The 3 Biggest Information Security Management Challenges for Leaders in 2022

Cybersecurity is one of the biggest concerns in business, with 48% of CEOs worried that their company might experience a devastating digital attack in the next year (PwC, 2022). This puts the spotlight on CISOs and cybersecurity leaders, who are under pressure to deliver information security management procedures that keep data safe.

In a changing cybersecurity landscape, that’s harder than it sounds. New threats and exploits emerge daily, while hackers keep attempting new strategies. Not only that, but corporate IT infrastructures are also evolving, and new technology always means new vulnerabilities.

Top 3 Information Security Management Challenges of 2022

CISOs and Infosec leaders have to maintain a fine balancing act. On the one hand, you must keep data safe and prevent attacks—but you also have to support growth and innovation, allowing your organization to flourish.

Balancing these competing requirements can lead to serious challenges. To get information security management right in 2022, you must:

1. Support diversified networks

The typical corporate data infrastructure has changed a lot in the past ten years, and that change has only accelerated during the Covid-19 pandemic.

Three of the biggest changes with implications for information security management are:

◉ Working from home: 58% of Americans now have the opportunity to work from home at least once per week (Dua, et al., 2022), and globally, 52% of employees work from home at least once per week (Simovic, 2022). Remote work may involve relying on an unsecured device, such as a personal laptop, or connecting via an unsecured network, such as home or public Wi-Fi.

◉ BYOD policies: 82% of companies in the U.S. have some form of a Bring Your Own Device (BYOD) policy, which allows users to access internal systems from a personal device (Schulze, 2022). BYOD policies can cover devices such as laptops, phones, and tablets. Such devices are typically dual-purpose (business and personal use).

◉ Third-party ID: Enterprise cloud services often allow users to sign in with a third-party ID, such as Apple ID or Google accounts. Organizations can choose whether to use managed accounts on these services or to allow employees to use their personal IDs.

These changes reflect our current reality, where most people have access to powerful personal electronics, including phones, laptops, and high-speed home internet connections. It’s convenient to allow people to use these devices, especially if they’re working remotely.

However, this means that corporate networks now have a vastly increased number of endpoints, each of which is vulnerable to attack. Managed devices can reduce the associated risk, but most people would prefer the option to use their own devices.

Ultimately, it’s a trade-off between security and ease of use. When organizations choose convenience, it makes information security management that much harder.

2. Safeguard cloud services

Cloud services are almost ubiquitous now, with 89% of enterprises employing a multi-cloud strategy (Flexera, 2022).

This indicates that many businesses trust cloud providers to provide secure services and ensure data availability and integrity. In a 2022 survey of information security management concerns, most CISOs did not list provider-side issues as a primary concern. (Cloud Security Alliance, 2022).

Instead, most IT leaders are worried about vulnerabilities such as:

◉ Credential management: Many organizations take a role-based security approach to ensure that individuals can only access data if they have a legitimate business need. The challenge is to keep credential management systems up to date so that everyone has the appropriate level of access.

◉ Configuration and integration: Information Security Management experts often have to deal with complicated tech stacks with multiple cloud platforms. Individual cloud service providers can help find the optimal security configuration, but things quickly get complex when cross-platform integrations are involved. This level of complexity increases the risk of something going wrong, possibly exposing data.

◉ Insider threats: Cloud services give users a lot of power, as they can easily access sensitive data from their personal devices. This raises the threat of malicious actions—such as when someone downloads customer data and saves it to another device—and threats arising from poor security practices, like when a user leaves their laptop unattended in a public place.

The information security management challenge here is not the fault of the cloud services themselves. Instead, it’s an issue of the security architecture on your side. This includes the kind of software and processes attached to your cloud services and the best practices you teach users.

3. Protect digital assets

For many organizations, data is now their most valuable asset. Data powers customer relationships, provides insights through analytics, and allows internal processes to run smoothly.

Unfortunately, if you have any valuable assets, someone will try to steal them. Businesses are learning to think about data as an asset that requires safeguarding in the same way you protect physical assets like stock and equipment.

The Dark Web is home to a thriving market for stolen digital assets (Ruffio, 2022), which can include:

◉ Financial data: Money is the main motivation for cybercrime, with 86% of hackers seeking a financial advantage (Verizon, 2020). This includes anything that can be used to steal money, such as credit card numbers, banking logins, and access to payment services.

◉ Login credentials: Hackers also want to access individual accounts, so usernames and passwords are highly sought-after. Even if the login details don’t lead to a valuable account, the hackers might gain access to personal data that will help them commit identity theft.

◉ Personal information: Any personal data can be highly valuable, whether it belongs to your customers or employees. Names, addresses, emails, phone numbers, dates of birth, and Social Security Numbers can all help to commit identity fraud or break into other secure accounts.

◉ Proprietary information: Hackers will also seek valuable proprietary data, which can include intellectual property, confidential documents, and product design. This kind of digital asset can often lead to espionage or blackmail.

Ransomware attacks often take these digital assets hostage, with criminals promising the data’s safe return when the victim pays a ransom.

However, many data breaches happen quietly. In some cases, hackers will identify a weakness and continue to harvest data until the organization identifies and repairs the breach. That’s why it’s so important to have the right approach to Information Security Management.

Get Ready for the Information Security Management Challenges Ahead

It’s hard to predict the future, but we know two things for sure: IT infrastructures will keep getting more complicated, and hackers will keep looking for vulnerabilities.

That’s why every organization needs an InfoSec leader ready for the challenges ahead. If you’re working towards the CISO role in your organization, you can take a step forward with the Certified Chief Information Security Officer (C|CISO) program from EC-Council. This certification builds on your existing knowledge of cybersecurity management and teaches you what you’ll need to know to succeed in executive leadership. 

The C|CISO program was developed by seasoned CISOs to help you deliver the right cybersecurity management strategy for your company.

Source: eccouncil.org

Continue reading

How to Become a CISO (Chief Information Security Officer)

The Chief Information Security Officer (CISO) is one of digital security’s most powerful and high-paying roles. As a CISO, you’ll have complete responsibility for all aspects of your organization’s data. You will also play a vital role in business strategy and help shape your company’s future.

Becoming a CISO is generally considered the final destination of one’s cybersecurity career path. However, it’s never too early to start planning a route that takes you all the way to the boardroom, even if you’re only taking your first steps in the world of information security.

Why Are CISOs in Demand?

CISO is a relatively new position in the C-Suite. However, numerous companies are deciding to appoint a dedicated director of security. Around 55% of all companies currently have a dedicated CISO on the board. Of those that don’t have a CISO, 58% say they will add this position (Navisite, 2021).

In the past, IT security was part of the remit of other senior IT leaders. The Chief Technology Officer (CTO) or the Chief Information Officer (CIO) generally took responsibility for preventing cyberattacks. These executives would work with cyber security experts within the IT team to create robust digital defenses.

However, the sheer scale of cyberthreats mean security is now a leadership issue. According to the FBI, cyber fraud has increased by almost 500% in the last five years (Federal Bureau of Investigation, 2021). The cost of a hack can run to USD 180 per individual file accessed (IBM Security, 2021).

Organizations are under constant threat from cybercriminals. That’s why it makes sense to appoint an experienced security expert who can offer guidance and support at a strategic level.

CISO is a well-paid position with an average salary of around USD 231,000 (Salary, 2022). However, executive remuneration can vary, depending on the company’s size and the job’s nature. In recent years, top-tier CISOs have commanded salaries of over USD 2.3 million (Melin, 2019).

What Does a CISO Do?

Chief Information Security Officer is an executive-level position. If you become a CISO, you will work directly with the organization’s other executives, including the CEO.

Your primary duty will be to protect your organization’s data. A Chief Information Security Officer’s responsibilities include:

◉ Developing a security infrastructure: You will work with a team of security managers and architects to build an operational security infrastructure. You will have a high-level overview of all groups, departments, and business units. You are also responsible for incident response and the disaster recovery plan. Keeping all these elements aligned will require excellent communication, delegation, and problem-solving skills.

◉ Supporting business strategy: Senior leaders spend most of their time talking about the future. What’s the smartest next step? Is it time to grow or consolidate? As a CISO, you will help your C-Suite colleagues develop business strategies that are safe and secure. You need to be a strategic thinker with a keen eye for risks and opportunities.

◉ Approving technology investment: The CISO works closely with the CTO and CIO to make plans about the organization’s IT infrastructure. Together, you’ll identify technological solutions that support growth without creating additional risk.

◉ Overseeing regulatory compliance: Handling data raises several compliance issues especially if you have customers in different jurisdictions. As CISO, you will ensure that the organization always follows the correct rules and standards. You’ll also alert the other board members if their plans might lead to compliance issues.

Data is the lifeblood of every modern company. As CISO, your job is to ensure that data flows safely and reliably throughout your organization. With cyber security under control, the company will be free to focus on its long-term strategy.

How to Become a CISO

When a company hires a new Chief Information Security Officer, they’re looking for someone they can trust completely. As CISO, you will have complete control over data security. You will also have a voice in the company’s long-term strategy.

To become a CISO, you must prove that the company can trust you in the role. You can do this by building a compelling record of accomplishment in cybersecurity. Here are the steps you can take:

1. Get the right education

Your education will be the foundation of your CISO career. At a minimum, you should have a bachelor’s degree in computer science or a related discipline. Most companies will also expect a postgraduate qualification such as a Master of Science in Cybersecurity (MSCS) (Indeed, 2021).

2. Build your technical experience

You will need to have a substantial digital security background before applying for a CISO position. Ideally, you should have a diverse knowledge of different platforms and solutions. You should also have a broad understanding of cyber threats. Most roles require a minimum of five years’ worth of hands-on experience (LinkedIn, 2021).

