L01 July 22, 2023 - Cyber Defense Analyst Meeting Recording PDF

**L01 July 22, 2023-Cyber Defense Analyst-20230722 130236-Meeting Recording** **Transcribed by [TurboScribe.ai](https://turboscribe.ai/?ref=docx_export_upsell). [Go Unlimited](https://turboscribe.ai/subscribed?ref=docx_export_upsell) to remove this message.** As different profession has their foundation, they have their pillar, cybersecurity also has three pillars and you will see this in other professions too. Cybersecurity has pillar of people, process and technology. People, process and technology. So let\'s even talk about why is cybersecurity important? It is important because it is not just that organization want to protect themselves. Some organization are now obliged to protect their customers information, which is, it goes beyond organization\'s goal. For organization to achieve their goal, they must be compliant with the law of the land. So privacy is becoming a big thing and that\'s why I kind of get your consent, to get some things done here. So there is compliance need, there is business need, there are so many need for security and security will not just exist on its own, is because organization has their strategy, they exist for a reason and they have their strategy to say, oh, we want to get to this level, we want to achieve this thing. Some of the things that can hinder them from achieving it is cyber threats and that\'s why they are putting security teams, security infrastructure, they are putting all of that together here, not just in Canada, but across the world. Organizations that are serious minded about their destination or about their journey, they put cybersecurity and cybersecurity will not exist on its own, cybersecurity is going to have people within cybersecurity team. Organization are going to have people that will be running the cause to achieve business objective and the people will be using a particular process to achieve their goal. And because of this project, because of this process, so many technology will be used. So let\'s now relate this to cybersecurity. In cybersecurity, there has to be proper governance. So people will be involved in governance, directing their fear of security program. And also in cybersecurity, there are processes we use to achieve our information security strategy. The people will be directing their fear of our security program, we are going to create information security strategy, which is going to align with the business strategy. For instance, your organization wants to acquire, they want to, let\'s say they want to have, they want to increase their customer base from 100, maybe 100,000 to 300,000. They have a business strategy to achieve that. Cyberthreat can stop that business strategy. You, your leader in cybersecurity, you have to create a cybersecurity program that aligns cybersecurity strategy, that align with the business strategy. So if that is not in place, if people is not well thought of or well included in cybersecurity to support the business strategy, then the business strategy can be hampered. So we are also going to use different processes. In cybersecurity, there are different processes that we use to achieve our cybersecurity strategy. And some of these processes, they are into different programs. We have vulnerability management, we have incident response, we have governance, we have risk, we have compliance. All, there are so many processes that are put together that form the whole cybersecurity or information security program, which is driven by our information security strategy. So in the course of that too, we use different tools, as organization use different tools to achieve their business goal. Let\'s look at it from business perspective. An organization like Amazon that is providing, you know, e-commerce service to all of us, they have their core business and they have their core business function. They have their core business processes. So they use technology, they use tools to deliver services. For instance, if Amazon website is down across the globe, would Amazon be able to do business? No, because it is an e-commerce platform. That is their core system. They need to ensure that their website is always up. So there are tools, they use server, they use network, they use all these tools to power their business. And the bad guy is also after those system. So cybersecurity program that we put in place, we use cybersecurity tools to fight, to protect our information assets. That is where all of these tie together to say our information security strategy must align with the business strategy. Okay, any questions so far? Like I said, this is gonna be interactive. If you are good with what I\'ve explained so far, people, process and technology, give me a thumb up. Yes, thanks for saying no questions. I like that interaction. Because I\'m not seeing your faces when you send messages, give me a thumb up. I feel like I\'m not all here by myself. The only thing that is giving me some joy is because I can see myself. I\'m talking to myself and I see myself on this screen. That\'s the only thing that I feel I\'m not by myself but when you respond, you give me some hope that I\'m not here alone. Yay, people are now turning on their camera. All right. So let\'s go to the next slide. So the next slide talks about understanding security fundamentals. So security fundamentals, they are very straightforward. There are just three things. Everything, like I said, is cyber security. But I will say something that is not on the screen. As a cyber security guy, these are the core of what you care about. But under this guy, there is a subset that branched out of cyber security. Before now, people still put it under cyber security. But now it\'s getting a whole lot of attention that it is now a whole domain on its own. And that is privacy. Privacy is a compliance requirement. So privacy is