-
Goals to protect cyberspace
-
Confidentiality
-
Integrity
-
Availability => Provide focus and enable the cybersecurity specialist to prioritize actions when protecting networked systems
CIA
- Confidentiality
- Prevents the disclosure of information to unauthorized people, recources or processes
- Integrity
- Accuracy, consistency, trustworthiness of data
- Availability
- Ensures that information is accesible by authorized users when needed
- Cybersecurity focus on protecting data
- Goal to protect all kinds of data in cyberspace Three possible states
- Data in transit
- Data at rest/in storage
- Data in process
-
Defines skills and disciplines available for protecting data in cyberspace
-
Technologies
-
Policies and Practice
-
People
= Privacy
- Prevents the disclosure of information to unauthorized people and processes
Methods to ensure confidentiality:
- Data encryption
- Authentication
- Acces control
Sensitive vs. non-sensitive data
Types of sensitive information
Personal information
: Social security number, Medical records; Credit card numbers, Financial recordsBusiness information
: Trade secrets, Acquisition plans, Financial data, Customer informationClassified
: Top secret, Secret, Confidential, Restricted
Authentication
:
- Something you know (password)
- Something you have (token or card)
- Something you have (fingerprint)
Authorization
: user permissions
Accounting
: policies
Example: Credit Card
Authentication: -> Authorization -> Accounting:
Who are you? How much can you spend? What did you spend it on?
= Quality
- Acccuracy of data
- Consistency of data
- Trustworthiness of data
Methods to ensure data integrity: hashing, validation checks, data consistency checks, acces control
The need for data integrity
Critical level
: Healthcare & Emergency services
- All data is validated and tested
- Data verified to provide trustworthiness
High level
: Ecommerce & Analytics - All data is validated
- Data is checked to provide trustwrthiness
Mid level
: Online sales & Search engines - Litlle verification
- Not completely trustworthy
Low level
: Blogs & Personal posting sites - Data may not be verified
- Low level of trust in content
Integrity Checks
- Measure consistency of a data collection
- Hash function
- Backups
- Version control
= Need to maintain the availability of data at all times
Methods to ensure availability:
- Redundancy
- Backups
- Resiliency
- Equipment
- Updates
- Recovery
Dangers for interrupting availability
- Denial of service
- Malicious attacks
- equipment failures
- Natural disaster
= Refers to 99,999% up-time; less than 5,26 minutes downtime/year
- High availability
- Systems are designed to avoid downtime, ensures a level of performance for a higher than normal period
High availability design principles:
Principle | Solutions |
---|---|
Eliminate single points of failure | hot standby devices, redundancy |
Provide for a reliable crossover | redundant power supply, backup, communications systems |
Detect failures as they occur | Monitoring systems |
Organizations can ensure availability by implementing:
- Equipment maintenance
- OS and system updates
- Backup testing
- Disaster planning
- New Technology implementations
- Unusual activity monitoring
- Availability testing
Stored data
= data at rest
Data at rest
= a type of storage device retains the data when no user or process is using it.
Direct-attached storage (DAS)
= storage connected to a computer. A hard drive or USB flash drive is an example of direct-attached storage.
Redundant Array of Independant Disks (RAID)
= uses multiple hard drives in an array, which is a method of combining multiple disks so that the operating system sees them as a single disk.
Network Attached Storage (NAS)
= a storage device connected to a network that allows storage and retrieval of data from a centralized location by authorized network users.
Storage Area Network (SAN)
= network based storage system architecture. Ability to connect multiple servers to a centralized disk storage repository.
Cloud storage
= remote storage option that uses space on a data center provider and is accessible from any computer with Internet access
Data transmission
= sending information from one device to another
Sneaker net
: uses removable media to physically move data from one computer to anotherWired networks
: uses cables to transmit dataWireless networks
: uses radio waves to transmit data
Protecting data confidentiality
: cyber criminals can capture, save and steal data in-transit. Cyber professionals must take steps to counter these actions.Protecting data Integrity
: cyber criminals can intercept and alter data in-transit.Protecting data Availability
: cyber criminals can use rogue or unauthorized devices to interrupt availability.
- VPN
- SSL
- IPsec
- Encryption, decryption, hashing
- Redundancy, hot standby
Data in process
= data during initial input, modification, computation and output
Cybersecurity professionals design policies and procedures that require testing, maintaining annd updating systems to keep them operating with the least amount of errors.
- Acces control
- Data validation
- Data duplication
Software safeguards include programs and services that protect operating systems, databases, and other services operating on workstations, portable devices, and servers.
- Software firewalls control remote acces to a system
- Network and port scanners discoverand monitor open ports on a host
- Protocol analyzers
- Vulnerability scanners
- Host-based intrusion detection systems (IDS)
- Firewall appliances block unwanted traffic
- Dedicated Intrusion Detection Systems (IDS) detect signs of attacks or unusual traffic on a network and send an alert
- Intrusion Prevention Systems (IPS)
- Content filtering services control access
Virtual Private Network (VPN)
: secure virtual network that uses the public networkNetwork access control (NAC)
: requires a set of checks before allowing a device to connect to a networkWireless access point security
: includes the implementation of authentication and encryption.
Software as a Service (SaaS)
: allows users to gain access to application software and databases. Cloud providers manage the infrastructureInfrastructure as a Service (IaaS)
: provides virtualized computing resources over the InternetPlatform as a Service (PaaS)
: provides access to the development tools and services used to deliver the applications
Security policy
= set of security objectives for a company that includes rules of behavior for users and administrators and specifies system requirements
Standards
= provide the technologies that specific users or programs need in addition to any program requirements or criteria that an organization must follow
Guidelines
= list of suggestions on how to do things more efficiently and securely
Procedures
= Include implementations details that usually contain step-by-step instructions and graphics
ISO/EIC 27000 is an information security standard
Risk Assesment
= determines the risk related to a specific situationSecurity Policy
= speciffies how data can be accesed and by whomOrganization of information Security
= governance model set out by an organization for information assetsAsset Management
= inventory of and classification schema for information assetsHuman recources Security
= address securoty procedures relating to employees joining, moving and leaving organizationsPhysical and Environmental Security
= describes the protection of the computer facilities within an organizationCommunications and Operations Management
= management of technical security controlsInformation System Acquisition Development and Maintenance
= describes integration of security into applicationsAcces Control
= restriction of acces rights to networks, systems, applications, functions and dataInformation Security Incident Management
= describes how to anticipate and respond to information security breachesBusiness Continuity Management
= describes the protection, maintenance and recovery of business critical processes and systemsCompliance
= describes the proces of ensuring conformance with information security policies, standards and regulations