Lexcode Cyber Security Sphere

LEXCODE

! ! !

Information security sphere

! ! !

!

Contingency Planning

End Point Security

Network Security

Cyber Security Training

Application Security

Cyber Security Testing Cyber Incident Response

Data Protection

Regulatory Compliance

(c) 2013 LEXCODE Regulatory Compliance Technologies Pvt. Ltd. This document may be reproduced and distributed freely. Attribution to the copyright holder is mandatory. www.lexcode.in

!

!

Segments(of(the(Lexcode(Information(Security(Sphere( ! 1. End-point Security End point security requires that each computing device on the network comply with certain standards before network access is granted.!

2. Network Security

3. Application Security

Network security relates to the cyber security aspects of computer networks and network-accessible resources.!

Application security relates to the cyber security aspects of applications and the underlying systems.!

!

Endpoints include laptops, desktops computers, smart phones and other communication devices, tablets, specialized equipment such as bar code readers, point of sale (POS) terminals etc. End-point security encompasses 1. Host-based firewalls, intrusion detection systems and intrusion prevention systems, 2. Host-based anti-virus systems, antimalware systems, anti-spyware systems, anti-rootkit systems, antiphishing systems, pop-up blockers, spam detection systems, unified threat management systems. 3. SSL Virtual Private Networks, 4. Host Patch and Vulnerability Management, 5. Memory protection programs, 6. Control over memory devices,! Bluetooth Security, 7. Password Management,

Network Security encompasses -

Application attacks include - !

1. Secure authentication and identification of network users, hosts, applications, services and resources

1. Input Validation attacks such as buffer overflow, cross-site scripting, SQL injection, canonicalization,

2. Network based firewalls, intrusion detection systems and intrusion prevention systems,

2. Authentication attacks such as network eavesdropping, brute force attacks, dictionary attacks, cookie replay, credential theft,

3. Network based anti-virus systems, anti-malware systems, anti-spyware systems, anti-rootkit systems, unified threat management systems, 4. Network Patch and Vulnerability Management, 5. Virtual Private Networks 6. Securing Wireless Networks 7. Computer Security Log Management 8. Enterprise Telework and Remote Access Security 9. Securing WiMAX Wireless Communications 10. Network Monitoring

8. Security for Full Virtualization Technologies,

11. Network Policy Management

9. Media Sanitization,

!

10. Securing Radio Frequency Identification (RFID) Systems.!

!

!

!

3. Authorization attacks such as elevation of privilege, disclosure of confidential data, data tampering, luring attacks, 4. Configuration management attacks such as unauthorized access to administration interfaces / configuration stores, retrieval of clear text configuration data, lack of individual accountability, overprivileged process & service accounts, 5. Sensitive information attacks such as access to sensitive data in storage, network eavesdropping, 6. Session management attacks such as session hijacking, session replay, man in the middle, 7. Cryptography attacks due to poor key generation or key management and weak or custom encryption, 8. Parameter manipulation attacks e.g. query string manipulation, form field / cookie / HTTP header manipulation, 9. Exception management attacks such as denial of service, 10. Auditing and logging attacks

!

4. Cyber Incident Response

5. Regulatory Compliance

6. Data Protection

Incident Response relates to the plans, policies, and procedures for handling cyber security incidents.

Regulatory Compliance relates to measures undertaken to ensure compliance with applicable laws and mandatory cyber security standards.

Data Protection relates to the cyber security aspects of protecting the confidentiality, integrity and availability of data.

Failure to meet regulatory compliance requirements can result in civil and criminal action and even imprisonment for organization heads.

From a Data Protection perspective, data can be classified into 3 types data at rest, data in motion and data under use.

Usage of consolidated and harmonized compliance controls ensures regulatory compliance without unnecessary duplication of effort and activity.

Critical and confidential data includes source code, product design documents, process documentation, internal price lists, financial documents, strategic planning documents, due diligence research for mergers and acquisitions, employee information, customer data such as credit card numbers, medical records, financial statements etc.

