Learn cybersecurity fundamentals, including how to detect threats, protect systems and networks, and anticipate…
Cybersecurity is an umbrella term referring to protecting information assets’:
- Confidentiality (Authentication, authorization, encryption)
- Integrity (Hashing)
- Availability (Fault tolerance, load balancing, Anti-DDos)
These are referred as CIA model or triad.
Information assets are any data, devices and processes that supports information-related activities (eg. computing devices and networks, hardware, software, data).
Cybersecurity deals with information in transit, being processed and at rest.
Cybersecurity is achieved through procedures, products and people.
Cybersecurity is a subset of Information Security (InfoSec). InfoSec also deals with information stored physically.
Penetration Testers identify and exploit vulnerabilities.
Insiders are a bigger threat that outsiders.
Any way that a hacker can breach cybersecurity is a vulnerability. A large part of cybersecurity is identifying these vulnerabilities — as well as partnering with others to identify them — so they can be fixed.
The security mindset involves thinking about how things can be made to fail.
— Bruce Schneier,
Bug Bounty Programs reward hackers for finding and fixing security issues.
The weakest link of any cybersecurity system is the Human (Social Engineering).
One way to appreciate the challenges of cybersecurity on an organizational perspective is to examine your personal cybersecurity habits and practices.
2016 DDos (Distributed Denial of Service) attacks that brought down Dyn DNS provider leveraged ~100k hijacked IoT devices via malware.
Attacks [can be] complex, relying on a combination of techniques, including exploitation of software vulnerabilities and improper configuration, malicious software, malware, and social engineering.
Who are the Hackers?
As Sun Tzu wrote, understanding your enemy is critical to success.
Attackers can be outsiders, competition, hacktivists, organized crime, terrorists, governments. They could be insiders, disgruntled employees, customers, suppliers, vendors, business partners, contractors, temps, as well as consultants.
The FBI define the motivation of individuals who commit espionage against the country with the acronym MICE: money, ideology, compromise or coercion, ego or extortion.
See Hacking motives from the Australian Institute of Criminology.
World's Biggest Data Breaches & Hacks - Information is Beautiful
Data visualization of the world biggest data breaches, leaks and hacks. Constantly updated. Powered by VizSweet.
- Authentication — proving you are who you say you are.
Requires proofs: Something you know (eg. password), something you have (eg. key) and/or something you are (eg. fingerprint), implies lost of anonymity.
Combining different proofs is called multi-factor authentication (eg. 2FA).
- Authorization — principle of least privilege.
- Accounting — keeping track of users and what they do.
Shared credentials negate Accounting benefices.
10 Reasons Why Biometrics Won't Replace Passwords Anytime Soon - Dashlane Blog
A few weeks ago, our weekly featured a brand-new discovery: " Lip Motion Passwords" could be the future of biometric…
NIST Denounces SMS 2FA - What are the Alternatives? | SecurityWeek.Com
Towards the end of July 2016, the National Institute of Standards and Technology (NIST) started the process of…
Security vs. Convenience
Balancing exercise. They can be seen as inversely proportional. Can lead to users circumventing security measures.
Risk, Threat, Threat agents/actors and Vulnerability
A threat agent exploits a vulnerability by carrying out a threat.
Risk cannot be eliminated. It can be mitigated, transferred (eg. insurance, DMZ), accepted.