Friday, May 18, 2018

Security Vulnerabilities, Threats, and Countermeasures


Ashley J. Oliver
Oliver COM Solutions
Senior Network Security Engineer
2018 CISSP Candidate

Topic: Security Vulnerabilities, Threats, and Countermeasures


What is a house with a shaky foundation? Is it safe? Is it secure? This question may not be a common one, but is imperative in the practice of cybersecurity. Higher-level protective controls that are built on a questionable system may not be as effective as those built on a solid, secure, foundation. Think for example, of the most minuscule security flaw that may leave your organization open to exploitations. If malicious entities can effortlessly circumvent your firewall completely, how are you really protecting your data? What if your organization encompasses PII and PHI? Are you prepared for a potential exploit of this data based on a loosely assembled foundation?

Think about the decision to be vigilant about your system design the same as you would any decision that should be based on a solid foundation. For example, you wouldn’t decide where to go to college without researching the programs, campus culture(s), would you? Often overlooked, many protected systems can encompass extremely secure firewall configurations. However, if a vital security flaw exists on the computer that runs on said systems, you will be back at square one in no time. One should never underestimate malicious entities and their abilities to completely bypass the safeguards that you have put in place to secure your system, such as a Firewall for example. 

There is no such thing as a completely secure security architecture. Weaknesses and vulnerabilities can and will exist in every computer system. This is why security models such as Biba, Bell LaPadula, and Take Grant (just to name a few) exist, as well as security architectures. The primary objective of these models and architectures is to concentrate on well-known vulnerabilities.

Lastly, if you aren’t convinced that you need to take Security Models and Architecture seriously for the protection of your system, think about existing vulnerabilities from real life use case scenarios. Such as, risk of theft, sensitive data existing on desktops, lack of security understanding, client compromises which could lead to network compromises, and user-installed software presenting a greater malware risk, just to name a few.

Friday, March 9, 2018

The Significance of Business Continuity Planning (BCP) and Disaster Recovery, as it relates to your business



Ashley J. Oliver
Oliver COM Solutions
Senior Network Security Engineer
2018 CISSP Candidate

Topic: The Significance of Business Continuity Planning (BCP) and Disaster Recovery, as it relates to your business

Have you ever thought about what you and/or your personnel might do in the event of an emergency? Of course, emergencies do not occur every day, and there is no telling when or where. However, emergencies are inevitable, and the purpose of this blog is to shed some light on the importance of Business Continuity Planning and Disaster Recovery. Take some time to think about the adverse effects that disasters could have on your business if DRP is executed improperly or not at all, leaving your company susceptible to vulnerabilities.

Mitigating the effects of a disaster on continuing operations and speeding up the return to normal every day operations are the core focus of BCP and DR. Plans and procedures should be in place by organizations in order for them to execute these two fundamental operations, in the event of an emergency. A primary goal of BCP is to assess the risks to organizational procedures and developing the necessary measures in order to curtail the potential impact these risks may have on the business in the event of a disaster. 

Your next question is probably, who is responsible for performing this type of work? What resources are utilized during the BCP process? And how much is it going to cost? An important consideration here is that spending for BCP and DRP should not be considered as an optional expense. In fact, a fiduciary responsibility of management should be to make sure that suitable BCP methods are in position.

Lastly, be aware that if BCP processes fail, your business is susceptible to a reasonable loss and it is time for Disaster Recovery Planning (DRP) to take charge.