How CIS Controls Can Limit the Cascading Failures During an Attack? Case Study
Case Study: How CIS Controls Can Limit the Cascading Failures During an Attack?
You can find a copy of the case at the SANS reading room website located at https://www.sans.org/reading-room/whitepapers/casestudies/case-study-cis-controls-limit-cascading-failures-attack-36957
Once you read the case, you need to write 3-4 double spaced pages answering the following questions. Please include an APA cover page and a reference list with the assignment.
· What are the organization’s business challenges and risks in each of the seven domains as identified in the textbook? Identify each domain individually by name.
· Explain how the proper application of security policies can mitigate many of the seven domain security risks.
· Should the company take measures to prevent similar attacks in the future? What steps should be taken?
· What company security policies must be in place to deal with employees and consultants to deter initiating a security attack?
· What components should be included in developing an information security plan for the company?
Include the Grammarly Score before and after Grammarly changes. Use the Snipping tool to copy the score and paste the screenshots at the end of your essay. That step will ensure that you are running your report through Grammarly and taking advantage of the editing process.
The textual content tells us to begin defending this area by making customers aware of the policies that affect them, and by way of training them to take a look at protection precautions. It tells us that on-the-job coaching in these areas is greater high-quality than study room training, and it recommends assigning a job chum or a mentor to show a new employee the proper way to do a job. This is an appropriate idea, but it depends on someone in each work unit to do the training. It depends upon that man or woman being a properly trainer, and on their understanding and caring about security. This will not always happen, so it is very essential to layout safety insurance policies that will protect the employer even when employees are now not wondering about secure procedures. The automatic policies will stay in another domain.
The text reminds (twice!) that the operational definition of laptop is any machine used to get entry to our systems. Typically, there will be policies that prevent most users from putting in software, except it is accepted for prevalent use. There can also be administrative IDs that permit configuration changes, however these IDs and their matching passwords may be shared among personnel who are assigned to install software.
The text tells us this domain is about the units and services that make a LAN. It also seems to be about units that hyperlink LANs to every other.
The most apparent machine that belongs in this domain is a router. The text mentions every other member of this domain, a DMZ. The letters stand for Demilitarized Zone, which is a military time period for a geographic area in which contending forces do no longer vicinity troops or different army assets. Its motive in that context is to stop hostilities by means of organizing a buffer between two armed forces. (Center for Internet Security. 2013). In the context of information system security, a DMZ is a part of your community that has no site visitors flowing from it to the different parts. It holds no belongings that the rest of the world may no longer see. Some texts call it a "no man's land" but that is not accurate. We nonetheless guard this location with security measures; however we use it as an region the place public business is conducted. The metaphor is flawed, as you should see, however it is commonly used so you want to understand about it.
As noted above, the most common WAN area may additionally be the Internet. In preceding decades, there was no meaningful get right of entry to a usable Internet. That changed in the 1990s. Before that, leased statistics circuits from statistics carrier providers (typically phone companies) served the reason of providing wide location connections between facts factors for companies. The situation is unique now, much less secure, and more open to both commerce and attack.
Remote Access Domain
The textual content explains that we can suppose of this as an extension of the User Domain, however the methods of connection are different, and authentication techniques are commonly stricter. Most safety is based totally on one or extra of three types of things: something you have (like a key or an ID card), something you understand (like a PIN or a password), or something you are (like a fingerprint or the shape of your face).
System software is generally the working system of any laptop or network. This includes the utility software that you discover on most working systems. Applications may additionally be any packages used through the organization. The textual content merely discusses this on web page 91, however does now not current any connection to security. The genuine protection discussion related to this classification begins on page 99 The textual content recommends on web page a hundred that we use a Data Loss Prevention device for very sensitive data. A DLP gadget might also be capable to display where and when copies of such files are written, and by whom or what process. A virus or worm that is harvesting facts will frequently have a recognizable signature that a DLP system needs to recognize.
There are numerous ways true security insurance policies can mitigate this risk, as follows:
Awareness: Policies require personnel to get hold of formal security focus training. Most importantly. This training lets personnel recognize the place to go for assist when the surprising arises. The education additionally units expectations on the managing of sensitive records to protect such as making sure customer privacy.
