Leadership – Technology News and Information by SeniorDBA

Incident Response Steps after a Data Breach

Cyberattack - @SeniorDBA

Data breach announcements seem to be quite common these days, with a cyber-attack an inevitable part of running almost any business. It is an often-quoted statistic that companies without a policy in place for a post-attack recovery have a 60% chance of going out of business in the six months following an event.

The important thing you can do today is prepare for the various types of cyberattacks and plan your response to a successful ransomware, data breach, or social engineering attack before it actually happens. As you attempt to plan your response to these attack scenarios, you’ll have a better idea if your environment can support the ability to identify and contain the threat as well as how you plan to recover control over your customer and employee data. If you have doubts about the ability of your team to operate during an attack, now is the time to resolve any issues and start training for the inevitable. Continue reading “Incident Response Steps after a Data Breach”

Technical Interview Questions

Manhole

Technical interviews are an attempt by a hiring team to ask the correct questions of a candidate to determine if they would be a good technical fit for the open position.

These questions can sometimes uncover missing segments of knowledge that might identify opportunities for the candidate, or even disqualify the candidate for the open position. That is good information to know before you initiate the hiring process, but it can also help identify specific talents or abilities in a candidate that are above and beyond the minimum knowledge expected.

One of the obvious pitfalls of the technical interview is if the questioning turns into more of a trivia contest than a verification of expected knowledge.

One way to determine if a candidate knows how to solve a problem is to give them a problem and ask them to solve that problem during the interview. Sometimes the problem can be a specific technical issue, or a theoretical problem that is just to see if they can determine a simple solution using just the facts presented.

I have asked a simple question to candidates in the past that doesn’t really apply to the job opening they are applying for, but does provide insight into how they identify the issue, think through the possible answers, and provide them an opportunity to present their ideas.

Why is a manhole cover round?

You may never have thought of this question before, but why is a manhole cover round? You want the candidate to consider the possibilities and try to provide possible reasons for this design choice. It has nothing to do with the position they have applied for, but it will give a hiring manager an idea of how this person will respond to a problem that seems to come out of left field.

Do they think though the question or just respond with “I don’t know.” and quit? Have them speak about what they think about the question. Do they have an opinion about why they aren’t square, hexagon, or even oval in shape? Have they seen a manhole or know what they are used for in everyday life? Why do they think some manholes covers are not round?

Hopefully they can speak to possible reasons, which gives you the opportunity to ask how they would find a suitable response. If they just want to Google the answer, maybe ask them what else you might do to get a suitable answer if there isn’t a consensus on Google.

The possible correct answers are:

Manhole covers are round because it is the best shape to resist the compression of the surrounding soil.
Round manhole covers are easier to manufacture, move, and place than square or rectangular ones. The heavy covers can be easily rolled into position.
Manhole cover the size to fit the opening cannot fall through the circular opening, unlike other shapes. No one wants a 100-pound manhole cover dropping onto their head.
The cover doesn’t have to be aligned in any specific angle to be placed back onto the exposed manhole. Other shapes would require precise alignment.

Years ago, there was a candidate that guessed the covers are round because the men accessing the opening are also round. While this is funny, I don’t think that was a design consideration.

I hate interviews that turn into trivia contests, so I’d much rather be asked a tough question that allows me to show my ability to use my brain to find solutions instead of just demonstrating my ability to memorize technical trivia that anyone could easily look up.

Sources:
(1) Why Are Manhole Covers Round? | Mental Floss. https://www.mentalfloss.com/article/60929/why-are-manhole-covers-round.
(2) Why are manhole covers round? | Live Science. https://www.livescience.com/32441-why-are-manhole-covers-round.html.
(3) Why Are Manhole Covers Round? – ScienceABC. https://www.scienceabc.com/eyeopeners/why-manhole-covers-circular-not-triangular-square-rectangular.html.
(4) The Surprisingly Technical Reason That Manhole Covers Are Round. https://www.envirodesignproducts.com/blogs/news/the-surprisingly-technical-reason-that-manhole-covers-are-round.

IT Security Manager Responsibilities

What are the day-to-day responsibilities of an IT Security Manager?

An IT Security Manager is a technology professional who oversees the security of an organization’s information systems and networks. They are responsible for planning, implementing, and monitoring security policies and procedures to protect the organization from cyber threats and ensure compliance with relevant regulations and standards.

An IT Security Manager requires a combination of technical skills, such as knowledge of network security, encryption, firewalls, antivirus software, etc., and soft skills, such as communication, leadership, problem-solving, teamwork, etc. An IT Security Manager typically has a bachelor’s degree in computer science, information technology, cybersecurity or equivalent business experience. They may also have relevant certifications (CISSP, CISM, Security+, CASP+, CEH, etc.) to demonstrate specific skills and knowledge. An IT Security Manager may work for various types of organizations, such as government agencies, corporations, nonprofits, educational institutions, etc., depending on their industry and size.

Continue reading “IT Security Manager Responsibilities”

Top 10 Cybersecurity Team Effectiveness Metrics

What are the top 10 metrics used to measure cybersecurity team effectiveness?

Cybersecurity is a vital aspect of any organization that relies on digital systems and networks. However, measuring the effectiveness of a cybersecurity team can be challenging, as there are many factors and variables involved. In this blog post, we will explore some of the most common and useful metrics that can help assess how well a cybersecurity team is performing and where they can improve.

1. Mean time to detect (MTTD) – This metric measures how quickly a cybersecurity team can identify a potential threat or incident. The lower the MTTD, the better, as it means that the team can respond faster and minimize the damage.
2. Mean time to respond (MTTR) – This metric measures how quickly a cybersecurity team can contain and resolve a threat or incident. The lower the MTTR, the better, as it means that the team can restore normal operations and reduce the impact.
3. Mean time to recover (MTTR) – This metric measures how quickly a cybersecurity team can restore the affected systems and data after a threat or incident. The lower the MTTR, the better, as it means that the team can resume business continuity and reduce the downtime.
4. Number of incidents – This metric measures how many threats or incidents a cybersecurity team has to deal with in a given period. The lower the number of incidents, the better, as it means that the team has a strong security posture and can prevent most attacks.
5. Severity of incidents – This metric measures how serious or damaging a threat or incident is for an organization. The lower the severity of incidents, the better, as it means that the team can mitigate most risks and protect the most critical assets.
6. Incident response rate – This metric measures how many threats or incidents a cybersecurity team can successfully handle in a given period. The higher the incident response rate, the better, as it means that the team has enough resources and capabilities to deal with all challenges.
7. Incident resolution rate – This metric measures how many threats or incidents a cybersecurity team can successfully resolve in a given period. The higher the incident resolution rate, the better, as it means that the team has effective processes and tools to eliminate all threats.
8. Cost of incidents – This metric measures how much money an organization loses due to threats or incidents in a given period. The lower the cost of incidents, the better, as it means that the team can minimize the financial losses and optimize the security budget.
9. Customer satisfaction – This metric measures how satisfied an organization’s customers are with its security performance and service quality. The higher the level of customer satisfaction, the better, as it means that the team can meet or exceed customer expectations and build trust and loyalty.
10. Employee satisfaction – This metric measures how satisfied an organization’s employees are with its security culture and environment. The higher the employee satisfaction, the better, as it means that the team can foster a positive and collaborative atmosphere and retain talent.

These are some of the most common and useful metrics that can help measure cybersecurity team effectiveness. However, they are not exhaustive or definitive, and each organization may have different goals and priorities when it comes to security. Therefore, it is important to customize and adapt these metrics according to each organization’s specific needs and context.

Understanding the NIST Cybersecurity Framework

Summary

The Cybersecurity Framework Set was an optional standard created by the National Institute of Standards and Technology under the United States Commerce Department. This set of guidelines for private sector companies is intended to help them be better prepared in identifying, detecting, and responding to cyber-attacks. It also includes some guidelines on how to prevent and recover from a cyberattack.

The NIST Cybersecurity Framework is intended to address the lack of standards when it comes to cybersecurity. As with almost everything else that deals with technology, there are currently major differences in the way companies are using technology to detect and remediate attacks from hackers, malicious users, and ransomware.

With the complexity and frequency of cyberattacks growing each day, the task of detecting and preventing cyberattacks has gotten too difficult and complex to be left to chance, and a lack of a strategy among most organizations only makes this effort more difficult.

Continue reading “Understanding the NIST Cybersecurity Framework”

The Future of Risk, Compliance, and Governance (GRC)

Meeting - @SeniorDBA

After two years of a global pandemic, mature organizations must implement a Risk, Compliance, and Governance (GRC) program that provides visibility into existing and emerging risks, helps simplify the understanding and communication of risks across the business, provides actionable risk intelligence to decision makers, and ensures an agile response to unknown threats. This is the path forward if a business wants to thrive in today’s highly unsettled business environment.

As businesses look forward to what new threats exist, they find themselves asking what is the next major risk event that they should be prepared to respond to or geopolitical event that will immediately impact their business strategy. We can always predict the next event, or how successful our response will be to minimize the business impact, but we can prepare for the worst and hope for the best, and that requires some basic preparation.

Risks are Connected

With the interconnected nature of modern business systems, you have to understand that everything is interconnected today. The intersection of systems, people, various projects, organizations, and risks among cybersecurity, third-party teams, compliance efforts, operational risks continue to be more complex and difficult to quantify as systems get more complex and interconnected in the future. You cannot look at these risks as isolated to specific systems or personnel, but as all interrelated and connected to provide a complete risk picture. Continue reading “The Future of Risk, Compliance, and Governance (GRC)”

Don’t be Stupid

Are you a man in IT that thinks a women can’t do your job? Do you think that what you do (writing software code, creating database objects, or managing a project) is just too hard for a woman? Yes, there are still people who believe this and they are also stupid and sexist. This interesting article explains why this outdated thinking is stupid, and where this type of thinking it still exists today.

This is “Amazing” Grace Hopper. She took leave from Vassar to join the Navy, where she invented or helped invent the entirety of all modern computer science, including nearly every wimpy-ass tool your wimpy ass laughingly refers to as “coding.” Compared to her, you’re nothing but a little kid playing with Tinker toys. Tinker toys she invented, by the way.

You want to see hardcore programming? I’ll show you hardcore programming:

This is what real hardcore coders do. No compilers, no syntax checkers, just a teletype machine and a bunch of fucking switches that change the computer’s memory and registers directly.

And you know what? For her, that was luxury. She and all the other early computer programmers–almost all of whom were women, by the way–started out programming by plugging patch cords into plugboards, because that’s how they rolled.

Women have a long and important history with technology, and your time would be better spent on improving technology instead of wasting time thinking men are better than women.

Lessons Learned by CISM Exam

CISM - @SeniorDBA

I decided to take the ISACA Certified Information Security Manager exam earlier this year. I joined ISACA and signed up for the exam. They offered some complimentary group study at my local chapter, and they even sell an exam guide book (“CISM Review Manual” currently priced at $105) to help you study.

What I thought going into this exercise is I have been doing this job for more than 10 years, and I should know everything on the exam without much studying. Once I started studying, I determined there was a few areas that I had an answer, but my answer didn’t always match the answer required to pass the test.

I started studying the material from ISACA to make sure I knew their answers, and after a few months I was ready to take the exam. My real concern is I didn’t want to be over-confident and sit for the exam before I was sure I could easily pass the exam based on the material in the book.

I sat for the exam and I passed! There were a few questions on the exam that I was unable to come up with a good answer for the questions asked, primarily because I just couldn’t connect the question to any one of the answers provided. I eventually decided to pick something for those 8-10 questions and finish the exam. I guess I may never know what the correct answers for those questions might be, and I don’t remember seeing those questions in the CISM manual.

Lessons

You are never as smart as you think you are – That is really the value of certification exams. Having a certification doesn’t mean you are smart; it just means you have studied enough to correctly answer the questions on the exam. It forces you to study material you may not have looked into before, spend time reading that material and committing it to memory, and have enough memory to correctly recall those nuggets of information several months later. I’m not too proud to admit I learned some new ideas and concepts, and I enjoy learning new things.
Experience doesn’t equal expertise – Just because you have been doing something for a long time doesn’t mean you know everything there is to know about a subject. I see it all the time with technical positions were people do the same task the same way for several years and they assume they are experts, and they are unaware that their methods have been replaced with new and better practices many years ago. They have been doing it wrong for years and didn’t know any better, mostly because they have stopped learning. Don’t be that person.
Align Information Security Governance with Business Objectives – I was taught to think of security requirements as something that a business must do to secure their systems, but actually it is just a business concept to help make the business more money. If a security control costs more than the worth perceived by the business, it shouldn’t be implemented. Think of all the businesses that refused to secure their networks and got ransomware. They may have perceived the increased security cost as more than it was worth to the business, or cybersecurity professionals did a poor job of explaining the risk. They probably changed their minds after the breach, but hindsight is 20/20.
Measure Success – How do you know if the network, endpoints, and applications are safer after the change than before you make a security change? You have to measure the before and after security, and determine what measurements make sense to your business so you can continuously measure security. It can be different for each business, but one metric might be how long it takes between the time a vulnerability is detected and when it is remediated. Obviously, the shorter time is better, but you have to measure these relevant values and report to management if the measurements are getting better over time.
Leverage Skill – Knowledge is power, and that can be translated into money. Don’t undervalue your worth and if your company doesn’t acknowledge your worth, find a new job. A CISM certification can help you get that next job at a company that values your knowledge and expertise.

I guess some of these lessons I didn’t have to take a test to learn, but we all learn in our own way.

You can find out more about certifications, including the ISACA CISM, here.

8 Small Business Cybersecurity Tips

There are about 80 million businesses worldwide who meet the “small or medium business” (SMB) definition. Businesses with less than 300 employees can’t always afford someone to tell them what they can do to develop a more mature security posture or how to educate employees to be smarter about their cybersecurity practices. Most of the successful cybersecurity attacks are with small businesses and small government entities. Since the average cyberattack will cost them about $200k and a ransomware attack can force them out of business, we should talk about the basics of cybersecurity defense.

Make sure you require complex passwords for every system. This means changing any vendor default passwords, not allowing simple or common passwords, and teaching your employees how to select a good password.
Configure Multi-Factor Authentication (MFA) on all accounts. Just by requiring MFA to access business accounts you can prevent about 99% of all online attacks. The hackers might steal or guess your password, but it is much harder to access something like your cellphone.
Use a separate account for performing administrative tasks for all your on-premise and cloud business accounts. Use this new account to only perform administrative actions, not to browse the internet or check email, and your risk of account compromise is significantly reduced.
Install, properly configure, and use an antivirus solution that accesses the cloud to better protect your systems from the internet threats. This includes all your user computers and all servers.
Backup your important files to the cloud. Using an automated solution to automatically backup your files to the cloud can prevent a successful ransomware attack from locking you out of your critical files.
Don’t allow your users to configure email auto-forwarding rules in O365. If your account is hacked, one of the first things the attacker will do is configure auto-forwarding rules to exfiltrate your data to their systems across the internet. If you prevent this activity, it will slow down the attack and allow you more time to react. With alerts configured, you will get an email when the attacker attempts to create a new rule, giving you notice that an attack is underway.
Use your available online tools to get tips and suggestions. Things like the Microsoft O365 Secure Score can be a really helpful source of useful tips and techniques for leveraging many more security settings to improve your overall security, and these tips are free just for having an O365 account.
Educate your users about the threats on the internet. Billions of users have internet access, and not all of them have your best interests in mind. Warn users about sharing too much personal information on social media, discuss how to identify phishing emails, and provide guidance on who they need to contact if they aren’t sure about clicking on a link.

You need to think about how you use the services and systems that you have access to each day and determine what data you share has value, what processes are at a high risk, and how a malicious user might monetize your activity. A little work today can pay big dividends during an attack.

Follow these simple tips to start getting some confidence around your security posture, and build on each item as threats and systems change.

Another Example of Difference Between a Manager and a Leader

While reading about project management, I saw this diagram helping to illustrate the differences between management and leadership. While many people don’t understand the difference, as a person assigned the task of management you should understand the difference.

In my earlier post of this subject, I laid out the logic that helps illustrate the difference.

A manager threatens punishment for poor behavior, and provides rewards for good behavior. A leader inspires people by telling them what can be accomplished, and helps guide them to a common goal, pushing those people to stretch their abilities so they can do great things to help the team reach that common goal. A leader lifts their followers by building on their abilities and guiding them toward the right direction.

Responding to Ransomware Attacks

In the event that your personal computer or even the computers on your corporate network fall victim to a successful ransomware attack, an effective response plan determine the difference between disaster and successful recovery. If you are impacted by a company-wide malware infection that takes down multiple endpoints, it could mean a permanent business closure if you are unable to recover critical data.

We will discuss how you might respond in the beginning of an attack to help remediate any issues before you make some wrong decisions.

How to respond to a ransomware attack

If preventative measures fail, like hardening your systems from Mimikatz attacks (links here and here), making users more cybersecurity aware with Security Awareness Training tips, and all the Windows 10 hardening tips didn’t work, then your organization should take the following actions immediately after identifying a successful ransomware infection.

If you have an Incident Recovery Plan, execute the notification process and get all the teams required started communicating and remediating the systems impacted by the attack.

1. Quarantine Infected Systems

The majority of ransomware attacks will include a function to scan the target network, identifying other systems on the same network that can also be targeted for attack, and then encrypting all the files stored on network shares or other computers as the attackers movers laterally across the network. To help contain any infection and to prevent the ransomware from spreading to all infected systems the infected systems must be removed from the network as soon as possible. This will significantly slow the spread and buy you time for analysis and troubleshooting before everything is rendered useless.

Note: This includes blocking them from wired and wireless network access.

This will also help prevent infected system from access resources like internal email, backup systems, employee record systems, critical databases, etc.

2. Block Internet Access

Every system on the network may already have the malware copied to the system and it just might not have started the encryption process yet because it hasn’t been able to access the command and control server on the internet. Disconnect all systems from the internet. Those that are still working will not start encrypting the drives, and those already encrypting have been removed from their ability to communicate to the safe systems by the step listed above.

Note: This includes blocking internet access from wired and wireless networks.

Now you have known bad systems (they are actively encrypting the user files or have already encrypted all the user files) isolated from the network (can’t see other systems on your network) and are blocked from the internet (can’t see other systems on the internet). You also have suspected good systems that are blocked from accessing the internet and are disconnected from the bad systems. You can now verify those clean looking systems are definitely clean and return them to normal as you are sure they are not infected. More about that in Step 5 below.

3. Identify Ransomware

Identify the “brand” of ransomware that has infected your systems. While this might seem strange, there are many types of ransomware from many different malware groups. Knowing which one has infected your systems could help you better identify the methods used in the attack, how to stop the spread, and how you might be able to get your data back without paying a ransom.

There have been instances of law enforcement agencies shutting down a ransomware authors “business” and releasing the decryption keys. Also older ransomware from groups that no longer are actively infecting new systems have sometimes released their decryption keys.

You can visit a website like this to help identify which malware has infected your systems so you can get help stopping, removing, and decrypting your locked files. To get a better understanding of the volume of internet threats that exist today, a visual threat map can be helpful. This threat map from Fortinet helps visualize the threats in a more “real-time” visual presentation.

4. Disable Scheduled Tasks

You should immediately disable any automated or system-scheduled maintenance tasks such as user or system clean-up routines, log deletion tasks, deleting old backup files, etc. because these automated tasks can remove files you might wish you had later, might be something your forensic teams might need, or you might perform an action that could prevent a successful remediation from the ransomware attack.

5. Remove Ransomware from Infected Systems

You can use available antivirus tools to identify and successfully remove the ransomware from your computer. If you are already using anti-virus and it didn’t stop the infection, this is probably a good time to investigate your current configuration issues or get a better solution. Once you have scanned and cleaned the system, it is ready to restore your files.

Once you find the right software to scan and detect the malware, run the scanner on all your systems, not just the infected systems. You might think you know which systems are infected, but the scanner can help you determine which systems are actually infected. You want to do the clean-up and remediation just one time, so do it right the first time.

6. Don’t Pay the Ransom

Note: Only restore your files to systems that you know are clean.

I realize you may not have an option if your critical business files are encrypted, you don’t have good backups you can recover, and you can’t find a free decryption tool. If backups are unavailable or damaged and there is no free decryption tool available, you will be tempted to pay the ransom and recover your files. Just remember you may pay the ransom and still not get your files back. These people are criminals looking for easy money, they are not in the business of being your friend.

While paying the ransom may seem like an easy answer, only consider paying the ransom if all other options have been exhausted and the loss of data will likely result in your company going out of business. Paying the ransom might also get you into trouble with the law, so be very careful and consult an attorney.

7. Restore Your Backups

Note: Only restore your files to systems that you know are clean.

Hopefully you were able to jump right past Step 6 (Don’t Pay the Ransom) because you know not to pay a ransom to a criminal because it only encourages them and finances their next attack. You don’t need to pay the ransom because you either don’t need the files that were encrypted, you were able to find a free decryption tool, or you had good backups ready for you to use.

Restoring backups can take a long time, be difficult to perform, and you still might lose some data. If you have been verifying your backups, practicing the restore process at least once a year, and have a well documented process the effort will be less likely to fail.

If your user files are also backed up to the cloud using a tool like OneDrive, this might also be useful and a quick way to restore a user’s personal files including documents, music, and pictures.

8. Restore Network

Now that you know which systems are clean, the cleaned machine can have access to the internet and other network resources. The infected machines can be cleaned one at a time, files can be restored, then the systems can be returned to the proper network.

Don’t forget to restore internet access for the clean systems. Once you have verified your backup files won’t be over-written, the log files are intact, and what files are required for the audit and forensics teams are saved, you can re-enable scheduled tasks that you have reviewed and know are safe to enable.

9. Change Passwords

Now that you know someone has had access to your systems, you can’t be sure they did not steal your user and system passwords. Have all users reset their passwords. Reset the passwords for all service accounts, accounts used to run scheduled tasks, the KRBTGT account (used by Active Directory), and any enabled accounts used by your systems. Make sure all administrator-level users also change their passwords. Do a full inventory of accounts, looking at the last time the password was changed, and either change the password or disable the account.

10. Investigate Intrusion

Things are now back to normal. Users are back onto their computers, the files are all back where they should be, and users are back to work and not on the telephone with you. That doesn’t mean you are done.

You have to look at what happened so you can make sure it doesn’t happen again.

How was the ransomware able to get past your computer controls and be easily installed onto a user’s computer without being detected? Was it a user bypassing a control (authorized or unauthorized), or did the ransomware just not get stopped by any existing security control?
Are there changes required to your anti-virus software to make it a stronger defense against ransomware? Is it time to remove the existing solution and replace it with something more powerful or can you just change the configuration of the solution you already own to make it work better?
Do you need to make changes to the hardening of your Windows 10 devices to make it harder to bypass your security controls and encrypt the users files?
Do you need to alter or improve your corporate firewall controls? What about the security of your remote users and they way they connect to the Virtual Private Network (VPN)?
Do you need to make changes to your network to make it harder for software running on the user’s computer to get access to systems like Domain Controllers, Database Servers, File Servers, Web Servers, etc.?
Do you need to change the way you perform (or don’t perform) backups of user and system files? How about changes to the way you restore files? Do you have adequate documentation of the procedures used for backing up and restoring files?
Do user accounts have the correct level of authorization? Maybe now is a good time to remove elevated permissions from normal users, limit who has elevated permissions, and lock down the use of all admin-level accounts?

Summary

If you need help, now is the time to really get some help figuring out the changes that can help prevent a repeat of the security event. A ransomware incident can stop a company from normal business for days, weeks, or forever. It can chase away customers, compromise business critical data, and cost you a lot of money to remediate.

Looking at the steps required now can help you practice and plan for a future incident. Careful planning, remediation of security gaps, and technical training can help prevent a successful ransomware attack, shorten the remediation timeline, and help promote confidence in your Information Technology team.

Methodology for Database Troubleshooting

What is your methodology for troubleshooting an issue with your database systems?

spanish-vocabulary-ask-directions-300x225

Most of the technical problems I have encountered with database systems are not really the fault of the technology at hand. These problems are either the result of rushed work, apathetic work, ignorance of proper procedures, or botched troubleshooting.

Before talking about what troubleshooting is, let’s talk about what it is not. Troubleshooting is not:

Searching Google for solutions based on information you don’t even understand
Trying something you knew worked in some completely unrelated situation
Trying to work out a quick solution that doesn’t address the original problem
Replacing the system because you can’t figure out the cause

For a professional database administrator, guessing or trying various solutions without understanding what you are doing is not a reasonable option.

You probably hire people that have a methodical approach toward technical issues, applies common sense to business problems, and maybe even has extensive certifications or years of experience. All those things can be taught, but do they have the required traits to be a troubleshooter?

Continue reading “Methodology for Database Troubleshooting”

Comparing Cybersecurity Frameworks

As we watch multiple multi-million dollar companies impacted by high-profile data breaches impacting millions of people and costing millions of dollars in the past several years, you have to ask is anyone helping to guide companies to a more secure and best-practice cybersecurity environment. There are a few cybersecurity frameworks that have been developed and we will compare them in this article.

While it is true that the European Union has developed some laws designed to help force companies to develop solutions to help protect consumer data, these laws target penalties for a data breaches or failures to protect consumer data. A company must put protections and procedures in place to safeguard consumer data or they will fall into non-compliance with EU laws and could face financial consequences. The United States is moving in the same direction and is in the process of creating laws to protect the sensitive consumer data, but there have already been legislation passed at the state level to address compromised consumer data.

Data Protection laws are an incentive for businesses to implement a comprehensive data security program to help them prevent a financial impact in the event of a data breach, these businesses often find when they want to get serious about protecting their data from unauthorized access he best place to start is with selecting and implementing a cybersecurity framework.

Choosing the correct cybersecurity framework (CSF) is not an easy or simple process for most companies. The selection process has to account for the type of business and the types of data they want to protect, where the data is located, and what compliance requirements already exist. Some CSFs are considered comprehensive and some are designed to achieve a specific objective. When looking at frameworks like the Health Information Trust Alliance (HITRUST), which is focused on healthcare or the Cloud Security Alliance Cloud Controls Matrix (CCM), which is specific to cloud computing, the business has to consider the limited impact of those targeted frameworks and will they be comprehensive enough to support the business in a long term approach to security.

Tips for Leading IT Remotely

Work from Home - @SeniorDBA

As the remote workforce has become the “new normal”, IT leadership has had to adjust to the new requirements around how they must continue to lead an effective technology team from home. While things will continue to change as vaccines are administered and people are allowed more freedom to return to the workplace, things will probably never be the same as before a global pandemic forces millions of people away from the traditional office workspace and they began working full-time from their homes.

An effective leader must learn to identify changes and determine the best techniques for dealing with change. Successfully adapting to change is something leaders must do all the time, and the recent work-from-home mandates are just another change to navigate to keep the business moving forward.

Work from Home - @SeniorDBA

When employees are unsure about procedures, processes, and requirements it is imperative that leaders step forward to provide guidance and instruction to help people successfully navigate changes with minimal stress and uncertainty. As a member of IT leadership, you must provide strong leadership in times of uncertainty and confusion.

Here are some tips for helps you team stay productive in a remote work environment, even if working remote is no longer temporary.

Continue reading “Tips for Leading IT Remotely”

11 Things A New IT Manager Must Do On The First Day

11 things a new IT Manager must do on the first day.

New Manager Job - @SeniorDBA

Updated: Includes notes for COVID-19 Protocols for remote working

Congratulations, you have found a new job as an IT Manager. This new job could be leading a software development team, managing a group of system administrators, leading the cybersecurity team, or any other management position in the IT group. How you approach your first day at the new company will make a huge difference, putting you on the path to success or making your new role a struggle. You may not have been promoted to a management position at your last company, so you might not have any experience starting at a new company as a manager.

Don’t let you title go to your head. Don’t begin ordering people around and watching their every move. Act like a professional, observe team actions, and strive to understand before you recommend any changes. Many people have made career-killing mistakes by failing to adapt to a different way of doing things at a new company. Even if you have been with your current company for a long time, you are now at a different organizational level at a new company and you will need to learn about the new management culture to be truly successful.

Continue reading “11 Things A New IT Manager Must Do On The First Day”

Cybersecurity Awareness Training

Every organization should have an employee cybersecurity awareness training program to help educate all employees about their responsibilities in keeping corporate assets secure, how to secure their computer systems, and help them develop a basic understanding of how to secure their internet accounts from compromise.

Most cyberattacks are coming from hackers, organized crime, and state sponsored attackers in the form of phishing emails, compromised attachments, and malicious links. Users have to be trained on their role in securing the environment. Users must be given the training and awareness to identify threats and avoid making a poor decision or a simple mistake that could cost the business millions of dollars in lost revenue or ransomware payments.

The basics of user cybersecurity awareness training is specific coursework, usually video-based, that helps all employees understand the general threats in todays internet-based workforce, how they fit into that threat landscape, how they become a target for hackers, and what they can do to keep their corporate assets secure from attack. This type of information is usually easily transferable to the employee’s personal life. Your personal Twitter or Facebook account isn’t a corporate asset, but the techniques and methods in the training can usually be applied to those online accounts to make them more secure as well.

Building a Successful Cybersecurity Strategy

When thinking of a strategy to address cybersecurity, your strategy must be one that is driven by a top-down management emphasis to build cybersecurity into everything a company does and builds. Cybersecurity can not be an afterthought or something that is added later, but it must be designed and implemented from the first day. If you have gaps today, they must be fixed and a management system must be put into place to prevent this type of issue in the future.

The first thing you must accomplish when building a mature strategy to fix your imperfect cybersecurity status is to perform a formal risk assessment. This will allow your team to compare your existing controls against an established security framework, like NIST, SANS, or CIS. A cybersecurity framework is a predefined set of controls that are identified and defined by leading cybersecurity organizations to help you enhance cybersecurity strategies within your enterprise. This will allow you to document what cybersecurity controls are already in place and how effective they are, and what controls are missing or ineffective. Once you have accomplished this step, it allows you to focus your change effort on the controls that will have the most impact to incrementally improve security with each change to the existing environment.

Now that you have a written list of needs you have a better understanding of where your team currently stands, including what controls are currently effective and which controls are missing or poorly implemented. This will also help you determine if you have the budget and personnel to make the required changes. You’ll now have a much better idea of where the biggest security gaps exist and it helps you assign a priority and schedule to each required change.

This might also be a good time to decide if outsourcing the effort, either in part or in full, might be a better solution for your business. Do you have the time and budget to train internal resources for the effort required to resolve the items identified for remediation? If you must hire new personnel, will you have time to onboard and complete orientation or training before you can start remediation of identified security issues, or should you outsource the remediation to an external resource with the experience and skill to quickly resolve your issues?

Continue reading “Building a Successful Cybersecurity Strategy”

CISSP vs. CISM Certification – Which is best for me?

Now is a perfect time to be certified, and why not choose to be CISM or CISSP certified? With so many people working from home, you may have some extra time on your hands to study for a certification exam instead of being stuck in a long commute, so why not select a cybersecurity certification to study for in 2021. Recent reports indicate with a near zero unemployment rate for cybersecurity professionals there may be more open positions than qualified candidates.

CISM and CISSP are two of the most highly requested certifications for cybersecurity practitioners, but the requirements for certification aren’t insignificant. They both require a significant investment of time to learn everything covered in the exam, and over $700 just to sit for the exam. Let’s take a look at the requirements for both certifications to help you make the correct decision on which exam you should take in 2021.

Understanding the NIST Cybersecurity Framework

Summary

With the complexity and frequency of cyberacttacks growing each day, the task of detecting and preventing cyberattacks has gotten too difficult and complex to be left to chance, and a lack of a strategy among most organizations only makes this effort more difficult.

Continue reading “Understanding the NIST Cybersecurity Framework”

10 Cybersecurity Interview Questions

If you are interested in getting a job in cybersecurity and starting a rewarding career in protecting information systems, you should be prepared to answer a wide range of questions to demonstrate your knowledge of the subject matter. Generally speaking, cybersecurity is the protection of information or data stored on computer systems from unauthorized access and malicious attacks.

I can’t predict the specific questions you will be asked, but I know the general category of the questions relevant for this type of position. Interviewers are interested in the candidates who have the necessary general technical knowledge, and any specific skills relevant to the specific position posted.

Continue reading “10 Cybersecurity Interview Questions”

11 Questions to Ask During a Cyber Attack

During a cyber attack, we are usually focused on containing the attack by using our IT toolkit to limit the scope of the attack and reduce the time to remediation. Management needs to be asking some important questions during the attack to make sure they have allotted the proper amount of resources and focus to the problem currently at hand.

1. What is the level of threat? All threats are not created equal. First you must understand the threat, then assign resources to remediate the threat. Some attacks will require a higher level of response than others, and management must make sure they understand the level of attack sophistication before over-allocating resources or over-spending to contain the threat.

2. What is our exposure to the threat? Once you understand the threat, you can evaluate your overall exposure to that specific threat. This needs to be done in order to fully understand the gravity of the situation so you can inform the business about how serious the threat is as it relates to your environment. Once you understand the organization’s exposure, you can assess the risk posed to the organization.

3. Does the hype surrounding the threat translate to a real risk for the organization? If the risk is real in your environment, then it’s time to respond appropriately and communication to the right stakeholders to rally the correct resources to resolve the current risk.

4. What is the attack timeline? Understanding the sequence of events, with accurate dates and times, is essential to understanding how effective your controls are in preventing attacks and alerting your team to those attacks. You need to verify those alerts and warning were acknowledged, effective, and the team response was equal to the attack scope. If your team knew about a significant risk to the organization and didn’t act on it or escalate appropriately, that could be a fairly significant lapse in enterprise security.

5. Why wasn’t this discussed earlier? Is there a way to be notified about any issues earlier in the overall timeline of the attack? Maybe there aren’t better ways to detect the attack or warn the team earlier of an issue, but if there are ways it is to your benefit to seek out that solution to reduce your reaction time during the next attack.

6. Could we have avoided this attack? In many cases an attack can be avoided if the overall attack surface had been reduced significantly, including modernizing our infrastructure, applying vendor updates and patches, performing regular security reviews, periodically documenting the network, etc. Could your team have done something differently to significantly reduce the risk?

7. Why didn’t we avoid this attack? If you can identify a way to remediate the attack and prevent future attacks, ask why we didn’t implement these controls earlier to avoid the original attack? Was it an issue of cost, skills, priority, or did you just not understand the level of risk in your environment.

8. How much damage are we talking about? You can start assessing the damage during the attack, but you might not have a full understanding of the damage for months after the remediation is complete. The damage might include just IT infrastructure, but could include critical data, corporate brand, customer trust, or even mistrust between departments. You must learn from your mistakes, keep your reporting of your status honest, stay organized, and perform incident response appropriate for the level of destruction identified.

9. What have we learned from this attack? Always review the events after the attack is over to identify lessons learned and what we done correctly or incorrectly during the stress of the attack. This review allows your security team to improve and mature, which should lead to a better response to the next attack. Look for ways to apply the changes required to make response times faster and more effective to shorten event timelines and reduce the impact of a future attack.

10. Are we capable of full remediation? Once you understand the damage and have a full remediation plan, is your team capable of implementing the plan and fully resolving the issue our is external resources required? You must map the technologies and applications the issue affects, then conduct a sanity check to see whether your plan will achieve your expected goals.

11. Have we effectively communicated actions to management and executives? Even if your team was able to contain the attack, limit damages, and everything worked as expected, your actions need to be documented and communicated to management and executives. This effective communications builds confidence in the security team and their ability.

11 Things An IT Manager Must Do On The First Day

New Manager Job - @SeniorDBA

Congratulations, you have found a new job as an IT Manager. This new job could be leading a development team, managing a group of developers, or any other management position in the IT group. How you approach your first day at the new company will make a huge difference, putting you on the path to success or making your new role a struggle. You may have been promoted to a management position at your last company, so you might not have any experience starting at a new company as a manager.

Don’t let you tile go to your head. Don’t begin ordering people around and watching their every move. Act like a professional, observe actions, and strive to understand before you recommend any changes. Many people have made career-killing mistakes by failing to adapt to a different way of doing things at a new job. Even if you have been with your current company for a long time, you are now at a different organizational level and you will need to learn about the management culture to be truly successful.

Continue reading “11 Things An IT Manager Must Do On The First Day”

Kanban vs. Scrum

If you are wondering if you should move from a traditional Waterfall development methodology to something new, but can’t pick between Kanban and Scrum, here is some information that might help you pick a new path.

Kanban

Kanban is a simple methodology that focuses on the tasks your team is currently performing. The tasks are displayed to all participants so you and your team can track the progress and easily see what tasks are currently active. A good practice is to organize your development process using a Kanban board to show the status of each task, from “to-do”, “in progress”, “testing”, “ready for release”, and finally “released”. This simple methodology gives the team more flexible planning options, a clear focus on specific tasks, transparency on what is coming next, and a faster output by helping them focus on just a few tasks at any one time.

Continue reading “Kanban vs. Scrum”

10 Things An IT Manager Must Do On The First Day

New Manager Job - @SeniorDBA

Continue reading “10 Things An IT Manager Must Do On The First Day”

13 Skills Every Manager Needs

If you have attended any classes or seminars on leadership or management, you have been trained on how to manage people and time, but you probably didn’t get much content on how to actually be a leader of people. Leadership is primarily providing an example of how you want people to behave by demonstrating integrity, high self-esteem, and overall confidence in purpose.

If you are interested in becoming an effective leader, look to demonstrate these skills to persuade and guide your team.

Continue reading “13 Skills Every Manager Needs”

Share this:

Share this:

Share this:

Share this:

Summary

Share this:

Risks are Connected

Share this:

Share this:

Lessons

Share this:

Share this:

Share this:

How to respond to a ransomware attack

1. Quarantine Infected Systems

2. Block Internet Access

3. Identify Ransomware

4. Disable Scheduled Tasks

5. Remove Ransomware from Infected Systems

6. Don’t Pay the Ransom

7. Restore Your Backups

8. Restore Network

9. Change Passwords

10. Investigate Intrusion

Summary

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Summary

Share this:

Share this:

Share this:

Share this:

Kanban

Share this:

Share this:

Share this: