Choosing cybersecurity controls
If the job of cybersecurity professionals were to simply look up cybersecurity controls to mitigate threats, then it would have been a relatively easy job. In reality, knowing which cybersecurity control to apply is only the first step in implementing effective threat mitigation. After choosing the control, security analysis is needed to identify emerging threats that can result in the bypass or disablement of the control itself. Furthermore, knowledge about the security pitfalls and weaknesses associated with a given control is critical to ensure that the mitigation can truly be effective. This results in several rounds of security analysis to identify and examine the new assets that are introduced by the control and how they are subject to attack before the job of threat mitigation can be considered complete. Take, for example, secure boot, a well-known cybersecurity control that is expected to detect tampering in electronic control unit (ECU) code...