a subset of confidentiality. So what we are saying, the three core fundamentals of cyber security, these are confidentiality, integrity and availability. They are just the three things. So if you are doing any security, your goal is to achieve these main objectives. And I\'ve seen some of my students act in an interview that, hey, explain the CIA triad. The reason why it\'s very straightforward. If you see CIA, for some of us that watch movie a lot, watch American movie, there is an agency called CIA, security agency. But it\'s not that security agency. Ours is confidentiality, integrity and availability. So it is called CIA triad. So let\'s pick it one after the other. What does confidentiality mean? Confidentiality, integrity and availability. So before I go forward, if you are going to be performing security assessments in the future, somebody asks you a question about security assessments, this is what we want to achieve. So it does bring your response around. I will ensure, I do my assessment to ensure that the confidentiality of the system, of the information I said, they are intact, the integrity, the availability. Then you can now go for that and be explaining what you are going to do to achieve these three thing. Now, there are so many things on this slide. I don\'t want to boss with so many information. Maybe when I\'m done with the CIA, I\'m going to stop today because confidentiality, integrity and availability. And by the time I\'m explaining this, it can also take one hour. We don\'t even have up to one hour, but I\'ll do my best. If you stop at encryption, I want to give some time between maybe 1.30 and two o\'clock. Let\'s talk about confidentiality. It simply means keeping secret, secret. Simply said, you keep secret, secret. Organization have a whole lot of sensitive information that they use to do their business. Sensitive information they use to do their business. What that means is that example of this sensitive information are trade secrets, personal information of their customer, which is a compliance issue. If hackers get personal information of people that are given to you, then it might mean that you are not doing your security well enough, you are careless about people\'s security. That is why you let it out there. So personal information, making sure that their information is secret, they give it to you in confidence, hoping that you are going to protect it. So you are expected to protect it. So ensuring that you safeguard against unauthorized access or disclosure of this data, and how are you going to do that? There are so many security controls that you can put in place to ensure that what is given to you that is secret is secret. All these things you are seeing on the screen right now, is it that they are security principle, they are security control that you put to ensure that confidentiality of our information assets. When I say information assets, it is very key, it\'s a lingua, the lingua that you should be using. When you are talking about cyber security, it\'s key. All we are protecting in cyber security is our information assets. And information assets include data, include system, include infrastructure. One thing that people don\'t usually consider, maybe they usually forget about is the people. Some key resources, the people you use to do your job, you need to protect them. And sometimes they say people might be the weakest link. So you need to protect the people that are helping you to do your job. So one of the key controls, one of the key security controls that we put in for confidentiality is encryption. What does encryption mean? High level, we are still going to do encryption in details. There are different types of encryption, different type of, we are going to do those things in detail. But high level, encryption is you converting something that makes sense to people to something that does not make sense using a key. Can see, you can see a key here, you\'re locking it. When something makes sense is unlocked, people can see it. Or when you want to convert it to something that does not make sense, again, you use a key and you lock it. And before people can make sense of that information, they have to use the same, they have to use key to unlock it before they can make sense of it. This is a key, this is a key requirements, you know, for our information as they are moving from one point to the other. You know, you\'re talking, you\'re on the phone, maybe on your WhatsApp, you see something like encryption. You say, well, it\'s an end-to-end encryption. It means that if you\'re making call through WhatsApp, they are saying that it is encrypted. Meaning if somebody cannot be listening, it\'s dropping to get the information you\'re talking about. So the other one is authentication. We can encrypt data in transit or at rest while it is moving from point A to point B. You are making a call, the information is going from one point to the other point. This information can be encrypted or you have a data that is stored on your system or your computer. That information can also be encrypted. Why are we encrypting it? Y\'all can tell us, you know, why do we need encryption? Let\'s chat. Is encryption necessary? Well, to keep it private, I would say. So someone that should not have access to it. Good. Yeah, Amaka herself. That\'s what I was trying to say too. It\'s actually to keep it private. Then so that for reliability, when a data is encrypted, you are sure that it gets to its destination without any bridge. Yes, without\... Yes, the bridges, unauthorized access, unnecessary or unauthorized disclosure. Those are the bridge. Thanks. You can put down your hand there. And Peter also is reacting that to protect you from fraudsters. Yes. Some bad guys can use sensitive information to commit crime. So, which is good. Thanks for that reaction. And now let\'s talk about authentication. We have system, we use various system, you know, to protect our sensitive information. The money in your accounts, is this sensitive or not sensitive? It\'s very sensitive. I didn\'t hear you when you said the line, but I can read your lips. Very sensitive. So yes, it\'s very sensitive because if somebody have access to it, they can go away with your hard-earned money. So we don\'t want that to happen. Yeah, Paul. Paul, can you hear me? Paul, I can hear you. Are you saying something? Okay, I\'m going to mute you. All right, I\'ve muted Paul. So guys, sorry guys. So authentication. Sorry. Paul, do you want to say something? Yes, go ahead. No, I just, somebody just came to my house. So sorry. No, no problem. Yeah, no problem. Yeah, thanks. So authentication, the money you have in your accounts is very, very sensitive. It\'s private. Even maybe you have too much money and you don\'t want us to know that you have too much money. So you want to keep it secret. Maybe, or you don\'t want somebody to go access and take your money. Maybe that\'s why, but it\'s sensitive. For you, you are using, you are keeping your money in the bank. The bank is using a system to give you access to your money, which is your resources, which is something important to you. If you need to access it, you need to provide a form of identification that it is me, Amaka or Lianka, that is trying to access my stuff. But the bank can only ask you to identify, they will tell you to identify yourself. The first thing is you ask to identify yourself. Identity is number one. So this is TJ. You say, okay, for us to prove that it is TJ, provide a password or provide a PIN, provide something to validate, to prove that you are who you say you are. So this process is authentication. And we all do it today. Whether we are going on Facebook, we are going on, you know, we create something, we challenge us, we provide, you know, password or PIN. And we can say that not just providing the username and the password or username and the PIN, sometimes they tell you to send a code. I\'m going to send a code to your phone number that you have, or I\'m going to send a code to your email address, or you should punch something like a token. Many of you have seen this token before. You know, you should punch something, you know, and get a code to take your money, right? So all of these are system control put in place to further protect you. So many of us, there is one important one that we all use today. It is called two-factor authentication or multi-factor authentication, whether it is two or more. So the two-factor, I can use it interchangeably, two-factor or MFA, 2FA, MFA, they are very important in proving that you are who you say you are. So I\'m going to talk more about MFA now. They fall under three things. How many of us are familiar with MFA? Multi-factor or two-factor authentication, you know, you provide a username and password, they are still telling you to provide something else. Okay, so now I want to ask the question if I have my banking application and in the course of, you know, registering the banking application, they say, hey, TJ, provide a password. Please follow me. I\'m asking a question after this scenario and I want you guys to respond based on your knowledge of multi-factor authentication. Then I will explain. I have a banking application. I have my money in the bank, but the bank said before I can access it, I need to provide two information. And they said the first one, I should provide a password. I register a password. And the second one, they said I should register a PIN. And I think, well, what PIN can I use? Let\'s say I use 8021, for instance, as a PIN. That is not my PIN, I just generated it, 8021. So 8021 is the second, so I register it in the system. And when I want to log in to do transaction in my account, they asked me for my username. I provided my username. They asked me for my password. I provided my password. When I press enter, another page now pop up and ask me for that PIN that I\'ve registered, that I should provide the PIN. And I provide the PIN again and they allow me access into my accounts. Is that a multi-factor authentication? That\'s the question. I register a password in the first place and I register a PIN. So I register a password and I register a PIN. And when I want to log in, they ask me for these two information and how to provide it. So is that a two-factor or multi-factor authentication? Two. Two-factor. Two. Okay, good. So I will now explain multi-factor authentication to you. Then I\'ll ask this question again, whether your answer is correct or wrong. So two-factor MFE is a combination of these three things that we have here. What you know, something that you know in your memory that you can always remember. Password, for instance. PIN, for instance. Something that you can always remember. What you have, like this token now, it is what I have. And if I have my phone, if I have my phone and a code is sent to what I have, that is another factor. Each one of these is a factor. What you know is a factor. What you have is a factor. And what you are is another factor. So when you say what you are, that is your biometric, your thumbprint, your iris scan, your fingerprint. You know, those are the things that you are. Before it can be two-factor or multi-factor, it has to be one of each of these. It can be one of these and one of these, or one of what you know and what you are, what you know and what you have, and what you know. So for instance, you want to go and cash money in the bank. You take your card. Is your card what you know or what you have or what you have? Your card. Your card, your ATM card. What you have. What you have. Yes, you have your card, right? And you go to the ATM and you go in and they tell you to put what you know. So is that a two-factor or multi-factor? That\'s a two-factor. Yes, but in the first