dfm covers
 
 

Cyber Security Situational Awareness

Cyber Security Situational Awareness

Ian Murphy


Cyber Security and Security Operations are fast becoming the latest areas for investment by CSO’s to ensure that they are able to respond when events occur. This article takes a look at how Situational Awareness fits into this and how Digital Forensics tools and techniques are used as a result.


Introduction

Cyber Security Situational Awareness (CyberSSA) is a not so new field in the way information about past, current and future threats to an organisation are displayed.  Its origins are well founded in the battlefield strategies of national governments and are beginning to percolate into large global organisations.  


But what is CyberSSA and why should we care about its presence (or not) or its effectiveness?  


To answer this question I think it is best to consider current challenges faced by Chief Security Officers (CSO) and why organisations should consider CyberSSA.  


Today’s CSO is ever more being asked to do more with less, there are a myriad of external compliance schemes as well as an organisations internal governance necessary to meet executive board responsibilities.  Some of the top agenda items for a CSO are:


1. Demonstrating security value to the business

2. Developing and communicating a security strategy that supports business objectives

3. Complying with regulatory requirements (both internal and external)


So how could CyberSSA assist with these challenges and what should we expect of this “new” arena?


The overarching tenet of CyberSSA is “knowing what is going on around you”.  When applied to organisations, this translates in being able to determine the security health of your environment, down to the endpoint.  This task is further complicated by the heterogeneous nature of a modern organisation and the already expensive investments made into the latest and greatest silver bullets from the security world. So CyberSSA should be aiming to provide the CSO and their teams with a view currently not provided within the Information Security world, a "view from the bridge" to coin an old naval phrase. 


Apart from the detailed security health of the environment, CSO’s are also interested in a different view on the same kind of data. A view, that provides answers not only to technical questions but also on business questions. In most cases, consoles provide a good overview about the technical status of the solution, but who provides an answer about the health of the entire infrastructure? CSO’s are not interested in technical details like the number of detected viruses on a particular system, but they are interested if the risk to the business is within the defined parameters. 

Is the business fulfilling the defined SLA’s?

How does the individual threat landscape look like?

How does the threat landscape look like over time?


Want to know the answers? Subscribe today and receive issue 6. The sooner you subscribe, the less you'll have to wait.


 
Please make cache directory writable.
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Learning iOS Forensics

A practical hands-on guide to acquire and analyse iOS devices with the latest forensic techniques and tools.

Meet the Authors

Angus Marshall

Angus Marshall is an independent digital forensic practitioner, author and researcher

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 40 on sale from August 2019:


Forensic Syntactical & Linguistic Investigation

Mark Iwazko presents a case study regarding a Forensic Syntactical & Linguistic investigation: Instructed by the Moscow General Council of one of the actual big four accountants. Read More »

Forensic Readiness: A Proactive Approach to Support Forensic Digital Analysis

An increasing number of criminal actions are inflicting financial and brand damage to organizations around the globe. An impressive number of such cases do not reach the courts, mainly because of the organization’s inefficiency to produce robust digital evidences that are acceptable in the courts of law. Read More »

Subscribe today


Using Error-Patterns for Attribution: An Applied Linguistics Technique

Corpus Linguistics within Second Language Acquisition has developed models of error patterns made by defined groups of second language learners. This knowledge base can be leveraged by a knowledgeable analyst to attribute content to a subset of authors. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue