05_IIBA CCA Securing the Layers
IDENTIFY-RISK ASSESSMENT (RA)-1
Asset vulnerabilities are identified and documented
PROTECT-DATA SECURITY (DS)-3
Assets are formally managed throughout removal, transfers, and dispositions
Network Segregation
Assets are grouped together based on common security requirements, and then each group is placed into its own isolated network zone, so that traffic flowing into each zone will be subject to the security policies defined by the zone's security requirements, and filtered accordingly.
Security Architecture Business Context
Attackers will typically go after the weakest point in a network or system. This weak point is rarely a security feature or function. When a secure system or network is being designed, it is important to consider the weakest link in the system and ensure it is secure enough
Full Disk Encryption
Automatic and transparent encryption of all harddrive data storage
Infrastructure as a Service (IaaS)
Offers the capability to provision processing, storage, networks and other fundamental computing resources, enabling the customer to deploy and run arbitrary software, which can include operating systems (OSs) and applications
uncontrolled
P2P applications are often designed to open an _____ channel through network boundaries, thus providing a way dangerous content, such as botnets, spyware, and viruses to enter an otherwise protected network
piracy
P2P applications, while possessing many legitimate applications, are associated with ____ and abuse of copyright and other forms of intellectual property
PROTECT-AWARENESS and TRAINING (AT)-5
Physical and information security personnel understand roles and responsibilities
IDENTIFY (ID)-ASSET MANAGEMENT (AM)-1
Physical devices and systems within the organization are inventoried; -5 Resources (hardware, devices) are prioritized based on their classification, criticality, and business value
PROTECT-INFORMATION PROTECTION (IP)-5
Policy and regulations regarding the physical operating environment for organizational assets are met; 9 Response plans (incident response and business continuity) and recovery plans (incident recovery and disaster recovery) are in place and managed
well-structured network
Security Operations Centers and threat hunting teams can be more effective in a ____. Traffic that may be normal in the user segment could be malicious in the server segment. This would be very hard to detect in a flat network
Information Asset
body of knowledge that is organized and managed as a single entity. Like any other corporate asset, an organization's these have financial value
Security Perimeter
boundary that defines the area of security concern and security policy coverage
Platform as a Service (PaaS)
built on top of the IaaS model as, in addition to providing the services from IaaS, this provider will also provide operating systems, middleware, and other runtime
Identify threat agents and possible attacks
characterize groups of potential attackers - inside and outside, malicious and inadvertent
Network Access Control (NAC)
concept of controlling access to an environment through strict adherence to, and implementation of, security policy. The goals of this are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.
Honeypot
decoy computer system for trapping or tracking hackers or new hacking methods. They are designed to intentionally engage and deceive hackers and identify malicious activities
Next Generation Firewall
deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention and bringing intelligence from outside the firewall
TCP/IP or DoD Model
descriptive model for modelling current internet architecture, as well as providing a set of rules that govern all forms of transmission over a network. It is comprised of four layers
Smart Meter
digital data collection and communication device used in the energy sector. Energy consumption data is tracked and made available to the provider and customer
Security Perimeter
first line of protection between networks of different zones. In general, it can include firewalls as well as proxies and devices such as intrusion detection systems (IDS) to warn of suspicious traffic
Identify exploitable vulnerabilities
focus on those that connect the identified possible attacks to the identified negative consequences
Prioritize identified risks
for each threat, estimate a number of likelihood and impact factors to determine overall risk/severity level
Sandboxing
form of software virtualization that lets programs and processes run in their own isolated environments
ring, bus, star and mesh
four basic physical topologies
Risk Management, Benchmarking and Good Practice, Financial, Legal and Regulatory
four factors which should drive architectural decisions
Hardware Security Module (HSM)
physical device that safeguards the cryptographic infrastructure by securely managing, processing and storing cryptographic keys inside a tamper-resistant external device that attaches directly to a computer
Network Topology
physical layout and organization of computers and networking devices.
Assets
pieces of IT equipment, including network infrastructure components, security infrastructure components, physical buildings/rooms/racks, laptops and personal computers, mobile devices, etc.
Whitelisting
practice of explicitly allowing identified people, groups, or services access to a particular privilege, service, or recognition
Defence in Depth
practice of layering defenses to provide added protection. It increases security by raising the effort needed in an attack. This strategy places multiple barriers between an attacker and an enterprise's computing and information resources
OSI Reference Model
prescriptive model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard for its underlying internal structure and technology. It is comprised of seven layers
Threat Modelling
procedure for optimizing network/application/internet security by identifying objectives and vulnerabilities and then defining countermeasures to prevent, or mitigate the effects of, threats to the system
Encryption
process of taking an unencrypted message (plaintext), applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext).
