BeyondCyber

Unlock the door to digital safety and navigate the complexities of Identity and Access Management (IAM) with our expert guest. Together, we unveil the power of IAM frameworks that keep digital identities secure, manage user accounts and permissions, and enhance security through advanced authentication processes. Get ready to unravel the marvels of Single Sign-On (SSO), a game-changer in user access that consolidates sign-in processes and shields against password threats. And don't miss the critical layers of defense that Multi-factor Authentication (MFA) adds to your security arsenal, ensuring that even if passwords fall, your data stands strong.Step into the exclusive domain of Privileged Access Management (PAM) and discover its essential role in protecting your organization's most sensitive resources. Our conversation goes in-depth, examining the mechanisms of session management and the impact of regular access reviews to maintain tight, relevant permissions. Learn how access management transcends security, becoming a pivotal player in compliance with rigorous industry regulations and standards. Hear firsthand the strategies and tools savvy organizations deploy to make auditing and compliance efforts not just effective, but seamless. Tune in to transform your understanding of cybersecurity and access management into actionable knowledge. Beyond Cyber 101 mentorship into cybersecurity and beyond.

Unlock the secrets of cybersecurity's frontline defense with our latest episode, where we dissect the critical role of access control in guarding against some of the most notorious data breaches shaping our digital era. Step into the world of digital fortification with our cybersecurity expert guests as we scrutinize the infamous collapses of giants like Equifax, Facebook, and Marriott International. Through these cautionary tales, we illuminate the stark consequences of access control failures and reveal the indispensable security practices that could have made a difference.Tune in for a revealing look at the banking sector's battle against cyber threats, spotlighting the chilling Citibank data breach of 2020. Learn how the simple principle of minimum necessary access can be a game-changer in protecting customer data, and why continuous vigilance is non-negotiable in the high-stakes domain of financial security. Our experts provide a playbook on robust authentication methods, shedding light on the proactive steps banks and customers alike must embrace. This episode is an unmissable masterclass for anyone keen on safeguarding their digital assets against the ever-evolving tactics of cyber adversaries. Beyond Cyber 101 mentorship into cybersecurity and beyond.

Are you keen on strengthening your cybersecurity measures? Want to understand the latest changes in the Australian Signals Directorate's Essential 8 maturity model? Prepare for a riveting conversation as we dissect the significant alterations made to the model in November 2023. We kick off with an exploration of the crucial modifications around patching applications and operating systems. Learn how these changes emphasize the need for urgent mitigation of critical vulnerabilities and how the updated guidelines could influence your organization's patching scenarios and vulnerability scanning activities.In the second half of our discussion, we pivot attention to multi-factor authentication (MFA) unveiling why robust authentication methods have become critical in today's digital landscape. We navigate through the revised standards around MFA, especially concerning sensitive customer data and phishing-resistant MFA. Lastly, we decode changes to administrative privileges, including the intro of new governance processes and requirements. Tune in for a comprehensive understanding on the implications of these changes on the most powerful accounts within systems, and the vital role secure admin workstations play in overall cybersecurity. Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Do you ever wonder how you can fortify your organization against the rising tide of cyber threats? This episode is a deep dive into the Essential 8 maturity model, a robust strategy developed by the Australian Signals Directorate, crafted to bulletproof your IT networks. We unpack this enlightening guide and shed light on how it serves as a cornerstone in protecting your digital turf against malicious invaders. Plus, we discuss the necessity of employing a risk-based approach for implementation and the importance of regular monitoring and reviews.But that's not all! The second half of this episode serves to unmask the devious tactics of today's cyber criminals. What you'll discover will both astound and alarm you. We expose their growing sophistication in exploiting system flaws and their cunning use of social engineering tactics to gain unauthorized entry. Moreover, we discuss the devastating consequences they can inflict once inside your systems. So get ready, because it's time to arm yourself with knowledge and bolster your defense against the relentless onslaught of cyber warfare.Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Secure-by-Design” means that technology products are built in a way that reasonably protects against malicious cyber actors successfully gaining access to devices, data, and connected infrastructure. Software manufacturers should perform a risk assessment to identify and enumerate prevalent cyber threats to critical systems, and then include protections in product blueprints that account for the evolving cyber threat landscape.Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default | Cyber.gov.auSupport the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default | Cyber.gov.auTechnology is integrated into nearly every facet of daily life. Internet-facing systems are connected to critical systems that directly impact our economic prosperity, livelihoods, and even health, ranging from personal identity management to medical care. As only one example, cyber breaches have resulted in hospitals cancelling surgeries and diverting patient care globally. Insecure technology and vulnerabilities in critical systems may invite malicious cyber intrusions, leading to serious potential safety[1] risks.Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

FBI Director Christopher Wray announced the Bureau’s new strategy for countering cyber threats in remarks at the National Cybersecurity Summit Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Excellent evidence: Testing a control with a simulated activity designed to confirm it is in place and effective (e.g. attempting to run an application to check application control rulesets).Good evidence: Reviewing the configuration of a system through the system’s interface to determine whether it should enforce an expected policy.Fair evidence: Reviewing a copy of a system’s configuration (e.g. using reports or screenshots) to determine whether it should enforce an expected policy.Poor evidence: A policy or verbal statement of intent (e.g. sighting mention of controls within documentation).guidance on the eight essential mitigation strategies from the Australian Cyber Security Centre (ACSC)’Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Upon concluding assessment activities, assessors will need to determine whether mitigation strategies were implemented effectively or not. This determination requires a combination of judgement and consideration of the following factors:adoption of a risk-based approach to the implementation of mitigation strategiesability to test the mitigation strategies across an accurate representative sample of workstations (including laptops), servers and network deviceslevel of assurance gained from assessment activities and any evidence provided (noting the quality of evidence)any exceptions, including associated compensating controls, and whether they have been accepted by an appropriate authority as part of a formal exception process.Assessors should use the ACSC’s standardised assessment outcomes which are:Effective: The organisation is effectively meeting the control’s objective.Ineffective: The organisation is not adequately meeting the control’s objective.Alternate control: The organisation is effectively meeting the control’s objective through an alternate control.Not assessed: The control has not yet been assessed.Not applicable: The control does not apply to the system or environment.No visibility: The assessor was unable to obtain adequate visibility of a control’s implementation.Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Stages of an assessmentAt a high-level, assessments are comprised of four stages:Stage 1: The assessor plans and prepares for the assessment.Stage 2: The assessor determines the scope and approach for the assessment.Stage 3: The assessor assesses the controls associated with each of the mitigation strategies.Stage 4: The assessor develops the security assessment report.Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Stage 1: Assessment planning and preparationAssessment planningPrior to commencing an assessment, the assessor should conduct assessment planning activities. These activities require the assessor to discuss with the system owner:system classification and assessment scope (see further detail below)access to low and high-privileged user accounts, devices, documentation, personnel, and facilitiesintended assessment approach and any approvals required to run scripts and tools (see further detail below)evidence collection and protection, including any requirements following the conclusion of the assessmentwhere the security assessment report will be developed (e.g. on an assessor’s device or on an alternative device)approach to stakeholder engagement and consultation (including key points of contact)whether any managed service providers or other outsourced providers manage any aspects of the system (including appropriate points of contact)access to any relevant prior security assessment reports for the systemappropriate use, retention and marketing of the security assessment report by both parties.Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Stage 2: Determination of assessment scope and approachDetermine assessment scopeIn determining the assessment scope, assessors should first clarify the target maturity level with the system owner, noting that the Essential Eight is required to be implemented and assessed as a package. For example, if a system owner has not previously had an assessment demonstrating that they have implemented Maturity Level One, they should not begin an assessment against Maturity Level Two until they have done so, and likewise for Maturity Level Two before being assessed against Maturity Level Three.Having identified a suitable target maturity level, the assessor should familiarise themselves with the requirements for that maturity level as it will impact the components or aspects of the system within scope of the assessment. At this time it may also be useful to request an approximate percentage breakdown of the operating systems used on workstations and servers for the system.Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Stage 3: Assessment of controlsThe assessment of each mitigation strategy is performed by reviewing and testing the effectiveness of controls. This section provides guidance on the approach to assessing each mitigation strategy at a given target maturity level, along with relevant assessment considerations. Guidance on determining the effectiveness of the controls within each mitigation strategy is also provided within this section.Assessment guidance for maturity levels in this section is cumulative. For example, the guidance provided in the Maturity Level Two section is focused on unique requirements above those of Maturity Level One. Likewise, the guidance provided in the Maturity Level Three section is focused on unique requirements above those of Maturity Level Two. This aligns with the manner in which assessments should be conducted against target maturity levels.Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

The focus of this maturity level is adversaries who are content to simply leverage commodity tradecraft that is widely available to gain access to, and control of, a system. For example, adversaries opportunistically using a publicly-available exploit for a security vulnerability in an unpatched internet-facing service, or authenticating to an internet-facing service using credentials that were stolen, reused, brute forced or guessed.The Essential EightSupport the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Patch applicationsContextMost vendors of internet-facing services regularly release updated versions of their applications to fix security vulnerabilities. Applications that exist on a system can be compared to the latest versions available from the vendor to determine whether existing versions are the latest, and if not, how long-ago updates were made available by the vendor, based on release dates and patch notesSupport the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Configure Microsoft Office macro settingsContextAll users should be denied the ability to execute Microsoft Office macros by default unless they have a specific business requirement. If certain users are required to run Microsoft Office macros, they should be restricted to only the specific applications required (rather than all Microsoft Office applications). In addition, a record of their business requirement and associated approvals should be kept. This record should align with the list of users within the Active Directory group that have permission to run Microsoft Office macros. Note, once a business requirement can no longer be demonstrated by a user, permission to run Microsoft Office macros should be revokedSupport the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Restrict administrative privilegesContextPolicies, processes and procedures for managing privileged access to systems should be documented and enforced within organisational workflows. In doing so, privileged access to systems and applications should be requested via a form, service desk ticket or email from users, and require approval from a supervisor or application owner, to maintain a record of all such requests. System owners should also maintain a list of all applications on their system that require privileged access.Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Adversaries are known to indiscriminately use ‘malvertising’ in their attempts to compromise systems. Blocking web advertisements using web browser add-ins or extensions, or via web content filtering, can prevent the compromise of a system.Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

ContextOperating system vendors regularly publish updates to address security vulnerabilities. In addition, unsupported and out-of-date operating systems of internet-facing workstations and servers are a common target for adversaries.Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.

Regular backupsContextBackup and retention frequencies should be defined by the system owner in accordance with their organisation’s business continuity and disaster recovery requirements. In doing so, it is important that restoration of systems and data from backups be tested as part of regular (at least annual) disaster recovery exercises and not left to after the first major security incident is experienced.Support the showBeyond Cyber 101 mentorship into cybersecurity and beyond.