RITx: Cybersecurity Fundamentals, Unit 1&2 — Course notes

Computing Security Concepts and Problems

Xavier Briand
Feb 5 · 3 min read

Defining Cybersecurity

Cybersecurity is an umbrella term referring to protecting information assets’:

  • Confidentiality (Authentication, authorization, encryption)
  • Integrity (Hashing)
  • Availability (Fault tolerance, load balancing, Anti-DDos)

These are referred as CIA model or triad.

Information assets are any data, devices and processes that supports information-related activities (eg. computing devices and networks, hardware, software, data).

Cybersecurity deals with information in transit, being processed and at rest.

Cybersecurity is achieved through procedures, products and people.

Cybersecurity is a subset of Information Security (InfoSec). InfoSec also deals with information stored physically.

Penetration Testers identify and exploit vulnerabilities.

Insiders are a bigger threat that outsiders.

Vulnerabilities

Any way that a hacker can breach cybersecurity is a vulnerability. A large part of cybersecurity is identifying these vulnerabilities — as well as partnering with others to identify them — so they can be fixed.

The security mindset involves thinking about how things can be made to fail.
— Bruce Schneier,

Bug Bounty Programs reward hackers for finding and fixing security issues.

The weakest link of any cybersecurity system is the Human (Social Engineering).

Personal Security

One way to appreciate the challenges of cybersecurity on an organizational perspective is to examine your personal cybersecurity habits and practices.

2016 DDos (Distributed Denial of Service) attacks that brought down Dyn DNS provider leveraged ~100k hijacked IoT devices via malware.

Attacks [can be] complex, relying on a combination of techniques, including exploitation of software vulnerabilities and improper configuration, malicious software, malware, and social engineering.

Who are the Hackers?

As Sun Tzu wrote, understanding your enemy is critical to success.

Attackers can be outsiders, competition, hacktivists, organized crime, terrorists, governments. They could be insiders, disgruntled employees, customers, suppliers, vendors, business partners, contractors, temps, as well as consultants.

The FBI define the motivation of individuals who commit espionage against the country with the acronym MICE: money, ideology, compromise or coercion, ego or extortion.

Researcher Max Kilger proposed that the motivations for the hacker community can be thought of as MEECES: money, entertainment, ego, cause, entrance to social groups and status.

See Hacking motives from the Australian Institute of Criminology.

Cybersecurity Incidents

AAA Model

  • Authentication — proving you are who you say you are.
    Requires proofs: Something you know (eg. password), something you have (eg. key) and/or something you are (eg. fingerprint), implies lost of anonymity.
    Combining different proofs is called multi-factor authentication (eg. 2FA).
  • Authorization principle of least privilege.
  • Accounting — keeping track of users and what they do.
    Shared credentials negate Accounting benefices.

Security vs. Convenience

Balancing exercise. They can be seen as inversely proportional. Can lead to users circumventing security measures.

Risk, Threat, Threat agents/actors and Vulnerability

A threat agent exploits a vulnerability by carrying out a threat.

Risk cannot be eliminated. It can be mitigated, transferred (eg. insurance, DMZ), accepted.


My journey into Cybersecurity

My experience trailblazing the practice of Cybersecurity

Xavier Briand

Written by

50% solution finder at @ExperiencePoint / 50% endurance cyclist. Will train for food and burn it for adventures.

My journey into Cybersecurity

My experience trailblazing the practice of Cybersecurity

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade