This post gives a general and brief overview about IT security and cybersecurity. It also links to other posts within this blog where the information is expanded.
Definitions of Information Security and Cybersecurity
Information security is in charge of the security of all information within an organization, regardless its medium. Hard copies and papers are part of information security.
Cybersecurity deals only with digital information, it means that is coded in an electronic media.
Traditionally, IT Security covers 3 aspects of information in what is called the CIA triad:
- Confidentiality
- Integrity
- Availability
There are other models, but the CIA model is probably the most popular. Additional aspects of security not covered in the basic CIA triad are traceability, authenticity, non-repudiation and accountability.
Important concepts that must be understood:
Concept of risk
Concept of threat
Concept of vulnerability
Concept of exploit
Cybersecurity Areas
Areas covered on cybersecurity department:
- Governance, Risk & Compliance (GRC)
- IT Security Architecture
- Asset Protection
- IT security operations
- Vulnerability Assessment
- Penetration testing
- Threat Intelligence
- Malware Analysis
- Incident Monitoring, Response & Recovery
- Forensics
- Privacy
- Awareness
I tried to order them from the most preventive to the most reactive.
Governance, Risk & Compliance (GRC)
Governance should start at organization level , in what is called enterprise governance. They should set or identify the organization objectives, plan an strategy and enable risk management.
Security Architecture consist of managing resources to set in place controls related to IT security.
IS Governance
You can read more about information security governance on this post.
IT Risk Management
You can read more about IT risk management on this post.
IT Compliance
You can find more information about IT compliance on this post.
IT Security Architecture
Cryptographic splitting or bit splitting implies distributing pieces of an information set over different parts of a network.
IT security architecture includes:
- IT Secure Design Principles
- IT Security Models
- Cryptography
- Identify and Access Management
IT Secure Design Principles
Least privilege
Need to know
Defense in depth
Zero trust
IT Security Models
Bell-LaPadula
Biba integrity model
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of adversarial behavior.
Some aspects of IT security (specifically confidentiality, integrity, authentication and non-repudiation) are directly related to cryptography.
You can read more about cryptography on this post.
Identity and Access Management
Identity and Access Management (IAM) includes internal network AAA, web-based IAM and directory services. You can find more about this on this post.
Asset Protection
Main IT assets to protect are:
- Data
- Application
- Endpoint
- Infrastructure
- People
Data
DataSec
Data governance
Data roles should be assigned to all data and IT assets. You can read more about data roles on this post.
You can read about data backups on this post.
You can read about how to safe data deletion on this post.
Data tools are data scanning tools and data loss prevention.
Data retention can be achieved by setting retention policies, that must include at least:
- Retention period
- Regulatory and compliance requirements
- Data classification impacts on retention
- How and when data should be deleted
- Archiving and retrieval processes
Database Security
You can read more about database security on this post.
IT Cloud Security
IT Cloud technologies offer multiple possibilities but has specific security concerns that do not exist or are not as revelant in the on-premise technologies.
You can read more about cloud information security on this post.
Application
AppSec
A system inventory associates individuals with systems or devices. This can help when tracking their support history and aids in provisioning the proper tools, permissions and data to a system.
Content Security Protocol (CSP) prevents XSS and code injection in web pages.
Operating System Security
Operating system (OS) security is about security of operating systems.
This blogs contains posts about security of the following operating systems:
Software Development Security
DevSecOps is used the integration of the development, deployent and security operations. It is an evolution of DevSec, that is the integration of just development and deployment. DevSecOps should include that includes SDS.
An example of DevSecOps is the integration of a DevOps tool (such as Azure DevOps) with the following security tools:
- AST (like SonarQube)
- Vulnerability scanners
- Pentesting tools
- Compliance assessment tools
You can read about software development security on this post.
Endpoint Security
You can read more about endpoint security on this post.
Operational Technologies (OT) Security
You can read more about OT Security on this post.
Infrastructures
Software defined security (SDS) enables security infrastructure easily manipulated by code. SDS is an example of infrastructure as code (IaC).
Network Security
Network security covers information security on computer networks.
You can read more about network security on this post.
People
Human Resources (HR) IT Security
Within the context of IT security, it is important that Human Resources (HR) department within an organization applies these controls:
- Before hiring
- Candidate screening before hiring
- Nondisclore (NDA) or Noncompete (NCA) Agreement Signing
- Signed policy acceptance
- At the end of contract
- Termination procedure (account termination, recovery of propert, exit interview)
IT Security Operations
IT security operations are the regular tasks to be done in IT to achieve asset protection.
A Secure Posture Management (SPM) tool assesses the configuration of our assets regarding security.
IT security operations:
- Vulnerability Management
- Threat Intelligence
- Penetration Testing
Vulnerability Management
You can read more about IT vulnerability management and assessment on this post.
Threat Intelligence
You can read more about IT threat intelligence on this post.
Penetration Testing
Penetration testing or pentesting is probably the most popular field of cybersecurity. When someone says that they work on cybersecurity, people often think first of this field.
You can read more about pentesting on this post.
Incident Monitoring, Response and Recovery
Security monitoring is part of incident response.
You can read more about incident response on this post.
Digital Forensics
You can read more about digital forensics on this post.
Awareness
Methods for IT security awareness include communications, training, simulations, etc.
It includes:
- Reminder
- Phishing simulation campaigns
- Tabletop simulations (e.g., ramsonware)
Security champions could be designed on each department to become a reference about cybersecurity.