fbpx

Details
Category: Cybersecurity PRISM

There are so many companies which think that their Point-of-Sales (POS) systems are merely an responsibility of their cashiers who sit behind a sales desk.
 
They literally forget that their POS systems face multiple-levels of risks, e.g., networking issues, open ports, cyber-attacks, accessibility issues, communication with a chain of their numerous back-end processes. More often these POS systems also communicate with company's most sensitive data, such as Personally Identifiable Information (PII) of their customers.
 
Your company, in fact every company, should consider its POS systems more accurately as an extension of your company's data-center, a remote branch of your critical applications. You should see them as high-threat environment and devise a targeted security strategy accordingly.
-

👉 What is POS Security?

Read more: What is Point-of-Sales (POS) Security?

Details
Category: Cybersecurity PRISM
 

What is Deception Technology?

It is a cybersecurity defense practice that aims to deceive attackers by distributing a collection of 'traps' and 'decoys' across a company's IT infrastructure to imitate genuine assets. 

 
The advent of Deception Technology can be attributed to the stark realization of the fact that your network-perimeter would eventually be breached, sooner than later. If it is to happen with a very high probability, then why not to misguide the intruders?

Read more: What is Deception Technology? Honeypots Vs Deception Technology

Details
Category: Cybersecurity PRISM

What is COBIT?

It is a very well-known framework for IT governance and management for 'enterprises' as proposed by ISACA.
 
The core idea behind COBIT is to combine 2-aspects of enterprises: 'Governance' and 'Management' techniques. While it seeks the same, COBIT provides you with some principles, practices, models and some analytical tools to you to consistently increase the value of IT system in your company.
 
The part of COBIT's success comes from its smooth integration with other frameworks of IT, such as RISK Management, ITIL, CMMI, TOGAF, ISO 27001 etc.
 
The latest one is COBIT 2019 framework. The previous one was COBIT 5.
 

👉 Some Salient Features of COBIT 2019

 

1. Separation of Governance & Management.

The COBIT framework makes a clear distinction between governance and management. Because, these two disciplines encompass very different activities, and they require very different organizational structures and serve different purposes.
 
For example, you have to ensure that you have taken a very good care of Governance aspect. It means that you have taken elaborated approaches to fully understand and meet all the needs of key stakeholders. While doing so, you have understood and documented the all key 'conditions' and 'options' after a very careful evaluation of each, so that there is a consensus about enterprise objectives. The governance mandates that your company set the direction of IT through prioritization and clear decision-making. The on-going monitoring of performance of IT and its compliance-requirements is done 'against' the objectives and the direction as it was agreed upon.
 
In general, it is mandated the Board of Directors, (else Chairman) holds the responsibility of Governance. Though some of these responsibilities can be delegated to next appropriate level of special organizational structures, especially if yours is a big or complex enterprise.
 
Once the above aspect of governance is taken care of, now COBIT dwells onto Management aspect of it. The 'Management' aspect is about planning, building, running and monitoring all IT activities regularly, in the complete alignment with the direction as was set by the governance body, to support and achieve the business objectives of your enterprise.
 
By default, the management is the responsibility of the executive management under the leadership of the CEO of your company.
 

2. It envisages overall 40-objectives.

 
Since there is a separation of Governance & Management objectives, the total of 40 objectives have been divided in 5-domains, as given below:
 
Governance domain
  • Evaluate, Direct and Monitor (EDM)
Management domains
  • Align, Plan and Organize (APO)
  • Build, Acquire and Implement (BAI)
  • Deliver, Service and Support (DSS)
  • Monitor, Evaluate and Assess (MEA
 
Together all these 5-domains form the 'CORE' of COBIT framework.
 
You can prioritize or ignore these objectives based on the needs of your customers, stakeholders, users, and so on, allowing you to create comprehensive and bespoke IT strategies and frameworks for your company.
 

3. There are 6-governing principles of COBIT 2019.

 
Regardless of how you look at COBIT, it is built upon 5-fundamental principles:
 
I. It must identify your stakeholders' needs systematically and then meet them.
II. It must aim to achieve comprehensive 'End-to-end' coverage of your enterprise IT.
III. It must achieve integration with other frameworks, by offering or involving various models that support the communication between different software applications in a service-oriented architecture (SOA).
IV. It should follow a holistic approach, by looking at entire IT system as a whole and address its needs accordingly. It proscribe using small, micro solutions which are meant to improve isolated processes.
V. It must separate governance from management (explained above). Governance involves a system of checks and balances used to assess the effectiveness of a system, while management focuses on the approaches and decisions used to improve how an IT system functions.
VI. A governance system should be dynamic--If one or more of the design factors have changed (e.g., a change in strategy or technology), the enterprise must consider how this impacts the Entire IT system.
 

4. Focus-Area concepts

 
COBIT 2019 also introduced “focus area” concepts that describe specific governance topics and issues, which can be addressed by management or governance objectives. Some examples of these focus areas include small and medium enterprises, cybersecurity, digital transformation and cloud computing.
 
Focus areas will be added and changed as needed based on trends, research and feedback!
-
👉 How COBIT is different from ITIL?
 
COBIT and ITIL both complement each other perfectly. While COBIT outlines what needs to be done, ITIL describes ways to do it.
 
With each iteration of ITIL, IT professionals get concrete, actionable steps they can implement to improve their service delivery.
 
Fortinet suggests that one of the easiest ways to use COBIT and ITIL together, is to identify a way to improve services using COBIT and then use ITIL to define the structure and processes you will use to make the improvements.
 
-

👉 Who uses COBIT to do their job?

 
If someone is applying for one of the following positions, he/she should become familiar with COBIT and related governance frameworks (Source: techtarget.com)
 
  • Chief information security consultant
  • Chief information security officer (CISO)
  • Director, security assurance
  • GRC consultant
  • Information assurance analyst
  • Information security administrator
  • Information security assurance analyst
  • Infosec risk analyst
  • IT governance analyst
  • IT security engineer
  • Principal cybersecurity manager
  • Principal information assurance officer
  • Regional information security analyst
  • Risk officer
  • Security systems administrator
  • Senior director of cybersecurity
  • Senior GRC analyst
  • Senior information security assurance consultant
  • Senior information security risk officer
  • Senior IT security consultant
  • Senior IT security operations specialist
  • Third-party risk management compliance analyst
-
COBIT does not make or prescribe any IT-related decisions. It will not tell you what the best IT strategy is, what the best architecture is, or how much IT can or should cost you. Rather, COBIT defines all the components that describe which decisions should be taken, and how and by whom they should be taken. It is suggestive in nature...
 
The latest version of COBIT integrates well with existing frameworks such as ITIL and TOGAF, etc. That enables you to utilize a combination of tools according to specific tasks and practices.
-
 
👉 👉 Whether you realizes or not, all IT frameworks have an underlying thread of 'Strategic' management from enterprises' perspective. Though most technical professionals struggle to get hold of this aspect... All IT frameworks are inherently geared to help companies improving their 'Business Objectives.' COBIT framework is no exception either!
I guess, the working knowledge of COBIT is expected from all SENIOR Cybersecurity professionals... You should not miss this point from this post!
 
Kindly write 💚 your comments 💚 on the posts or topics, because when you do that you help me greatly in ✍️ designing new quality article/post on cybersecurity.
 
You can also share with all of us if the information shared here helps you in some manner.
 
Life is small and make the most of it!
Also take care of yourself and your beloved ones…
 
With thanks,
Meena R.
_

Details
Category: Cybersecurity PRISM

Approximately 60-70% emails received are SPAM now a days.

The spam filters are very crucial though they don't provide 100% foolproof results, but are essential to keep spam away from your business. It is necessary to keep your network free from spams like phishing attacks, malware attachments, malicious web links and viruses.
 
Spam filters help in protecting your email servers a getting overloaded but also keeps spam email away from your users and network.
-
 

What is Spam-Filtering?

Read more: What is Spam-Filtering? How do Spam-Filters Actually Work?

Details
Category: Cybersecurity PRISM

What is a Ping Of Death?

 
It is one of very old attack vectors which is used for DoS attacks.
 
Originally, there was a bug found in the TCP/IP framework in mid 1990s and it affected many Operating Systems of that time. An attacker would use Ping of Death attack to crash, destabilize, or freeze computers or services by targeting them with oversized data packets. This form of DoS attack typically targets and exploits 'legacy' weaknesses that your organization may have patched.
 
As you know already that a correct IPv4 packet is made of 65,535-bytes, most legacy computers and devices were not able to handle any packets which were larger than 65,535-bytes. Because when a ping larger than this is sent, it violates the Internet Protocol (IPv4).

Read more:  What is a Ping Of Death? What can you do to Prevent Ping Of Death?

Details
Category: Cybersecurity PRISM

What is Data EGRESS?

Egress is just another word for 'exit.' It may also mean the act of going out or coming out (of something).
 
For example, a fire-escape is defined as a “means of egress” because that’s how somebody can get out of a building if there was fire or any other emergency.
 
In our context of network security, egress means the data that is coming/going out of your network, devices or interfaces.
 
In a nutshell, data egress means the data is leaving your network and going to external location.
 
Egress happens whenever data leaves your organization’s network:

Read more: What is Data EGRESS? 6-Best Practices to manage the menace of Egress.

Details
Category: Cybersecurity PRISM

What is WAF?

 
WAF stands for Web Application Firewall.
 
You already know that your network firewalls are there to protect your network from outside threats, in particular. However, you cannot defend so very well your web-facing applications with the network-firewalls.
 
Historically, most companies who were to comply with the PCI-DSS, were mandated to implement Web Application Firewalls (WAF). Typically if you were a retailer or a financial service provider you would already be using WAF. In recent years, this has changed, as most cybersecurity professionals are beginning to realize that they can no longer afford to miss out the deployment of a WAF. Because now they fully realize that their unprotected web-applications are attractive targets for cybercriminals who are looking for easy entry points into their networks.
 
You web applications are consistently facing Cross-site Scripting (XSS), SQL-Injection, Application Layer DoS attacks along with regular man-in-middle, cookies hijacking types of attacks. For example in case of XSS, flaws in both application-code and the devices they run on that allow these attacks to succeed, are actually quite widespread. Successful attacks can occur anywhere your web application uses input from a user to modify the output it generates without first validating or encoding it.
 
The fact is, securing application environments presents a unique and consistent challenge to your security teams.
 
Commercial code (of your web applications) can also be vulnerable to things like poor security hygiene, especially when a lack of resources inhibits your security team from applying patches and security fixes as soon as they’re available.
 
If you have thought that here we are dealing with your external web-facing applications only, then you are wrong. External web applications are only the half of the problem.

Read more: What is Web Application Firewall?

Details
Category: Cybersecurity PRISM

How much safe your VPN is?

 
Well, the answer is...It depends!
 
You use a reliable VPN to be sure that you remain safe & secure while you browse the internet. When you don't want to be snooped on by government agencies or other companies, then you use a VPN. When you want to access the websites which have been blocked by your government, then you use VPN. When you don't want your ISP to track your online activities, you use VPN.
 

VPN is a great tool, but they come with a caveat.

 
Not all VPNs are equal. For example, if you are using a free VPN then you might be compromising your security as well as anonymity.

Read more: The Secure VPN. How much safe your VPN is?

Details
Category: Cybersecurity PRISM

What is a Man-In-The-Middle Attack? 

These are very common cyber-attacks and well-known as MiTM attacks. These attacks allow cyber-attackers to eavesdrop on communication between two targets (or hosts) who are trying to communicate legitimately. They allow attackers to actually 'listen' to a conversation.
 
For example, Michael is having a communication with Jane, but Samantha wants to stay hidden and listen to what Michael and Jane are talking about. Samantha would pretend to be Michael when she is communicating with Jane.

Read more: What is a Man-In-The-Middle Attack? How can you Prevent Man-In-The-Middle Attacks?

Details
Category: Cybersecurity PRISM

What is Reverse Proxy?

 
Reverse Proxy is a server that is positioned in front of webservers.
 
As a cybersecurity professional, you would place a reverse proxy typically behind the firewall in your private network and it would direct client requests to the appropriate backend server. And in this position, your reverse proxy is able to intercept your users' requests and then it would forward them to the intended 'Origin' webserver.
 
When the origin server sends a reply, the reverse proxy takes that reply and sends it on to the user. In this way, a reverse proxy serves as a 'middleman' between users and the sites they are visiting.
 
A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and your servers. Your organization can use a reverse proxy to enact load balancing, as well as shield your users from undesirable content and outcomes. Therefore, a reverse proxy can be an integral part of your company’s security posture and makes your company’s network more stable and reliable.
 

👉 Reverse Proxy Vs. Forward Proxy

Read more: What is Reverse Proxy? How is it Different from Forward Proxy?

Details
Category: Cybersecurity PRISM

What is Cloud VPN?

 
Cloud VPN is a technology that has been designed to help your users across your company to access your company's applications, data, and files through a website or a VPN application. It is different from traditional static VPNs, because it provides you a secure connection that you can even deploy rapidly and globally.
 
You have seen a dramatic rise in telework driven by the COVID-19 pandemic. It also demonstrated the limitations of traditional site VPNs. Many organizations discovered that their existing VPN solutions were unable to meet the needs of a mostly or wholly remote workforce. Hardware VPN appliances were overwhelmed, and it led to inefficient routing of cloud-bound traffic through the headquarters network. It resulted in increased network latency. Thus, Cloud VPNs have become a key requirement...it makes sense to transition your VPN solutions to the cloud as well.
 
These VPNs are based on 'Site-To-Cloud' Architecture, and enable your users to securely access your corporate networks and resources remotely, regardless of where your users are located on the globe. Cloud VPNs ensure that all of your employees whether they are travelling, or working from home, or working on the go, can security access networks.
 
Cloud VPN securely connects your peer-network to your Virtual Private Cloud (VPC) network through an IPsec VPN connection. Traffic traveling between the two networks is encrypted by one VPN gateway and then decrypted by the other VPN gateway. This action protects your data as it travels over the internet. You can also connect two instances of Cloud VPN to each other.
 
Cloud VPNs can also be called VPN as a Service (VPNaaS) or hosted VPNs.
-
👉 2-Types of Cloud VPNs

Read more: What is Cloud VPN? What Are the Main Types of Cloud VPNs?

  1. What is UEBA? How Does UEBA Work?
  2. Evolution of FIREWALL
  3. What is a SD-WAN? How does a SD-WAN work?
  4. What is Enterprise DLP? What are Key Requirements of DLP?
  5. What is SASE ? What are 10-Tenets of SASE?
  6. Why Should I Become A Cyber Security Professional Now?
  7. What is a Port Scan? What are Major Port Scanning Techniques?
  8. What are Remote Access Protocols? What is the Difference Between IPSec and SSL VPNs?
  9. What are Top IoT Security Issues? How to Secure IoT Devices in Your Enterprise?
  10. What is QoS? How does QoS work in the Networks?

Page 4 of 27