Reading digest — Understanding the top prominent cyber security domains

This reading digest is for a section from the book “Cybersecurity Career Master Plan by Dr. Gerald Auger.”

Everyone knows what penetration testers are — they are white hat hackers who are given the permissions to hack an organization in order to discover vulnerabilities. They can then create a report for the organization and help them improve their defense against the bad guys. It falls under Offensive Security.

What are Governance, Risk Management, and Compliance (GRC)? If we break this down:

• Governance — it is an organization’s internal rules and regulations regarding cyber security.
• Risk Management — this includes Risk Assessment, it kind of overlays with the above mentioned Risk Assessment as in Offensive Security. But as an GRC analyst, you will need to participate in not only assessing the risks but also watching over and mitigating the risks.
• Compliance — This refers to governmental cybersecurity laws and regulations.

Threat intelligence — “The practice of improving cybersecurity safeguards through sharing, learning, analyzing and forecasting cyber threats and adversaries is known as Threat Intel.

Non-technical threat intelligence include Strategic threat intelligence. It focuses on a threat’s risk, impact on the organization. It helps organizations make sense of cybersecurity and management level with cyber defense decisions making.

Technical threat intelligence includes tactical threat intel (addresses TTPs (Tactics, Techniques and procedures of the threat actor.)and operational threat intel (provides in-depth and highly technical details of the treat such as motives, IOCs (Indicators of compromises) and IP addresses, filenames etc.).

Incident Response, as part of the Security Operations category consists of planning, responding and aftermath. That’s right, we need to have strategies and procedures in place to respond to attacks/ incidents and recover to normal business as soon as possible when it is compromised. The IR team first plans ahead for any incidents that might happen so that when it happens the IR team can quickly identify the intrusion. The IR team then respond by containing the damage caused by the attack, followed by investigating and eradicating the threat (Digital Forensic Investigations) so that the business can recover to normal operation. But that’s not finished yet. In the aftermath, the event needs to be re-examined, remediation actions taken evaluated and properly documented for future reference and development.

Security Architecture can be seen as a high level mixture of all the sub-fields we have looked at so far, and more. The job of a Security Architect is to understand an organization’s business drivers and translate them into security objectives. Security Architects help designing the high-level architecture and decide on the big picture of the systems.

Cloud Security is an exciting area because most people are still in the learning process. Similarly, cyber criminals also view cloud computing as an exciting arena to exploit. Cybersecurity professionals will need to be proactive and stay ahead of the game in order to defend the people’s security online.