1. A brief summary of the range, contents, and argument of the article.As we tried to answer the question #2 of case study 1 – SPE Breach: The Hack of the Century, “Discuss why despite substantial investments made by at the past, Sony still suffers security weaknesses?” (Bechor, 2017), this article by Julisch (2013) attempts to answer the similar question, “why despite substantial investments, there are still major security weaknesses in today’s information systems” by identifying the four anti-patterns and by suggesting how to overcome the anti-patterns. After the introduction, Julisch (2013) covers each of the following four anti-patterns and presents steps to tackle each as follows:Overreliance on intuition to make security decisionsLeaving
…show more content…
CI Principle I (threat awareness): “Continuously analyze the strategies and tools that cyber adversaries use.” Julisch (2013) argues that the adversaries’ strategies will change, and in response, firms’ maturity regarding the Principle I will be dependent upon the firms’ responsiveness to adapt accordingly.2. CI Principle II (preparedness): “Minimize your attack surface, i.e. the number of vulnerabilities that the threat can exploit.” Julisch (2013) provides several opportunities to apply this principle: assessing and managing ‘cyber footprint’, more restrictive spam filtering, the outright deletion of high-risk attachments, and identifying and blocking malicious Web pages and outgoing command and control channels. 3. CI Principle III (situational awareness): “Build situational awareness of the evolving state of attacks and intrusions.” When discussing this principle, Julisch (2013) argues the importance to understand APTs’ staged advancements and to comprehend the state of attacks and to block them in tracks and suggest anomaly detection as the most powerful technique for this principle. In wrapping up this anti-pattern, Julisch (2013) illustrates cyber intelligence in Fig 1. “Cyber intelligence combines the strategic intelligence of understanding and preparing for threats (Principles I and II) with the tactical intelligence of responding to dynamic threat situations (Principle III)” and urges us to perform the cycle faster to become more adaptable, thus yielding more limited opportunity for the attackers.Weak Governance (the anti-pattern #4) – Regarding IT
CI Principle I (threat awareness): “Continuously analyze the strategies and tools that cyber adversaries use.” Julisch (2013) argues that the adversaries’ strategies will change, and in response, firms’ maturity regarding the Principle I will be dependent upon the firms’ responsiveness to adapt accordingly.2. CI Principle II (preparedness): “Minimize your attack surface, i.e. the number of vulnerabilities that the threat can exploit.” Julisch (2013) provides several opportunities to apply this principle: assessing and managing ‘cyber footprint’, more restrictive spam filtering, the outright deletion of high-risk attachments, and identifying and blocking malicious Web pages and outgoing command and control channels. 3. CI Principle III (situational awareness): “Build situational awareness of the evolving state of attacks and intrusions.” When discussing this principle, Julisch (2013) argues the importance to understand APTs’ staged advancements and to comprehend the state of attacks and to block them in tracks and suggest anomaly detection as the most powerful technique for this principle. In wrapping up this anti-pattern, Julisch (2013) illustrates cyber intelligence in Fig 1. “Cyber intelligence combines the strategic intelligence of understanding and preparing for threats (Principles I and II) with the tactical intelligence of responding to dynamic threat situations (Principle III)” and urges us to perform the cycle faster to become more adaptable, thus yielding more limited opportunity for the attackers.Weak Governance (the anti-pattern #4) – Regarding IT