BreachExchange mailing list archives
Shore Up Cyber Security Now
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 30 Jul 2014 18:49:24 -0600
http://www.wallstreetandtech.com/security/shore-up-cyber-security-now/a/d-id/1297643 The evolving cyberthreat landscape and increased regulatory scrutiny have created tremendous pressure for asset management firms as they race to shore up their IT security. In response to the recent Securities and Exchange Commission alert declaring an initiative to assess cyber security preparedness in the securities industry, Gravitas developed a whitepaper to provide asset management companies with a layered cybersecurity strategy, including a six-point framework for addressing a range of threats head on. The framework is constructed to assess a firm's cyber security awareness, preparedness, and resilience to operational threats and regulatory compliance requirements. The following highlights the six-point action plan to help firms generate procedures and add required technologies to protect themselves better. 1. Physical security This means protecting the hardware, networks, and data from a material breach and/or events that could cause catastrophic loss or damage. Physical security is often overlooked in favor of more technology-driven protection. Co-location facilities offer sophisticated on-site security (cameras and biometrics systems) that prevents unauthorized access and 24x7 backup systems that ensure zero downtime and minimal disruption in operations due to power failure. All hardware devices -- old and new -- should be actively managed so that only authorized devices are given access. 2. Network security Attacks against organizations can take the form of phishing attacks, emails with viruses, websites containing malicious code, and other end-user focused threats. The attacks often provide hackers with privileged access to secured systems on behalf of a trusted user/system. Comprehensive network security must be equipped with firewalls and intrusion detection/prevention systems. Newer firewall technologies provide web content and filtering defense against web-born malware. Switches and routers must be configured with their security features enabled. Proper network segmentation isolates network traffic between backend infrastructure and user endpoints. 3. Malware defense The malware layer is defined by controlling the download or the spread and execution of malicious code at multiple areas across a firm's infrastructure. The point of entry can vary, but email attachments, websites, and removable media are popular examples. Malware defenses must be robust enough to provide continuous updating and validation to prevent an attack from spreading. They must also be deployed across all potential entry points to stop the flow or govern the execution of malicious software. Laptops, workstations, and servers should also be configured so they will not auto-execute content from removable media (thumb drives, external drives, or CD/DVDs). 4. Access control and password management Managing administrative permissions is a primary method for attackers to penetrate an environment. Access control management is the most significant challenge with this basic, built-in security mechanism that can rapidly fall out of sync with business changes so that it no longer reflects an organization's appropriate level of access. Limit the number of administrative accounts, and grant access to the accounts only on an as-needed basis. Configure all automated passwords to be complex with a retention period of no longer than 90 days. Applications can be used to monitor user permissions on all administrative accounts and validate their privileges. 5. Data protection monitoring systems Once an organization has established business critical access for its data, the biggest challenge will be to keep access aligned with business requirements and an ever-growing file system. Access rights to file data are constantly in flux due to changing job roles and responsibilities and the addition of data and projects requiring user collaboration. Moreover, rights changes are very often made by the IT help desk, because most financial firms don't have a dedicated IT security administrator. By establishing security policies within a file activity monitoring solution, IT staff can receive real-time information about permission changes to sensitive business data through simple web-based query tools. In addition, file audit logs can be retained for long periods of time. 6. Cyberincident response plan This plan protects the firm's critical data and reputation by implementing a set of processes and procedures to discover, acknowledge, compartmentalize, neutralize, and eradicate the attack from the environment rapidly. A cyberincident response plan should be coupled with a business continuity plan when a malicious incident has resulted in data loss, sustained system outage, or a potentially catastrophic site failure. The reactive steps taken with a potential attack are detection, compartmentalization/containment, remediation, and recovery and restoration. A comprehensive postmortem should be conducted after a firm is back to a steady state after recovery. By using a six-layered approach to cyber security, asset management companies build their resilience to operational threats and regulatory compliance requirements, thus decreasing the chances of being compromised by cyberattacks.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Shore Up Cyber Security Now Audrey McNeil (Jul 31)