Comprehensive Cybersecurity and SDLC Principles for Information Systems

Hardware

The main technology that executes software, stores and carries data, and provides an interface to enter and retrieve information from the system.

Physical security policies

Ensure that important hardware is secured by keeping it in a restricted area.

System Development Life Cycle (SDLC)

Provides a methodology to design and implement an information system for an organization in a systematic way.

Information security

Must protect data during three stages: store, processing, and transmission.

Investigation phase

The first phase of SDLC.

Analysis phase

The second phase of SDLC.

Maintenance phase

The last phase of SDLC.

Design phase

In SDLC, security designers propose alternative solutions to the problem.

Implementation phase

When the approved solution is developed and implemented in SDLC.

Analysis Phase of SDLC

Uses results of the previous phase to analyze: objectives of the project, status of the organization, and integration with the new security system.

CIA Model

Can be used to protect the data during transmission.

Network security

Refers to the security of routers, bridges, switches, and TCP connections.

Protecting networks from unauthorized access

Can involve using Firewalls and Intrusion Detection Systems.

SDLC

Stands for System Development Life Cycle.

First phase of SDLC

Define the Project Scope and stakeholders.

Significance of Secure SDLC

SDLC provides a methodology to design, develop, and implement an information security system for an organization in a systematic way.

Secure SDLC in a real-world project

Gather requirements in the context of security, analyze the existing system and integration needs, address missing features, and follow each SDLC phase systematically.

Computer Security

Ensures that computer systems are working properly and available to authorized users whenever needed.

Information system

Has six main components: Data, Software, Hardware, Network, Procedures, and People.

Confidentiality

Refers to hiding information from people who are not authorized to view that information.

Confidentiality significance

Prevents an organization from passive attacks.

HASH algorithm

One way to ensure data integrity.

Message authentication

Ensures that information received is not modified during transmission.

Data Integrity

Prevents an organization from active attacks.

Encryption

Ensures confidentiality of transmitted packets.

Communication security

The security of organization's media, technology, and content.

Personal security

The security of all the stakeholders (people authorized to access the organization & operations).

Operation security

The security of internal operations or activities done daily.

Physical security

The security of items, objects, and areas that physically exist in the organization from unauthorized access or misuse.

User authentication

Ensures that the received message has not been modified during transmission.

Files on your computer

Can be made unreadable to others by using Encryption.

CIA

Stands for Confidentiality, Integrity, and Availability.

Availability

Means resources should be accessible at the required time and usable only by the authorized entity.

People Security

Protects individuals or groups authorized to access an organization.

Active attack

Attacker intercepts packets and modifies before retransmission to the destination.

Passive attack

Attacker intercepts packets and reads contents without making modifications.

Digital Signature

Used to verify sender's identity.

CIA Model goals

Confidentiality: Use encryption/decryption to protect sensitive info; Integrity: Ensure stored and transmitted info isn't altered by unauthorized users; Availability: Ensure all resources are available to authorized users whenever needed.