PROTECT YOURSELF AT ALL TIMES…
(even when online!)

We live in a new age and now have a new front to have situational awareness of as well as defend ourselves and loved ones from. My primary job is working as an Information Security Engineer. Often times I find myself wondering if I could correlate Cyber Security with Self-Defense / Personal Security.  This will be my attempt at the correlation.

Cyber Security has a couple of strategies that are similar in nature called Defense In Depth, Layered Defense which is all about layering your defense so that if  something makes it past one layer the next layer is able to detect or prevent the  intrusion to the attempt to penetrate, infiltrate and cause a disruption or remain hidden and exfiltrate data.  If you would like to read more then here is a nice article that briefly discusses the strategies.
http://www.techrepublic.com/blog/it-security/understanding-layered-security-and-defense-in-depth/

We also have the Critical Security Controls created by the Center for Internet Security that work along side of the Defense In Depth / Layered Security strategies which finally gets me to what Ive been wanting to actually talk about but first lets take a look at this list.

CSC 1: Inventory of Authorized and Unauthorized Devices
CSC 2: Inventory of Authorized and Unauthorized Software
CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
CSC 4: Continuous Vulnerability Assessment and Remediation
CSC 5: Controlled Use of Administrative Privileges
CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs
CSC 7: Email and Web Browser Protections
CSC 8: Malware Defenses
CSC 9: Limitation and Control of Network Ports, Protocols, and Services
CSC 10: Data Recovery Capability
CSC 11: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
CSC 12: Boundary Defense
CSC 13: Data Protection
CSC 14: Controlled Access Based on the Need to Know
CSC 15: Wireless Access Control
CSC 16: Account Monitoring and Control
CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps
CSC 18: Application Software Security
CSC 19: Incident Response and Management
CSC 20: Penetration Tests and Red Team Exercises

Wow… thats a lot to take in, can some of it even be correlated? I would love to hear your opinion.  The next article will take a look at the first two controls:
CSC 1: Inventory of Authorized and Unauthorized Devices
CSC 2: Inventory of Authorized and Unauthorized Software

Can they be correlated to the individual? What about beyond the individual?

Leave a Reply

Your email address will not be published. Required fields are marked *