Cybersecurity Fundamentals

Systems at Risk

The growth in the number of computer systems and the increasing reliance upon them by individuals, businesses, industries, and governments means that there are an increasing number of systems at risk.

  • Financial systems

  • Utilities and industrial equipment

  • Aviation

  • Consumer devices

  • Healthcare

  • Large corporations

  • Automobiles

  • Shipping

  • Government

  • Internet of things and physical vulnerabilities

  • Medical systems

  • Energy sector

  • Telecommunications

Foundations of Cybersecurity

  1. Asset: Something valuable or important.

  2. Vulnerability: Weakness or flaw that can be exploited.

  3. Threat: Potential danger or harm.

  4. Risk: Chance of loss or harm.

  5. Countermeasure: Action taken to reduce risk or mitigate threat.

Classification Roles:

  1. Owner: Responsible for determining the value and importance of the asset.

  2. Custodian: In charge of safeguarding and maintaining the asset.

  3. User: Interacts with and utilizes the asset.

Classification Criteria:

  1. Value: Assessing the worth or significance of the asset.

  2. Age: Determining how long the asset has been in use.

  3. Replacement Cost: Evaluating the expense of acquiring a new asset.

  4. Useful Life Time: Estimating how much longer the asset will remain functional.

Classifying Vulnerabilities:

  1. Policy Flaws: Weaknesses in security policies or procedures.

  2. Design Errors: Mistakes in the system's architectural plan.

  3. Protocol Weaknesses: Vulnerabilities in communication protocols.

  4. Misconfiguration: Improperly configured settings or permissions.

  5. Software Vulnerability: Weaknesses in software code or applications.

  6. Human Factor: Human actions or behaviors that introduce risk.

  7. Malicious Software: Harmful programs like viruses or malware.

  8. Hardware Vulnerability: Weaknesses in physical components.

  9. Physical Access to Network Resource: Unauthorized physical access.

  10. Natural Factors (fire/earthquake/flood/storms): Environmental risks.

Classifying Countermeasures:

  1. Administrative: Policies, procedures, and training to manage security.

  2. Physical: Physical safeguards like locks, fences, and surveillance.

  3. Logical: Digital measures such as firewalls, encryption, and access controls.

CIA Triad

  • Confidentiality refers to the protection of sensitive information from unauthorized access, disclosure, or use. This can be achieved through measures such as encryption, access control, and data classification. – [Encryption | Least Privilege | Access Control]

  • Integrity refers to the protection of information from unauthorized modification or deletion. This can be achieved through measures such as data validation, version control, and auditing. – [Hashing | Digital Signature]

  • Availability refers to the assurance that information and information systems are available when needed. This can be achieved through measures such as redundancy, backup and recovery, and disaster recovery planning. – [Backup | Remote Sites]

AAA, which stands for Authentication, Authorization, and Accounting, is a fundamental concept in information security and network management. It is often compared to the CIA triad, which focuses on protecting information, while AAA is more concerned with controlling access to resources and tracking user activities. Let's break down AAA in a similar format to the CIA Triad:

  • Authentication: Authentication is the process of verifying the identity of a user, system, or entity. It ensures that the person or system trying to access a resource is who they claim to be. This is typically achieved through mechanisms like passwords, biometrics, smart cards, or other authentication methods. – [Passwords | Biometrics | Two-factor Authentication]

  • Authorization: Authorization follows authentication and determines what actions or resources a user or system is allowed to access. It establishes the level of access privileges granted to an authenticated entity. This is often managed through access control lists (ACLs) or role-based access control (RBAC) policies. – [Access Control Lists | Role-based Access Control]

  • Accounting: Accounting involves keeping track of activities and events related to the use of resources. It includes logging information such as who accessed what, when, and for how long. This information is crucial for monitoring and auditing purposes, as well as for billing or compliance requirements. – [Logging | Auditing | Monitoring]

Proactive Cybersecurity Strategies:

Prevention: Stopping problems before they occur. Detection: Identifying problems when they occur. Response: Taking action after a problem is identified.

Secure: Making something safe from harm or unauthorized access. Mitigate: Reduce the severity or impact of a problem. Remove: Take away or eliminate a threat. Avoid: Stay away from or prevent encountering a threat. Accept: Acknowledge and live with a certain level of risk.

Essentials of Cybersecurity Domains:

Network Security:

  • Safeguarding computer networks against unauthorized access, misuse, and denial of service attacks.

  • Includes tools like firewalls, intrusion detection/prevention systems, VPNs, and network access control.

System Security:

  • Protecting computer systems, encompassing servers, workstations, and mobile devices, from unauthorized access and theft.

  • Encompasses measures like authentication, access control, antivirus software, and encryption.

Application Security:

  • Ensuring the security of software applications by addressing threats and vulnerabilities.

  • Involves practices such as secure coding, input validation, error handling, and access control.

Security Management:

  • Overseeing security risks and implementing controls across an organization.

  • Involves activities like risk assessment, security policy development, training, incident response planning, and compliance management.

Exploring Cybersecurity Teams:

Blue Team:

  • The defensive force ensuring and enhancing an organization's security.

  • Comprising security professionals dedicated to risk identification, incident response, and policy compliance.

Red Team:

  • The offensive unit simulating real-world attacks to assess security vulnerabilities.

  • Comprising skilled professionals using attacker techniques to uncover weaknesses in an organization's defenses.

Purple Team:

  • A collaborative force merging Blue and Red Teams for enhanced security.

  • Involves joint efforts to identify, address, and strengthen security measures by leveraging the strengths of both defensive and offensive teams.

PreviousBlue Team & SOC AnalystNextBlue Team & SOC Analyst

Last updated