Cybersecurity Essentials - Module 10 Cheat Sheet

# Module 10: Cybersecurity Principles, Practices, and Processes ### 10.1 The Three Dimensions --- #### **10.1.2 The Cybersecurity Cube** - **Overview**: A framework to guide cybersecurity efforts, consisting of three dimensions: 1. **Security Principles (CIA Triad)**: - **Confidentiality**: Protects data from unauthorized access (e.g., encryption, tokenization). - **Integrity**: Ensures data is accurate, consistent, and trustworthy (e.g., hashing, validation checks). - **Availability**: Ensures data and systems are accessible when needed (e.g., redundancy, backups). ![image](https://hackmd.io/_uploads/H1JfdFrQ1x.png) 2. **Data States**: - **Data in Transit**: Protects data during transmission. - **Data at Rest**: Secures data stored on devices. - **Data in Process**: Safeguards data being actively used. ![image](https://hackmd.io/_uploads/Hktf_KBQke.png) 3. **Safeguards**: - **Technology**: Tools like encryption and firewalls. - **Policy and Practices**: Organizational rules and procedures. - **People**: Training, education, and awareness for users and employees. ![image](https://hackmd.io/_uploads/BkNI_KSXJx.png) --- #### **10.1.3 Confidentiality** - **Methods**: - **Tokenization**: Replaces sensitive data with random tokens for secure storage and processing. - **Encryption**: Secures data using encryption keys, ensuring only authorized parties can decrypt. - **Rights Management**: - **DRM**: Protects digital media (e.g., music, films) with encryption. - **IRM**: Manages access to organizational files like emails and documents. --- #### **10.1.4 Data Privacy** - **Categories of Sensitive Information**: 1. **Personal Information**: Employee bank details, medical records. 2. **Business Information**: Proprietary data, new product plans. 3. **Classified Information**: Restricted government or high-security information. - **Techniques**: - **Anonymization**: Converts identifiable data into irreversible anonymous data. - **Data Minimization**: Collects only necessary data to reduce privacy risks. --- #### **10.1.6 Data Integrity** - **Definition**: Ensures data remains accurate and consistent across its lifecycle. - **Methods**: - **Hashing**: Detects unauthorized changes to data. - **Data Validation and Consistency Checks**: Verifies data accuracy. - **Access Controls**: Restricts unauthorized data modifications. - **Criticality Levels**: - **Critical**: Healthcare (e.g., prescription accuracy). - **High**: E-commerce (e.g., transaction accuracy). - **Medium**: Publicly collected data (e.g., search engine results). - **Low**: Public opinion (e.g., blogs, social media). --- #### **10.1.7 Availability** - **Definition**: Ensures systems, data, and services are accessible when needed. - **Common Causes of Failures**: - Malicious attacks (e.g., DoS). - System failures (e.g., hardware malfunctions). - Natural disasters (e.g., power outages, floods). - **Ensuring High Availability**: - **System Redundancy**: Duplicate systems to prevent downtime. - **System Backups**: Frequent backups with testing for data recovery. - **System Resiliency**: Builds resistance against cyberattacks and failures. --- #### **10.1.9 Measures for Ensuring Availability** - **Equipment Maintenance**: Regular hardware upkeep. - **OS/Software Updates**: Scheduled updates to fix vulnerabilities. - **Backup Testing**: Ensures reliable data restoration. - **Disaster Planning**: Prepares for unexpected events (e.g., natural disasters). - **New Technologies**: Adopts modern solutions to combat evolving threats. - **Activity Monitoring**: Real-time system alerts and event logs to detect issues. - **Availability Testing**: Uses port scans, vulnerability scans, and penetration tests. --- #### **Key Takeaways** 1. **The Cybersecurity Cube**: - Covers principles, data states, and safeguards for comprehensive security. 2. **Confidentiality**: - Relies on encryption, tokenization, and rights management to protect sensitive data. 3. **Data Integrity**: - Uses validation, hashing, and access controls to ensure data accuracy. 4. **Availability**: - Achieved through redundancy, backups, proactive maintenance, and disaster planning. >[!Warning]Recap >The first dimension of the cybersecurity cube identifies the goals to protect cyberspace. Data confidentiality prevents the disclosure of information to unauthorized people, resources, or processes. Data integrity refers to the accuracy, consistency, and trustworthiness of data. Data availability ensures that information is accessible by authorized users when needed. You can use the acronym CIA to remember these three principles. The second dimension of the cybersecurity cube represents the three possible data states: data in transit, data at rest or in storage, and data in process. > >The third dimension of the cybersecurity cube defines the pillars on which to base your cybersecurity defenses. These are: 1. technology, 2. policies and practices, and 3. improving education, training and awareness in people. > >To accomplish confidentiality without using encryption, tokenization is a substitution technique that can isolate data elements from exposure to other data systems. Rights management covers both digital rights management (DRM) and information rights management (IRM). Both protect data from unauthorized access by using encryption. Types of sensitive information fall into three categories: personal information, business information and classified information. Some organizations deploy privacy enhancement technologies including anonymization, data minimization and tokenization to help resolve data privacy concerns. > >Integrity is the accuracy, consistency and trustworthiness of data across its entire lifecycle. Methods used to ensure data integrity include hashing, data validation checks, data consistency checks and access controls. Availability ensures that information can be accessed whenever it is needed. Actions that help ensure availability include equipment maintenance, OS and software updates and patches, backup testing, disaster planning, new technology implementations, activity monitoring, and availability testing. ### 10.2 States of Data --- #### **Overview** Data exists in three states: 1. **At Rest**: Stored data not actively in use. 2. **In Transit**: Data moving between systems or networks. 3. **In Process**: Data being actively used or modified. Cybersecurity professionals must protect data in all states to maintain its confidentiality, integrity, and availability. --- #### **10.2.2 Data at Rest** **Definition**: Data stored on devices or systems, not actively accessed or processed. - **Storage Types**: - **Direct-Attached Storage (DAS)**: Locally connected (e.g., USB drives). Limited to single-user access and vulnerable to local attacks. - **Redundant Array of Independent Disks (RAID)**: Combines multiple disks for performance and fault tolerance. - **Network-Attached Storage (NAS)**: Centralized storage accessible over a network by authorized users. - **Storage Area Network (SAN)**: High-speed network-based storage for multiple servers. - **Cloud Storage**: Remote storage accessed over the internet (e.g., Google Drive, Dropbox). **Challenges**: - DAS is hard to manage and control; vulnerable to attacks on local hosts. - Network storage (NAS, SAN, RAID) offers better redundancy but requires careful configuration, testing, and monitoring. - Cybersecurity professionals must centralize and automate backups to minimize data loss risks. --- #### **10.2.5 Data in Transit** **Definition**: Data being transmitted between devices or systems. - **Transmission Methods**: - **Sneaker Net**: Physical transport of data (e.g., USB drives). - **Wired Networks**: Uses copper or fiber optic cables for local (LAN) or wide area networks (WAN). - **Wireless Networks**: Uses radio waves, often increasing attack surfaces due to mobile devices and SOHO networks. **Key Protection Techniques**: 1. **Confidentiality**: Use encryption protocols like VPNs, SSL, and IPsec to secure data. 2. **Integrity**: Implement hashing and redundancy systems to detect and prevent tampering. 3. **Availability**: Deploy mutual authentication systems to prevent rogue devices from interrupting data flows. **Challenges**: - **Confidentiality Risks**: Data can be captured or stolen in transit. - **Integrity Risks**: Data might be altered by cybercriminals during transmission. - **Availability Risks**: Unauthorized devices or rogue access points can disrupt availability. --- #### **10.2.7 Data in Process** **Definition**: Data actively being used, modified, or computed. Neither stored nor in transit. - **Stages of Data in Process**: 1. **Input**: Collection of data via entry, sensors, file uploads, or scanning forms. Risks include: - Incorrect or mismatched formats. - Malfunctioning sensors or mislabeling errors. 2. **Modification**: Intentional changes (e.g., encoding, encryption, compression) or unintentional changes (e.g., corruption due to equipment failure or malicious code). 3. **Output**: Data delivered to devices (e.g., printers, displays). Accuracy issues may arise from: - Incorrect delimiters or configurations. - Misconfigured devices. **Challenges**: - Data corruption at any stage can render information unusable or unreliable. - Malicious modifications can compromise decision-making or disrupt operations. --- #### **10.2.6 Challenges and Protections Across All States** **Common Challenges**: 1. Data is increasingly at risk due to mobile and IoT device proliferation. 2. Cybercriminals continuously develop new methods to exploit vulnerabilities. **Protective Measures**: - Use encryption for confidentiality. - Implement hashing and redundancy for integrity. - Employ backups, mutual authentication, and monitoring for availability. **Role of Cybersecurity Professionals**: - Design and enforce robust policies for data protection. - Regularly test, maintain, and update systems to minimize vulnerabilities. - Educate employees on safe practices for managing data in all states. >[!Warning]Recap >Information security requires data to be protected in all three states: at rest, in transit and in process. Data is at rest when no user or process is accessing, requesting, or amending it. Data can be stored in DAS, RAID, NAS, SAN, or in the cloud. Direct-attached storage is vulnerable to malicious attacks on the local host. Data at rest also includes backup data (when it is not being written or in transit). Backups can be manual or automatic. Network storage systems including RAID, SAN and NAS provide greater performance and redundancy. They handle a lot of data, posing a greater risk to the organization if the device fails. The unique challenges of network storage systems include configuring, testing and monitoring the system. > >Data in transit is data which is being transmitted — it is not at rest nor in use. A sneaker net uses removable media to physically move data from one computer to another. Wired networks include copper and fiber optic media and can serve a local area network (LAN) or span great distances in wide area networks (WAN). Both wired and wireless networks use packets or data units. Standard protocols such as the Internet Protocol (IP) and Hypertext Transfer Protocol (HTTP) define the structure and formation of data packets. Cybercriminals can capture, save and steal data in transit. Cybersecurity professionals can implement VPNs, using SSLs, IPsec and various other methods of encryption. Cybercriminals can intercept and alter data in transit. Cybersecurity professionals deploy data integrity systems that test the integrity and authenticity of transmitted data to counter these actions. These systems include hashing and data redundancy. Cybercriminals can use rogue or unauthorized devices to interrupt data availability, capturing it in transit. Mutual authentication systems require the user to authenticate to the server and requests the server to authenticate to the user. > >Data in process refers to data during initial input, modification, computation, or output. > >Protection of data integrity starts with the initial input of data. Organizations use several methods to collect data, each posing a potential threat to data integrity: data entry, scanning forms, file uploads and data collected from sensors. > >Corruption during the input process may include mislabeling and incorrect or mismatched data formats, data entry errors or disconnected and/or malfunctioning or inoperable system sensors. When data is modified in a way that stops it from being readable or usable, this is often referred to as data corruption. Examples of output data corruption include the incorrect use of data delimiters, incorrect communication configurations and improperly configured printers. Invalid data modification during processing can have an adverse impact, and mitigating against such cases is important. ### 10.3 Cybersecurity Countermeasures --- #### **10.3.2 Hardware-Based and Software-Based Technologies** - **Software Safeguards:** - **Software Firewalls:** Controls remote access; included in OS or available from third parties. - **Network and Port Scanners:** Monitors open ports on hosts/servers. - **Protocol Analyzers:** Examines network traffic to identify issues and baseline traffic patterns. - **Vulnerability Scanners:** Identifies weaknesses in systems/networks. - **Host-Based Intrusion Detection Systems (IDS):** Monitors host-specific activity and generates logs/alerts. - **Hardware-Based Technologies:** - **Firewalls:** Block unwanted traffic with customizable rules. - **Proxy Servers:** Mask internal IP addresses; represent clients during service requests. - **Hardware-Based Access Control:** Uses biometrics like fingerprints or iris scans for authentication. - **Network Switches:** Securely link devices in local area networks (LANs). --- #### **10.3.3 Establishing a Cybersecurity Culture** - **Education and Training:** - Include security awareness in onboarding. - Use gamification (e.g., capture-the-flag scenarios) for engaging training. - Offer online courses and modules. - **Active Security Awareness Programs:** - Tailor programs to the organization’s environment, threats, and data requirements. - Reinforce that people are the first line of defense and critical to cybersecurity. --- #### **10.3.5 Security Policies** - **Purpose:** - Communicates security objectives and rules of behavior. - Defines legal consequences for violations. - Ensures consistency in operations and supports security staff. - **Key Components:** - **Identification and Authentication Policies:** Defines authorized users and verification procedures. - **Password Policies:** Requires strong passwords and regular changes. - **Acceptable Use Policies:** Specifies permissible use of network resources and consequences of violations. - **Remote Access Policies:** Defines how and what resources are accessible remotely. - **Network Maintenance Policies:** Standardizes updates for devices, OS, and applications. - **Incident Handling Policies:** Outlines procedures for responding to security incidents. --- #### **10.3.6 Standards** - **Definition:** Frameworks for maintaining consistency in network operation. - **Example:** - Password standards may require: - Minimum 8 characters (uppercase, lowercase, numbers, special symbols). - Password changes every 30 days. - History of 12 passwords to avoid reuse. --- #### **10.3.8 Guidelines** - **Flexible Recommendations:** Suggestions for improving security and efficiency. - **Sources:** - National Institute of Standards and Technology (NIST). - National Security Agency (NSA) Configuration Guides. - Common Criteria standards. - **Example:** Password guideline: Convert memorable phrases into secure passwords, e.g., “I have a dream” → **Ihv@dr3@m**. --- #### **10.3.9 Procedures** - **Purpose:** Detailed implementation instructions for consistency and security. - **Example:** Changing Password: 1. Press **Ctrl-Alt-Del** to open the login dialog. 2. Click **Change Password.** 3. Enter the current password. 4. Input the new password. 5. Re-enter the new password for verification. >[!Warning]Recap >Administrators can install the following software-based countermeasures or safeguards on individual hosts or servers: software firewalls, network and port scanners, protocol analyzers, vulnerability scanners, and host-based IDS. A security awareness program and solid, comprehensive security policies are extremely important. Make security awareness training a part of an organization’s onboarding process. Tie security awareness to job requirements or performance evaluations. Conduct in-person training sessions using gamification and activities. Complete online modules and courses. > >An active security awareness program depends on the organization's environment and network, the level of threat, and the nature and demands of the data the organization holds. Developing security awareness should be an ongoing process because new threats and techniques are always emerging. > >A comprehensive security policy demonstrates an organization’s commitment to security. It sets the rules for expected behavior and ensures consistency in system operations and software and hardware acquisition, use, and maintenance. It defines the legal consequences of violations, and it gives security staff the backing of management. Types of security policies include identification and authentication, passwords, acceptable use, remote access, network maintenance, and incident handling. > >Standards documents provide the technologies that specific users or programs need. In addition, they specifiy program requirements or criteria that an organization must follow. This helps IT staff improve efficiency and simplicity in design, maintenance, and troubleshooting. In addition to an organization’s defined best practices, guidelines are also available from the following: the National Institute of Standards and Technology (NIST) Computer Security Resource Center, the National Security Agency (NSA) Security Configuration Guides, and the Common Criteria standard. > >Procedure documents are longer and more detailed than standards and guidelines. They include implementation details that usually contain step-by-step instructions and graphics.