LESSON I: INTRODUCTION OF

INFORMATION SECURITY

PART 1
Goals of Computer Security
Computer security is a branch of information technology known
as information security which is intended to protect computers.
Computer security has three main goals:

•Confidentiality: Making sure people cannot acquire information

they should not (keeping secrets)

•Integrity: Making sure people cannot change information they

should not (protecting data)

•Availability: Making sure people cannot stop the computer from

doing its job.
Computer security involves telling computers what they are not to
do. This makes computer security unique because
most programming makes computers do things. Security takes
much of a computer's power.

Basic computer security methods (in approximate order of strength)

can be:

•Limit access to computers to "safe" users.

•Peripherals that block any "unsafe" activity.

•Firewall and antivirus software.

CIA Triangle
What is the CIA Triad?

The three letters in "CIA triad" stand for Confidentiality, Integrity, and Availability.
The CIA triad is a common model that forms the basis for the development of
security systems. They are used for finding vulnerabilities and methods for creating
solutions.

The confidentiality, integrity, and availability of information is crucial to the

operation of a business, and the CIA triad segments these three ideas into separate
focal points. This differentiation is helpful because it helps guide security teams as
they pinpoint the different ways in which they can address each concern.
Ideally, when all three standards have been met, the security profile of the
organization is stronger and better equipped to handle threat incidents.
Confidentiality

Confidentiality involves the efforts of an organization to make sure data is kept secret or private. To accomplish this, access to information must be
controlled to prevent the unauthorized sharing of data—whether intentional or accidental. A key component of maintaining confidentiality is making
sure that people without proper authorization are prevented from accessing assets important to your business. Conversely, an effective system
also ensures that those who need to have access have the necessary privileges.

For example, those who work with an organization’s finances should be able to access the spreadsheets, bank accounts, and other information
related to the flow of money. However, the vast majority of other employees—and perhaps even certain executives—may not be granted access.
To ensure these policies are followed, stringent restrictions have to be in place to limit who can see what.
There are several ways confidentiality can be compromised. This may involve direct attacks aimed at gaining access to systems the attacker does
not have the rights to see. It can also involve an attacker making a direct attempt to infiltrate an application or database so they can take data or
alter it.

These direct attacks may use techniques such as man-in-the-middle (MITM) attacks, where an attacker positions themselves in the stream of
information to intercept data and then either steal or alter it. Some attackers engage in other types of network spying to gain access to credentials.
In some cases, the attacker will try to gain more system privileges to obtain the next level of clearance.
However, not all violations of confidentiality are intentional. Human error or insufficient security controls may be to blame as well. For example,
someone may fail to protect their password—either to a workstation or to log in to a restricted area. Users may share their credentials with
someone else, or they may allow someone to see their login while they enter it. In other situations, a user may not properly encrypt a
communication, allowing an attacker to intercept their information. Also, a thief may steal hardware, whether an entire computer or a device used
in the login process and use it to access confidential information.

To fight against confidentiality breaches, you can classify and label restricted data, enable access control policies, encrypt data, and use multi-
factor authentication (MFA) systems. It is also advisable to ensure that all in the organization have the training and knowledge they need to
recognize the dangers and avoid them.
Integrity
Integrity involves making sure your data is trustworthy and free from tampering. The integrity of your data is
maintained only if the data is authentic, accurate, and reliable.
For example, if your company provides information about senior managers on your website, this information
needs to have integrity. If it is inaccurate, those visiting the website for information may feel your organization is
not trustworthy. Someone with a vested interest in damaging the reputation of your organization may try to hack
your website and alter the descriptions, photographs, or titles of the executives to hurt their reputation or that of
the company as a whole.

Compromising integrity is often done intentionally. An attacker may bypass an intrusion detection system (IDS),
change file configurations to allow unauthorized access, or alter the logs kept by the system to hide the attack.
Integrity may also be violated by accident. Someone may accidentally enter the wrong code or make another
kind of careless mistake. Also, if the company’s security policies, protections, and procedures are inadequate,
integrity can be violated without any one person in the organization accountable for the blame.

To protect the integrity of your data, you can use hashing, encryption, digital certificates, or digital signatures.
For websites, you can employ trustworthy certificate authorities (CAs) that verify the authenticity of your website
so visitors know they are getting the site they intended to visit.

A method for verifying integrity is non-repudiation, which refers to when something cannot be repudiated or
denied. For example, if employees in your company use digital signatures when sending emails, the fact that
the email came from them cannot be denied. Also, the recipient cannot deny that they received the email from
the sender.
Availability
Even if data is kept confidential and its integrity maintained, it is often useless unless it is available to those
in the organization and the customers they serve. This means that systems, networks, and applications must
be functioning as they should and when they should. Also, individuals with access to specific information
must be able to consume it when they need to, and getting to the data should not take an inordinate amount
of time.

If, for example, there is a power outage and there is no disaster recovery system in place to help users
regain access to critical systems, availability will be compromised. Also, a natural disaster like a flood or
even a severe snowstorm may prevent users from getting to the office, which can interrupt the availability of
their workstations and other devices that provide business-critical information or applications. Availability can
also be compromised through deliberate acts of sabotage, such as the use of denial-of-service (DoS)
attacks or ransomware.

To ensure availability, organizations can use redundant networks, servers, and applications. These can be
programmed to become available when the primary system has been disrupted or broken. You can also
enhance availability by staying on top of upgrades to software packages and security systems. In this way,
you make it less likely for an application to malfunction or for a relatively new threat to infiltrate your system.
Backups and full disaster recovery plans also help a company regain availability soon after a negative event.
Why Should You Use the CIA Triad?

The CIA triad provides a simple yet comprehensive high-level checklist for the
evaluation of your security procedures and tools. An effective system satisfies
all three components: confidentiality, integrity, and availability. An information
security system that is lacking in one of the three aspects of the CIA triad is
insufficient.

The CIA security triad is also valuable in assessing what went wrong—and
what worked—after a negative incident. For example, perhaps availability was
compromised after a malware attack such as ransomware, but the systems in
place were still able to maintain the confidentiality of important information.
This data can be used to address weak points and replicate successful
policies and implementations.
When Should You Use the CIA Triad?

You should use the CIA triad in the majority of security situations, particularly
because each component is critical. However, it is particularly helpful when
developing systems around data classification and managing permissions and
access privileges. You should also stringently employ the CIA triad when
addressing the cyber vulnerabilities of your organization. It can be a powerful
tool in disrupting the Cyber Kill Chain, which refers to the process of targeting
and executing a cyberattack. The CIA security triad can help you hone in on
what attackers may be after and then implement policies and tools to
adequately protect those assets.

In addition, the CIA triad can be used when training employees regarding
cybersecurity. You can use hypothetical scenarios or real-life case studies to
help employees think in terms of the maintenance of confidentiality, integrity,
and availability of information and systems.
Identifying the Assets, Threats, Vulnerabilities
 The Difference Between Threat, Vulnerability, and Risk,
and Why You Need to Know

Cyberattacks are growing rampantly in complexity and number, and criminals are now more
cunning and daring than ever. In a nutshell:

•The average cost of data breaches is increasing every year. In 2022, businesses lost $4.35
million, $0.11 million more than in 2021, and 12.7% higher than in 2020.

•Data breaches are at a historic high, with approximately 15 million records exposed during 2022's
third quarter.

•Companies lost over $3 billion in 2021 to decentralized finance (DeFi) thefts.

•The DDoS Intelligence system by Kaspersky noted a whopping 57,116 DDoS attacks during
2022's third quarter.

