CIST 1601 Chapter 1
What makes an appropriate countermeasure?
- Provides a security solution to an identified problem - Dependent on secrecy - Is testable and verifiable - Provides uniform and consistent protection for all assets and users - Is independent of other safeguards. - Requires minimal human intervention. - Is tamper-proof. - Has overrides and fail-safe defaults.
Sophisticated Attacks
- Use common internet tools and protocols, making it difficult to distinguish an attack from legitimate traffic. - Vary their behavior, making the same attack appear differently each time.
Types of Threat Agents
1. Employee (Internal Threats) 2. Spy 3. Hacker
Types of Security Components
1. Physical Security 2. Users and Administrators 3. Policies
Seven Layers of Layered Security
1. Policies, Procedures, and Awareness 2. Physical 3. Perimeter 4. Network 5. Host 6. Application 7. Data
Types of Hackers
1. Script Kiddies 2. Cybercriminals 3. Cyber Terrorists
Type of Security Challenges
1. Sophisticated Attacks 2. Proliferation of Attack Software 3. Attack Scale and Velocity
Vulnerability
A flaw or weakness that allows a threat agent to bypass security.
Application
A layer of security that includes authentication and authorization, user management, group policies, and web application security
Physical
A layer of security that includes fences, locked doors, cameras, server cages, and environmental controls
Perimeter
A layer of security that includes firewalls using ACLs and securing the wireless network
Host
A layer of security that includes log management, OS hardening, patch implementation, patch management, auditing, anti-malware, and password attack prevention on each workstation, laptop, and mobile device
Network
A layer of security that includes the installation and configuration of switches and routers; implementation of VLANs; penetration testing; and virtualization use
Policies, Procedures, and Awareness
A layer of security that includes user education, manageable network plans, and employee onboarding and off-boarding processes.
Layered Security
A security approach that combines multiple security controls and defenses to create a cumulative effect.
Layered Security Model
A security approach that defines seven layers of security.
Physical Security
All the hardware and software needed to secure data such as firewalls and antivirus software
Exploit
An act, procedure, or piece of software that takes advantage of a vulnerability to carry out an action
Countermeasure
An action that is taken to mitigate a potential attack
Hacker
Any threat agent that uses their technical knowledge to bypass security mechanisms to exploit a vulnerability to access information.
Threat
Anything that has the potential to cause the loss of data or an asset
Proliferation of Attack Software
Attack tools have become widespread online. Anyone with moderate knowledge of technology can download tools and run an attack
Spy
Can be employed in corporate espionage to obtain information about competitors for commercial purposes - A spy can apply for a commercial competitor and then exploits internal vulnerabilities to steal information. - A spy can attack an organization from outside by exploiting external vulnerabilities
Availability
Ensures that a system is up so that data is accessible when needed
Confidentiality
Ensures that data is not disclosed to unintended people
Integrity
Ensures that data is not modified or tampered with
Cyber Terrorists
Hacker generally carry out terrorist activities, such as network-dependent institutions
Script Kiddies
Hacker who download and run attacks available on the internet, but generally aren't savvy enough to create their own attack code or script
Cybercriminals
Hacker who usually seek to exploit security vulnerabilities from some kind of financial reward or revenge
Non-Repudiation
Provides validation of a message's origin.
Asset
Something that has value to an individual or an organization
Data
Storing data properly, destroying data, classifying data, cryptography, and data transmission security
Security
The degree of protection against criminal activity, danger, damage, and/or loss
Threat Agent
The person or entity that attempts or carries out a threat
Attack Scale and Velocity
The speed at which an attack can spread from machine to machine has increased. Now a million computers can be attacked in minutes
How is an Employee a possible Threat Agent?
They have access to a lot of information assets and can: - Become disgruntled with an employer - Be bribed by a competitor - Be an unintentional participant in to an attack - Accidentally delete or cause data corruption
User Education
Used to educate employees on policies, procedures, how to identify potential attacks, etc as a way to ensure that an employee's actions don't compromise a network's security
