INTRODUCTION TO CYBERSECURITY.pdf

Full Transcript

INTRODUCTION
TO CYBER
SECURITY
TOPIC OUTLINE

WHAT IS CYBERSECURITY
THE CIA TRIAD
THE CYBERSECURITY INDUSTRY
WHAT IS CYBERSECURITY,
EXACTLY?
“CYBERSECURITY IS
THE PRACTICE OF
PROTECTING
SYSTEMS,
NETWORKS, AND
PROGRAMS FROM
DIGITAL ATTACKS.”
 THE CIA TRIAD
A BASIC, OVERARCHING MODEL FOR CYBERSECURITY,
PARTICULARLY AS IT RELATES TO INFORMATION, IS THE CIA
TRIAD. CIA STANDS FOR CONFIDENTIALITY, INTEGRITY, AND
AVAILABILITY (NOT THE US CENTRAL INTELLIGENCE AGENCY).
NEARLY ALL INFORMATION SECURITY POLICIES TRACE BACK TO
THIS MODEL. LET’S GO THROUGH EACH COMPONENT OF THIS
TRIAD.
Confidentiality

This pillar of the triad refers to protecting private information from
eyes that shouldn’t have access to it. Confidentiality is the need to
enforce access - who can see this, and who shouldn’t? For example,
we don’t want to give our social security number to just anyone. Still,
we trust that the institutions we give them to - like tax services -
implement the right security measures to keep it secret. So what
tools are used to guarantee the right access?
Some of the ways confidentiality is managed are:
Keeping levels of access and setting permissions
Encrypting data and files
Requiring multi-factor authentication
 Integrity

Integrity refers to data integrity here. We need security controls
that protect data from being changed or deleted. We must also
ensure that the damage can be reversed if data is changed
accidentally or by the wrong person. Some techniques related to
integrity are:
Keeping backups of the data in its correct state and logging
versions
Using cryptography to securely check for changes
Keeping track of digital signatures to prove integrity of data
 Availability

This last pillar refers to data being consistently, reliably available to
those authorized. For example, when you log in to a social media
account and want to set your privacy settings, you expect all the
correct settings you had set before to appear immediately. The social
media company ensures that even with high traffic, information gets
to your screen. How is this accomplished?
Always monitoring servers and networks
Maintaining hardware and software
Having a plan for disaster recovery
 THE CYBERSECURITY
INDUSTRY

SECURITY ENGINEERING

This section refers to the technical implementation of various forms of security.
Information security, or InfoSec, protects data in any form from being
accessed, modified, shared, or deleted by the wrong people.
Network security is concerned with the network infrastructure of an
organization that guards against unauthorized access or data from being
intercepted.
Application security refers to implementing measures that defend an
application (mobile, desktop, or web) from attack, including both software
and hardware solutions. Examples of application security include secure
coding, the use of antivirus programs, firewalls, and encryption.
Cloud security refers to the new field of making sure resources
uploaded into the cloud are secure. Companies and users are
constantly moving more resources into the cloud, and
professionals in this field need to be familiar with implementing
security in this environment.
Cryptography focuses on methods to hide and un-hide information
so that data is only readable or usable by authorized people. This
requires familiarity with all types of encryption and hashing
algorithms.
Critical infrastructure security is defending physical systems that
are becoming more digital/networked, such as energy grids,
hospitals, water and waste systems, and even schools. Among the
issues that come up are natural disasters and outages.
 GOVERNANCE AND
COMPLIANCE

It’s critical to understand international, federal, and state laws and
regulations for security. This has implications on the security
operations for all organizations. Compliance refers to making sure an
organization enforces certain policies, and continuously auditing as
well.
This is becoming an increasingly important area of work. While these
roles might not require programming knowledge, these roles require
foundational knowledge of cybersecurity as well as all the laws and
regulations that impact a particular industry.
 RISK MANAGEMENT AND
THREAT INTELLIGENCE
THREAT INTELLIGENCE IS THE CONTINUOUS
GATHERING OF KNOWLEDGE OF POSSIBLE
ATTACKS. INTELLIGENCE COULD LOOK LIKE
KNOWING THE MOTIVATIONS BEHIND ATTACKS,
WHAT THE SCALE OF ATTACKS COULD BE, AND
WHAT VECTORS THAT MIGHT USE. THESE ROLES
OFTEN INTERSECT WITH DATA SCIENCE AND
MACHINE LEARNING BECAUSE OF THE NEED TO
PROCESS ALL THIS INFORMATION.
SECURITY OPERATIONS

People who work in this area are responsible for implementing security
principles, monitoring incidents, and recovering from disasters. They
work closely with everyone under the security umbrella to:
Detect when something has gone wrong.
Implement preventative measures against cyber attacks.
Make sure there are back-ups in case a system is compromised
and data is lost.
Track changes to a system.
Come up with disaster recovery plans in advance
Create documents and organization policies for all of the above.
 EDUCATION

Security education is a growing area in itself! This domain
acknowledges that the most securely designed
technologies are only as strong as the people who use
them. User education teaches best practices for people to
protect themselves against cyber threats. Security training
also happens in large organizations, where employees are
educated and updated on the organization’s security
policies and practices.
THANKYOU