[ISC] Mitigation of Threats and Attacks - 2

Password Management
- long, frequently change, complexity
- Hashing : one-way
-- Salting : makes cracking passwords significantly harder
- 45 to 90 days
- 12 or more characters

Provisioning
- grant,  remove user

Device Authentication : authenticate phone number,
connect to device authenticate

Vulnerability Management
- proactive security practice
- detect and monitor
- Vulnerability Tools
- NIST Cybersecurity Framework : Govern, identify, Protect, Detect, Respond, Recover

Vulnerability Assessments
- Scanners work by -- analyzing data packets, idenfiying protocols, fingerprinting
- quaterly or annually

CVE Dictioneary (Common, Vulnerabilities, Exposures)
- Helps standardize the recognition and naming of vulnerabilities

Patch Management
- minimizing security threats
- subject to inspection by service auditors during a SOC 2 engagement

Layered Security in Cyberdefense
- diversified set of security tactics
- the event of a multipronged breach -> Use multiple defenses to protect a single asset or system

Defense-in-Depth(DnD)
- multilayered security approach
- combines people, policies, technology (physical and logical access)

Redundancy and Diversification
Redundancy : layering, isolating processes, conceling data, segmenting hardware
- abstraction : hiding the complexity of certain tasks so that only the relevant information to a specific person performing a function is presented
- concealment : primary focus is on hiding data

Hardware segmentation
: typically applied to large organizations with a network that is distributed geographically

Preventive, Detective, Corrective Controls - SOC2
- Preventive Control : prevent attackers(access), safeguard, Education, Training, Regular Security Updates, Encryption, Firewalls, Patches, Physical barrier, Hardening, IPS(Intruision Preventation Systems)

Preventive Controls : Access Controls-Authorization models
-DAC(Discretionary Access Control) : allows data owners, custodians, or creators - grant access, delegate task
-Role-based Access Controls
-Rule-based Access Control : access rules are created- integrated rules - access credentials - access rules - grated or denied access
-Policy based Access Control(PBAC)
-Risk-based Access Controls

ACL : Access Control List
- access certain resources
- edit / read only / execute
- Filesystem / Networking
- stateful ACLs (exception) : evaluate details

The system detected the irregularities and automatically blocked the malicious traffic. Given the irregularities are automatically stopped prior to damaging the company's IT infrastructure, the system would be considered an example of an intrusion prevention system, which is a preventive control.

Detective Controls
- NIDS : Network Intrusion Detection Systems
- Antivirus Software Monitoring
-Network Monitoring Tools : packet sniffers, NPM(network performance monitoring), SNMP(Simple Network Management Protocol)
- Log Analysis
- IDS(Intruision Detection Systems) : continuous monitoring

The system was able to detect the irregularities and alerted the security team to take action. Given that the irregularities were already present and were not stopped by the system, this is an example of an intrusion detection system, which would be considered a detective control.

Corrective Controls
- incidents / self-assessments
- Reconfigurations
- Upgrades and Patches
- Revised Policies and Procedures
- Updated Employee Training
- Recovery and Continuity Plans
- Antivirus Software Removal of Malicious Viruses
- Virus Quaranting