Worm
program that is capable of copying itself onto other computers or devices without user interaction
Trojan
program that pretends to be legitimate code but conceals other unwanted functions
Dynamic Host Configuration Protocol (DHCP)
protocol used by networked computers (clients) to obtain IP addresses and other parameters such as the default gateway, subnet mask and IP addresses of domain name system (DNS) servers from a DHCP server; ensures that all IP addresses are unique
Internet of Things (IoT)
refers to systems that involve computation, sensing, communication, and actuation. Involves the connection between humans, non-human physical objects, and cyber objects, enabling monitoring, automation, and decision making.
Platform Security
security model that is used to protect an entire platform by using a centralized security architecture or system.
Rule Set
set of access control rules defined in firewalls, which control which traffic is permitted through and which must be blocked
Security Baseline
set of basic security objectives which must be met by any given service or system. Details depend on the operational environment a service/system is deployed into, and might thus, creatively use and apply any relevant security measure. Derogations from the baseline are possible and expected and must be explicitly marked
Application Programming Interface (API)
set of routines, protocols and tools referred to as "building blocks" used in business application software development; also thought of as an interface between a server and a client.
platform security
Unlike a layered security approach in which each layer/system manages its own security, this secures all components and layers within a platform.
Wrapper
Encapsulation solutions that manage, configure, and update embedded systems through a controlled channel; their security may be enhanced through addition of authentication and integrity features
Endpoint
any device through which users connect to information, systems, and networks, for example laptops, smart phones, printers, tablets.
Physical Topology
not always the same as logical topology
Network Segmentation
partitioning of a network into smaller networks
incomplete
A segregated network architecture is ____ if an organization does not have full visibility into it. This visibility is achieved by collecting, inspecting and analyzing traffic at the various security zones between segregated networks
Near-Field Communications (NFC)
A wireless technology that enables a variety of contactless and proximity-based applications, such as payments, information retrieval, mobile marketing and device pairing
Physical Access
Access into a network connection or wiring area or to proximity to LAN resources or systems
firewalls
After end-to-end application security requirements and risk factors are identified, these can be deployed as one component to help meet those security requirements
Sandbox
An isolated environment, referred to as this in this context, enables users to run programs or execute files without affecting the underlying system which they run on. In the case of PaaS, this is typically a virtualized environment
isolate
An underlying virtualization platform, such as VMware or Hyper-V, is used to do this to environments
Threat Event
Any event during which a threat element/actor acts against an asset in a manner that has the potential to directly result in harm
Attack Surface
Components available to be used by an attacker against the product itself
AV/AM
Coordination of this kind of policy enforcement across network, endpoints, and cloud services
Data Isolation
Data within partitioned applications which cannot be read or modified by other applications
Malware (Malicious Software)
Designed to infiltrate, damage or obtain information from a computer system without the owner's consent
Product Threat Models Steps
Determine Assessment scope Identify threat agents and possible attacks Understand existing countermeasures Identify exploitable vulnerabilities Prioritize identified risks Identify countermeasures to reduce threat
botnet
Due to the overlapping nature of P2P node structure, it can be very difficult to fully detect and shut down the controlling _____, allowing it to continue operating unimpeded
Pyramid of Trust
Each layer can rely on the effective security of its underlying layer without being able to verify it directly
target device
For malware to spread, it needs to be installed on this or computer. Some of the most common infection techniques are phishing, websites/drive-by attacks and removable media such as memory sticks
PROTECT (PR)-ACCESS CONTROL (AC)-1
Identities and credentials are managed for authorized devices and users; -2 Physical access to assets is managed and protected
Damage Limitation
If an attack damages a partitioned application, this damage cannot spread to other partitions/applications
firewall
If improperly managed or deployed, this can leave gaps in an organization's security that attackers can use to infiltrate your network.
platform
If this is compromised the entire infrastructure is vulnerable
IoT devices
These being connected to the internet but not adequately secured has resulted in incidents such as hackers accessing in-home monitoring devices, and botnets shutting down entire parts of the internet
IoT devices
These contain and collect a lot of sensitive information about their physical surroundings
PROTECT-MAINTENANCE (MA)-1
Maintenance and repair of organizational assets is performed and logged in a timely manner with approved and controlled tools
trust domains
Firewalls should be placed between entities that have different this
Anti-Virus/Anti-Malware
Focal Points • Be familiar with existing and emerging types of malware and their attack vectors. • Understand the types of devices and endpoints on the network and what level of Anti-Virus/Anti-Malware (AV/AM) coverage is required. • Understand the level of operational/management overhead is required to maintain the deployed AV/AM infrastructure. • Understand how the various AV/AM components interact with each other and how data can be aggregated for reporting.
Product Security: Embedded Systems
Focal Points • Understand how the technical and functional requirements meet the required security for critical embedded systems. • Understand how and where embedded systems will be deployed as part of a project. • Understand what mitigating controls can be deployed to account for embedded systems that are not secure on their own
System Security: Servers
Focal Points • Understand sensitivity and classification as it relates to server access controls. • Understand how users with a requirement for administrative access, whether IT staff or business workers, should be assigned only those privileges necessary for them to accomplish their required tasks. • Understand what is required for the server to meet technical requirements and what features are unnecessary and can be disabled. • Understand physical and technological controls required to control and monitor access to the server room or data center
Product Threat Models
Focal Points • Understand the business cases and usage scenarios that will feed into the threat modelling activity. • Understand how risks will be ranked for likelihood and impact • Understand how risks will be addressed after prioritization. • Understand how the security objectives of the organization align to the defined threat prioritization.
Internet of Things
Focal Points • Understand the data being transmitted through Internet of Things (IoT) devices, and connectivity requirements. • Understand the security objectives for the IoT product(s) and the relevant threats to those objectives. • Understand how information about IoT devices, such as serial numbers, will be protected. • Understand how firmware will be managed and updated on deployed IoT devices.
Platform Security
Focal Points • Understand the pros and cons of platform security, and its fit (or not) to business and security requirements. • Understand the platform being deployed and the applicable security controls to be applied. • Understand the use cases for the platform and if they may require additional security measures. • Understand how platforms will have required security patches applied and at what frequency.
Segregation
Focal Points • Understand the security requirements of various servers and applications on the network for them to be properly classified. • Understand the sensitivity of data and criticality of applications to facilitate the segregation activities. • Understand what data from a zone may need to be transmitted to another zone and if, based on data sensitivity, that communication flow should be permitted and under what conditions. • Understand organizational business and security requirements to ensure that any segregation strategy doesn't impede the business
Self-Encryption Device
Hard drive that self-encrypts data to a media storage device and then automatically decrypts the data from the media.
spear-phishing and social engineering
Hostile actors are increasingly targeting internal networks using techniques such as these. This, coupled with an increase in the use of mobile and remote working, provides additional attack vectors for access to a company's internal network
Access Control
Improving Server Security can have a positive impact on this security by the very nature of limiting the opportunities for potential access
embedded systems
In-vehicle computing systems can include these to monitor engine performance, optimize braking, steering and suspension, but can also include in-dash elements related to driving, environmental controls, and entertainment
Security Architecture Threat Risk and Vulnerability Assessments
Insecure systems tend to suffer from the same sorts of threats and vulnerabilities. Common vulnerabilities include poor memory management, the existence of covert channels, insufficient system redundancy, poor access control and poor protection of key components
File Level Encryption
Manual encryption of specific files where the user must initiate an action before the file is encrypted and stored
zero-day
Minimizing this kind of endpoint infections by pre-emptively blocking known, unknown, and targeted attacks at all endpoints, online and offline, on network and off.
Defence in Depth
Multiple layers or levels of access controls to provide layered security. In server defense the outer layer may often be physical access controls followed by logical and technical controls and finally administrative access controls
Physical, Data-link, Network, Transport, Session, Presentation, Application
OSI Reference Model 7 Layers
PROTECT-PROTECTIVE TECHNOLOGY (PT)-2
Removable media is protected, and its use restricted according to policy
Software as a Service (SaaS)
Software that is owned, delivered and managed remotely by one or more providers. The provider delivers software based on one set of common code and data definitions that is consumed by all contracted customers at anytime on a pay-for-use basis or as a subscription based on use metrics
Host Based Firewall
Software which is installed on individual computers, to protect the end host, or operating system, as opposed to at the network level
Cyber-physical
These types of systems integrate software technology into physical infrastructure such as smart cars or smart grids. These systems are often vulnerable to threats that manufacturers of traditional physical infrastructure may not consider
Peer-to-Peer (P2P)
Style of networking in which computers communicate directly with one another rather than routing traffic through managed central servers and networks. Typically used for sharing resources amongst each other
Link, Network, Transport, Application
TCP/IP or DoD Model Four Layers
Firmware Over-the-Air
Technology used by manufacturers of mobile devices after distribution, to remotely install software and services, or resolve issues wirelessly
Corporate Security Policy and/or Acceptable Use Policy
The definition of these are the first steps in defining the network security, application, and traffic policies that should be enforced. Without defined policies, a firewall configuration can end up being little more than an ad hoc listing of perceived needs.
Security Architecture Solution Scope
The idea behind defence in depth is to manage risk with diverse defensive strategies, so that if one layer of defense turns out to be inadequate, another layer of defense will hopefully prevent the breach
Security Architecture
The set of disciplines used to design solutions to address security requirements at a solution or system level
Embedded systems
These are often not only enabled with internet access but also with means to remotely modify and patch software. By compromising these, the hostile actor could install malware or even replace the operating system itself
best practices
These aren't enough for securing products
platform security
This enables the elimination of individual security measures and use of multiple applications/services to secure different layers of an IT environment.
consistency
This is an important security risk consideration for PaaS
segregation
This of sensitive information, hosts and services from the environment in which users access external resources (e.g. web, email) can minimize the impact of any potential breach due to user behavior
embedded system
This provides very little, if any, allowance for security, especially for size, weight and power considerations; thus, security must not impose excessive overhead on the protected system
Micro-Segmentation
Through the use of software, placing security controls between individual servers in a virtual environment
Egress Traffic
Traffic moving away from the firewall, regardless of destination (e.g. internet or LAN)
Ingress Traffic
Traffic moving towards the firewall, regardless of destination (e.g. internet or LAN)
Emanations
Unintentional electrical, mechanical, optical or acoustical energy signals that contain information or metadata about the information being processed, stored or transmitted in a system
Stateful Firewall
Watch traffic streams from end-to-end. They are aware of communication paths and can implement various IP Security (IPsec) functions such as tunnels and encryption. These are better at identifying unauthorized and forged communications
threat modelling
When performed early in a development cycle, this can assist with identifying potential issues and reduce the effort and complexity of resolving them
network zoning
While a firewall should always be placed at internet gateways, there are also internal network considerations and conditions where a firewall could be deployed, such as this
Flat
____ networks are easy to manage and save money; however, with minimal controls between servers and data of different classification and security levels, an attacker who gains access to one system is able to use it as a staging ground for other environments across the network.
Unpatched
____ servers are another major source of security problems
Trusted Computing Base (TCB)
group of trusted system assets consisting of software, hardware, and other controls, which together enforce security policies
Network Based Firewall
hardware appliance that is deployed on the network and filters traffic going between networks (e.g. Internet and LAN). Placed at the perimeter or border of the network
Domain Name System (DNS)
hierarchical database that is distributed across the internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers
Virtualization
hosting of one or more operating systems (servers) within the memory of a single host server
Trusted Platform Module (TPM)
international standard (ISO 11889) for a secure crypto-processor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys
Security Boundary
line of intersection between any two areas, subnets or environments that have different security requirements or needs.
Grey list
list of email or Internet addresses that are neither good nor bad on first glance but require additional levels of validation before communication is permitted
Whitelist
list of email or Internet addresses that someone knows as "good"
Blacklist
list of email or internet addresses that someone knows as "bad"
Network Address Translation (NAT)
methodology of modifying network address information in IP datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another
Flat Network
network in which all computers (hosts) are able to communicate directly with all others within it; the network is not segmented at all
Determine assessment scope
tangible assets, application capabilities, reputation and goodwill attributes
Logical Topology
the grouping of networked systems into trusted collectives
weakest link
this could expose the entire platform to vulnerabilities
platform as a service
this may be useful when An organization has periodic spikes in application usage, requiring temporary increased computing power
Identify countermeasures to reduce threat
to reduce risk to acceptable levels based on the enterprise risk appetite
Stateless Firewall
type of firewall filter that watches end-to-end traffic flow and tracks packet sources and destinations; uses network connection state information to make traffic control decisions dynamically. These can tell if packets have been forged or have broken down, and are able to perform security functions such as encryption
Exploit
use of an identified vulnerability to violate security objectives such as confidentiality, integrity and availability
Embedded System
used to provide computing services in a small form factor with limited processing power. They embed the necessary hardware, firmware, and software into a single platform that can be used to provide a limited range of computing services, usually around a single application
Zero Day
vulnerability that is unknown to those who would be interested in mitigating it. Until the vulnerability is mitigated or AV/AM software is updated to detect it, hackers can exploit it.
IoT Technology Controls
• Anti-Virus and Anti-Malware software • Firewall • Intrusion Detection and Prevention Software • Virtual Private Network (VPN) • Key Authentication • Network Segregation
Embedded Systems Technology Controls
• Anti-Virus and Anti-Malware software • Firewall • Intrusion Detection and Prevention Software • Virtual Private Network (VPN) • Key authentication • Hardware Security Modules (HSM) • Network Segregation
Platform Security Technology Controls
• Anti-Virus/Anti-Malware • Identity and Access Management • Network Segregation • Privileged Account Management • Firewalls • Virtual Private Networks (VPN) • Intrusion Detection and Prevention Systems (IDS/IPS)
Endpoint Security Focal Points
• Business case and requirements analysis for endpoint security solutions • Understanding of applicable standards, regulatory considerations, and endpoint security controls
Physical Security Risks
• Compromise of equipment functionality from malicious activity can put confidentiality, integrity and availability at risk • Damage of physical IT assets due to natural causes, such as weather events, can prevent data and system availability • Malicious access to systems • Theft
Product Threat Models Risks
• Cybersecurity teams encounter new threats constantly, and adapting to the latest threats could protect the company from a large data breach and associated impacts. • No system is 100 percent secure; every system has vulnerabilities. At any given time, a system may not have any known software flaws, but security configuration issues and software feature misuse vulnerabilities are always present. • Older systems may be vulnerable to different threats than newer systems and due to their age, they may often be overlooked when developing threat models.
AV/AM Technology Controls
• Defence in Depth • Workstation and network-based AV/AM software • Security Information and Event Management (SIEM) software • Intrusion Detection and Prevention Software
Endpoint Security Process Controls
• Device Handling and Management Policies • IAM Governance
Segregation Technology Controls
• Disabling of non-essential services on servers and workstations • Firewalls and Security Appliances • Separation of management and operational networks • Network traffic whitelisting • Physical network isolation
Endpoint Security Risks
• Exposure of mobile devices, desktops, laptops and tablets to loss or theft which leaves data on those devices vulnerable to access from unauthorized users. • Potential of Malicious software (Malware) infecting a corporate device. • Potential data breach by unscrupulous persons accessing the data on stolen devices
Firewall Technology Controls
• Firewall Analyzer • Network Segmentation • Anti-Virus • Data Backup and Disaster Recovery
AV/AM Process Controls
• Hunt Teams • Security Operations Center • Information Security Policies (Acceptable Use, AV/AM, Software, Backup, etc.) • Security Awareness Training • Principle of Least Privilege
Endpoint Security Technology Controls
• IAM - Identity and Access Management Tools • FDE - Full Disk Encryption • FLE - File Level Encryption • SED - Self-Encryption Device • AMP - Anti-Malware Protection
Firewall Related Risks
• If improperly managed or deployed, a firewall can leave gaps in an organization's security that attackers can use to infiltrate your network. Gartner has projected that in the next three years, 99% of firewall breaches would be caused by misconfigurations. • Firewalls provide only limited protection against vulnerabilities caused by application flaws in server software on other hosts. For example, a firewall will not prevent an attacker from manipulating a database to disclose confidential information
Platform Security Process Controls
• Internal and External Audit • Architecture Standards and Policies • System Hardening Policy • Patch Management Process and Policy
Embedded System Risks
• It is often not financially and/or technically feasible to retrofit security capability into a system that was not originally designed for it. This can leave older embedded systems vulnerable to attack. • Parts from multiple manufacturers may comprise a finished product which leads to the problem that no single manufacturer has any incentive, expertise or even ability to patch the software on the embedded system once it is shipped. • Many embedded systems are designed with a focus on minimizing cost and extraneous features. This often leads to a lack of security and difficulty with upgrades and patches. Because an embedded system is in control of a mechanism in the physical world, a security breach could cause harm to people and property
Security Architecture Related Risks
• Like all system layers, networks are subject to risks that arise out of constant changes in the environment, in all aspects: people, process, and technology. • Designing security for a service must consider all connected systems or sub-systems, regardless of the layer in which they reside, otherwise any that are outside of the defined architecture can introduce vulnerabilities into and architecture if data or connections from those external sources is not validated and secured. • When privileged access is provisioned to users who require special access to restricted or sensitive information, there is a risk of abused privileges; the risk increases if the access is not audited and maintained on a regular basis
Security Architecture Technology Controls
• Network Segregation • Penetration Testing • Defense in Depth
Physical Security Process Controls
• PKI Governance Certificate Policy and Certificate Practice Statements • Access Control Governance and Processes • User credential standards • Removable media policies and controls • Employee awareness
Server Security Process Controls
• Policies and Procedures related to employee behaviours • Audits and Spot Checks • Principle of Least Privilege • Segregation of Duties • Physical Access Controls • Proactive Patching and Lifecycle Management
Firewall Process Controls
• Policy • Formalized Change Control Process for Firewall Rule Management • Principle of Least Privilege • Defense in Depth
Security Architecture Process Controls
• Principle of Least Privilege • Design and Architecture Reviews • System and Security Audits
Segregation Process Controls
• Principle of Least Privilege • Need to Know
Physical Security Technology Controls
• Public Key Infrastructure (PKI) to issue and manage certificates • Identity and Access Management (IAM) Tools • Physical Access Swipe Keys • Surveillance Systems • Redundant Systems • Remote Access Controls
Server Security Technology Controls
• SSH Keys • Firewalls • VPN and Private Networks • Public Key Encryption and SSL/TLS Encryption • Service and File Auditing • Isolated Execution Environments
Product Threat Models Technology Controls
• Security Operating Center (SOC)/Security Information and Event Management (SIEM) • Intrusion Detection and Prevention Systems • Next Generation Firewalls • Audit logging
Server Security Risks
• Servers may end up running services unintentionally and not be aware of it, which introduces potential risks that do not get identified. This can happen when administrators install an operating system, which turns on additional, unwanted services automatically with the base configuration. • P2P applications, while possessing many legitimate applications, are associated with piracy and abuse of copyright and other forms of intellectual property. • P2P applications are often designed to open an uncontrolled channel through network boundaries, thus providing a way dangerous content, such as botnets, spyware, and viruses to enter an otherwise protected network. • Due to the overlapping nature of P2P node structure, it can be very difficult to fully detect and shut down the controlling botnet, allowing it to continue operating unimpeded.
Embedded Systems Process Controls
• Software Development Lifecycle • Security by Design
IoT Process Controls
• Software Development Lifecycle • Security by Design • Security Awareness Training
AV/AM Related Risks
• USB memory sticks, CDs, DVDs and other removable media devices provide an effective way of spreading malware onto additional computers. When the media is inserted into the machine, the malware will either run and infect the target or will copy itself onto the removable media in order to prepare to infect the next machine it is plugged into. • The widespread use of mobile code such as JavaScript on websites has provided attackers with another route to infect computers with malware. Increasingly, legitimate websites are being compromised and made to host malware without the owner's knowledge, making this type of attack very difficult for the user to avoid.
Network Security Focal Points
• Understand how the security architecture ties back to the organization and existing operational processes, and the impact decisions will have on stakeholders. • Understand what is within the scope of the security architecture; as it is not possible to cover all business aspects, it is important to focus and keep scope clear to avoid unnecessary complexity. • Where architecture requirements are transferred between development efforts, understand the rationale behind the original component selection decision to ensure it fits with the current security architecture. • Understand how selected security controls relate to the four factors which should drive architectural decisions
Firewalls Focal Points
• Understand the network connectivity requirements for applications being deployed behind a firewall. • Understand the logging and audit requirements for firewall deployments. • Understand the policies which form the basis for firewall rule implementation. In the absence of documented policy, defining these is the first step to a successful deployment
Physical Security Focal Points
• Understanding, development, and implementation of Physical Security Policies, Processes, and Controls • Understanding of applicable regulatory and industry-specific requirements • Requirements analysis for IAM, PKI, solutions • Disaster Recovery, Business Continuity Planning
Product Threat Models Process Controls
• Vulnerability and Threat Risk Assessment Procedures • Secure Development • Policies and Controls • Internal and External Audits
IoT Related Risks
• Where many IoT devices use embedded systems made with components from multiple manufacturers, the risk applies where no single manufacturer has any incentive, expertise or even ability to patch the software on the embedded system once it has shipped. • A compromised IoT device on a network can give an attacker a foothold within the network to attack other portions of the network and collect sensitive data. • Traditionally, Bring Your Own Device (BYOD) applied to smartphones, but as employees work away from the office and have other connected devices like digital assistants or fitness devices connected to the same network, there are new concerns around data security; if one of those devices is compromised, hackers can move laterally to compromise a connected corporate asset such as a laptop.