CIR BC Strategies for Policies
This article discusses the various mitigation and recovery strategy for the policy aspect of managing a cybersecurity incident.
- User Access Control
- Patch Management
- Password Management
- Multi-Factor Authentication.
1. Policies: User Access Control
In general, authorized personnel within an organization should be assigned user accounts with special privileges.
Additionally, user accounts have to be managed effectively, and the necessary level of access to the equipment (HM Government, 2014) should only be provided depending on the authorization level.
Cyber security attackers can use user accounts with special access privileges, as they have the highest clearance, to access the highest level of information and cause corruption of information and disruptions to business processes within the organization. Therefore, the level of clearance assigned should be given to employees based on their profile. This limits personnel with privileged access to reduce the chances of compromise.
1.1 Basic Technical Cyber Protection for User Access Control
The minimum requirement is to:
- Perform a provisioning and approval process for all user account creation
- Restrict the number of user accounts with special access privileges to a limited number of authorized personnel
- Document and store details about special access privileges
- Use administrative accounts to perform legitimate administrative activities only
- Configure administrative accounts to require password changes regularly
- Input a unique username and strong password to access the systems
- Remove/Disable obsolete user accounts
2. Policies: Patch Management
Software running on computers and network devices should have the latest security patches installed to remain relevant and up-to-date. If not, cyber security attackers can leverage this outdated software to attack the organization’s computers and networks. Commonly referred to as technical vulnerabilities, they are easily identifiable and exploited for malicious activity. Software vendors have to identify vulnerabilities in their software as soon as possible and provide the necessary fixes (patches).
For example, organizations use Microsoft Office for daily operations such as Word documents and Excel. Microsoft employees must be diligent in identifying vulnerabilities (HM Government, 2014) so software updates can be released to their customers. The organization itself has to manage patches and the update of software effectively; if the vendor has released patches, but the organization does not patch their software, the organization is still vulnerable to being a victim of cyber security attacks.
2.1 Basic Technical Cyber Protection for Patch Management
The minimum requirement is to:
- Check to license of software purchased/installed so that security patches for known vulnerabilities released by the vendor/supplier are made available for the computers/ network devices capable of connecting to the internet
- Install updates to the software promptly
- Remove out-of-date software
- install security patches promptly
3. Policies: Password Management
It is prevalent for employees to use the same password for multiple accounts with a few tweaks depending on the requirements of the account provider. This means that the cybercriminals, once they gain information on the login credentials of one account, can log in to the other accounts of the owner without a hitch.
Remembering different passwords for different accounts (Lavallee, 2017) is challenging for employees. Hence, by utilizing technologies to manage the passwords of all employees, the different passwords can be saved into the technology, maintaining the uniqueness of each account.
Organizations will have an easier time implementing security controls to protect a centralized platform than devising methods for every employee. Additionally, the technology can be configured to prompt password changes regularly to maintain uniqueness, eliminating the possibility of multiple accounts of an employee being compromised simultaneously.
4. Policies: Multi-Factor Authentication
Multi-factor authentication refers to prompting users for alternative forms of authentication (CloudBuzz, 2016) for access beside the typical passwords and tokens. For authentication purposes, there are three factors (Gibson, 2011):
- What the user has
- E.g. Tokens refer to objects that users have in their possession, such as an access card to enter a facility.
- What the user knows
- E.g. Passwords are authentication credentials that users know of to gain access.
- Who the user is
- E.g. Biometric traits, such as fingerprints, are unique to users and can be used to gain access.
Multi-factor authentication refers to using two or more authentication factors to gain access. Requiring more than one factor of authentication (CybeRisk, 2016) increases security levels as cybercriminals find it more challenging to obtain the required factors to gain access.
Component of Prevention/ Mitigation CIR BC Strategies
Do You Want to Continue BCM Training onsite or online?
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 7 Developing Mitigation and Response Strategies 7.16 Policies
Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.