Enforcement: Security controls waft from security policies. These controls are designed to enforce how the enterprise desires to operate. Among the most vital protection controls are those that implement segregation of duties. Separation of duties, or segregation of duties. Means a single character cannot execute a high-risk transaction, for example, wiring massive sums of cash out of a bank. Typically this requires one individual to request the wire and a manager to approve the transfer.
Reward: Refers to how administration reinforces the price of following policies. An organization must put in location both disciplinary moves for no longer following insurance policies and focus for adhering to policies. This may want to be as easy as noting the level of compliance to policies in the employee's annual review.
For years, the security teams at these organizations labored with a range of standards of how they should direct protections; normal protection measures in no way regarded to grant the whole answer. As the assaults grew to be extra and more common, the defenses began analyzing these assaults and used that to create new solutions. Instead of really addressing the found vulnerabilities, these researchers were looking to apprehend the methodologies and anticipate future assault vectors. In 2000, the Center for Internet Security, Inc. (CIS) formed to decorate the protection readiness and response of public and non-public sector entities, with a commitment to excellence thru collaboration. Since that time, they have been working with more than a few industries worldwide to assist beautify the notion of shared information. By allowing the offense to power defense, they take true assault experiences within the industry and boost a prioritized listing of controls to help bolster the typical shielding measure.
The Critical Security Controls (CSC) are no longer constrained to blocking the preliminary compromise of systems, however additionally tackle detecting already-compromised machines and preventing or disrupting attackers' follow-on actions. The CIS consists of manipulate families that can be shown to quit regarded real-world attacks. By focusing on these actual activities and the particular environment for that employer or group, the protection group can advance security controls that will address the modern excessive priority items as nicely as strategies to address present issues. Rather than replacing organization policy or procedure, these controls can be used by means of security management groups as a framework used to consider risks across the board and then reprioritize as necessary. There are no silver bullets in security. There are no ‘one-size-fits-all’ solutions.
The goal is to give the responding teams the possibility to assessment the contemporary posture, evaluate relevant controls and tackle the gaps between modern-day posture and control framework. The under assault precis is a case learn about of how the CIS controls could have avoided or limited publicity in the course of an attack; it is not meant to explain how the statistics was detected nor is this a timeline of the events. This is also no longer a forensic evaluation of the activity. This is simply a assessment of the high-level activities, describing disasters and displaying how controls would have greater the security posture. Also added are the remediation’s cautioned to management in order to prevent or limit the chance that this pastime from being a problem in the future.
The first sub manipulate requires the use of an automatic discovery tool. By understanding that an unauthorized device connected, the employer could have carried out corrective controls to eliminate get admission to from this device. By moving this machine logically to a separate quarantine digital local vicinity community (VLAN), an external machine would be isolated from any other community sources as well as signals despatched to workforce regarding the unauthorized connection. Another trouble is DHCP. The purpose of DHCP is to make certain that units can shortly and correctly acquire an IP address and speak on the network. While static addressing is without a doubt greater labor intensive, it does permit for a stage of manage that DHCP does not. Machines that enter the community barring the acceptable addressing and subnet information would now not be able to speak immediately. By permitting DHCP besides different compensating controls, the corporation used to be no longer capable to control access of this laptop from the relaxation of the network. Another sub control that should have prevented this assault would be community level authentication or even the use of certificates to authenticate the machine. In this case, the computer would not be capable to authenticate without the person offering credentials. This type of control would block the connection without the ideal authentication.
In order to achieve the strategic, tactical and operational goals, the following are key components to correctly imposing an Information Security Program:
• Focus on the Information Security Program as a whole
• Align your safety software with your organization’s mission and business objectives
• Implement meaningful and enforceable Information Security policies and procedures
• Develop a protection chance administration program
• Apply defense-in-depth measures: Assess the protection controls to identify and manage risk
• Establish a way of life of security: Develop a sound Security Awareness program
• Measure your Information Security Program by way of developing significant metrics
• Develop and enforce an Incident Response Plan: Train your workforce and check your format periodically
• Continuous monitor: Deploy tools and solutions to reveal your infrastructure
• Review your layout at least annually: Anticipate, innovate, and adapt