The main role of cybersecurity is to defend each of us, our economy, our critical infrastructure, and any other organization from the harm that can result from unintentional or intentional misuse, compromise, or annihilation of information and information systems. Cybersecurity risk includes not only the risk of a data breach but also the risk of the entire organization being undermined via business activities that rely on digitization and availability. As a result, learning how to develop suitable cybersecurity programs is crucial for any organization. Cybersecurity is something that you not only rely on the information technology team. Everyone needs to be involved.
Cybersecurity vs. Information Security (InfoSec)
Many people confuse traditional information security with cybersecurity. In the past, Information security policies and programs were designed to protect the confidentiality, data integrity, and availability within the boundaries of an organization. But this is no longer enough. Organizations are rarely autonomous and the price of interconnectivity. It is a higher level of exposure to attack. Every organization, regardless of its size or geographic location, is a potential target. Cybersecurity is the process of protecting information, preventing, detecting, and responding to attacks.
Cybersecurity programs recognize that organizations must be vigilant, resilient, and prepared to protect and defend all inbound and outbound connections, as well as organization data wherever it is stored, transmitted, or processed. Cybersecurity programs and policies expand and are based on traditional information security programs, but also include the following:
Cyber risk management and supervision
Threat intelligence and information sharing
Threat hunting (proactively searching for potential compromises and threats in your organization that has not been detected by its security products or technologies)
Managing dependencies of third-party hardware, software, and organizations
Incident response and resilience.
The International Organization for Standardization
The International Organization for Standardization also known as the ISO) is a network of the national standards institutes of more than 160 countries. The ISO has developed more than 13,000 international standards on a variety of subjects, ranging from country codes to passenger safety.
The ISO/IEC 27000 series (also known as the ISMS Family of Standards, or ISO27k for short) comprises information security standards published jointly by the ISO and the International Electrotechnical Commission (IEC).
The first six documents in the ISO/IEC 27000 series provide recommendations for “establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System”:
ISO 27001 is the specification for an information security management system (ISMS).
ISO 27002 describes the code of practice for information security management.
ISO 27003 provides detailed implementation guidance.
ISO 27004 outlines how an organization can monitor and measure security using metrics.
ISO 27005 defines the high-level risk management approach recommended by ISO.
ISO 27006 outlines the requirements for organizations that will measure ISO 27000 compliance for certification.
In total, there are more than 20 documents in the series, with several more still in development. This framework applies to public and private organizations of all sizes. According to the ISO website, “ISO standard recommends for information security management for use by initiating, implementing, or maintaining security in your organization. Its target is to provide a common basis for developing security standards and best security management practice”.
Threats, Vulnerabilities, and Exploits
The following sections explain threats, vulnerabilities, and exploits.
What Is a Threat?
A threat is any possible danger to an asset. If any vulnerability is there but has not yet been exploited or, more importantly, not yet publicly known, the threat is latent and not still realized. If someone is performing an attack against your system and successfully access something or compromise your security against an asset, the threat is realized. The entity exploiting the vulnerability is known as the malicious actor and the route used by this actor to carry out the attack is known as the threat agent or threat vector.
What Is a Vulnerability?
A vulnerability is a weakness in the design, implementation, software, or code of the system or in the lack of a mechanism. A specific vulnerability can manifest itself as anything from weakness from system design to implementation of an operating procedure. The correct implementation and security countermeasures could mitigate a vulnerability and reduce the risk of exploitation. Vulnerabilities and weaknesses are common, mainly because there is no perfect software or existing code. Some vulnerabilities have limited impact and are easily mitigated; Nevertheless, many have broader implications.
Vulnerabilities can be found in each of the following:
Applications: The software and applications come with many functionalities. Applications can be configured for usability rather than security. Applications can be in need of an update that may or may not be available. Attackers targeting applications have an environment rich in objectives to examine. Think of all applications running on your home or work computer.
Operating systems: The operating system software is installed on workstations and servers. Attackers search for vulnerabilities in operating systems that have not been updated with the latest security patches.
Hardware: Vulnerabilities can be found in hardware as well. Mitigation of a hardware vulnerability might require microcode the patches. Examples of known hardware vulnerabilities are Spectre and Meltdown. These vulnerabilities take benefit of a feature called speculative execution which is most common to modern processor architectures.
Misconfiguration: The configuration for the device or software may be misconfigured or may have deployment in an insecure state. This could be unwanted open ports, vulnerable services, or misconfigured network devices.
Shrinkwrap software: This is an application that runs on a workstation or server. When installed on a device, it can have lots of functionality or sample scripts or code available.
Common Vulnerabilities and Exposures (CVE)
Security researchers and vulnerability coordination centers typically assign vulnerabilities an identifier that is disclosed to the public. This is known as the Common Vulnerabilities and Exposures (CVE) identifier. CVE is an industry-wide standard.
What is an Exploit?
An exploit refers to a piece of software, a tool, a technique, or a process that exploits a vulnerability that leads to access, escalation of privileges, loss of integrity, or denial of service on a computer system. Exploits are dangerous because all software has vulnerabilities. Hackers and perpetrators know vulnerabilities exist and seek to exploit them. Although most organizations try to find and fix vulnerabilities, some organizations lack sufficient funding, processes, policies, and design practices to ensure their networks. Sometimes no one may know that the vulnerability exists and is exploited. That is known as a zero-day exploit. Even when you know there is a problem, you are burdened by the fact that there is a window between when a vulnerability is revealed and when a patch is ready to protect against the exploit.