Security Lecture #1: Why we need cyber security

In this chapter, I will first explain why we need cyber security. Then we will explain what exactly cyber security is again.

And finally, we will show how cyber security can save an entire organization from organized cybercrime through scenarios.

We live in a digital age. Whether it is making a hotel reservation, ordering dinner, or booking a cab, we are constantly using the Internet.

We are constantly using the Internet and generating data all the time. Data is nowadays usually stored in the cloud. A cloud is essentially a huge data center that you can access online.

We also utilize a variety of devices to access this data. There are so many points of access for hackers, and we live in an age of public iP addresses, huge amounts of traffic, and massive amounts of data that can be exploited.

Hackers are attacking every day by exploiting vulnerabilities and creating malicious software that occurs as cyber attacks are evolving day by day.

This applies to large organizations as well as individuals.

In the past, there have been multiple cyber incidents that have compromised data privacy and confidentiality.

If you visit the site information is beautiful, you can see some of the famous cyber crimes.

Information is Beautiful
Distilling the world's data, information & knowledge into beautiful infographics & visualizations

You’ll notice that even large companies like Ebay, Evernote, and Adobe have actually experienced massive cyber breaches despite having many security measures in place to protect their data.

In this way, not only individuals are being targeted by hackers, but also large organizations are being targeted all the time.

After seeing all the possibilities of all kinds of cyber attacks, past information breaches, and huge amounts of data, you would think that we would have some measures in place to protect ourselves from all these kinds of cyber attacks.

Three main principles of cyber security and three actions to prevent

Security includes cyber security and physical security, which in the computer world is known as cyber security/information security and is used to prevent the cyber attacks mentioned above.

Cybersecurity is a

  • “Confidentiality of data”
  • “Integrity”
  • “Availability”

These are the three principles of cybersecurity, often abbreviated as CIA

Cybersecurity can be used to prevent cyber-attacks, data leaks, and identity theft, and help manage risk.

For example, it can scan your computer for malicious code while protecting your information for user protection and preventing loss due to theft.

Now, when we talk about cyber security, there are three main activities that attackers do. It is

  • unauthorized modification
  • unauthorized deletion
  • unauthorized access

These three are very similar to the CIA TRIED (Confidentiality Integrity Availability) mentioned earlier.

CIA TRIED is also commonly referred to as the three pillars of security, and most of the security policies of small and medium-sized businesses as well as large enterprises are based on these three principles.

Confidentiality of data

First up is “data confidentiality”.

Data confidentiality is almost the same thing as “privacy”. The measures put in place to ensure confidentiality are designed to prevent sensitive information from getting into the wrong hands, while at the same time ensuring that the right people actually get it.

You need to restrict access to only those who are authorized to view the data.

It is also common to classify data according to the size and type of damage.

If the file ends up in the hands of more or less unintended people, strict measures can be taken depending on its classification.

To protect the confidentiality of data, it may be necessary to provide special training to those who come into contact with such documents.

Such training usually involves security risks that may threaten that information.

Training can make authorized people aware of risk factors and how to counter them.

Also included is training on strong passwords, password-related best practices, and information on social engineering techniques to prevent people from bending data handling rules in good faith and getting the worst of it.

Integrity

Next, we have Integrity. Integrity is about maintaining the consistency, accuracy, and reliability of data throughout its lifecycle.

Data must not be altered in transit, and steps must be taken to ensure that unauthorized persons cannot alter the data.

For example, in the case of confidentiality violations, these measures include file permissions and user access control.

Version control can also be used to prevent changes by authorized users and accidental overwrites from becoming a problem.

In addition, some means must be taken to detect changes in the data resulting from non-human events such as electromagnetic pulses.

Some data may contain checksums. Even cryptography must be backed up with checksums to verify integrity, and redundancy to restore the affected data to its correct state.

Availability

Availability requires strict management of all hardware, immediate repair of hardware as needed, and maintaining a properly functioning operating system environment free of software conflicts.

It is also important to keep up to date with any necessary system upgrades, and equally important to provide adequate communication bandwidth and prevent bottlenecks from occurring.

Redundant, high-availability cluster configurations can mitigate the severe consequences of a sudden failure of one piece of hardware.

In order to prevent data loss and network disconnection, unpredictable events such as natural disasters should be considered, and backup copies should be stored in remote isolated locations, perhaps in a fireproof location, to prevent data loss due to such events.

コメント

タイトルとURLをコピーしました