9/2/19

Wanted to discuss a little bit of the boring side of cybersecurity, the administrative or high-level view. It’s a perspective that is often forgotten but shouldn’t be since it does compartmentalize the administrative, technical, and physical controls in a way that is still a security control.

Lets go over categories of cybersecurity controls, such as the following examples:

Preventative: Security awareness, UTM firewalls, DMZ, vLAN segmentation, routing maps, routing table authentication, port security, encryption (at rest, in motion), EFS, IPSec (Transport and Tunnel Mode), AES, VPN, SSL/TLS, locked doors, walls, watch dogs, strong password policies, two-factor authentication, and least privilege used with AD Users and Security Groups…

Detective: SIEM, HIDS, NIDS, WIDS, auditing, antivirus, and cameras…

Corrective: fault tolerance thru RAID, NIPS, HIPS, WIPS, IDPS, and Patching…

Compensating: virtual machine fault tolerance, UPS,  and generators…

Recovery: virtual machine high availability, redundancy, off-site backup, 3-2-1 backups, and hot sites…

I would say that the one criteria that should be important is the detective, cause even if  everything else fails you would want to at-least have some for the “lessons-learned after action” than to have not at all and be caught with your pants down.

As you can see, while technical controls do make up a large portion of Enterprise Cybersecurity, but they also require administrative and physical controls. All parties involved in an organization are required and not every company is the same too. Example a doctors office won’t have the same categories for control as say corrugation box factory; they may have similar measures but not always the same.

This is why Enterprise Security used by one company can’t be used as templates used by another company and hope they will work the same.