryption methods. Avoid using deprecated protocols and disable any unused services.
Passwords: Transition to Multi-factor Authentication (MFA) methods to reduce the risk of credential theft, forgery and reuse across multiple systems.
Data Encryption & Classification: Ensure that data at rest and in motion are encrypted. Data classification processes can be used to identify sensitive data that requires encryption for compliance or other reasons, such as personally identifiable data (PII) or protected health information (PHI).
Data Availability: Make sure you are performing daily backups on any critical systems and weekly backups on less critical systems. This will ensure that any data that is lost can be easily recovered. In addition to system backups, ensure logging is enabled and being sent to a syslog server to capture all system events.
Identity Management: Controlling user access to critical systems to ensure secure access to employees and devices while making it difficult or impossible for outsiders to get through.
Network Monitoring: Install a Security Information and Event Management System (SIEMS) along with End Point Detection systems in order to continuously monitor for any malicious activities on your network.