I AM of the digital customer, consumer, or work
I AM online…
Identified, Authorized, and Monitored inside the network, storage, application, and middleware of service delivery acquired by a controller named TRUST.
I AM is…
Identity Authenticated and Matched to access privilege and authorized functions that are monitored by a director named SECURE.
I AM is…
Intrusion Alert and Management… by a team named INCIDENT RESPONSE
I AM online is the target of cyber threat agents who have mastered the art of making visible the critical information infrastructure and assets; assessing the known configuration vulnerabilities; and of exploiting the undermined controls in order to achieve intrusion, attack, and manipulation objectives of cybercrime actors.
I AM online is compromised in the attack-surface of the security incidents and vulnerability exploitation that make the information and communication system at risk.
I AM online is the subject of interest in the cyber kill chain of benefiting from attacking information confidentiality, process integrity, system availability, data privacy, and infrastructure resilience.
I AM online is put at risk by human error that ensues from limited knowledge, undermining standards, unethical behavior, lack of foresight, and tolerated compromise.
Security incidents are commonly recognized based on the following common categorization:
1. Intrusions and external attacks
2. Malfunctions
3. Internal deviant behaviors
Vulnerabilities are commonly identified according to the following classification model:
1. Behavioral vulnerabilities
2. Software vulnerabilities
3. Configuration vulnerabilities
4. General security (technical or organizational) vulnerabilities
(ETSI)
The security incidents associated with cybercrime ensue from cyber threat actors with innovative minds and practice tools to execute the activities of the cyber kill.
1. Reconnaissance
2. Resource development
3. Initial access
4. Execution
5. Persistence
6. Privilege escalation
7. Defense evasion
8. Credential access
9. Discovery
10. Lateral movement
11. Collection
12. Command and control
13. Exfiltration
14. Impact
(MITRE)
Cybersecurity, Information security, and data privacy are by design and by default, the living condition of being I AM safe online.
The controller, director, and team of I AM online are competencies certified to deliver information confidentiality, process integrity, system availability, data privacy, user safety, and infrastructure resiliency in the digital technology-enabled service delivery system of value creation and customer relationship.
The cybersecurity workforce is a certified and cleared provider of knowledge and technologies to support the access of internal organization and external customer to cybersecurity function that is organized and implemented by the cybersecurity officer (CYSO) or chief information security officer (CISO)
The organization of the cybersecurity officer represents the roles, accountability, responsibility, and specialist to deliver the objectives of the following common cybersecurity functions:
1. Identification
2. Protection
3. Detection
4. Response
5. Recovery
(ISO 27110)
The definitive determination, description, documentation and demonstration of cybersecurity function finds its baseline guidance from regulatory guidance of organized countries and industries affecting the impact of cybersecurity in the connected trade and technologies of the digital economy.
1. European Union – ENISA
2, United States – NIST
3. United Nations – ITU
The organization of the chief information security officer is composed of roles, accountability, responsibility, and specialist to perform the following common functions:
1. Protect, shield, defend, and prevent
2. Monitor, detect, and hunt
3. Respond, recover, and sustain
4. Govern, manage, comply, educate, and manage risk
(CMU/SEI-2015-TN-007)
The job roles associated with information security are determined relative to the security controls in assuring confidentiality, integrity, and availability.
The international organization for standardization has identified ninety-three (93) control measures in information security that are classified as;
1. Organizational
2. People
3. Physical
4. Technological
(ISO 27002)
The clear, common, coherent and complete scoping, visualization, and application of security controls are properly aided by an openly published body of knowledge provided by the reputable international community of professionals and industry interest groups.
1. Center for Internet Security
2. Cloud Security Association
3. American Institute of CPA
4. Secure Control Framework Council
5. MITRE ATT@CK
The job roles associated with information security are also determined by the policy, organization, plan, and operation of security incident response and recovery.
The key processes of information security incident management fulfill the objectives for the following:
1. Plan and prepare
2. Detection and reporting
3. Assessment and decision
4. Responses
5. Lessons learned
(ISO 27035)
The service delivery framework of the security incident response organization is developed and improved with international community and regulatory practices coming from the following knowledge source.
1. Forum of Incident Response and Security Teams
2. EU ENISA
3. US NIST
The training regulation on cybersecurity affirms the clear and present danger of cybercrime in the cyber of I AM online. It identifies, analyzes, maps, and applies the foundational knowledge standards and continuously improving practice of making safe and resilient the critical information infrastructure in the sovereign cyberspace
The competency management and workforce capability building on cybersecurity support the realization of the following:
1. Cybersecurity is governance.
It controls with organized decision rights
2. Cybersecurity is visibility.
It controls what it knows.
3. Cybersecurity is auditability.
It controls what it measures.
4. Cybersecurity is control acquisition.
It controls what it enables.
4. Cybersecurity is a drill
It controls threats with what the RED TEAM and BLUE TEAM have consistently demonstrated as the capability and capacity to attack (Cyber Kill Chain) and to secure (Cyber Security Function).
The training regulation on cybersecurity recognized the applicable use of international community-driven standards, the professional body of knowledge, and supply chain whitepapers. It has direct and comprehensive access to a variety of knowledge management systems for securing the sovereign cyberspace of people, processes, information, and infrastructure against cybercrime and data privacy.
1. Crime against the confidentiality, integrity, and availability of information
2. Illegal use of computers and related devices
3. Illegitimate online content and harmful behavior
4. Violation of data privacy rights and personal information security
jmlogic: Knowledge & Technology 