Skip to content

What is it?

Controls to ensure that software applications are developed and operated in accordance with an organization’s requirements and risk tolerance levels(NIST 2017).

Why is it important?

Application risk governance provides a framework to ensure an appropriate balance between security and operations.
...continue reading "Term of the Week: Application Risk Governance"

What is it?

A combination of three approaches that organizations use to demonstrate compliance with international standards, global rules, laws, and state regulations. Referred to as IT GRC when a company uses information technology (IT) to apply GRC.

Why is it important?

Governance, risk management, compliance (GRC) is often implemented by companies that are growing globally to maintain consistent policies, processes, and procedures across all parts of the organization. It is important for business professionals to understand and follow the internal information security rules, company risk factors, and industry requirements that drive the implementation of GRC in order to ensure that the company as a whole remains compliant.
...continue reading "Term of the Week: Governance, Risk Management, Compliance (GRC)"

What is it?

The act or process of making a network, data repository, sensor, computer system, software, or other equipment resistant to unauthorized access or damage.

Why is it important?

Unauthorized access is one of the primary catalysts for operational, financial, strategic, legal, and other damage to an organization. These breaches also increase the risk of harm to third parties, including customers, patients, and other stakeholders. Hardening hardware, software, and data systems is a key risk mitigation strategy.
...continue reading "Term of the Week: Hardening"

The Language of Cybersecurity has received a 2018 STC Touchstone award for excellence from the Northern California Chapters of the Society for Technical Communication.

The citation for this honor highlights the usefulness of the references, the crispness of the writing, and the consistency of its format.

Congratulations to editor Tonie Flores and the 60+ industry experts who contributed to this book.

Touchstone Award

What is it?

The practice of isolating malware, or software that is suspected to contain malware, within a contained or quarantined environment to observe and study its communications, infection vectors, and other behavioral heuristics.

Why is it important?

Sandboxing allows security researchers to investigate malware execution, heuristics, and communications within an isolated environment and aids in the development of indicators of compromise (IOC) and anti-malware signatures.

...continue reading "Term of the Week: Sandboxing"

What is it?

The process of encoding a message or information in such a way that only authorized parties can read it.

Why is it important?

Encryption is important to our personal, business, community, and national security. Criminals, competitors, or hostile governments may seek to exploit weak or non-existent encryption to hack systems or steal data. Strong, well-managed encryption renders content unreadable to anyone who does not have authorized access.

...continue reading "Term of the Week: Encryption"

What is it?

A network security system built into hardware or software that monitors network traffic and controls incoming and outgoing traffic based on a set of rules.

Why is it important?

Firewalls enable system administrators to monitor and control network traffic coming into and out of their systems. Firewalls provide a first line of defense against network-based cybersecurity attacks. They are also used to censor information by blocking traffic to and from certain sites.

...continue reading "Term of the Week: Firewall"

What is it?

The range of actions an authenticated user or device is allowed to take in a system.

Why is it important?

A good society works like this: we expect promises to be kept, contracts to be honored, and a lost wallet to be returned. However, when applied to your IT infrastructure, such a mindset leaves your system wide open to an insider or an unhappy former employee. Privilege management gives you detailed control over the permissions given to each user and device.

Why does a business professional need to know this?

Giving your house key to a neighbor so they can water your plants does not mean you want to allow them to look through your closets or bedroom drawers. However, most of us do not have the technical means to restrict access in this way; we either give access to the entire house, or we don’t give access at all. Giving your key to a neighbor relies on implicit trust. You trust that your neighbor will not try on your underwear or eat all your cookies.

To put it mildly, this is not an ideal trust model for your IT infrastructure; you need a model that relies on least privilege, which gives each user only the privileges needed to perform their job duties and nothing more.

In many organizations, the highest possible access rights are given to system administrators. Companies that blindly trust system administrators open themselves to unnecessary risk. It is safer to have fine-grained control over privileges and give each administrator only the privileges needed to carry out their assigned tasks. For example, an administrator responsible for the payroll database probably doesn’t need access to the customer database.

To do this you need to implement an access-level classification scheme and have procedures that support your daily operations. This approach eliminates the need to give users higher levels of access than they need. This would be the equivalent of putting a password on your underwear drawer, making it inaccessible to your neighbor who has only the front door key.

References

  • (Rouse 2008) Principle of least privilege (POLP) : Rouse, Margaret (2008). TechTarget. Discusses the principle of least privilege and its application to restricting access rights for people, systems, software applications, and devices connected to the Internet of Things. Includes video on how to address privileged user access.
  • (Seltzer 2013) Excess privilege makes companies and data insecure : Seltzer, Larry (2013). ZDNet. Research results that show most companies do a poor job of managing the permissions and privileges of users on their computers and networks.
  • (Prince 2015) Excessive User Privileges Challenges Enterprise Security: Survey: Prince, Brian (2015). Security Week. Research results from the Privilege Gone Wild 2 survey that shows 47 percent of employees say they have elevated privileges not necessary for their roles.

About Emma Lilliestam

Photo of Emma Lilliestam

Emma Lilliestam is a Swedish software security tester. She has previously worked in Support and DevOps and is now a consultant for House of Test.

Term: Privilege

Website: emalstm.com

Twitter: @emalstm

LinkedIn: se.linkedin.com/in/emma-lilliestam-0122a789

What is it?

The process of ensuring that an action was taken by a specific person or entity. In IT security, non-repudiation is the ability to validate that the contents of a message received can be verified as unchanged and also verified as having come from a specific person or entity.

Why is it important?

When dealing with electronic transactions, it’s important to confirm with a high degree of certainty that actions or decisions were, in fact, taken by specific individuals or entities. Since hackers are getting better at impersonating identities, greater security measures must be implemented to ensure the integrity, accuracy, and authenticity of electronic transactions such as credit card purchases or digital signatures.

Why does a business professional need to know this?

Business professionals need to be able to verify that actions, such as bank transfers, contracts, and credit card purchases, can be linked with a specific actor (person or entity). Non-repudiation methods help ensure the following:

  • The action was not taken by a hacker impersonating someone.
  • The actor cannot claim to have not taken the action.

In today’s digital world, it is becoming increasingly important to verify that specific actions were taken by specific individuals. For transactions, such as financial transfers, that require greater integrity, organizations need to implement and enforce security measures that ensure the authenticity and intent of each transaction. For transactions, such as product surveys, where there is little or no business need to reliably identify a specific actor, it is less important to take such measures.

Measures to ensure non-repudiation include: notarization, multi-factor authentication, audit trails, digital signatures, and forensic analysis (e.g., handwriting analysis)(Spacey 2016).

There are multiple technologies available to implement and enforce non-repudiation. Measures to authenticate identity play an important part in ensuring that individuals are, in fact, who they assert themselves to be. Digital certificates and encryption can secure a message and ensure that its contents are not altered during transmission.

In an expanding digital economy, the integrity of your business depends on your ability to prove that each critical transaction was verifiably executed by a specific, identifiable person or process.

References

About John Falkl

Photo of John Falkl

John Falkl is an Architect Advisor at CVS Health. Prior to CVS, John was with IBM as the executive and IBM distinguished engineer responsible for service-oriented architecture (SOA) and application services governance, driving the convergence strategy for service governance and API

Term: Non-repudiation

Email: jfalkl@aol.com

LinkedIn: linkedin.com/in/john-falkl-808aa03

What is it?

A form of anomaly detection that analyzes and correlates user activity on a computer or network to identify events and patterns that may require further investigation.

Why is it important?

Behavioral monitoring helps security teams quickly pinpoint unusual activity and act upon it. Also known as user and entity behavior analytics (UEBA), behavioral monitoring gathers data to build profiles for different types of users. It can then use those profiles to identify and flag potential threats. It has the potential to catch emerging threats before traditional, signature-based tools.

Why does a business professional need to know this?

Behavioral monitoring is an increasingly important tool for identifying and defending against cyberattacks that is becoming a larger part of security budgets. Gartner predicts that 60% of enterprise information security budgets will be allocated to rapid detection and response approaches by 2020, up from less than 10% in 2014(Moore 2016).

A behavioral monitoring system collects and uses data to build profiles for particular types of users based on role or location. Once profiles are built and activated, significant deviations from the profiles alert security analysts to the need for further review.

Here are some examples:

A remote employee usually accesses the virtual private network (VPN) from her home and from a nearby coffee shop. In the space of 30 minutes her login credentials are used from two different cities on different continents. Behavioral monitoring tools can detect the credentials being used from two places thousands of miles apart and raise an alert.

An accounts payable clerk usually works in the corporate office between 8 AM and 6 PM, Monday through Friday. As part of his usual work, he accesses the accounting system, a shared finance folder, the company intranet, and the inventory system. On his lunch break, he usually reads political news websites and occasionally listens to streaming news broadcasts during the day. Behavioral monitoring would flag these actions:

  • Logging in from a different location
  • Attempting to access different systems or files (source code, human resources files, or mergers and acquisitions information)
  • Logging in at 1 AM
  • Connecting to servers in China or Russia

Any of these activities taken alone could be legitimate user behavior that a security analyst could verify by talking to the user. Taken together, these events could indicate a security compromise. Behavioral analysis allows companies to move quickly to respond to threats and stop attackers before they can exfiltrate data or cause damage to the company’s systems and data.

References

About Holli Harrison

Photo of Holli Harrison

Holli Harrison specializes in security controls, risk management and security education. She has helped government agencies, healthcare companies, universities, and technology companies improve their security postures through assessment, education, and consulting.

Term: Behavioral Monitoring

Twitter: @security_person

LinkedIn: linkedin.com/in/holliharrison