Security Concepts and Goals –

Part 1
Vincent Janu Razalo, MIT
Security Tactics For People, Processes,
and Technology
As IT teams seek to create a layered security environment,
they should consider the following tactics:
People – Employees can create some of the greatest risks to cybersecurity. When they are
well informed, however, they can also be an asset and the first line of defense. Often,
cybercriminals will specifically target employees as an attack vector based on their lack of
knowledge for security practices. For example, cybercriminals might target employees with
phishing e- mails to get them to click on a malicious link or divulge credentials. With this in
mind, it’s imperative that organizations conduct regular training sessions throughout the year
to keep employees aware of potential scams and how they can make their organization
vulnerable.
Training programs like these will create a strong culture of cybersecurity that can go a long way
toward minimizing threats. A few of the cyber hygiene points IT teams will want to inform employees
of include the following:

 Creating strong passwords that are unique to each account and not reused
 Ensuring personal and work passwords are separate
 Not opening or clicking links in suspicious e-mails or from unfamiliar senders
 Ensuring applications and operating systems are regularly updated as soon as patches are
released
 Not installing any unknown outside software, as these can open security vulnerabilities in the
network
 Immediately reporting any unusual behavior or something strange happening on their

computers.
2. Processes – This layer of cybersecurity ensures that IT teams have strategies in
place to proactively prevent and to respond quickly and effectively in the event of a
cybersecurity incident.
IT security teams should have a cyber-incident response plan in place. A good
incident response plan will provide an organization with repeatable procedures and
an operational approach to address cybersecurity incidents to recover business
processes as quickly and efficiently as possible. Additionally, ensuring proper
backups are in place; regularly testing these backups is imperative to minimize
downtime and increase the chances of data recovery from a cyber-event.
Next are the collection and analysis of threat research. Every security strategy and
tool must be informed by current threat intelligence to detect and respond to threats
effectively. For example, threat research might reveal that cybercriminals have been
carrying out attacks through a specific vulnerability, or targeting endpoints with a
specific malware. Armed with this information, IT teams can then take proactive
measures by making any necessary system updated and increasing monitoring to
detect behavior indicative of one of these attacks. It is also important that IT teams
consult both local and global threat data for the most comprehensive understanding of
the threat landscape.
Another important process for achieving effective cybersecurity is the
prioritization of assets. While IT teams remain strained from a
cybersecurity skills gap, networks have become increasingly
sophisticated, making it impossible to monitor each area of the network
at all times manually. Security teams can develop policies and deploy
strategies to keep these data more secure and minimize consequences.
This might mean using network segmentation to add an extra level of
security or creating access control policies based on who needs access to
these specific sets of data.
3. Technology – There are hosts of technologies that security teams can implement to
layer their defenses. It is important that IT teams do not implement isolated point
solutions as they layer their defenses, but rather select those tools based on their
ability to be integrated and automated to create a security fabric that can facilitate the
rapid detection and mitigation of threats.
Another tactic that IT teams should leverage is deception technology. Network
complexity is an Achilles heel for adversaries. Deception technologies level the
playing field by automating the creation of dynamic decoys that are dispersed
throughout the IT environment, making it harder for the adversary to determine
which assets are fake and which are real. When an adversary can’t make this
distinction, cybercriminals are forced to waste time on fake assets and exercise
caution as they look for tripwires embedded in these fake environment.
Emerging Technologies in Cybersecurity

Hardware authentication is a well-known fact that a majority of data users’

passwords and usernames are weak. This makes it easy for hackers to get access to
the information systems and compromise sensitive data of a business entity or
government agency. This has also exerted pressure on experts of systems security to
come up with more secure authentication methods. One of the ways is the
development of user hardware authentication.

Hardware authentication can be especially important when it comes to the Internet of

Things (IoT) where the network of connected devices ensures that any device that
seeks to be connected has the rights for connectivity to that particular network.
Cloud technology is set to have a significant impact on the transformation of systems
security technology. More business enterprises and government agencies have
embraced cloud technology to store the vast amounts of information that they
generate daily.
There will be more approaches to information systems security that will be developed
for use in the cloud. Techniques for on-premise data storage will be migrated to the
cloud. Components such as virtualized intrusion detection and prevention systems,
virtualized firewalls and virtualized systems security will now be used from the cloud
as opposed to the traditional forms.
Both private and public entities have doubled up their data center security by the use
of Infrastructure as a Service (IaaS) services such as FireHost and Amazon
Deep learning encompasses some technologies like machine learning
and artificial intelligence. There is a significant deal of interest for
systems security in these technologies. Deep learning, just like behavior
analytics, focuses on anomalous behavior. Whenever artificial
intelligence and machine learning systems are fed with the right data
regarding potential systems security threats, they can make decisions on
how to prevent hacks depending on their immediate environment without
any human point.
The system scrutinizes entities, instead of users, that have access to the
information system. The most recent developments in machine learning
technology and exact business analytics mean that we can now analyze
different entities that are found in the enterprise at both the macro and the
micro levels. Business organizations and government agencies can now
stamp out any persistent or advanced cyber threats using artificial
intelligence and machine learning.