Episode 65 — A.8.23–8.24 — Web filtering; Use of cryptography

A.8.23 establishes web filtering to manage risk from browsing and outbound HTTP/S traffic, acknowledging that the browser is a primary threat vector. For the exam, emphasize policy-aligned controls that block known malicious domains, enforce safe browsing categories, and apply content inspection where lawful and appropriate to detect malware and data exfiltration. Modern approaches pair DNS-layer protection with secure web gateways or cloud access brokers, integrating identity to apply differentiated policies for roles and devices. Evidence includes block/allow lists governance, certificate management for inspection, exception processes, and metrics such as blocked threat counts, false positive rates, and user impact indicators. Pitfalls involve overbroad blocking that breaks business workflows, privacy concerns around inspection, and blind spots for unmanaged devices. Effective implementations coordinate with awareness programs so users understand why blocks occur and how to request legitimate access, turning filtering into a guardrail rather than a roadblock.

A.8.24 governs the use of cryptography to protect confidentiality, integrity, and authenticity of information at rest and in transit. Candidates should demonstrate understanding of policy-driven key management, algorithm and parameter standards, certificate lifecycle (issuance, rotation, revocation), hardware-backed key protection where feasible, and separation of duties so no single actor can compromise a root of trust. Design choices must consider performance, interoperability, and regulatory constraints (e.g., export controls, data residency) while avoiding deprecated algorithms and weak modes. Pitfalls include unmanaged private keys embedded in code, inconsistent TLS configurations, and shadow PKI that spawns operational failures and security gaps. Strong programs centralize secrets, enforce automated rotation, inventory cryptographic assets, and validate configurations continuously with scanners and chaos-style tests. Candidates should be ready to explain how web filtering reduces exposure to hostile content and command-and-control channels, while sound cryptography ensures that even when data moves across untrusted networks or shared platforms, it remains protected and provably controlled—both vital stories to tell auditors and customers about modern, risk-based protection. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.