Security - 10

Types of confidential info

  • HR data - employee salaries, perks, data, medical info
  • Client/customer data
  • Profits
  • Contracts
  • Trade secrets

CIA triad

  • Confidentiality makes sure only authorised parties with sufficient privileges can view sensitive info, this is usually done with encryption. If unauthorized individuals can access and view confidential data, confidentiality is breached.
  • Integrity makes sure stored data has no been altered by malicious people or software, methods to keep integrity include error checking methods such as check sums and file hashing. If data is modified without authorization, integrity is compromised.
  • Availability makes sure data is easy to read and readily available out for authorised individuals. If users cannot access the system or data when needed, availability is affected.

The importance of maintaining CIA

  • maintains trust with stakeholders, as it promotes a positive brand image
  • avoids security risks and unauthorised access

The consequences of not maintaining CIA

  • Financial issues such as fines
  • legal issues such as lawsuits
  • reputational issues such as brand damage leading to loss of clients

Identification, Authentication, Authorisation, and Accountability (IAAA)

  • IAAA is used to support the CIA security concept, they are a set of primary concepts that aid in understanding computer and network security as well as access control
  • Identification and Authentication provide a way of identifying users, typically by using a User-ID/Password combo
  • Authorisation is the process that determines what a user can do
  • accounting keeps track of a users activity

Access Control Lists (ACL)

  • an ACL contains rules that allow or deny access to certain users
  • Filesystem ACLs tell the OS which users can access the system and what privileges they have
  • Networking ACLs filter access to the network
  • Discretionary ACLs (DALCs) identify trustees tat are allowed or denied access to a securable object
  • System ACLs (SALCs) enables admins to log attempts to access a secured object

Technical threats

  • botnets - type of malware that allows cyber criminals to hijack digital systems without the users knowledge
  • DoS - an attempt to make a digital or network system unavailable to its users
  • DDoS - a DoS attack where the hacker uses many digital systems to perform to attack
  • hacking - eg cross site scripting, password cracking software, SQL injection
  • malware 
  • malicious spam

non technical threats

  • Human error
  • malicious employees
  • disguised criminals
  • natural disasters

Technical vulnerabilities

  • weak or outdated encryption
  • out of date software/hardware/firmware
  • incompatibility of legacy systems
  • weak passwords
  • missing authentication
  • exploitable/zero day bugs

non technical vulnerabilities

  • Employees
  • Poor data/cyber hygiene - making sure data is up to date
  • Physical access controls - eg door locks

Risk mitigation

  • following National Cyber Security Centre's (NCSC) Cyber Essentials guidelines to help prevent cyber attack
  • Anti-virus and Anti-malware
  • Firewalls
  • Intrusion detection and prevention systems
  • encryption
  • user access, policies, and procedures (eg passwords and usernames, mfa)
  • staff training
  • backups
  • software maintenance
  • Air gaps - having offline parts of the network that cant be hacked
  • VPNs

Comments

Post a Comment

Popular posts from this blog

ESP overview

  task number  focus  No. Of hours  Marks allocated  1  Trouble shooting and test planning  2 hours 30  22  2  Interview and communication  2 hours 10  12  3  Project proposal  4 hours  24  4  Post project review  3 hours 30  12    Task uno:  This focus on trouble shooting a fault based on a specified problems/issues and designing a test plan.   The troubleshooting document should include:  User details   Test dates  Computer specs and software  Proposed tests and expected outcomes   Record of diagnosis  The test plan should include:  Administrative details E.G. dates names.  Test dates   Hardwear specs and software   Actual and relevant tests carried out in a logical order including images/diagrams  Full and complete details of expected outcomes  Remedial action required   Task d...
Read more

hw 12/5

Test yourself 241  A botnet aims to take control of digital systems. It is a type of malware that allows a cyber security attacker to take control of someone's system without their knowledge.   The aim of a DOS attack is to make a network inaccessible to users. It does this by flooding the network with traffic which in turn slows its speeds down to a point where it is basically unusable.  One of the main differences between a DOS attack and a DDOS attack is a DDOS attack tends to use multiple devices to try and infiltrate a network. The types of networks that are usually under threat from these would be ones like websites, banks, and payment websites.   Some of the main websites that are targeted by DDOS attacks would be ones like banks and payment websites.   Test yourself 242 One way of trying to find a password is using a dictionary software. This goes through some of the most common passwords and trying them when trying to get access to the account....
Read more

Technical and Non-Technical Threats to Organizations

Technical and Non-Technical Threats to Organizations Several threats to organizations are capable of doing large damage. These are either technical or non-technical (environmental, human, and procedural). Technical Threats Botnets: A botnet is a collection of hacked computers operated by cybercriminals. Bot herders scan for vulnerabilities, infect systems, and use them for malicious activities, such as DDoS (Distributed Denial-of-Service) attacks. EG the Mirai botnet in 2016 that infected IoT devices, leading to a massive DDoS attack. Denial-of-Service (DoS) & Distributed Denial-of-Service (DDoS) Attacks:  These attacks overwhelm a system with requests, making it unavailable for the average person to use, it can be: Application-layer flooding: In this attack type, an attacker simply floods the service with requests from a spoofed IP address in an attempt to slow or crash the service Unintended DoS (accidental overuse) DDoS (many computers attacking one target) EG...
Read more