Common Protection Mechanisms

Another aspect of understanding and applying security controls is the concept of protection mechanisms or protection controls,not all ?security controls must have them but many controls ?offer their protection through the use of these mechanisms

These are common example of protection mechanisms are defese in depth,abstraction,data hiding, and using encryptions.

Defense in depth

?Defense in depth also known as layering is the use of multiple controls in series , it takes more than a single security measure to control and protect threats.

?Using a multiltilayer solution allows for numerus different controls to gurad against whatever threats come to pass.

When security solutions are design in layers a single failed controls should not results in exposure of system or data.

Performing security restrictions in a series means to perform one after the other in a series means to perform one after the other in a linear ?fashion. Only through a series configuration will each attack be scanned, evaluated or mitigated by every security control. In a series configuration, faliure of a single control does not render the entire solution in effective.

?Abstractions.

Abstraction is used for efficiency . Similar elements are put into groups, classes roles that are assigned security controls, restrictions or permission as a collective . Abstraction simplifies security by enabling you to assign security controls to a group of object collected by type or functions. Thus the concept of abstraction is used when classifiying objects or assigning roles to subjects.

?A way in which abstractions applies to security is the introduction of object groups, sometimes called classes, where access controls and operation right are assigned to groups of objects rather than on per-objects basis. This approach allows security administrators to define and name groups easily (the names are often related to jobs roles or responsibilities) and helps make the administration of rights and privilages easier ( when you add an object to a class you confer rights and privileges rather than having to mange rights and privilages for each object separately).

?

DATA HIDING

Data hiding as the name is called is the preventing of data from being discovered or accessed by a subject positioning the data in a logical storage compartment that is not accessible or seen by subject. This means the subject cannot see or access the data.

It ensures that data existing at one level of security is not visible to processes running at different security levels from security containers that are different from those that subject occupy to hide object details from those with no need to know about them or have means to access them.

NOTE THIS IS FOR PROGRAMMERS: Data hiding is an object-oriented programming (OOP) technique specifically used to hide internal object details (i.e., data members). Data hiding guarantees exclusive data access to class members only and protects and maintains object integrity by preventing intended or unintended changes and intrusions,it can be done using JAVA, PYTHON and Cs programming language, also using different cipher methods.

?

Security through Obscurity:

Security through obscurity is the idea of not informing a subject about an object being present and thus hoping that the subject will not discover the object.

Security through obscurity the subject could asscess data if they find it, it’s a digital hide and seek.

Security through obscurity does not actually implement any form of protection, it is instead an attempt to hope something important is not discovered.

Encryption

Encryption is the science of hiding the meaning or the intent of communication from unintended recipients, for instance to encrypt a file with a password or an hash key, cryptography is a from of encryption.

The Subjects and Objects in security

?Subjects are entity that access a passive object to receive information, for instance object are files,databases,computer,stroage media while subject are the users.

?

Understanding Security Controls

?Security Controls are the most important factor used to develop the actions taken to prevent the organization’s security risks. Security controls are parameters implemented to protect the organization’s data and assets.

Security controls, counter measures,and safeguards can be implemented administratively,logically/technically or physically.

?This categories of security mechanisms should be implemented in a conceptual,layered defense-in-depth manner in order to provide maximum benefit.

This idea is based on the concept that polices which is part of administrative controls drive all aspect of security and thus from initial protection layer around assets.

?Logical and technical controls provide protection against logical attacks and exploits, the physical controls help to provide protection against real-world physical attacks and against the facilities and devices.

?

1. ?Administrative Control Administrative Control is a set of security rules, policies, procedures, or guidelines specified by the management to control access and usage of confidential information. It includes all the levels of employees in the organization and determines the privileged access to the resources to access data.

· User Management

· Privilege Management

· Employee Security, Clearance, and Evaluation

· Employee training and awareness, etc.

?

?Administrative controls are the polices and procedures defined by an organization security, policy and other regulations or requirements.

?Administrartive controls include procedures, policies,hiring pratices, background checks, data classifications labeling, security awareness and training efforts reports and reviewa work supervision, personnel controls and testingg.

Administrative controls are sometmes called management controls,managerial,controls, or procedural controls,these controls focus on personnel oversight and business practices.

?

?2. Physical Control Physical Control is a set of security controls implemented physically to prevent unauthorized access to the data and security risks. Some examples of physical controls are:

· Surveillance cameras

· Biometrics

· Identity Cards

· Alarm systems, etc.

3. Technical Control Technical Control is to control the access of confidential information over the network using technology. Technical functions are involved in managing and controlling the access of the employee. Some examples of technical controls are:

· Access controls

· Firewalls

· Network Authentication

· Encryption, etc.

Functions of Security controls

When a security control is implemented, the function of the control is broadly specified into seven categories:

1. Directive Controls Directive Controls are the mandatory controls that are implemented to monitor the regulations. It provides guidance primarily aligned with the organizations required to follow, like policies, regulations, etc.

2. Deterrent Controls Deterrent Controls are deployed to discourage the violation of a security function, and it helps to reduce the chances of a deliberate attack. Deterrent Controls help to make intelligent decisions and deter the way that is not secure to use.

3. Preventive Controls Preventive Controls are used to prevent or avoid security incidents in the organization. It helps to mitigate unauthorized activities by indulging preventive methods in the organization.

4. Compensating Controls Compensating Controls are the alternative methods that support the requirement of actual security control implemented. The role of the compensating Control is to provide a similar level of assurance even if the attacker has compromised the actual security control.

5. Detective Controls Detective controls are used to detect and alert unauthorized or unwanted activities within the organization. It helps to detect and react to security violations using tools, processes, and best practices.

6. Corrective Controls Corrective Controls are used to remediate or mitigate the effect of a security incident. It includes measures to mitigate and prevent the same security incident from recurrence.

7. Recovery Controls Recovery Controls are deployed to recover and restore the operating system to normal condition after the security incident.

8. Smart card and badges:?

this are credit cards, ID’s badges security passes with an embeded magnetic stripe, barcode or integrated circuit chip, they contain data about authorized person that bear the badge, its is used as a from of identification and authentication purpose.

#day3 of mid-level training INGRYD Academy this article is gotten from the training at INGRYD Academy and other online recourses no copyright intended for educational use only....#cybersecurity #ingrydacademy #cybersecurityanalyst #networksecurity #tech #security #cyber #training #midlevel #lagos #datasecurity cryptography #grit #securitymatters

?

?

?