Section 2 Security+

Fundamentals of Security

Information Security

Protecting data from unauthorized access, modification, or destruction through various measures and practices.

Information System Security

Protecting the systems that hold and process information from threats and vulnerabilities.

Threat

Anything that could cause harm, loss, damage, or compromise to our information technology systems

Vulnerability

Any weakness in the system design or implementation

Risk Management

Finding ways to minimize the likelihood of an outcome and achieve the desired outcome

Confidentiality (Encryption)

Refers to the protection of information from unauthorized access and disclosure

Methods to ensure Confidentiality

■ Encryption
Process of converting data into a code to prevent unauthorized access

■ Access Controls
Strong user permissions can ensure that only authorized personnel can access certain types data

■ Data Masking
Obscuring specific data within a database to make it inaccessible for unauthorized users

■ Physical Security Measures
Locks and keycards

■ Training and Awareness

Integrity (Hashing)

Verifies the accuracy and trustworthiness of data over the entire lifecycle

Methods to maintain Integrity of data

■ Hashing

Process of converting data into a fixed-size value

■ Digital Signatures

Ensure both integrity and authenticity

■ Checksums

Method to verify the integrity of data during transmission

■ Access Controls

Ensure that only authorized individuals can modify data and this reduces the risk of unintentional or malicious alterations

■ Regular Audits

Reviewing logs and operations to ensure that only authorized changes have been made, and any discrepancies are immediately addressed

Availability (Redundancy)

Ensure that information, systems, and resources are accessible and operational when needed by authorized users

Redundancy

Duplication of critical components or functions of a system to enhance its reliability

Types of Redundancy

■ Server Redundancy

Involves using multiple servers in a load balanced or failover configuration so that if one is overloaded or fails, the other servers can take over

■ Data Redundancy

Involves storing data in multiple places

■ Network Redundancy

Ensures that if one network path fails, the data can travel through another route

■ Power Redundancy

Involves using backup power sources, like generators and UPS systems

Non-repudiation (Digital Signatures)

Providing undeniable proof that an entity is involved in a communication or action.

Authentication

Ensures individuals or entities are who they claim to be during a communication or transaction

Authentication Methods

■ Something you know (Knowledge Factor)

Relies on information that a user can recall

■ Something you have (Possession Factor)

Relies on the user presenting a physical item to authenticate themselves

■ Something you are (Inherence Factor)

Relies on the user providing a unique physical or behavioral characteristic of the person to validate that they are who they claim to be

■ Something you do (Action Factor)

Relies on the user conducting a unique action to prove who they are

■ Somewhere you are (Location Factor)

Relies on the user being in a certain geographic location before access is granted

Authorization

Defines what actions or resources a user can access.

Now that the system knows who you are through authentication, here is what you are allowed to do.

Accounting

Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded. Examples include Syslog servers and Network Analysis Tools.

Security Control Categories

■ Technical Controls

Technologies, hardware, and software mechanisms that are implemented to manage and reduce risk. (example: firewall, antivirus)

■ Managerial Controls

Sometimes also referred to as administrative controls. Involve the strategic planning and governance side of security

■ Operational Controls

Procedures and measures that are designed to protect data on a day-to-day basis. Are mainly governed by internal processes and human actions. (example: Changing password ever 90 days)

■ Physical Controls

Tangible, real-world measures taken to protect assets. (example: Key cards, security guards)

Preventative Controls

Proactive measures implemented to thwart potential security threats or breaches. (example: firewall)

Deterrent Controls

Discourage potential attackers by making the effort seem less appealing or more challenging. (example: warning users they are monitored)

Detective Controls

Monitor and alert organizations to malicious activities as they occur or shortly thereafter. (example: security camera, Intrusion Detection System)

Corrective Controls

Mitigate any potential damage and restore our systems to its normal state. (example: Quarentine and remove malware)

Compensating Controls

Additional measures that are implemented when primary security controls are not feasible or effective.

Directive Controls

Guide, inform, or mandate actions. Often rooted in policy or documentation and set the standards for behavior within an organization. (example: employee guidelines)

Gap Analysis steps

■ Define the scope of the analysis

■ Gather data on the current state of the organization

■ Analyze the data to identify any areas where the organization's current performance falls short of its desired performance

■ Develop a plan to bridge the gap

Technical Gap Analysis

Evaluating an organization's current technical infrastructure. Identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions.

Business Gap Analysis

Evaluating an organization's current business processes.

Plan of Action and Milestones (POA&M)

● Outlines the specific measures to address each vulnerability

● Allocate resources

● Set up timelines for each remediation task that is needed

Zero Trust

Demands verification for every device, user, and transaction within the network, regardless of its origin.

No user or system is trusted by default and requires continuous verification.

Control Plane

The overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access.

Control Plane key elements

■ Adaptive Identity

Relies on real-time validation that takes into account the user's behavior, device, location, and more,

■ Threat Scope Reduction

Limits the users’ access to only what they need for their work tasks because this reduces the network’s potential attack surface

Focused on minimizing the "blast radius" that could occur in the event of a breach

■ Policy-Driven Access Control

Entails developing, managing, and enforcing user access policies based on their roles and responsibilities

■ Secured Zones

Isolated environments within a network that are designed to house sensitive data

Data Plane

Ensures the policies are properly executed

■ Subject/System

Refers to the individual or entity attempting to gain access

■ Policy Engine

Cross-references the access request with its predefined policies

■ Policy Administrator

Used to establish and manage the access policies

■ Policy Enforcement Point

Where the decision to grant or deny access is actually execute