Tag Archive | Security Mindset

Security Mindset

At first my source of writing is from udacity, intro to information security. for more information we can view from the udacity website.

When you have something of value and there is a risk to it. But in the today world we have more value to the data or information. the threat is a possible danger that exploit our weakness and therefore causes harm

Cyber Assets at Risk

we need to develop a security mindset:

Threat Source:

    > Cyber criminals

    > Hacktivists

    > Nation States

 Vulnerabilities and Attacks:

    > Compromises

    >  Security Breach

    > Vulnerabilities are in software, networks, humans

lets take a real world examples: Target Store Breach

     > what is of value –  credit card data

     > what is threat source – criminals

     > what was vulnerability – phishing was used to obtain credentials of the network

The following figures with the relationship of threats, vulnerabilities, attack and Risk will demonstrate more.

selection_001

fig: Relationship of Threats, Vulnerabilities, Attacks, and Risk

What should we do in Cyber Security

Make threats go away – Not really practical

Reduce vulnerabilities – Will never go away

But,  we can follow the CIA principles.

     > Confidentiality:  It is roughly equivalent to privacy. The ability to hide information from those people   unauthorized to view it.

    > Integrity: It involves maintaining the consistency, accuracy and trustworthy of data. the data must not be changed in transit and should take some measures to ensure that the data cannot be altered by authorized people

    > Availability:  it is important to ensure that the information is accessible to authorized people all the times. we can view short video about CIA

https://www.youtube.com/watch?v=SP8cr0fg5Sg

What should the good guys do?

Prevention – Keep bad guys out. We will never have 100 % prevention

Detection – Detect the bad guys are in the system

Response – Respond to the intrusion

Recovery and remediation – Restore corrupted data and stop similar future attacks

Policy vs Mechanism – What vs how will attacks be handled

How do We Address Cyber Security

To reduce the vulnerabilities, follow the basic design principle for securing systems.

Economy of mechanism – Keep systems simple and small.

Fail-safe defaults – Means default access is denial

Complete mediation – No one should be able to bypass security

Open Design – Is good because not counting on secrecy

Least privilege – Only give users the minimum level of access that they need

Psychological acceptability – Don’t expect people to do what is inconvenient.