Categories Cybersecurity

Security Fundamentals

The goal of any security program should be to ensure that only authorized individuals have access to sensitive firm data, preventing it from falling into the wrong hands. You should also protect your material from being changed or removed without your permission.

Information security’s three pillars—Confidentiality, Integrity, and availability—provide a solid foundation for safeguarding your business’s data.

 Confidentiality

Prevents data from being accessed by unauthorized parties. Only those who need access should have it.

confidentially controls are from Personally Identifiable Information (PII)

  • Identification (Who are you)Users can be identified by their login name, email address, or phone number.
  • Authentication ( Prove it ) confirming a user’s identity or device identity before granting them access to restricted areas.
  • AuthorizationDo you have permission? – Grants a user access to services or the system based on identity and authentication.
  • Encryption ( cryptographic key – Scramble data ) Encrypted data can only be accessed or decoded with the right key. Unauthorized users can’t read encrypted data.
    • Symmetric encryption and asymmetric encryption are the two types. Symmetric encryption uses one key, which is called the private key or shared key. Asymmetric encryption uses two keys, called the public key and the private key.

Integrity

Integrity-focused security procedures are intended to keep data from being altered or abused by an unauthorized party.

Information security controls include:

  • Encryption
  • User access controls
  • Version control
  • Backup and recovery procedures
  • Error detection software

Availability

Data availability means access for authorized users. This ensures that authenticated people may access your system and data as needed.

Authorized users at any time, from any location, may access the information they require, which will always be accurate and readily available.

Where, How , When –   Availability is the accessibility

 Data availability includes:

  • Off-site backups
  • Disaster recovery
  • Redundancy
  • Failover
  • Proper monitoring
  • Environmental controls

Methods of Authentication

single-factor authentication (SFA) / multi-factor authentication (MFA)

Common Practice

  • Knowledge-based  : Passphrase or Secret code (Personal identification number (PIN) or Password)
  • Token-based  : a protocol for verifying identification and receiving a unique access token.
  • Characteristic-based  :  Biometric characteristic identifiers are: fingerprints, facial, voice, iris, and palm or finger vein patterns.

Non-repudiation

In the context of information security, the term “non-repudiation” refers to a service that can prove the authenticity and integrity of data without compromising its original source.

Privacy

the privilege of deciding how one’s own personal data is distributed or the right of a person to decide who gets to see what information about them.

Assets

An asset is any data, gadget, or other component of an organization’s systems that is valuable, typically due to the fact that it holds sensitive data or may be used to obtain such information. An asset may also be referred to as a IT resource.

Vulnerabilities

Vulnerabilities are weaknesses or flaws in a system that allow potential attackers to potentially get access to protected resources.

Threats

Threats relate to the risk of an information technology asset, computer network, intellectual property, or any other kind of sensitive data falling victim to a successful cyber assault that tries to obtain unauthorised access, damage, disrupt, or destroy the asset

Risk Assessment

Risk assessment involves detecting, estimating, and prioritising threats to an organization’s operations (including its mission, functions, image, and reputation), assets, people, other organisations, and even the nation.

  • Identification. Find all essential technology infrastructure assets. Assess these assets’ sensitive data. Identify each risk.
  • Assessment. Apply a method to evaluate critical asset security risks. After rigorous study and evaluation, decide how to dedicate time and resources best to risk mitigation. The evaluation technique must examine assets, threats, vulnerabilities, and mitigating controls.
  • Mitigation. Define a strategy for preventive action and ensure that appropriate security procedures are in place.
  • Prevention. Protect your company’s resources by putting in place measures to prevent security breaches and flaws.

Risk Treatment 

Risk treatment refers to all the methods used to mitigate a threat and accomplish the intended result.

  • Risk Avoidance: Risks can be avoided by not engaging in certain activities or procedures if a risk assessment determines that they provide unacceptable risk.
  • Risk Reduction: In order to minimize the negative effects of a potential threat while maximizing the positive outcomes of any preventative measures taken, risk reduction is a crucial risk treatment method
  • Risk Transfer: Transferring risk involves passing a portion of the threat to another party to minimize its possibility or impact on the organization. However, another party, such as an insurance company, must be informed of the sharing’s consequences, risk, and transfer cost.
  • Risk Retention: If the risk rating is acceptable or the mitigation cost of the adopted method exceeds the projected harm, Risk retention is best after a cost-benefit analysis.

Risk Priorities

After identifying risks, prioritise and analyse core risks using qualitative or quantitative risk analysis.

Utilizing a risk matrix is an efficient way that may be used to prioritise risks.

Governance Components

governance defines an organization’s risk appetite, builds accountability mechanisms, and determines who makes decisions.

  • Procedures: comprehensive instructions for carrying out a task in accordance with the policies of a department or organization.
  • Policies: set by corporate governance, such as executive management, to guide all actions taken to ensure industry compliance.
  • Standards: implemented by governance teams as a method of implementing rules through the establishment of policies and procedures.( International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST) & The Internet Engineering Task Force ( IETF) )
  • Regulations: frequently imposed by the government unlike governance and usually accompanied by monetary penalties for noncompliance. ( Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR) )

Incident Terminology

The incident response begins with understanding cyberattack terminology and few here.

  • Event: Any visible event in a network or system.
  • Intrusion: When someone tries to break into your computer system, this is known as an “intrusion.”
  • Breach: any occurrence that allows unauthorized access to computer data, apps, networks, or devices. Information is accessed without permission and also loss of control, and compromise.
  • Exploit: An “exploit” is a piece of code written specifically to locate and take advantage of a weakness in a software or system’s security.
  • Threat: A threat is any malicious act directed towards data that could result in data loss, data theft, destruction, disclosure, and modification of information.
  • Vulnerability: Cybercriminals can acquire unauthorized access to a computer system by exploiting a vulnerability. It comes from any weakness in an organization’s information system, system operations, or internal controls.
  • Incident: An incident is any action that puts your security at risk and could lead to a breach if it is not stopped.
  • Zero-day: Zero-day exploits target unknown software vulnerabilities. Before anyone can patch the software vulnerability, the attacker writes an exploit and utilizes it to attack

Security Control

Access control restricts what items can be used by whom and under what conditions.

Defense in Depth

Defense in depth is a term for an information security strategy that uses a combination of people, technology, and operations to set up variable barriers across the organization’s many layers and missions.

Principle of Least Privilege

According to the Principle of Least Privilege, users or applications should be granted only the privileges they actually need to perform their tasks. Users have access to only the data and applications they need to do their jobs.

Privileged Access Management

PAM is a solution for identity security that helps protect companies from cyberthreats by monitoring, detecting, and preventing unauthorized privileged access to vital resources. PAM is an acronym for “privileged access management.”

Privileged Accounts

Accounts that have permissions above and above those granted to regular users are referred to as privileged accounts. Examples of privileged accounts include those held by managers and administrators.

Data Handling 

  • Classification: Information is classified when the potential consequences to an organization are identified in the event of a breach in security. Data is classified into Label and processed accordingly.
  • Labeling: As a part of the measures taken to safeguard sensitive data, security labels are often used. example Unrestricted, Low sensitivity ( Internal Use only), Moderately restricted and Highly restricted.
  • Retention: Information and data should only be stored for as long as it continues to be useful.
  • Destruction: It’s possible that sensitive information could be left on media after deletion; this phenomenon, known as remanence, poses a serious threat to data privacy

 Ingress monitoring

Refers to the monitoring and evaluation of all inbound communications traffic and attempts to communicate.

  • Firewalls
  • Gateways
  • Remote authentication servers
  • IDS/IPS tools
  • SIEM solutions
  • Anti-malware solutions

Egress monitoring

It is used to control the data that leaves the IT environment of an organization.

Data Loss Prevention (DLP) or Data Leak Protection

  • Email (content and attachments)
  • Copy to portable media
  • File Transfer Protocol (FTP)
  • Posting to web pages/websites
  • Applications/application programming interfaces (APIs) 

Encryption

An original collection of data, known as the plaintext, is transformed into an unreadable encrypted version, known as the ciphertext, which is the goal of any encryption system.

Integrity services can be provided by hash functions and digital signatures, which enable a recipient to verify that a message has not been corrupted as a result of either malicious intent or accidental error.

An encryption system provides encryption services using hardware, software, algorithms, control parameters, and operational methods.

Symmetric Encryption: An essential feature of symmetric algorithms is that the same key is used for both encryption and decryption.

Encrypting bulk data and Broadcasting time-sensitive information in real time

Asymmetric Encryption: In asymmetric encryption, the plaintext is encrypted with one key and decrypted with a separate key.

The issue is that asymmetric cryptography is much slower than symmetric cryptography.

Configuration Management

Changes to a system are restricted to only those that have been approved and verified, and this is the goal of configuration management.

Related Posts

Back to Top
KeyFactz
KeyFactz

Terms and Conditions - Privacy Policy