Introduction to Cybersecurity

This post gives a general and brief overview about cybersecurity. It also links to other posts within this blog where the information is expanded.

Definitions of Information Security and Cybersecurity

Information security is in charge of the security of all information within an organization, regardless its medium. Hard copies and papers are part of information security.

Cybersecurity deals only with digital information, it means that is coded in an electronic media.

Traditionally, IT Security covers 3 aspects of information in what is called the CIA tried:

  • Confidentiality
  • Integrity
  • Availability

There are other models, but the CIA model is probably the most popular.

Important concepts that must be understood:

Concept of risk

Concept of threat

Concept of vulnerability

Concept of exploit

Cybersecurity Areas

Areas covered on cybersecurity department:

  • GRC (Governance, Risk & Compliance)
  • Threat Intelligence
  • Vulnerability Assessment
  • Penetration testing
  • Incident Response
  • Forensics
  • Malware Analysis
  • Privacy
  • Identity & Authentication
  • Awareness

Governance, Risk & Compliance (GRC)

Governance should start at organization level , in what is called enterprise governance. They should set or identify the organization objectives, plan an strategy and enable risk management.

Information Security should take into account the organization objectives and identified risks to define information security objectives. To achieve these goals, the IS strategy must be defined.

An information security program (ISP) should be define different elements, including IT Security policies, standards and procedures. To know more about ISP, please read this post.

Standards provide a framework of general solutions to be used (e.g., recommended applications) across the organization.

Procedures specify in more details that is outlined by the policies.

Policies would be like the constitution, while procedures are the laws.

Security Architecture consist of managing resources to set in place controls related to IT security.

Threat Intelligence

Organizations identifying threats:

OWASP Top 10
ENISA Thread Landscape (ETL) Report

Awesome Threat Intelligence is a list of resources about Threat Intelligence

https://github.com/hslatman/awesome-threat-intelligence

AlienVault Open Threat Exchange (OTX)

https://otx.alienvault.com/

Vulnerability assessment

Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities.

https://www.first.org/cvss/

http://nvd.nist.gov/cvss.cfm

MITRE Common Vulnerabilites and Exposures (CVE) is a list of publicly disclosed information security vulnerabilities and exposures.

https://cve.mitre.org/

MITRE Common Weakness Enumeration (CWE) is a community-developed list of software and hardware weakness types.

https://cwe.mitre.org/

OWASP Top 10 represents a broad consensus about the 10 most critical security risks to web applications.

https://owasp.org/www-project-top-ten/

ExploitDB is an archive of exploits for the purpose of public security, and it explains what can be found on the database

Penetration Testing

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Matrix is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

https://attack.mitre.org/

You can find a summary of common attacks on this external post.

Incident Response

A Security Operations Center (SOC) is a team within an organization that focus on incident response.

Monitoring is an important part of Incident Response.

It is important to take into account the Indicators of Attack (IoA) and Indicators of Compromise (IoC).

Forensics

ASR (Attack Surface Reduction)

Leave a Reply

Your email address will not be published. Required fields are marked *