The Cyber Security Fundamentals module provides an overview and understanding of the core concepts that are essential to a cyber security professional. This module introduced core concepts that were built upon throughout the CSOL program. These concepts included Incident Response, Threat Identification and Management, Policies and Procedures within and organizations, Network Security, and Legal considerations. Below is a breakdown of a few of these concepts.
Incident Response
Today's organizations take great lengths to protect against cyber attacks. No organization is immune from these types of incidents though. Having a plan in place is paramount to reducing the damage done to an organization through a cyber attack. A strong Incident Response (IR) plan where each person knows their role can mitigate the damage done. Practice makes perfect. Proper planning and testing of an IR plan are crucial to dealing with the array of information gathered during an attack. Detection and monitoring systems must be implemented and in place to ensure that any triggered alerts are valid. Reducing the number of false-positive alerts generated should be addressed in the planning phase of IR. More about this topic will be covered in the Incident Response and Computer Forensics section of this ePortfolio.
Architecture & Topology
You cannot protect what you do not know about. Having a good picture of the artifacts and nodes within your network and infrastructure is critical to protecting them. Being aware of the internal and external connections to and from your network provides the necessary visibility to ensure these items are protected. Having good monitoring in place that provides accurate data is part of an overall architecture plan. Another part of this is knowing who is on your network and what they may have access to. A good network design will allow users to access what they should but bar access to things they should not see. More on this topic is in the Security Architecture section.
Policies & Procedures
Policies and procedures provide the "what and how" of cyber security. A good set of Policies will provide guidance of What an organization is doing to keep data safe. The Procedure will outline How they are going to do this. For a policy to be effective,f it must be evangelized within an organization. Everyone from the CEO down should be familiar with the policy and what guidelines and restrictions it provides. Another way to ensure a policy is effective is to make it a living document. As methods or technologies change within the organization, the policies must change also. Procedures must have step-by-step implementation guidelines that are adaptive to all known situations. Procedures must also be accessible and modifiable. If a procedure is unavailable during an incident, it cannot provide the guidance and mitigation steps to be effective. Policies must be visible and enforceable. If there is no consequence for violating a policy or procedure then it is not worth the media it is printed on. Police and procedure implementation must be backed by senior leadership. More on this topic in the Cyber Security Law and Privacy section.
Reflection
Assuming a role in Cyber Security brings with it several professional and ethical responsibilities. We are being asked to keep not only the data of the organization secure but, in many cases the personal and health information of people we may never meet. Our understanding of the fundamental concepts of cyber security are the building blocks upon which our careers will be built. While we may rely on others to provide depth into the topics covered, we as professionals are expected to have a working knowledge of all aspects of cyber security. I have chosen the three topics above because they have helped to shape my deeper understanding of how to implement a cyber security program within an organization.
In my current role, I have the Protected Health Information (PHI) of millions of patients under my care. I cannot take that responsibility lightly, and used this program to help broaden my knowledge of how to keep that information safe. Without a comprehensive set of policies and procedures, I could not guide a team in implementation. Without adequate knowledge of the organization's architecture and topology, I could not make good decisions about how to protect them. Without a robust incident response program in place, I cannot respond to attacks and incidents effectively.
I have led my organization to obtain a HITRUST certification three times. Each time we were able to lower the number of gaps found in our implementation of the standard. This has been achieved by creating a set of policies that address all the requirements of the certification. Building procedures from those policies allowed us to implement the control requirements in a structured fashion to answer any questions posed by the governing body. Responding to incidents was made easier by having created and practiced a plan ahead of time. Ensuring everyone knew their role and trusting each other to do our part made these exercises run smoothly. Incorporating all of the fundamentals learned in this module paved the way to becoming not only a cyber security expert, but also an effective leader within the organization.
References
AWS hit by largest Reported ddos attack of 2.3 Tbps. (2020, December 08). Retrieved May 23, 2021, from https://www.a10networks.com/blog/aws-hit-by-largest-reported-ddos-attack-of-2-3-tbps/
Brook, C. (2020, August 18). What does a data breach cost in 2020? Retrieved May 24, 2021, from https://digitalguardian.com/blog/what-does-data-breach-cost-2020#:~:text=According%20to%20the%20Ponemon%20Institute's,on%20average%20cost%20%243.86%20million.
Felter, B. (n.d.). 7 of the most famous Recent ddos attacks. Retrieved May 23, 2021, from https://www.vxchnge.com/blog/recent-ddos-attacks-on- companies
Whittaker, Z. (2019, May 12). Two years after Wannacry, a million Computers remain at risk. Retrieved May 23, 2021, from https://techcrunch.com/2019/05/12/wannacry-two-years-on/