Layered Approach to Cybersecurity

1. Purpose

2. Scope

The scope of this guideline addresses the fundamental process for the implementation of a layered approach to an company’s systems.

3.?Layered Approach to?Cybersecurity

Securing a Company’s employees, staff, and other human resources forms the first layer of the layered approach to cybersecurity. The people are the greatest asset of a company, yet if left neglected can prove to be its weakest link. The people and security programs shall be guided by policies that are executed through component procedures. These components shall ensure that the company’s protective, detective, and remedial measures are sustainable, repeatable, and demonstrable. Last, but not least, technology components of a cybersecurity program shall include solutions like antivirus (AV), intrusion detection, prevention systems (IDPs), firewalls, periodic vulnerability scanning, patch management, IT security policy auditing, behavioral analytics, and much more.

3.1?Security Tactics for People, Processes, and Technology

To create a layered security environment, there are several tactics a Company shall consider:

3.1.1????????People

It is vital to equip every employee with basic cybersecurity skills to limit the risks to the company’s internal network. Most cybersecurity breaches are a result of human errors and negligence. Employees often fall victim to social engineering tactics and end up providing attackers with login credentials or classified corporate data.

Hence, the people ultimately determine the effectiveness of the company’s cybersecurity technology and processes. Skilled professionals shall be required to monitor the operations of these cybersecurity pillars. For every vulnerability or threat discovered, the cybersecurity team shall be relied upon to remediate or mitigate the risk.?In addition, they could be critical in identifying the risks that the existing technology solutions may miss.

Employee Training and Awareness:

It’s imperative that the company conducts regular training sessions throughout the year to keep employees aware of potential scams and ways they can make their company vulnerable.

Training programs will create a strong culture of cybersecurity that can go a long way toward minimizing threats. These awareness sessions shall include but are not limited to the following key points:

• Creating strong passwords that are unique to each account and not reused.
• Avoid opening or clicking links in suspicious emails especially those from unfamiliar senders.
• Ensuring applications and operating systems are updated regularly as soon as patches are released and discourage installing unauthentic software as they can open security vulnerabilities in the network.
• Immediately report any unusual behavior or strange events happening on their computers.

Competent and Skilled Professionals:

It is essential that the company’s cybersecurity professionals are equipped with the latest skills. Professionals need up-to-date knowledge of risk analysis and mitigation, intrusion detection, incident response, encryption solutions, software reverse-engineering, and cloud security solutions.

Learning new skills is easier with the flexibility of training and awareness programs for employees. Training resources are available online, while other training programs can be done on the job and sometimes at workshops, webinars, and more.

Staff Management:

Cybersecurity responsibilities must be well-defined for each team member to ensure functional processes for threat detection, risk mitigation, and disaster recovery. From employee training and awareness programs, the company’s management shall outline the responsibilities of each staff in securing the network environment. By assigning roles, cybersecurity professionals identify the most efficient way to coordinate responses to incidents and detect and identify attacks at the onset and prevent severe damage. Cybersecurity programs that invest in training people create a strong framework and add value to the company and its processes.

Cybersecurity Department Organizational Structure:

3.1.2????????Processes

For an effective cybersecurity strategy or policy, processes are required to provide structure for the underlying procedures required for implementation.?Processes define how a company’s activities, roles, and documentation all work together. The core objectives of the cybersecurity process are that it must seek to protect and preserve the confidentiality, integrity, and availability of the companyal information assets. For any process to be effective, that process must be sustainable, adaptable, and demonstrable.

Cybersecurity requires a continuing program, not a series of one-time solutions to network security threats. Processes involve constant monitoring of the network for risks and vulnerabilities, the overall effectiveness of the technology solutions applied, and the efficiency of the staff in securing the network.

Effective processes contemplate the procedures for detecting flaws in the cybersecurity program and benchmarking its effectiveness in securing the company’s internal network.?The scope of these policies, processes, and procedures consists of five concurrent and continuous functions: identification of risks, protection, detection, response, and recovery.

Minimum Processes

The minimum processes that should be addressed on an administrative, technical, and physical level are:

• Information asset identification and management
• Risk management
• Vulnerability management
• Identity management and access control
• Change control
• Business continuity planning
• Awareness and training
• Physical security
• Incident response
• Auditing and monitoring
• Technology

This component functions most efficiently with technically sound people and strong process foundation to ensure proper management of early incident detection, identification, response, and recovery. Technology solutions protect against risks that may arise from network vulnerabilities. Since vulnerabilities can occur anywhere within the network, deploying a single-point solution will expose the system to numerous cyber threats. Solutions that can be integrated and automated into the security framework to provide distributed protection across the network are the best protection against attacks.

NETWORK SECURITY CONTROLS

Network Security describes the security tools, controls, and security policies designed to monitor, prevent, and respond to unauthorized network intrusion, while also protecting digital assets, including network traffic. Network security includes hardware and software technologies and is designed to respond to the full range of potential threats targeting a company’s network.

Access Control

Network access control, or NAC, is the set of tools, processes, and protocols that govern access to network-connected resources. The mechanism grants access to network-connected resources to read, write, or use to users based on the access permissions and their associated roles. The crucial aspect of implementing access control is to maintain the integrity, confidentiality, and availability of the information.

Data loss prevention (DLP)

Network Data Loss Prevention (DLP) software monitors, detects and potentially blocks sensitive data exfiltration while the data is in motion. Network DLP is used to prevent critical information from being transferred outside the company network.

Endpoint security

Endpoint Security is the practice of securing endpoints or entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious actors and campaigns. Endpoint security systems protect these endpoints on a network from cybersecurity threats.

Firewalls

Network firewalls are security devices used to stop or mitigate unauthorized access to private networks connected to the Internet, especially intranets. The only traffic allowed on the network is defined via firewall policies – any other traffic attempting to access the network is blocked. Network firewalls sit at the front line of a network, acting as a communications liaison between internal and external devices.

Intrusion prevention systems

An Intrusion Prevention System (IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. Vulnerability exploits usually come in the form of malicious inputs to a target application or service that attackers use to interrupt and gain control of an application or machine.

Network Segmentation

Network Segmentation is the practice of dividing a larger network into several smaller subnetworks that are isolated from one another to provide enhanced security. Network segmentation provides protection against attackers who manage to breach the perimeter defenses by limiting their ability to move laterally within the network. It can also protect key systems from accidental or malicious interference by internal users.

Database Security Controls

Database Security refers to the range of tools, controls, and measures designed to establish and preserve database confidentiality, integrity, and availability. Database security includes protecting the data in the database, the database management system (DBMS), any associated applications, the physical database server and/or the virtual database server and the underlying hardware and, the computing and/or network infrastructure used to access the database.

Authentication

Database authentication is the process or act of confirming that a user who is attempting to log in to a database is authorized to do so and is only accorded the rights to perform activities that he/she has been authorized to do.

Database Management System Configuration

It is critical that the Database Management System (DBMS) be properly configured and hardened to take advantage of security features and limit privileged access that may cause a misconfiguration of expected security settings. Monitoring the DBMS configuration and ensuring proper change control processes help preserve the consistency of the configuration.

Inference Control

Database Inference control, also known as Statistical Disclosure Control (SDC), is a discipline that seeks to protect data so they can be published without revealing confidential information that can be linked to specific individuals among those to which the data corresponds.

Flow Control

Flow control prevents the information from flowing in a way that it reaches unauthorized users. Channels are the pathways for information to flow implicitly in ways that may violate the company privacy policy, these are called covert channels.

Encryption

This method is mainly used to protect sensitive data and other sensitive information. The data is encoded using some encoding algorithms. An unauthorized user who tries to access this encoded data will face difficulty in decoding it, but authorized users are given decoding keys to decode data.

Access Control

The security mechanism of DBMS must include some provisions for restricting access to the database by unauthorized users. Access control is done by creating user accounts and controlling the login process by the DBMS. So that database access to sensitive data is possible only to those people (database users) who are allowed to access such data and to restrict access to unauthorized persons.

Backup and Recovery

A data backup, as part of the database security protocol, makes a copy of critical company data and stores it on a separate system. This backup allows companies to recover their lost data that may result from hardware failures, data corruption, theft, hacking, or natural disasters.

Database Auditing

Database Auditing is the monitoring and recording of selected user database actions. It can be based on individual actions or on a combination of factors that can include a username, application, time, and so on. Auditing helps to detect, deter, and reduce the overall impact of unauthorized access to the company DBMS.

Applications Security Controls

Application security is the process of developing, adding, and testing security features within applications to prevent security vulnerabilities against threats such as unauthorized access and modification. Application security controls are techniques to enhance the security of an application at the coding level, making it less vulnerable to threats. Many of these controls deal with how the application responds to unexpected inputs that a cybercriminal might use to exploit a weakness.

Fuzzing

Fuzz Testing (or fuzzing) is an automated application testing technique that attempts to find hackable application bugs by randomly feeding invalid and unexpected inputs and data into a computer program in order to find coding errors and security loopholes.

Secure Coding Concepts

Secure Coding?is a set of practices that applies security considerations to how applications will be coded and encrypted to best defend against cyberattacks or vulnerabilities. Defects, bugs, and logic flaws are the primary cause of commonly exploited application vulnerabilities. Secure coding standards introduce safeguards that reduce or eliminate the risk of leaving security vulnerabilities in code.

Application Configuration Baseline

Application Configuration baseline refers to security measures that are implemented when developing applications to reduce unnecessary cyber vulnerabilities. It’s an essential part of a company’s defense-in-depth cybersecurity strategy.

Application Hardening.

Application hardening is the act of applying levels of security to protect applications from IP theft, misuse, vulnerability exploitation, tampering or even repackaging by people with ill intentions. Application hardening is an integral part of the defense strategy for building a secure application development lifecycle process.

?

Cross-Site Scripting Prevention

Cross-site scripting prevention is a security technique that protects against web attacks that compromise the security of the users working with unreliable website content. Cross-site scripting attacks are based on malicious scripts encrypted into websites that can be served to other users for a certain period.

System Security Controls

System Security describes the security tools, controls, and measures established to protect the information and property from theft, corruption, and other types of damage while allowing the information and property to remain accessible and productive. System security includes the development and implementation of security countermeasures and preventive-control techniques. There are several different controls for system security, including Vulnerability Scanning, Patch management, and password solutions.

?

Integrated technology solutions

Adopting multiple technology solutions for the network will help reduce the chances of a successful attack against the company’s system. Combining technologies to secure a company’s system derives its effectiveness from the ability of one solution to meet the shortcomings of another, thereby building a stronger framework for system security. Having solutions, like IT security policy monitoring and auditing, that can provide visibility across these tools ensures that the multitude of solutions does not itself create a gap.

Vulnerability Scanning

From the processes of?risk assessment?and mitigation, the cybersecurity team should identify efficient technology tools for the system. Using these tools can help find potential weaknesses in the system. A?vulnerability scan?forms part of the preliminary stage of system security. Through vulnerability scans, the security team will quickly detect, identify, and classify weak points in the system.?Vulnerability scans are essential as they help identify the types of attacks that the system may face. Also, through the scans, security professionals can predict the effectiveness of countermeasures to be applied.

Patch Management

Technology must maintain its relevance during operations to guard against evolving attacks. Deploying fixes and updates to technology will improve the functionality of the tools. Patch management assists in identifying shortcomings, testing possible fixes, and deploying the fixes into the technology. In the long term, this process will reduce delays and downtime of the company’s operation.

Anti-Malware Software

Anti-Malware Software is a type of software program designed to prevent, detect, and remove malicious software (Malware) from systems, as well as computing devices. Anti-Malware Software protects against infections caused by many types of malware, including all types of viruses, as well as rootkits, ransomware, and spyware.

Password

The most widely used method to prevent unauthorized access is to use passwords. A?password?is a string of characters used to authenticate a user to access a system. The password needs to be kept secret and is only intended for the specific user. In computer systems, each password is associated with a specific username since many individuals may be accessing the same system.