Forensic Blogs

An aggregator for digital forensics blogs

by

CMMC A to Z: The Importance of Access Control, Asset Management, Auditing, and Awareness

If you kept up with last week’s blog post, you’ll know that The Department of Defense’s CMMC consists of 17 total capability domains. With so many domains, it can be hard to keep up with why each and everyone is truly important not only for supply-chain security but for the complete security of your entity regardless of federal contracting. Over the next few weeks, while I work with ComCode and the MCSP to explore this new certification process, I will be breaking down all 17 capability domains as defined by the CMMCAB. Keep in mind that these are general overviews of these best practices, but it’s important to understand why the Department of Defense cares about them in the first place to truly take advantage of this new framework.

AC -Access Control

Access Control is a domain that focuses on limited access to information and information systems, thus mitigating the risk of secure information being accessed by unauthorized individuals. Unauthorized access can lead to terrible data breaches, which is why access controls are often erring on the side of caution and overly restrictive. According to Ted Wagner, CISO at SAP National Security Service, “Whether it be the inadvertent exposure of sensitive data improperly secured…access controls are a key component. When not properly implemented or maintained, the result can be catastrophic.” Here are a few key things to think about when implementing access controls:

Who determines access? Information Asset Owners? IT? Security?Who ensures control implementation? Helpdesk? Information Security?How will access be documented? Asset Registry? Active Directory?How will we audit these controls?

AM – Asset Management

Information Technology assets are the backbone of any organization, especially in the modern age where technology is lurking around every corner. It is extremely important to maintain and develop standards that allow your organization to properly manage all IT assets, especially in terms of risk, cost, and compliance. On the surface, AM seems like nothing more than a basic inventory system, but it is so much more involved than that. It’s important to keep track of obsolete and End Of Life (EOL) technology in your organization. EOL assets are one of the easiest ways for outside threat actors to gain access to your network. Compliance is another huge part of AM, ensuring that the technology you bring into your organization falls in line with any regulatory requirements you are currently subscribed to.

AU – Auditing & Accountability

Auditing & Accountability is defined as a chronological record that examines the sequence of activities surrounding everyday organizational operations and procedures, specifically in reference to security-relevant transactions. The key to this is ensuring that every specific action taken on a system in-scope is audited and logged. When it comes to CMMC certification, it is very likely that these logs will be requested and if one cannot provide them, that’s a huge problem. Auditing is one of the reactive tools in security as opposed to AM, AC, and AT which are proactive domains.

AT – Awareness Training

Training within an organization helps to ensure that employees are aware of the security risks associated with their daily activities. This goes into every single onboarding process, not just for those involved directly in IT. Finance, Human Resources, C-Suite, Marketing, Legal, and every single other department within the organization will, at one point or another, become a target of some sort of attack, typically a form of social engineering. Making your staff aware of these potential attacks, how to avoid them, and what to do should an incident occur is key for compliance in many frameworks, but especially within the CMMC.

Next week we will discuss Configuration Management, Identification, Incident Response, Maintenance, and Media Protection. For more information on these domains, feel free to look over the official CMMC Framework published earlier this year.

Follow us for more updates on this project!

For further questions about Munich Cyber Security Program, or this project please feel free to contact mcsp@comcode.de

Written By: Austin Grupposo’23 // Digital Forensics & Cybersecurity

The post CMMC A to Z: The Importance of Access Control, Asset Management, Auditing, and Awareness appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

The State Of Medical Security

At some point in everyone’s life they have had to go to the doctor, and whether this has been for something small or something serious the doctor has had to use some kind of device. These devices, whether they are used for diagnosis, analysis or treatment are becoming more and more interconnected to each other and with the wider internet. Whether this is an X-Ray sharing its x-rays with an image analysis program for the doctor, a pacemaker that lets you adjust settings from an app on your phone, or even a health bracelet such as a Fitbit, the fact that medical devices are becoming more and more interconnected means that they are becoming more vulnerable to threats and threat actors in the Cyberspace. Proper Assessment, response, planning, and adaptability are key in trying to protect devices that protect us.

Throughout my research so far I have found that the governing bodies of both the United States and the European Union use a variety of institutions and practices to help address the risks throughout the lifecycle of medical devices. This lifecycle generally is addressed as follows.

Planning: This is when the device is being developed and designed to start testing and figure out what the device is needed for etc.Design: This is when the device is starting to get the technical aspects of itself, engineers start to generate the documentation needed and incorporate necessary design elements.Validation: This is the phase where regulatory compliance is completed and all the necessary information and labeling is provided to all stakeholders.Launch: This is where the device is introduced into the market and training and any other actions are done.Post Market: After the device has been sold this is where the cycle of monitoring, updating, and improving the device occurs.

One major institution that seeks to guide this field for legislators, regulators, and manufacturers in the IMDRF or International Medical Device Regulators Forum. They have in recent years put out several guidelines that seek to help address the threats that medical devices can face throughout their lifecycle. These include the “Principles and Practices for Medical Device Cybersecurity “ and “ “Software as a Medical Device”: Possible Framework for Risk Categorization and Corresponding Considerations”. These frameworks address best practices in medical devices such as having a security design mindset throughout the development process, pursuing a risk-based development and security model, having a good and robust Incident response framework, performing extensive vulnerability assessments throughout the lifecycle of the device, and ensuring that the security measures taken are scaled for the risk to the user if the device is compromised.

This summer working for COMCODE the goal is to gain an understanding of the current state of cybersecurity in regards to medical devices, which at first glance might seem simple however cybersecurity is never as simple as first meets the eye and medical devices constitute everything from the x-ray machine to the blood oxygen level reader to your Fitbit. All of these devices have security needs that need to be met and all are potential targets for malicious actors.

So far in my research, the main issue has been how convoluted and far-reaching the medical device field is. The fact that medical devices span so far is a cause of the cornucopia of regulations, practices, and controls that are used on various devices and why classification of devices is very open-ended and at times can be very vague and left to the manufacturer. However as my research has continued the tangle of rules, regulations, and practices has started to unravel. Shortly the solid base of a picture of the field will be ready to build my understanding upon.

STAY UP TO DATE WITH TWITTER, INSTAGRAM, FACEBOOK, AND LINKEDIN SO YOU KNOW WHAT WE’RE UP TO!

Written By: Michael Verdi '22 // Computer & Information Systems Security

The post The State Of Medical Security appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

AMSec Project Introduction

The U.S. Department of Defense released the highly anticipated Cybersecurity Maturity Model Certification (CMMC) version 1.0 on January 31, 2020. This model serves as a unified standard for implementing cybersecurity controls across the defense industrial base which applies to over 300,000 entities across the country. With the increasing amount of supply chain attacks disrupting and compromising sensitive information concerning national security, the CMMC seeks to rectify major malpractice via this uniformed model.

From the official CMMC Government Portal: “The Cybersecurity Maturity Model Certification framework includes a comprehensive and scalable certification element to verify the processes and practices associated with the achievement of a cybersecurity maturity level. CMMC can adequately protect sensitive unclassified information, accounting for flow down to subcontractors in a multi-tier supply chain.”

The current CMMC framework is based on a variety of pre-existing standards including the highly influential ISO 27001 and NIST SP 800-171, which both pertain to the protection of controlled unclassified information in non-federal organizations as well as general best practices when handling sensitive information of any kind that does not belong to you or the organization you may represent. The idea of a maturity model stems from the tier-based approach to compliance in which 5 total levels of maturity can be reached, each broken up into a variety of best practices and controls:

These best practices make up a total of 17 Capability Domains including Access Control, Risk Management, Media Protection, Incident Response, and more. The CMMC Accreditation Board breaks down these domains into the 171 best practices depicted in the graph I’ve created above.

With the topic of supply chain risk becoming increasingly relevant, and with the new Biden Administration revisiting and amplifying current Cybersecurity controls and measures, such as the CMMC, we will continue to explore the topic of federal compliance over the coming weeks, breaking down these aforementioned controls even further and helping you to understand where you may fall into this complex framework.

STAY UP TO DATE WITH TWITTER, INSTAGRAM, FACEBOOK, AND LINKEDIN SO YOU KNOW WHAT WE’RE UP TO!

Written By: Austin Grupposo'23 // Digital Forensics & Cybersecurity

The post AMSec Project Introduction appeared first on The Leahy Center for Digital Forensics & Cybersecurity.