Chapter 1: Today's Security Professionals

The three key objectives of cybersecurity program?

The three key objectives of cybersecurity program?

Confidentiality, Integrity, Availability

Confidentiality

ensures that unauthorized individuals are not able to gain access to sensitive information

integrity

ensures that there are no unauthorized modifications to information or systems, either intentionally or unintentionally

Availability

ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them

CIA Triad

The industry standard for computer security since the development of the mainframe. The standard is based on three characteristics that describe the utility of information: confidentiality, integrity, and availability.

Security Incidents

When an organization experiences a breach of the confidentiality, integrity, and/or availability of information or information systems.

DAD Triad

Disclosure, Alteration, and Denial

DAD Triad; Disclosure

Exposure of sensitive information to unauthorized individuals. This is also known as data loss.

DAD Triad; Alteration

unauthorized modification of information

DAD Triad; Denial

Disruption of an authorized user's legitimate access to information.

A DDoS attack is an example of this. causing servers/websites to fail so that users cannot access them.

financial risk

The risk of monetary damage to the organization as the result of a data breach.

Reputational Risk

Negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, suppliers and other stakeholders.

Strategic Risk

organization will become less effective in meeting its major goals and objectives as a result of a breach

Operational Risk

Risk to the organization's ability to carry out its day-to-day functions

Compliance Risk

security breach causes an organization to run afoul of legal or regulatory requirements

Security Controls

Specific measures that fulfill the security objectives of an organization

Security Control Objectives

Technical, Operational, Managerial

Technical Controls

The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.

Operational controls

The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by people (as opposed to systems).

Managerial controls

procedural mechanisms that focus on the mechanics of the risk management process.

Security Control Types

Preventative, Detective, Corrective, Deterrent, Compensating, Physical

Preventive controls

controls that deter problems before they arise

Detective Controls

Security controls that attempt to detect security incidents after they have occurred.

Corrective Controls

controls that identify and correct problems as well as correct and recover from the resulting errors

Deterrent Controls

Security controls that attempt to discourage individuals from causing a security incident.

Physical Controls

Security controls that you can physically touch.

Compensating Controls

control procedures that compensate for the deficiency in other controls

Payment Card Industry Data Security Standard

A set of security standards that all U.S. companies processing, storing, or transmitting credit card information must follow.

Data at rest

Data that is stored.

Data in motion

Data that is moving over a WAN or LAN, a wireless network, over the internet, or in other ways

data in processing

actively in use by a computer system

Data Loss Prevention (DLP)

Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data

Host-based DLP

uses software agents installed on systems that search those systems for the presence of sensitive information. detecting that information allows the organization to take action to either remove or secure the data. Can also monitor system configuration and user actions, blocking undesirable actions.

Network-based DLP

dedicated devices that sit on the network and monitor outbound network traffic, watching for any transmissions that contain unencrypted sensitive information.

pattern matching

telltale signs of sensitive information

Watermarking

apply electronic tags to sensitive documents

Data minimization

seek to reduce risk by reducing the amount of sensitive information that we maintain on a regular basis

Data Obfuscation

The process that transforms data into a format where the original information can't be retrieved.

Hashing

transforming plaintext of any length into a short code called a hash.

Tokenization

The process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.

Masking

partially redacts sensitive information by replacing some or all sensitive fields with blank characters

Rainbow Table Attack

attempts to discover the password from the hash using databases of precomputed hashes; countermeasure is salting