Threat modeling frameworks come on in all shapes, forms, and sizes. And they serve a very specific task and that is to provide insights into the cyber threat. Almost every major security vendor out there created a threat modeling framework. Some of these frameworks have been publically made available and some are just a commercial proposition. Some provide genuine value and some don’t. What are some of the available threat modeling frameworks and what can you do with them? And do you need just one threat modeling framework?

In an earlier article, I spoke about how you can set up a vulnerability scanning and reporting program, a program to enrich and complete your CMDB. And what you need to do to deal with data avalanche. But why stop there? With vulnerability data, you can do so much more. In this article, I will mention some of the other things you can achieve with vulnerability data.

Incident Response Process

The incident has been remediated and any detected/reported damages have been reversed. But at the moment you want to archive the incident, you receive an invitation for an ‘Incident lessons-learned discussion’. And again the stress level rises. But should the stress level rise? After all the incident is remediated.

Uhhh, what? An incident log writer function? I hear lots of crazy function titles within IT. Especially within IT Security. So why do I need to implement a log writer function? Is this not already a basic capability of the incident response team? Although the incident response team should be capable enough to perform this task, I believe it is better to create a dedicated function for it. And I will tell you why I believe so.

‘Why did the incident happen?’ is the most important question that should be answered during the incident response process. But how do you answer this question?
‘Why did the incident happen?’ is the most important question that should be answered during the incident response process. But how do you answer this question?

There is no need to panic if you follow a structured approach. Otherwise, run Forrest, run. Although the use case itself can be very complex, the process to implement and maintain a use case is relatively straightforward. Let’s start at the beginning.

Use case development and maintenance is a structured process. Especially when you want to establish a high-velocity development/maintenance team.
Use case development and maintenance is a structured process. Especially when you want to establish…

Stage 1 — Development/Implementation

At the moment of writing this blog, there are 167.039 CVE registered. And from 167.039 registered CVEs, 11% is rated as critical. While an attacker only needs to identify one weakness to gain entry, you need to find all weaknesses. Yes, I absolutely agree, this is an extremely unfair game. But with the proper tools, processes, and policies you can make it difficult for the attacker. And with a little bit of luck, really difficult.

Source: CVEDETAILS.COM, December 29, 2021
Source: CVEDETAILS.COM, December 29, 2021

A key requirement for any security professional is to know the environment. Depending upon the job role/description the level of detail may vary. You need to know which assets are used by whom, why it is being used, which application is used by which assets, etc., etc. But as equally important you need to understand the business. So, where do you start?

Home automation comes in all shapes and sizes. It is totally customizable to everyone’s needs. But this flexibility does come with a price. Especially when you want to control your home automation from the rest of the world. A comparison between Domoticz and Home Assistant on remote usage.

A smart home requires also a defensive strategy. Especially when you make the smart home brain accessible from the Internet.
A smart home requires also a defensive strategy. Especially when you make the smart home…

Domoticz

Hopefully, you survived another year of cyber security madness. And yes, what a crazy year it has been. Data breaches, ongoing DDoS attacks, ransomware in all shapes and sizes. Not to forget the recently discovered Log4j vulnerability. And we Cyber Security soldiers just battle on. Crisis after crisis. There is no end in sight. And this got me thinking. Something needs to change. And the change needs to be drastic. Otherwise, the company you are working for might end up in cyber security statistics of 2022, and/or you might experience a burn-out. Therefore, I will continue in 2022 to share my knowledge, wisdom, and insights on cyber security to help you survive another year of cyber security madness.

Based upon my past experiences, I will continue with writing my views on how you can punch through the cyber security madness.
Based upon my past experiences, I will continue with writing my views on how you can punch through the cyber security madness.

Work smarter, not harder

Log4J continues to stir things in the InfoSec world. On December 27, 2021, another RCE was discovered and registered as CVE-2021–44832. Another Remote Code Execution. The recent security incidents around Log4J highlight the importance of proper testing before releasing a product on the market. This testing should be more than just testing the user functionality. It should also be about testing the non-functional requirements. And security is a non-functional requirement.

Richard de Vries

A passionate security professional who shares his knowledge, wisdom, and experiences to ensure we can make the world a little bit safer one step at a time.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store