loading

Author: Cyfiz

Proactive Network Intrusion Detection. Stop Waiting and Start Hunting

By Cyfiz 0 Comments

Are you confident your network is secure?

In today’s cyber landscape, waiting for breaches to happen is a way to disaster. The average time to detect an attacker lurking within a network is 10 days, according to a 2024 Mandiant Special Report. While dwell time statistics, particularly those found in reports like Mandiant’s M-Trends, offer valuable insights, it is important to consider the context in which they are presented.

In my view, these reports often reflect the experiences of organizations with mature incident response capabilities. These organizations tend to be larger or more frequently targeted by sophisticated attacks, making them more likely to engage firms like Mandiant. This can create a potential bias in the data, as it may not fully represent the experiences of smaller or less mature organizations, which often lack the same resources and expertise.

This blog post explores why continuous network intrusion hunting is crucial and how to implement it effectively.

Why Reactive Security Isn’t Enough

Traditional security measures like Intrusion Detection Systems (IDS), Endpoint Detection and Response (EDR), and Security Information and Event Management (SIEM) are essential, but they’re not foolproof. Sophisticated attackers are skilled to evade these automated defenses, buying themselves precious time within your network. This is where proactive threat hunting comes in. Instead of simply reacting to alerts, threat hunters assume a breach has already occurred and actively search for the signs. This proactive approach significantly reduces dwell time, minimizes damage, and speeds up recovery.

Threat Hunting a step-by-step approach

Effective threat hunting requires a structured approach. Following is a breakdown of the key steps:

1. Establish a Baseline: Know your “Normal”

Before you can identify anomalies, you need to understand what “normal” looks like. Establishing a baseline of your network traffic, user behavior, and application activity is crucial. This baseline acts as a benchmark against which you can compare current activity to detect deviations. Think of it like knowing the typical routine operations in your office. A sudden silence in a normally busy area or an unusual noise, will immediately grab your attention. A network baseline serves the same purpose especially when coupled with robust asset management and network topology, allowing you to quickly identify unusual or suspicious activity that deviates from the established norm.

2. Data Collection: Gathering the Clues

Threat hunters rely on Indicators of Compromise (IOCs) the pieces of data that suggest malicious activity. To find these clues, you need comprehensive data collection. This involves gathering network flow data, packet captures, logs from various sources (servers, endpoints, network devices), and alerts from your security tools. SIEM solutions play a critical role here, aggregating and correlating data from across your network for efficient analysis. Think of it as assembling a detective’s evidence board.

3. Searching and analyzing to connecting the dots

With data collected and aggregated in your SIEM, the real hunting begins. This involves searching for IOCs, correlating events, and analyzing logs to understand the attacker’s movements. Leveraging analytics and machine learning can significantly enhance this process, helping to identify subtle patterns and anomalies that might otherwise go unnoticed. Frameworks like MITRE ATT&CK and the NSA Technical Cyber Threat Framework (NTCTF) provide valuable guidance on attacker tactics and techniques, helping hunters focus their search. The Pyramid of Pain helps prioritize IOCs, from easily changeable hashes to more impactful Tactics, Techniques, and Procedures (TTPs).

4. Incident response to recover

When a hunt uncovers malicious activity, it’s time to take actions. A well-defined incident response plan is essential for containing the breach, eradicating the threat, and restoring your systems. This involves assessing the scope of the attack, collecting evidence, and implementing your recovery procedures. Think of it as executing a well-rehearsed emergency plan.

5. Penetration Testing a valuable ally

While this isn’t strictly a threat hunting practice, penetration testing plays a crucial role in strengthening your defenses. By simulating real-world attacks, penetration testers can identify vulnerabilities and weaknesses in your network, providing valuable insights for your threat hunting team. It’s like a fire drill for your security team.

Challenges and Considerations

Threat hunting isn’t without its challenges. The vast amount of data, the cost of storage, the need for skilled hunters, and the difficulty of inspecting encrypted traffic are just a few of the hurdles. However, the benefits compensate the challenges.

Be Proactive Not Reactive

In current ever-evolving cyber threat landscape, proactive threat hunting is no longer a luxury which is only for large organization but it’s a necessity. By continuously searching for intruders, you can significantly reduce dwell time, minimize damage, and protect your organization from costly breaches. Don’t wait for the next attack but start hunting today.

Read More

Adopt an Agile Framework for AI Privacy

By Cyfiz 0 Comments

Artificial intelligence is becoming vital for businesses and introduces businesses with immense opportunities to improve efficiency, create new products and services, and gain a competitive edge. However, this technological evolution also brings complex security and privacy regulatory challenges but global data privacy regulations are still evolving. While the EU has enacted broad legislation like GDPR, DSA, and the AI Act but these frameworks are still subject to frequent revisions. Other regulators around the globe have already enforced or are striving to create a stable and effective guideline.

Organizations are therefore required to develop adaptive strategies tailored to this rapidly shifting AI obligations. This can be particularly difficult for many businesses still in the early stages of AI maturity. This creates a challenging situation where businesses desire rapid progress and want to leverage the AI at their maximum competence, while simultaneously needing to remain compliant with strict regulations and retain customer confidence in their data handling practices. How can organizations balance with both business and regulatory requirements? The ideal solution is to implement an agile controls framework that enables innovation while protecting the organization and its customers as regulations change.

Through the following posts, we’ll share practical guidance on how data privacy officers can implement agile controls frameworks to enable AI innovation without compromising data privacy or compliance.

  • Foundational Data Governance: Building a Privacy-First Foundation. What is foundational data governance, and why is it critical for AI and data privacy? We’ll demystify the core components, including data discovery, classification, and policy development, and explore how to establish a robust governance framework that supports privacy by design. We’ll go beyond the basics and provide a clear understanding of how to implement these principles, ensuring a solid foundation for all your privacy initiatives. (Coming Soon)
  • Proactive Risk Management: Mitigating Privacy Risks in the Age of AI. What are the unique privacy risks posed by AI, and how can you proactively mitigate them? We’ll delve into risk assessment, data ethics, and the importance of Privacy Impact Assessments (PIAs), particularly for AI-driven projects. We’ll explore how to manage the AI data supply chain and implement robust controls to protect sensitive data. We’ll go beyond reactive measures and provide a practical guide to proactive risk management in the AI era. (Coming Soon)
  • Data Subject Rights and Transparency: Empowering Individuals and Building Trust. How can you empower individuals with control over their data and build trust through transparency? We’ll explore data subject rights, including access, rectification, and erasure, and discuss how to implement processes to facilitate these rights. We’ll also cover best practices for communicating transparently with individuals about data usage, particularly in the context of AI. We’ll go beyond compliance and show how to build trust through proactive communication and user-centric privacy practices. (Coming Soon)
  • Continuous Monitoring and Improvement: Ensuring Ongoing Privacy Compliance. Why is continuous monitoring essential for data privacy, and how can you implement an effective program? We’ll explore monitoring and auditing techniques, incident response planning, and the crucial role of remediation. We’ll also discuss horizon scanning and how to stay ahead of evolving regulations and best practices, especially in the rapidly changing landscape of AI. We’ll go beyond basic monitoring and provide a framework for continuous improvement in your privacy program. (Coming Soon)
  • Reporting and Communication: Fostering a Privacy-Conscious Culture. How can you demonstrate accountability and foster a culture of privacy awareness? We’ll cover best practices for reporting privacy risks to the board and other stakeholders, as well as strategies for implementing effective privacy training programs. We’ll go beyond simple reporting and provide guidance on building a privacy-first culture within your organization. (Coming Soon)
Read More

Building a Secure and Governed Data Ecosystem

By Cyfiz 0 Comments

We live in a world where every click, every transaction, every sensor reading collect and share our information to organization known and unknowns at-least for us. This data is the lifeline for most of the modern businesses which fueling innovation, connecting us with others and driving decisions both at personal and business levels. This collection and consumption of data is greatly an alien phenomenon within the landscape of cybersecurity and privacy. Many organizations focus on firewalls and intrusion detection, but mostly overlook the very crucial thing they’re ultimately trying to protect: the data itself. This series of blog posts aims to highlight this gap and sharing actionable thoughts to securely consume what matters.

Within the realm data governance, new frontiers and perspectives required in practices of people, process, and technology. This blog demystifies data governance and describes how it is significant to every effective security program. We will delve into the often-overlooked connection between data governance, cybersecurity, and privacy, exploring how a robust data strategy forms the foundation of a resilient security posture. Because, you can’t protect what you don’t understand.

Think of it this way: you wouldn’t grant unrestricted access to your company’s bank accounts or sensitive bid information, would you? You would employee strict access controls and monitoring to ensure only authorized personnel can access these items. The same principle applies to organization’s data. Without a clear understanding of what data, you have, where it resides within your IT systems, and its level of sensitivity, organizations are essentially leaving the door wide open for potential breaches and compliance violations.

This series will explore the crucial aspects of building a comprehensive data governance framework for effective data consumption, security and privacy. It will explore the core components, offering practical guidance and actionable insights. Here is a bird-view at what we’ll cover in this series:

  • What is Zero Trust Anyway? What is Zero Trust, and how does it relate to data governance? We’ll demystify this buzzword and explore how a Zero Trust approach, centered around data protection and privacy, can significantly enhance security and compliance. We’ll go beyond the hype and provide a clear understanding of how to implement Zero Trust principles in an organization, specifically within the context of data governance, ensuring data is secure and privacy is maintained throughout its lifecycle. (Coming Soon)
  • Defining Your Data Governance Mission: Why It Matters: This foundational post articulates the core purpose of your data governance framework, emphasizing how it’s essential for achieving organizational goals while ensuring data privacy and security. We’ll explain the benefits, explore the key elements of establishing program values (processes, tools, and communication strategies), and highlight how privacy and security are integrated into every aspect of the framework from the outset. (Coming Soon) 
  • Data Governance, Outputs, Processes, Work Program (What & How): This post delves into the practical aspects of your data governance framework, outlining the tangible outputs (data products, controls, accountabilities, etc.), the processes that drive it, and how work programs are managed. We’ll explore how these components work together to achieve your data governance objectives with a strong focus on built-in privacy and security. We’ll also examine how controls, policies, and procedures are designed to protect data and ensure compliance. (Coming Soon) 
  • A Complete Guide to Building and Implementing a Successful Data Classification Program: This post shows you how to build a successful data classification program that protects your valuable information assets and respects individual privacy. We’ll provide a roadmap covering business case development, stakeholder engagement, and overcoming common challenges, with a focus on integrating privacy and security best practices into every stage of the process, from data categorization to secure storage. (Coming Soon) 
  • Who Benefits and Who’s Involved: This post explores the human side of data governance, emphasizing how it protects both organizational assets and individual privacy. We’ll identify key beneficiaries and outline the crucial roles and responsibilities within a successful program, with a focus on how each role contributes to data security and privacy. Learn how to engage beneficiaries, build a collaborative team, and empower individuals to contribute to data governance success while upholding the highest standards of data protection and privacy. (Coming Soon)

This series is designed to be a practical guide for Security Leaders, Security Professionals, and anyone responsible for developing and implanting risk-based and compliant data governance program. We’ll move beyond theoretical concepts and provide real-world examples and actionable steps you can take to strengthen your cybersecurity posture by focusing on the often-overlooked element of data.

Read More

Security Leadership with SANS MGT514

By Cyfiz 0 Comments

SANS MGT 514 a leap towards cybersecurity management: Security Strategic Planning, Policy, and Leadership Program

Drastic changes witnessed in cybersecurity over last one decade those forced organizations to emphasize on it never like before. Business leaders understood that cybersecurity is no more an IT issue only but is an imperative segment of the business itself which is vital for organization growth and its existence.  Thus, cybersecurity teams allocated with funding, assigned additional resources, and brought in boardroom. Increasing opportunities means increasing responsibility and scrutiny. It is imperative that security leaders must learn how to navigate the new landscape and deliver optimum results beyond technical vistas.

In previous days, I was engaged with one of the Big Four firms. In which, I had a chance to socialize with one of very talented and knowledgeable gentlemen in cybersecurity arena. These communications revealed that methods and techniques are being practiced by most of us for defining cybersecurity strategy and program management is full of deficiencies and prone us to multiple odds and failures without even realization. To overcome these variances, I decided to go through SNAS MGT514.

In this series, I will share what I learnt from this course in combination with my own past experiences.

SNAS MGT514 is a program designed for security leaders interested in enhancing their leadership skills and for folks those are interested in boosting their capabilities outside security technical areas.  This helps aspirants in learning skills to lead routine security business by collecting, understanding and developing result-oriented security program.

My Learnings from SNAS MGT514.

  • Assemble & execute Strategic Plans aligned with business and organizational drivers
  • Comprehend expectations & develop Security Policies
  • Exercise Management Tools to lead, inspire & motivate team
  • Transformation from security specialist to security leader
  • Effective Stakeholder Handling to get management buy-in

Course is divided into five sections:

  1. Strategic Roadmap Planning
  • Deliverables of Strategic Planning
  • Uncover security trails
  • Identify & Manage Stakeholders
  • Porter’s Five Forces Framework
  • PEST Analysis
  • Identify Asset & Threats and Threat Analysis

2. Strategic Roadmap Development

  • Performing SWOT Analysis
  • Gap Analysis & Historical Analysis
  • Developing Security Framework
  • Roadmap & Business Case
  • Uncover Values of Security Program
  • Dealing with Organization Culture
  • Relations and Security Program
  • Monitoring & Reporting Program
  • Executive Communications

3. Security Policy Development & Assessment

  • Policy Objective, Analysis, Development & Review
  • Awareness & Training Program Management

4. Leadership & Management Competencies

  • Leadership Building Blocks
  • Creating & Developing Teams
  • Customer Service Focus
  • Conflict Resolution
  • Effective Communication
  • Leading Through Change
  • Relationship Building
  • Coaching & Mentoring
  • Motivation & Self Direction
  • Teamwork & Leadership Development

5. Strategic Planning Workshop

  • Producing a Security Plan
  • Recognizing & Defining Business Priorities
  • Enabling Innovation
  • Effective Communication & Stakeholder Management
Read More

Building a Resilient Security Posture: A Consultant’s Handbook

By Cyfiz 0 Comments

Organizations deal with a complex and evolving threat landscape now a days. Security consultants are tasked with assessing, analyzing, and enhancing security postures while minimizing disruptions to business operations, budget, and personnel. Developing a strategic roadmap is crucial for a successful engagement. By aligning security objectives with corporate strategy, demonstrating measurable value, and winning executive support, consultants can effectively protect organizations from internal and external threats.

As a lead security consultant, establishing credibility and building strong relationships with both leadership and team members is paramount. Our initial actions as consultants will significantly impact the engagement’s outcome. Research from Gartner underscores the importance of a well-defined 100-day plan for consultant success. This guide offers practical recommendations to help you navigate this critical phase.

* Disclaimer: The recommendations below are meant to serve as guidance only, and don’t represent a comprehensive road-map to achieve success as this vary organization to organization.*

The Importance of a Strong Security Foundation

Before boarding on improving organization’s security posture, it’s crucial to establish a clear understanding of current environment and cultural landscape. Comprehensive inventory of existing systems and services is a foundation of effective information, along with performance metrics. To gain valuable insights, consider exploring past security initiatives, leveraging knowledge from different stakeholders, and identifying available resources. Understanding organization’s history with regards to cyberattacks and data breaches is equally important. Building strong relationships with key stakeholders across departments will provide diverse perspectives and access to critical information. By thoroughly assessing the starting point, we’ll be well-equipped to address security challenges, develop and deliver sustainable solutions.

A Consultant’s Approach in understanding the organization

To effectively revamp a security function, a comprehensive initial assessment is essential. This assessment should delve into several key areas:

Inventory and Assessment

  • Security Services and Systems: development of a comprehensive catalog of existing security tools, technologies, and processes.
  • Performance Metrics: Identify or create metrics to measure security performance. Evaluate their effectiveness and relevance.
  • Gap Analysis: recognize the current security posture with applicable and relevant industry standards and best practices to identify shortcomings.

Historical Review

  • Past Initiatives: analyze previous security projects to understand their outcomes and lessons learned.
  • Predecessor Knowledge: leverage insights from the previous or current security leadership or team members to gain valuable context.
  • Past Incidents: review past cyberattacks or data breaches to identify vulnerabilities and improve response plans.

Stakeholder Engagement

  • Relationship Building: establish strong connections with key stakeholders across departments.
  • Feedback Collection: gather insights on security concerns, challenges, and expectations.
  • Resource Identification: Identify potential internal resources to support the security revamp.

Potential Next Steps

Based on this foundation, we can delve deeper into specific aspects of the security function. Here are some potential directions:

  • Security Risk Assessment: Conduct a thorough assessment to identify and prioritize threats and vulnerabilities.
  • Security Policy and Procedure Review: Evaluate existing policies and procedures for alignment with business objectives and industry standards.
  • Security Awareness and Training: Assess the current state of employee security awareness and develop a training plan.
  • Comprehensive report with strategy: develop reports based on past and current allocated budgets and identified risks with cost benefit analysis.
  • Provides a clear roadmap: outline costs, benefits, and risks, this report should guide decision-making and resource allocation.
  • Meeting with management: buy management support with strong justification and effectively presenting developed reports and road-map.

In upcoming parts, we will explore these points in more detail and with specimen.

Read More

Your MSSP a Security Silver Bullet? Think Again!

By Cyfiz 0 Comments

It is a prevalent misconception in the industry that experienced InfoSec leaders believe transferring security responsibilities entirely to an MSSP through a contractual agreement is sufficient. This misunderstanding often leads to overlooking the fact that while MSSPs have a fiduciary duty, the organization remains ultimately accountable for its infrastructure’s security. To mitigate risks and ensure optimal service delivery, organizations must collaborate closely with their MSSP, establishing clear roles, responsibilities, and performance metrics.

Organizations retain ultimate security ownership despite outsourcing to managed security service providers.

While other departments and technical individuals have roles to play, the CISO is typically an executive-level owner of the organization’s overall security posture. He is responsible for overseeing the entire process, from selecting the MSSP to managing the relationship and ensuring compliance. However, it’s essential to remember that effective cybersecurity is a collaborative effort involving multiple stakeholders within an organization. While the CISO is the leader, other departments like legal, IT, and risk management also have crucial roles to play.

CISO leads collaborative cybersecurity strategy, oversees MSSP selection and management, while involving legal, IT, and risk management for ample protection.

When outsourcing security operations services to Managed Security Service Provider (MSSP), an organization holds significant responsibilities to ensure the effectiveness and security of its operations. These include:

Due Diligence and Vendor Management

  • A rigorous selection process should be commenced to evaluate potential MSSPs based on criteria like expertise, clientele, certifications, track record, and alignment with organizational security goals.
  • Contractual obligations should be clearly defined as scope of services, SLAs, KPIs, and incident response procedures within the contract.
  • Ongoing monitoring and regular evaluation of the MSSP’s against defined matrix covering areas like performance, compliance, and adherence to security best practices.
  • Risk assessment should be performed prior initiating the process for understanding business requirements and while selection process to uncover potential risks associated with outsourcing security functions and implement mitigation strategies.

Data Security and Compliance

  • Data protection should be considered at every stage of this relationship by certifying that sensitive data is handled securely by the MSSP, including data encryption, access controls, incident response plans and most importantly MSSP should collect data only which mandatory for provision of service.
  • Compliance adherence should be top priority for both organization and MSSP as they share the responsibility for overall compliance with industry regulations (e.g., ISO 27001, PCI DSS, GDPR, HIPAA) pertaining to outsourcing security functions.
  • Data ownership should be clearly defined and documented along with access rights to protect sensitive information.

Internal Security Controls

  • Organization should implement internal security controls to complement the MSSP’s services, such as employee training, access management, and endpoint protection.
  • An incident response plan should be developed and maintained that outlines roles, responsibilities, and procedures for both the organization and the MSSP.
  • The organization should develop a robust business continuity plan in place to address potential disruptions to services.

Communication and Collaboration

  • It should be ensured by the organizations that open and effective communication channels are setup with the MSSP to address issues, share information, and align on security objectives.
  • The organization should collaborate closely with the MSSP to identify gaps and implement security improvements to effectively manage constantly evolving threat vectors.
  • If viable, the organization should develop knowledge-sharing mechanisms to ensure continuity and internal expertise.

By actively realizing these responsibilities, organizations can maximize the benefits of partnering with an MSSP while mitigating risks and maintaining control over their security posture.

Should the organizations have defined policies and procedures in case an MSSP is hired for Security Operations and Monitoring?

Read More

Security Leadership with SANS MGT514 – Part04

By Cyfiz 0 Comments

Leadership & Management Abilities

SANS MGT 514 a leap towards cybersecurity management: Security Strategic Planning, Policy, and Leadership Program

This work is merely a reference to the original SANS MGT514 course, created only based on my understanding of the course. The primary objective of this entire series is to impart information with my own words and persuade people of the efficacy of SANS courses, which are created with numerous real-life examples and well-developed labs. Remember that certain portions were left ignored in order to avoid any copywriting concerns.

