Chapter 3 - 01 - Discuss Information Security Fundamentals - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 The Security, Functionality, and Usability Triangle Level of security in any system can be defined by the strength of three components: Moving the ball towards Functionality security means less functionality and usability (Features) Security (Restrictions) Copyright © by EC meil Al Rights Reserved. Reproductionis Strictly Prohibited I The Security, Functionality, and Usability Triangle Technology is evolving at an unprecedented rate. As a result, new products that are reaching the market focus more on ease-of-use than on secure computing. Though technology was originally developed for “honest” research and academic purposes, it has not evolved at the same pace as users’ proficiency. Moreover, in this evolution, system designers often overlook vulnerabilities during the intended deployment of the system. However, adding more built-in default security mechanisms allows users more competence. It is becoming difficult for security professionals to allocate resources, exclusively for securing systems, with the augmented use of computers for an increasing number of routine activities. This includes the time needed to check log files, detect vulnerabilities, and apply security update patches. As routine activities consume system professionals’ time, leaving less time for vigilant administration, there is little time to deploy measures and secure computing resources on a regular and innovative basis. This fact has increased the demand for dedicated security professionals to constantly monitor and defend ICT (Information and Communication Technology) resources. Originally, to “hack” meant to possess extraordinary computer skills to explore hidden features of computer systems. In the context of information security, hacking is defined as the exploitation of vulnerabilities of computer systems and networks and requires great proficiency. However, today there are automated tools and codes available on the Internet that make it possible for anyone, who possesses the will, to succeed at hacking. However, mere compromise of system security does not denote hacking success. There are websites that insist on “taking back the Internet” as well as people who believe that they are doing everyone a favor by posting details of their exploits. In reality, doing so serves to hamper the skill level required to become a successful attacker. Module 03 Page 411 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 The ease with which system vulnerabilities can be exploited has increased while the knowledge curve required to perform such exploits has decreased. The concept of the elite “super attacker” is an illusion. However, the fast-evolving genre of “script kiddies” is largely comprised of lesser-skilled individuals having second-hand knowledge of performing exploits. One of the main impediments contributing to the growth of security infrastructure lies in the unwillingness of exploited or compromised victims to report such incidents for fear of losing the goodwill and faith of their employees, customers, or partners, and/or of losing market share. The trend of information assets influencing the market has seen more companies thinking twice before reporting incidents to law enforcement officials for fear of “bad press” and negative publicity. The increasingly networked environment, with companies often using their websites as single points of contact across geographical boundaries, makes it critical for security professionals to take countermeasures to prevent exploits that can result in data loss. This is why corporations need to invest in security measures to protect their information assets. Level of security in any system can be defined by the strength of three components: * Functionality: The set of features provided by the system. = Usability: The GUI components used to design the system for ease of use. = Security: Restrictions imposed on accessing the components of the system. The relationship between these three components is demonstrated by using a triangle because increase or decrease in any one of the components automatically affects the other two components. Moving the ball towards any of the three components means decreasing the intensity of other two components. The diagram represents the relationship between functionality, usability, and security. For example, as shown in the figure, if the ball moves towards Security it means increased security and decreased Functionality and Usability. If the ball is in the center of the triangle, then all the three components are balanced. If the ball moves towards usability it means an increased Usability and decreased Functionality as well as Security. For any implementation of security controls, all the three components have to be considered carefully and balanced to get acceptable functionality and usability with acceptable security. Moving the ball towards security means less Functionality (Features) functionality and usability Security Usability (Restrictions) (GUY) Figure 3.1: Security, Functionality, and Usability Triangle Module 03 Page 412 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 NIST Cybersecurity Framework (CSF) O NIST brought all stakeholders together to form a community to design a Cybersecurity Framework (CSF) that addresses all the security risks and supports continuous business operations NIST CSF Functions and Categories Identify % Asset Management Protect < “* Business Environment 2 % Governance % Risk Assessment * Risk Management Strate, 8y Identity Management and Access Control e Training. Detect «+ Data Security «+ Information Protection Recover «» Anomalies and Events ++ Response Planning “* Recovery Planning %+ Continuous Security < Communications ** Improvements i < Analysis " +» Monitoring. Respond % Detection Processes Processes and Procedures. < Maintenance “* Protective Technology ‘Q“ o o Communications % Mitigation % Improvements [e] 0 @] |'_°]| fl https://www.nist.gov Copyright © by EC-{ cil All Rights Reserved. Reproduction is Strictly Prohibited. NIST Cybersecurity Framework (CSF) Source: https://www.nist.gov The ever-growing cyber threat landscape is forcing organizations to be alert in tackling evolving cyber threats in order to secure their business infrastructure and deliver continuous services to their customers. To assist enterprises in managing cybersecurity risks, NIST brought all stakeholders together to form a community to design a Cybersecurity Framework (CSF) that addresses all the security risks and supports continuous business operations. CSF includes best practices, guidelines, and industry standards that assist enterprises in handling risks. CSF consists of a set of key components such as the following. = Core It offers a set of operations or activities that help in attaining the desired security outcomes. It includes industry standards, practices, guidelines, operations, functions, and results that interact with cybersecurity activities. = Tiers They are different levels of implementations that help in assessing and planning cybersecurity activities. They offer segment-wise approaches for enterprises to deal with cybersecurity risks. = Profiles They are used to determine how standards, practices, guidelines, functions, and their categories should be aligned with the business needs, risk tolerance, and resources. A profile allows enterprises to build a roadmap to minimize security risks. Module 03 Page 413 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals * Exam 212-82 |mplementation Guidelines They propose common techniques to adopt the NIST CSF. It defines common information flow and decisions at different levels within an enterprise to manage risks. Functions and Categories of NIST CSF The following framework functions are not defined to create a serial path or attain the required end state; rather, they are recommended to be performed simultaneously and uninterruptedly to create operational conditions that help in addressing security risks. = |dentify: This function deals with designing an enterprise understanding to handle cybersecurity risks including data, people, assets, systems, and other capabilities. The operations in the identify function are important aspects for the productive use of the framework. Being aware of the business context, resources used for different functions, and associated cyber risks can allow enterprises to concentrate and prioritize their risks as well as improve risk management plans to run business effectively. The subdivisions or categories of this function include the business environment, governance, asset management, risk assessment, and risk management strategy. * Protect: This function involves designing and implementing proper protection methods to ensure critical service delivery. The function provides the capability to restrict and control the impact of critical cybersecurity incidents. The subdivisions or categories of this function include awareness training, information protection processes and procedures, identity management and access control, data security, maintenance, and protective technology. = Detect: This function entails the design and implementation = of suitable operations to discover unexpected cybersecurity events across a network. This function provides the ability to discover cybersecurity events without any delay. The subdivisions or categories of this function include continuous security monitoring, anomalies and events, and detection processes. Respond: This function involves the design and implementation of suitable operations to respond based on detected cybersecurity events. This function allows controlling the impact of critical cybersecurity events. The subdivisions or categories of this function include communications, mitigation, response planning, analysis, and improvements. = Recover: This function deals with designing and implementing suitable operations to support strategies for defense and reinstitute services that were affected by cybersecurity events. This function supports the timely recovery of services to the normal condition or state to minimize the impact of security events. The subdivisions or categories of this function include communications, recovery planning, and improvements. Module 03 Page 414 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.