What are the six main cybersecurity functions (skills and tasks)?
1) Management
2) Cyber Audit and Assessment
3) Event Monitoring and Alerts (Reactive Operations)
4) Proactive Operations
5) Environment Testing
6) Specialists
What roles sit within the Management function?
1) Chief Information Security Officer / Chief Cybersecurity Officer
2) Cyber Risk Manager
3) Cybersecurity Architect
Management is responsible and accountable for putting the correct governance in place.
What roles sit within the Cyber Audit and Assessment function?
Audit Manager
Auditor
Assessment Specialist
What roles sit within the Event Monitoring and Alerts function?
1) Security Incident and Events Manager
2) Security Incident Responder
3) Cybersecurity and Network Intrusion analysts
What roles sit within the Proactive Operations function?
1) Access Administrators
2) Security Device Administrators (firewalls and more)
3) Encryption / Cryptography Consultatnt
4) Security Risk Consultants
5) Cybersecurity Analysts
What roles sit within the Environment Testing function?
1) Attack and Penetration Testers (Ethical Hackers)
2) Vulnerability Assessors
What roles sit within the Specialists function?
1) Security Controls Designer
2) External Security Specialist
3) Digital Forensics Specialist
4) Cryptologyst
5) Cryptanalyst
6) Anti-Malware / Anti-Virus Specialist
7) Software Security Specialist
What do I need to know about the role - CISO?
- Single point of accountability for ensuring appropriate framework for managing dangers and threats to electronic and physical info assets is operating and effective.
- Too few of them occupy position on main Exec Board.
- Has an executive strategic focus, a business person.
- Does not make direct business technology decisions, but manages processes and reports to help business to understand and mitigate security risks.
- CISO processes should allow relevant decision-makers to understand the risks and then make decision about whether or not to proceed.
- Defines the security culture for the org, ensuring right control structures in place to keep risk within acceptable levels.
- Has final accountability for all security governance items, including policies and procedures.
What do I need to know about the role - Cyber Risk Manager?
- Responsible for collecting and monitoring the cumulative set of open security risks across digital landscape.
- Usually establishes minimum ‘materiality’ levels (potential probability and impact thresholds), to determine when should be escalated.
- Risk entry must capture and explain which digital components and business processes can be impacted.
- Ensures collective risk information picture can be analysed and understood (most breaches occur due to cumulative risks).
- Critical to understand which security actions should be assigned highest priority.
What do I need to know about the role - Cybersecurity Architect?
- Creates a coherent master plan with standard security components that can be used effectively and quickly each time a new technology needs to be added.
- Ensure clear understanding of permitted methods for securely integrating and extending an org’s digital ecosystem to interact with others.
- Consider security of individual mobile apps in any device in which they could exist.
- Includes security standards and reqmts expected for remote technologies such as cloud services and critical supplier systems.
- Design secure, standard options for the flow of info between devices.
- Helps business to avoid costs involved with post-release security incident mgmt and reactive resolution of security gaps, by providing specifications to embed into design and release process.
What do I need to know about the role - Cyber Audit and Assessment?
- Crosscheck security and integrity of all key technologies, suppliers and processes on regular basis.
- Function exists to check samples of operations to verify whether or not they are being performed securely and correctly, and to ID any significant gaps and required corrective actions.
- Based on key controls that appear in the policies and procedures set by mgmt, usually aligned to legal reqmts or industry standards.
- May also include continuous tracking of activities of sec admin.
- Immediate critical items must be escalated to the cyber risk register and CISO as appropriate.
What do I need to know about the role - Security Incident and Event Management?
- Last line of defense function.
- Sec Incident Responder usually on call at all times to ensure immediate response to event such as DoS or malware attack.
What do I need to know about the role - Cybersecurity and Network Intrusion Analysts?
- Responsible for measuring, monitoring and managing the operational status of all assets and info flows directly under the control or accountability of the org.
- Includes all software, hardware, network devices, comms channels and third party (external) landscape items that could be potential source of vulnerabilities.
