Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide: A. Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity; B. Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and C. Availability, which means ensuring timely and reliable access to and use of information.
CIA - Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity; B. Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and C. Availability, which means ensuring timely and reliable access to and use of information.
Vulnerability - a flow, loophole, oversight, or error that can be explited to violate system security policy. A vulnerability assessment is a search for these weaknesses in order to apply a patch or fix to prevent a compromise.
Threat - an event (natural or man-made) able to cause negative impact on an organisation. There are external (malicious events, hackers, etc) and internal threats (former/current employees). 👨💻 These are human factors. There are also natural ones like tornado or something like that storm ⛈.
Exploit - a defined way to breach the security of an IT system through a vulnerability.
Risk - the probability that a vulnerability will be exploited. Situation of exposure to danger.
CISO - Chief Information Security Officer. A high level position responsible for the entire computer security department.
Information security analyst - conducts security assessmnets and analyses the events, alarms and alerts that could be useful to identify any threats to the organisation.
Information security auditor - testing the effectiveness of computure information systems and report the findings.
Non-repudiation - you cannot claim you didn’t send or receive something. Its technical implementations are logs and digital signatures.
Access management and authorization.
Access criteria:
- groups
- time frame and specific dates
- physical location
- transaction type
Need to know -
SSO (Single Sign On) -
Authentication proofs:
- Identity proof. Username - identification, password - authentication.
- Kerberos (SSO)
- Mutual authentication (MS-CHAP v2)
- SID’s vs DACL’s
- Security ID (AD)
- Discretionary Access Control List (mostly used on OS today). It means that users can allow access to their data to whomever they want.
Event - any deviation of the system behaviour or state. A event on a system or network detected by security device or application.
Security attack - a security event that has been identified by correlation and analytics tools as malicious activity that is attempting to collect, disrupt, deny, degrade or destroy information system resources or the information itself.
Incident - when event that negatively affect IT system. An attack of security event that has been reviewed by security analysts and deemed worthy of deeper investigation.
E-discovery - it’s basically data inventory. We get the current status of all the data, systems and information. How we could control the data retention period and the backups of the data?
Automated systems - SIEM, SOA, UBA, Big data analysis, honeypots.
BCP & Disaster Recovery - BCP - business continuity process, some plan to follow in case of the interruption.
Post incident - who did it? Was it some error of another person?
Security Services, Policies and Mechanisms.
Business policies state what we do and security policies derive from them and define how we do it. Security mechanisms are technical representations of security policies. These are hardware, software and processes. They use security services to enforce security policy. x.800 - security architecture for OSI. Attacks against a sec architecture. CCITT.
Threats Types
Passive threats: no significant change to an IT infrastructure. Hard to detect.
Active threats: significant impact.
Accidental vs Intentional. Threat + action = attack.
destruction; corruption/modigication; theft, removal or loss; disclosure; interruption.
Attacks on Security Architecture
Sony Hack, Singapore Cyberattacks, Multiple Hacks, Target, Year of Hacks. WannaCry (Lazarous and North Korea), DarkSeoul (Lazarous and North K.), Duqu and Flame (Olympic Games US and Israel), Shamoon (Iran Hackers), BlackEnergy 3.0 (Russian Hackers), SeaDaddy and SeaDuke (CyberBears US Election).
Classification:
- Passive. Hard to detect, since it’s not obvous, nothing is changed.
- eavesdropping style.
- traffic analysis
- Active. Modification.
- Masquerade (confidentiality, authentication)
- Replay (integrity)
- Modify (integrity)
- DoS (availability)