Security fundamentals are the building blocks of a strong cybersecurity posture. They encompass the core principles and practices that ensure the safety and integrity of information systems. The most important aspect of Security is known by the name CIA triad as explained below.
CIA triad: This refers to the three main objectives of information security:
Confidentiality: This principle ensures that only authorized users can access sensitive information. It involves implementing access controls, data encryption, and other measures to prevent unauthorized disclosure.
Example: Imagine a company's customer database containing names, addresses, and credit card numbers. Confidentiality means only authorized employees, like the customer service team, can access this data. Firewalls, access controls, and data encryption are all methods used to enforce confidentiality.
Integrity: This ensures that information is accurate and hasn't been altered or tampered with in any unauthorized way. This involves using checksums, digital signatures, and other techniques to detect and prevent unauthorized modifications.
Example: Let's say a hospital stores patient medical records electronically. Integrity ensures these records haven't been tampered with by unauthorized individuals, accidentally or deliberately. Checksums, digital signatures, and audit logs are used to maintain data integrity.
Availability: This principle ensures that authorized users can access information and systems whenever they need them. This involves ensuring system uptime, redundancy, and disaster recovery plans.
Example: An online store needs its website and database to be available 24/7 for customers to place orders. Availability ensures the website is operational and customers can access it without disruptions. System redundancy, backups, and disaster recovery plans are implemented to guarantee availability.
To make the distinction more clear, we give another example as below:
Confidentiality Only authorized users can access information. Example: Your social media messages can only be seen by you and your approved friends, not by strangers.
Integrity Information remains accurate and unaltered. Example: Your bank account balance reflects the correct amount of money you have.
Availability: Authorized users can access information whenever needed. Example: You can access your online banking information anytime to check your balance or transfer funds.
The security trial may be achieved by several means including the following:
Defense in depth: This is a layered security approach that creates multiple hurdles for attackers. It involves implementing various security controls at different points in a system, making it more difficult for attackers to gain access to critical information or systems.
Least privilege: This principle dictates that users should only be granted the minimum level of access required to perform their jobs. This minimizes the damage a compromised account can cause.
Password management: Strong and unique passwords are essential for securing accounts and systems. Multi-factor authentication (MFA) adds an extra layer of security by requiring a second verification factor besides a password.
Patch management: Regularly updating software and firmware with the latest security patches helps address vulnerabilities that attackers can exploit.
Social engineering awareness: Understanding and being aware of social engineering tactics like phishing emails and pretext calls can help individuals avoid falling victim to them.
Security awareness training: Regular training programs can educate users about security best practices and how to identify and avoid security risks.
By understanding and implementing these security fundamentals, individuals and organizations can significantly improve their overall cybersecurity posture and make it more difficult for attackers to succeed.
The CCST CyberSecurity certification by Cisco offers any opportunity to learn the cybersecurity topics in a systematic and thorough manner for budding cyber engineers. Checkout the Cisco website and other third party sites for more information.
Resources: