principles of security (test)

### principles of security

Defense in Depth is the use of multiple varied layers of security to an organization's systems and data in the hopes that multiple layers will provide redundancy in an organization's security perimeter.

### The CIA Triad

The CIA Triad, used from back 1998, is a information security model that security policies follow when being created.

Made up of three sections, Confidentiality Integrity Availabilty, this is the industry standard. Using this model, you should be able to determine the value of the data relevant, or data that deserves high attention.

These three sections aren't individualized, they work in a continuous loop together. Even if one condition isn't met, the other two are rendered useless, and the policy seldom ends up effective.

#### Confidentiality

This element is the prevention of unauthorized access or misuse of sensitive data. To provide confidentiality means to protect sensitive data from being seen from someone not authorized to.

#### Integrity

This element is the consistency and trueness of the information/data. To provide integrity, is to keep the information unchanged (unless there's been authorized change), & have steps taken to prevent unauthorized changes (like a breach).

#### Availability

In order for data to be useful, it needs to be accessible and available to be accessed by authorized users.

Availability is often a benchmark for a organization. Availability is achieved by:

- Having reliable and well-tested hardware for their information technology servers

- Having redundant technology and services in the case of failure of the primary

- Implementing well-versed security protocols to protect technology and services from attacks.

### Principles of Privileges

The privileges given are based primarily on two things:

- the persons role/function within the organization

- the sensitivity of the information being stored on the system.

Two key concepts are used to assign and manage the access rights of individuals: PAM (Privileged Access Management) and PIM (Privileged Identity Management).

PIM is when you translate a user's role into a access role on a system. PAM is the management of the privileges a access role has within an organization.

What is essential when discussing privilege and access controls is the principle of least privilege. Simply, users should be given the minimum amount of privileges, and only those that are absolutely necessary for them to perform their duties. Other people should be able to trust what people write to.

As we previously mentioned, PAM incorporates more than assigning access. It also encompasses enforcing security policies such as password management, auditing policies and reducing the attack surface a system faces.

### Security Models Continued

According to a security model, any type of technology that stores information, is a information system.

##### The Bell-La Padula Model

Achieves confidentiality, it operates on a "need to know" basis for access for objects (pieces of data). This models rule is "no write down, no read up." Usually used in military and government settings, because they usually have already went through the "vetting" process. "vetting" is screening process of searching through a persons background and history and seeing if their reliable and not a risk to the organization. People who have already went through the vetting are deemed trustworthy,

##### Biba Model

This model applies the rule to objects (data) and subjects (users) that can be summarized as "no write up, no read down". This rule means that subjects can create or write content to objects at or below their level but can only read the contents of objects above the subject's level. The Biba model is used in organizations or situations where integrity is more important than confidentiality. For example, in software development, developers may only have access to the code that is necessary for their job. They may not need access to critical pieces of information such as databases, etc.

### Threat Modelling & Incident Response

Threat Modelling is the process of reviewing, improving, and the testing of the security protocols in information systems in organizations. A critical stage of the threat modelling process is identifying likely threats that an application or system may face, the vulnerabilities a system or application may be vulnerable to. The threat modelling process is very similar to a risk assessment made in workplaces for employees and customers. The principles all return to:

- Preparation

- Identification

- Mitigations

- Review

It is, however, a complex process that needs constant review and discussion with a dedicated team. An effective threat model includes:

- Threat intelligence

- Asset identification

- Mitigation capabilities

- Risk assessment

frame STRIDE includes six main principles:

- Spooling - requires authentication for requests and users accessing a system. Spoofing is a malicious attacker falsely identifying as another person/user. Access keys (API) helps remediate this threat.

- Tampering - by adding anti-tempering measures, you help provide integrity. Data must be kept accurate at all times.

- Repudiation - controls the use of services like logging activity history for an application/system to track.

- Information Disclosure - for systems that handle multiple user information, the right information for the respective and relevant user must appear for only them.

- Denial of Service - Applications and services use up system resources, these two things should have measures in place so that abuse of the application/service won't result in bringing the whole system down.

- Elevation of Privilege - worst case scenario, this means an attacker was able to escalate their permission type (administrator or super user). This can lead to them having access to more sensitive files and more exploitation's.

A breach of security is known as an incident. Incidents are classified using a rating of urgency and impact. Urgency will be determined by the type of attack faced, where the impact will be determined by the affected system and what impact that has on business operations. An incident is responded to by a CSIRT, to successfully solve an incident, six phases:

Preparation - Do we have the resources and plans in place to deal with the security incident?

Identification - Has the threat and the threat actor been correctly identified in order for us to respond to?

Containment - Can the threat/security incident be contained to prevent other systems or users from being impacted?

Eradication - Remove the active threat.

Recovery - Perform a full review of the impacted systems to return to business as usual operations.

Lessons Learned - What can be learnt from the incident? I.e. if it was due to a phishing email, employees should be trained better to detect phishing emails.