Cyber attack
Today’s organizations continue to fall victim to
sophisticated cyber attacks—including zero-day exploits and Advanced Persistent
Threats (APTs). The following is the lifecycle of cyber attacks which possess an imminent threat to organizations working in both
public and private sectors.
Anything that has the potential to cause harm to the system
is coined as Threat. Threat creates
Attack. Attack exploits
vulnerability to create an Impact .
The severity of impact can be minimized by applying corrective control. A corrective control is control set which
is put in place to mitigate damage once a risk is materialized for example Computer
images are created so that if software gets corrupted, they can be loaded
Main function of all security control is to reduce or minimize the damages once a
risk is materialized. Deterrent control
which is intended to discourage a potential attacker reduces the likelihood of
an attack. Firewall is considered as a preventive control but if an attacker
know that it is in place than it is considered as deterrent control.
Detective control like auditing of logs,
setting of endpoint security should be implemented together with preventive control set like firewall. Together
these controls minimizes the surface
area of attack by minimizing loopholes.
Compensating control
is just an alternate control that provides similar protection as the original
control, but has to be used because it is more affordable or allows
specifically required business functionality. This kind of control measure
reduce the likelihood of attack.
No comments:
Post a Comment