Information security:

Information security, often referred to as InfoSec, refers to the processes and tools designed
and deployed to protect sensitive business information from modification, disruption,
destruction, and inspection.

Definition Information security, often referred to as InfoSec, refers to the

Cisco processes and tools designed and deployed to protect sensitive
business information from modification, disruption, destruction, and
inspection.
Definition The term 'information security' means protecting information and
CSRC - NIST information systems from unauthorized access, use, disclosure,
Computer Security disruption, modification, or destruction in order to provide integrity,
Resource Center confidentiality, and availability.
Top Key Elements Confidentiality, Integrity, Availability, Authenticity and Non-
of an Information Repudiation.
Security
Types of Network Security, Cloud Security, Application Security, Internet of
information Things Security and Monitoring Security Measures.
technology security
What are the pillars
of security? 1. Physical Security >Access to Buildings, Physical Assets, IT
Hardware, Vehicle Fleet.
2. People Security > Permanent & Contract Staff, Partners, 3rd Party
Employees, Visitors, Special Events Security.
3. Data Security > Trade Secrets, Employee Data, Database,
Customer Data
4. Infrastructure Security > Networks, Remote Sites, Application
Security, Website, Intranet
5. Crisis Management > Documentation & Work Procedures,
Emergency Response Plans, Business Continuity Plans,
Documentation & Work Procedures Emergency Response Plans,
Business Continuity Plans, Disaster Recovery Plans, Disaster
Recovery Plans.

Types of  Application security

information  Infrastructure security
security  Cloud security
 Cryptography
 Incident response
 Vulnerability management
 Disaster recovery
 Endpoint Security
Types of security  Internal SOC—composed of dedicated employees operating
operations centers
(SOC) from inside an organization. These centers provide the highest
level of control but have high upfront costs and can be
challenging to staff due to difficulty recruiting staff with the
right expertise. Internal SOCs are typically created by
enterprise organizations with mature IT and security
strategies.
 Virtual SOC—use managed, third-party services to provide
coverage and expertise for operations. These centers are
easy to set up, highly scalable, and require fewer upfront
costs. The downsides are that organizations are reliant on
vendors and have less visibility and control over their security.
Virtual SOCs are often adopted by small to medium
organizations, including those without in-house IT teams.
 Hybrid SOC—combine in-house teams with outsourced
teams. These centers use managed services to supplement
gaps in coverage or expertise. For example, to ensure 24/7
monitoring without having to arrange internal overnight shifts.
Hybrid SOCs can enable organizations to maintain a higher
level of control and visibility without sacrificing security. The
downside of these centers is that costs are often higher than
virtual SOCs and coordination can be challenging.
Chief information  Security operations—includes real-time monitoring, analysis,
security officers and triage of threats.
(CISOs) responsible  Cyber risk and cyber intelligence—includes maintaining
for current knowledge of security threats and keeping executive
and board teams informed of the potential impacts of risks.
 Data loss and fraud prevention—includes monitoring for and
protecting against insider threats.
 Security architecture—includes applying security best
practices to the acquisition, integration, and operation of
hardware and software.
 Identity and access management—includes ensuring proper
use of authentication measures, authorization measures, and
privilege granting.
 Program management—includes ensuring proactive
maintenance of hardware and software through audits and
upgrades.
 Investigations and forensics—includes collecting evidence,
interacting with authorities, and ensuring that postmortems are
performed.
  Governance—includes verifying at all security operations
operate smoothly and serving as a mediator between
leadership and security operations.
Common  Social engineering attacks
information  Advanced persistent threats (APT)
security risks  Insider threats
 Crypto jacking
 Distributed denial of service (DDoS)
 Ransomware
 Man-in-the-middle (MitM) attacks
 Session hijacking—
 IP spoofing—
 Eavesdropping attacks—
Information  Firewalls
security  Security incident and event management (SIEM)
Technologies  Data loss prevention (DLP)
 Intrusion detection system (IPS)
 User behavioral analytics (UBA)
 Blockchain cybersecurity
 Endpoint detection and response (EDR)
 Cloud security posture management (CSPM)
 VPN Remote Access and SASE
 Information  Use MITRE ATT&CK
Security Best  System Hardening
Practices  Application security
 Network hardening
 Server hardening
 Database hardening
 Operating system hardening
 Require Strong Authentication for All Users
Strong passwords
Multi-factor authentication (MFA)
 Leverage Encryption
Encoding –
Verification
Integrity
Nonrepudiation
 Automate Vulnerability Management
 Conduct Penetration Testing
 Educate and Train Users
Improving Your  Advanced Analytics and Forensic Analysis
Information  Data Exploration, Reporting and Retention
Security  Threat Hunting
 Incident Response and SOC Automation—

ISO Standers for The ISO 27000 series of information security standards.
Information ISO 27001 and ISO 27002: 2022 updates (itgovernance.co.uk)
Security For reference
NIST Standers for NIST 800-53
Information NIST 800-171
Security
(American)
. DATA Security .

Security Operation Management of CPS servers

Next-Generation Firewalls: PaloAlto which is world top-rated firewall, working as first level of
defense.
Features:
Threat Detection and Prevention.
DDoS Policies and Protection.
URL Filtering from malicious URLs.
Application control and protection.
Geographical IP restriction.

WAF (Web Application Firewall):

Fortinet based WAF is able to detect and protect the layer7 application attacks.
Features:
SSL offloading.
All application / HTTPs attacks are being monitored and protect.
Application wise security management and prevention from layer7 attacks.

PAM (Privilege Access Management):

All credentials of infrastructure including Servers, VMs, Application interfaces, network devices
are being protected through PAM.
Features:
Time-based rights provisioning with limited set of required actions.
Video Recording of all activities to avoid cyber-incidents.
Role-based credentials are provisioned to relevant user.
Multi-Factor Authentication is applied on all infrastructure devices including application admin
console.

Vulnerability Assessment and management:

Monthly/quarterly vulnerability scan is run based on the requirements to identify the existing
weakness in application/infrastructure.
Antivirus Software:
All VMs / Endpoints are being protected through host/VM based antivirus agents.
Host based IDS/IPS is deployed to monitor and prevent from malicious signatures/IOCs.
OS Harding
Ports on, ports Blocs, policies deployed related to the application
Application Harding
Application pre and post security checks