Cybersecurity Basics E043 2024 11 20A Bit of Security for November 11, 2024
What is the fundamental reason for cybersecurity? One common explanation is that data needs to be safe. That usually means that data shall not be inadvertently disclosed, changed, or lost. More formally these three principles are confidentiality, integrity, and availability. People use the acronym C – I – A for short. So how do you achieve that? To keep data from being disclosed when it shouldn’t we use encryption for data at rest or in motion. We can segment the network so data at rest is protected from prying eyes. Once upon a time, we used to try to protect data by not telling people where it was. That doesn’t work anymore. It’s too easy to scan a network and find stuff. The notion of “security through obscurity” never really worked at all, but it seemed to give some people a good feeling.
How do we preserve data integrity? One way is to use what’s called a “hash” or message digest. That takes the information in the message and runs it through a program that builds a short string. When I send you a message, I’ll send you the message digest along with it, You can then use the same program to see if you get the same hash that I created. The trick is that if there is a tiny change in the message, the hash is completely different. So if the original hash matches the one you create, you can be sure that the message is unchanged.
What about availability? That means back up your data. Make sure there is a copy of it that’s nearby, and another one that’s maybe on a different system. Some folks back up their stuff to the cloud and make a copy on a physical device in their office, too. Ther are some fairly expensive solutions that maintain multiple copies of data and constantly check that they are the same – so when a lot of requests for the data arrive, the system can answer them in parallel.
Information security covers quite a bit more. You need to figure out what went wrong so it doesn’t happen again – that takes logging and tools to understand the logs. Security includes the procedures to restore systems following an interruption. And security is central to sustaining privacy. Laws and regulations govern certain types of data and some processes. Security has to understand those and figure out how to make sure the company isn’t breaking the law or failing to comply with a rule. Security also determines who can use the system, and what they can do. Authentication and authorization are part of security.
If you want to begin, take a look at the ISO standard ISO 7498-2. For those of you who are familiar with computer networks, ISO 7498 is the seven layer reference model: the physical layer (the wires or fiber cables), all the way up to the application layer. The -2 standard applies five basic security functions against that model, and shows how these functions play in each layer. The five basic functions are Authentication, Authorization, Data Confidentiality, Data Integrity, and Non-repudiation. Non-repudiation means that if I send you a message, I cannot later deny that I sent the message; and it also means that if you read a message, you cannot later deny that you read it.
From some very simple concepts we begin to glimpse the complexity of information security. Having worked in it for decares, I can assure you that there is always something more to learn. If that’s appealing to you, seek out an entry-level job or do a little reading to get more familiar with the field. We need smart people to help.
That’s our Bit of Security for Wednesday, November 20, 2024. I’m William Malik. Be safe!
Cybersecurity Basics
A Bit of Security for November 20, 2024
Why do we do cybersecurity? Here’s a look at some basic concepts. Listen to this -
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #securitybasics #ISO7498 #confidentiality #integrity #availability #BitofSec
Музыка
Фильмы
ТВ Шоу
Категории видео
