[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Threat Intelligence within the Risk Management Process<\/p>\n
This is the second post in a series exploring the relationship of threat intelligence and risk management. If you missed the previous one, wherein I briefly explained why these two should \u201cswipe right\u201d and get together, read that first. If you\u2019re wondering what qualifies me to pontificate about managing risk, don\u2019t worry; it\u2019s on my resume. With the introductions out of the way, conditions are perfect to get down to business, and we\u2019re going to kick it off by examining how threat intelligence fits within the risk management process.<\/p>\n
NIST Special Publication 800-39 was developed to \u201cprovide guidance for an integrated, organization-wide program for managing information security risk to organizational operations, organizational assets, individuals, other organizations, and the Nation resulting from the operation and use of federal information systems.\u201d Note that it\u2019s a program for managing risk, not a specific process. Furthermore, NIST SP 800-39 isn\u2019t an island to itself; SP 800-37 and 800-30 offer supporting guidance on applying the risk management framework in an ongoing process.<\/p>\n
To be clear, SP 800-37 does make mention of threat information; it\u2019s just buried in the details. Intelligence isn\u2019t referenced in the document except in relation to the framework being used within the intelligence community. The word \u201cthreat\u201d isn\u2019t used at all in the guidance for categorizing information systems, but I\u2019ll go ahead and make the recommendation that you should hook intel ops into this step if you\u2019re using SP 800-37. Your categorization of the system will be more effective if you conduct it in light of what you know about adversaries that might try to exploit it. Inviting intelligence ops to the party early will also help during the next few steps, where the concept of threat knowledge is actually mentioned. That basically boils down to selecting, implementing, tracking, and updating controls based on the current knowledge of the threat environment that only an intelligence capability (whether internal or external) can provide. I\u2019m in full agreement there.<\/p>\n
ISO\/IEC 27005 \u201cprovides guidelines for information security risk management in an organization, supporting in particular the requirements of an information security management system according to ISO\/IEC 27001.\u201d I prefer ISO 27005 to NIST 800-39 from a pure presentation\/organization perspective, but that\u2019s probably just because I have more practical experience working with it. Both processes are very helpful and actually share many similarities once you learn the basic lingo of each.<\/p>\n
Risk assessment is a sub-component of the overall risk management process. NIST 800-39 and ISO 27005 both include it and emphasize its importance. There are quite a few points of contact between threat intelligence and risk assessment \u2013 so much so, in fact, that I think it deserves separate treatment. We\u2019ll pick this up in the next post to make sure we give it due justice. Until then, I wish you all well on your journey toward intelligence-driven risk management.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e01cbb50fe&e=20056c7556<\/p>\n
Webinar Recap: Using Open Source Threat Intelligence to Enhance Physical Security<\/p>\n
The first step in evaluating the value and applicability of threat intelligence stems from defining your priorities and assessing your risk profile in different areas. For example, energy producers may have significant concerns around assets and employees in far-flung locations, whereas a hedge fund might be primarily focused on the physical safety of a few key individuals and their families. Understanding your priorities, and allocating resources correctly, is a key first step to understanding where and how to best apply open source threat intelligence.<\/p>\n
Once you\u2019ve determined your organization\u2019s needs and which sources are best for intelligence gathering, it\u2019s time to put that information to work. Here are some best practices for implementing threat intelligence to enhance your physical security program:<\/p>\n
1. Assess online exposure<\/p>\n
2. Claim online real estate<\/p>\n
3. Expunge personal data<\/p>\n
4. Limit sharing<\/p>\n
5. Educate executives and their families<\/p>\n
6. Visualize the data<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dfae45df0b&e=20056c7556<\/p>\n
Adobe issues urgent Flash patch to prevent hacking attacks<\/p>\n
The bug, which affects how Flash Player plays video files, lets an attacker use a carefully made video file to seize control of a user\u2019s computer. It was made public last week by security research firm Fireeye, who discovered the flaw and reported it to Adobe. The publisher has now made a patch available, which can be downloaded using the auto-updater included with Flash.<\/p>\n
Installing the latest version of Adobe Flash will leave the system secure once again.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f63e34356c&e=20056c7556<\/p>\n
Europol and Barclays Shake Hands on Cybercrime Fighting Agreement<\/p>\n
Europol is making some serious moves in its efforts to fight cybercrime as efficiently as possible, and apart from sealing partnerships with security companies, the agency has started collaboration with Barclays financial institution.<\/p>\n
On Monday, Europol announced that its European Cybercrime Center (EC3) signed a Memorandum of Understanding (MoU) with the company, thus taking a first formal step towards possible tighter cooperation in the future.<\/p>\n
Troels Oerting, former head of the EC3, now CISO (Chief Information Security Officer) at Barclays Group, said that technological developments cause financial services to go through numerous changes that open the door for both opportunities and challenges.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=59d9ba9a5f&e=20056c7556<\/p>\n
Using Actionable Intelligence to Prevent Future Attacks<\/p>\n
Traditional approaches to security are typically \u201cspray-and-pray\u201d: they provide controls that block known bad activity, usually with limited follow-up or additional investigation after a breach.<\/p>\n
More sophisticated organizations are deploying technologies such as sandboxing that can detect and block unknown attacks which haven\u2019t been seen before. In the moments after a breach, security teams will often focus on the event itself, but not draw additional insight from the attack, or analyze the events surrounding it.<\/p>\n
These approaches can miss a fundamental truth of advanced attacks: they are not \u201cpoint-in-time\u201d activities, but sets of events that could occur over weeks, or potentially months or years. Advanced attackers will conduct a wide range of activity, such as in-depth recognizance, initial probes, small-scale infections to deliver second- or third-stage malware, and much more. The breach itself is the culmination of a continuous set of activities conducted over an extended period of time. Each and every step in this process, often referred to as the cyber attack lifecycle, represents another chance to detect and prevent the adversary.<\/p>\n
The good thing is you are not alone in this battle. There are a variety of public sources, information sharing organizations, vendor research releases, and analytics services to help boot-strap your adversary intelligence. The more information you gain and the better you get at analyzing it, the more you can craft your security policy to prevent the specific adversaries that are likely to go after your organizations. When a breach occurs, take it as an opportunity to step back and examine the wider context of who is attempting to breach your network and what you can do to prevent it in the future.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e922db5e86&e=20056c7556<\/p>\n
Network And Information Security: Breakthrough In Talks With European Parliament<\/p>\n
On 29 June 2015, the Latvian presidency of the Council reached an understanding with the European Parliament on the main principles to be included in the draft directive on network and information security (NIS). These principles will then need to be turned into legal provisions to allow for a final deal on the directive at a later stage. The presidency will present the outcome of this fourth trilogue to member states’ ambassadors at the meeting of the Permanent Representatives Committee on 30 June.<\/p>\n
The new rules will require designated operators that provide essential services (in areas such as energy and transport) to take measures to manage risks to their networks and report incidents to authorities. Member states will identify such essential operators to be covered by the directive, based on clear criteria laid down in the text. Particular provisions will be introduced to avoid fragmentation in the identification of operators across member states. However, these are not to undermine member states’ prerogatives or security concerns.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=66452229df&e=20056c7556<\/p>\n
Boston Police Deploy Intergraph\u00ae Records Management System<\/p>\n
HUNTSVILLE, Ala., June 29, 2015 \/PRNewswire\/ — Boston Police Department has deployed an enterprise information management system from Intergraph\u00ae for all police report and crime data. The new system, featuring Intergraph’s inPURSUIT software, went live recently following a major, four-year project to plan, stage, configure and deploy the department’s first enterprise records management system.<\/p>\n
The Intergraph solution replaces a 40-year-old, home-grown documentation system, providing police with an integrated, state-of-the-art technology for case management and reporting. Among the important capabilities enabled by the new inPURSUIT RMS system are master indices that tie individuals to multiple types of information, such as cases and addresses, providing police with more complete information regarding individuals under criminal investigation.<\/p>\n
The integrated solution also includes Intergraph’s inPURSUIT Field Based Reporting (FBR), which allows officers to more efficiently capture report information and notes through an easy-to-use field application. The Intergraph software eliminates the need for pen-and-paper note taking and redundant data entry.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=703155d388&e=20056c7556<\/p>\n
How to Determine Your Company’s Cyber-Exposure Profile [Slideshow]<\/p>\n
The 2015 business environment requires enterprises to build and sustain an online presence for its customers, potential customers and partners. However, as each new Website, service or blog comes online, there opens a new potential attack surface for criminals. When cyber-thieves focus on your company\u2014and it’s sure to happen at some point\u2014what will they learn through your online presence? To be able to look at itself from the outside in, like a skilled adversary, an enterprise should build and maintain a thorough cyber-exposure profile. A well-designed profile provides the visibility needed to help organizations prioritize their most serious issues, remediate problematic infrastructure and protect their reputations. Development of this profile is important because it identifies an organization’s critical-resource exposure and potential attack vectors; it also prioritizes the level of risk associated with each. This eWEEK slide show discusses how to create a cyber-exposure
\nprofile and anticipate risks before they become huge problems.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6da7119b7b&e=20056c7556<\/p>\n
US veterans agency in cyber counterattack<\/p>\n
With the help of a new Department of Homeland Security system that blocks certain hacks, the VA has seen the number of attempts to install malware on its computer systems cut down by half to 574.7m in May. The number of intrusion attempts stabilised to about 336.5m incidents, said Mr Warren. The VA provides services and benefits to military veterans.<\/p>\n
As the software system is rolled out across government departments, it could help other agencies combat cyber threats more effectively as attacks against the US grow in number and sophistication. The severity of the attacks is becoming worse, as highlighted by a recent breach at the Office of Personnel Management that has been blamed on China.<\/p>\n
The VA was one of the first civilian government agencies to obtain the latest version of Einstein, the DHS cyber protection system. The DHS has accelerated deployment of Einstein, which is now used at 15 agencies that make up about 45 per cent of the civilian government.<\/p>\n
Einstein is a signature-based system so it can only block attacks that it already knows about. The DHS is working on another version of Einstein that would be able to block intrusions that have not previously been encountered.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d29a1bc0a5&e=20056c7556<\/p>\n
MIT invents automatic security vulnerability fix by borrowing code from other software<\/p>\n
The CodePhage system is able to detect dangerous bugs in software, and then repair it by importing security checks from software with similar specifications, even if the software is written in a completely different programming language.<\/p>\n
Even better, the system doesn’t need to access the source code of other programs in order to borrow functionality so it can fix the bugs, so all source code is kept safe.<\/p>\n
CodePhage works by taking two types of input, one that caused the program to crash, and one that works just fine, and then seeing how the donor program it is borrowing code from responds to the input.<\/p>\n
The system analyses how the donor program deals with the input that works fine \u2013 if the program has been written in a secure way, it will perform various checks, such as seeing how big the size of input is.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=409fac944b&e=20056c7556<\/p>\n
Apple Patches Dozens of Flaws in iOS 8.4, OS X 10.10.4<\/p>\n
Version 8.4 of iOS contains fixes for more than 30 security vulnerabilities, including bugs in the iOS kernel, WebKit, and CoreText. Apple also patched the vulnerability that leads to the Logjam attack, an issue with servers that support weak Diffie-Hellman cryptography. To fix that issue in iOS, Apple released a patch for the coreTLS component of the operating system.<\/p>\n
As for OS X, Apple patched many of the same bugs that were present in iOS, along with dozens of others, for a total of more than 75 flaws in all. OS X 10.10.4 includes patches for several buffer overflow vulnerabilities in the Intel graphics driver, some of which could lead to code execution. Apple also fixed a number of memory corruption bugs in QuickTime that could be used for code execution.<\/p>\n
In both iOS and OS X Apple updated the certificate trust policy to address the CNNIC certificate issue, among other problems.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b2b5f02043&e=20056c7556<\/p>\n
Watch Hackers Exploit A Common Crypto Cock-Up In GoPro That Leaves All User Data Vulnerable<\/p>\n
FORBES was contacted by Pentest Partners late last week when the firm claimed it had uncovered a problem in GoPro Studio, the playback and editing tool available to GoPro\u2019s millions of users. Ken Munro, a partner at the ethical hacking firm, said he\u2019d poked around the update mechanism for the desktop tool when an alert asked him to download the latest version of the kit, 2.5.5.<\/p>\n
He found that after launching GoPro Studio made requests out to the web asking for the update over an unencrypted HTTP connection, allowing an outsider sitting on the same network, such as the same public Wi-Fi, to serve a response promising a higher version, even if one wasn\u2019t available. This would be recognized by the software, which would then offer the user the chance to download a new version. As the updates served by GoPro are also delivered over unencrypted traffic, an attacker could serve a fake download to launch malicious code on the victim\u2019s PC.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c25c0df934&e=20056c7556<\/p>\n
Mining executives wary when doing business with China due to increasing cyber security risk<\/p>\n
Australian mining companies say they are becoming increasingly aware of hackers trying to gain access to their sensitive information, with some executives now taking extra precautions when doing business in China.<\/p>\n
A report by Ernst & Young (E&Y) on the biggest risks faced by miners has, for the first time, listed cyber security as one of the top concerns facing the industry.<\/p>\n
But an E&Y study carried out last year found 65 per cent of mining companies had experienced an increase in cyber threats over a 12-month period.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d99108c769&e=20056c7556<\/p>\n
Researchers expose Dino, espionage malware with a French connection<\/p>\n
Security researchers at ESET in Bratislava, Slovakia have published an analysis of another apparently state-sponsored cyber-espionage tool used to target computers in Iran\u2014and potentially elsewhere. The malware, also recently mentioned by Kaspersky researchers, was named “Dino” by its developers and has been described as a “full featured espionage platform.” And this advanced persistent threat malware, according to researchers, might as well come with a “fabriqu\u00e9 en France” stamp on it.<\/p>\n
Based on analysis of Dino’s code from a sample that infected systems in Iran in 2013, “We believe this malicious software has been developed by the Animal Farm espionage group, who also created the infamous Casper, Bunny and Babar malware,” ESET’s Joan Calvet wrote in a blog post today. The Casper malware was part of a large-scale attack on Syrian computers last fall. “Dino contains interesting technical features, and also a few hints that the developers are French speaking,” Calvet noted.<\/p>\n
While Dino and its cohorts don’t offer direct evidence of cyber-espionage by a specific French intelligence organization, they do suggest that France’s government is attempting to play on the same stage as the NSA and its “Five Eyes” counterparts in the United Kingdom, Australia, Canada, and New Zealand.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c63965ad28&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage2.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=923a62f069)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Threat Intelligence within the Risk Management Process This is the second post in a series exploring the relationship of threat intelligence and risk management. If you missed the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1106","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1106","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1106"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1106\/revisions"}],"predecessor-version":[{"id":3593,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1106\/revisions\/3593"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1106"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1106"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1106"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}