The fourth day of the training focused on fundamental variations in leadership styles, the advantages of developing your leadership abilities skills, and practical advice for achieving the right balance.

It is crucial to balance the styles of leadership, management and bosses to boost self-motivation and performance among team members.

“Management is efficiency in climbing the ladder of success; leadership determines whether the ladder is leaning against the right wall.” – Stephen R. Covey

While many leaders are extremely excellent at managing, organizing, leading and understanding where to focus (the boss part) but the most effective leaders inspire and encourage others as well. To improve self-motivation and performance among team members, it is critical to balance the styles of leadership, management, and bosses.

The process of establishing leadership capability requires experience, patience, and a life-long learning from failures, so make it a habit to examine your leadership techniques on a regular basis.

  • When do I perform best as a manager?
  • What does the organization require me to manage effectively?
  • When do I lead most effectively?
  • What does my organization need of me as a leader?
  • What does my employer require me to do as a boss?

Harvard Business Review – Becoming the Boss

Which Are You: Boss, Manager, or Leader?

Basics of Team Management

It is not always simple to manage a team since it requires more than just assigning duties to the team. Being in charge of a team demands a combination of interpersonal, technical, and, of course, organizational skills, and it plays an important role in fostering organizational success.

Effective Communication

The success of your team depends on effective communication. Make sure to create an atmosphere where you can give honest, straightforward feedback and team members feel comfortable raising issues. Avoid criticism, judgment, and criticizing since these drive others to get defensive and explain themselves.

Careful Listening

Good listening can foster a connection that enables manager to express his issues and get responses devoid of negative occurrence, as well as assist manager in gaining personnel insights and ideas. Many managers, on the other hand, fail to listen adequately.

Constructive feedback

Both managers and employees can learn about areas that need development via constructive feedback sessions. Employees can clearly see where they are now and where they are going as a result. When staff members offer feedback, pay attention to what they have to say and, if feasible, take action. Employees, supervisors, and the team may all perform better and develop trust via changes motivated by these sessions.

Lead by example

The most reliable tactic to let your team know what you expect of them is to demonstrate it. Your actions as the manager will have a significant impact on how your team works and communicates with one another. The only way to find out what you consider to be the perfect worker is to influence it through your activities.

Encourage Growth

Offering help and training to your team demonstrates that you appreciate their abilities and want them to stay in team. Talent management can guarantee that your employees are satisfied with their work and help you boost your company’s overall performance.

Build Working Relations Learn about your team on a personal level as well as a professional one. You will have a better grasp of your team’s thinking and interests if you get to know them. This will enable you to lead your team successfully and get the results you want.

Team Development

A team is made up of people who are driven to achieve a common vision and set of objectives. Instead of a collection of individuals, teams are made up of people who have a common bond, and these individuals rely heavily on one another to perform a task or achieve a goal. It goes beyond being merely an administrative convenience.

The following are critical components in building a winning team.

  • Defined Goals
  • Established Roles & Responsibilities
  • Recruit team member with different skill sets
  • Periodic Monitoring and Review

Career Management

Career management is a lifelong process of allocating resources to reach your long-term professional objectives. You can adjust to the shifting needs of our dynamic economy through this ongoing process. There are six crucial factors to take into account while changing professions or moving up in your career, whether you are managing your own career or the careers of your team members.

Six Cs of Job Selection

  • Challenge

What new skills and knowledge will you gain in your new position?

  • Chemistry

Does new environment match your preferences?

  • Commitment

Are they confident in your ability to execute the tasks? Do you have the backing of upper management?

  • Compensation

Compensation should be considered but also the culture.

  • Contract

Review and completely understand the phrases terms

  • Commute

Are you comfortable with traveling involved?

Conflict Management

Conflicts are inevitable and the process of identifying and resolving variances in an equitable and effective manner is referred to as conflict management. The objective is to reduce the possible negative consequences of conflicts and improve the likelihood of a favorable conclusion.

Disagreements at home or at work may be painful, and not all conflicts require the same resolution. When conflicts happen, choosing an appropriate resolution technique and being better prepared can help you respond constructively.

Kenneth Thomas and Ralph Kilmann identified five major conflict resolution types and suggested that most people have a preferred conflict resolution style.

  • Avoiding
  • Compromising
  • Collaborating
  • Accommodating
  • Competitive

Manage Conflicts

Read More

Security Leadership with SANS MGT514 – Part03

By Cyfiz 0 Comments

Policy Development and Assessment

SANS MGT 514 a leap towards cybersecurity management: Security Strategic Planning, Policy, and Leadership Program

This work is merely a reference to the original SANS MGT514 course, created only based on my understanding of the course. The primary objective of this entire series is to impart information with my own words and persuade people of the efficacy of SANS courses, which are created with numerous real-life examples and well-developed labs. Remember that certain portions were left ignored in order to avoid any copywriting concerns.

On day 3, we were all compelled to reevaluate all of our prior concepts pertaining to requirement assessment, usage of appropriate language, wiring in proper structure, minimizing ambiguity, and efficiently managing the entire policy lifecycle.

Organizations use security polices as a way to maintain the confidentiality, integrity and availability of their sensitive assets. An organization’s policy defines the expectation of its senior leadership regarding how the security program, controls and processes should be managed.

There are several categories of security policies, from documents that address particular issues like identity and access management or acceptable use policy to high-level definitions of an organizational general’s security objectives. According to NIST SP 800-12 Rev. 1 “An Introduction to Information Security”, the three most frequent types of policies are program-specific, system-specific, and issue-specific.

“Companies create polices to ultimately protect themselves”.

A security policy protects enterprises not just from security threats, but also from regulatory penalties and litigation, as well as from personnel acting inappropriately. Individual’s conduct is often governed by two factors: exception and empowerment.

An exception to the security policy is something that does not follow the security policy’s established rules. This exclusion is commonly used to circumvent the constraints of a security policy in order to meet a business requirement that arose after the policy was developed. In other words, the policy was designed to meet a specific commercial need that was not reasonable at the time.

Exception Management & Managing Risk of Exception

Employee empowerment is achieved by giving them the resources, permissions, opportunities, and desire to complete their task as well as by holding them responsible for their actions.

Empower Employees for better decisions

Policy Development

Create policies with “Compliance by design” in mind. Compliance by design refers to the logical integration of regulatory requirements into routine conventional and automated activities and processes. To achieve compliance by design, policies and procedures should be created in such a manner that the intended behavior of following security best practices is ingrained in the culture of the business.

Policy lifecycle management plan, the policy lifecycle explains the steps that a policy goes through, from conception to decommission. To reduce risk, a policy administered under an information security program should be guided by a continual assessed and enhanced lifespan.

Policy Lifecycle & Stages

Remember that a policy must be effective; the following components contribute to policy effectiveness.

  • Should lower the risk
  • Engagement and Education
  • Evaluation and Enforcement
  • Review and Update

A risk assessment is also mandated by policy.

Policy development is a tedious task, if you’re just getting started, seek for policy frameworks that you can build on over time.

SANS Policy Templates

Information Security Policies, Procedures, and Standards: A Practitioner’s Reference 1st Edition

Policies are typically classified into four types.

  • Governance
  • Operational
  • Security
  • Acceptable Use

Points to be considered while writing policy

  • Contents and words selection
  • Voicing & Typography Preference
  • Length and Format

Structure of Policy

  • Overview
  • Purpose
  • Scope
  • Policy Statement
  • Version Control  
  • Enforcement
  • Responsible Parties

Information Security Policy Example

SMART Approach

One of the most important concerns is that most policies are not defined in a way that allows them to be executed and an efficient procedure to be constructed on their foundation. Policy should be built on the SMART framework in order to be Specific, Measurable, Achievable, Realistic, and Time-Bound.

Read More

Resent Post

Archives

Categories

Tags

AI AI Assistants AI Governance AI Startups Artificial Artificial Intelligence Background Removal Chatbot Agency Compliance Cybersecurity Program Data Governance Data Privacy Data Protection Design Tips Developers Digital Art DIY Editing Fashion Game Global Governance Graphic Design Image Editing Incident Response Laws & Regulations MITRE ATT&CK Network Intrusion Detection Online Community OpenAI Partnerships Photo Editing Photography Startup Technology Techonology Threat Hunting Tutorials Visual Content Visual Media

Recent Post