Introduction to IT Security

This post gives a general and brief overview about IT security and cybersecurity. It also links to other posts within this blog where the information is expanded.

Definitions of Information Security and Cybersecurity

Information security is in charge of the security of all information within an organization, regardless its medium. Hard copies and papers are part of information security.

Cybersecurity deals only with digital information, it means that is coded in an electronic media.

Traditionally, IT Security covers 3 aspects of information in what is called the CIA triad:

  • Confidentiality
  • Integrity
  • Availability

There are other models, but the CIA model is probably the most popular. Additional aspects of security not covered in the basic CIA triad are traceability, authenticity, non-repudiation and accountability.

Important concepts that must be understood:

Concept of risk

Concept of threat

Concept of vulnerability

Concept of exploit

Cybersecurity Areas

Areas covered on cybersecurity department:

  • Governance, Risk & Compliance (GRC)
  • IT Security Architecture
  • Asset Protection
  • IT security operations
    • Vulnerability Assessment
    • Penetration testing
    • Threat Intelligence
      • Malware Analysis
    • Incident Monitoring, Response & Recovery
      • Forensics
  • Privacy
  • Awareness

I tried to order them from the most preventive to the most reactive.

Governance, Risk & Compliance (GRC)

Governance should start at organization level , in what is called enterprise governance. They should set or identify the organization objectives, plan an strategy and enable risk management.

Security Architecture consist of managing resources to set in place controls related to IT security.

IS Governance

You can read more about information security governance on this post.

IT Risk Management

You can read more about IT risk management on this post.

IT Compliance

You can find more information about IT compliance on this post.

IT Security Architecture

Cryptographic splitting or bit splitting implies distributing pieces of an information set over different parts of a network.

IT security architecture includes:

  • IT Secure Design Principles
  • IT Security Models
  • Cryptography
  • Identify and Access Management

IT Secure Design Principles

Least privilege

Need to know

Defense in depth

Zero trust

IT Security Models

Bell-LaPadula

Biba integrity model

Cryptography

Cryptography is the practice and study of techniques for secure communication in the presence of adversarial behavior.

Some aspects of IT security (specifically confidentiality, integrity, authentication and non-repudiation) are directly related to cryptography.

You can read more about cryptography on this post.

Identity and Access Management

Identity and Access Management (IAM) includes internal network AAA, web-based IAM and directory services. You can find more about this on this post.

Asset Protection

Main IT assets to protect are:

  • Data
  • Application
  • Endpoint
  • Infrastructure
  • People

Data

DataSec

Data governance

Data roles should be assigned to all data and IT assets. You can read more about data roles on this post.

You can read about data backups on this post.

You can read about how to safe data deletion on this post.

Data tools are data scanning tools and data loss prevention.

Data retention can be achieved by setting retention policies, that must include at least:

  • Retention period
  • Regulatory and compliance requirements
  • Data classification impacts on retention
  • How and when data should be deleted
  • Archiving and retrieval processes
Database Security

You can read more about database security on this post.

IT Cloud Security

IT Cloud technologies offer multiple possibilities but has specific security concerns that do not exist or are not as revelant in the on-premise technologies.

You can read more about cloud information security on this post.

Application

AppSec

A system inventory associates individuals with systems or devices. This can help when tracking their support history and aids in provisioning the proper tools, permissions and data to a system.

Content Security Protocol (CSP) prevents XSS and code injection in web pages.

Operating System Security

Operating system (OS) security is about security of operating systems.

This blogs contains posts about security of the following operating systems:

Software Development Security

DevSecOps is used the integration of the development, deployent and security operations. It is an evolution of DevSec, that is the integration of just development and deployment. DevSecOps should include that includes SDS.

An example of DevSecOps is the integration of a DevOps tool (such as Azure DevOps) with the following security tools:

You can read about software development security on this post.

Endpoint Security

You can read more about endpoint security on this post.

Operational Technologies (OT) Security

You can read more about OT Security on this post.

Infrastructures

Software defined security (SDS) enables security infrastructure easily manipulated by code. SDS is an example of infrastructure as code (IaC).

Network Security

Network security covers information security on computer networks.

You can read more about network security on this post.

People

Human Resources (HR) IT Security

Within the context of IT security, it is important that Human Resources (HR) department within an organization applies these controls:

  • Before hiring
    • Candidate screening before hiring
    • Nondisclore (NDA) or Noncompete (NCA) Agreement Signing
    • Signed policy acceptance
  • At the end of contract
    • Termination procedure (account termination, recovery of propert, exit interview)

IT Security Operations

IT security operations are the regular tasks to be done in IT to achieve asset protection.

A Secure Posture Management (SPM) tool assesses the configuration of our assets regarding security.

IT security operations:

  • Vulnerability Management
  • Threat Intelligence
  • Penetration Testing

Vulnerability Management

You can read more about IT vulnerability management and assessment on this post.

Threat Intelligence

You can read more about IT threat intelligence on this post.

Penetration Testing

Penetration testing or pentesting is probably the most popular field of cybersecurity. When someone says that they work on cybersecurity, people often think first of this field.

You can read more about pentesting on this post.

Incident Monitoring, Response and Recovery

Security monitoring is part of incident response.

You can read more about incident response on this post.

Digital Forensics

You can read more about digital forensics on this post.

Awareness

Methods for IT security awareness include communications, training, simulations, etc.

It includes:

  • Reminder
  • Phishing simulation campaigns
  • Tabletop simulations (e.g., ramsonware)

Security champions could be designed on each department to become a reference about cybersecurity.

You might also be interested in…

Leave a Reply

Your email address will not be published. Required fields are marked *