Due Diligence

Due diligence in cybersecurity refers to the comprehensive process of assessing and managing the cyber risks associated with an organization or third party before entering into a business relationship or making a significant investment. Here are some key aspects:

• Risk Identification: Identifying potential cyber threats and vulnerabilities within the organization’s network and systems.
• Assessment of Security Measures: Evaluating the existing security measures and practices to ensure they meet industry standards and are capable of mitigating identified risks.
• Third-Party Risks: Assessing the cybersecurity posture of third-party vendors and partners to ensure they do not introduce additional risks.
• Compliance: Ensuring that the organization complies with relevant cybersecurity regulations and standards.
• Remediation Plans: Developing and implementing plans to address any identified gaps or weaknesses in the cybersecurity framework.

Cybersecurity due diligence is crucial for protecting sensitive data, maintaining business continuity, and building stakeholder trust.

 Attestation

In cybersecurity, attestation refers to the process of verifying and validating the integrity and authenticity of a system or component. This ensures that the system or component can be trusted and not compromised by malicious entities.

Here are some key points about attestation in cybersecurity:

• Independent Review: Attestation involves an independent review and confirmation that an organization’s cybersecurity risk management program meets specific standards and requirements.
• Trust Building: It helps build trust with stakeholders by demonstrating the organization has adequate internal controls to manage cybersecurity risks.
• Types of Attestation: There are various types of attestation, including remote attestation, where one system proves its trustworthiness to another.
• Frameworks: Attestation can be based on different frameworks, such as the NIST Cybersecurity Framework, ISO standards, or the AICPA’s Trust Services Criteria.

Attestation is crucial for ensuring that systems are secure and reliable, especially in environments where data integrity and security are paramount.

 SOW (Statement of Work)

A statement of work (SOW) is a legally binding document that outlines the details of a project, including the work to be done, the timeline, and the cost. It's typically created between a client and a vendor and ensures that all parties involved have a clear understanding of their responsibilities and expectations.

A SOW can include the following details:

Project deliverables, timeline, work location, payment terms and conditions, resources, special requirements, expected outcomes, and project team.

A SOW is essential because it forms the basis for a contract and can affect the project's success or failure. Ensuring the SOW is clearly defined, unbiased, and contractually sound is essential.

A SOW differs from a scope of work, while another document provides a framework for project success. While both documents are abbreviated as SOW, they are separate documents that complement each other.

 OWASP

OWASP stands for Open Worldwide Application Security Project, a non-profit organization that aims to improve the security of software:

What they do

OWASP provides resources, tools, and educational materials to help organizations, security professionals, and developers understand and address web application security risks.

How they do it

OWASP offers a variety of programs, including:

• Open-source software projects: Community-led projects to create open-source tools and resources
• Conferences: Local and global conferences to bring together members and chapters
• Educational materials: Documentation, videos, and forums to help improve web application security
• Training events: Events to help developers and security professionals learn about security best practices

What they're known for

OWASP is best known for its OWASP Top 10, a list of the most critical web application security risks.

How to participate

Anyone can participate in OWASP's projects, events, local chapters, online groups, and community Slack channels. OWASP also encourages donations to support their work.

 TAXII

Trusted Automated eXchange of Intelligence Information (TAXII) is a protocol for exchanging cyber threat information (CTI) across organizations and services. TAXII is a transport mechanism that uses Hypertext Transfer Protocol Secure (HTTPS) to transfer STIX insights.

TAXII is a U.S. Department of Homeland Security initiative that enables organizations to share CTI to detect, prevent, and mitigate cyber threats. TAXII is not a specific application or information-sharing initiative; it provides the tools to help organizations share CTI with their chosen partners.

TAXII defines a set of requirements for TAXII clients and servers and a RESTful API that supports various sharing models. The three main TAXII models are:

Hub and spoke: A single repository of information

Source/subscriber: A single source of information

Peer-to-peer: Multiple groups share information

TAXII is a good starting point for those new to threat intelligence.

 STIX

Structured Threat Information eXpression (STIX) is a free, open-source language that allows users to share and analyze cyber threat intelligence (CTI) in a consistent, human-readable format:

Purpose

STIX is a standardized language that allows users to share CTI in a way that can be easily understood by both humans and security technologies.

Features

STIX is flexible, extensible, and automatable. It uses a JSON-based lexicon to describe threats in terms of their motivations, abilities, capabilities, and responses.

Benefits

STIX allows users to share and analyze CTI quickly and consistently, which can help them understand threats and act proactively or defensively.

Community

STIX is a collaborative, community-driven effort that welcomes participation from anyone interested.

Integration

STIX can be integrated into existing tools and products or used for specific analyst or network needs.

Transport

STIX is often used with Trusted Automated eXchange of Intelligence Information (TAXII), a transport protocol that supports transferring STIX insights over HTTPS.

 SED (Self Encrypting Drive)

A self-encrypting drive (SED) is a type of hard disk drive (HDD) or solid-state drive (SSD) that automatically encrypts and decrypts data without requiring user intervention or additional software. Here are the key features and benefits of SEDs:

Automatic Encryption: SEDs use hardware-based encryption to secure all data written to the drive. This process is seamless and does not require the user to take any action.

• Security: The encryption keys are stored within the drive, making it difficult for unauthorized users to access the data. The data remains encrypted and inaccessible if the drive is removed from the system.
• Performance: Since the drive’s hardware handles the encryption, there is minimal impact on system performance compared to software-based encryption solutions3.
• Ease of Use: SEDs are designed to be user-friendly, with encryption and decryption processes occurring transparently in the background.
• Data Protection: If a drive is lost or stolen, the data remains protected due to the encryption, reducing the risk of data breaches.
• Disposal: Issuing the erase command is issued, the MEK is erased, rendering the data unrecoverable
  

SEDs are widely used in environments where data security is critical, such as in corporate, government, and healthcare settings.