Cybersecurity Umbrella

1. Identifying Key Assets

The initial and critical phase in the cybersecurity lifecycle involves identifying the elements that require protection. This encompasses comprehending networks, protocols, topography, assets, and servers, and obtaining comprehensive information about them preemptively. It is essential for organizations to amass data pertaining to their operating systems, applications, network drives, hostnames, IP addresses, and tools. This can be achieved through engaging in discussions, conducting interviews, and participating in forums involving different teams.

What type of information is to be protected?
At what location is the information?
Which information is crucial for the organization?
What is the Operating environment and system considered for customers?
How many routers, servers, and firewalls does the system have?

2. Protection of Data

Once the network securities and vulnerabilities have been identified, the next phase in the cybersecurity lifecycle is to protect the system. This phase, known as the "MITIGATE" phase, focuses on reducing the identified risks. It involves aligning the system with company policies and rules, as well as building awareness among the team about various industry techniques. This can be accomplished through a series of training sessions.

Access control – Understanding access levels and permissions.
Data Security – Protecting valuable data.
Information Protection and procedures– Establishing guidelines for sensitive information.
Maintenance – Regular checks to maintain specific conditions.
Protective Technology – Using advanced technologies for system protection.

3. Detection of Threats

System monitoring: – Identifying attack signatures and assessing activities within the system.
Malicious activity detection: – Differentiating between normal and harmful behaviors.
Intrusion Detection System (IDS): – Detecting and monitoring intrusions within the system.
Internal attack surveillance: – Close monitoring of attacks originating from within the system.
Anomalies and events: – Identifying anomalies at the perimeter level is the primary job of all boundary level solutions if that fails the entire network is a playground for attackers.
Security continuous monitoring: – The solution should have real-time threat monitoring capability.
Detection process: – The detection process of finding anomalies or threats should be very quick and it should correlate all threats back to an entity so SOC analysts can add anomalies into their threat library.

4. Respond Attacks

Timely response: – Swift action to mitigate the impact of attacks.
Policies and guidelines: – Pre-established protocols for timely action.
Risk prioritization: – Identifying and addressing risks based on their severity.
Computer Security Incident Response Team (CSIRT): – Coordinating and managing activities related to incident response and documentation.

5. Incident Recover

Incident recovery- Restoring the company's compromised state.
Cybersecurity lifecycle- Following a systematic approach to protect the business.
Disaster prevention- Safeguarding the business from potential disasters.
Documentation- Recording and analyzing vulnerabilities for future improvement.
Continuous improvement- Iterative process for enhancing cybersecurity.
Lessons learned- Using past experiences to address weaknesses.
Team collaboration- Working together with a shared understanding.
Execution plan- Implementing strategies based on underlying motives.

Forensic Investigation

1. Identifying Key Assets

What type of information is to be protected?

At what location is the information?

Which information is crucial for the organization?

What is the Operating environment and system considered for customers?

How many routers, servers, and firewalls does the system have?

2. Protection of Data

Access control – Understanding access levels and permissions.

Data Security – Protecting valuable data.

Information Protection and procedures– Establishing guidelines for sensitive information.

Maintenance – Regular checks to maintain specific conditions.

Protective Technology – Using advanced technologies for system protection.

3. Detection of Threats

System monitoring: – Identifying attack signatures and assessing activities within the system.

Malicious activity detection: – Differentiating between normal and harmful behaviors.

Intrusion Detection System (IDS): – Detecting and monitoring intrusions within the system.

Internal attack surveillance: – Close monitoring of attacks originating from within the system.

Anomalies and events: – Identifying anomalies at the perimeter level is the primary job of all boundary level solutions if that fails the entire network is a playground for attackers.

Security continuous monitoring: – The solution should have real-time threat monitoring capability.

Detection process: – The detection process of finding anomalies or threats should be very quick and it should correlate all threats back to an entity so SOC analysts can add anomalies into their threat library.

4. Respond Attacks

Timely response: – Swift action to mitigate the impact of attacks.

Policies and guidelines: – Pre-established protocols for timely action.

Risk prioritization: – Identifying and addressing risks based on their severity.

Computer Security Incident Response Team (CSIRT): – Coordinating and managing activities related to incident response and documentation.

5. Incident Recover

Incident recovery- Restoring the company's compromised state.

Cybersecurity lifecycle- Following a systematic approach to protect the business.

Disaster prevention- Safeguarding the business from potential disasters.

Documentation- Recording and analyzing vulnerabilities for future improvement.

Continuous improvement- Iterative process for enhancing cybersecurity.

Lessons learned- Using past experiences to address weaknesses.

Team collaboration- Working together with a shared understanding.

Execution plan- Implementing strategies based on underlying motives.