What is Governance, Risk Management, and Compliance?

Governance, risk management, and compliance (GRC) are majorly concerned with structuring risk management for organizations. Governance and risk management is a structured approach that helps you align IT tasks with corporate goals, mitigate risks efficiently, and stay up to speed with compliance.

Let’s breakdown each concept for better understanding:

Governance

This involves the combination of procedures approved and implemented by the executives to ensure that all organizational tasks, including managing IT operations, are managed and aligned to back up your organization’s business goals.

Risk management

This involves predicting and handling risks or opportunities related to your organization’s activities, which could hold back your organization from conveniently attaining its aims in uncertain situations. In the cybersecurity setting, risk management involves implementing an all-inclusive IT risk management methodology included in your organization’s enterprise risk management function.

Compliance

This involves ensuring that your organizational activities adhere to the mandated laws and regulations that affect the systems. Adhering to compliance means using IT controls and auditing those controls to ensure they are functioning as proposed.

While there are a number of helpful software selections available to help your organization rationalize its governance, risk management, and compliance operations, GRC goes beyond a set of software tools. Several companies consult a framework for direction in growing and improving their governance and risk management operations instead of producing one from scratch.

This is why EC-Council offers a world-class risk management training called The Certified CISO (CCISO) program. This certification program is aimed at transferring the knowledge of seasoned authorities to the next generation in the areas that are most crucial in the expansion and maintenance of an effective information security program.

What is organizational governance and compliance?

Organizational governance and compliance fall under the umbrella term government, risk management, and compliance (GRC). It refers to a framework of rules, policies, and procedures that are applied to control the general direction and performance of an organization.

An innovative corporate governance and compliance program forms the foundation for a healthy organization. If you implement a good governance and risk management program at your organization, both you and your workers will be able to address a number of factors, including process standardization, cost reduction, and a great number of control failures, which are significant when it comes to regulating and supervising enterprise risks.

A good corporate governance and compliance program will include:

• Dependability of financial reporting (including internal and external)
• Appointment and performance of the Directors
• Oversight of the organization’s performance as well as the contribution to corporate success from the Board of Directors in the context of the company’s strategic goals and objectives
• The relationship of the board with the president or Chief Executive Officer
• Communicating and protecting the rights and interests of shareholders and all other stakeholders
• The ethical tone for the organization and the transparency of its conduct
• Board membership, performance, operations, and conduct
• Operational oversight of risk management, corporate compliance, and the integrated framework of internal controls
• Reporting, communication, and information flow between the board and management
• Division of obligation between the board and management

What is the difference between risk management and compliance?

Although risk management and compliance are intricately linked, there are some key differences between them. Differentiating risk management from compliance may not be a critical line of action on your business agenda. However, having this competence can make all the difference between creating tangible value and simply side-stepping risks.

Moreover, both risk management-based and compliance-based activities have distinctive methods and execution strategies, which beg noticing. The difference between risk management and compliance are:

Value Creation Versus Risk Aversion

The most innovative risk management tactics can translate the required problems linked with compliance into a successful value proposition. However, compliance hardly transforms into value-creating business propositions without the long-lens tactic of risk management. Complying with rules and regulations frequently ends at the point where it has been verified that a rule has been obeyed to avoid risks.

Predictive Versus Prescriptive  

Risk management is predictive in nature, while compliance has a prescriptive tactic. With risk management, organizations should be able to predict the impact of potential risks on the organization. On the other hand, in terms of compliance, organizations must follow the regulatory boundaries already set in place.

Strategic Versus Tactical

Risk management frameworks should rely deeply on analysis to avoid risks or establish the risks worth taking. However, compliance necessitates ticking all the right boxes to make sure your organization is adhering to all the mandated boundaries (rules and regulations). This is because non-compliance issues can lead to reputational damage, heavy penalties, and expensive fines; it should not be taken lightly.

The Importance of GRC in an Organization

Disjointed GRC can trigger many issues for the organization. However, when GRC is done right, it can be quite beneficial. It can:

• Reduce the costs of addressing risks.
• Eliminate too many negative surprises.
• Help you achieve greater information quality.
• Help your organization achieve greater competence to gather information speedily and effectively.
• Reduce the duplication of activities.
• Help you achieve greater competence to repeat processes reliably.
• Translate into a reduced impact on operations.

How is GRC implemented in security?

Many organizations find it challenging to determine the right framework to implement in the business. However, the key to a successful GRC implementation rests with cybersecurity leadership and cybersecurity management strategies. GRC frameworks will always go wrong, except the leadership causes the changing organization’s culture to support GRC activities constantly.

Your portfolio management, regulatory compliance functions, risk management, and decision-making processes, which are covered in a GRC framework, will all go wrong and be unsuccessful without the cybersecurity leadership and high-level executives supporting cultural change. The following steps will help you integrate the right GRC into your business practices.

Step 1: Determine what GRC means to your organization

To implement any successful strategy, you must first determine the purpose of such a framework. This would determine if it is the right strategy to use or not. Consider your major stakeholders and employees to understand how GRC could affect their functions. Most importantly, establish a common GRC lexicon among these groups to reduce confusion, since compliance and regulatory priorities would be appraised.

Step 2: Conduct a review of the existing regulatory landscape

Survey your organization’s current state of business maturity functions. This will aid you in aligning the stakeholders across the GRC functionalities. By conducting a review, the CCISO would be able to expose disproportionate investments in certain requirements and obtain a clearer view of the current investments in regulatory compliance and determine areas of potential additional investments or cost savings.

Step 3: Develop an efficient communication strategy

Communication is key to any business strategy. Communicating the benefits of the GRC frameworks to stakeholders and end-users will give them enough time to prepare and adjust to the impending change. Effective communications will open up channels for innovative ideas and make the framework more operational.

Step 4: Define what success means to your organization

Determine how success will be measured to demonstrate that the GRC framework has been efficient and beneficial for your organization. Whether your target is a financial or policy target, it is important to choose the most relevant benefits. This will demonstrate to your end-users how the GRC framework is improving organizational functions.

Furthermore, you must realize that this is an ongoing process and constantly upgrading your strategies will improve your organization’s performance. You may have to rethink your cybersecurity leadership and cybersecurity management efforts because risks are everywhere.

Likewise, the Chief Information Security Officer (CISO), alongside cyber leaders, must be able to entrench security throughout the organization’s operations, speedily respond to threats, and impact other senior leaders.

Get Trained in GRC

Almost every job role requires one form of GRC Certification or the other, including CIO, CISO, Security engineers, IT professionals, Security analyst, information assurance program manager, cyber threat information analysts, among several others.

Since GRC can be implemented by any organization regardless of their size, which wants to align their business goals with their IT infrastructure while ensuring compliance risk management, risk management certifications, and GRC training are important. The best certification any security offer can have in this area is the CCISO certification.

Source: eccouncil.org

Continue reading

Does Your IT Business Continuity Plan (BCP) Pass the Test?

Regardless of the size of your business, regular data backups and recovery are important so you can formulate an effective IT business continuity plan (BCP) that minimizes downtime. Your organization cannot afford to overlook data backup, data recovery, and systems recovery in its business continuity and disaster recovery plan.

Given the number of days it takes to bring your business back online after a disaster, and the hours it takes to recover lost data after an unplanned deletion, you stand at a risk of permanently losing customers. Furthermore, while your workers or partners sit idle, powerless to accomplish business-critical processes that depend on organizational technology, you could lose in both cases. As such, investments in disaster recovery and backups are reasonable.

What is included in an IT business continuity planning?

IT business continuity planning (BCP) involves all the processes that an organization undertakes to establish a prevention and recovery structure from possible threats, including cyber-attacks, natural disasters, or human-made disasters.

A significant feature of an IT business continuity plan is a disaster recovery plan that includes plans, strategies, or policies for handling IT disruptions to servers, networks, personal mobile devices, and computers. An ideal IT business continuity plan should include how to reinvent organization efficiency and enterprise software so that critical business requirements can be met.

An effective BCP offers comprehensive approaches to how business operations can be sustained during short-term and long-term outages. BCP includes a checklist made up of data backups, supplies and equipment, and backup site locations.

Likewise, BCP can also distinguish plan administrators and include backup site providers, key personnel, and contact details for emergency responders. It would help if you outlined your manual workloads in the BCP so that the business operations can continue until your systems can be restored.

What are data backup and disaster recovery?

Data backup and disaster recovery are the processes involved in generating and storing copies of data that can be applied to shield organizations against the possibility of data loss. A suitable backup copy is stored in a distinct system or medium.

Notwithstanding, there’s a significant difference between data backup and disaster recovery. Data backup describes the process of creating extra copies of data to protect it. You may restore backup data when you encounter a challenge with a software upgrade, a database corruption, or an accidental deletion.

On the other hand, disaster recovery describes the plan and processes for swiftly recreating access to IT resources, data, and applications after a flood, tornado, or even a simple outage. Recovery is a significant factor in backup software. It is not only crucial for your data to be reliably stored, but you also need to be able to retrieve your data in case of data loss successfully.

A few companies misinterpret data backup for disaster recovery. However, most companies soon realize after a severe outage that having extra copies of data doesn’t necessarily guarantee your IT business continuity.

You need a strong, tested IT business continuity plan to keep your business continuously operational. Become an EC-Council Community Member by signing up for our EDRP program today!

What is the importance of data backup and recovery?

Regular data backup and recovery is arguably the single most important strategy to prevent network or system disaster. The following are the reasons why you need professional IT support for backups

To prevent data loss

One of the major reasons for data backup and recovery strategies is to ensure that critical data and information are saved in case of a software or hardware failure. Regardless of the industry you operate in, all data is a target. Malicious hackers will attack any business to acquire sensitive information, fulfill a personal vendetta, or just for the fun of it.

Thinking you are safe because you own a small company is a big mistake. A survey has shown that 43 percent of all cyberattacks are mainly directed at small businesses. So, a company that has data backup and disaster recovery included in its IT business continuity plan would have a competitive gain over other companies that fail to back up their critical data.

Backups and recovery save you money

Routine data backups and disaster recovery are crucial components of your IT business continuity plan. Considering that computer networks maintain so many aspects of modern businesses, losing your network data can have a paralyzing financial impact on your organization.

According to the survey conducted by Security Week, it was discovered that downtime and data lost cost IT leaders from 24 countries 17 trillion USD in the last two years. It’s not only major security breaches that have crippling effects. Even small security breaches that affect several files can have a crippling effect on small businesses.

Unless you have the money to throw away to prevent and resolve issues that accompany data loss, then its time you consider having an effective IT business continuity plan. EDRP certification program offers security professionals IT business continuity training accompanies with a business continuity management certification. 

Backups guarantee business continuity

Businesses that fail to include data backup, data recovery, and system recovery into their IT business continuity plan have to start from scratch after a disaster. FEMA released a statistic that suggests that about 40% of businesses who fail to backup their data fail to open their businesses after being hit by natural disasters. It was also discovered that 25% run out of business within a year.

Regrettably, most businesses still don’t apply the right approach to backups, while others fail to implement any backup. The right backup strategy includes cloud backups, testing backups, the 3-2-1 backup strategy, encryption of data-in-transit, and the 24/7 support strategy.

Note that backing up isn’t an all-or-nothing strategy. The chances of losing all your critical data when a disaster happens aren’t highly likely. However, it isn’t a bad idea to take proactive measures to keep your data safe should such an event occur. You might want as many levels of backup repertoires as possible to ensure maximum data protection.

Source: eccouncil.org

Continue reading

3 Steps to Ensure Third-Party Risk Management (TPRM)

Creating an ideal Third-Party Risk Management (TPRM) approach is crucial. The use of third parties is not a new concept. Almost every organization uses one third party tool or the other and third-parties seem like the most vulnerable links in an organization’s security policy.

Third-parties are a crucial and fundamentally risky element in the strongly-linked digital ecosystem. Considering the extensiveness and possible severity of risks that are fundamentally present with third parties, TPRM has swiftly evolved from a ‘point-in-time’ process to an iterative approach, complete with systems, policies, and procedures, in organizations that are determined to manage third-party risk.

