130n@calvinlai.com
  • About Calvin Lai (fkclai)
  • My Work
  • Cyber Security
    • Cyber Security Centre (CSC)
      • Why we need a CSC
      • CSC Team Structure: Roles, Functions, and Tools
        • Key Function & Role
        • Tools & Platforms
        • People
        • Outsource Strategy
      • HRMC Executive Paper
  • Detection and Response
    • Playbook: Threat Prioritization & Automated Response Strategies
      • Scenario: Detecting and Mitigating a Ransomware Attack
      • Scenario: DC Sync Attack Detected and Mitigated
      • Scenario: Pass-the-Hash (PtH) Attack Detected and Contained
      • Scenario: Phishing Campaign with Malware / Credential Theft Detected and Mitigated
  • Application Architecture
    • Comparison of MVC , N-tier and Microservice Architecture
  • Application Security
    • OAuth, SAML, and OpenID Connect: Key Differences and Use Cases
    • Secure Coding Principles
    • HTTP Header Security Principles
    • Mitigating Broken Object Level Authorization (BOLA)
    • Spring Boot Validation
    • Output Encoding in JavaServer Faces (JSF)
    • Session Management Security Issues
    • Common API Security Problems
      • Broken Authentication
      • Excessive Data Exposure
      • Lack of Resources & Rate Limiting
      • Broken Function Level Authorization
      • Unsafe Consumption of APIs
    • JAVA Exception Handling
    • File Upload Validation
    • OAuth 2.0 Security
      • Insecure Storage of Access Tokens
    • Microservice Security
      • Sample Coding Demo
        • Service Implementation
        • Client Interaction
      • Security Solution for Microservices Architecture
    • Modifying and Protecting Java Class Files
      • Modify a Class File Inside a WAR File
      • Direct Bytecode Editing
        • Steps to Directly Edit a Java Class File
          • Update: Java Bytecode Editing Tools
      • Techniques to Protect Java Class Files
        • Runtime Decryption in WebLogic
    • JAVA Program
      • Secure, Concurrent Web Access Using Java and Tor
      • Creating a Maven Java project in Visual Studio Code
  • Exploit/CVE PoC
    • ZeroLogon Exploit
    • Remote Retrieved Chrome saved Encrypted Password
    • Twitter Control an RCE attack
  • Hacking Report (HTB)
    • Hits & Summary
      • Tools & Cheat Sheet
    • Windows Machine
      • Love 10.10.10.239
      • Blackfield 10.10.10.192
      • Remote 10.10.10.180
      • Sauna 10.10.10.175
      • Forest 10.10.10.161
      • Sniper
      • Json
      • Heist
      • Blue
      • Legacy
      • Resolute
      • Cascade
    • Linux Machine
      • Photobomb 10.10.11.182
      • Pandora 10.10.11.136
      • BountyHunter 10.10.11.100
      • CAP 10.10.10.245
      • Spectra 10.10.10.229
      • Ready 10.10.10.220
      • Doctor 10.10.10.209
      • Bucket 10.10.10.212
      • Blunder 10.10.10.191
      • Registry 10.10.10.159
      • Magic
      • Tabby
  • Penetration Testing
    • Web Application PenTest
    • Network/System PenTest
    • Mobile Penetration Test
      • Certificate Pinning
        • Certificate Pinning Bypass (Android)
          • Root a Android Device
          • Setup Proxy Tool - Burp Suite
      • Checklist
  • Threat Intelligence
    • Advanced Persistent Threat (APT) groups
      • North Korean APT Groups
      • Chinese APT Groups
      • Russian APT Groups
      • Other APT
  • Red Team (Windows)
    • 01 Reconnaissance
    • 02 Privileges Escalation
    • 03 Lateral Movement
    • 04 AD Attacks
      • DCSync
    • 05 Bypass-Evasion
    • 06 Kerberos Attack
    • 99 Basic Command
  • Exploitation Guide
    • 01 Reconnaissance
    • 02 Port Enumeration
    • 03 Web Enumeration
    • 04 Windows Enum & Exploit
      • Windows Credential Dumping
        • Credential Dumping: SAM
        • Credential Dumping: DCSync
      • Kerberos Attack
      • RDP
    • 05 File Enumeration
    • 06 Reverse Shell Cheat Sheet
      • Windows Reverse Shell
      • Linux Reverse Shell
    • 07 SQL Injection
    • 08 BruteForce
    • 09 XSS Bypass Checklist
    • 10 Spring Boot
    • 11 WPA
    • 12 Payload list
  • Vuln Hub (Writeup)
    • MrRobot
    • CYBERRY
    • MATRIX 1
    • Node-1
    • DPwwn-1
    • DC7
    • AiWeb-2
    • AiWeb-1
    • BrainPan
  • CTF (Writeup & Tips)
    • CTF Tools & Tips
    • Hacker One
    • CTF Learn
    • P.W.N. University - CTF 2018
    • HITCON
    • Pwnable
      • 01 Start
  • Useful Command/Tools
    • Kali
    • Windows
    • Linux
  • Offensive Security Lab & Exam
    • Lab
    • Tools for an Offensive Certification
      • Strategy for an Offensive Exam Certification
        • CVEs
        • Privilege Escalation
        • Commands
        • Impacket
  • ISO 27001
    • Disclaimer
    • What is ISO 27001
      • Implementation
    • Documentation
    • Common Mistake
    • Q&A
      • Can internal audit to replace the risk assessment
      • Is it sufficient for only the IT department head to support the ISO 27001 program
      • Does the Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) are the same?
    • ISO 27001 Controls and Domains
      • 1. Information Security Policies
      • 2. Organization of Information Security
      • 3. Human Resource Security
      • 4. Asset Management
      • 5. Access Control
      • 6. Cryptographic Controls
      • 7. Physical and Environmental Security
      • 8: Operational Security
      • 9. Communications Security
      • 10. System Acquisition, Development, and Maintenance
      • 11. Supplier Relationships
      • 12: Information Security Incident Management
      • 13. Information Security Aspects of Business Continuity Management
      • 14. Compliance
Powered by GitBook
On this page
  • 1. Vulnerability Scanning and Penetration Testing
  • 2. Security Awareness and Training
  • 3. Managed Security Services (MSS)
  • 4. Threat Intelligence
  • 5. Compliance and Audit