Broadly speaking, Cyber Incident Response covers 1. Organizing an Incident Response Capability 2. Preparing for and preventing Incidents 3. Detection and analysis of Incidents 4. Containment, Eradication and Recovery 5. Post Incident Activity Specifically, Cyber Incident Response encompasses 1. Forensic Imaging & Cloning, 2. Recovering Digital Evidence in Computer Devices, 3. Mathematical Authentication of Digital Evidence, 4. Using Data from Data Files, Operating Systems, Network Traffic, Applications and Multiple Sources, 5. Analyzing Active Data, Latent Data and Archival Data,

Once such control system is the "Effective Compliance and Ethics Program" contained in Chapter 8B2.1 of the Federal Sentencing Guidelines Manual issued by the United States Sentencing Commission. Another control is the "AS 38062006" issued by Standards Australia. This provides guidance on1. the principles of effective management of an organization's compliance with its legal obligations, as well as any other relevant obligations such as industry and organizational standards, 2. principles of good governance and accepted community and ethical norms.

Data Loss Prevention solutions 1. identify confidential data, 2. track that data as it moves through and out of enterprise and 3. prevent unauthorized disclosure of data by creating and enforcing disclosure policies. Various encryption technologies such as symmetric encryption, public key encryption and full disk encryption can be used for data protection. A data protection policy involves -

6. Wireless, Network, Database, Password, Facebook, Google, Malware, Memory, Browser, and Cell Phone Forensics,

The principles cover 1. commitment to achieving compliance,

1. Instituting good security and privacy policies for collecting, using and storing sensitive information.

Web Investigation, Investigating Emails, Investigating Server Logs,

2. implementation of a compliance program,

2. Using strong encryption for data storage.

Cyber Investigation & Forensics Documentation,

3. monitoring and measuring of compliance, and

3. Limiting access to sensitive data.

Windows Forensics, Linux Forensics and Mac Forensics,

4. continual improvement.

4. Safely purging old or outdated sensitive information.

7. Cyber Security Training

8. Cyber Security Testing

9. Contingency Planning

Cyber Security Training is a formal process for educating personnel about cyber security and building relevant skills and competencies.

Cyber Security Testing is the process of ascertaining how effectively the entity meets specific cyber security objectives.

Contingency planning revolves around preparing for unexpected and potentially unfavourable events that are likely to have an adverse impact.

Cyber Security Testing encompasses -

Types of Contingency Plans are -

Cyber Security Training ensures that relevant personnel understand their cyber security responsibilities. This enables them to properly use and protect the information and resources entrusted to them. Effective cyber security training must include 1. Real-world training on systems that emulate the live environment, 2. Continual training capability for routine training, 3. Timely exposure to new threat scenarios, 4. Exposure to updated scenarios reflecting the current threat environment, 5. Coverage of basic day-to-day practices required by the users

1. Review Techniques, which include Documentation Review, Log Review, Ruleset Review, System Configuration Review, Network Sniffing and File Integrity Checking, 2. Target Identification and Analysis Techniques, which include Network Discovery, Network Port and Service Identification, Vulnerability Scanning, Active & Passive Wireless Scanning, Wireless Device Location Tracking and Bluetooth Scanning, 3. Target Vulnerability Validation Techniques which include Password Cracking, Penetration Testing, Penetration Testing and Social Engineering, 4. Security Assessment Planning which includes Developing a Security Assessment Policy, Prioritizing and Scheduling Assessments, Selecting and Customizing Techniques, Assessment Logistics, Assessor Selection and Skills, Location Selection, Technical Tools and Resources Selection, Assessment Plan Development and Legal Considerations, 5. Security Assessment Execution which includes Coordination, Assessing, Analysis, Data Handling, Data Collection, Data Storage, Data Transmission and Data Destruction, 6. Post Testing Activities which includes Mitigation Recommendations, Reporting and Remediation/Mitigation

1. Business Continuity Plan 2. Continuity of Operations Plan 3. Crisis Communications Plan 4. Critical Infrastructure Protection Plan 5. Cyber Incident Response Plan 6. Disaster Recovery Plan 7. Information System Contingency Plan 8. Occupant Emergency Plan Stages in the Information System Contingency Planning Process are 1. Developing the Contingency Planning Policy Statement 2. Conducting the Business Impact Analysis 3. Identifying Preventive Controls 4. Creating Contingency Strategies 5. Plan Testing, Training, and Exercises 6. Plan Maintenance

LEXCODE Regulatory Compliance Technologies Pvt. Ltd. Incubated by Science & Technology Park promoted by Department of Science and Technology Government of India

! ! ! ! Contact us at: Science and Technology Park, University of Pune, Pune 411007 www.lexcode.in