Security Basics

This chapter will be going through the foundations for security starting with the CIA triad

CIA Triad

C=  Confidentiality

Keeps the information/data secure, unauthorized individuals should not be able to access this information

Control for this would be access control and firewalls

I= Integrity

Ensure the data is correct and has not be tampered with by unauthorized individuals  

A= Availability

Ensure the information and system is ready to be used by the authorized user

Control for this would be backups and clustering

DAD Triad

D= Disclosure

If the information within your organisation is disclosed then this will prevent you from achieving confidentiality

A=Alteration

if the information within your organisation is altered or has the options to be altered by an unauthorized user then your organisation will not meet the integrity part of the CIA triad

D= Destruction

If your data is destroyed by a hacker or malicious actor then your organisation will not meet the availability section of the CIA triad

Security Controls

Preventive controls:

This would be to help prevent the breach such as:

A security guard at the door

Biometrics at the entrance of the buildings

Detective controls:

This would be used to detect any break

in that is already happened

Log monitoring

Trend analysis

Security audit

Cctv

Biometrics at the entrance of the buildings

Deterrent controls:

Attempt to discourage threats, and example of this would be:

Warning Signs

Cable Locks

Hardware Locks

Corrective controls:

This would be used to correct the impact of the breach, an example of this would be:

Active IDS – IDS detects an intruder and engages systems to block the intrusion

Backups

Compensating controls:

This is used when the primary control is not feasible (can’t use the primary control or to enhance it)

Time based onetime passwords

Using Proximity cards

Data Breaches Impact

Financial:

A risk that involves monetary damage to the organisation

Reputational

A risk that effects the goodwill of customers, employees, suppliers and stakeholders

Strategical

A risk that affects/prevents the organisation from meetings it’s major goals

Operational

A risk that affects the organisation ability to carry out its day to day functions

Compliance

There can be legal fines associated with a data breach’s or organisation who run afoul of legal and regulatory requirements ,Example GDPR breach costs 4% of the company’s annual turnover

Data Handling

Data states:

Data in use

Data in motion

Data at rest

Hashing:

Tokenization: