6-26-14 Podcast References

C-IT Security Podcast

Content provided by Charles Whitby: Business Security Thought Leader. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Charles Whitby: Business Security Thought Leader or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

10y ago 18:35

MP3•Episode home

Archived series ("Inactive feed" status)

When? This feed was archived on January 18, 2021 03:07 (3y ago). Last successful fetch was on March 16, 2018 15:40 (6y ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

“Every day that we spent not improving our products was a wasted day.”

—Joel Spolsky

Montana Notifying 1.3 Million After State Health Agency Server Hacked

http://www.securityweek.com/montana-notifying-13-million-after-state-health-agency-server-hacked

http://www.csoonline.com/article/2367661/montana-data-breach-exposed-13-million-records.html

C-IT Recommendation

Verify your company has an effective and enforced access control standard and policy which defines roles and baselines for system administrators. Ensure the standard and policy expresses that access should be removed when an employee transfers within the organization or leaves the organization.
1. Roles should be specifically defined by the needs to perform the duties of the roles and only those duties
2. Privileged access should granted to the roles and not to the individual users. Individual users should then be added to the roles according to their positions
  1. ex: Database Administrator should not have the rights of the Operating System Administrator
Perform periodic access reviews for privileged account users. Any users or groups who are discovered to have unnecessary access should have privileged access be immediately removed.
Utilize job rotation, and mandatory vacations for all privileged roles. Job rotation allows administrators to
1. understand that someone else is stepping in to perform the job responsibilities and may be able to detect malicious behavior and consequently deter the administrator’s malicious behavior
Utilize dual control (separation of duties) for highly sensitive activities.
1. Ex: The individual who makes changes in production source code hand off their changes to someone else for installation control.
2. This deters malicious behavior as each individual knows an honest employee may detect the behavior

Validate your organization has an efficient Security Operations Center (SOC) of which trained analysts are trained to alert on potential malicious events or malicious sources.
Ensure your organization has a security incident investigation process that includes discovering breach, and disclosing the breach. Validate your process aligns with the requirements of your regions regulations.
Consult your Risk Management team to see if your company has any cybersecurity insurance.
If you have coverage, ensure the organization has performed an information security risk assessment to see if the current coverage is adequate for your company’s risk appetite. If you do not have coverage, consider performing an information security risk assessment to transfer potential financial loss in case there is a need to pay for forensic investigations, credit monitoring, reputation management, business interruption, and compliance with state breach notification laws in the case of a data breach.

Article Resources

Role Based Access Control (has links to other resources including the “Economic Benefits of Role Based Access Control”)

http://csrc.nist.gov/groups/SNS/rbac/

Separation of duty definition

http://www.pcmag.com/encyclopedia/term/51110/separation-of-duties

NIST Computer Security Incident Handling Guide

http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf

‘Luuuk’ Cybercrime Operation Steals €500,000 From Bank

http://www.securityweek.com/luuuk-cybercrime-operation-steals-%E2%82%AC500000-bank

http://www.darkreading.com/luuuk-stole-half-million-euros-in-one-week/d/d-id/1278845?

C-IT Recommendation

Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs with a crimeware kit
Ensure your organization has a solid anti-malware solution at the end point and that all endpoints are covered.
Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
Test business functionality of each type of device and record any issues impacting any business functions on the devices.
If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.
Consult with your Vulnerability and Threat Management Team (VTM) to verify all production systems are patched with the latest updates.
Implement an advanced malware solution such as Invincea Freespace, FireEye Web Security (NX Series), Source Fire FireAmp to keep remote connections from initiating from your internal network.

Article Resources

Man in the browser attack definition

http://searchsecurity.techtarget.com/definition/man-in-the-browser

Securelist technical description of Luuuk attack

http://www.securelist.com/en/blog/8230/Use_the_force_Luuuk

‘Havex’ malware strikes industrial sector via watering hole attacks

http://www.scmagazine.com/havex-malware-strikes-industrial-sector-via-watering-hole-attacks/article/357875/

http://www.securityweek.com/attackers-using-havex-rat-against-industrial-control-systems

C-IT Recommendation

From the end-user perspective

Ensure your organization has a strong asset inventory with an accurate configuration management database.
Identify all devices which have the vulnerable versions of Adobe Flash Player
Deploy the Adobe security update to test machines in your environment
Test business functionality of each type of device and record any issues impacting any business functions on the devices.
If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted
Finally, as always it is good practice to run a vulnerability scan against the devices to ensure the vulnerability has been addressed.

From the Website Perspective

Ensure your company is using a strong Web Code review process before publishing sites
Use a software code security analysis tool to check your website for potential vulnerabilities
Require your security team to perform penetration testing after any code changes to your externally facing websites.
If websites are deemed vulnerable after penetration testing, require through policy that the web development teams roll back to the previous version of the website until vulnerabilities are resolved

50 episodes

#Business #Business News #Tech #Education Tech #Tech News #Charles Whitby: Business Security Thought Leader #Podcasting Education