Cyber Security

-

"Threat is potential cause of an unwanted incident, which may result in harm to a system or organization"  (ISO IEC 27000 : 2017 Clause 2.83)

"Attack is an attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset "  (ISO IEC 27000 : 2017 Clause 2.3)

The Cyber Security is a multidisciplinary field. The primary objective of cybersecurity is to defend digital systems, networks, and data against threats, vulnerabilities, and attacks. It is essential in today's interconnected world, where reliance on technology and the internet has made people, organizations, and governments vulnerable to a number of cyberthreats.

Cyberthreats: These are criminals or hacker-initiated online behaviors or acts that target weaknesses in computer networks, systems, and data. Malware (such as viruses and ransomware), phishing scams, denial-of-service (DoS) attacks, data breaches, and insider threats are examples of common cyberthreats.

Cyber Security Objectives

Confidentiality: Preventing unauthorized access to or exposure of private information. 

Integrity: Keeping data accurate and undisturbed or complete.

Availability: Making sure that data and systems are accessible when required.

Authentication: Verifying the identification of people and systems is called authentication.

Authorization: Choosing which information and actions a user or system is permitted access to is known as authorization.

Non-repudiation: Ensuring that a sender can not deny the authenticity of a message or action.

Privacy: Safeguarding people's private and sensitive data.

Key areas of Cybersecurity

Network Security: Protecting the integrity and confidentiality of data as it travels over computer networks. Network security measures include firewalls, intrusion detection systems (IDS), and virtual private networks (VPNs).

Endpoint Security: Securing individual devices (endpoints) such as computers, smartphones, and tablets. This involves antivirus software, endpoint detection and response (EDR) tools, and mobile device management (MDM) systems.

Application Security: Ensuring that software applications are designed and developed with security to prevent vulnerabilities and exploits. Techniques include secure coding practices, code reviews, and vulnerability assessments.

Cloud Security: Protecting data and applications hosted in cloud environments. Cloud security involves encryption, access controls, and continuous monitoring of cloud resources.

Identity and Access Management (IAM): Managing user identities, roles, and permissions to ensure that only authorized individuals or systems have access to resources. This includes multi-factor authentication (MFA) and single sign-on (SSO) solutions.

Incident Response and Forensics: Developing plans and procedures to detect, respond to, and recover from cybersecurity incidents. Forensics involves investigating and analyzing security breaches.

Security Policies and Procedures: Establishing and enforcing rules and guidelines for cybersecurity, including acceptable use policies, data classification, and incident reporting.

Threat Intelligence: Collecting, analyzing, and using information about emerging threats and vulnerabilities to enhance security measures and response strategies.

Cybersecurity Frameworks and Standards

The cybersecurity frameworks and standards help organizations establish best practices and guidelines for cybersecurity like NIST Cybersecurity Framework, ISO 27001/27002, CIS Controls, GDPR (General Data Protection Regulation) and Digital Personal Data Protection Act 2023 (DPDPA) for data protection and privacy.


Comments

Post a Comment

Popular posts from this blog

OWASP Top 10

-
OWASP Top 10 is an awareness document mentioning top 10 most critical risks in web application security which is regularly updated by an international non-profit organization called Open Web Application Security Project, dedicated to web application security. 1. Broken Access Control Broken access control vulnerability allows attackers to read / view sensitive data and carry out actions that they are not authorized to carry out. As an illustration, consider a website allows only admin users to view its admin pages and protected from regular users. If access control is compromised, an unauthorized user can read private data belonging to other users, gain access to admin and carry out actions that they are not intended to. Example of such type of vulnerability is Insecure Direct Object References (IDOR). Consider a user on a website uses following URL to access his / her account: https://xyz.com/user_acct?user_num=123 Using the URL, user retrieving his information from the database in th
Read more

TCP/IP Model

-
Image
TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a standard protocol suite used to facilitate communication between network devices over the internet which consists of two components TCP and IP. TCP/IP is a compact form of OSI model. Unlike the OSI model, which has seven layers, it has four layers. The data is divided into packets by the TCP/IP Model at the sender's end, and in order to preserve data correctness, the same packets must be reassembled at the recipient's end. The data is divided into four layers by the TCP/IP paradigm, which arranges the data in a sequential fashion at the sender's end and reorders it at the recipient's end. Network Access Layer: A combination of Physical layer & Data Link layer defined in OSI model, responsible for the transmission of the data between two devices over network. Ethernet protocol is used by this layer. Network Layer / Internet Layer: It is responsible to send the packets from a network to the des
Read more

AAA

-
Image
AAA stands for Authentication, Authorization & Accounting. AAA is an information security framework used for controlling access to computer resources, enforcing policies & tracking for auditing usage of resources required for billing of resources.                           AAA used to control which user is allowed to access the network resources by comparing user's login credentials (user id & password) with AAA server's database (Active Directory) stored user credential data called Authentication, authorize that user for performing a pre-defined task as per roles & responsibilities set in the database (enforcing policies) called Authorization and tracking the actions performed while accessing the network called Accounting. Here AAA server acts as an Identity & Access Management Tool. For example, administrator can access a network device by using console normally.  In case of accessing network device remotely, it can happen only by using IP address. But the
Read more