Sunday, July 17, 2022

Identifying And Managing Risks

      As we have been gradually adopting technology and connectivity as a necessity of the modern world in every aspect of our lives, cyberattacks increase in frequency and sophistication. We must improve detection capabilities, discover disguised vulnerabilities, and employ security strategies to respond to modern cyberattacks. We need a framework that offers a common language, systematic methodology, and guidelines for the best result in this battle. The National Institute of Standards and Technology (NIST) created the Cybersecurity Framework, which has become a golden standard in cybersecurity and translated into other languages by different countries, implemented or been referenced to draw their own version of NIST. The Framework has the flexibility to be tailored for any type or size of the organization.

    As per NIST guidelines, if I become a member of the Security and Risk Management of an organization, here are the steps I am going to take:

  • Identify: the first step is to identify, evaluate and categorize the assets of my organization based on their value and criticality for business/operation continuity in case of a cyberattack. I then need to identify, assess, and categorize our vulnerabilities in detail and every posing threat and their severity or level of impact if any of them were realized.

    As we know, the risk is defined as the intersection of vulnerability and threat, so to assess the risks, we need to recognize and analyze those two.

  • Protect: After identifying our vulnerabilities, threats, and risks extensively, I would have taken these steps to protect:
    • Plan for increasing cybersecurity awareness and training throughout the organization personnel, management, and third parties such as vendors, maintenance, and other contractors, which will affect the strength of our security posture.
    • Implement (or improve) the Access Control policy and procedures. The AC should be enhanced with a tailored physical and personnel security plan based on the organization’s size, business or operational value, and financial feasibilities.
    • Employ a data (in-transit and at-rest) classification and security system to best serve confidentiality, integrity, and availability. This should cover our network, devices, software, and relevant interactions.
    • Making sure we follow all required policies, guidelines, and compliance based on local regulations and laws such as DLP, PCI DSS, etc.


  • Detect: implementing tools, processes, and proper measures to monitor, discover, analyze and report any irregularity based on the preset variables. This could be achieved by defining the baselines in our systems. The reports (alerts) must be predefined based on the incidents' severity and the urgency or priority they require to be dealt with. It is imperative to plan and ensure our detection system will always work by regular tests and checkups without disrupting the organization's operation. We can add proactive detection methods to our plans, such as vulnerability surveys or threat hunting procedures.


  • Respond: an incident response plan would be necessary to react to an attack in a very timely and organized manner. This plan or playbook must illustrate a response team with detailed roles and responsibilities of each team member during the incidents. A notification procedure with an updated contact list, detection, and analysis toolkit has been included in the plan. Containment and eradication methods have been prepared, disgusted, and documented. In some incidence, we would need an additional member for interdepartmental communication, such as public relations or legal division. To ensure the IR team’s readiness at any given time, tabletop testing regularly is strongly recommended.


  • Recover: in the last step, I will develop (or improve) a recovery plan to restore the services that had been affected or impaired. The recovery plan should be created based on a business impact analysis {BIA) to ensure business/operation continuity after an attack. It should be a detailed and step-by-step process leading to rebuilding compromised service or data from the preplanned data backups or updated replacement devices ready to install. Once the restoration is completed, it would be the best time to document everything in detail and prepare a report about the incident and the lesson learned from it.


[1] (Links to an external site.)


No comments:

Post a Comment

Ring Home–Security Camera Breach

According to the “SAM Seamless Network” research team report in April 2022, there have been more than 1 billion IoT attacks in 2021, of whic...