Cybersecurity Architect Knowledge Overview
From: https://lucid.app/lucidchart/271dbc7a-e65f-43e7-a278-ee17240c77a7/edit?page=m-5o7ONTd-nK#
via Blogger http://blog.51sec.org/2022/12/cybersecurity-architect-knowledge.html
December 09, 2022 at 08:15PM Architecture
This guide walks you through the steps to mount Google drive locally using Rclone. The process has been well tested on Ubuntu Linux, but the steps are same for all Linux and Unix distributions. The process for Windows 10
Principles
CIA Triad (confidentiality, integrity, and availability)
Confidentiality - Keeping data secure
Practice:
- Data encryption is one way to ensure confidentiality and that unauthorized users cannot retrieve data for which they do not have access.
- Access control is also an integral part of maintaining confidentiality by managing which users have permissions for accessing data.
- Life science organizations that utilize patient data must maintain confidentiality or violate HIPAA.
How:
- Securing Data in-motion
-
- Transport Channel Encryption
- Message-level Encryption
- Securing Data At Rest
-
- Disk Level Encryption
- File-Level Encryption
Integrity - Keeping data clean
Integrity refers to whether your data is authentic, accurate, and reliable.
Practice:
- Event log management within a Security Incident and Event Management system is crucial for practicing data integrity.
- Implementing version control and audit trails into your IT program will allow your organization to guarantee that its data is accurate and authentic.
- Integrity is an essential component for organizations with compliance requirements. For example, a condition of the SEC compliance requirements for financial services organizations requires providing accurate and complete information to federal regulators.
How:
- Message Authentication Code (MAC)
- Hash-Based Message Authentication Code (HMAC)
- Digital Signatures
- Message Digest
Availability - Keeping data accessible
Practice
- Employing a backup system and a disaster recovery plan is essential for maintaining data availability should a disaster, cyber-attack, or another threat disrupt operations.
- Utilizing cloud solutions for data storage is one way in which an organization can increase the availability of data for its users.
- As the reliance on data analytics expands, the need for data to be available and accessible grows for sectors like financial services and life sciences.
How:
- Denial of Service (DoS)
- Threat Modeling and use of Anomaly Detection tools
- Resource Throttling
- Intrusion Prevention Systems (IPS) Based Prevention
- Network Ingress Filtering
Other principles relating to CIA
Authentication
- MFA
- Password-Less Authentication
- Authentication Models (API and Web Applications) - OAuth, Federated Identity SSO
- Active Directory (AD) Authentication
- Active Directory Federation Services (ADFS)
- Simple Authentication and Security Layer (SASL)
Authorization
- Access Control Lists (ACL)
- OASIS Extensible Control Access Markup Language (XACML)
- Java Web Token (JWT)
Auditing
- Non-Repudiation
Notes: https://systemweakness.com/a-brief-introduction-to-security-architecture-principles-24f5fbc58dd4
Defense-in-Depth (DiD)
Aka security in depth, refers to a cybersecurity approach that uses multiple layers of security for holistic protection. A layered defense helps security organizations reduce vulnerabilities, contain threats, and mitigate risk.
Zero Trust (Assume-Breach)
Zero Trust is a security model that emphasizes the need to verify every user and device before granting them access to company resources.
The key tenets of a modern defense-in-depth strategy include:
- Protect privileged access – use privileged access management solutions to monitor and secure access to privileged accounts (superuser accounts, local and domain administrator accounts, application administrative accounts, etc.) by both human and non-human identities (applications, scripts, bots, etc.).
- Lockdown critical endpoints – use advanced endpoint privilege management solutions to lock down privilege across all endpoints, prevent lateral movement, and defend against ransomware and other forms of malware.
- Enable adaptive multifactor authentication – use contextual information (location, time of day, IP address, device type, etc.) and business rules to determine which authentication factors to apply to a particular user in a particular situation.
- Secure developer tools – use secrets management solutions to secure, manage, rotate and monitor secrets and other credentials used by applications, automation scripts, and other non-human identities.
Solutions:
1. Threat detection and response solutions
2. Identity and privileged access management
3. Endpoint and data protection
4. Security services
Best Practices:
1. Always Verify the User with Multi-factor Authentication (MFA)
2. Always Validate the Device
3. Ensure the Device Measures Up to Your Security Standards
4. Least Access and Least Privilege for IT and Everybody Else
5. Use a Solution that Learns and Adapts
Zero Trust vs Defense in Depth
The main difference is that Zero Trust requires continuous verification of users and devices, whereas Defense in Depth relies on multiple layers of security defenses. Additionally, Zero Trust focuses on protecting data and systems from external and internal threats, while Defense in Depth mainly focuses on external threats.
Frameworks
Key Deliverables:
TOGAF EXAMPLES:
SABSA EXAMPLES:
OSA EXAMPLES:
Notes: https://www.dig8ital.com/post/what-is-security-architecture-and-what-do-you-need-to-know
COBIT:
COBIT 5, from ISACA, is “a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT.”1 This framework includes tool sets and processes that bridge the gap between technical issues, business risk and process requirements. The goal of the COBIT 5 framework is to “create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use.” COBIT 5 aligns IT with business while providing governance around it.
ISACA Top-Down Approach
Enterprise Security Architecture—A Top-down Approach
Using the Frameworks to Develop an Enterprise Security Architecture
The fair question is always, “Where should the enterprise start?”
If one looks at these frameworks, the process is quite clear. This must be a top-down approach—start by looking at the business goals, objectives and vision.
The initial steps of a simplified Agile approach to initiate an enterprise security architecture program are:
- Identify business objectives, goals and strategy
- Identify business attributes that are required to achieve those goals
- Identify all the risk associated with the attributes that can prevent a business from achieving its goals
- Identify the required controls to manage the risk
- Define a program to design and implement those controls:
- Define conceptual architecture for business risk:
- Governance, policy and domain architecture
- Operational risk management architecture
- Information architecture
- Certificate management architecture
- Access control architecture
- Incident response architecture
- Application security architecture
- Web services architecture
- Communication security architecture
- Define physical architecture and map with conceptual architecture:
- Platform security
- Hardware security
- Network security
- Operating system security
- File security
- Database security, practices and procedures
- Define component architecture and map with physical architecture:
- Security standards (e.g., US National Institute of Standards and Technology [NIST], ISO)
- Security products and tools (e.g., antivirus [AV], virtual private network [VPN], firewall, wireless security, vulnerability scanner)
- Web services security (e.g., HTTP/HTTPS protocol, application program interface [API], web application firewall [WAF])
- Define operational architecture:
- Implementation guides
- Administrations
- Configuration/patch management
- Monitoring
- Logging
- Pen testing
- Access management
- Change management
- Forensics, etc.
- Define conceptual architecture for business risk:
It is that simple. After all risk is identified and assessed, then the enterprise can start designing architecture components, such as policies, user awareness, network, applications and servers.
Figure 6 depicts the simplified Agile approach to initiate an enterprise security architecture program.
Using these frameworks can result in a successful security architecture that is aligned with business needs:
- COBIT principles and enablers provide best practices and guidance on business alignment, maximum delivery and benefits.
- The COBIT Process Assessment Model (PAM) provides a complete view of requirement processes and controls for enterprise-grade security architecture.
- SABSA layers and framework create and define a top-down architecture for every requirement, control and process available in COBIT.
- The TOGAF framework is useful for defining the architecture goals, benefits and vision, and setting up and implementing projects to reach those goals.
- The CMMI model is useful for providing a level of visibility for management and the architecture board, and for reporting the maturity of the architecture over time.
Note: https://www.isaca.org/resources/isaca-journal/issues/2017/volume-4/enterprise-security-architecturea-top-down-approach
References
via Blogger http://blog.51sec.org/2022/12/cybersecurity-architect-knowledge.html
December 09, 2022 at 08:15PM Architecture
RSS Feed
