Читать книгу You CAN Stop Stupid - Ira Winkler - Страница 65

Technical countermeasures are technological in nature. Technical countermeasures have a broad scope that extends beyond computers and information. For example, to stop car thefts, which are physical in nature, there is technology that can deactivate the engine remotely. Given the Internet of Things (IoT), almost any piece of equipment, no matter how basic, can now implement technical countermeasures.

Technical countermeasures mitigate some form of UIL by providing protection, detection, and/or reaction capability. Protection involves the user not having the ability to initiate loss, either because an attack is filtered or because the user does not have the ability to initiate the loss in the first place.

Detection can involve two aspects of the UIL problem. Technology can detect that malicious parties are attempting to interact with users or that a user has done something that can initiate a loss. So, for example, you can detect phishing messages are being sent to users. Another example is that you may detect that a user is attempting to go to a malicious website.

Obviously, the circumstances of reaction are similar. If you detect attacks targeting users, there are a variety of technologies that can react to and mitigate the attacks before they get to the users. Also, if you detect a user action that might initiate loss, you can then mitigate that action in progress. Following up with examples described in the previous paragraph, detected phishing messages can be deleted before reaching the user. The messages can also be analyzed, and any websites or Internet systems involved can be proactively blocked and reported. If you detect a user going to a malicious website, you can lock the user's account, block the website, or investigate the user to see whether the action is malicious or perhaps is being made by a person who has compromised the user's account.

Technical countermeasures can be the failsafe for a security and risk mitigation program. Users will fail. Procedures will fail. However, if you have the right technology in place, you can detect and react to the other failures. Obviously, technological countermeasures can also fail. However, if you implement the methodology in Part IV properly, technical countermeasures can be your first and last line of defense.