Protecting your Environment: Threat Identification Sources

CYBR650 Week 2

I talk a lot about balance.  Security vs. access, freedom vs. privacy, cost vs. benefit.  But some things just have to be done, no balance required.

Security is about protecting information, and to do it well requires good information.  So what is a federal employee to do if they want to protect the data that has been entrusted to him or her? --The data of the millions of American citizens who depend on their government to protect them? This is a broad question that needs solid answers.  And I stress the significance of “federal employee” because I am one.  I have to work within the framework of regulations, policies and directives (and sometimes emails with strongly worded suggestions on what I should do).  Here is the list of useful information I look to for direction.  Many are Federal government specific; all but one are accessible to every American with an Internet connection.  So here they are in no particular order…

The NIST National Vulnerability Database – This is a repository of vulnerabilities that anyone can use to look for threats and vulnerabilities from very general to hardware or software specific.  NIST is a government agency charged with establishing standards for many government entities.  As of the date of this blog, there were 75,708 identified vulnerabilities.  The place to start looking is in the Vulnerability Search Engine, listed first under the NVD Primary Resources.  The title “Primary Resources” is accurate because it lists the most helpful ways to get information out of the database.

US CERT – The United States Computer Emergency Readiness Team’s National Cyber Awareness System (NCAS) provides a quick way to see current threats.  I would recommend subscribing to at least one of the choices they offer – Alerts, Bulletins and Tips, with the Current Activity link a good place to see what’s happening right now.

Security Blogs – I’m a big fan of Blogs.  They are a quick way to get relatively current information that has been compiled by a professional – if you use one of the reputable sites such as TechRepublic.  If you’re not sure, the Internet has some great suggestions like this blog from Marble Security listing the 10 Security Blogs You Should Be Reading.  Pick two or three to get a feel for what’s out there and then subscribe to the ones that are most helpful to you.

Directly Related to Your Work Environment – For me, this is the VA-NSOC –The Veterans Administration Network and Security Operations Center – While I can’t directly connect to the NSOC to show you what it’s about, it is a critical resource for me.  You should have a 24/7 resource within your organization you can call for help with urgent and critical security issues.  They are the first line of defense when you have an incident and they should be contacting you when they detect threats in your work environment so you can help them remove infected equipment or other action to deal with real-world threats to your network.

Data Breach analysis – One of the best resources you can look at when looking at what you need to defend against is a data breach analysis.  These reports tell you what has been attacked and also provides general guidelines for what you should be doing to defend against these attacks.

Education – You can do all of the above and you will be more effective at protecting your own network.  But one of the smartest moves you can make is to get a degree focused on cybersecurity.  These other resources will provide useful information and you will need to go to them often, but you also need to support it with a good general background in cybersecurity.  This will fill in the gaps in your knowledge so that you understand how the whole system works so you can better defend it.