Stephen Santee, consultant for Invensys Critical Infrastructure & Security Practice, discusses multiple defense mechanisms that can be implemented to prevent or detect cyber attacks.
Cyber security defense in-depth is a concept of protecting digital assets from cyber attacks by placing multiple defensive mechanisms in a series to prevent or detect a cyber attack. Common defense in-depth practices include using multiple brands of firewalls to protect network layers. This example deals with vulnerabilities within a certain brand or type of firewall. If the first firewall, brand X, has a vendor-specific vulnerability, then the second firewall, brand Y, should not contain the same vulnerability. But what if the attack originates on the inside of the network? What if a mobile media device such as a flash drive is used to launch an attack knowingly or unknowingly?
The Nuclear Regulatory Commission (NRC) recognizes the need for defense in-depth as it pertains to mobile media. Part of NRC Regulations Title 10, Code of Federal Regulations (CFR) 73.54 is to address mobile media. As this type of attack has become more prevalent in recent years with malware launching from flash drives behind defensive layers, multiple defensive mechanisms should be put in place to prevent or detect these types of attacks. Let us look at the multiple defense mechanisms that can be put place:
Policies and Procedures
Training
Scanning
Whitelisting
These types of defensive mechanisms can prevent or detect a cyber attack from a mobile media device, and it is important to implement both administrative and technical controls to have the most robust defense. However, even with multiple types of controls implemented, the most important part of these defensive mechanisms is user compliance. Without user compliance, most types of defensive mechanisms will fail.
Dell Tablet Giveaway
During the month of May, there will be 2 blog entries a week that contain a link to a survey related to that post. The rules are simple. To qualify, you must take the survey and leave a comment saying you completed the survey. The more blogs you read, the more surveys you take, the greater your chances of winning. The winner will be announced on the blog May 31, so please remember to check back!
I attempted to take the survey. I assume since I took the survey on another blog post that Survey Monkey is not presenting it to me again, instead I just see a page that thanks me for taking the survey.
ReplyDeleteThanks Brent, that should be fixed now.
ReplyDelete