Six Principles to defend an organization against Cyber Threats

By | September 15, 2023
0 Comment

Managing cyber risk across a modern enterprise is immensely difficult. Securing complex architectures and ensuring compliance is a constant challenge, with the protection of sensitive data like PII, ePHI, and intellectual property always on the line.

The solution lies in integrating your security capabilities to provide consistent visibility and protection—whether data lives on traditional systems, in the cloud, or on mobile devices.

Six Principles for a Cyber-Resilient Organization

To effectively detect, respond to, and mitigate threats, integrate these core practices:

  • Govern with Policy: Define and enforce strong security policies, standards, and security controls.
  • Assess Continuously: Conduct regular vulnerability scanning, remediation, and penetration testing (application & network).
  • Monitor Centrally: Aggregate and analyze logs with a Security Information and Event Management (SIEM) system.
  • Protect Critical Assets: Shield internet-facing applications with DDoS protection.
  • Manage Risk Formally: Operationalize a risk assessment, management, and governance framework.
  • Train People: Build a human firewall through ongoing security awareness and training.
  1. Define strong security policies, standards, and technical hardening requirements (THRs)

Defining strong security policies, standards, and technical hardening requirements is fundamental to establishing a robust cybersecurity framework. These documents provide guidelines, rules, and specifications to ensure information security.

Security Policies: Security policies are high-level documents that outline an organization’s overarching approach to security. They articulate the organization’s commitment to protecting its information assets and provide a framework for implementing security controls.

Content:

  • Policy statements that convey the organization’s commitment to security.
  • General security objectives and goals.
  • Roles and responsibilities of individuals and departments regarding security.
  • Acceptable use of information systems.
  • Incident response procedures.
  • Compliance requirements.

Security Standards: Security standards are more detailed documents that support security policies. They provide specific criteria and guidelines for implementing security controls across the organization.

Content:

  • Network security standard.
  • Application security standard.
  • Encryption standard.
  • Identity and access management standard.
  • Security awareness and training standard.
  • Asset management standard.
  • Vulnerability management standard.

Technical Hardening Requirements: Hardening refers to securing systems by reducing their attack surface. Technical hardening requirements are specific configurations and settings designed to minimize vulnerabilities and enhance the overall security posture of systems and applications. Below are some key technical hardening requirements that organizations should consider:

Network and Infrastructure Protections:

  • Ensure the organization’s network is segmented between zones; there must be isolation between production and non-production servers.
  • The approved firewall must inspect incoming and outgoing network traffic.
  • Only https (port 443) incoming traffic is allowed. Any other incoming services/ports must be allowed.
  • Ensure that default general internet access from servers is prohibited.
  • Implement access controls, such as ACLs (Access Control Lists), to restrict network traffic.

Authentication and Authorization:

  • Apply the principle of least privilege for user accounts and system processes.
  • Implement strong password policies and ensure regular password changes.
    • Ensure the user account password is at least 12 characters long with password complexity.
    • Ensure the service account password is 30 characters long.
    • Password must be changed at regular intervals (i.e., every 60 days).
    • Privileged accounts must onboarded under password vault protection
    • Accounts must be managed through an enterprise identity store such as Azure AD or other LDAP solutions.
  • Implement multi-factor authentication where feasible.
  • Regularly review and update user access permissions.
  • Disable unnecessary user accounts and services.

Disable unnecessary services and features:

  • Disable unnecessary network services and protocols.
  • Disable insecure protocols and services

Encryption:

  • Use encryption for data in transit (e.g., SSL/TLS for web traffic, VPNs for remote access)
  • Implement full disk encryption to protect data at rest on endpoints
  • Utilize strong encryption algorithms and key management practices
  • Ensure older versions of encryption protocols such as SSLs/ TLS1.0/TLS1.1 is not used

Logging and Monitoring:

  • Enable and configure system logging to capture relevant security events
  • Implement centralized log management for efficient analysis
  • Regularly review logs for signs of suspicious activities
  • Set up alerts for critical security events

Patch Management:

  • Establish a patch management process to ensure timely application of security updates.
  • Test patches in a controlled environment before deploying them to production.
  • Prioritize and schedule patching based on the criticality of vulnerabilities.

2. Implement security standards and THRs in all aspects of information security:

  • Ensure the security controls are implemented as outlined in the standards and technical hardening requirements.

3. Implement vulnerability scanning, monitoring, and remediation process:

  • Implement continuous monitoring of systems and networks for anomalous activities.
  • Conduct regular security audits and assessments to identify vulnerabilities.

4. Implement application and network penetration testing processes regularly:

  • Penetration testing, often called pen testing or ethical hacking, is a cybersecurity practice that involves simulating a cyberattack on a computer system, network, or web application to identify and address security vulnerabilities before malicious hackers exploit them. The primary goal of penetration testing is to assess the security of an IT infrastructure and provide insights into potential weaknesses.
  • Ensure conduct regular application and network penetration test

5. Implement a centralized SIEM process:

  • Ensure all the systems, such as Operating Systems, Applications, Databases, and network devices, collect security audit logs, which are sent to a centralized log management system.
  • Ensure the creation of co-relation rules with the log management systems so that an alert is created and sent to the SOC team if there is a violation.

6.  Protect internet-facing applications by implementing DDos protections:

  • Ensure onboarding of all internet-facing applications under the DDos protection mechanism with WAF rules in deny mode.

7. Implement a Risk Assessment, Management, and Governance framework:

  • Identify and assess potential risks to the organization’s information assets.
  • Prioritize risks based on their potential impact and likelihood.
  • Develop a risk management plan that includes mitigation strategies and response plans.

8. Implement Security Awareness and Training program:

  • Educate employees and users about cybersecurity best practices.
  • Conduct regular training sessions to keep individuals informed about emerging threats.
  • Foster a culture of security awareness and responsibility throughout the organization.

Leave a Reply

Your email address will not be published. Required fields are marked *