This post gives a general and brief overview about cybersecurity. It also links to other posts within this blog where the information is expanded.
Definitions of Information Security and Cybersecurity
Information security is in charge of the security of all information within an organization, regardless its medium. Hard copies and papers are part of information security.
Cybersecurity deals only with digital information, it means that is coded in an electronic media.
Traditionally, IT Security covers 3 aspects of information in what is called the CIA tried:
There are other models, but the CIA model is probably the most popular.
Important concepts that must be understood:
Concept of risk
Concept of threat
Concept of vulnerability
Concept of exploit
Areas covered on cybersecurity department:
- Governance, Risk & Compliance (GRC)
- Threat Intelligence
- Vulnerability Assessment
- Penetration testing
- Incident Response
- Malware Analysis
- Identity & Authentication
I tried to order them from the most preventive to the most reactive.
Governance, Risk & Compliance (GRC)
Governance should start at organization level , in what is called enterprise governance. They should set or identify the organization objectives, plan an strategy and enable risk management.
Information Security should take into account the organization objectives and identified risks to define information security objectives. To achieve these goals, the IS strategy must be defined.
An information security program (ISP) should be define different elements, including IT Security policies, standards and procedures. To know more about ISP, please read this post.
Standards provide a framework of general solutions to be used (e.g., recommended applications) across the organization.
Procedures specify in more details that is outlined by the policies.
Policies would be like the constitution, while procedures are the laws.
Security Architecture consist of managing resources to set in place controls related to IT security.
Information security governance covers different subjects.
Information security Governance subjects:
Risk manages the IT risk within an organization.
Information security subjects:
- IT risk management framework
- IT risk assessments
It is convenient that organization plan a risk map, where they identify risks surrounding the organization.
You can find more information about compliance on this post.
Organizations identifying threats:
- OWASP Top 10
- ENISA Thread Landscape (ETL) Report
Awesome Threat Intelligence is a list of resources about Threat Intelligence
AlienVault Open Threat Exchange (OTX)
A vulnerability scanner tool helps a organization to identify scanners.
You can read an introduction to IT vulnerabilities, including a list of IT vulnerability databases, on this post.
A Secure Posture Management (SPM) tool assesses the configuration of our assets regarding security.
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Matrix is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
You can find a summary of common attacks on this post.
A Security Operations Center (SOC) is a team within an organization that focus on incident response.
Monitoring is an important part of Incident Response.
A Security Information and Event Manager (SIEM) is a tool that agregates logs from different applications and systems, look for security events and send alerts.
It is important to take into account the Indicators of Attack (IoA) and Indicators of Compromise (IoC).
You can read more about incident response on this post.
ASR (Attack Surface Reduction)
Specialized Information Security
Information Security areas specialized by activity or environment:
- Network Security
- IT Cloud Security
- Software Development Security
- Operating System Security
- Operational Technologies (OT) Security
Network security covers information security on computer networks.
You can read more about network security on this post.
IT Cloud Security
IT Cloud technologies offer multiple possibilities but has specific security concerns that do not exist or are not as revelant in the on-premise technologies.
You can read more about cloud information security on this post.
Software Development Security
Software development teams should follow some guidelines and practices in order to create safe software.
You can read more about secure software development frameworks on this post.
You can read more about software security testing frameworks on this post.
Operating System Security
Operating system (OS) security is about security of operating systems.
This blogs contains posts about security of the following operating systems:
Operational Technologies (OT) Security
You can read more about OT Security on this post.