Cybersecurity Science with Shawn Riley

Introduction: In the constantly changing and developing cybersecurity landscape, the attack surface of modern enterprises has grown complex, leading to fatigue. Gartner, a leading research firm, has identified Continuous Threat Exposure Management (CTEM) as one of the top cybersecurity trends in 2023. As per Gartner, by 2026, organizations that prioritize their security investments based on a CTEM program will experience two-thirds fewer breaches. This article provides an overview of the concept of CTEM, its significance, and how it can be effectively implemented. What is CTEM? Continuous Threat Exposure Management (CTEM) is a proactive approach to cybersecurity. It involves continually monitoring an organization's external surfaces, assessing vulnerabilities, and taking appropriate actions to reduce security risks. The primary goal is safeguarding the organization's digital and physical assets by implementing robust remediation plans aligned with the exposed surface vulnerabil

In the realm of information security, Asset Management, Risk-Based Vulnerability Management, Continuous Threat Exposure Management, and Risk Management are interconnected concepts that together form a comprehensive approach to securing an organization's information assets. Here's a breakdown of their relationship: Asset Management: Definition : Asset Management involves identifying, classifying, and prioritizing an organization's assets. This includes tangible assets like hardware and intangible assets like software, data, and intellectual property. Relationship : Before you can protect something, you need to know what it is, where it is, and its value to the organization. Asset Management provides the foundation for all other security processes by identifying what needs to be protected. Focus : Assets Risk-Based Vulnerability Management: Definition : This is the process of identifying, evaluating, treating, and reporting on security vulnerabilities in systems in the contex

Introduction In the complex and ever-evolving world of intelligence, the ability to analyze and interpret information accurately is paramount. The intelligence cycle, a systematic process used by analysts to convert raw data into actionable intelligence, is at the heart of this endeavor. This cycle typically consists of five stages: Planning and Direction, Collection, Processing, Analysis and Production, and Dissemination. Each stage plays a vital role in ensuring that the intelligence provided to decision-makers is accurate, relevant, and timely. While all stages of the intelligence cycle are critical, the Analysis and Production phase is where the proverbial 'rubber meets the road.' It is in this phase that the collected data is evaluated, integrated, interpreted, and transformed into a form that can be used to make informed decisions. The quality of the intelligence product, and ultimately the effectiveness of the decisions made based on that product, hinge on the rigor and

The Exploit Prediction Scoring System (EPSS) is a revolutionary tool in the realm of cybersecurity, providing a fundamentally new capability for efficient, data-driven vulnerability management. Developed by the Forum of Incident Response and Security Teams (FIRST), EPSS is a data-driven effort that uses current threat information from Common Vulnerabilities and Exposures (CVE) and real-world exploit data to predict the likelihood of a vulnerability being exploited. The website for the EPSS is: https://www.first.org/epss/ The Intricacies of the EPSS Model The Exploit Prediction Scoring System (EPSS) model is a sophisticated tool that quantifies the likelihood of a vulnerability being exploited. It does this by generating a probability score that ranges between 0 and 1, or equivalently, 0 and 100%. A higher score signifies a greater probability that a given vulnerability will be exploited. The computation of this score is not a simple process; it involves a comprehensive analysis of vari

In the complex and ever-evolving world of cybersecurity, organizations are constantly faced with the challenge of protecting their digital assets from a wide array of threats. One of the key strategies in this endeavor is Risk-Based Vulnerability Management (RBVM), a cybersecurity process that goes beyond traditional vulnerability management. While the broader concept of risk management focuses on the selection, implementation, and assessment of security controls, RBVM emphasizes the identification and prioritization of cyber vulnerabilities based on the risk they pose to an organization. Understanding RBVM RBVM is a proactive approach to cybersecurity that identifies and prioritizes vulnerabilities based on their potential impact on an organization's network. The goal is to reduce the risk to a network by assessing vulnerabilities for risk factors and prioritizing responses to critical vulnerabilities. This approach allows organizations to focus their resources on the vulnerabilit

In cybersecurity, risk management is a critical process that helps organizations identify, assess, and mitigate potential threats to their digital assets. The National Institute of Standards and Technology (NIST), a non-regulatory federal agency within the U.S. Department of Commerce, has developed two comprehensive frameworks to guide organizations in managing their security and privacy risks: the Risk Management Framework (RMF) and the Cybersecurity Framework (CSF). Both frameworks are centered around the concept of security controls, which are safeguards or countermeasures designed to avoid, counteract, or minimize security risks. NIST Risk Management Framework (RMF) The RMF is a structured, flexible, and risk-based approach that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle. It provides a disciplined and structured process that integrates information security and risk management activities into the system deve

The cybersecurity industry, like many other sectors, is awash with data. From enterprise security controls and sensors to open source cybersecurity data, the volume of information is vast. Yet, the industry has been slow to adopt the FAIR data principles, a set of guidelines aimed at improving the Findability, Accessibility, Interoperability, and Reuse of digital assets. This article explores the FAIR data principles, their potential benefits to cybersecurity, the key enabling technologies for their implementation, and the impact of not implementing them in the cybersecurity industry. Understanding the FAIR Data Principles The FAIR data principles were established to enhance the utility and value of data assets. The acronym FAIR stands for Findable, Accessible, Interoperable, and Reusable, each representing a specific aspect of data management: Findable : Data and metadata should be easy to find for both humans and computers. They should be assigned a globally unique and persistent ide