[Cybersecurity Architecture] How to Execute An Investigation of Security Breach

[Cybersecurity Architecture] How to Execute An Investigation of Security Breach

What is Breach?

Breach is defined as an incident involving the loss of, or unauthorized disclousre of, sensitive, classified, sometimes regulated information as a reslt of a compromise or breakdown in the organization's security and protection systems.

Once breach happened in your environment, as cybersecurity professional, how will you prepare to execute the investigation and ask the questions?

7 Steps Process

Further details can be found from https://www.ekransystem.com/en/blog/data-breach-investigation-best-practices

RCA

RCA: root-cause-analysis

Fish bone diagram mapping all integrated controls in your environment to the six primary assets used to delivery services and products:

Questions to Answer for Cybersecurity Team

1 Was it human error or technology error led to this breach?

Example: the vulnerability was not been patched for what reason?

2 Was it due to weak governance?

Example: Was CEO knowing about this vulnerability existing or only knows by the technician?

Roles and Responsibilities:

3 Are we stuck in the elevator?

Do we live in the glass bubble? = Has IT Audit put themselves into a glass bubble by not communicating with other groups such as I&IT?

Or could be another way around, has IT Audit been exiled by I&IT?

Are we a victim of our own culture?

Does our organization support interaction of IT audit during incident response situations? 

There are so many attacking surface / exploit code around your Technology stack.

4 Was it sophisticated?

Malware:

Undectectable Malware. 

5 Was it due to a lack of guidance?

6 Was it due to a lack of knowledge?

None of popular Cybersecurity frameworks (CIS Controles, NYCRR 500, NIST CSF, General Data Protection Regulation) includes managment system and audit process. 

Management System:

ISO 27001 ISMS

IIA 3 Lines of Defense

The Three Lines Model - The model previously known as the Three Lines of Defense

The Three Lines Model helps organizations identify structures and processes that best assist the achievement of objectives and facilitate strong governance and risk management. The model applies to all organizations and is optimized by:

 Adopting a principles-based approach and adapting the model to suit organizational objectives and circumstances. 

 Focusing on the contribution risk management makes to achieving objectives and creating value, as well as to matters of “defense” and protecting value. 

 Clearly understanding the roles and responsibilities represented in the model and the relationships among them. 

 Implementing measures to ensure activities and objectives are aligned with the prioritized interests of stakeholders.

The IIA’s Three Lines Model:

About The IIA 

The Institute of Internal Auditors (IIA) is the internal audit profession’s most widely recognized advocate, educator, and provider of standards, guidance, and certifications. Established in 1941, The IIA today serves more than 200,000 members from more than 170 countries and territories. The association’s global headquarters is in Lake Mary, Fla., USA. For more information, visit www.globaliia.org.

Defense in Depth

 DiD architecture was designed from ISO27001

References

https://www.youtube.com/watch?v=hc4_oNwDFco

via Blogger http://blog.51sec.org/2023/03/cybersecurity-architecture-how-to.html
March 03, 2023 at 08:32PM Architecture