5. The Approach to Cybersecurity: Cyber Risk Management 115 There is also the risk of gaining unauthorized access to an organization’s computers through cyberspace. An example of an access control system for computer networks is a firewall. A firewall is a software application or hardware appliance that allows or denies network traffic based on a set of rules (more on firewalls in Chapter 9). Firewalls are like fences with a gate. They force entry through a single point where inbound and outbound network traffic can be inspected and potentially denied entry and exit. There are numerous examples of technical preventative controls for various cybersecurity risks including encryption, vulnerability scans, pentests, and antivirus software. Raising awareness campaigns are people-focused preventative controls. Employee background checks and software patch management are process-focused preventative controls. Background checks can prevent bad actors from being hired and becoming insider threats. 5.3.5.3.2 Detective Detective controls are measures taken to detect incidents. The prime example of a detective control in physical space is a security alarm. The alarm sounds when an intruder is detected, alerting security personnel to the threat. Some detective controls might catch a threat in the act, doubling as a preventative control, and others may detect an incident after it has occurred. A virus scan is a detective control in cyberspace. The goal of a virus scan is to identify whether a computer has been compromised with malware. Another example of a detective control in cyberspace is performing a log analysis. A log analysis for cybersecurity is a review of system and network logs to identify malicious activity. Other examples of detective controls include special-purpose ransomware scans that continually monitor files, and network scans that monitor systems sending and receiving Internet traffic. 5.3.5.3.3 Deterrent Deterrent controls are measures taken to discourage cyber threat actors from acting. Examples of deterrent controls in physical space include armed security guards and security cameras. If a would-be criminal thinks he might be shot or at least identified and caught, he may be deterred from breaking into a business. Security guards and security cameras are also detective controls—many detective controls also act as deterrent controls since they make it more likely a bad actor will be caught. Perhaps the most effective deterrent for both physical security and cybersecurity are federal and state laws. Laws threaten prison time, fines, and other consequences for law breakers, and they discourage people from engaging in criminal activity. For nation state cybersecurity the threat of a response can act as a deterrent: “if your country attacks us, we can and will attack you back.” If the other nation finds the threat credible, they will be deterred from acting. Organizations can deter insider threats through the use of digital and physical notices reminding employees that all of their activity is being monitored.
RkJQdWJsaXNoZXIy MTM4ODY=