Cybersecurity Series
Cyber Security_Blog_with Book

CIR RAR-BIA Risk Treatment for Malicious Software

This blog on the type of risk treatment strategy discussed as a  business continuity management (BCM) issue in connection with cyber security incident response (CIR).  It discusses the importance of knowing what information assets require protection against specific cyber security threats.

It is conducted as part of the Risk Analysis and Review (RAR) phase during the BCM planning process. This includes understanding the types of cybersecurity threats and the affected assets.

This risk treatment strategy is extracted from a Verizon survey. It provides an overview of the risk treatment and controls for the specific threat, Malicious Software.

It also provides an understanding of the cyber criminals' techniques utilized to exploit vulnerabilities within the organization that sabotaged the assets, affecting the smooth continuity of business functions.

Reference: Chapter 6 Risk Analysis and Review and Business Impact Analysis 6.9 Risk Treatment

Moh Heng Goh

Risk Treatment

Risk Treatment Strategy for Specific Cyber Security Threats The risk treatment summarized by Verizon (2017) surveys for the following cybersecurity risk is as appended below:
  • The Human Element
  • Conduit Devices
  • Configuration Exploitation
  • Malicious Software
C6 CIR Risk Treatment_Malicious Software
Threats Resulting from Malicious Software

Types of Cyber Security Threats Due to Malicious Software

Risk Treatment Strategy for Malicious Software

 

S/No

Threat Scenario

Risk Treatment

Description of Risk Treatment/ Control

Accept (A)

Mitigate /Reduce (MR)

23

Data Ransomware/Crypto Malware

-

  • Control usage of administrative privileges.
  • Maintain, monitor and analyse logs.
  • Install protections for email and web browsers.
  • Develop measures to ensure the organisation is capable of recovering its data.
  • Install controls to protect data.
  • Set up defences against malware.

24

Sophisticated Malware

-

  • Maintain, monitor and analyse logs.
  • Set up defences against malware.
  • Install boundary defences.
  • Install controls to protect data.
  • Develop measures to ensure the organisation is capable of recovering its data.
  • Monitor and control account usage.
  • Limit and control network ports, protocols and services.

25

RAM Scraping

-

Incident Response and Management

-

  • Create an inventory of authorised and unauthorised software.
  • Install protections for email and web browsers.
  • Set up defences against malware.
  • Install controls to protect data.
  • Limit access control based on access requirements.

26

Credential Theft

-

  • Set up defences against malware.
  • Monitor and control account usage.

27

Unknown Unknowns

-

  • Maintain, monitor and analyse logs.
  • Set up defences against malware.
  • Install boundary defences.
  • Install controls to protect data.
  • Monitor and control account usage.

Figure 6-12: Risk Treatment Strategies for “Malicious Software” Threats

CIR Risk Treatment Strategies

Risk Treatment Strategy

The Human Element 

Conduit Devices Config-uration Exploitation

Malicious Software

Back To: Overview of RAR and BIA

Risk Treatment Strategy for Specific Cyber Security Threats
New call-to-action
Risk Treatment for Conduit Devices Risk Treatment for Configuration Exploitation New call-to-action New call-to-action

 

 

 


BCMI Logo

Do You Want to Continue BCM Training onsite or online?

Competency-based Course
Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

A Manager’s Guide to BCM for Cybersecurity Incident Response

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 6Risk Analysis and Review and Business Impact Analysis 6.9 Risk Treatment

Note: This version was the draft 2nd Edition being updated by 2023. The numeric in the square bracket [X.X] cross-refers to the actual chapter and section in the 1st Edition.

 

Comments:

 

More Posts

New Call-to-action