Introduction to Cybersecurity

This post gives a general and brief overview about cybersecurity. It also links to other posts within this blog where the information is expanded.

Definitions of Information Security and Cybersecurity

Information security is in charge of the security of all information within an organization, regardless its medium. Hard copies and papers are part of information security.

Cybersecurity deals only with digital information, it means that is coded in an electronic media.

Traditionally, IT Security covers 3 aspects of information in what is called the CIA tried:

• Confidentiality
• Integrity
• Availability

There are other models, but the CIA model is probably the most popular.

Important concepts that must be understood:

Concept of risk

Concept of threat

Concept of vulnerability

Concept of exploit

Cybersecurity Areas

Areas covered on cybersecurity department:

• Governance, Risk & Compliance (GRC)
• Threat Intelligence
• Vulnerability Assessment
• Penetration testing
• Incident Response
• Forensics
• Malware Analysis
• Privacy
• Identity & Authentication
• Awareness

I tried to order them from the most preventive to the most reactive.

Governance, Risk & Compliance (GRC)

Governance should start at organization level , in what is called enterprise governance. They should set or identify the organization objectives, plan an strategy and enable risk management.

Information Security should take into account the organization objectives and identified risks to define information security objectives. To achieve these goals, the IS strategy must be defined.

An information security program (ISP) should be define different elements, including IT Security policies, standards and procedures. To know more about ISP, please read this post.

Standards provide a framework of general solutions to be used (e.g., recommended applications) across the organization.

Procedures specify in more details that is outlined by the policies.

Policies would be like the constitution, while procedures are the laws.

Security Architecture consist of managing resources to set in place controls related to IT security.

IS Governance

Information security governance covers different subjects.

Information security Governance subjects:

• IT security policies
• IT security program
• IT security framework
• IT security architecture framework

IT Risk

Risk manages the IT risk within an organization.

Information security subjects:

• IT risk management framework
• IT risk assessments

It is convenient that organization plan a risk map, where they identify risks surrounding the organization.

IT Compliance

You can find more information about compliance on this post.

Threat Intelligence

Organizations identifying threats:

• OWASP Top 10
• ENISA Thread Landscape (ETL) Report

Awesome Threat Intelligence is a list of resources about Threat Intelligence

https://github.com/hslatman/awesome-threat-intelligence

AlienVault Open Threat Exchange (OTX)

https://otx.alienvault.com/

Vulnerability assessment

A vulnerability scanner tool helps a organization to identify scanners.

You can read an introduction to IT vulnerabilities, including a list of IT vulnerability databases, on this post.

Penetration Testing

A Secure Posture Management (SPM) tool assesses the configuration of our assets regarding security.

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Matrix is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

https://attack.mitre.org/

You can find a summary of common attacks on this post.

Incident Response

A Security Operations Center (SOC) is a team within an organization that focus on incident response.

Monitoring is an important part of Incident Response.

A Security Information and Event Manager (SIEM) is a tool that agregates logs from different applications and systems, look for security events and send alerts.

It is important to take into account the Indicators of Attack (IoA) and Indicators of Compromise (IoC).

You can read more about incident response on this post.

Forensics

ASR (Attack Surface Reduction)

Specialized Information Security

Information Security areas specialized by activity or environment:

• Network Security
• IT Cloud Security
• Software Development Security
• Operating System Security
• Operational Technologies (OT) Security

Network Security

Network security covers information security on computer networks.

You can read more about network security on this post.

IT Cloud Security

IT Cloud technologies offer multiple possibilities but has specific security concerns that do not exist or are not as revelant in the on-premise technologies.

You can read more about cloud information security on this post.

Software Development Security

Software development teams should follow some guidelines and practices in order to create safe software.

You can read more about secure software development frameworks on this post.

You can read more about software security testing frameworks on this post.

Operating System Security

Operating system (OS) security is about security of operating systems.

This blogs contains posts about security of the following operating systems:

• Windows 10 security
• Android security
• iOS security

Operational Technologies (OT) Security

You can read more about OT Security on this post.