Chapter 8: Becoming a Cybersecurity Specialist

The advancement of technology provided a number of devices used in society on a daily basis that interconnects the world. This increased connectivity, though, results in increased risk of theft, fraud, and abuse throughout the technology infrastructure. This chapter categorizes the information technology infrastructure into seven domains. Each domain requires the proper security controls to meet the requirements of the CIA triad.

The chapter discusses the laws that affect technology and cybersecurity requirements. Many of these laws focus on different types of data found in various industries and contain privacy and information security concepts. Several agencies within the U.S. government regulate an organization’s compliance with these types of laws. The cybersecurity specialist needs to understand how the law and the organization’s interests help to guide ethical decisions. Cyber ethics looks at the effect of the use of computers and technology on individuals and society.

Organizations employ cybersecurity specialists in many different positions, such as penetration testers, security analysts, and other network security professionals. Cybersecurity specialists help protect personal data and the ability to use network based services. The chapter discusses the pathway to becoming a cybersecurity specialist. Finally, this chapter discusses several tools available to cybersecurity specialists.

Common User Threats and Vulnerabilities

The User Domain includes the users who access the organization’s information system. Users can be employees, customers, business contractors and other individuals that need access to data. Users are often the weakest link in the information security systems and pose a significant threat to the confidentiality, integrity, and availability of the organization’s data.

Risky or poor user practices often undermine even the best security system. The following are common user threats found in many organizations:

  • No awareness of security – users must be aware of sensitive data, security policies and procedures, technologies and countermeasures provided to protect information and information systems.
  • Poorly enforced security policies – all users must be aware of security policies and consequences of not complying with the organization’s policies.
  • Data theft – data theft by users can cost organizations financially resulting in damage to an organization’s reputation or posing a legal liability associated with disclosure of sensitive information.
  • Unauthorized downloads – many network and workstation infections and attacks trace back to users who download unauthorized emails, photos, music, games, apps, programs and videos to workstations, networks, or storage devices.
  • Unauthorized media – the use of unauthorized media like CDs, USB drives and network storage devices can result in malware infections and attacks.
  • Unauthorized VPNs – VPNs can hide the theft of unauthorized information. The encryption normally used to protect confidentiality blinds the IT security staff to data transmission without proper authority.
  • Unauthorized websites – accessing unauthorized websites can pose a risk to the user’s data, devices and the organization. Many websites prompt the visitors to download scripts or plugins that contain malicious code or adware. Some of these sites can take over devices like cameras and applications.
  • Destruction of systems, applications, or data – accidental or deliberate destruction or sabotage of systems, application and data pose a great risk to all organizations. Activists, disgruntled employees and industry competitors can delete data, destroy devices or misconfigure devices to make data and information systems unavailable.

No technical solution, controls or countermeasures make information systems any more secure than the behaviors and processes of the people who use these systems.

Managing User Threats

Organizations can implement various measures to manage user threats:

  • Conduct security awareness training by displaying security awareness posters, inserting reminders in banner greetings, and sending email reminders to employees.
  • Educate users annually on policies, staff manuals, and handbook updates.
  • Tie security awareness to performance review objectives.
  • Enable content filtering and antivirus scanning for email attachments.
  • Use content filtering to permit or deny specific domain names in accordance with Acceptable Use Policies (AUP).
  • Disable internal CD drives and USB ports.
  • Enable automatic antivirus scans for inserted media drives, files, and email attachments.
  • Restrict access for users to only those systems, applications, and data needed to perform their job.
  • Minimize write/delete permissions to the data owner only.
  • Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours.
  • Implement access control lockout procedures based on AUP monitoring and compliance.
  • Enable intrusion detection system/intrusion prevention system (IDS/IPS) monitoring for sensitive employee positions and access.

The table shown in the figure matches up user domain threats with the countermeasures used to manage it.


Common Threats to Devices

A device is any desktop computer, laptop, tablet, or smartphone that connects to the network.

The following pose a threat to devices:

  • Unattended workstations – workstations left powered on and unattended pose a risk of unauthorized access to network resources
  • User downloads – downloaded files, photos, music, or videos can be a vehicle for malicious code
  • Unpatched software – software security vulnerabilities provide weaknesses that cyber criminals can exploit
  • Malware – new viruses, worms, and other malicious code come to light on a daily basis
  • Unauthorized Media – users that insert USB drives, CD’s, or DVD’s can either introduce malware or run the risk of compromising data stored on the workstation
  • Acceptable Use Policy Violation – Policies are in place to protect the organization’s IT infrastructure

Managing Device Threats

Organizations can implement various measures to manage threats to devices:
  • Establish policies for password protection and lockout thresholds on all devices.
  • Enable screen lockout during times of inactivity.
  • Disable administrative rights for users.
  • Define access control policies, standards, procedures, and guidelines.
  • Update and patch all operating systems and software applications.
  • Implement automated antivirus solutions that scan the system and update the antivirus software to provide proper protection.
  • Deactivate all CD, DVD, and USB ports.
  • Enable automatic antivirus scans for any CD’s, DVD’s, or USB drives inserted.
  • Use content filtering.
  • Mandate annual security awareness training or implement security awareness campaigns and programs that run throughout the year.
The table shown in the figure matches up device domain threats with the countermeasures used to manage them.

Common Threats to the LAN

The local area network (LAN) is a collection of devices interconnected using cables or airwaves. The LAN Domain requires strong security and access controls since users can access the organization’s systems, applications, and data from the LAN domain.

The following pose a threat to the LAN:
  • Unauthorized LAN access – wiring closets, data centers, and computer room must remain secure
  • Unauthorized access to systems, applications, and data
  • Network operating system software vulnerabilities
  • Network operating system updates
  • Unauthorized access by rogue users on wireless networks
  • Exploits of data in-transit
  • LAN servers with different hardware or operating systems – managing and troubleshooting servers becomes more difficult with varied configurations
  • Unauthorized network probing and port scanning
  • Misconfigured firewall

Managing Threats to the LAN

Organizations can implement various measures to manage threats to the local area network:
  • Secure wiring closets, data centers, and computer rooms. Deny access to anyone without the proper credentials.
  • Define strict access control policies, standards, procedures, and guidelines.
  • Restrict access privileges for specific folders and files based on need.
  • Require passphrases or authentication for wireless networks.
  • Implement encryption between devices and wireless networks to maintain confidentiality.
  • Implement LAN server configuration standards.
  • Conduct post-configuration penetration tests.
  • Disable ping and port scanning.
The table shown in the figure matches up LAN domain threats with the countermeasures used to manage them.

Common Threats to the Private Cloud

The Private Cloud Domain includes private servers, resources, and IT infrastructure available to members of an organization via the Internet.

The following pose a threat to the private cloud:
  • Unauthorized network probing and port scanning
  • Unauthorized access to resources
  • Router, firewall, or network device operating system software vulnerability
  • Router, firewall, or network device configuration error
  • Remote users accessing the organization’s infrastructure and downloading sensitive data

Managing Threats to the Private Cloud

Organizations can implement various measures to manage threats to the private cloud:
  • Disable ping, probing, and port scanning.
  • Implement intrusion detection and prevention systems.
  • Monitor inbound IP traffic anomalies.
  • Update devices with security fixes and patches.
  • Conduct penetration tests post configuration.
  • Test inbound and outbound traffic.
  • Implement a data classification standard.
  • Implement file transfer monitoring and scanning for unknown file type.
The table shown in the figure matches up Private Cloud Domain threats with the countermeasures used to manage them.

Common Threats to the Public Cloud

The Public Cloud Domain includes services hosted by a cloud provider, service provider, or Internet provider. Cloud providers do implement security controls to protect the cloud environment, but organizations are responsible for protecting their resources on the cloud. Three different service models exist from which an organization may choose:
  • Software as a service (SaaS) – a subscription-based model that provides access to software that is centrally hosted and accessed by users via a web browser.
  • Platform as a service (PaaS) – provides a platform that allows an organization to develop, run, and manage its applications on the service’s hardware using tools that the service provides.
  • Infrastructure as a service (IaaS) – provides virtualized computing resources such as hardware, software, servers, storage and other infrastructure components over the Internet.
The following pose a threat to the public cloud:
  • Data breaches
  • Loss or theft of intellectual property
  • Compromised credentials
  • Federated identity repositories are a high-value target
  • Account hijacking
  • Lack of understanding on the part of the organization
  • Social engineering attacks that lure the victim
  • Compliance violation

Managing Threats to the Public Cloud

Organizations can implement various measures to manage threats to the physical facilities:
  • Multifactor authentication
  • Use of encryption
  • Implement one-time passwords, phone-based authentication, and smartcards
  • Distributing data and applications across multiple zones
  • Data backup procedures
  • Due diligence
  • Security awareness programs
  • Policies
The table shown in the figure matches up Public Cloud Domain threats with the countermeasures used to manage them.

Common Threats to Physical Facilities

The Physical Facilities Domain includes all of the services used by an organization including HVAC, water, and fire detection. This domain also includes physical security measures employed to safeguard the facility.

The following pose a threat to an organization’s facilities:
  • Natural threats including weather problems and geological hazards
  • Unauthorized access to the facilities
  • Power interruptions
  • Social engineering to learn about security procedures and office policies
  • Breach of electronic perimeter defenses
  • Theft
  • An open lobby that allows a visitor to walk straight through to the inside facilities
  • An unlocked data center
  • Lack of surveillance

Managing Threats to Physical Facilities

Organizations can implement various measures to manage threats to the physical facilities:
  • Implement access control and closed-circuit TV (CCTV) coverage at all entrances.
  • Establish policies and procedures for guests visiting the facility.
  • Test building security using both cyber and physical means to covertly gain access.
  • Implement badge encryption for entry access.
  • Develop a disaster recovery plan.
  • Develop a business continuity plan.
  • Conduct security awareness training regularly.
  • Implement an asset tagging system.
The table shown in the figure matches up Physical Facilities Domain threats with the countermeasures used to manage them.

Common Threats to Applications

The Application Domain includes all of the critical systems, applications, and data. Additionally, it includes the hardware and any logical design required. Organizations are moving applications like email, security monitoring and database management to the public cloud.

The following pose a threat to applications:
  • Unauthorized access to data centers, computer rooms, and wiring closets
  • Server downtime for maintenance purposes
  • Network operating system software vulnerability
  • Unauthorized access to systems
  • Data loss
  • Downtime of IT systems for an extended period
  • Client/server or web application development vulnerabilities

Managing Threats to Applications

Organizations can implement various measures to manage threats to the Application Domain:
  • Implement policies, standards, and procedures for staff and visitors to ensure the facilities are secure.
  • Conduct software testing prior to launch.
  • Implement data classification standards.
  • Develop a policy to address application software and operating system updates.
  • Implement backup procedures.
  • Develop a business continuity plan for critical applications to maintain availability of operations.
  • Develop a disaster recovery plan for critical applications and data.
  • Implement logging.
The table shown in the figure matches up Application Domain threats with the countermeasures used to manage them.

Activity - Matching Cybersecurity Domains


Ethics of a Cybersecurity Specialist

Ethics is the little voice in the background guiding a cybersecurity specialist as to what he should or should not do, regardless of whether it is legal. The organization entrusts the cybersecurity specialist with the most sensitive data and resources. The cybersecurity specialist needs to understand how the law and the organization’s interests help to guide ethical decisions.

Cyber criminals that break into a system, steal credit card numbers, and release a worm are performing unethical actions. How does an organization view the actions of a cybersecurity specialist if they are similar? For example, a cybersecurity specialist may have the opportunity to stop the spread of a worm preemptively by patching it. In effect, the cybersecurity specialist is releasing a worm. This worm is not malicious, though, so does this case get a pass?

The following ethical systems look at ethics from various perspectives.

Utilitarian Ethics

During the 19th century, Jeremy Benthan and John Stuart Mill created Utilitarian Ethics. The guiding principle is that any actions that provide the greatest amount of good over bad or evil are ethical choices.

The Rights Approach

The guiding principle for the Rights Approach is that individuals have the right to make their own choices. This perspective looks at how an action affects the rights of others to judge whether an action is right or wrong. These rights include the right to truth, privacy, safety, and that society applies laws fairly to all members of society.

The Common-Good Approach

The Common-Good Approach proposes that the common good is whatever benefits the community. In this case, a cybersecurity specialist looks at how an action affects the common good of society or the community.

No clear-cut answers provide obvious solutions to the ethical issues that cybersecurity specialists face. The answer as to what is right or wrong can change depending on the situation and the ethical perspective.

Computer Ethics Institute

The Computer Ethics Institute is a resource for identifying, assessing, and responding to ethical issues throughout the information technology industry. CEI was one of the first organizations to recognize the ethical and public policy issues arising from the rapid growth of the information technology field. The figure lists the Ten Commandments of Computer Ethics created by the Computer Ethics Institute.

Activity - Exploring Cyber Ethics


Cybercrime

Laws prohibit undesired behaviors. Unfortunately, the advancements in information system technologies are much greater than the legal system of compromise and lawmaking. A number of laws and regulations affect cyberspace. Several specific laws guide the policies and procedures developed by an organization to ensure that they are in compliance.

Cybercrime

A computer may be involved in a cybercrime in a couple of different ways. There is computer-assisted crime, computer-targeted crime, and computer-incidental crime. Child pornography is an example of computer-incidental crime—the computer is a storage device and is not the actual tool used to commit the crime.

The growth in cybercrime is due to a number of different reasons. There are many tools widely available on the Internet now, and potential users do not need a great deal of expertise to use these tools.

Organizations Created to Fight Cybercrime

There are a number of agencies and organizations out there to aid the fight against cybercrime. Click each of the links in the figure to visit the websites for these organizations to help keep up with the important issues.

Civil, Criminal, and Regulatory Cyber Laws

In the United States, there are three primary sources of laws and regulations: statutory law, administrative law, and common law. All three sources involve computer security. The U.S. Congress established federal administrative agencies and a regulatory framework that includes both civil and criminal penalties for failing to follow the rules.

Criminal laws enforce a commonly accepted moral code backed by the authority of the government. Regulations establish rules designed to address consequences in a rapidly changing society enforcing penalties for violating those rules. For example, the Computer Fraud and Abuse Act is a statutory law. Administratively, the FCC and Federal Trade Commission have been concerned with issues such as intellectual property theft and fraud. Finally, common law cases work their ways through the judicial system providing precedents and constitutional bases for laws.

The Federal Information Security Management Act (FISMA)

Congress created FISMA in 2002 to change the U.S. government’s approach to information security. As the largest creator and user of information, federal IT systems are high value targets for cyber criminals. FISMA applies to federal agencies’ IT systems and stipulates that agencies create an information security program that includes the following:
  • Risk assessments
  • Annual inventory of IT systems
  • Policies and procedures to reduce risk
  • Security awareness training
  • Testing and evaluation of all IT system controls
  • Incident response procedure
  • Continuity of operations plan

Industry-Specific Laws

Many industry specific laws have a security and/or a privacy component. The U.S. government requires compliance from organizations within these industries. Cybersecurity specialists must be able to translate the legal requirements into security policies and practices.

Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act is a piece of legislation that mainly affects the financial industry. A portion of that legislation, though, includes privacy provisions for individuals. The provision provides for opt-out methods so that individuals can control the use of information provided in a business transaction with an organization that is part of the financial institution. The GLBA restricts information sharing with third-party firms.

Sarbanes-Oxley Act (SOX)

Following several high-profile corporate accounting scandals in the U.S., congress passed the Sarbanes-Oxley Act (SOX).The purpose of SOX was to overhaul financial and corporate accounting standards and specifically targeted the standards of publicly traded firms in the United States.

Payment Card Industry Data Security Standard (PCI DSS)

Private industry also recognizes how important uniform and enforceable standards are. A Security Standards Council composed of the top corporations in the payment card industry designed a private sector initiative to improve the confidentiality of network communications.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of contractual rules governing how to protect credit card data as merchants and banks exchange the transaction. The PCI DSS is a voluntary standard (in theory) and merchants/vendors can choose whether they wish to abide by the standard. However, vendor noncompliance may result in significantly higher transaction fees, fines up to $500,000, and possibly even the loss of the ability to process credit cards.

Import/Export Encryption Restrictions

Since World War II, the United States has regulated the export of cryptography due to national security considerations. The Bureau of Industry and Security in the Department of Commerce now controls non-military cryptography exports. There are still export restrictions to rogue states and terrorist organizations.

Countries may decide to restrict the import of cryptography technologies for the following reasons:
  • The technology may contain a backdoor or security vulnerability.
  • Citizens can anonymously communicate and avoid any monitoring.
  • Cryptography may increase levels of privacy above an acceptable level.

Security Breach Notification Laws

Businesses are collecting ever-increasing amounts of personal information about their customers, from account passwords and email addresses to highly sensitive medical and financial information. Companies large and small recognize the value of big data and data analytics. This encourages organizations to collect and store information. Cyber criminals are always looking for ways to obtain such information or access and exploit a company’s most sensitive, confidential data. Organizations that collect sensitive data need to be good data custodians. In response to this growth in data collection, several laws require organizations that collect personal information to notify individuals if a breach of their personal data occurs. To see a list of these laws click here.

Electronic Communications Privacy Act (ECPA)

The Electronic Communications Privacy Act (ECPA) addresses a myriad of legal privacy issues that resulted from the increasing use of computers and other technology specific to telecommunications. Sections of this law address email, cellular communications, workplace privacy, and a host of other issues related to communicating electronically.

Computer Fraud and Abuse Act (1986)

The Computer Fraud and Abuse Act (CFAA) has been in force for over 20 years. The CFAA provides the foundation for U.S. laws criminalizing unauthorized access to computer systems. The CFAA makes it a crime to knowingly access a computer considered either a government computer or a computer used in interstate commerce, without permission. The CFAA also criminalizes the use of a computer in a crime that is interstate in nature.

The Act criminalizes trafficking in passwords or similar access information, and the act makes it a crime to transmit a program, code, or a command knowingly that results in damage.

Protecting Privacy

The following U.S. laws protect privacy.

Privacy Act of 1974

This act establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies.

Freedom of Information ACT (FOIA)

FOIA enables public access to U.S. government records. FOIA carries a presumption of disclosure, so the burden is on the government as to why it cannot release the information.

There are nine disclosure exemptions pertaining to FOIA.
  • National security and foreign policy information
  • Internal personnel rules and practices of an agency
  • Information specifically exempted by statute
  • Confidential business information
  • Inter- or intra-agency communication subject to deliberative process, litigation, and other privileges
  • Information that, if disclosed, would constitute a clearly unwarranted invasion of personal privacy
  • Law enforcement records that implicate one of a set of enumerated concerns
  • Agency information from financial institutions
  • Geological and geophysical information concerning wells
Family Education Records and Privacy Act (FERPA)

This Federal law gave students access to their education records. FERPA operates on an opt-in basis, as the student must approve the disclosure of information prior to the actual disclosure. When a student turns 18 years old or enters a postsecondary institution at any age, these rights under FERPA transfer from the student’s parents to the student.

U.S. Computer Fraud and Abuse Act (CFAA)

This amendment to the Comprehensive Crime Control Act of 1984 prohibits the unauthorized access of a computer. The CFAA increased the scope of the previous Act to cases of great federal interest. These cases are defined as involving computers belonging to the federal government or some financial institutions or where the crime is interstate in nature.

U.S. Children’s Online Privacy Protection Act (COPPA)

This federal law applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. Before information can be collected and used from children (ages 13 and under), parental permission needs to be obtained.

U.S. Children’s Internet Protection Act (CIPA)

The U.S. Congress passed CIPA in 2000 to protect children under the age of 17 from exposure to offensive Internet content and obscene material.

Video Privacy Protection Act (VPPA)

The Video Privacy Protection Act protects an individual from having the video tapes, DVD’s and games rented disclosed to another party. The statute provides the protections by default, thus requiring a video rental company to obtain the renter’s consent to opt out of the protections if the company wants to disclose personal information about rentals. Many privacy advocates consider VPPA to be the strongest U.S. privacy law.

Health Insurance Portability & Accountability Act

The standards mandate safeguards for physical storage, maintenance, transmission, and access to individuals’ health information. HIPAA mandates that organizations that use electronic signatures have to meet standards ensuring information integrity, signer authentication, and nonrepudiation.

California Senate Bill 1386 (SB 1386)

California was the first state to pass a law regarding the notification of the unauthorized disclosure of personally identifiable information. Since then, many other states have followed suit. Each of these disclosure notice laws is different, making the case for a unifying federal statute compelling. This act requires that the agencies provide consumers notice of their rights and responsibilities. It mandates that the state notify citizens whenever PII is lost or disclosed. Since the passage of SB 1386, numerous other states have modeled legislation on this bill.

Privacy Policies

Policies are the best way to ensure compliance across an organization, and a privacy policy plays an important role within the organization, especially with the numerous laws enacted to protect privacy. One of the direct outcomes of the legal statutes associated with privacy has been the development of a need for corporate privacy policies associated with data collection.

Privacy Impact Assessment (PIA)

A privacy impact assessment ensures that personally identifiable information (PII) is properly handled throughout an organization.
  • Establish PIA scope.
  • Identify key stakeholders.
  • Document all contact with PII.
  • Review legal and regulatory requirements.
  • Document potential issues found when comparing requirements and practices.
  • Review findings with key stakeholders.

International Laws

With the growth of the Internet and global network connections, unauthorized entry into a computer system, or computer trespass, has emerged as a concern that can have national and international consequences. National laws for computer trespass exist in many countries, but there can always be gaps in how these nations handle this type of crime.

Convention on Cybercrime

The Convention on Cybercrime is the first international treaty on Internet crimes (EU, U.S., Canada, Japan, and others). Common policies handle cybercrime and address the following: copyright infringement, computer-related fraud, child pornography, and violations of network security. Click here to read more about the Convention on Cybercrime.

Electronic Privacy Information Center (EPIC)

EPIC promotes privacy and open government laws and policies globally and focuses on EU-US relations. 

Activity - Matching Cybersecurity Related Laws

National Vulnerability Database

The National Vulnerability Database (NVD) is a U.S. government repository of standards-based vulnerability management data that uses the Security Content Automation Protocol (SCAP). SCAP is a method for using specific standards to automate vulnerability management, measurement, and policy compliance evaluation. Click here to visit the National Vulnerability Database website.

SCAP uses open standards to enumerate security software flaws and configuration issues. The specifications organize and measure security-related information in standardized ways. The SCAP community is a partnership between the private and public sector to advance the standardization of technical security operations. Click here to visit the Security Content Automation Protocol website.

The NVD uses the Common Vulnerability Scoring System to assess the impact of vulnerabilities. An organization can use the scores to rank the severity of vulnerabilities that it finds within its network. This, in turn, can help determine the mitigation strategy.

The site also contains a number of checklists that provide guidance on configuring operating systems and applications to provide a hardened environment. Click here to visit the National Checklist Program Repository.

CERT

The Software Engineering Institute (SEI) at Carnegie Mellon University helps government and industry organizations to develop, operate, and maintain software systems that are innovative, affordable, and trustworthy. It is a Federally Funded Research and Development Center sponsored by the U.S. Department of Defense.

The CERT Division of SEI studies and solves problems in the cybersecurity arena including security vulnerabilities in software products, changes in networked systems, and training to help improve cybersecurity. CERT provides the following services:
  • Helps to resolve software vulnerabilities
  • Develops tools, products, and methods to conduct forensic examinations
  • Develops tools, products, and methods to analyze vulnerabilities
  • Develops tools, products, and methods to monitor large networks
  • Helps organizations determine how effective their security-related practices are
CERT has an extensive database of information about software vulnerabilities and malicious code to help develop solutions and remediation strategies. Click here to visit the CERT website.

Internet Storm Center

The Internet Storm Center (ISC) provides a free analysis and warning service to Internet users and organizations. It also works with Internet Service Providers to combat malicious cyber criminals. The Internet Storm Center gathers millions of log entries from intrusion detection systems every day using sensors covering 500,000 IP addresses in over 50 countries. The ISC identifies sites used for attacks and provides data on the types of attacks launched against various industries and regions of the world.

Click here to visit the Internet Storm Center. The website offers the following resources:
  • An InfoSec Diary Blog Archive
  • Podcasts which include the Daily Stormcasts, daily 5-10 minute information security threat updates
  • InfoSec Job Postings
  • Information Security News
  • InfoSec Tools
  • InfoSec Reports
  • SANS ISC InfoSec Forums
The SANS Institute supports the Internet Storm Center. SANS is a trusted source for information security training, certification, and research.

The Advanced Cyber Security Center

The Advanced Cyber Security Center (ACSC) is a non-profit organization that brings together industry, academia, and government to address advanced cyber threats. The organization shares information on cyber threats, engages in cybersecurity research and development, and creates education programs to promote the cybersecurity profession.

ACSC defined four challenges that will help shape its priorities:
  • Build resilient systems to recover from attacks and failures.
  • Enhance mobile security.
  • Develop real-time threat sharing.
  • Integrate cyber risks with enterprise risk frameworks.
Click here to visit the Advanced Cyber Security Center.

Vulnerability Scanners

A vulnerability scanner assesses computers, computer systems, networks, or applications for weaknesses. Vulnerability scanners help to automate security auditing by scanning the network for security risks and producing a prioritized list to address weaknesses. A vulnerability scanner looks for the following types of vulnerabilities:
  • Use of default passwords or common passwords
  • Missing patches
  • Open ports
  • Misconfiguration of operating systems and software
  • Active IP addresses
When evaluating a vulnerability scanner, look at how it is rated for accuracy, reliability, scalability, and reporting. There are two types of vulnerability scanners to choose from—software-based or cloud-based.

Vulnerability scanning is critical for organizations with networks that include a large number of network segments, routers, firewalls, servers, and other business devices. Click here to see several available options for both commercial and free versions.

Penetration Testing

Penetration testing (pen testing) is a method of testing the areas of weaknesses in systems by using various malicious techniques. Pen testing is not the same as vulnerability testing. Vulnerability testing just identifies potential problems. Pen testing involves a cybersecurity specialist that hacks a website, network, or server with the organization’s permission to try to gain access to resources with the knowledge of usernames, passwords, or other normal means. The important differentiation between cyber criminals and cybersecurity specialists is that the cybersecurity specialists have the permission of the organization to conduct the tests.

One of the primary reasons that an organization uses pen testing is to find and fix any vulnerability before the cyber criminals do. Penetration testing is also known as ethical hacking.

Packet Analyzers

Packet analyzers (or packet sniffers) intercept and log network traffic. The packet analyzer captures each packet, shows the values of various fields in the packet, and analyzes its content. A sniffer can capture network traffic on both wired and wireless networks. Packet analyzers perform the following functions:
  • Network problem analysis
  • Detection of network intrusion attempts
  • Isolation of exploited system
  • Traffic logging
  • Detection of network misuse
Click here to see a comparison of packet analyzers.

Security Tools

There is no one size fits all when it comes to the best security tools. A lot is going to depend on the situation, circumstance, and personal preference. A cybersecurity specialist must know where to go to get sound information.

Kali

Kali is an open source Linux security distribution. IT professionals use Kali Linux to test the security of their networks. Kali Linux incorporates more than 300 penetration testing and security auditing programs on a Linux platform. Click here to visit the website.

Network Situational Awareness

An organization needs the ability to monitor networks, analyze the resulting data, and detect malicious activity. Click here for access to a collection of traffic analysis tools developed by CERT.

Activity - Using the Appropriate Tool


Defining the Roles of Cybersecurity Professionals

The ISO standard defines the role of cybersecurity professionals. The ISO 27000 framework requires:
  • A senior manager responsible for IT and ISM (often the audit sponsor)
  • Information security professionals
  • Security administrators
  • Site/physical security manager and facilities contacts
  • HR contact for HR matters such as disciplinary action and training
  • Systems and network managers, security architects and other IT professionals
The types of information security positions can be broken down as follows:
  • Definers provide policies, guidelines, and standards and include consultants who do risk assessment and develop the product and technical architectures and senior level individuals within an organization who have a broad knowledge, but not a lot of in-depth knowledge.
  • Builders are the real techies who create and install security solutions.
  • Monitors administer the security tools, perform the security monitoring function, and improve the processes.

Job Search Tools

A variety of websites and mobile applications advertise information technology jobs. Each site targets varying job applicants and provides different tools for candidates researching their ideal job position. Many sites are job site aggregators, a job search site that gathers listings from other job board and company career sites and displays them in a single location.

Indeed.com

Advertised as the world's #1 job site, Indeed.com attracts over 180 million unique visitors every month from over 50 different countries. Indeed is truly a worldwide job site. Indeed helps companies of all sizes hire the best talent and offers the best opportunity for job seekers.

CareerBuilder.com

CareerBuilder serves many large and prestigious companies. As a result, this site attracts specific candidates that typically have more education and higher credentials. The employers posting on CareerBuilder commonly get more candidates with college degrees, advanced credentials and industry certifications.

USAJobs.gov

The federal government posts any openings on USAJobs. Click here to learn more about the application process used by the U.S. government.

Ref : [1]