Maintaining Objectives in Cybersecurity

In Lecture 5, the focus shifts to the continuous maintenance of an Information Security Management System (ISMS). This lecture discusses the importance of ongoing monitoring and adaptation to ensure that security measures remain effective against evolving threats. Below is a detailed breakdown of the key points discussed, along with references to relevant books for further reading.

Key Concepts

1. Importance of Continuous Security Monitoring:

• Ongoing Process: Cybersecurity requires continuous monitoring and updating to remain effective.
• ISMS Maintenance: An ISMS encompasses all systems and processes for maintaining cybersecurity, which must be continuously monitored to prevent decline in effectiveness.

2. Types of Monitoring:

• Real-time Monitoring: Detecting security incidents as they occur.
• After-the-event Monitoring: Analyzing events post-incident to identify and address security issues.

3. Real-time Monitoring:

• Intrusion Detection Systems (IDS): Monitor network or system activity to detect possible intrusions using methods like fixed rules or machine learning.
• Security Information and Event Management (SIEM) Systems: Combine results from multiple monitoring systems to detect likely security breaches and generate alarms.
• Manual Incident Reporting Systems: Allow users to report suspicious events, which are then processed by an expert team.

4. Balancing Sensitivity in Monitoring Systems:

• Sensitivity Balance: Important to avoid missing genuine incidents or generating too many false positives.
• Example: Banks monitoring transactions and contacting customers about suspicious activity.

5. After-the-event Monitoring:

• Audits: Checks made to verify the correctness or efficiency of systems or processes, which can be internal or external.
• Penetration Testing (Pen Testing): Experts attempt to breach a system using methods employed by hostile groups to identify vulnerabilities.

6. Addressing Issues Detected:

• Incident Response Team (IRT): Issues detected through monitoring are addressed by a dedicated IRT.
• Incident Handling: The IRT manages incidents, informs stakeholders, and sets steps to fix security weaknesses and repair damage.

7. Learning from Monitoring:

• Continuous Improvement: Organizations should learn from monitoring activities, updating risk registers, risk assessments, and security controls based on the findings.
• Adaptation: Changes in the organization’s circumstances, like mergers or shifts to cloud services, may necessitate a new risk assessment.

8. ISMS is Never Finished:

• Ongoing Evolution: Maintaining an ISMS is an ongoing process because threat actors continually evolve their methods of attack.

Book References for Further Reading

1. “Information Security Management Principles” by Andy Taylor, David Alexander, Amanda Finch, and David Sutton:
   • Provides a comprehensive overview of information security management principles, including continuous monitoring and the maintenance of ISMS.
2. “Security Information and Event Management (SIEM) Implementation” by David Miller, Shon Harris, Allen Harper, Stephen VanDyke, and Chris Blask:
   • Focuses on the implementation and use of SIEM systems for real-time monitoring and security event management.
3. “Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats” by Bill Gardner and Valerie Thomas:
   • Discusses the importance of security awareness programs and how continuous education can help in maintaining cybersecurity objectives.
4. “Network Security Monitoring: Detecting Intrusions and Anomalies” by Richard Bejtlich:
   • Offers insights into network security monitoring techniques and tools, including IDS and SIEM systems.
5. “IT Security Risk Control Management: An Audit Preparation Plan” by Raymond Pompon:
   • Provides practical guidance on preparing for security audits and implementing effective risk control measures.
6. “The CISSP and CAP Prep Guide: Platinum Edition” by Ronald L. Krutz and Russell Dean Vines:
   • A comprehensive guide covering various aspects of information security management, including monitoring and maintaining security controls.

Summary

Lecture 5 emphasizes the importance of maintaining an ISMS through continuous monitoring and adaptation. Real-time and after-the-event monitoring are crucial for detecting and responding to security incidents. Balancing the sensitivity of monitoring systems is essential to avoid false positives while ensuring genuine threats are not missed. Organizations must address issues detected through monitoring and learn from these activities to update their risk assessments and security controls. The recommended books provide further insights into the principles and practices of maintaining information security, offering valuable resources for deepening your understanding of ISMS and cybersecurity maintenance.