Such alarming trends have forced companies across the globe to reevaluate their cybersecurity
postures and implement decisive approaches. But while strategies vary, enhancing network
security begins with understanding safety and security terminologies.
Words Matt
Risk Vs. Threat Vs. Vulnerability

So what do "threat," "vulnerability," and "risk" entail?

In essence, risk refers to the potential for destruction, damage, or loss of

data or assets, resulting from a cyber-threat. On the other hand, a threat is
what magnifies the chances of an adverse event, like a threat actor
exploiting a vulnerability inside your system.

Finally, a vulnerability is simply a weakness in your applications, networks,

or infrastructure that exposes your data and assets to threats.

Let's review each of these terms in detail.

What are threats?

If you're trying to protect an asset, then you'll be shielding it from a threat. The
term refers to anything that can accidentally or intentionally exploit a vulnerability
and damage, destroy, or obtain an asset.

Online, your company website and data are the assets. A hacker and their tools
(like malicious code) would be a cyber threat. The criminal can install the code
on your site, which can infiltrate your platform and shut it down or install viruses.

The main types of cyber threats are intentional, unintentional, or natural.

•Intentional threats: Things like malware, ransomware, phishing, malicious

code, and wrongfully accessing user login credentials are all examples of
intentional threats. They are activities or methods bad actors use to compromise
a security or software system.
•Unintentional threats: Unintentional threats are often attributed to human
error. For example, let’s say you forgot to lock the back door before leaving for
work. While you’re at the office, a thief seizes the opportunity to sneak into
your home and steal your valuables. Even though you didn’t mean to leave the
door unlocked, the thief took advantage of your home’s vulnerability. In the
cybersecurity industry, someone might leave the door to the IT servers
unlocked or leave sensitive information unmonitored. An employee could
forget to update their firewall or anti-virus software. Current and even former
employees may also have unnecessary access to sensitive data, or simply be
unaware of the threats. (Which is why employee training is so important.)

•Natural threats: While acts of nature (floods, hurricanes, tornadoes,

earthquakes, etc.) aren’t typically associated with cybersecurity, they are
unpredictable and have the potential to damage your assets.
HOW TO STAY AHEAD OF CYBERSECURITY THREATS

Awareness is the best way to prepare for threats. You must stay
current on data breaches, cyberattacks, and the methods hackers
use to accomplish them. The most common hazards include
malware, MitM (man-in-the-middle), DDoS (distributed denial-of-
service), SQL injection, and phishing.

To protect yourself from cyber threats, continuously monitor all

data environments and use two-factor authentication. You should
also teach your employees how to recognize phishing attempts
and other tactics cyber criminals use to trick people into helping
them gain access to sensitive data.
What is vulnerability?

Vulnerability refers to a weakness in your hardware, software, or procedures. It’s a gap

through which a bad actor can gain access to your assets. In other words, threats exploit
vulnerabilities.

Take Kaseya. The FBI described the incident as “a vulnerability in Kaseya VSA software
against multiple managed service providers (MSPs) and their customers.” Huntress, a
cybersecurity firm, tracked 30 MSPs involved in the breach and concluded that the attack
was due to an authentication bypass vulnerability in Kaseya’s VSA web interface. It allowed
attackers to work around authentication controls and upload malware.

You should know that small to medium-sized businesses tend to be more vulnerable to
attacks. That’s because few can afford a dedicated IT/security department, making it less
likely that there are security procedures in place. (That said, cyber attacks affect companies
of all sizes.) Companies should be aware of their threats and vulnerabilities in order to
identify and respond to all of the risks. To determine the best way to approach a specific
threat, perform regular threat assessments. Or try penetration testing, which recreates real-
world threats to discover vulnerabilities.
How to fix cybersecurity loopholes.

Proactive vulnerability management is the key to sealing

website susceptibilities. Therefore, you should consider
vulnerability management software for regular scans and
assessments. Moreover, you must align your cybersecurity
policy with ISO 27001 standards, implement strict access
control, and create a robust contingency plan.
What does risk mean?

This is where vulnerabilities and threats intersect. At its core, risk refers to the
possible implication of the damage or loss of business assets and data.

While it's impossible to eliminate risk in its entirety, you can manage it to a level that
aligns with your company's tolerance. So don't aim to achieve a risk-free system,
but one with the lowest risk possible.
Notably, cyber risk is a function of threats leveraging system vulnerabilities to
access and compromise or steal assets. It's best summed up with this formula:

Risk = Threat + Vulnerability

Understanding these distinct concepts can help you determine your website's
overall safety. Of course, like cyber criminals, threats exist. But you'll have the
lowest risk when you don't have vulnerabilities.
How to manage your cybersecurity risk

Considering the impossibility of

eliminating cyber threats, risk
management can be the most effective
approach to enhancing your cybersecurity
posture. This is an ongoing routine
practice where experts review your risk
environment to minimize the likelihood of
specific threats.
Cybersecurity Doesn't Have to Be Complicated
A robust security strategy is your only way of navigating the treacherous cybersecurity landscape.
Organizations must heed the above recommendations to ward off threats, seal vulnerabilities, and
reduce cyber risks.

But creating an effective plan that can seal all the loopholes and fight back threat actors is easier said
and done.

A comprehensive program requires lots of resources and effort. But however daunting it may seem, the
legal, financial, and reputational implications of cyberattacks outweigh these costs by far. Thus, you
cannot afford to compromise.

Savvy organizations, especially SMEs, are overcoming the hurdles by partnering with reputable
cybersecurity experts instead of relying on on-premise solutions. This can be a valuable decision, as it
can help you:
•Boost your security cost-effectively
•Gain insights from industry experts
•Monitor your systems in real-time and conduct instant analysis
•Save time to focus on core business
•Leverage a proactive approach that focuses on prevention than cure
•Heed cybersecurity standards and compliance requirements
User Authentication
What Is User Authentication and How Does It Work?

The human-to-computer interactions on networks can either prevent or allow

cyberattacks. To secure your web application, some measures are required to recognize
and grant access to only authorized users. We refer to this process where the
application identifies the user as user authentication.

User authentication is a security process that prevents unauthorized users from

accessing your device or network. It's a login procedure where an application requests
personalized passwords to give you authorized access to it. If a user lacks the proper
login rights to the network, their authentication fails.

User authentication operates on advanced technology. A hacker trying to force their

way into the secured network would have to go high and above to bypass it. If there
are other cybersecurity measures such as intrusion detection systems on the network,
the attacker will be detected before they gain access.
Why Is User Authentication Important?

Targeting unsuspecting victims is the day job of cybercriminals. As an active online user,
protecting your devices against unauthorized access is necessary to stay safe.

From shopping online to e-learning and connecting with peers, you leave digital
footprints that hackers can trace and manipulate to compromise your device.

User authentication is effective in reducing cyber threats to the barest minimum. The
antics of attackers only hold water if they get into your network. The authentication is
like a barricade that locks them out.As long as it's strong, they can't pull it down.

User authentication enforces confidentiality, establishes trust, and guarantees privacy.

Visitors to your network will be willing to spend a minute or two on the
authentication process along as it secures them from attacks.
How Does User Authentication Work?

From providing passcodes to presenting identification cards, user authentication ensures that the
network or application access doesn't fall into the wrong person's hands. But how exactly does this
work?

The first step is to input your login credentials on a login page or username and password bar.

The next step is to authenticate your login information. The authentication process starts when the
server you are trying to access decrypts the personalized information it receives. This information is then
compared with the credentials you have successfully keyed and stored in the database.

Finally, the computer either approves or declines the authentication request you made.

With user authentication, information inputted in the computer for verification is either approved or
declined. In cases where the computer declines your request, it shows that you have either entered
incorrect information or forgotten your passcode combination.
How to Improve User Authentication

There's confidence in knowing that intruders can't access your network without your permission. You may not be physically
present to grant or deny them access, but you can do that by implementing user authentication.

Let's look at some ways to make that happen.

1. Create Strong Passwords

Passwords play a significant role in cybersecurity. They are the keys to your accounts. Without the proper passwords, you lose the
right to access your accounts.

Is the data in your network valuable? If the answer is yes, you can't afford to use weak passwords. Doing that is a prerequisite for
disaster.When hackers come knowing, they'll easily make their way in.

Although hackers have devised ways to beat network passwords with techniques such as brute force to guess the correct
passwords, stronger passwords are a hard nut to crack.They have to try harder.

Effective passwords come in different forms. For example, a good password is a mix of alphabets with a minimum of 8 characters
and a maximum of 12 characters in length. Keep it moderate.

Make your password even more robust with a combination of numbers, upper and lower case alphabets, and symbols. Your
password shouldn't be rigid, as they are often easy to predict.

Avoid the repetition of passwords on multiple platforms. Create a strong and unique password for every account. If one account
is compromised, it has nothing on the others with different passwords.
2. Use a Passcode Manager
Managing the passwords of multiple accounts isn't always easy. As humans, we
tend to forget them or expose them to the wrong people. Adopting a password
manager is your best bet in this case.

A password manager serves as a secure briefcase that keeps track of all your
passwords and those of your team. You don't have to worry about recalling your
passwords, as the manager does that for you when needed.

Among all the passcodes in the password manager, there's a primary password that the
password manager can't retrieve, and that's the master password. It's a security measure
to mitigate damages just in case cybercriminals get a hold of your password manager.

Although you'll find free password managers out there, they don't always have the best
security features. The most effective password managers are those readily available for a
fee.They offer several advanced features to enhance password security.
3. Use Multi-Layer Authentication
Multifactor authentication provides an additional layer of protection for you and your team. It
ensures that all social and official accounts are secure as users have to go through more
verification to come in.

One stand-out feature of multifactor authentication is that, apart from using your passcodes, it
also requires that you use biometrics such as the fingerprint or the much-advanced eye or
facial scan to grant access to verified requests.

Complement User Authentication for Best Results

Your digital presence is interconnected from personal computers to smartphones and social media
accounts.A breach on one account can be a breach on all accounts without strong security.

Cyberattackers are hell-bent on hacking systems at all costs. A single security resistance makes their
job a lot easier. Yes, user authentication is effective, but complement it with multiple defenses to get the
most of your cybersecurity. Whoever is trying to break into your network will get tired when they
have to jump too many hurdles.
System Access Control
What is System Access Control?

System access control is a security technique that regulates

who or what can view or use resources in a computing
environment. It is a fundamental concept in security that
minimizes risk to the business or organization.

There are two types of system access control: physical and

logical. Physical access control limits access to campuses,
buildings, rooms and physical IT assets. Logical access control
limits connections to computer networks, system files and data.
How is access to IT systems and data controlled?

Over time the ways in which IT systems can be accessed has grown, and the job of
securing those system and their data has become increasingly more complex. High-
profile breaches have spawned a host of compliance regulations that further expanded
the ways – and thus the complexities - in which organizations needed to secure their
systems and protect sensitive data.

Access control systems perform identification authentication and authorization of users

and entities by:

•Strengthening logon security through multi-factor authentication

•Restricting user privilege through elevated authority management solutions

•Granting requests for access to systems and data based on the identity of the user and
the context of the request.

A complete system access control solution requires a layered defense to protect access
control systems.
How is system access control performed?

System access control solutions determine how users are allowed

to interact with specific systems and resources. A robust system
access control regime gives an organization the ability to manage,
restrict, and monitor user activity while protecting sensitive systems
and data.

A robust system access control solution will intercept every request

for access through network protocols, open source database
protocols, communications ports, SQL statement, command lines
and more, determine whether to grant or deny the request based
on precise rules, and log both accepted and rejected access
attempts.