Cyber Security is based on Prevention, Monitoring, and Incident Response
Associations are part of the fabric of society. We take it seriously. And we also understand there are no “perfect” or “completely secure” systems. Not even air-gapped.
To guard our SaaS AMS clients’s sites we use redundant systems. These include SSL encryption, application isolation, containers, layers of AWS (Amazon Web Services) VPC, Security Groups, ACLs, Route53 DNS, custom AMIs, virus scanners, malware scanners, pentesting, auditing and more. All of these activities generate redundant logs which need to be monitored. To do that we run what is called the “ELK Stack” or now the “Elastic Stack”.
Cyber Security starts with Project Management
A Cyber PM, upon initial completion, never ends. It requires constant vigilance. The process of Cyber Security can be further explained as:
- Architecture – Start with Security In Mind
- Cyber Security evolves. We start with security and outline the right architecture if it is on premise or in the cloud.
- Listening – listening is the first step in communication and with cyber security it is no different. Gathering objectives and identifying everyone involved in the supply chain, helps balance economics as well as identifies weak links.
- Training – both the client training on their business and our team training them on concepts [discussed in CISSP].
- Plan for a scalable and manageable solution. Technology – like docker containers in AWS, Google, Rackspace, IBM clouds all provide scalability while maintaining security.
- Patching systems on the fly with minimal downtime
- Processes in place for Change Management
- Consistency of configuration to the extent that it is possible
- Mobile device management
- Passive Cyber Defense – Systems that are in place
- Firewalls (multiple)
- Virus Scanners and malware detection
- Intrusion Prevention Systems
- Intrusion Detection Systems
- File integrity monitoring and reporting
- Active Cyber Defense
- IDS/IPS controlled dynamic firewalls
- Reporting of IP addresses
- Analyst review of data
- On-going auditing of passive response systems
- Pre-emptive measures (e.b. resetting every users password without advance notice)
- Cyber Intelligence Gathering
- AI analysis of logs as needed
- Hand crafted Rules specific to a clients’ environment
- Shadow sites used to gather information on the attackers (internal or external)
- Honeypot information gathering
- Sharing with the InfoSec community
- On going trainging for our team and shared with clients as needed
- Response to a Cyber Attack is a careful art. Once the scope is understood we respond appropriately
- Legal recourse is an option
- We follow all legal requirements of timely disclosure should an event occur
- Crisis Communication rules are DIFFERENT for Cyber Security. Consider your actions carefully.
There are many resources available for cyber security training. We encourage you to look them up and take an active role in keeping your web site, company, family and country secure from cyber attacks!
Thank You. Ed Schipul.