Was this helpful?

  1. Cyber Security
  2. Cyber Security Centre (CSC)
  3. CSC Team Structure: Roles, Functions, and Tools

Outsource Strategy

This page outlines the strategic allocation of responsibilities within a Information Security Center (ISC) by outsourcing key functions. Given the allowance for a small team, outsourcing critical tasks can ensure comprehensive security coverage without overburdening internal staff.

Vulnerability Scanning and Penetration Testing should be outsourced to specialized security firms to conduct regular assessments and simulated attacks, ensuring network and application security. Security Awareness and Training can be handled by training providers to deliver customized programs and phishing simulations, enhancing employee readiness against cyber threats.

Managed Security Services (MSS) offer 24/7 monitoring and incident response support, leveraging external expertise for continuous protection.

Threat Intelligence outsourcing provides actionable insights from specialized providers, integrating threat data with SIEM systems for enhanced detection. Finally, Compliance and Audit functions can be managed by third-party auditors to ensure adherence to cybersecurity regulations and standards through regular assessments and audits.

1. Vulnerability Scanning and Penetration Testing

What to Outsource:

  • Regular Vulnerability Scanning: Conducted using tools to identify potential vulnerabilities in the network and applications.

  • Penetration Testing: Simulated attacks to assess the security posture and identify weaknesses.

How to Outsource:

  • Hire Specialized Security Firms: Engage reputable cybersecurity firms specializing in vulnerability assessments and penetration testing.

  • Service-Level Agreements (SLAs): Ensure clear SLAs are in place to define the scope, frequency, and expected deliverables.

  • Regular Reports and Follow-Ups: Schedule regular reports and follow-up meetings to discuss findings and remediation strategies.

2. Security Awareness and Training

What to Outsource:

  • Employee Training Programs: Conducting regular security awareness training sessions for employees.

  • Phishing Simulation: Running simulated phishing campaigns to test and improve employee awareness.

How to Outsource:

  • Engage Training Providers: Partner with companies specializing in cybersecurity training and awareness programs (e.g., KnowBe4, SANS Security Awareness).

  • Customized Training Modules: Work with the provider to customize training modules based on the specific needs and threats faced by your organization.

  • Regular Assessments: Conduct regular assessments to gauge the effectiveness of the training programs.

3. Managed Security Services (MSS)

What to Outsource:

  • 24/7 Security Monitoring: Continuous monitoring of security events and incidents.

  • Incident Response Support: Assistance in managing and responding to security incidents.

How to Outsource:

  • Managed Security Service Providers (MSSPs): Partner with MSSPs that offer comprehensive monitoring and incident response services.

  • Clear SLAs: Define SLAs to ensure timely detection and response to security incidents.

  • Integration and Coordination: Ensure proper integration of MSSP services with your internal security tools and processes.

4. Threat Intelligence

What to Outsource:

  • Threat Intelligence Gathering and Analysis: Collecting and analyzing threat intelligence data to stay ahead of emerging threats.

How to Outsource:

  • Threat Intelligence Providers: Partner with companies specializing in threat intelligence (e.g., Recorded Future, FireEye).

  • Subscription Services: Subscribe to threat intelligence feeds and reports that provide actionable insights.

  • Integration with SIEM: Integrate threat intelligence feeds with your SIEM system for enhanced threat detection and response.

5. Compliance and Audit

What to Outsource:

  • Compliance Assessments: Regular assessments to ensure compliance with relevant cybersecurity regulations and standards.

  • Security Audits: Periodic security audits to evaluate the effectiveness of security controls.

How to Outsource:

  • Third-Party Auditors: Engage reputable auditing firms specializing in cybersecurity compliance and audits.

  • Defined Scope and Objectives: Clearly define the scope and objectives of the assessments and audits.

  • Regular Reviews: Schedule regular reviews to discuss findings and implement necessary improvements.

PreviousPeopleNextHRMC Executive Paper

Last updated 5 months ago

Was this helpful?