scenario, is that a two-factor or multi-factor? Is it a single-factor? It\'s a single-factor. Why is it a single-factor? Yeah, because all the things you were asked were what you know, what you had in your memory. Exactly. So it\'s a single-factor. Even though you are providing these, even if they tell you to provide PIN, provide password, provide one person\'s first thing in the secondary school, you know, all those kinds of questions that they ask, they are still single-factor. So it\'s a basic fundamental that we should know. Okay. If it\'s either a thumbprint, what you are is combined to what you know. You know, sometimes you open your app, they tell you to put a thumbprint. They know you have your phone and you are putting thumbprints. So that\'s what you have. That\'s two-factor. Now you are logging into the system. This system needs to, you have logged in successfully with multi-factor authentication. And you now have access. You should not be able to do everything because the system should have a role base Okay, when we say role, if an HR, you know, is in the same HR system, if you work in organization where you have applied for leave before, you know, those systems might be the same system that also talks about how much you are paid, you know, that can also change the amounts that you are paid and things like that. So when you\'re logging into that system, what you are able to do will be different for what an HR person can do on that system. Then you guys have different role in the system. So you should be restricted to what you can do. So you guys, we grow up, we do cybersecurity assessment on system and products that our organization wants to buy. We have to assess it from what kind of authentication does he have? Does he have good encryption? Does he have a role base? You know, can, if TJ logs in and this is TJ\'s job, if another person logs in, would they be able to do the same thing? Can TJ, who\'s supposed to be a normal person that we only see salary, can he go in the system and change his salary from this amount to that amount? You know, if TJ can open his salary and able to, you know, do more than what is required, then there is escalation of privilege. So we are saying that a system should have a role base as part of your role. Anything that is kept secret will continue to be kept secret. If TJ logs in now, unable to see his colleague\'s salary and other people\'s salary, that means their salary are not secret. Of course, in some organizations, salary is not secret. In fact, they publish it online, right? And the other one is least privilege. So what we are saying about this, this is a security principle. When you are giving somebody access to a system, you should give them the minimum access they need to do their job. And the next one is need to know. If someone is, they have access to system or they should have the need to know, maybe based on their role or based on their privilege before they should have access to that sensitive data, okay? And lastly, we talk about accounting. So remember, you log in by identifying yourself, you provide username and password, maybe combination of what you know and what you have for you use MFA to log in. Then now, what access do you have? You log into your bank account, can you add money to the money you have in your bank accounts? Let\'s say you have \$1 million. Can you add another \$1 million to, why not? Why should you not be able to do that? Is because they are limited due to the role of just ability to see and no ability to change, you know? And you have the needs to know your account balance, that\'s why you have access to it. You can log into your bank accounts and say, okay, because TJ use this bank, I also use this bank, I want to, you know, see TJ\'s account. You have not been given that role because you don\'t have the need to know, you don\'t have that privilege. The minimum amount of privilege that you need is to be able to check your account balance, make transaction, update your username or update all those things, they are giving you that role. When you now log in, you now transfer the \$1 million you have, you transfer 500K to TJ. I pray make you be able to do that. You transfer 500K to TJ and you have TJ left. And afterward, they are saying, you say you did not transfer it. They are saying, madam, we saw you log in with your username and password. Because we will have multi-factor authentication, we saw your thumbprint, you can\'t deny it. Non-repudiation means you can\'t deny the action that you take. You can\'t deny it. That\'s why we have something that tracks that, you said you are going to do this and you are doing it. I hope that makes sense. You said you are going to do it and you are doing it. So that is, these are basic fundamental of cybersecurity, security fundamental. These are understanding security fundamentals. Confidentiality, we have talked about. So integrity is another thing. Availability is another thing. But I will say that we should ask questions that you might have on integrity. I mean, you have on confidentiality before we go to integrity. Any question, you know, can you guys relate all what you have said now to what you have done, maybe in real life, level of control that, you know, people are putting together to secure what is confidential? Can you relate with it? Thumb up. Yes. Yes, I can. Awesome. Yeah, you have a question, Nnamaka, go ahead. Yes, so I just wanted to ask that. So for confidentiality to be complete, right? So we must use authentication, authorization and accounting. **This file is longer than 30 minutes.** **[Go Unlimited](https://turboscribe.ai/subscribed?ref=docx_export_upsell) at [TurboScribe.ai](https://turboscribe.ai/?ref=docx_export_upsell) to transcribe files up to 10 hours long.**

L01 July 22, 2023 - Cyber Defense Analyst Meeting Recording PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue