Unit 2 - Computing Security Concepts and Problems

CIA model

Respresents three important goals for cybersecurity:

  • Confidentiality: Restrictions who can access what (done via encryption)

  • Integrity: Data has not been changed from its original form (done via hashing)

  • Availability: Systems are accessible at all time (done via full tolerance and load balancing)

AAA model

Authentication

When you claim you are someone, that’s called identification. When you prove it, that’s authentication.

Authentication requires proof in one of three possible forms:

  • Something you know, like a password

  • something you have, like a key

  • something you are – biometrics

Combine more than one of these categories, that’s called multifactor authentication, and that really is the future of authentication. Combination of authentication methods is known as 2FA or two-factor authentication.

Authorization

Authorization means that based on the user’s credentials, we let him do certain things, we let him see certain things but not others.

Principle of least privilege, which states users and even devices, programs, and processes should be granted enough permissions to do their required functions and not a single drop more.

Accounting

Keeping track of users and their actions is very important. From a forensics perspective, tracing back to events leading up to a cybersecurity incident can prove very valuable to an investigation.

Threat Agents

From a cybersecurity perspective, you are looking to protect assets – things that have value to a company. Threat agents or actors are the ones carrying out the threats. A vulnerability is a weakness, a flaw in a program, device, network, and even a person. When threat actors carry out the threat, they exploit the vulnerability. Exploit can be a verb meaning penetrating a system to exploit, or a noun meaning the tool or method used to penetrate a system and exploit.

Risk is the combination of the probability of an event or loss from zero to 100% and its consequence or impact. You could reduce or mitigate the risk. We can eliminate some vulnerabilities and block some threats, but nothing is ever going to be 100%. Another thing you can do to risk is transfer it. You can purchase cybersecurity insurance, or use cloud computing and another company’s resources. Last but not least, we can accept the risk. Does the cost to protect a resource outweigh the cost of losing it or even replacing it? If so, accepting the risk might make the most sense.

Before you spend your time and money, ask yourself the following questions:

  • What are the critical assets? What business processes require these assets?

  • What could interfere with normal operations? What are the risks?

  • Which ones present the highest and most negative outcomes and should be prioritized?

  • Given a range of solutions, which is the most cost-effective way of reducing the risks?