CyberSecurity Notes

[certforumz]

Security fundamentals are the building blocks of a strong cybersecurity posture. They encompass the core principles and practices that ensure the safety and integrity of information systems. Here's a deeper dive into some of the key aspects:

CIA triad: This refers to the three main objectives of information security:

Confidentiality: This principle ensures that only authorized users can access sensitive information. It involves implementing access controls, data encryption, and other measures to prevent unauthorized disclosure.
Integrity: This ensures that information is accurate and hasn't been altered or tampered with in any unauthorized way. This involves using checksums, digital signatures, and other techniques to detect and prevent unauthorized modifications.
Availability: This principle ensures that authorized users can access information and systems whenever they need them. This involves ensuring system uptime, redundancy, and disaster recovery plans.

Defense in depth: This is a layered security approach that creates multiple hurdles for attackers. It involves implementing various security controls at different points in a system, making it more difficult for attackers to gain access to critical information or systems.

Least privilege: This principle dictates that users should only be granted the minimum level of access required to perform their jobs. This minimizes the damage a compromised account can cause.

Password management:  Strong and unique passwords are essential for securing accounts and systems.  Multi-factor authentication (MFA) adds an extra layer of security by requiring a second verification factor besides a password.

Patch management: Regularly updating software and firmware with the latest security patches helps address vulnerabilities that attackers can exploit.

Social engineering awareness:  Understanding and being aware of social engineering tactics like phishing emails and pretext calls can help individuals avoid falling victim to them.

Security awareness training:  Regular training programs can educate users about security best practices and how to identify and avoid security risks.

By understanding and implementing these security fundamentals, individuals and organizations can significantly improve their overall cybersecurity posture and make it more difficult for attackers to succeed.

The CIA Triad, as mentioned earlier, refers to Confidentiality, Integrity, and Availability. These are the three core principles that information security strives to uphold. Let's break down each principle with an example:

Confidentiality: This principle ensures only authorized users can access sensitive information.

Example: Imagine a company's customer database containing names, addresses, and credit card numbers. Confidentiality means only authorized employees, like the customer service team, can access this data. Firewalls, access controls, and data encryption are all methods used to enforce confidentiality.
Integrity: This principle ensures information remains accurate and unaltered.

Example: Let's say a hospital stores patient medical records electronically. Integrity ensures these records haven't been tampered with by unauthorized individuals, accidentally or deliberately. Checksums, digital signatures, and audit logs are used to maintain data integrity.
Availability: This principle ensures authorized users can access information and systems whenever needed.

Example: An online store needs its website and database to be available 24/7 for customers to place orders. Availability ensures the website is operational and customers can access it without disruptions. System redundancy, backups, and disaster recovery plans are implemented to guarantee availability.

Given below summarizes the CIA Triad with a relatable scenario:

Confidentiality: Only authorized users can access information -Your social media messages can only be seen by you and your approved friends, not by strangers.
Integrity: Information remains accurate and unaltered - :our bank account balance reflects the correct amount of money you have.
Availability: Authorized users can access information whenever needed -You can access your online banking information anytime to check your balance or transfer funds.

[certforumz]

https://medium.com/@certexams.com/computer-networking-and-cybersecurity-a-review-5f3eeb3997d1