Understanding Asset & Risk model in Cyber security
This story will take you to layers of Assets and models in cyber security and where each elements, process, threats and security of your lies.
Understanding 4 layers of your digital life in terms of security.
What are the digital data/information which if you loose, or gets corrupted, you will have looses. Losses in terms of, Financial, privacy, your reputation, legality, and potential spamming.
Here are some of the example of such potential area are
- Your content
- Your Identity
- Your privacy
- Your Anonymity
- Your files, Accounts, Financial logins, corporate data, Email, Online/offline Activities, locations
And so on.
These are your digital and sometimes non-digital assets or simply Assets which you needs to protect.
To protect, you use various methodology and tools such as
- Login protection
- HTTP Filter
- 2 step verifications and so on.
These are called Securities which you put as gateway to protect your Assets. Securities can be in form of Process, Tools, Functions & so on.
Why you need security? It’s time to understand Threats.
To harm your security, there are multiple tools, methods, functions, and process can be used which can find Vulnerabilities in your assets and their securities.
These threats are
- and many more like, RATS, virus, Regulated encryption, Ransomware, Exploit kits
These are again, could be a piece of email(like phishing), could be tool(Mass surveillance), Can be piece of software(Viruses, Exploit kits) and varies a lot.
These threats depends on Vulnerabilities in your securities and will attack your assets.
And now major question is, who are using threats to find Vulnerabilities in your securities to attack your assets?
May and may not be personal to you or your data but you may be part of their target as whole, for example, dictator government uses Mass surveillance to spy your physical, digital activities using various threats to keep track of its citizen and assets information.
There are various form of these Adversaries, few of them are
- Your Ex-partner
- Cyber criminals
- And many more like Law enforcement, Hacker groups, Oppressive regimes and so on.
So if we visualise all 4 layers of cyber security, you will get following
Red triangles are Vulnerabilities which exists in your security layer from where attackers can penetrate your security and reach your assets.
Most of us know all these and are aware of individual but layering these and setting your position makes it clear where to act on, who can do what and with which tool.