International Standards Report PDF

Preview

Summary

good...

Description

International Standards Report

1

International Standards Report Warren Buffington, Lanre Dosumu, Dylan Haines, Mcgennings Imoroa, Alisha Johnson CYB 670 Capstone in Cybersecurity January 27, 2021

International Standards Report Over the past few decades, the international community has accepted that malicious cyber incidents and operations have transcended from the local and state level to the international level. The

International Standards Report

2

international community has created alliances, legal framework, and committed their countries to initiatives centered around the principles determined to provide support and standardization designed to enhance intelligence sharing among the global community. The Five Eyes Alliance (FVEY) is one such program to “improve cyber event incident response across the extended community of the countries involved: United States, Australia, New Zealand, Canada, and United Kingdom” (Underwood, 2020). The FVEY’s have established best practices to apply when conducting incident response measures or when breaches occur. These include: the collection and removal of relevant information, logging and data, and avoiding issues that can result in additional compromise once the case is closed. International Incident Response Standards Among other measures, FVEY has suggested key responses to investigating the network incase of a breach. First is the indicators of compromise (IOC) search. The idea behind this is to “collect knowbad indicators of compromise from a broad variety of sources, and search for those indicators in the network and find hosts” (Lord, 2020). In other words, IOC searches look for pieces of forensic data, found in system log entries or files, that identify potential malicious activity. Ultimately, this allows for the assessing of results for malicious activity to eliminate false positives. Another is frequency analysis. Frequency analysis leverage datasets to calculate normal traffic patterns in both network and host systems. It would be crucial to use these predictive algorithms to identify activity that is inconsistent with normal patterns. Certain variables including, timing, source and destination location, port utilization, protocol, and other attributes. Next is pattern analysis. This “analyzes data to identify repeating patterns that are indicative of either scripts or routine human threat activity” (Underwood, 2020). Filtering out data allows for the elimination of normal activity and evaluating the remaining data for the suspicious or malicious activity. Last is anomaly detection. The concept is to “conduct an analysis review of collected data to identify errors” (Underwood, 2020). In other words, security threats are detected based on packet signatures and continuous monitoring of a network for unusual events or trends. International Standards for Suspicious Activity

International Standards Report

3

In addition to the incident response standards, when investigating a network, the FVEY recommended implementing standards for identifying suspicious activity. These standards are comprised of a list of the following: ●

Running Processes

●

Running Services

●

Parent-Child Process Trees

●

Integrity Hash of Background Executables

●

Installed Applications

●

Local and Domain Users

●

Unusual Authentications

●

Non-Standard Formatted Usernames

●

Listening Ports and Associated Services

●

Domain Name System (DNS) Resolution Settings and Static Routes

●

Established and Recent Network Connections

●

Run Key and other AutoRun Persistence

●

Scheduled Tasks

●

Artifacts of Execution (Prefetch and Shimcache)

●

Event logs

●

Anti-virus detections

These standards of identifying suspicious activity can benefit nations not only within the FVEY’s, but other nations as well.

Research and Development Standards

The quorum must be up to five members from the FVEY nations to attend the meeting. These are the members of the security research and development council. The meeting held must be in line with expanding intelligence in the Defense under Homeland Security department agency to safeguard the cybersecurity threats of FVEY nations. (Verrico, 2019, July 25). The intention of the meeting and research

International Standards Report

4

is to foster enough gathering of information security concerns that serves the needs of all FVEY countries. It helps in developing trusted collaboration between FVEY members and its partners. It must not interfere with FVEY members to continuing implementing national policies and standards.

Common Mistakes Although there are crucial standards that can benefit the international community, there are common mistakes made in response to breaches. These mistakes can include, mitigating the affected systems before responders can protect and recover data, preemptive credential resets, failure to preserve or collect log data, or fixing the symptom instead of the root cause. Ultimately, all of these mistakes can impact a nation's network infrastructure, or more importantly, the relationship between the FVEY nations.

International Standards Report

5 References

D. (n.d.). National Cyber Awareness System. Retrieved January 28, 2021, from https://uscert.cisa.gov/ncas/alerts

Lord, N. (2020, December 01). What are Indicators of Compromise? Retrieved January 28, 2021, from https://digitalguardian.com/blog/what-are-indicators-compromise

Underwood, K. (2020, September 01). Five Eyes Nations Release Cybersecurity Principles. Retrieved January 28, 2021, from https://www.afcea.org/content/five-eyes-nations-releasecybersecurity-principles

Verrico, J. (2019, July 25). News release: DHS S&T hosts five eyes security partners to discuss multilateral RDT&E. Department of Homeland Security Science and Technology. Retrieved from https://www.dhs.gov/science-and-technology/news/2019/07/25/news-release-dhs-sthosts-international-security-partners...