Important Consideration Other Than Zero Trust Adoption We all continue to have complete dependence on information technology deployed in critical systems and applications in the public and private sectors. Yet, from the electric grid to voting systems to the vast "Internet of Things." As a result, every company and organization remains highly vulnerable to sophisticated cyber-attacks from hostile nation-state-backed actors, criminal and terrorist groups, and rogue individuals. Different advanced adversaries collectively called the , compromising critical systems and often being undetected within those systems, inflicting immediate and long-term economic implications and even national security threats. Advanced Persistent Threat (APT) That is why the whole cybersecurity communities promote , including Google's , Gartner's , NIST , and by Forrester, which Zero Trust Architecture BeyondCorp CARTA SP800–207 ZTX adopts the idea of assuming that being compromised is inevitable. Today, organizations have to admit that the question is no longer how to keep bad actors out ­although this remains important. Instead, the focus should be on keeping going during an attack. And how to recover as quickly as possible to "business as usual" once an attack occurs. I previously mentioned the importance of which brings me more insight into the situations. Thanks to everyone for giving me feedback and ideas on how to spread the concept further; it would be better to introduce Zero Trust Security the idea of Cyber Resilience. Cybersecurity vs. Cyber Resilience The main difference between them is the focus of the response. In Cybersecurity, we have DR/ BCP to ensure organizations can resume operations as quickly as possible. However, the main focus of Cybersecurity is still on preventive controls. Take a well-known notion — as an example; even with more than one barrier involved (i.e., layered security), there's no guarantee it will completely stop people from getting through. "Defence-in-Depth (DiD)" Like you can be physically fit but get injured easily. Some bodybuilder who has little fat in their body needs a lot of energy to maintain. In opposite, a slim person can be strong and capable of withstanding different kinds of stress. The difference may not reflect in the appearance — This is about is the ability the idea of resilience. Being resilient to adapt well in the face of adversity, trauma, tragedy, threats, or significant sources of stress. SP800–160, Vol. 2 In late 2019, NIST released a special publication SP800–160 volume 2, "Developing Cyber Resilient Systems — A Systems Security Engineering Approach." It is the first in a series of specialty publications developed to support — the flagship Systems Security Engineering guideline. NIST SP 800–160 Volume 1 “the ability to anticipate, withstand, recover from and adapt to adverse conditions, stresses, attacks or compromises on systems that include cyber resources.” In volume 2, it addresses cyber resiliency considerations for two essential yet discrete communities of interest: Engineering organizations developing new systems or upgrading legacy systems employing systems life cycle processes and; Organizations with existing systems as part of their installed base currently carry out day-to-day missions and business functions. Cyber Resiliency is different from security defense. It is about knowing bad things will happen. The question is not about if but when. To become cyber resilient, the scope of protection would be more than the "Crown Jewels." It involves a more extensive coverage: the ecosystem of the business or organization. Cyber Resilience Cyber-resilient systems have security measures or safeguards "built-in" as a foundation of their architecture and design, enabling them to endure cyber-attacks, faults, and failures and continue to operate even in a degraded or debilitated state to carry out the organization's mission-essential functions. The current focus on resilience, on the other hand, doesn't lose sight of the leading edge of an adversary's initial compromise, even as the focus shifts elsewhere toward eliminating the probable impact of the entire attack chain. Thus, instead of relying heavily on preventative controls, resilience-based security goals look holistically at the full suite of available security controls. As a result, the entire security infrastructure could while reducing the probability that such an attack will end with business or operation disruption. disproportionately raise the expense of effort, material, and time an adversary must invest to progress forward with an attack Let's work through Cyber Resilience in two different frameworks. 1. Prevent, Detect, Correct… Adapt , so we need to be well prepared for the impacts and learn from them. For example, I mentioned using the PDC security mindset (Prevent, Detect, Correct) framework to strengthen the Incident Response Triage. But there is one puzzle missing — to threats In Cyber Resiliency, we assume that attacks are unavoidable Adaptation . Prevent, Detect, Correct, (Do not mix it up with Plan-Do-Check-Act!) should be the better approach against fast-changing malicious activities. To attach adaptation to the picture, we need a different approach. PDCA: and Adapt When , you should put your focus in different places according to which phase you are at: integrating this idea into a security mindset Prevention — Think like a Security Architect (Focus more on design and plan) Detection — Think like a Security Engineer (Attack/Defense thinking and Finding the real threats) Correction — Think like a Security Consultant (Resume Continuous business improvement) Adding adaptation means: Adaptation — Think like a (find the root cause after the event) Security Forensic Investigator 2. NIST's Cybersecurity Framework Another way to discover the interconnection of Cybersecurity and cyber resilience is to examine them in terms of the National Institute of Standards and Technology (NIST) 's . Cybersecurity Framework The framework identifies the five pillars that make up the cybersecurity "backbone": Identify Protect Detect Respond Recover For this post, "cybersecurity," as discussed, covers the framework's first three functions (Identify, Protect, Detect), and Collectively, they create a comprehensive security and data protection strategy. Cyber Resilience covers the last two functions (Respond, Recover). These are the reasons why every company needs to plan for both Cybersecurity and cyber resilience. ; it goes hand in hand with your business continuity strategy to ensure that no matter what causes disruption, data can be recovered, and operations can get back up and running fast. Resilience isn't just for cyberattacks Final Words — Be A Michelin Man, And Think Like a Forensic Investigator I like comparing security with health as both are my prime focus of interest. Being resilient is like making yourself become the surrounded by tires and can bounce around. It is not fat I am talking about, but the all-rounded airbag can "Michelin Man," protect you against attacks from 360 degrees. Holistic healthcare . Therefore, the is an opportunity to focus on disease prevention and health promotion, not medical treatment. focuses on maintenance rather than treatment health maintenance examination As an example, most metabolic illnesses are the result of prolonged inflammation. As a result, the symptoms are the "breaking point" or the weakest spot of your body. Maintenance can be in exercise, a mindful diet, or meditation to reduce stress in different aspects. In a , we adopt a security mindset in frameworks like or and an Adaptive Approach to find the root cause of the problem. holistic cybersecurity approach PDC(Prevent, Detect, Correct) PPT (People, Process, Technology) PDC becomes PDCA: Prevention — Think like a Security Architect (Focus more on design and plan) Detection — Think like a Security Engineer (Attack/Defense thinking and Finding the real threats) Correction — Think like a Security Consultant (Resume Continuous business improvement) Adaptation — Think like a Security Forensic Investigator ( find the root cause after the event) Another way to look into Cyber Resilience is by using the . In which we should not ignore the last two functions (response and recovery). To achieve that, we need to NIST's CSF be prepared to restore your systems and data to a pre-incident state at any time by backing them up; be able to maintain its business processes consistently, despite possible security incidents; and be able to react accordingly and support all business processes in a cyber attack. A resilient security architecture is one where defenders maintain maximum visibility across their enterprise: attacks are detected early, contained, and expelled before attackers realize their objectives; and rapid response and recovery from any incidental damage. It's an approach more adaptable to today's dynamic business factors of today's enterprise where digital and cloud transformation, as an example, are generally more cost-effective. Adequate visibility, detection, and response are pillars of resilience. Cyber Resilience is an approach most likely to positively manage enterprise risk in a world of vanishing perimeters, mobile assets, and accelerating cloud adoption. Thank you for reading. May InfoSec be with you🖖.

Chain

Google

"Don't Be Evil," They Said: Android Is Tracking Us With No Way to Opt-Out

Cloud Security 101

2021 - HackerNoon Contributor of the Year - CULTURE

Support Me on Coil

2021 - HackerNoon Contributor of the Year - PERSONAL-DATA

Nominated for 2022 - HackerNoon Contributor of the Year - Cybersecurity

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Privacy

Nominated for 2022 - HackerNoon Contributor of the Year - Beginners Guide

Nominated for 2022 - HackerNoon Contributor of the Year - Containers

Nominated for 2022 - HackerNoon Contributor of the Year - Data Privacy

Too Long; Didn't Read

Boost your HackerNoon story @ $159.99! 🚀

Developing Cyber Resilience: How To Think Like a Forensic Investigator

Developing Cyber Resilience: How To Think Like a Forensic Investigator

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Cloud Risk Management with Resilient Patching

Cyber-Resilience On the Cloud by Adopting Digital Immune System and CNAPP

Cyber Resilience - The Next Frontier of Cybersecurity

Following the Money: Why Cybersecurity Companies Aren't Interested in Getting Stronger

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Cloud Risk Management with Resilient Patching

Cyber-Resilience On the Cloud by Adopting Digital Immune System and CNAPP

Cyber Resilience - The Next Frontier of Cybersecurity

Following the Money: Why Cybersecurity Companies Aren't Interested in Getting Stronger

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps