Threat Intelligence & Cyber-governance

Threat intelligence and governance are key components for an organization’s resilience towards cyber risk and threats.  In recognition of the importance of governance in addressing cyber risks, the Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity Division and the National Association of State Chief Information Officers (NASCIO) partnered to develop a State Cybersecurity Governance Report and series of State Cybersecurity Governance Case Studies exploring how states govern cybersecurity. The Homeland Security Systems Engineering and Development Institute (HSSEDI), a DHS owned Federally Funded Research and Development Center (FFRDC), developed the case studies.

The report and case studies identify how states have used laws, policies, structures, and processes to help better govern cybersecurity as an enterprise-wide strategic issue across state governments and other public and private sector stakeholders.  The report and case studies explore cross-enterprise governance mechanisms used by states across a range of common cybersecurity areas, and offer insight on trends and concepts useful to other states and organizations that face similar challenge

Cybersecurity governance is the administration framework by which an association coordinates and controls digital protection. Governance framework determines who is authorized to settle on what choices and how responsibility will be built up for results. Governance processes gives oversight to guarantee that risks are adequately mitigated. Security governance program centered to set up and keep up a structure to give affirmation that data security systems are lined up with and support business destinations, are steady with pertinent laws and guidelines through adherence to strategies and internal controls, and give task of duty, all to manage risk.

Audit

The danger from cyberattacks is huge and constantly evolving. Many review panels and boards have set a desire for internal audit to comprehend and evaluate the organization’s capacities in dealing with the relevant cyber threats.

Company Written Supervisory Procedures (WSPs)

FINRA Rule 3110: The rule details requirements for a firm to have reasonably designed written supervisory procedures (WSPs) to supervise the activities of its associated persons and the types of businesses in which it engages. Among other things, a firm’s WSPs must address supervision of supervisory personnel and provide for the review of a firm’s investment banking and securities business, correspondence and internal communications, and customer complaints.

WSPs should describe:

-the specific individual(s) responsible for each review,

-the supervisory activities such persons will perform,

-the frequency of the review, and

-the manner of documentation.

The rule further sets forth requirements to designate and register branch offices and offices of supervisory jurisdiction (OSJs), conduct internal inspections and review transactions for insider trading.

Firms must also adopt procedures that include a means of customer confirmation for certain transactions such as transmittal of customer funds, changes in address, and changes in investment objectives. The documentation can be found here

Laws & Regulations

“Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws”

― Plato

Threat Intelligence

Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor’s motives, targets, and attack behaviors. Gartner quotes Threat intelligence is evidence-based knowledge (e.g., context, mechanisms, indicators, implications and action-oriented advice) about existing or emerging menaces or hazards to assets. Cybersecurity governance is the administration framework by which an association coordinates and controls digital protection.

Governance framework determines who is authorized to settle on what choices and how responsibility will be built up for results. Governance processes gives oversight to guarantee that risks are adequately mitigated. Security governance program centered to set up and keep up a structure to give affirmation that data security systems are lined up with and support business destinations, are steady with pertinent laws and guidelines through adherence to strategies and internal controls, and give task of duty, all to manage risk.

External threats

Try not to think about the common mobster or man with a dark veil when you envision these hoodlums. Digital lawbreakers may be in their night robe and in bed while their zero-day or beast power secret word assault continually assaults your framework searching for a route in; a thousand times each second; again and again until it gets entrance. These programmers are splendid coders, however they see how individuals work and they will figure out how to hack your framework in the event that they make enough of an effort. 

Malware, phishing, DDoS attacks, ransomware; these are only a portion of the infections and techniques that programmers use remotely to access your site, programming, or organization. Some portion of any great network protection association’s collection is the capacity to manage every one of these issues and forestall outer network protection chances regardless of what structure they may come in. 

Subsequent to obtaining entrance, these cybercriminals stay inside the framework, once in a while for quite a long time, unnoticed and extricating data. Most are never found and much more are not found until a later date. You will confront far more outer assaults than inward, and the thought is to solidify the border to keep programmers out. Edges can be appropriately worked with the correct sort of entrance testing led by an accomplished online protection firm.

Insider threats

Internal threats are one of the biggest threats to businesses. Considering that employees have direct access to your business data, systems and hardware, the possibility of dealing with internal theft cases that involve data and even equipment should never be taken lightly. Untrustworthy or disgruntled employees are particularly a great risk. You can mitigate such risks by installing a full-proof business security system that includes surveillance camera systems that help you monitor your employees at important areas like point-of-sale locations, safes, server rooms, or stockrooms.

Every year, there are cases of high profile data loss, many of which involve stolen laptops and flash disks within an organization or even during business-related events. If it happens in major government organizations and even hospitals that have established rules on handling such cases, why shouldn’t it happen to your business? Laptops, mobile devices, tablets, and other devices are entrusted to employees with the most sensitive information about the organization.

Numerous organizations disregard the significance of making sure about their physical organization and worker space to keep unapproved staff from obtaining entrance. Indeed, most network safety dangers result from the disappointment of organizations to ensure basic physical business frameworks. Open organization focuses and unprotected worker rooms can without much of a stretch permit a deceitful representative or even a guest to increase physical admittance to your organization or worker room and dispatch an assault to take passwords, content and even intrude on traffic or tasks.

Indicators of Compromise (IoCs)

Organizations are under increasing pressure to manage security vulnerabilities, and the threat landscape is constantly evolving. Threat intelligence feeds can assist in this process by identifying common indicators of compromise (IOC) and recommending necessary steps to prevent attack or infection. Some of the most common indicators of compromise include:

IP addresses, URLs and Domain names: An example would be malware targeting an internal host that is communicating with a known threat actor.

Email addresses, email subject, links and attachments: An example would be a phishing attempt that relies on an unsuspecting user clicking on a link or attachment and initiating a malicious command.

Registry keys, filenames and file hashes and DLLs: An example would be an attack from an external host that has already been flagged for nefarious behavior or that is already infected.

Indicators of Compromise (IoCs) are the evidence that a cyber-attack has taken place. IoCs give valuable information about what has happened but can also be used to prepare for the future and prevent against similar attacks. Antimalware software and similar security technologies use known indicators of compromise, such as a virus signature, to proactively guard against evasive threats. Indicators of compromise can also be used in heuristic analysis.

Forcepoint defines the working of IOCs as “When a malware attack takes place, traces of its activity can be left in system and log files.

Sources

Deloitte – New age cyber threats – Reference

Finding the Right Threat Intelligence Sources for Your Organization – Reference

Forcepoint – Threat intelligence – Reference

CIS – Cyber Threat Intelligence Reference

%d bloggers like this: