Elamb Cybersecurity

Blog

  • Training & Certification: Risk Management Approach to Security Authorization

    Understand the Risk Management Approach to Security Authorization

    The concept of management of information security risks across an enterprise is discussed in 800-39. An organization takes a multitier approach to the risk management at the organizational, mission, and system levels. Risk management framework is a process that is broken down in NIST 800-37, Risk Management Framework. The CAP addresses the following:

      Distinguish between applying risk management principles and satisfying compliance requirements
      Identify and maintain information systems inventory
      Understand the criticality of securing information
      Understand organizational operations

    Distinguish between applying risk management principles and satisfying compliance
    Risk management includes satisfying compliance. Even though some controls may not be able to be made fully compliant due to limited resources, residual risk to the organization can still be mitigated and managed. – Concepts of NIST SP 800-37, Guide of RMF

    Identifying and maintaining information system (IS) inventory is addressed in NIST 800-37, Risk Management Framework, 800-18, System Security Plan & 800-64, System Development Life Cycle. 800-37 addresses inventory of the IS in RMF Step 1 – Categorization of IS. Of the tasks of categorization includes information system registration which begins with by identifying the information system in the system inventory. This is documented in the security plan. NIST SP 800-18 discusses how the inventory is documents, and logically separates the system authorization boundary. That inventory is maintained and monitored throughout the life cycle of the IS (from imitation to disposal and from categorization to monitoring of the system).

    A CAP candidate can understand the criticality of security information from reading FIPS 199, categorization of federal information systems.

    Understanding the organizational operations of the system is imperative to a CAP candidate for the purpose of scope guidance described in NIST SP 800-53.

  • Hong Kong Bank Scam!

    Complement of the day,

    Although you might be apprehensive about my email as we have not met
    before,My name is Mr Song Li le I work with the Hang Seng Bank.There
    were no beneficiaries stated concerning these funds which means no one
    would ever come forward to claim it. That is why I ask that we work
    together so as to have the sum transfered out of my bank into your
    account. Note that all is well planned as we shall do this inline with all legal
    and banking requirements. All I need from you is your willingness,
    trust and commitment.

    I want you to know that I have had everything planned out so that we
    shall come out successful. I have an attorney that will prepare the
    necessary document that will back you up as the next of kin to Colonel
    Sadiq Uday, all that is required from you at this stage is for you to
    provide me with your Full Names and Address so that the attorney can commence his job. After you have been made the next of kin, the attorney will
    also fill in for claims on your behalf and secure the necessary
    approval and letter of probate in your favour for the move of the funds
    to an account that will be provided by you.There is no risk involved at all
    in this matter, as we are going to adopt a legalized method and the
    attorney will prepare all the necessary documents.

    Please endeavor to observe utmost discretion in all matters concerning
    this issue. Once the funds have been transferred to your nominated bank
    account we shall then share in the ratio of 70% for me, 30% for you.

    Should you be interested please send me your,

    1,Full names,
    2,private phone number,
    3,current residential address

    Regards,
    Mr Song Lile.

  • Fedex Delivery Letter scam

    FEDERAL EXPRESS (FedEx), WEST AFRICA
    LAGOS STATE, NIGERIA

    Dear Valued Customer ,

    Top of the day to you. You are welcome to FedEx West Africa. In respect to your mail which indicates for the release of your package, Nisreen Ahmed told me he was going to contact you regarding the package he dropped with us at our branch office here in West Africa . The package which is sealed contains a check of $800,000(Eight Hundred Thousand States Dollars) and is right here on my desk waiting for it to be dispatched.

    You can as well come down to this branch to pick up your package . Nisreen Ahmed came to our branch office last week to place your check on out going 24Hours delivery; he has already paid for the insurance fee and the delivery charges. But he did not pay for the security keeping fee which serves as demurrage due to the fact that we did not know when you will be contacting us via mail or phone to inform us that we have your enveloped type package in which the check is included, so we advised him not to pay for the security keeping fee of the package to the company yet but we informed him to contact you on time so you will not have to pay more than $350 USD on demurrage.

    Please we do not operate COD (Cash-On-Delivery) on this type of fee. (This serves as the demurrage fee)

    All you need to do right now to get your enveloped type package in which the check is included delivered to your door step is to go ahead and pay the security keeping fee of the company. So far, the fee is $350 USD only. You are to come up with this fee as to process the delivery of your package for immediate dispatch. Once you make the payment of the security keeping fee, I shall send to you the Scanned Copy of the Airway Bill and the package order number as well as the package tracking number in which you can use to check your package status at the FedEx branch nearest to you and also on our website online.

    Payment should be made via western union money transfer only for security purpose in our accounting officer’s name. The payment details are listed below.

    Name: Obazee Jeffery
    Address: Lagos, Nigeria .
    Text Question to be used: Relationship?
    Text Answer: brother

    Once you make the payment you are required to send the following for the final processing of the package airway bill and tracking number.

    Your Full Name:
    Your Full Delivery Address:
    Your Phone Number:
    The MTCN (Money Transfer Control Number) as given to you at the western union

    Get back to me with the information requested above, So that your package can be released for dispatch. Note that your tracking number and the scanned copy of the airway bill would be provided to you as soon as the payment has been confirmed by us.

    Have a wonderful time. Please call me anytime you need any assistance.
    Regards
    Mr. Bruce Williams
    Senior Dispatch Director.
    Tel:(+234) 0757410432

  • Date.ca Nigerian Scam

    I joined Date.ca and recieved a im from someone callng himself John Eric. Stating he read my profile and wanted to know if I would like to chat. So I read his profile and agreed to chat. He said he lived in Sarasota, Florida, and that he was divorced and his daughter lived in London with ex-wife who had cheated on him with a best friend. He had just moved to Florida in May. He said he was an engineer contractor. After chatting a couple of times on the date servcie he asked me to contact him on yahoo messanger. So I finally did and after a week of chatting he informed me he was going to Africa to supervise a building project for 2 week and hoped we could still continue emailing. He became very amourous very quickly stating he was falling in love with me and would like to come and see me after work was completed in Africa. When I would ask questions sometimes he would answer or he would not answer and change the subject with talk of his undying love and devotion for me. Or his computor would stop working. Suppossedly becasue of the distance. I quite enjoyed conversing with him and we seemed to click. He stated that he wanted to marry me and that he believed God was calling us together. It’s been 3 week chatting for hours together and 2 days ago he stated something bad had happened. When I enquired what it was he said he didn’t want to bother me with his problems. When I enquired more he told me he had come back to his apartment finding that someone had stolen his wallet, all his money and important papers as well as recent pictures of his daughter. He’d reported them stolen but would not be able to get them replaced for4 working days. He stated he had not eaten and didn’t know what to do. I made some suggestions on how he could possibly get some help US Embassy, go to a medical clinic, local church get some help anywhere. He said he was to proud and did not want to beg. I should not worry myself. That God would provide. The next day he said he needed to ask me a favor. He hadn and’t eaten for 2 days now had no money for his anti malaria dose and was wondering if I could help him out by sending him just a bit of money to get by till monday when he should be getting his new credit cards and he would remburse me then and was still planning to come and see me in Canada by thursday. I was starting to get mixed messages from him. He said he would book his flight on friday Canada(yet he didn’t have any credit cards to do that) that I would see him by thursday morning and promised me the world. He gave me information on how to send a western union money order and the secret questions I should answer so it was safe. And that I should put the name of his driver on the check. Red flags. I said to him why wouldn’t I put your name on the check. He stated I have to stay working at my office and it takes 2 hours to get downtown to bank. He said he trusted his driver and knew him well and I should not worry. His driver was well known and a good friend and he had his reasons to trust the guy. I finally stated to him I feel like something here is wrong and I do not feel right about doing this. He said he understood and then said he was wrong to ask me to do this and this was his problem and not to worry and asked me to forgive him and it would never happen again. He still was in love with me and wanted to marry me. I felt really confused at first and then a friend phoned and told me about this sight to read it and I’m sure it is the same guy. I will leave the address he gave me so you all can see it. His picture looks like a very handsome model type Italian. 46 years old. Name John Eric. His profile was in American singles. ( I informed staff there of this persons fraudulent behavior, they cancelled his profile). I tried to get more information so I’ve pretended to change my mind and state that I am willing to offer financial support. Telling him my banker will send a check to the USA Embassy but I need some Id from him, and a phone number or address where a driver from the US embassy can pick him up so he can recieve this check. No response yet but we’ll see what happens and if I can get info then I will report him.