3. Get leadership experience

CISO is essentially a leadership role. Much of your energy will go into building an outstanding security team and helping them deliver your strategy. As such, you will need an exceptional background in managing, supporting, and communicating with a team. Seven years of management experience is often the minimum for CISO roles (LinkedIn, 2021).

4. Become qualified as a CISO

The hardest part of the journey is often the leap from management to executive leadership. You can give yourself a boost across this divide by obtaining an up-to-date qualification that will equip you with everything you need to succeed as a CISO. The Certified Chief Information Officer (C|CISO) qualification can provide you with up-to-date information and crucial real-world experience.

5. Develop your strategic vision

When a business hires a new executive, they’re looking for someone who can lead them into the future. You will need to show that you are more than just a talented security manager you’re someone who can support growth and innovation. What strategic vision will you bring to the boardroom?

The path to becoming a CISO is long and arduous. But, if you’re genuinely passionate about security, this is your chance to become an innovative leader in the fight against cybercrime.

How to Get Started on a CISO Career Path

Every journey starts with a first step. If you’re an IT professional considering moving into security, you could start by looking at the Certified Network Defender (C|ND) certificate. This beginner’s level qualification will help you find your first job in InfoSec.

From there, it’s a matter of staying focused on building your resume. Seek every opportunity to develop the three main strands of your professional experience:

◉ Technical: Learn everything you can about cyber threats and countermeasures. Study security architecture across multiple platforms and learn everything about hacking methodologies.

◉ Managerial: Work on projects that give you a chance to manage a team. Learn leadership skills like communication, delegation, budgeting, reporting, and internal negotiations.

◉ Strategic: Take every chance to show initiative. Pay close attention to the way that business processes (such as cyber security measures) support business goals.

There aren’t any shortcuts on the way to the CISO office. CISO training is a matter of putting in the hours. You must spend time gaining experience, learning as you go.

Eventually, you’ll reach a point where you have five years’ experience (or relevant qualification) in the following areas:

1. Governance, risk, and compliance

2. Information security controls and audit management

3. Security program management & operations

4. Information security core competencies

5. Strategic planning, finance, procurement, and third-party management

At this point, you’re ready to pursue the C|CISO certification from EC-Council. This globally recognized qualification gives you the knowledge to step into executive leadership and the practical experience to help you succeed.

Are you ready to step up to the C-Suite? Find out more about how chief information security officer training with C|CISO can unlock your ultimate career goals.

Source: eccouncil.org

Continue reading

Pivoting to Access Networks in Penetration Testing

Penetration testing is the process of simulating a cyberattack against a computer system or network to identify and fix vulnerabilities. Pivoting in penetration testing is a technique in which the ethical hackers—also known as white-hat hackers—simulating the attack can move from one system to another.

Below, we’ll go over everything you need to know about pivoting in penetration testing, including how it works, the different types of pivoting in penetration testing, and how to become a penetration tester.

What Is Pivoting in Penetration Testing?

During a cyberattack, the attackers rarely gain entrance to the entire network at once. Instead, attackers often focus on gaining access to a network via a single weak point. This is typically done through techniques such as phishing, malware, or scanning for security holes. Once inside the network, the attackers attempt to conceal themselves while moving to other systems connected to this point of entry.

In penetration testing, pivoting is the act of using a compromised system to spread between different computer systems once inside the network, simulating the behavior of a real attacker. This compromised machine is sometimes referred to as the “instance,” “plant,” or “foothold.”

After obtaining a foothold, penetration testers scan the network for other subnets and machines, looking for the most valuable (and vulnerable) points of attack. For example, an administrator machine may grant the attacker additional privileges and unlock new possible operations. Gaining access to these connected systems is easier from the inside because penetration testers can use the compromised machine’s credentials and try to disguise their behavior as legitimate network traffic. 

Pivoting is closely related to the concept of lateral movement in cybersecurity, and the terms are often used interchangeably. However, “pivoting” is most accurately used to refer to the act of moving from host to host, while “lateral movement” also includes the act of privilege escalation (gaining access to other users and accounts) on the same machine.

What Are the Different Types of Pivoting in Penetration Testing?

There are multiple ways for penetration testers to perform pivoting. Below are a few of the most common types of pivoting in penetration testing:

Port forwarding: The attacker creates a tunnel between two machines via open TCP/IP ports, forwarding packages and traffic from one to another. There are multiple forms of port forwarding:

◉ Local port forwarding: The compromised machine “listens” for data and instructions from the attacker’s machine, allowing the attacker to access internal services.

◉ Remote port forwarding: The attacker maps ports on their machine to local ports on the compromised machine, allowing them to reach internal services through an SSH connection.

◉ Dynamic port forwarding: The attacker creates a SOCKS proxy server for tunneling traffic, with the compromised machine acting as a middleman between the attacker’s machine and internal services.

VPN pivoting: The attacker starts a virtual private network (VPN) client on the compromised machine, accessing a remote VPN server. The attacker then sends data from the server to the client and can also access information (e.g., network traffic) from the compromised machine by sending data from the client to the server.

Proxy pivoting/SSH pivoting: The attacker establishes a local proxy server through SSH. Any connections to the designated port are then forwarded through the proxy to their final destination.

Routing tables: The attacker changes the routing table of the compromised machine to add a new route. This route will require any traffic sent to the destination to tunnel through the defined gateway, allowing the attacker to capture this data.

Regardless of which types of pivoting are used in penetration testing, the ultimate goal is to remain undetected for as long as possible while performing reconnaissance and accessing valuable files and information.

How Do Penetration Testers Pivot?

We’ve talked about the various types of pivoting in penetration testing at a conceptual level—but how do penetration testers pivot on a technical level? Below are just a few tools and techniques for how penetration testers pivot in a real-world scenario.

1. Meterpreter

Meterpreter is a payload available through the Metasploit penetration testing software that gives the attacker an interactive, invisible shell for running commands and controlling the compromised machine.

Using Meterpreter, penetration testers can use the routing table pivoting method discussed above via the autoroute command. For example, the command:

meterpreter> run autoroute -p

prints the active routing table

The command:

meterpreter> run autoroute -s 10.1.1.0 -n 255.255.255.0

adds a route to 10.10.10.1/255.255.255.0.

2. proxychains

proxychains is a tool for Unix systems that allows users to route any TCP connection through HTTP or a SOCKS proxy. As discussed above, this can be used for proxy pivoting.

To start using proxychains, penetration testers can simply edit the proxychains.conf configuration file, which contains a list of the proxy servers used on the local machine. By specifying the desired host and port number, attackers can add a new local proxy server to conceal their activities. Attackers can even chain multiple proxies together, which makes the task of evading detection (and being traced once detected) even more difficult.

3. sshuttle

The sshuttle tool describes itself as “where transparent proxy meets VPN meets ssh.” sshuttle takes a hybrid approach, combining elements of both VPNs and SSH port forwarding to create a tunnel for exchanging network packets.

Using sshuttle, penetration testers can establish a VPN connection between a local machine and any remote server with Python installed and that is available via SSH. For example, the command below redirects the network 192.168.30.0/24 to the local machine at the address 192.168.10.5:

sshuttle -r localhost@192.168.10.5 192.168.30.0/24

4. pwncat

pwncat is a platform for attackers to exploit a compromised system after gaining entry, including tools for evading firewalls and IDS/IPS. The pwncat platform is based on the netcat Unix networking utility, which allows users to read and write information across a network connection.

pwncat includes features for both local and remote port forwarding. For example, the command below establishes local port forwarding by redirecting the remote port 3306 to the local port 5050:

pwncat -L 0.0.0.0:5050 example.org 3306

Becoming a Penetration Tester With C|PENT

Pivoting is an essential technique that all penetration testers should be familiar with. By successfully pivoting from one machine to the next, penetration testers can avoid or delay detection for as long as possible and extend the reach of their simulated attack.

If a career in penetration testing appeals to you, obtaining a penetration testing certification is an ideal way to get a foothold in the industry while honing your in-demand cybersecurity skills. EC-Council offers the Certified Penetration Testing Professional (C|PENT) program, with extensive real-world training to help students master the tools and techniques of penetration testing.

Source: eccouncil.org

Continue reading

CPENT Exam Preparation Notes and Guidance by Cybersecurity Expert

As an author, professor, and researcher, I don multiple hats. I will share my Certified Penetration Testing Professional (C|PENT) exam preparation notes, my learning journey, and how I succeeded in acing the C|PENT examination. Even though I opted for the two 12-hour exam format, I believe that attempting it in the 24-hour setting is better as you can finish it in less than nine hours if you have extensive experience.

It is a very challenging exam because, unlike other penetration testing and offensive security exams focusing on Capture the Flag (CTF), the C|PENT includes real-world testing scenarios. In addition, their Cyber Ranges are more advanced and difficult than the simulated machines in other certifications. Although the C|PENT has been labeled as “insanely difficult!” due to my experience teaching penetration testing courses and having written multiple books about pen test, cybersecurity, and Linux, I did not find it to be “insanely tough.” While the exam is quite challenging, it was interesting as it closely mimics the real-world penetration testing environment.

How the C|PENT Differs from Others

The C|PENT stands out from other certifications as it covers extensive topics such as penetration testing scoping and engagement, open-source intelligence (OSINT), mobile device penetration testing methodology, IoT penetration testing, etc. It also includes firewalls, demilitarized zones (DMZs), web application firewalls (WAF), and other defensive measures. The C|PENT also covers pivoting, double pivoting, weaponization, and binary exploitations.

Important C|PENT Preparation Notes

Before signing up for the C|PENT program, ask yourself, “how much knowledge will I gain, and will it open the door to multiple opportunities?”

I began my preparation journey by watching all the course videos before diving into the program material. Ensure that you read all the content as there is always something new to learn, even if the topic seems repetitive. For example, even though I am familiar with Linux and have written a book about it, I was surprised to discover new concepts and tricks. One of the best things about the C|PENT curriculum is that you learn to execute the same thing in different methods, ensuring that you have a backup plan.

