021.1 Lesson 1
Certificate: |
Security Essentials |
---|---|
Version: |
1.0 |
Topic: |
021 Security Concepts |
Objective: |
021.1 Goals, Roles and Actors |
Lesson: |
1 of 1 |
Introduction
Over the past few decades, internet technologies have significantly changed the ways society interacts and the ways basic needs and desires are met. While basic human needs — whether physical, psychological, emotional, or intellectual — have remained the same, the rise of the internet has forever changed the methods by which these needs are met. The internet simulates the physical world, creating a virtual space in which many real-world activities can take place through digital means.
For example, shopping that traditionally required a physical visit to a store can now be done online through websites and apps that replicate the shopping experience. Consumers can browse items, use digital coupons, and make purchases — all from the comfort of their own homes. While this shift has brought unprecedented convenience and efficiency, it has also introduced new risks. Unlike twenty years ago, when shopping was primarily done in person, today’s consumers must be aware of the potential risks associated with digital transactions.
With this increased reliance on digital platforms comes a critical need for robust digital security. As online transactions and data storage become commonplace, protecting personal information and financial data from cyber threats becomes essential. Ensuring information security is now a fundamental part of modern life, necessitated by the conveniences provided by digital technology.
The Importance of IT Security
Information technology (IT) security is essential for protecting data from unauthorized access, use, and distribution. It ensures that sensitive information — whether personal, financial, or proprietary — remains confidential and secure as it is stored, used, and shared among legitimate users. The primary purpose of IT security is to protect the individuals and entities that this information represents, preventing harm that could result from unauthorized disclosure or misuse.
IT security safeguards a wide range of data, from public information like maps and manuals to highly sensitive records such as private health details and confidential financial documents. While the unauthorized access of public data might not pose a direct threat, the compromise of sensitive information can lead to severe consequences, including identity theft, financial losses, and reputational damage. Therefore, IT security measures are prioritized for protecting such critical data.
Moreover, as internet technologies have expanded, so have the opportunities for cyber-attacks, making IT security increasingly vital. The internet connects millions of devices worldwide, increasing the scope of potential damage from security breaches. As a result, robust IT security practices are necessary to protect against these threats, ensuring the safety and integrity of data on a large scale. By doing so, IT security protects not only the technology and systems in place, but also the people and their associated data, from potential harm and exploitation.
Understanding Common Security Goals
The range of information security goals is as varied and diverse as the individuals and entities responsible for the data being protected. Many specific goals and methodologies will be addressed in detail in subsequent sections. To properly lay a solid foundation, it is prudent to start with the basics accepted by many information security professionals. To accomplish this understanding, we’ll address three core goals of information technology security.
The CIA Triad
The three core goals of information security are confidentiality, integrity, and availability, commonly referred to by information security professionals as the CIA triad, where the CIA designation stems from the first three letters of the core goals (Confidentiality, integrity, and availability constitute the core goals of IT security).
Confidentiality focuses on safeguarding information from unauthorized access and disclosure, ensuring that data remains private and is accessible only to those who are properly authorized. In technology networks, maintaining confidentiality is essential because it preserves the trust between users and the systems they engage with, preventing sensitive information from being exposed or misused.
This principle is based on the assumption that all information passing through or stored within a network is meant for specific individuals and purposes. Unauthorized disclosure of this information can result in significant harm to both organizations and individuals. For example, the unauthorized release of trade secrets can lead to financial losses and compromise a company’s competitive advantage, while the exposure of personal information can result in identity theft and serious privacy violations.
Organizations protect confidentiality using several strategies, including encryption, access control, and network security measures.
The concept of integrity is the second core security goal in the triad of information security principles. Integrity ensures that all information within a network, or passing through it, remains unchanged unless modifications are authorized by the appropriate individuals. This principle is based on the assumption that the data’s accuracy and consistency are maintained throughout its lifecycle, allowing for trust in the authenticity of information. When unauthorized individuals gain access and alter data without permission, it compromises the data’s integrity and removes trust in its authenticity, potentially causing significant harm.
Integrity can be thought of as “trust.” In a world where nothing written or communicated could be trusted or verified, chaos would ensue, and entire systems could fail. The digital space employs security tools and methodologies to verify the validity of information and the identities of those involved in data exchanges. Ensuring the integrity of information creates a foundation for non-repudiation, which means the sender cannot deny their involvement in a transaction. Non-repudiation is essential for maintaining truth and accountability in digital networks by confirming that once actions are taken, they cannot be denied.
Achieving non-repudiation involves specific methods that guarantee the authenticity and integrity of actions. Digital signatures are a common tool that uniquely identifies the sender and confirms that the content has not been tampered with, ensuring the sender cannot deny sending the information.
The goal of integrity goes beyond just non-repudiation; it encompasses maintaining the accuracy, consistency, and reliability of data. This is vital for ensuring that data remains unaltered from its original state, allowing for accurate decision-making based on trustworthy information.
The concept of availability is the third core security goal in the triad of information security principles. Availability ensures that all information within a network or passing through it is accessible to authorized users whenever needed. This principle is based on the assumption that users and systems must be able to retrieve information in a timely manner, particularly when it is critical or time-sensitive. If a network is compromised and requested information becomes unavailable, both the entity and its users cannot function efficiently, potentially leading to operational disruptions and loss of productivity.
Availability guarantees that authorized users have reliable access to information and resources as needed, which is essential for maintaining business continuity and ensuring that critical services and operations are not disrupted. To achieve this, several key strategies are employed, such as redundancy and failover mechanisms.
Understanding Common Roles in Security
Contrary to popular belief, not all roles and responsibilities associated with information security are purely technological. This section will briefly examine four of the most popular roles associated with information security: the Chief Information Officer, the Chief Information Security Officer, the Enterprise Architect, and the Network or System Administrator.
The Chief Information Officer (CIO) resides in the “C-Suite” (executive offices) of the organization and is responsible for all aspects of technology in the organization. In smaller companies, this role may also include administrative and physical security responsibilities. This individual is responsible for budgeting, requisition, and implementation of any assets under their control that serve a technology function.
The Chief Information Security Officer (CISO) is a senior executive responsible for the organization’s overall information security strategy. This role includes developing policies and procedures, ensuring compliance with regulations, and leading the organization’s efforts to protect against cyber threats. The CISO plays a critical role in aligning security initiatives with business objectives and communicating the importance of security to the executive board and stakeholders. The CISO role is staffed by individuals with a solid foundation of knowledge in both the company’s business and the technology sector. Proficient in the languages of business and technology, they are expected to be a “bridge” between the upper echelon of corporate management and the leaders of technology initiatives. The position is relatively new and has enjoyed limited success. Only time will tell whether this position remains within the organization chart.
The Enterprise Architect typically answers directly to the CIO and has responsibility over the entity’s physical and logical information technology system. This person tends to have a great amount of technical expertise (especially in network administration) and designs the entity’s network to provide the necessary security requirements.
The Network System Administrators design, implement, and maintain the technical security controls that protect an organization’s IT infrastructure. They are responsible for deploying firewalls, intrusion detection systems (IDS), and encryption protocols. They also develop automation scripts to streamline security processes and ensure that systems are resilient against attacks.
In parallel with the many roles that exist within the legitimate ranks of technology professionals, there are many roles and titles assumed by those with illegitimate intentions. Collectively, they are known by the world as hackers. However, this umbrella term contains numerous subsets of hackers who operate with a diverse range of skills and intentions.
Hackers are individuals with advanced knowledge of computer systems and networks. While the public perception of hackers is often negative, not all hackers have malicious intentions. There are different types of hackers, primarily divided into black hat and white hat hackers.
Black hat hackers use their technical skills to exploit vulnerabilities for malicious purposes, such as stealing data, disrupting services, or damaging systems. They operate outside the boundaries of the law, motivated by financial gain, political objectives, or personal satisfaction. Techniques used by black hat hackers include malware deployment, phishing, and social engineering to manipulate people into revealing confidential information.
Conversely, white hat hackers, also known as ethical hackers, employ their skills to help organizations identify and fix security vulnerabilities. White hat hackers are often employed by companies or work as independent consultants to conduct penetration testing and vulnerability assessments. Unlike black hats, white hat hackers adhere to a strict code of ethics, working within legal frameworks to strengthen an organization’s security posture and defend against potential threats.
On the other hand, crackers are individuals who engage in illegal activities such as breaking into systems, bypassing passwords, and circumventing software licenses, with the intent to cause harm, steal information, or disrupt services. Crackers are considered more malicious than ethical hackers, as their actions are driven purely by the intent to exploit systems and cause damage without any regard for legality or ethics.
Script kiddies represent a different category within the hacking community, characterized by their lack of expertise and reliance on pre-written scripts and tools to conduct cyber attacks. Unlike skilled hackers, script kiddies do not fully understand the tools they use, nor do they typically have the technical ability to develop their own. Instead, they employ readily available, often outdated, scripts found online to target less secure systems. Their motivation often stems from a desire to cause disruption or gain notoriety rather than financial gain or political objectives. Despite their lack of skill, script kiddies can still pose a significant threat to information security, as their use of automated tools can result in considerable damage, especially when targeting poorly secured systems.
Understanding Common Goals of Attacks Against IT Systems and Devices
As computing devices become more integral to society, the tactics and motives of cyber attackers evolve alongside technological advances. Every new device or technology that gains widespread adoption becomes a potential target for exploitation, as malicious actors seek to misuse these tools against legitimate users. The sophistication of these attacks can vary greatly, from highly advanced technical operations requiring specialized skills to more straightforward schemes relying on basic computer literacy and collaboration with other malicious actors.
A common goal of cyber attackers is accessing, manipulating, or deleting data. Unauthorized access allows attackers to steal sensitive information such as intellectual property, financial records, or personal data. This data can then be used for financial gain, blackmail, or sold to competitors. Data manipulation involves altering information to disrupt operations, undermine trust, or manipulate outcomes in critical sectors like financial markets or elections. Deleting important data can significantly impair an organization’s operations, causing financial loss and operational downtime. A prime example is the 2014 cyberattack on Sony Pictures, where attackers accessed and publicly released confidential data, manipulated employee records, and deleted valuable information to create chaos and demand a ransom.
Another primary objective for cyber attackers is interrupting services and extorting ransom. This can be achieved through methods like Distributed Denial of Service (DDoS) attacks, which flood a target’s network with excessive traffic, rendering services unavailable to legitimate users. These attacks are often used to extort ransom or cause reputational damage to the victim. Ransomware attacks involve encrypting critical data or systems and demanding payment to restore access, directly extorting victims who cannot afford prolonged downtime. The 2017 WannaCry ransomware attack is a notable example, disrupting services across numerous organizations worldwide by encrypting data and demanding ransom payments.
Industrial espionage is another significant goal of cyber attackers, particularly those looking to steal valuable trade secrets or proprietary information from businesses. These attacks are often perpetrated by competitors or nation-states seeking economic advantage. Goals of industrial espionage include stealing trade secrets to replicate a competitor’s success, undermining a company’s market position by accessing sensitive information, and sabotaging operations, supply chains, or manufacturing processes to cause financial loss and damage reputations. A prominent example of industrial espionage is the 2010 Operation Aurora, where attackers targeted major companies like Google and Adobe to steal intellectual property and sensitive information.
Understanding the Concept of Attribution
The concept of attribution is essential in digital environments and is a key responsibility for information security professionals. In simple terms, attribution involves identifying and assigning responsibility to individuals for their actions in the virtual space. This lesson introduces the concept briefly, because it will be explored in various contexts throughout the course. The application and importance of attribution may differ depending on the specific area, such as data protection, encryption, network hardware, or database management, and these variations will be discussed in detail later on.
Understanding who is responsible for any action taken within a network — whether it involves modifying documents or deleting stored records — is crucial for maintaining a robust security posture. Attribution not only strengthens security measures but also enforces accountability. It becomes challenging for a user to deny their actions in a technological environment when there are multiple logging systems, specialized software, and internet protocols in place that clearly track and record these activities.
Attribution establishes a framework of accountability, but it is not solely focused on identifying misconduct. It is equally used to acknowledge and verify positive actions within the digital space.
In the physical world, the principle of attribution is experienced regularly by everyone, both technical and non-technical users. For instance, when an author is credited for writing a book or an article, they receive attribution. Similarly, when individuals are named as award recipients, they are receiving attribution for their achievements. Even when an author cites a quote, attribution is at play. Think of attribution as a “fingerprint of responsibility,” a fundamental aspect of information security that will recur throughout your security career.
