Generally speaking, an abstraction of our cyber intelligence model being instantiated when users boot up a device.
Cyber threat modeling, the creation of a system abstraction to identify possible threats.
OS logging-in produce, among few other things, an authentication and authorization. Starting up application frames information exposure; sharing data is in essence reflection of shared security cryptography anticipated in accordance with one of the cryptographic schemes. Files are saved with real time processing crypto-algorithms, networking supervised by one of the Certificate Authorities etc. But, there is more of the work to do than that. User activity itself present vulnerability.
Vulnerability is a weakness in design, implementation, operation, or internal control.
In accordance to National Cyber security FFRDC, operated by Mitre Corporation, The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information security vulnerabilities and exposures. CVE is a dictionary. It alleviates data share across networks, and provides a baseline for evaluating the coverage of entities’ security tools.
As it appears on practice, there are established intelligence and behavioral security models. Computer user might want to consider to pick and choose one or few of them, then custom tailor personal circumstances.
Out of well known threats, there are backdoor, denial-of-service, direct-access, eavesdropping, multi-vector/polymorphic, phishing, privilege escalation, social engineering, spoofing, tampering.
Then, there is another thing to consider, systemic risks. Ever growing number of computers and increased reliance upon them by individuals, business, industries, and governmental entities pose a risk. For example, financial systems have been regulated by institutions like SWIFT, investments banks, Security and Exchange Commission are hacking targets of criminals interested in manipulating markets and seeking illicit gains. When web-application accept credit card data, personal information, and commit transaction, this creates vulnerability feature.
Behavioral security model takes into account bad actors motivations. Same as physical security, beaches of computer security vary between attackers. Some are thrill-seekers or vandals, others are activists of illicit gain. Then, there are state-sponsored, who nowadays common and well-resourced.
Intelligence security model has to be based on cyber threat modeling. Exemplar approaches frequently considered on practice are STRIDE, Security Card, and Persona non Grata.
STRIDE represent state of the practice, developed at Microsoft and partially adopted by Ford Motor Company, presents successive decomposition of w/r/t system components. STRIDE is an acronym to spoofing identity, tampering with data, repudiation, information disclosure, denial of service, elevation of privilege.
Security Cards inject more creativity and brainstorming, move away from check list, has been developed at University of Washington, physical resources of the security cards facilitate brainstorming across several dimensions of threats, include reasoning of malevolent intent. This model would fit in scenarios where a user values a wider spectrum of results over consistent result.
Persona-non-Grata (PnG) make problem more tractable giving a specific focus on malicious actor motivations, abilities, resources, and its identity. Once attackers are modeled, process moves on to targets, and likely attack mechanism. This security model provisions fewer false positives, but also downgrade comprehensive view of potential threats. PnG modeling tends to consistently produce only a subset of threat types, that is a drawback generally speaking.
Widely popular intelligence security model is also Sign-in Authentication and Verification. This relates to everyone who routinely consuming company services and electronic banking: first, user gets authenticated, then authorized for service, and privacy ensured. Multi Factor Authentication as a Sign-In Authentication security model is a process where the user is prompted during the session for an additional form of identification, such as to enter a code on the cell phone, or to provide a fingerprint scan.
This intelligence security model is great due to its simplicity and being aimed at verifying identity predominantly before authorization and encryption mechanism takes effect. MFA works by requiring two or more of the following authentication methods: something you know, something you have, something you are. All of these essentially are shared secret keys: something you have, like a ATM card or a password, or fingerprint, have to be given out to the authenticating entity producing a match with a copy they are having on record. Possession factor frequently replaced with a smart phone.
When a telecom subscriber signs in to the application or service and receives MFA prompt, they may choose from one of the options as Microsoft Authentication App, OATH hardware token, SMS, voice call.
Most popular though is two factor authentication. Enabling Azure MFA, administrator might enact security defaults available to all Azure Active Directory tenants.
Leave a Reply