C|PENT Preparation Guidance

Let me share some C|PENT exam preparation notes that will help you maximize your performance in the exam:

◉ Ensure You Have a Database of Command in Hand:

You cannot waste time searching for the command that will provide you root or admin access during the exam. In addition, don’t be scared to use the “man” and the “apropos” commands, as they will help you search a set of database files containing short descriptions of system commands for keywords, display, and the result on the standard output.

◉ Practice on Labs and Cyber Ranges:

Make sure that you practice all the exploits and concepts. I built the aliases, functions, and scripts in Bash and Python while doing the labs and Cyber Ranges, and after extensive practice, I was able to memorize most of the aliases.

◉ Gain In-Depth Understanding of the Topics:

I strongly encourage you to practice pivoting and double pivoting if you are unfamiliar with them. When you cannot reach a machine directly, you may not know how to attack it at first, but a basic understanding of networking and subnets function will benefit you in the long run. Read the scope of work, take notes, identify which network addresses are included in the scope of work, and develop the target database template, just as you would for a real penetration testing scenario.

Where Candidates Fall Short

Many candidates often do not utilize specific, customized scans to find targets and do not examine network data at the packet level to understand what the network is telling them. Some use default scans instead of custom scans against a firewalled and non-firewalled target while finding targets that they assume are filtered or have a filter but do not know what works and does not.

You will often find yourselves unable to comprehend what the network is attempting to communicate. You must let the network show you the route in the C|PENT. The scans could take a long time if you conduct default and aggressive scans of all ports. You must let the network lead you in the C|PENT. Candidates often struggle to examine the syntax and ensure that the selections were input correctly because they lack the necessary permissions to write to the location where the firmware file system was being extracted.

The main goal of conducting a pen test is to evaluate the network and use that information to locate a flaw and obtain access. Examining the information presented by the network and acquiring access may seem challenging to some.

C|PENT Experience

I believe the C|PENT closes the gap between the security analyst and the penetration tester job-roles because of the knowledge you stand to gain. You need to think outside the box and build a creative mindset to master the content covered in the exam. It also provides a progressive approach to the challenges provided. Earning the certification helps you gain a competitive advantage in the industry.

C|PENT Tips in Brief

◉ The C|PENT is a tough exam but provides real-world experience

◉ Watch all the videos and read all the content even if it seems repetitive, as you might discover new information

◉ Use the “man” and the “apropos” commands to search a set of database files containing short descriptions of system commands for keywords, display, and the result on the standard output

◉ Make use of the labs and Cyber Ranges

◉ Practice pivoting and double pivoting

Contributor Bio

Alfred Basta, PhD. is a professor, researcher, and author of many publications, including “Computer Security and Penetration Testing,” “Linux Operations and Administration,” “Database security,” and “Mathematics for Information Technology.” He is one of the most certified professionals in cybersecurity. In addition to his recently completed Certified Penetration Testing Professional (C|PENT) and certification and Licensed Penetration Tester (Master), he holds the C|CISO, C|HFI, C|CSA, C|EH, E|CIH, and C|CSE certification.

Source: eccouncil.org

Continue reading

The Benefits of Performing Threat Modeling with OCTAVE

As business environments grow increasingly complex, it’s more important than ever that IT and cybersecurity professionals come together to utilize proven frameworks capable of guiding a comprehensive, systematic assessment of an organization’s IT risks. The OCTAVE model is widely regarded as the best framework of its kind, so let’s explore what it is and why it matters.

What Is the OCTAVE Threat Model?

The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a framework used to assess an organization’s environment and determine IT risks. Because OCTAVE is flexible, it can be adapted to fit the needs of practically any organization while only requiring a small team of cybersecurity, IT, and operations professionals to collaborate on the endeavor.

When applying the OCTAVE framework to a business, it’s important to know that the standard model won’t always fit an organization. As such, several variations have been developed, including OCTAVE-S (used when the entire team already has extensive knowledge about the organization’s environment), OCTAVE Allegro (which is simpler and more suitable for small teams), and OCTAVE Forte (the most adaptable variation yet). You might also devise a hybrid approach to find what works best for your business.

No matter which variation of OCTAVE you are using, you should have peace of mind knowing that it was developed for the US Department of Defense at Carnegie Mellon University (CMU) in 2001 and has been used and proven effective for over twenty years now.

Benefits of the OCTAVE Threat Model

There are a number of benefits to using the OCTAVE threat model, but here’s a look at the most significant.

◉ Effective: OCTAVE focuses on the organization’s most critical assets, ensuring that the biggest results are seen with the least effort.

◉ Fast: While complex, the OCTAVE model is one of the most efficient for discovering, prioritizing, and mitigating risks—making it both fast and thorough.

◉ Actionable: Implementing the OCTAVE threat model at once can be exhausting as it’s designed to be implemented in parts. This is why it is broken up into three phases, with each phase further broken up into processes.

◉ Comprehensive: The biggest advantage of the OCTAVE threat model is how much it covers. That is why it has been used by the Department of Defense and countless other organizations for over two decades.

With these benefits in mind, let’s dive into the implementation process, which can initially seem like a momentous task.

How to Implement the OCTAVE Threat Model

Implementing the OCTAVE threat model is not a task you can undertake on a random afternoon. In truth, the threat model requires hundreds of pages to thoroughly explain and even more to delve into the complexities of adapting and applying the framework to any organization. CMU has extensive documentation for that.

However, before diving into the complex documentation on implementing the OCTAVE threat model, it’s valuable to take a more high-level approach to begin preparations for implementation and garner resources for the same. As such, here’s a big picture view of what the OCTAVE threat model takes to implement.

The Three Phases of Implementation

In general, implementing the OCTAVE threat model will require a three-phase approach. The three phases are as follows:

1. Create a profile of all of your assets and their relevant threats. This will require a team to sit down and analyze your organization’s IT assets and what is already being done to protect them. You can find gaps in the current security measures and identify the associated risks.

2. Identify vulnerabilities within your organization’s infrastructure. Once your team has identified vulnerabilities, you must move forward with new policies and procedures to help eliminate and manage them. This phase will require multiple tactics to be employed, including penetration testing.

3. Define a security risk management strategy. The final phase of implementation requires you to define remaining risks and prioritize them, and move forward with creating a plan for mitigating and managing security risks in the long term. This plan will need to be reviewed and adapted often.

On paper, it might sound quite simple. However, analyzing, strategizing, and implementing such a comprehensive framework takes a great deal of time. Whether it takes weeks or months to complete will depend upon the size of your team, your organization’s complexity, whether someone is highly familiar with the framework, and/or your organization’s architecture to lead the initiative.

Common Techniques to Utilize

Throughout each phase of the implementation process, your team should be prepared to utilize various testing and analysis tools and methods to ensure no stone is left unturned and no scenario left unconsidered. As such, here are some of the common techniques you should plan to familiarize yourself with:

◉ System audits will reveal information about the structure of your organization’s network and systems. This will begin to show you where assets are stored, how they connect, and who has access to what.

◉ Penetration testing will help your team reveal vulnerabilities in its system and better understand the access points that need to be protected, thereby forming the foundation for much of the knowledge that must be discovered to successfully implement OCTAVE.

◉ Risk assessments will be conducted in almost every stage of the implementation process and require a detailed plan that prioritizes each risk and lays out mitigation and prevention strategies.

Because the OCTAVE threat model is most often applied in enterprise settings, likely, most of your IT and cybersecurity personnel will already be using some or all of these techniques in their routine checks and monitoring practices. For smaller organizations unfamiliar with these techniques, it’s important to thoroughly understand them and how they are best implemented before utilizing them.

Best Practices to Follow

In addition to familiarizing yourself with the above techniques and methods, you’ll also want to follow several best practices to ensure your OCTAVE implementation project goes on without delay or re-work.

◉ Incorporate industry-specific guidelines and best practices, such as HIPAA, into the framework before starting.

◉ Plan to distribute questionnaires to develop knowledge of the organization’s operations, assets, and staff.

◉ Involve senior management early on in the process to get their questions, concerns, and input.

◉ Map out the most important informational assets, like the organization’s network architecture configuration.

◉ Always prioritize risks in accordance with actual business impact and make sure risks are being addressed in order of highest priority.

Keeping these best practices in mind will help you prepare to dive into the in-depth OCTAVE implementation process, as laid out by CMU. However, that’s far from the only thing you can do to prepare for successful threat modeling with OCTAVE.

Source: eccouncil.org

Continue reading

How SOC 2 Certification Can Help You Become a Skilled SOC Analyst

As global internet users continue to increase, cyberthreats are becoming more sophisticated and frequent. For example, in 2021, the average number of cyberattacks and data breaches increased by 15.1 percent from the previous year (ThoughtLab, 2022). Other surveys revealed that cybercrime cost U.S. businesses more than $6.9 billion in 2021 (Federal Bureau of Investigation, 2021), and only 43 percent of businesses feel financially prepared to face a cyberattack in 2022 (Brin, D. 2022).

Cyberthreats are expected to become even more of a threat in the coming years, making it necessary for organizations to have strong cybersecurity controls in place. This is where SOCs come in. In this article, let’s look at what SOCs are, SOC 2 certification, and how you can become an SOC analyst.

What Is SOC?

A security operations center (SOC) is a team of security professionals responsible for monitoring, detecting, and responding to security incidents (Check Point, 2022). SOC teams consist of analysts, engineers, and other security specialists and are required to have a strong understanding of cyberthreats and how to defend against them. Your organization can choose an in-house SOC team with a cybersecurity certification, outsource its SOC services to a managed security service provider (MSSP), or use a combination of both.

The Five Trust Principles

According to the American Institute of Certified Public Accountants (AICPA), for a security operations center to be effective in protecting an organization from cyberthreats, it must adhere to the five trust principles, which are:

1. Security: The system is protected against unauthorized access, use, or modification.

2. Availability: The system is available for operation and use as committed or agreed.

3. Processing integrity: System processing is complete, accurate, timely, and authorized.

4. Privacy: Personal information is collected, used, retained, disclosed, and disposed of per the commitments in the entity’s privacy notice and with applicable laws and regulations.

5. Confidentiality:  Information designated as confidential is protected from unauthorized disclosure.

What Does an SOC Tier 2 Analyst Do? 

The SOC 2 certification is becoming increasingly important as more companies collect and store customer data. SOC tier 2 analysts are responsible for thoroughly analyzing and investigating the nature of the attack, where the threat came from, and which areas were affected. They can then develop a plan to prevent future attacks.

SOC tier 2 analysts investigate the root cause of the incident and work on long-term solutions to prevent similar incidents from happening in the future. They develop solutions to prevent attacks and work on projects to foster a more secure environment. They also play an essential role in incident response, working to contain and resolve cybersecurity incidents.

To become an SOC tier 2 analyst, one must earn a security operations certificate. This cybersecurity certification provides the skills and knowledge necessary to perform SOC analyst duties. The coursework covers topics such as network security and intrusion detection.

The Difference Between SOC Tier 1 and Tier 2 Analysts

SOCs consist of teams of analysts responsible for different security aspects. These analysts perform various roles, depending on the incident, and can be divided into four tiers:

◉ SOC tier 1 analysts

◉ SOC tier 2 analysts

◉ SOC tier 3 analysts

◉ SOC tier 4 analysts

While the first two tiers of SOC analysts have similar responsibilities, there are some key differences between them:

◉ SOC tier I analysts are responsible for analyzing and investigating incidents. They work to identify the incident’s root cause and develop a plan to prevent future attacks. They are also responsible for documenting incidents and analyzing data to help SOC tier 2 analysts prevent future attacks.

◉ SOC tier 2 analysts are responsible for investigating the root cause of incidents and developing long-term solutions to prevent similar incidents from happening in the future. They also play an important role in incident response and work to contain and resolve cybersecurity incidents.

The Advantages of a Certificate in Security Operations

An SOC 2 certification can provide many benefits, both professionally and personally. These are some of the advantages of a certificate in security operations:

◉ It can help you get SOC analyst jobs: Recruiters often pay attention to SOC 2 certification holders over those without a certification. The certification demonstrates that you have the necessary technical skills and practical knowledge to perform your duties efficiently.

◉ It can help you develop a deep understanding of security controls: A certificate in security operations covers network security, intrusion detection, and incident response. This can help you develop a deep understanding of security controls and how to implement them effectively.

◉ It can help you get promoted: By earning a certificate in security operations, you can demonstrate your commitment to your career and show that you are willing to invest in your professional development. This can help you get promoted to a higher position within your organization.

How to Become an SOC Analyst

SOC analyst jobs are among the most in-demand jobs in the cybersecurity field, with the average salary for an SOC analyst in the U.S. being $95,887. The salary range typically falls between $81,208 and $114,202 (Salary). 

To become an SOC analyst, you must obtain a bachelor’s degree in cybersecurity or a related field. Next, you need to obtain a relevant certificate in security operations, such as the Certified SOC Analyst (C|SA). Finally, you need to have several years of experience working in IT security.

If you want to enhance your security skills and knowledge and become an industry-ready SOC analyst, then EC-Council’s C|SA is the perfect program! The course provides in-depth knowledge of SOC operations and trains you to recognize attacker tools, tactics, and procedures to identify indicators of compromise, incident response, logging and monitoring, and more. 

Source: eccouncil.org

Continue reading

Why Your Next Career Move Should Be a Network Security Job

Hackers are the number one threat to modern businesses. That’s according to a survey by PwC, which found that 49% of CEOs are worried about their cybersecurity—more than the number of leaders concerned about the economy (43%) or war (32%) (PwC, 2022).

When you look at cybercrime statistics, you can see why CEOs are so concerned. In 2020, the average business experienced 206 attacks, 22 of which were successful. In 2021, that had risen to 241 attacks per year, of which 29 were successful—a staggering 31% year-on-year rise (Bissell et al., 2022).

Businesses desperately need security personnel at all levels. If you’re an IT professional considering a career change, then a network security job could be the ideal next move.

What Does a Network Security Job Involve?

Network security is about creating systems that allow for the safe movement of data between people and platforms. A network security professional will study the organization’s entire network and try to resolve any vulnerabilities that hackers might exploit.

Network security jobs can range from network security technicians—who are responsible for day-to-day tasks, including reporting and system maintenance—to the architects who design the organization’s network security infrastructure.

The network security team is responsible for tasks such as:

◉ Network security infrastructure management: Working with the security software and hardware that helps fend off cyberthreats. This includes firewalls, antivirus, threat detection systems, and user authentication devices.

◉ Access control: Sensitive data should only be available to those who need it. Network security professionals help implement access control systems that prevent unauthorized data transactions.

◉ Physical security: Hackers can try to use employee devices, or even enter the building and use a terminal. The network security team will help implement physical security measures, including biometric checks.

◉ Data encryption: Encryption reduces the risk of data being intercepted when it moves from point A to point B. Network security will oversee encryption processes to ensure security while also protecting data integrity.

◉ User support: Network security ultimately depends on users following best practices. The network security team will answer questions, provide training materials, and communicate updates about new security measures.

◉ Incident response: In the event of a successful breach, network security will assist in identifying the breach and any associated damage. They will also roll out patches, updates, and other countermeasures to prevent further attacks in the future.

Ultimately, network security is about balancing data safety with data availability. Your role is to help everyone in the organization have access to the systems they need to do their job while ensuring that hackers are kept out.

Is a Network Security Job a Good Career Choice?

Corporate networks are under constant threat, which means they need skilled professionals to help keep them safe. Unfortunately, there is a massive talent gap right now, with up to 3.5 million security jobs going unfilled in 2021 (Morgan, 2022).

This level of demand means there are always plenty of network security jobs available at every level. With cybercrime on the rise, it seems likely that the demand for network security professionals will also increase over time. 

Network security professionals often command high salaries. The current national median salaries for related positions include:

◉ Network security system analyst: USD 92,006 (Salary.com, 2022a)

◉ Network security engineer: USD 93,506 (Payscale, 2022)

◉ Network security architect: USD 128,883 (Salary.com, 2022b)

Your long-term career path includes some excellent options, including network security senior architect, or even chief information security officer.

How to Get a Network Security Job Without Prior Experience

Everyone’s got to start somewhere, but how do you get your first network security job?

The good news is that, because of the enormous skills gap, many employers are willing to hire people without prior network security experience. Some companies may provide you with training, support, and on-the-job experience to help you become a security expert.

However, you will need to show that you have the right qualities to succeed in a network security job. Employers will look for someone with strong soft skills, including communication, teamwork, and an analytical approach to thinking.

They will also want to see things like:

IT Background

Employers will want to see that you have experience in an IT role, such as network administration or software development. Ideally, you will have been part of an IT team, and you’ll understand the culture of a network security team.

If you already have a relevant IT certification, you’re in a good position to land a network security job. Relevant certifications include:

◉ Cisco or Microsoft Certified Network Administrator/Engineers

◉ Wireshark Certified Network Analyst

◉ SolarWinds Certified Professional

◉ Juniper Certified Network Professional

◉ Comptia’s Network+/Security+ Certification

All of these are a good foundation for a move into a network security job. Recent graduates might also be able to find network security opportunities if they hold a bachelor’s degree or higher in a relevant discipline.

Interest in Security

Security is a fast-paced world of emerging threats and zero-day vulnerabilities. You have to stay one step ahead of the hackers, and that means studying the latest security news.

If you’re applying for a network security job, you should be able to talk about things like:

◉ Network security fundamentals: At a minimum, you should be able to speak to the core topics of network security. Remember: security is about more than firewalls and antivirus software. There are also organizational issues, such as data availability, and ethical issues, like your responsibilities when handling personal information.

◉ High-profile security incidents: Hackers can make front-page news these days, as in the 2021 Colonial Pipeline attack (Turton, 2021). You should be able to talk about the details of high-profile attacks, including the nature of the exploit and how organizations should respond.

◉ Security thought leaders: There’s a thriving online community of analysts and experts who share advice about network security best practices. It helps to be aware of some prominent blogs, podcasts, and social media accounts that can keep you informed.

A passion for network security can help you stand out as a job candidate, even if you don’t yet have any practical experience.

Relevant Certification

Networking security certifications can show employers that you’re serious about your new career path. A certification training program can also give you a grounding in security concepts so that you’re ready to help protect your new employer from day one.

There are several certifications available, each with a different curriculum. You can search for the one that best suits your needs, but be sure that the course will cover topics like:

◉ Network defense strategies

◉ Network perimeter security

◉ Traffic analysis

◉ Endpoint security

◉ Multiple platforms and operating systems (including Windows, Linux, and macOS)

◉ Cloud security

◉ Virtual networks

◉ Risk management

With a certification from an industry-recognized body, you have a great chance of landing your first network security job.

Is C|ND a Good Way to Get a Network Security Job?

The Certified Network Defender (C|ND) program from EC-Council is one of the few vendor-neutral network security certifications available. With a C|ND, you’ll have a strong foundation in security principles, plus an unbiased view of security practices. Most importantly, you will have a recognized qualification from an organization that employers know and trust. C|ND is the perfect qualification to get you started in network security jobs like:

◉ Entry-level network administrators

◉ Entry-level network security administrators

◉ Data security analyst

◉ Junior network security engineer

◉ Junior network defense technician

◉ Security analyst

◉ Security operator

Source: eccouncil.org

Continue reading