What is Third-Party Risk Management?

To understand Third-Party Risk Management (TPRM), you must first understand what third-party means. A “Third-party” is an entity or organization which you have an agreement with to deliver a product or service to either you or your clientele on behalf of your company. A third party is also referred to as a supplier, service provider, or vendor.

Therefore, Third-Party Risk Management is an assessment of vendor risk presented by a company’s third-party relationships along the whole supply chain. TPRM involves recognizing, evaluating, and monitoring the risks depicted throughout the lifecycle of your relationships with third-parties. This often begins during procurement and reaches to the end of the offboarding process.

Gradually, the reach of vendor management extends to on-sourcing and sub-contracting and on-arrangements to lessen fourth-party risk. The risks to be evaluated are business continuity risk, security risk, reputational risk, operational risk, and privacy risk.

Why is Third-Party Risk Management important?

Cyberattacks are increasing in impact, frequency, and sophistication as cybercriminals are constantly advancing their efforts to compromise information, systems, and networks. Risks come in all forms and sizes for different companies. Third-Party Risk Management is mainly important for high-risk vendors who process intellectual property and other sensitive information.

Supplier risk management isn’t just about identifying and controlling cybersecurity vulnerabilities and offering compliance advisory services of third parties. While these concerns cannot be trivialized, TPRM consists of an entire host of other features including environmental impacts, ethical business practices, safety procedures, and corruption, among others. Monitoring your third-party suppliers and supply chain is important.

Other reasons why TPRM is important are:

• Reduced costs
• It lets you address potential risks with fewer resources and in less time
• Gives you an opportunity to concentrate on your core business functions
• Offers you a framework for your organization and your vendors
• Enhances the integrity, confidentiality, and obtainability of your services
• Drives financial and operational competences
• Guarantees that the reputation and quality of your services and products are not ruined.

Businesses are now investing deeply in a Third-Party Risk Management training program to better recognize and control risks before they escalate. As the importance of TPRM continues to increase, organizations are hiring qualified professionals more than ever before. Security and risk experts are continuously searching for certification programs in TPRM to refine their skills and authenticate their expertise.

Common Types of Third-Party Risks

Strategic Risk

Strategic risk arises from making adverse business decisions, or from the failure to implement appropriate business decisions that aligns with the organization’s strategic goals.

Reputation Risk

This type of risk arises from negative public opinion created by a third-party. Customer who are unsatisfied, security breaches, and legal violations are all examples that could cause a company’s reputation to fall.

Operational Risk

An example of operation risk is one where a software vendor is hacked, leaving the company with a downed system, or a supplier being impacted by a natural disaster.

Transaction Risk

Often, risks caused by third parties result in financial damage. An example could be a supplier delivering faulty material, resulting in poop sales.

Compliance Risk

This type of third party risk impacts compliance with laws, rules, and regulations. An example of this type of a risk is when a supplier violates a cyber law, the principle organization can also be found liable and face fines.

Information Security Risk

This is the most important type of third-party risk. An example of this type of risk is when a policy is signed with a third-party, sharing data, and the third-party is breached, thereby breaching the principle organization as well.

How do you do a third-party risk assessment?

To identify a third-party risk, an assessment may be performed by an independent or in-house cybersecurity expert. The evaluator will possibly use a vendor risk management framework from the National Institute for Standards and Technology (NIST) or the International Organization for Standardization (ISO) to evaluate your vendor risk management program. The following are the steps involved in conducting a third-party risk assessment

• Recognizing the probable risks presented by your entire third-party relationships.
• Organizing vendors based on their access to your networks, systems, and data.
• Appraising service level agreements (SLAs) to make sure that your suppliers perform as anticipated.
• Analyzing risks for each vendor based on their significance to your organization, the access to your digital network or system, and the level of sensitivity of the information they individually handle.
• Regulating compliance necessities for your organization counting the standards and regulations that must be met.
• Constantly checking for changes in their environment and yours, including changes in industry standards and regulations.
• Probing vendors with risk management questionnaires.
• Auditing certain vendors based on their responses to the questionnaires, probably with on-site visits

How do you mitigate third-party risk?

Implementing a holistic program is an ideal approach for handling third-party activities. Companies are now beginning to understand the rising risks that third-parties present to their business and are stepping up their Third-Party Risk Management endeavors appropriately.

Step 1: Identify third-party risk

Risks can be identified at different levels of engagement with third parties. Since third-party services and tools are given access to numerous resources, data, systems, applications, network appliances, and applications, and data, deciding their security risks can be complicated. You can identify risks by:

• Performing penetration testing and source code analysis to rank risks for third-parties
• Performing a threat model to assess crucial assets that a third-party tool can impact.
• Performing a red teaming assessment for the services offered by third parties to diagnose additional risks.
• Assessing exit and entry points for all third-party services and tools.

Step 2: Evaluate third-party risk

After identifying third-party risks, you need to carry out a careful evaluation to assess and account for the impact. You cannot successfully mitigate risks without evaluations and assessments. You can do the following to effectively evaluate third party risks.

• Rank the assessment of critical third-party services and tools to supervise the additional evaluation cost to the security program.
• Perform periodic evaluations concerning access to authorized and unauthorized resources for third-party services and tools.
• Evaluate the general possible business impacts of individual critical third-party tool risk.
• Assess the third-party services or tools using balanced resources.

Step 3: Mitigate third-party risk

To effectively mitigate third-party risks, risks must be assessed in a time-and-cost manner. This approach helps to lessen the seriousness of the recognized risks and resolve them. Risks must be communicated to the third party via an open channel to mitigate them. Best practices for mitigation include:

• Keep an inventory of your entire third-party assets, alongside their exchanges with downstream and upstream assets in the organization.
• Promote asset ownership for each third-party tool or service in the inventory.
• Communicate the risk management strategy to the third party and prospects before integrating the service or tool.
• Create an open channel for communicating risks and threats to the third party.
• Apply mitigating controls for safeguarding all third-party exits and entry points.
• Integrate and review changes from a third-party before distribution to customers and employees.
• Scrutinize both authorized and unauthorized access to systems from third-party assets.

Why Choose EC-Council’s CCISO Certification Program?

Besides the fact that the CCISO is designed for information security executives who want to be CISOs by refining their learning and skills to align information security programs with business objectives and goals, CCISO is crucial for the following reasons:

Written by seasoned experts

The CCISO Advisory committee consists of seasoned CISOs who designed the program using their daily tasks as a guide and both management and technology firms. Likewise, the board consists of security leaders from Universities, the City of San Francisco, Amtrak, HP, Lennar, the Center for Disease Control, and other consulting firms. These boards have shared their immense knowledge to produce this program to deal with the absence of a leadership training program in information security.

Accredited by ANSI

EC-Council’s CCISO certification program is approved by the American National Standards Institute (ANSI), which is one of the numerous certification bodies primarily focused on ensuring the information security expert meets the ANSI/ISO/IEC 17024 Personnel Certification Accreditation standards.

Concentrates on C-Level Management through the Five Domains

By focusing on these five domains, EC-Council is not only able to guarantee that their beliefs align with those of the NCWF, but they are also able to meet business and organizational demands across the globe.

Recognizes the Importance of Real-World Experience

The information security officer must have prior knowledge before they can secure a C-Level job, as it allows them to acquire a holistic understanding of what to expect while in the area. This is why the CCISO certification program is made up of numerous real-world events confronting modern CISOs across the globe.

Source: eccouncil.org

Continue reading

2 Popular Cyber Threat Intelligence Feeds and Sources

Threat intelligence feeds are an actionable threat data associated with indicators or artifacts gathered from third-party vendors to learn from the access and visibility of other organizations to improve your own cybersecurity threat awareness and response. Threat intelligence feeds and sources must be applied alongside your technical controls, so you can prevent cyberattacks.

What is threat intelligence in cybersecurity?

Cyber threat intelligence is the information applied by organizations to understand future, past, and current threats more fully. Threat intelligence provides the context necessary for cybersecurity experts to make informed decisions regarding your network security, particularly after an attack.

Although cyber threat intelligence is not a panacea for cyberattacks, however, creating one is critical. Having a working knowledge of cybersecurity threats will make you better equipped to design and implement an efficient plan for securing your systems and networks.

In the evolving world of technology and the ever-increasing specter of cybersecurity threats, an organization’s defense mechanisms are incompetent and insufficient to prevent these attacks. Thus, demands a structured approach and a skilled team of analysist for building a successful threat intelligence program.

What are cyber threat intelligence feeds and sources?

Threat intelligence feeds cover incessant streams of real-life threat data, including IoCs (the Indicators of Compromise). However, they are more than just continuously updated feeds that offer data or external information on potential or existing threats, vulnerabilities, and risks.

As stated earlier, threat intelligence feeds often consist of simple indicators or artifacts. There are practical differences that differentiate feeds from each other. Usually, individual feeds focus on an aspect. A feed might portray a stream of code shared on pastebins, suspicious domains, IP addresses connected to malicious processes, or lists of known malware hashes.

While data, information, and intelligence are often used interchangeably, they form the difference between threat intelligence feeds. Even though these feeds are referred to as “intelligence” feeds, the majority is made up of data or information, instead of just a curated intelligence. Additionally, while feeds can be obtained, an organization must first recognize its threat intelligence feeds requirements before proceeding.

Why is a cyber threat intelligence feed important?

There is no doubt that cyber threat intelligence is a valuable investment for any organization. It is extremely important to tackle malware and cybersecurity threats as speedily as possible because the longer these threats are left unattended, the easier they can lead to an issue, and the greater their impacts.

Having access to the correct security information that you can feed into your security systems such as SIEMS and UEBA (user and entity behavior analytics) helps you apply automated security controls, analyze the data in real-time, and automate comparison of feed entries with internal telemetrics, including DNS logs and firewalls. This will save you time and eliminate the hazard of human failure.

A solid threat intelligence framework merges massive feeds into a single feed, instead of looking into each feed individually. However, one of the most important aspects of threat intelligence feed for an organization is the maintenance of a database consisting of past incidents and threats, alongside the competence to realize better counter-threat recognition and prevention.

What are the sources of security threats?

Different sources of a threat intelligence feed each has its individual advantages and disadvantages. With almost every security vendor website offering information and data on the newest threats, organizations need to be thorough in selecting the sources of their security threats.

Nevertheless, there are two broad categories of threat intelligence feeds, which include private intelligence feed and public threat intelligence feeds.

Private threat intelligence feeds

These feeds are usually paid for and obtained from third-party security vendors. They are usually generated from the internal team of an organization. Most of the significant sources for governmental cyber threat analysis are obtained from here.

Public threat intelligence feeds

These feeds are usually made available to the public over the internet. Examples of public sources for threat intelligence feeds are:

◉ Open source threat intelligence feeds

◉ Commercial source feeds

◉ Government source feeds

◉ Social listening

◉ Further monitoring using Pastebin

◉ Internal Sensors

Open-Source Intelligence (OSINT)

OSINT feeds and intelligence sources are widely used frameworks by cyber intelligence analysts, penetration testers, or bug bounty hunters for performing cybersecurity reconnaissance. Open source threat intelligence projects collect data from IT sources and the open-source community to deliver available and continuously updated feeds.

Likewise, some of the feeds made available by the government and other independent research institutions, typically fall under the open-source feeds. Although not every feed offered are frequently updated. Neither are they suitable when it comes to actively feeding your SIEM.

Pastebins

These are referred to as an information repository and mostly used by coders and developers. Pastebins are repertories where text can be copied and pasted. The information posted can be viewed by anyone except those flagged as private.

Social Listening

This feed gathers information from social media platforms such as LinkedIn, Twitter, and Facebook. When it comes to sharing live feeds, Twitter has been the go-to site for most people. In fact, you can follow twitter profiles for revised information regarding certain feeds.

Source: eccouncil.org

Continue reading

What is SSH port forwarding?

SSH port forwarding or SSH tunneling is the process by which a TCP/IP connection, which would be otherwise insecure, is tunneled inside a secure SSH tunnel. This process protects the tunneled connection from network attacks. This process can also be called TCP/IP connection tunneling.

SSH is an extensively applied protocol for system administration and file transfer. Protocols can be forwarded through the SSH tunnel, including HTTP, FTP, SMTP, POP3, TELNET, and others. This provides improved security features like authentication and encryption, which may not otherwise be supported.

Who can use SSH tunneling?

The flip side of SSH port forwarding is that anyone who can log into your server can allow port forwarding, which is often exploited by internal IT personnel. These users can log in to their home servers or devices in a cloud and forward a port from the server back into the organization’s intranet, and then to their work devices or appropriate server.

The problem with this is that malicious actors and other malware can also use a similar route to create a backdoor into your internal network. The attackers can use it to conceal their tracks by bouncing an attack using several applications or devices, which allow unrestrained tunneling.

A licensed penetration tester (LPT) can expertly recognize all the new vulnerabilities that are being actively exploited, eliminate sensitive information before they can be exploited, and mitigate all your network’s vulnerabilities. You can take penetration testing training online to make you an indispensable asset to your organization.

What is SSH port forwarding in Linux?

SSH port forwarding establishes a secure connection between a local computer and a remote Linux machine through SSH protocols which can delay services. You need to give your client your source and destination port numbers to use SSH tunneling in Linux. You also need to provide the location of the destination server, which can either be a hostname or an IP address.

This is because the destination port stipulates the port wherein the target TCP/IP server is listening. SSH tunneling is important for transferring information that applies unencrypted protocols, like IRC, IMAP, or VNC. Regardless of whether the application supports an SSL encryption or not, SSH port forwarding is capable of establishing secure connections.

What is SSH tunneling used for?

SSH tunneling is the process that allows the transmission of arbitrary networking data through an encrypted SSH connection. SSH port forwarding can be applied to create a sort of a virtual private network (VPN) and get around restraining firewall connections. This process can also be used for attaching encryption to legacy applications.

What are the benefits of port forwarding?

Port forwarding is one of the exceptional ways of preserving public IP addresses. It is transparent to the end-user and includes an additional layer of security to networks. Port forwarding is also beneficial because it shields clients and servers from unwanted access, restricts access to and from networks, and also “hides” the servers and services accessible on a network.

Likewise, SSH tunnels are extensively applied in several corporate settings that use mainframe systems as their application backends. In these settings, these applications may have extremely limited local supports for security. However, through the use of SSH tunneling, compliance with PCI-DSS, SOX, HIPAA, or other recognized standards can be realized without the need to adjust those applications.

Is port forwarding SSH safe?

SSH port forwarding is not dangerous by itself, however, its safety depends on the service at the target port. Some have suggested that the safety of port forwarding is dependent on how strong your firewall is and its level of internal and external protection.

The security of port forwarding goes beyond the router. Your security mainly rests with whatsoever software is on the device listening in on that port. So, the issue is not just your router but your device. It is a popular knowledge that all open ports on a network are constantly vulnerable attacks.

Nevertheless, the odds of a malicious hacker attempting to attack your network on those ports are very slim. An attacker cannot infiltrate your network through the forwarded ports. However, your router may be set to “allow configuration on WAN”. The setting of each router may be different, but ensure you allow only LAN configurations and disable all WAN configurations.

Types of SSH port forwarding

Three types of port forwarding exist including

Local port forwarding

This is the most common type of port forwarding. Local port forwarding allows you to connect your local system to another server. Here, a connection from an SSH client can be sent through the SSH server and later to the destination server. However, you need to know two port numbers and your local destination.

Dynamic port forwarding

In this port forwarding type, connections from different programs are forwarded through the SSH client to the SSH server, and lastly to numerous destination servers. This modifies your SSH client into a SOCKS proxy server. You need to specially configure each program that employs the proxy server. You should also reconfigure them back when you are no longer using the proxy server.

Most people find local port forwarding easier to use than the dynamic port forwarding. However, the later affords you more flexibility since you are no longer required to apply a predefined remote port and server.

Remote port forwarding

This allows connections from the SSH server, which are forwarded through the SSH client, and afterward forwarded to a destination server. Supposing your local server or computer does not have an internet routable IP address, remote port forwarding will still let you connect to it using the forwarded port and the remote server IP address.

In short, the essence of remote port forwarding is to permit a remote server to gain access to the resources on your local device.

How does SSH port forwarding work?

Port forwarding starts with the packets that are generated when you forward a data request over the Internet. Your network router will typically assess the header of an IP packet and forward it to the connected and proper interface. This will then transfer the data to the target information in the header.

However, with port forwarding, the intercepting device or application browses the packet header, takes note of the destination, and later modifies the header information. This is then sent to a different computer than the one intended. The subordinate host destination may have a different port on the same IP address, a different IP address on the same port, or a totally different mixture of the two.

Explaining port forwarding with an example

To understand how SSH port forwarding works, you may need to first understand the way the Internet functions. So how does the internet work? The Internet allocates computers virtual “ports”, similar to the USB ports you have on your computer systems.

Let’s assume you want to share a file on your phone with your PC. First, you connect the USB port at the bottom of your phone to the USB port on your computer. Afterward, your PC will have a dialogue with your phone about the file you want to send. It will then show you all the results.

However, unlike your USB port, there is no physical connection, or visible port, or wire that can help you connect to the internet. The whole concept of the internet port is just to help you understand what your computer is doing. Just know that the internet has two types of the port which include the strange ‘UDP’ port and the normal ‘TCP’ port.

Furthermore, every computer has precisely 65,535 TCP ports, with some ports having unique functions. Your web browser knows which port to connect to at all times. Suppose your external client expects to connect to port 80 on a web browser running on your private network.

All you need to do is enable port forwarding, which would statically map the external IP address and port 80 to the internal IP address and port 80. This is what port forwarding involves.

Source: eccouncil.org

Continue reading

Is a career in network security a good choice?

No matter an organization’s size and nature, they need a security expert in their team. This is because cyberattacks are increasing every day, and it is predicted that cybersecurity will cost the world US$6 trillion by 2021, indicating that a career in network security is a hot commodity. At the same time, the risks brought on by the pandemic have also led to a significant rise in cyber threats across the world. Microsoft Threat Intelligence teams reported an eleven-fold spike in COVID-19-themed cyberattacks the week following the announcement of WHO recognizing the pandemic.

The importance of network security

Why pursue a role in network security?

Network defenders are in demand

Now is the best time to start a career in network security as there are not enough professionals to go around. Furthermore, the jobs in this field are plenty, and it is estimated that professionals need to grow to about 145% before they can meet the global demands in the market.

Network security is a lucrative career

The average salary of a network security analyst is $81,100 annually. However, this may vary based on one’s experience, skill-set, company, and role, with some entry-level roles making well over $95,000 per annum.

What are the skills you need to become a network defender?

A network security administrator’s major goal is to protect an organization’s network infrastructure by creating and implementing policies and procedures. Network security jobs are an evolving role, and professionals need to be skilled in analyzing risks and weaknesses in a network.

To become a network defender, the following skills are recommended:

◉ Managing LAN, WAN and server architecture

◉ Solve security issues

◉ Testing systems for both hardware and software vulnerabilities

◉ Managing VPNs, firewalls, email security, web protocols and security programs

◉ Developing and implementing virus detection systems

◉ Track and record system vulnerabilities

◉ Document and report security analysis findings

◉ Supervise the instillation of new applications (software and hardware)

◉ Analyze and implement new security protocols and technologies

◉ Modifying regulatory systems within IT security

◉ Maintain the integrity of hardware and software

◉ Analyze and investigate security breech alerts

◉ Develop and Implement security policies

◉ Create user authentication/access policies and protocols

◉ Maintain and update system architecture

◉ Maintain and monitor servers and switches

For a career in network security, you need to know the basics of networking, such as networking concepts, fundamentals of computer networks, communications, devices, layers, etc.

How to become a network security defender?

You can join a network security training program that follows the protect, detect, and respond approach to defend a system. The program must also cover all the necessary topics that are related to network security. Furthermore, the network security certification program must be recognized and accredited by a governing body.

If you have experience in networking or have a network security certification in any network security program, you can join the network security program to kickstart your career. However, if you are new to the computer network niche, you will need to enroll for certifications like Network Security Fundamentals (NSF).

The NSF program is an entry-level program designed by EC-Council for people who want to start a career in network security. IT professionals that are not into security but are looking to progress in their career can join network security programs like Certified Network Defender (CND). The Certified Network Defender (CND) programs by EC-Council helps administrators to develop their network defense skills.

Frequently Asked Questions

How is cybersecurity as a career?

There is a wide range of career opportunities for network security engineers in the cybersecurity field. Potential jobs in the cybersecurity field are security architect, information security analyst, chief information security officer, and security engineer.

Industries that can hire cybersecurity professionals are computer systems design and related services, credit intermediation and related activities, management companies and enterprises, etc.

What are the types of network security?

Some of the common types of network attacks are:

◉ Virus

◉ Malware

◉ Worm

◉ Phishing

◉ Botnet

◉ DoS (Denial of Service)

◉ Distributed Denial of Service (DDoS)

◉ Man-in-the-middle

Source: eccouncil.org

Continue reading

What is IT Disaster Recovery?

IT Disaster Recovery is the application of policies, tools and methodology to resume normal operations following a natural or human-induced disaster by regaining access to data, software applications, hardware devices, networks and connectivity. Disaster recovery plan focus on IT systems that support the business-critical functions.

Cyber Disaster Recovery Plan

Disaster recovery plan is a set of rules and procedures to prepare the organization to quickly and effectively recover in the event of a disaster by restoring the data and critical applications. The disaster recovery plan also defines the response action during the outage.

Why become an IT Disaster Recovery Specialist?

IT disaster recovery and business continuity (DR & BC) are intricately linked practices that sustain an organization’s capacity to remain operational after an unpleasant event. Considering the increasing dependency of organizations on information technology to run their operations, disaster recovery efforts focus on IT, and business continuity planning embodies the entire organization.

Disruption isn’t merely an inconvenience for your consumers. Ransomware attacks and even natural disasters such as floods, fire hazards among others, can damage your corporate brand, accumulate financial losses, and in worst-case scenarios, it can permanently shut down your business.

Having an effective cyber attack recovery plan and constantly conducting DR testing is essential for managed service providers. Having a disaster recovery specialist ensures that you learn about weaknesses within your cybersecurity landscape.

What does a Cyber Disaster Recovery Specialist do?

The job of an IT disaster recovery specialist falls under the wider career category of Business Continuity Planners. IT disaster recovery specialists design contingency plans, while disaster recovery engineers execute them.

Nevertheless, your primary responsibility as a disaster recovery specialist is to protect businesses by designing and updating technical DR & BC plans. They work alongside the information technology professionals in an organization to recognize resources required for recovery and also increase the understanding of interdependent programs.

Likewise, Disaster recovery specialists table their recovery plans to the organization’s business and information technology executives to obtain approval. They provide DR BC training for staff members and also update disaster recovery plans.

Disaster recovery job market and potential salary

According to LinkedIn (as of August 2020) there are over 20,000 disaster recovery jobs available across the world. At the same time, the salary of an IT disaster recovery professional can vary widely depending on several significant factors such as education, additional skills, certifications, location, and work experience. With the availability of more online disaster recovery training, you can improve your earnings.

According to PayScale.com, the average Disaster Recovery Specialist salary is 80,000 USD. At the same time, Salary.com suggests that the average salary for a Disaster Recovery Manager in the United States is 131,338 USD.

How to become an IT disaster recovery specialist?

Skills required

Risk Assessment

Ability to conduct risk assessment by Identify operational risk issues and assign risk ratings.

Risk Management

Developing, maintaining, and ensuring adherence to enterprise-wide operational risk frameworks, risk policies, and risk management procedures.

Risk Coverage

Identifying and providing appropriate operational risk coverage for the organizations in scope and their risk-taking activities

Business Impact Analysis

Predicts the impact of cyber disaster on business function and gather information needed to develop recovery strategies.

Control Review

Develop, implement, and support an effective control review and challenge process to provide transparency, accountability and escalation of control effectiveness.

Data Backup and Recover

Ability to create and review system recovery, data backup and data recovery strategies

Business Continuity Planning and Management

Drive Business Continuity Management initiatives across various departments and maintain BCM related documentation like policy, plan, recovery, etc. Manage and implement business continuity plan using BCP program management tools and process.

Review, Testing and Training

Review and test the business continuity management process periodically. Conduct trainings for BCP awareness for employees to monitor status and defining the roles and responsibilities of the critical staff.

Certifications – Gateway to become a Certified Disaster Recovery Engineer

Certifications validate your skills and certify your expertise in any profession. The Cyber Disaster Recovery Certification such as EDRP gives recognition to your competence and demonstrates your commitment to the cybersecurity disaster recovery position.

Source: eccouncil.org

Continue reading

9 Rules to Help You Build Your Threat Intelligence Program

A threat intelligence program can be a great asset to a modern organization. This is because it will help you design a reliable way to implement the threat intelligence data set you to accumulate, so you can speedily recognize and efficiently respond to growing threats.

Introducing an in-house cyber threat intelligence program as part of the larger cybersecurity endeavors can lead to several useful results. Today’s cybersecurity setting is tasking and necessitates that cyber intelligence analysts respond to changes speedily and efficiently. Nevertheless, there are several roadblocks encountered during the course of building a threat intelligence program, causing several organizations to make the same handful of mistakes. This is why EC-Council offers the Certified Threat Intelligence Analyst (CTIA) program to help organizations detect and prevent business risks by translating unknown external and internal threats into known threats.

What is threat intelligence?

Threat intelligence refers to an evidence-informed knowledge, which covers mechanisms, context, inferences, pointers, and action-focused recommendation regarding an emerging or present threat to organizational assets. This intelligence has many positive outcomes and can be applied to inform decisions regarding the target’s response to the threat.

Threat intelligence provides cyber intelligence analysts with the context that helps them to make informed decisions about an organization’s security position by responding to questions such as who is the attacker, what are the indicators of a compromise in the network or system, what is the motivation of the attacker, and what are they capable of?

What is a threat intelligence program?

A well-defined threat intelligence program is iterative and becomes more advanced as time goes on. Building a successful cyber threat intelligence program would require a well-tested process, the full commitment of the threat intelligence team, effective threat modeling tools, and the obtainability of technology.

Why is cyber threat intelligence important?

Security experts have been lagging behind their opponents who continue to introduce new attacks daily using sophisticated and innovative techniques. Also, most security experts are stalled by the broken negative security model, where they concentrate on attacks they’ve never encountered, which ensures they overlook new attacks.

However, the introduction of threat intelligence program has made the difference in how companies respond to threats and focus their resources on mitigating risks. Organizations need threat intelligence for effective defense against all forms of attacks. Cyber threat intelligence is important for the following reasons:

Provides Actionable Intelligence for effective defense

Cyber intelligence analysis offers a value-added benefit to cyber threat information, by decreasing uncertainty for the user, while helping the user to detect threats and openings. Through the intelligence gathered, the cybersecurity intelligence analyst can determine if the security defense system can really mitigate potential threats and adjust them as required. Threat intelligence provides you the context you need to make informed decisions and take productive steps.

Saves organization’s time and effort to manage threats and vulnerability

When there’s a successful cybersecurity attack, the organization that falls prey to this attack will spend tons of money on everything and anything to make it all go away. However, a cyber threat intelligence program can help your organization save money by constantly being aware and prepared to tackle any form of attack. With threat intelligence, security analysts can put measures in place that identifies and lessens the impact of an attack, saving you tons of money.

Collaborative effort

Since both people and machines work better together, they work smarter, ensuring the best possible defense against attacks, a cost-effective approach, and diminishes scenarios of burnouts. Organizations can also share their knowledge on an attack, which helps other organizations tackle a similar attack.

9 Important rules for implementing a threat intelligence program

Rule 1: Identify the assets you want to protect or safeguard

The very first step in this process is defining the need for Threat Intelligence by analyzing the assets or information systems that need to be protected

Rule 2: You need a plan

Every successful venture begins with a well-crafted plan. Doing everything at the same time will only overwhelm you and generate useless data and alerts. Threat intelligence is a broad field and doing everything at the same time will leave you burnt out.

You should start by defining your problem, determine how to resolve your problem, and what resources are available to help you solve it in the most effective manner.

Rule 3: Recognize typical user behaviors

You need to understand the characteristic user behaviors and their usage in the environment. You need to understand your audience even more than the attacker, so you can identify loopholes. It would be best if you were conversant with typical user behaviors that attackers can imitate.

Most people consider the threat intelligence domain as an elite-focused analyst environment. However, it has been discovered that threat intelligence is useful for everyone and every organization because it can help you identify leaked data, prioritize vulnerability patching and remediation, enhance security operations, speedup threat detection, and inform board-level decisions.

Rule 4: Hire personnel who understand threats

The expertise of your staff will determine the effectiveness of your threat intelligence program. Usually, building and implementing requires two skill sets. Your cybersecurity intelligence analyst needs to understand what it takes to build a threat intelligence program and also the business needs of the organization. The CTIA also needs to understand all the possible shades of threat intelligence so they can help design and direct the program at all levels.

Rule 5: Identify your threat intelligence requirements and use the appropriate tools

After hiring the right people, you need to adopt the right technologies to meet your needs. You need the right tools to be able to respond to and capture the information on your own incidents. Rather than subscribing to all the vendors offering all sorts of security data, you need a threat intelligence solution that can collect huge amounts of data from the dark and open web. At the same time, the TI solution must be able to eliminate the heavy lifting linked with cross-referencing, sorting, and verifying alerts before they are accessed by the certified threat intelligence analyst.

Rule 6: Determine your data sources

You need to gather data to identify the activities of malicious actors and mitigate them. You can gather threat intelligence data majorly from command and control networks, malware indicators, compromised devices, IP reputation, and phishing messages. Not understanding the context of an attack is what makes organizations spend their resources on the wrong technologies.

Furthermore, since you’ll likely implement multiple threat intelligence sources, you may want to ensure you don’t produce replica alerts. The best way to recognize an overlap is to understand how each intelligence vendor gets its data. Ensure you don’t fall prey for marketing hype about big data analysis, proprietary algorithms, or other scams pulled out of a spy novel.

Do your diligence by yourself by placing each provider through its strides before you fully commit. Ensure you build a stage into your threat intelligence program to offer context for your threat intelligence feeds before you include them to your active controls or monitors.

Rule 7: Deploying right set tools and methodologies for Threat Data Analysis and Processing

Based on the requirement analysis of what assets need to be protected, tools and techniques are used for threat modeling and processing. Tools and methods required for generating intelligence to protect an application will be different in case of a network or other system.

Rule 8: Choose a threat intelligence program that you can be integrated

Several technical threat intelligence is useless if you can’t integrate them into your existing security technologies or automate them to replace labor-intensive tasks. Even if it is manually generating reports, swapping between windows, or including fresh rules to security technologies, your manual procedures can be time-consuming. This is why there is a need to integrate threat intelligence technologies and manual tasks.

Rule 9: Communication is everything

Communication is one of the most significant aspects of a threat intelligence program. There must be a clear communication path between the cyber threat intelligence team and their respective audiences. You need to know if your audiences are happy with your services or not, whether they no longer need what you are offering, or whether they want something new.

Although, you may not be able to meet all their demands as some may be impractical. However, you need to be aware of the needs of your audience so you can incorporate them into your threat intelligence process where necessary.

Source: eccouncil.org

Continue reading

Canada Now Most Phished Country: What You Need to Know

It seems that criminals using phishing tactics have found a new hotbed – Canada! RSA’s Fraud Quarterly report states that virtually 70 percent of fraud phishing attacks are targeted at Canadians. Although several surveys have demonstrated that phishing in Canada is increasing, most experts are unsure of why the sudden increase in Canada-specific attacks.

On the one hand, it is normal for malicious actors to target users in developed countries with high levels of internet connectivity and technology practice. Yet, this does not fully explain why Canada has experienced such a significant jump in the volume of phishing attacks when compared to other developed countries.

One thing is for sure – phishers are attempting, and in many cases succeeding, to take advantage of both employees and individuals who lack security awareness.

Depending on the level of success of these criminals, these phishing attacks could lead to major cybersecurity incidents if no action is taken. Implementing best practices required to recognize and avoid phishing attacks and malware infiltration should be a part of  every Canadian organization’s overall risk prevention strategy. Although there are many ways to protect Canadians from being a victim of a phishing scam, implementing an anti-phishing solution can help organizations stay alert and prepared.

What is phishing?

Phishing is a social engineering attack applied to steal the user’s data, credit card details, login credentials, and other sensitive information. Phishing attacks occur when attackers disguise themselves as reliable parties to dupe the target into opening an instant message, email, or text message.

The following is an example of a phishing attack:

A spoofed email, supposedly from a credible university, is distributed en masse to several faculty members. The email declares that the user’s password is about to expire, and instructions are given to go to the “university’s page” to renew their password within 24 hours. In this case, the link redirects to a phishing website asking the person to login in order to capture their login credentials.

What are the three most common types of phishing?

Most organizations must educate and inform their employees to recognize how to identify some of the most common phishing scams if they are ever going to defend their organizations, their clients, and themselves from data breaches.

Spear phishing

This technique relies heavily on a personal touch. Spear phishing refers to malicious emails sent to a specific target. These malicious actors already have the target name, job title, employment location, email address, and other specific information about the target.

Email phishing

This technique relies on a number game. The phisher sends thousands of deceptive generic requests in a bid to steal the person’s login credentials or personal data. These emails have a sense of urgency or threaten the target to do what the attacker wants.

The effectiveness of this type of phishing depends heavily on how the malicious actor can make the email look closely like an official correspondence. For this reason, experts advise to always check the authenticity of a URL before clicking on them.

Smishing and vishing

Telephone replaces emails in vishing and smishing scams. Typically, a vishing scam involves a telephone conversation where an attacker pretends to be a fraud investigator from a bank or credit card company. The person informs the target that their account has been hacked. Similarly, smishing involves the attacker sending out text messages, claiming similar issues.

Stay Calm and Secure Your Teams from COVID-19 Phishing Scams

What is the most common example of phishing in Canada?

According to the Canadian Anti-Fraud Centre, spear phishing has defrauded people of more money than any other scam in Canada. With phishing scams, the malicious actor sends the same email to several people with the expectation that a substantial number of them would be fooled into sending them money.

In fact, last year, it was reported that Canadians searching for love on the internet or other dating sites reportedly lost about $143 million due to romance scams.

How do I report phishing in Canada?

The Canadian Anti-Fraud Centre handles the reports on fraud and identity theft. If you suspect you may be a target of a phishing scam, or if you have received a phishing attempt, you can report it to the Canadian Anti-Fraud Centre through their Fraud Reporting System or their telephone at 1-888-495-8501.

No one deliberately chooses to be a victim of a scam or fraud. While some people ignore or delete suspicious or junk emails, others are not so lucky. Many phishing emails or text messages often appear unprofessional.  They are muddled with grammatical errors or request that you click on links with URLs that look strange. Increasingly, however, they are more professional in appearance, lulling us into complacency. You can also report mail/ messages to the organization that it appears to be sent from.

Is cybersecurity an in-demand career in Canada?

The urgent need for cybersecurity professionals comes as no surprise. ICTC research shows that as many as 100,000 cyber professionals will be needed by 2022.

However, regardless of the high demand, there is a serious talent crunch in Canada when it comes to cybersecurity experts. Qualified cybersecurity professionals are needed to ensure phishing and email safety.

EC-Council Country Manager – Canada, Heather MacLean emphasized the importance of cybersecurity when she stated that: “Canada is a digital society. Everything we do can be tied to the internet. It is essential to inform our employees about the important role they play in stopping cybercrime. Thus, we must provide critical awareness tools to arm them with the right knowledge.”

Source: eccouncil.org

Continue reading