    His mailing address and Drivers name are:

    Endurance Njoku
    21 Ikosi Road
    Lagos City
    Ikeja
    23401
    Nigeria

    Everyone please be careful of people who sound too good to be true, who offer you the world even before meeting you, who use alot of romantic talk right aways, who declare undying love and devotion and move at a really quick pace. Don’t be confused with this and if they ask for help financially or for help with getting a visa don’t buy into it.

  • UN DIPLOMATIC & COURIER COMPANY*scam*

    UN DIPLOMATIC & COURIER COMPANY
    Office Address
    38 Airport Road
    Benin City
    Edo State
    Nigeria
    Tel: +2348137053694
    Email: idsc@diplomats.com

    Attention: Check Owner,

    This is to bring to your notice and reminds that your Cashier Bank Draft worth of Eight Hundred Thousand Dollars ($800,000 USD) is still here with us in our office Un Diplomatic Security Company.

    I am Angela Scott the director of this company which i simply making it up to you that Mr. Hansen Ahmad was the one who brought cashier check and deposit with us before he travelled to Japan, under the securation of your package delivery to you.

    Important Notice: We have been waiting for you all this while for you to pay the Un Diplomatic Security Keeping charges that was require in your previous mail which is $80 USD only to release your cashier Check to you.

    I hereby notify you to understand that you are given 14th of January 2011 which is the final deadline to claim your check, if we do not receive your payment of security keeping fees for safe protecting of your check parcel delivery. Note that after this day your check will return back to the CENTRAL BANK OF NIGERIA as Government property if you do not pay the security fee of your check.

    This is the reason we are writing to inform you that you have to claim your cashier check before the deadline date issue to you. I advise that you should proceed with us and send the security fee for safe protecting of your check $80 USD via Western Union to the name below:

    RECEIVER’S PAYMENT INFORMATION

    NAME: CLINTON OJO
    CITY: BENIN
    STATE: EDO
    COUNTRY: NIGERIA
    TEXT QUESTION: COLOR
    TEXT ANSWER: PURPLE
    AMOUNT SENT: …………
    MTCN NUMBER: ………….

    As soon as your payment of $80.00 has been sent quickly E-mail us with the payment details or a scan copy of the western union payment slip for verification purpose.

    Once your payment is confirmed your cashier check will be delivered to you via first class courier in next 2 days.

    Thanks.

    Regards,
    Angela Scott
    Package Dispatcher

  • SCAMMED *greek*

    Beware of TUNDE FOWLER, who purports to be from the Office of the Presidency. He is a consumate liar and cheat as is his Greek counterpart, DR. CHRISTOS TSIKOUDIS.

  • Risk Management in IT: NSS

    Risk Management of IT: National Security Systems

    Risk Assessments and Risk Management will apply to National Security Systems (NSS).

    What is a Risk Assessment?

    A risk assessment is the results/process to determine the likelihood that a threat will exploit a weakness. Risk assessment is a part of the risk management.

    What is risk management?

    Risk Management is the on-going process of determining assessing, identifying and prioritizing of risks.

    Is My System a National Security System?

    NIST SP 800-59, Guidance for Identifying an information system as an NSS. 800-39 is a 17 page document developed in conjunction with the Department of Defense, including the National Security Agency, for identifying an information system as a national security system. It is basised on the Federal Information Security Management Act of 2002 (FISMA).

    Who determines if you have an NSS?

    The head of each agency is responsible for designating an agency information security official to determine which, if any, agency systems are national security systems.

    Tools to determine if you have a NSS system:

    National Security System Identification Checklist (NIST SP 800-59, Appendix A). The NSS ID Checklist asks (6) questions. Answering yes to any of these questions qualifies your system as an NSS:
    • Does the function, operation, or use of the system involve intelligence activities?
    • Does the function, operation, or use of the system involve cryptologic activities related to national security?
    • Does the function, operation, or use of the system involve command and control of military forces?
    • Does the function, operation, or use of the system involve equipment that is an integral part of a weapon or weapons system?
    • Is the system critical to the direct fulfillment of military or intelligence missions?
    • Does the system store, process, or communicate classified information?

    NSS RMF
    The guidance of CNSSI 1253 is the result of NIST collaborated with the Intelligence Community (IC), Department of Defense (DoD), and the Committee on National Security Systems (CNSS) to ensure NIST SP 800-53 contains security controls to meet the requirements of National Security Systems (NSS).

    KEY DIFFERENCES BETWEEN CNSS INSTRUCTION NO. 1253 AND NIST PUBLICATIONS

    The key differences between CNSSI 1253 and the rest of the NIST publications is that NSS systems do not follow “high-water mark”, NSS maybe tailored through risk-based adjustment, control profiles, and a method that allows organization to practice reciprocity.

    NSS and High Water Mark
    Both FIPS 200 and NIST 800-53 apply the concept of a high-water mark (HWM) when categorizing information systems according to the worst-case potential impact of a loss of confidentiality, integrity, or availability of information or an information system. This Instruction does not adopt this HWM usage. In the National Security Community, the potential impact levels determined for confidentiality, integrity, and availability are retained, meaning there are 27 possible three-value combinations for NSI or NSS, as opposed to the three possible single-value categorizations obtained using the guidelines in FIPS 200. – CNSSI 1253

    Risk-Based Adjustment
    Potential impact-based security categorizations for NSS may be tailored through the use of a risk-based adjustment. This adjustment takes into consideration the physical and personnel security measures already employed throughout the National Security Community and factors such as aggregation of information.

    Control Profile
    Method by which organizations may designate sets of controls for NSS based on their enterprise-wide risk assessment and taking into account business objectives, system risks, and mission needs.

    NSS Reciprocity
    It is the policy of the National Security Community that member organizations practice reciprocity with respect to the certification of systems and system components to the greatest extent practicable. Reciprocity of certification reduces the cost and time to implement systems and system components.

  • YOUR WINNING NOTIFICATION *SCAM

    Anti-Terrorist And Monetory Crimes Division
    FBI Headquarters In Washington, D.C.
    Federal Bureau Of Investigation
    J. Edgar Hoover Building
    935 Pennsylvania Avenue,
    NW Washington, D.C. 20535-0001

    Attn: Beneficiary,

    This is to Officially inform you that it has come to our notice and we have thoroughly completed an Investigation with the help of our Intelligence Monitoring Network System that you legally won the sum of $800,000.00 USD from a Lottery Company outside the United States of America. During our investigation we discovered that your e-mail won the money from an Online Balloting System and we have authorized this winning to be paid to you via a Certified Cashier’s Check.

    Normally, it will take up to 10 business days for an International Check to be cashed by your local bank. We have successfully notified this company on your behalf that funds are to be drawn from a registered bank within the United States Of America so as to enable you cash the check instantly without any delay, henceforth the stated amount of $800,000.00 USD has been deposited with Bank Of America.

    We have completed this investigation and you are hereby approved to receive the winning prize as we have verified the entire transaction to be Safe and 100% risk free, due to the fact that the funds have been deposited at Bank Of America you will be required to settle the following bills directly to the Lottery Agent in-charge of this transaction whom is located in United Kingdom. According to our discoveries, you were required to pay for the following –

    (1) Deposit Fee’s ( Fee’s paid by the company for the deposit into an American Bank which is – Bank Of America )
    (2) Cashier’s Check Conversion Fee ( Fee for converting the Wire Transfer payment into a Certified Cashier’s Check )
    (3) Shipping Fee’s ( This is the charge for shipping the Cashier’s Check to your home address )

    The total amount for everything is $200.00 (Two Hundred-US Dollars). We have tried our possible best to indicate that this $200.00 should be deducted from your winning prize but we found out that the funds have already been deposited at Bank Of America and cannot be accessed by anyone apart from you the winner, therefore you will be required to pay the required fee’s to the Agent in-charge of this transaction via Western Union Money Transfer Or Money Gram.

