Cybersecurity Fundamentals
Olayenikan Michael
Cybersecurity Analyst| Full Stack Web Developer| Virtual Assistant & Remote Administrative Services| Digital Marketing & Social Media Management
#Day1 Cybersecurity mid-level section INGRYD Academy #ingrydacedemy #Ingrydacademy #ingryd #midlevel #juniorcybersecurityanalyst #cybersecurityanalyst #cybersecurity #datasecurity #networksecurity
?What is Security?
Security is a broad concept that refers to the state of being protected from harm, danger, or threats. It encompasses a wide range of areas and can be applied in various contexts, including physical, digital, financial, personal, and national security. Here are some common aspects of security:
?
1. Physical Security: This involves measures and mechanisms designed to protect physical assets, locations, and individuals from unauthorized access, theft, vandalism, or harm. Examples include locks, security personnel, surveillance cameras, and access control systems.
?
2. Cybersecurity: Cybersecurity focuses on safeguarding computer systems, networks, and digital data from cyber threats such as hacking, malware, phishing, and data breaches. It encompasses various technologies, practices, and policies to ensure the confidentiality, integrity, and availability of digital information.
?
3. Information Security: Information security is a subset of cybersecurity that specifically deals with protecting sensitive data and information from unauthorized access, disclosure, or alteration. It involves encryption, authentication, and access control measures.
?
4. Network Security: Network security focuses on safeguarding the integrity and security of data transmitted over computer networks. This includes measures like firewalls, intrusion detection systems, and virtual private networks (VPNs).
?
5. Financial Security: Financial security relates to protecting assets, investments, and financial information from fraud, theft, or other risks. This includes measures like secure banking practices and insurance.
?
6. Personal Security: Personal security refers to the protection of individuals from physical harm or threats to their well-being. It involves personal safety measures, self-defense, and personal awareness.
?
7. National Security: National security is concerned with the protection of a country's sovereignty, citizens, and interests from external and internal threats. It involves military defense, intelligence agencies, and diplomatic efforts to maintain a nation's security.
?
8. Health and Safety: This type of security involves measures to protect people from physical harm in various environments, such as workplaces or public spaces. It includes safety regulations, emergency response plans, and protective equipment.
?
9. Environmental Security: Environmental security concerns the protection of the environment from various threats, including pollution, climate change, and natural disasters. It involves conservation efforts and policies to ensure the sustainability of the environment.
?
Security measures and strategies can vary widely depending on the specific context and the nature of the threats involved. In many cases, a combination of physical, technological, and procedural measures is used to enhance security and mitigate risks. The goal of security is to create a sense of safety and reduce vulnerabilities to potential harm or danger.
?Differences between data and information Security
Data security and information security are related concepts, but they have distinct focuses within the broader realm of safeguarding digital assets and sensitive information. Here are the key differences between the two:
?1. Scope:
???- Data Security: Data security primarily focuses on protecting the integrity, confidentiality, and availability of data itself. It deals with the protection of individual data elements, files, or databases. This may include encryption, access controls, backup and recovery procedures, and securing data at rest and in transit.
???- Information Security: Information security is a broader concept that encompasses data security but also includes the protection of all forms of information, which can include data, documents, policies, procedures, and more. Information security is concerned with safeguarding the entire information ecosystem of an organization, including data, processes, and knowledge.
?
2. Data:
???- Data Security: Data security primarily deals with securing the raw data, which can be in the form of numbers, text, files, or records. It's more concerned with the technical aspects of securing this data.
???- Information Security: Information security considers the data within the broader context of an organization's operations. It includes the processes, policies, and procedures related to handling and using information. Information security takes into account the people, processes, and technology that interact with the data.
?
3. Data Types:
???- Data Security: Data security mainly deals with structured and unstructured data, such as databases, spreadsheets, documents, and files.
???- Information Security: Information security covers a wider range of information, including documents, procedures, policies, intellectual property, and other forms of knowledge that are critical to an organization.
?
4. Purpose:
???- Data Security: The primary purpose of data security is to protect specific data elements from unauthorized access, alteration, or disclosure.
???- Information Security: Information security has a broader purpose, aiming to protect the organization's information assets as a whole, including data, knowledge, and the processes that rely on this information. It often involves a more comprehensive approach to risk management.
?
In summary, while data security is a subset of information security, data security is more narrowly focused on the protection of individual data elements, files, or databases, whereas information security encompasses a broader range of information-related assets and considers the overall context and processes involved in managing and protecting information within an organization. Both are essential for organizations to safeguard their digital assets and sensitive information.
?
What is cyber Security?
Cybersecurity, often abbreviated as "cyber security," is the practice of protecting computer systems, networks, devices, and digital data from a wide range of threats and vulnerabilities. These threats can come from various sources, including hackers, cybercriminals, state-sponsored actors, and even accidental errors. The primary goal of cybersecurity is to ensure the confidentiality, integrity, and availability of digital information and the systems that store, process, and transmit this data.
Key aspects of cybersecurity include:
?1. Protection from Cyber Threats: This involves measures to defend against various types of cyber threats, such as malware (e.g., viruses, ransomware, and spyware), phishing attacks, denial of service (DoS) attacks, and more.
?
2. Network Security: Network security focuses on securing computer networks and the data that is transmitted across them. It involves the use of firewalls, intrusion detection systems, and encryption to protect network traffic.
?
3. Endpoint Security: Endpoint security aims to secure individual devices (endpoints) like computers, smartphones, and tablets. This includes antivirus software, endpoint detection and response (EDR) solutions, and mobile device management (MDM) tools.
?
4. Identity and Access Management (IAM): IAM involves controlling and managing user access to systems and data. This helps ensure that only authorized users can access specific resources.
?
5. Data Security: Data security focuses on protecting the confidentiality and integrity of data. Techniques like encryption, access controls, and data loss prevention (DLP) are used to safeguard sensitive information.
?
6. Incident Response: An incident response plan outlines how an organization reacts to and mitigates cybersecurity incidents. This includes identifying, containing, and recovering from security breaches.
?
领英推荐
7. Security Awareness and Training: Educating employees and users about best practices in cybersecurity is crucial. This helps reduce the risk of social engineering attacks and human errors.
?
8. Security Policies and Compliance: Establishing and enforcing security policies and ensuring compliance with relevant regulations are essential for maintaining a secure environment.
?
9. Security Testing: Regularly testing and assessing the security of systems and applications through techniques like penetration testing, vulnerability scanning, and security audits.
?
10. Security Monitoring and Surveillance: Continuous monitoring of network and system activities helps in detecting and responding to security incidents in real time.
?Cybersecurity is a dynamic field that evolves to counter new and emerging threats. It is an essential aspect of the modern digital landscape, as organizations and individuals rely on technology for communication, commerce, and information sharing. Effective cybersecurity measures are critical to protect against data breaches, financial losses, and reputational damage that can result from cyberattacks.
?
Cybersecurity Triad
CIA Triad
1. Confidentiality
2. Integrity
3. Availability
Confidentiality
Confidentiality involves the efforts of an organization to make sure data is kept secret or private. To accomplish this, access to information must be controlled to prevent the unauthorized sharing of data—whether intentional or accidental. A key component of maintaining confidentiality is making sure that people without proper authorization are prevented from accessing assets important to your business. Conversely, an effective system also ensures that those who need to have access have the necessary privileges.
For example, those who work with an organization’s finances should be able to access the spreadsheets, bank accounts, and other information related to the flow of money. However, the vast majority of other employees—and perhaps even certain executives—may not be granted access. To ensure these policies are followed, stringent restrictions have to be in place to limit who can see what.
There are several ways confidentiality can be compromised. This may involve direct attacks aimed at gaining access to systems the attacker does not have the rights to see. It can also involve an attacker making a direct attempt to infiltrate an application or database so they can take data or alter it.?
These direct attacks may use techniques such as man-in-the-middle (MITM) attacks, where an attacker positions themselves in the stream of information to intercept data and then either steal or alter it. Some attackers engage in other types of network spying to gain access to credentials. In some cases, the attacker will try to gain more system privileges to obtain the next level of clearance.
However, not all violations of confidentiality are intentional. Human error or insufficient security controls may be to blame as well. For example, someone may fail to protect their password—either to a workstation or to log in to a restricted area. Users may share their credentials with someone else, or they may allow someone to see their login while they enter it. In other situations, a user may not properly encrypt a communication, allowing an attacker to intercept their information. Also, a thief may steal hardware, whether an entire computer or a device used in the login process and use it to access confidential information.
To fight against confidentiality breaches, you can classify and label restricted data, enable access control policies, encrypt data, and use multi-factor authentication (MFA) systems. It is also advisable to ensure that all in the organization have the training and knowledge they need to recognize the dangers and avoid them.
Integrity
Integrity involves making sure your data is trustworthy and free from tampering. The integrity of your data is maintained only if the data is authentic, accurate, and reliable.?
For example, if your company provides information about senior managers on your website, this information needs to have integrity. If it is inaccurate, those visiting the website for information may feel your organization is not trustworthy. Someone with a vested interest in damaging the reputation of your organization may try to hack your website and alter the descriptions, photographs, or titles of the executives to hurt their reputation or that of the company as a whole.
Compromising integrity is often done intentionally. An attacker may bypass an intrusion detection system (IDS), change file configurations to allow unauthorized access, or alter the logs kept by the system to hide the attack. Integrity may also be violated by accident. Someone may accidentally enter the wrong code or make another kind of careless mistake. Also, if the company’s security policies, protections, and procedures are inadequate, integrity can be violated without any one person in the organization accountable for the blame.
To protect the integrity of your data, you can use hashing, encryption, digital certificates, or digital signatures. For websites, you can employ trustworthy certificate authorities (CAs) that verify the authenticity of your website so visitors know they are getting the site they intended to visit.?
A method for verifying integrity is non-repudiation, which refers to when something cannot be repudiated or denied. For example, if employees in your company use digital signatures when sending emails, the fact that the email came from them cannot be denied. Also, the recipient cannot deny that they received the email from the sender.
Availability
Even if data is kept confidential and its integrity maintained, it is often useless unless it is available to those in the organization and the customers they serve. This means that systems, networks, and applications must be functioning as they should and when they should. Also, individuals with access to specific information must be able to consume it when they need to, and getting to the data should not take an inordinate amount of time.
If, for example, there is a power outage and there is no disaster recovery system in place to help users regain access to critical systems, availability will be compromised. Also, a natural disaster like a flood or even a severe snowstorm may prevent users from getting to the office, which can interrupt the availability of their workstations and other devices that provide business-critical information or applications. Availability can also be compromised through deliberate acts of sabotage, such as the use of denial-of-service (DoS) attacks or ransomware.
To ensure availability, organizations can use redundant networks, servers, and applications. These can be programmed to become available when the primary system has been disrupted or broken. You can also enhance availability by staying on top of upgrades to software packages and security systems. In this way, you make it less likely for an application to malfunction or for a relatively new threat to infiltrate your system. Backups and full disaster recovery plans also help a company regain availability soon after a negative event.
Why is the CIA triad important?
The CIA triad provides organizations with a clear and comprehensive checklist to evaluate their incident response plan in the event of a cyber breach. The CIA triad is especially important for navigating sources of vulnerabilities and helping discover what went wrong after a network has been compromised. From there, this information can be used to help inform weak points, address vulnerabilities, and identify areas of strength.
Example of the CIA triad?
Think of logging into an e-commerce site to check your orders and make an additional purpose. The e-commerce site uses the three principles of the CIA triad in the following ways:
This is just one example of how the triad can be practically applied. There are several, more specific examples for each leg of the CIA stool.
For example, examples of Confidentiality can be found in various access control methods, like two-factor authentication, passwordless sign-on, and other access controls, but it’s not just about letting authorized users in, it’s also about keeping certain files inaccessible. Encryption helps organizations secure information from both accidental disclosure and malicious attacks.
Integrity can be maintained with access control and encryption as well, but there are many other ways to protect data integrity, both from attacks and corruption. Sometimes it’s as simple as a read-only file. Sometimes, it involves hashing or data checksums, which allow data to be audited to ensure the data hasn’t been compromised. In other cases, integrity might be protected physically from outside sources that might corrupt it.
Availability is really about making sure your systems are up and running so that business can continue, even in the face of an attack. DDoS (Distributed Denial of Service) attacks rely on limited availability, for example. For this reason, creating a DDoS response plan and redundancy in your systems is a way of ensuring availability. However, when there’s no attack, systems can still fail and become unavailable, so load balancing and fault tolerance are a way to keep systems from failing.
Common cybersecurity terminology
Cybersecurity (also known as security) is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation. In this reading, you’ll be introduced to some key terms used in the cybersecurity profession. Then, you’ll be provided with a resource that’s useful for staying informed about changes to cybersecurity terminology.
Key cybersecurity terms?and concepts
There are many terms and concepts that are important for security professionals to know. Being familiar with them can help you better identify the threats that can harm organizations and people alike. A security analyst or cybersecurity analyst focuses on monitoring networks for breaches. They also help develop strategies to secure an organization and research information technology (IT) security trends to remain alert and informed about potential threats. Additionally, an analyst works to prevent incidents. In order for analysts to effectively do these types of tasks, they need to develop knowledge of the following key concepts.?
Compliance is the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches.
Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy.
Security controls are safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture.
Security posture is an organization’s ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization.
A threat actor, or malicious attacker, is any person or group who presents a security risk. This risk can relate to computers, applications, networks, and data.
An internal threat can be a current or former employee, an external vendor, or a trusted partner who poses a security risk. At times, an internal threat is accidental. For example, an employee who accidentally clicks on a malicious email link would be considered an accidental threat. Other times, the internal threat actor intentionally engages in risky activities, such as unauthorized data access.
Network security is the practice of keeping an organization's network infrastructure secure from unauthorized access. This includes data, services, systems, and devices that are stored in an organization’s network.
Cloud security is the process of ensuring that assets stored in the cloud are properly configured, or set up correctly, and access to those assets is limited to authorized users. The cloud is a network made up of a collection of servers or computers that store resources and data in remote physical locations known as data centers that can be accessed via the internet. Cloud security is a growing subfield of cybersecurity that specifically focuses on the protection of data, applications, and infrastructure in the cloud.
Programming is a process that can be used to create a specific set of instructions for a computer to execute tasks. These tasks can include:
To be continued tomorrow #staytune