CISC Cybersecurity Essentials v1.1 Chapter 2 PDF

Summary

This document is instructor material on cybersecurity, specifically Chapter 2 of Cybersecurity Essentials v1.1, discussing the Cybersecurity Cube, CIA Triad, states of data, and the ISO security model in detail.

Full Transcript

Instructor Materials Chapter 2: The Cybersecurity Cube Cybersecurity Essentials v1.1 Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 Chapter 2: The Cybersecurity Cube Cybersecurity Essentials v1.1 Presentation_ID...

Instructor Materials Chapter 2: The Cybersecurity Cube Cybersecurity Essentials v1.1 Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 Chapter 2: The Cybersecurity Cube Cybersecurity Essentials v1.1 Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12 Chapter 2 - Sections & Objectives 2.1 The Cybersecurity Cube Describe the three dimensions of the McCumber Cube (Cybersecurity Cube). 2.2 CIA TRIAD Describe the principles of confidentiality, integrity, and availability. 2.3 States of Data Differentiate the three states of data. 2.4 Cybersecurity Countermeasures Compare the types of cybersecurity countermeasures. 2.5 IT Security Management Framework Describe the ISO Cybersecurity Model Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13 2.1 The Three Dimensions of the Cybersecurity Cube Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14 The Three Dimensions of the Cybersecurity Cube The Three Dimensions The Principles of Security ▪ The first dimension of the cybersecurity cube identifies the goals to protect the cyber world. The goals identified in the first dimension are the foundational principles of the cybersecurity world. ▪ These three principles are confidentiality, integrity and availability. ▪ The principles provide focus and enable cybersecurity specialists to prioritize actions in protecting the cyber world. ▪ Use the acronym CIA to remember these three principles. The States of Data ▪ The cyber world is a world of data; therefore, cybersecurity specialists focus on protecting data. The second dimension of the cybersecurity cube focuses on the problems of protecting all of the states of data in the cyber world. Data has three possible states: 1) Data at rest or in storage 2) Data in transit 3) Data in process Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15 The Three Dimensions of the Cybersecurity Cube The Three Dimensions (Cont.) Cybersecurity Safeguards ▪ The third dimension of the cybersecurity sorcery cube defines the types of powers used to protect the cyber world. The sorcery cube identifies the three types of powers: ▪ Technologies - devices, and products available to protect information systems and fend off cyber criminals. ▪ Policies and Practices - procedures, and guidelines that enable the citizens of the cyber world to stay safe and follow good practices. ▪ People - Aware and knowledgeable about their world and the dangers that threaten their world. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16 2.2 CIA TRIAD Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17 CIA TRIAD Confidentiality The Principle of Confidentiality ▪ Confidentiality prevents the disclosure of information to unauthorized people, resources and processes. Another term for confidentiality is privacy. ▪ Organizations need to train employees about best practices in safeguarding sensitive information to protect themselves and the organization from attacks. ▪ Methods used to ensure confidentiality include data encryption, authentication, and access control. Protecting Data Privacy ▪ Organizations collect a large amount of data and much of this data is not sensitive because it is publicly available, like names and telephone numbers. ▪ Other data collected, though, is sensitive. Sensitive information is data protected from unauthorized access to safeguard an individual or an organization. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18 CIA TRIAD Confidentiality (Cont.) Controlling Access Access control defines a number of protection schemes that prevent unauthorized access to a computer, network, database, or other data resources. The concepts of AAA involve three security services: Authentication, Authorization and Accounting. Authentication verifies the identity of a user to prevent unauthorized access. Users prove their identity with a username or I.D. Authorization services determine which resources users can access, along with the operations that users can perform. Authorization can also control when a user has access to a specific resource. Accounting keeps track of what users do, including what they access, the amount of time they access resources, and any changes made. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19 CIA TRIAD Confidentiality (Cont.) Confidentiality and privacy seem interchangeable, but from a legal standpoint, they mean different things. ▪ Most privacy data is confidential, but not all confidential data is private. Access to confidential information occurs after confirming proper authorization. Financial institutions, hospitals, medical professionals, law firms, and businesses handle confidential information. ▪ Confidential information has a non-public status. Maintaining confidentiality is more of an ethical duty. ▪ Privacy is the appropriate use of data. When organizations collect information provided by customers or employees, they should only use that data for its intended purpose. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20 CIA TRIAD Integrity Principle of Data Integrity ▪ Integrity is the accuracy, consistency, and trustworthiness of data during its entire life cycle. ▪ Another term for integrity is quality. ▪ Methods used to ensure data integrity include hashing, data validation checks, data consistency checks, and access controls. Need for Data Integrity ▪ The need for data integrity varies based on how an organization uses data. For example, Facebook does not verify the data that a user posts in a profile. ▪ A bank or financial organization assigns a higher importance to data integrity than Facebook does. Transactions and customer accounts must be accurate. ▪ Protecting data integrity is a constant challenge for most organizations. Loss of data integrity can render entire data resources unreliable or unusable. Integrity Checks ▪ An integrity check is a way to measure the consistency of a collection of data (a file, a picture, or a record). The integrity check performs a process called a hash function to take a snapshot of data at an instant in time. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21 CIA TRIAD Availability Data availability is the principle used to describe the need to maintain availability of information systems and services at all times. Cyberattacks and system failures can prevent access to information systems and services. ▪ Methods used to ensure availability include system redundancy, system backups, increased system resiliency, equipment maintenance, up-to-date operating systems and software, and plans in place to recover quickly from unforeseen disasters. ▪ High availability systems typically include three design principles: eliminate single points of failure, provide for reliable crossover, and detect failures as they occur. Organizations can ensure availability by implementing the following: 1. Equipment maintenance 2. OS and system updates 3. Test backups 4. Plan for disasters 5. Implement new technologies 6. Monitor unusual activity 7. Test to verify availability Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22 2.3 States of Data Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23 States of Data Data at Rest ▪ Stored data refers to data at rest. Data at rest means that a type of storage device retains the data when no user or process is using it. ▪ A storage device can be local (on a computing device) or centralized (on the network). A number of options exist for storing data. ▪ Direct-attached storage (DAS) is storage connected to a computer. A hard drive or USB flash drive is an example of direct-attached storage. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24 States of Data Data at Rest (Cont.) ▪ Redundant array of independent disks (RAID) uses multiple hard drives in an array, which is a method of combining multiple disks so that the operating system sees them as a single disk. RAID provides improved performance and fault tolerance. ▪ A network attached storage (NAS) device is a storage device connected to a network that allows storage and retrieval of data from a centralized location by authorized network users. NAS devices are flexible and scalable, meaning administrators can increase the capacity as needed. ▪ A storage area network (SAN) architecture is a network-based storage system. SAN systems connect to the network using high-speed interfaces allowing improved performance and the ability to connect multiple servers to a centralized disk storage repository. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25 States of Data Data In Transit Data transmission involves sending information from one device to another. There are numerous methods to transmit information between devices including: ▪ Sneaker net – uses removable media to physically move data from one computer to another ▪ Wired networks – uses cables to transmit data ▪ Wireless networks – uses the airwaves to transmit data The protection of transmitted data is one of the most challenging jobs of a cybersecurity professional. The greatest challenges are: ▪ Protecting data confidentiality – cyber criminals can capture, save and steal data in-transit. ▪ Protecting data integrity – cyber criminals can intercept and alter data in- transit. ▪ Protecting data availability - cyber criminals can use rogue or unauthorized devices to interrupt data availability. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26 States of Data Data In Process The third state of data is data in process. This refers to data during initial input, modification, computation, or output. ▪ Protection of data integrity starts with the initial input of data. ▪ Organizations use several methods to collect data, such as manual data entry, scanning forms, file uploads, and data collected from sensors. ▪ Each of these methods pose potential threats to data integrity. ▪ Data modification refers to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failing resulting in data modification. ▪ Processes like encoding/decoding, compression/decompression and encryption/decryption are all examples of data modification. Malicious code also results in data corruption. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27 2.4 Cybersecurity Countermeasures Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28 Cybersecurity Countermeasures Technologies Software-based Technology Safeguards ▪ Software safeguards include programs and services that protect operating systems, databases, and other services operating on workstations, portable devices, and servers. There are several software-based technologies used to safeguard an organization’s assets. Hardware-based Technology Safeguards ▪ Hardware based technologies are appliances that are installed within the network faculties. They can include: Firewall appliances, Intrusion Detection Systems (IDS),Intrusion Prevention Systems (IPS) and Content filtering systems. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29 Cybersecurity Countermeasures Technologies Network-based Technology Safeguards Technological countermeasures can also include network-based technologies. ▪ Virtual Private Network (VPN) is a secure virtual network that uses the public network (i.e., the Internet). The security of a VPN lies in the encryption of packet content between the endpoints that define the VPN. ▪ Network access control (NAC) requires a set of checks before allowing a device to connect to a network. Some common checks include up-to-data antivirus software or operating system updates installed. ▪ Wireless access point security includes the implementation of authentication and encryption. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30 Cybersecurity Countermeasures Technologies Cloud-based Technology Safeguards ▪ Technological countermeasures now also include cloud-based technologies. Cloud-based technologies shift the technology component from the organization to the cloud provider. ▪ Software as a Service (SaaS) allows users to gain access to application software and databases. Cloud providers manage the infrastructure. Users store data on the cloud provider’s servers. ▪ Infrastructure as a Service (IaaS) provides virtualized computing resources over the Internet. The provider hosts the hardware, software, servers, and storage components. ▪ Virtual security appliances run inside a virtual environment with a pre-packaged, hardened operating system running on virtualized hardware. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31 Cybersecurity Countermeasures Implementing Cybersecurity Education and Training A security awareness program is extremely important for an organization. An employee may not be purposefully malicious but just unaware of what the proper procedures are. There are several ways to implement a formal training program: ▪ Make security awareness training a part of the employee’s onboarding process ▪ Tie security awareness to job requirements or performance evaluations ▪ Conduct in-person training sessions ▪ Complete online courses Security awareness should be an ongoing process since new threats and techniques are always on the horizon. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32 Cybersecurity Countermeasures Cybersecurity Policies and Procedures ▪ A security policy is a set of security objectives for a company that includes rules of behavior for users and administrators and specifies system requirements. These objectives, rules, and requirements collectively ensure the security of a network, the data, and the computer systems within an organization. ▪ Standards help an IT staff maintain consistency in operating the network. Standards provide the technologies that specific users or programs need in addition to any program requirements or criteria that an organization must follow. ▪ Guidelines are a list of suggestions on how to do things more efficiently and securely. They are similar to standards, but are more flexible and are not usually mandatory. Guidelines define how standards are developed and guarantee adherence to general security policies. ▪ Procedure documents are longer and more detailed than standards and guidelines. Procedure documents include implementation details that usually contain step-by-step instructions and graphics. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33 2.5 IT Security Management Framework Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34 Security Management Framework The ISO Model Security professionals need to secure information from end-to-end within the organization. This is a monumental task, and it is unreasonable to expect one individual to have all of the requisite knowledge. The International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) developed a comprehensive framework to guide information security management. The ISO cybersecurity model is to cybersecurity professionals what the OSI networking model is to network engineers. Both provide a framework for understanding and approaching complex tasks. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35 Security Management Framework The ISO Model (Cont.) ISO/IEC 27000 is an information security standard published in 2005 and revised in 2013. ISO publishes the ISO 27000 standards. Even though the standards are not mandatory, most countries use them as a de facto framework for implementing information security. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36 Security Management Framework Using the ISO Cybersecurity Model ▪ The ISO 27000 is a universal framework for every type of organization. In order to use the framework effectively, an organization must narrow down which domains, control objectives, and controls apply to its environment and operations. ▪ The ISO 27001 control objectives serve as a checklist. The first step an organization takes is to determine if these control objectives are applicable to the organization. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37 Security Management Framework Using the ISO Cybersecurity Model (Cont.) The ISO Cybersecurity Model and the States of Data ▪ Different groups within an organization may be responsible for data in each of the various states. ▪ For example, the network security group is responsible for data during transmission. ▪ Programmers and data entry people are responsible for data during processing. ▪ The hardware and server support specialists are responsible for stored data. The ISO Controls specifically address security objectives for data in each of the three states. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38 Security Management Framework Using the ISO Cybersecurity Model (Cont.) The ISO Cybersecurity Model and Safeguards ▪ The ISO 27001 control objectives relate directly to the organization’s cybersecurity policies, procedures and guidelines which upper management determines. ▪ The ISO 27002 controls provide technical direction. For example, upper management establishes a policy specifying the protection of all data coming in to or out of the organization. Implementing the technology to meet the policy objectives would not involve upper management. ▪ It is the responsibility of IT professionals to properly implement and configure the equipment used to fulfill the policy directives set by upper management. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39 2.6 Chapter Summary Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40 Chapter Summary Summary ▪ This chapter discussed the three dimensions of the cybersecurity sorcery cube. The central responsibility of a cybersecurity specialist is to protect an organization’s systems and data. ▪ The chapter explained how each of the three dimensions contributes to that effort. ▪ The chapter also discussed the ISO cybersecurity model. The model represents an international framework to standardize the management of information systems. ▪ This chapter explored the twelve domains. The model provides control objectives that guide the high-level design and implementation of a comprehensive information security management system (ISMS). ▪ The chapter also discussed how security professionals use controls to identify the technologies, devices, and products to protect the organization. ▪ If you would like to further explore the concepts in this chapter, please check out the Additional Resources and Activities page in Student Resources. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41 Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42 Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43

Use Quizgecko on...
Browser
Browser