- Usually coordinated through device and network monitoring software, collected to form status dashboards and automated alerts.
- SOC = Security Operations Centre (real-time threats monitored and mgmt).
- Day-to-day operational gaps resolved by this team.
- Analysts also usually part of incident response team, to assess damage and impact.
- Valuable to consult for creation of new security solutions and hardening of existing security standards.
What additional areas are becoming increasingly important when considering cybersecurity resourcing?
- Putting together a threat intelligence team across disciplines, tasked with predicting and pre-empting the most likely threats and exploits.
- Ensuring the correct contingency (i.e. BCP) and restoration plans are ready to go, in the event that a disaster (technical or natural) takes place.
The Head of Cybersecurity for the Department of Homeland Security recommends ensuring the team is “EGGE”, which is…
Ethnically Diverse
Geographically Diverse
Gender Diverse
Educationally Diverse
Private individuals may secure own accts and devices with simple steps, such as…
- Maintaining different complex passwords with over 12 characters.
- Keeping devices up-to-date with software patches.
- Installing the most effective anti-malware software.
- Restricting ability to install software to a separate account.
- Avoiding surfing unknown websites or opening unknown links and attachments.
What is the DQ?
Digital Quotient - used to measure technology-related intelligence (knowledge or familiarity with digital practices).
In 2014, average adult scored 96 and average six-year-old scored 98.
What is difference in role of CISO vs CIO?
CIO looks at how to optimise and leverage information value.
CISO ensures that those information transactions are governed under secure processes.
What do I need to know about the role - Access Administrators?
- Performs the actions that set up and manage access to devices and systems used to run each org.
- Usually prohibited from any operational use of system.
- Roles should be rotated periodically and changes on highly sensitive systems should require a proposer and approver.
- Activity normally recorded in electronic audit trails for any suspicious activity patterns to automatically raise alerts.
What do I need to know about the role - Security Device Administrators?
- Perform configuration or management of technologies that used to detect, block or allow digital traffic.
- Considered to have privileged access and so should have processes to supervise this, such as Privileged Account Management Systems (PAMS).
- If misused, technologies operated by sec admin may cause massive business disruption, incl preventing entire environment from working.
- Roles therefore usually subject to close monitoring - audit trails, secondary approval and automated alerts.
What do I need to know about the role - Encryption / Cryptography Specialist?
- Acts as advisor or administrator of safe key management processes and advises on appropriate encryption / cryptography standards.
- Cryptographic key architecture allows orgs to ensure keys used to encrypte and decrypt info are readily available when and where needed.
What do I need to know about the role - Security Risk Consultant?
- Advisor when new type of technology, device or comms channel is being considered, to help assess the risk.
- Advises on security risk process design and provides consultative assistance each time a risk assessment process is run.
What do I need to know about the role - Penetration Testers (ethical hackers)?
- Perform checks and scans for potential exploits across new system or website before operational and on periodic repeating basis.
- Exploits usually assigned a criticality level and resolved if that exceeds the orgs acceptable standard.
- Usually performed in test (not the live) environment.
- Considered essential ingredient for release of any software that has security by design.
What are drawbacks of ‘Red Teaming’?
- Very expensive.
- Reactively uncovering issues, so will be expensive to fix.
- Requires permission of owner of environment, which may rule out testing of supplier systems.
-
Unit 1 - Intro31
-
Unit 1 - Moore's Law and digitisation28
-
Unit 1 - FinTech, RegTech & Blockchain20
-
Unit 2 - Ethics & Risk Mgmt26
-
Unit 2 - Digital Disruption32
-
Unit 2 - ISO 31000: 201836
-
Unit 3 - Digital & Cyber Risks9
-
Unit 3 - Disciplines within Cybersecurity35
-
Unit 4 - Basic Cybersecurity Concepts22
-
Unit 4 - Human Factors11
-
Unit 5 - Threat Actors11
-
Unit 6 - Chg Mgmt11
-
NIST2
-
Dictionary6
-
Webinar Key Points24
