At first my source of writing is from udacity, intro to information security. for more information we can view from the udacity website.
When you have something of value and there is a risk to it. But in the today world we have more value to the data or information. the threat is a possible danger that exploit our weakness and therefore causes harm
Cyber Assets at Risk
we need to develop a security mindset:
> Cyber criminals
> Nation States
Vulnerabilities and Attacks:
> Security Breach
> Vulnerabilities are in software, networks, humans
lets take a real world examples: Target Store Breach
> what is of value – credit card data
> what is threat source – criminals
> what was vulnerability – phishing was used to obtain credentials of the network
The following figures with the relationship of threats, vulnerabilities, attack and Risk will demonstrate more.
fig: Relationship of Threats, Vulnerabilities, Attacks, and Risk
What should we do in Cyber Security
Make threats go away – Not really practical
Reduce vulnerabilities – Will never go away
But, we can follow the CIA principles.
> Confidentiality: It is roughly equivalent to privacy. The ability to hide information from those people unauthorized to view it.
> Integrity: It involves maintaining the consistency, accuracy and trustworthy of data. the data must not be changed in transit and should take some measures to ensure that the data cannot be altered by authorized people
> Availability: it is important to ensure that the information is accessible to authorized people all the times. we can view short video about CIA