However, in the digital realm, achieving accurate attribution is a complex task that poses numerous challenges for security professionals. Technology enables malicious actors to disguise their identities, hide their physical locations, and obscure their true intentions. Despite these challenges, there are software and hardware solutions designed to help security teams determine attribution in digital environments, much like the tools law enforcement uses to identify and investigate counterfeit currency. Despite the knowledge, expertise, and tools available to attribute crimes to their perpetrators, skilled criminals often find ways to succeed. The same complexities and challenges of attribution in the physical world also apply to the digital landscape.
Guided Exercises
-
Why is IT security crucial in the context of digital transactions and data storage?
-
What are the three core goals of information security, and why are they important?
-
What is the role of a Chief Information Security Officer (CISO), and why is it important in an organization?
Explorational Exercises
-
Why are many attacks on digital information resources successful?
-
Is there a legitimate reason to post a hacking tool online that can be used by script kiddies to carry out disruptive and malicious attacks?
Summary
Information technology, which has extended the reach and power of so many people in positive ways, also extends the reach and power of malicious actors. To protect people’s safety and rights nowadays, we all need to be aware of malicious activities and take steps to prevent or recover from them.
The goals of information security fall into the general categories of confidentiality, integrity, and availability. They are all important to the functioning of modern organizations. One key aspect of integrity is attributing actions to the correct people. All three goals require support on administrative, technical, and physical levels.
There are many security positions in the job market, and many types of attackers as well. Most black hat hackers are driven by financial goals, but some are motivated by government initiatives, ideological stances, or just the pleasure of creating disruption.
Answers to Guided Exercises
-
Why is IT security crucial in the context of digital transactions and data storage?
IT security is crucial in the context of digital transactions and data storage because it protects sensitive information from unauthorized access, misuse, and distribution. With the rise of internet technologies, many activities that were traditionally done in person, like shopping, are now conducted online. This shift has increased the amount of personal and financial data being stored and transmitted over the internet, making it essential to protect this data from cyber threats. Effective IT security measures ensure that data remains confidential, maintains its integrity, and is available to authorized users, thereby preventing identity theft, financial loss, and reputational damage.
-
What are the three core goals of information security, and why are they important?
The three core goals of information security, known as the CIA triad, are Confidentiality, Integrity, and Availability. Confidentiality ensures that sensitive information is accessible only to those who are authorized to view it, protecting it from unauthorized access and disclosure. Integrity ensures that data remains accurate and unaltered, except by authorized users, which is essential for maintaining trust in information. Availability ensures that authorized users have timely access to information and resources when needed, which is crucial for maintaining business continuity and operational efficiency. Together, these goals help protect data from breaches, maintain trust in digital interactions, and ensure the reliability of IT systems.
-
What is the role of a Chief Information Security Officer (CISO), and why is it important in an organization?
The role of a Chief Information Security Officer (CISO) is to oversee and manage an organization’s overall information security strategy. The CISO is responsible for developing and implementing security policies and procedures, ensuring compliance with relevant regulations, and leading efforts to protect the organization from cyber threats. This role is important because it aligns security initiatives with business objectives, communicates the importance of cybersecurity to stakeholders, and ensures that the organization is prepared to respond to and recover from potential security incidents. By managing the security posture of the organization, the CISO helps protect its digital assets, maintain its reputation, and support its overall operational success.
Answers to Explorational Exercises
-
Why are many attacks on digital information resources successful?
There are many reasons for the success of attacks. First, because attacks over the internet are low-cost relative to physical attacks and often very lucrative, an increasing number of malicious actors are taking up the field and are always seeking new ways to bypass defenses.
Unfortunately, the cost and reputational damage caused by an attack is often less than the cost of preventing it (although ransomware changes the equation by imposing huge damage and costs). This lack of incentive to protect resources, along with a scarcity of expert security personnel, lead many organizations to underinvest in protection.
Phishing (scam email messages) make it possible to enter a network through a relatively undertrained and unaware employee.
-
Is there a legitimate reason to post a hacking tool online that can be used by script kiddies to carry out disruptive and malicious attacks?
Yes. Hacking tools are very important to probe and verify the security of networks. White hat hackers use these tools constantly toward the goal of protecting assets. If high-quality intrusion tools were not available to legitimate users, the field would be more vulnerable to attacks by powerful tools created by malicious actors.