    In order to proceed with this transaction, you will be required to contact the agent in-charge ( Mr. Bruce Hutchinson ) via e-mail. Kindly look below to find appropriate contact information:

    CONTACT AGENT NAME: Mr. Bruce Hutchinson
    E-MAIL ADDRESS: brucehutchinson00@gala.net
    Telephone Number : +234-802-959-2149, 0092348029592149.

    You will be required to e-mail him with the following information:

    FULL NAME:
    ADDRESS:
    CITY:
    STATE:
    ZIP CODE:
    DIRECT CONTACT NUMBER:

    You will also be required to request Western Union or Money Gram details on how to send the required $200.00 in order to immediately ship your prize of $800,000.00 USD via Certified Cashier’s Check drawn from Bank Of America, also include the following transaction code in order for him to immediately identify this transaction : EA2948-910.

    This letter will serve as proof that the Federal Bureau Of Investigation is authorizing you to pay the required $200.00 ONLY to Mr. Bruce Hutchinson via information in which he shall send to you, if you do not receive your winning prize of $800,000.00 we shall be held responsible for the loss and this shall invite a penalty of $200.00 which will be made PAYABLE ONLY to you (The Winner).

    Robert Mueller
    Washington DC FBI.
    Room, 7367
    J. Edgar Hoover Building
    935 Pennsylvania Avenue, NW
    Washington, D.C. 20535-0001

    NOTE: In order to ensure your check gets delivered to you ASAP, you are advised to immediately contact Mr. Bruce Hutchinson via contact information provided above and make the required payment of $200.00 to information in which he shall provide to you

  • Risk Management in IT: Risk Assessment Methodology

  • Risk Management in IT: SDLC

    Risk Management Guide for IT: SDLC

    NIST 800-30, risk management guide for IT discusses how risk management framework matches to the system development life cycle (SDLC) , risk assessment methodology, risk mitigation, and good practice of ongoing risk assessment.

    A system and its information must be protected from cradle to grave. That is why risk management applies to the entire system development life cycle. The level of risk to the system and its data depends on the criticality or importance of the system to the business and/or mission it supports.
    The system development life cycle consists of: Initiation, Development/Acquisition, Implementation, Maintenance/Operations, and Disposal.

    How Risk Management Framework matches to the System Development Life Cycle

    SDLC
    Phases

    Phase
    Characteristics

    Support
    from Risk Management Activities

    Phase
    1—Initiation

    The need
    for an IT system is

    expressed
    and the purpose and

    scope of
    the IT system is

    documented

    Identified
    risks are used to

    support
    the development of the

    system
    requirements, including

    security
    requirements, and a

    security
    concept of operations

    (strategy)

    Phase
    2—Development or

    Acquisition

    The IT
    system is designed,

    purchased,
    programmed,

    developed,
    or otherwise

    constructed

    The risks
    identified during this

    phase can
    be used to support

    the
    security analyses of the IT

    system
    that may lead to

    architecture
    and design tradeoffs

    during
    system

    development

    Phase
    3—Implementation

    The system
    security features

    should be
    configured, enabled,

    tested,
    and verified

    The risk
    management process

    supports
    the assessment of the

    system
    implementation against

    its
    requirements and within its

    modeled
    operational

    environment.
    Decisions

    regarding
    risks identified must

    be made
    prior to system

    operation

    Phase
    4—Operation or

    Maintenance

    The system
    performs its

    functions.
    Typically the system is

    being
    modified on an ongoing

    basis
    through the addition of

    hardware
    and software and by

    changes to
    organizational

    processes,
    policies, and

    procedures

    Risk
    management activities are

    performed
    for periodic system

    reauthorization
    (or

    reaccreditation)
    or whenever

    major
    changes are made to an

    IT system
    in its operational,

    production
    environment (e.g.,

    new system
    interfaces)

    Phase
    5—Disposal

    This phase
    may involve the

    disposition
    of information,

    hardware,
    and software.

    Activities
    may include moving,

    archiving,
    discarding, or

    destroying
    information and

    sanitizing
    the hardware and

    software

    Risk
    management activities

    are
    performed for system

    components
    that will be

    disposed
    of or replaced to

    ensure
    that the hardware and

    software
    are properly disposed

    of, that
    residual data is

    appropriately
    handled, and that

    system
    migration is conducted

    in a
    secure and systematic

    manner