Security Concepts

Principles of Security

• Confidentiality - Ensuring only authorized persons has access to the data or resources.

• Integrity - Ensuring the data or message is not changed or altered in any way.

• Availability - Ensuring the data or resources are available to persons.

Threat

• A threat is anything that has the potential to cause harm to a system.

• A threat is something that has the potential to violate any components of the CIA Triad.

Vulnerability

• A vulnerability is a security weakness within a system.

• This usually software bugs, using weak passwords on systems and even mis-configurations on a device.

Exploit

• Anything that has the capabilities to take advantage of a vulnerability.

Attack

• An attack is the method or technique which is used to take advantage (exploit) a vulnerability within a system.

Data states

• Data in motion (transit) - Data moving from one device to another.

• Data in use - Data that is currently being used by a system or application.

• Data at rest - Data that is not being used or moving.

Principle of least privileges

A user account that is configured with the minimum requirements needed for a user to perform their job.

Threat actors

• Threat actors are the persons who are responsible for a threat or cyber-attack.

Advanced persistent threat (APT)

• APTs are special hacking groups which ensure they cyber-attacks are very stealthy.

• APTs are very difficult to be detected.

• APTs are designed to remain on the network while further exploiting systems and exfiltrating data.

Insider threats

• This is an attacker who is within the organization's network.

• They are already behind the organization's security controls and can direct attack any vulnerable machines.

• Sometimes a disgruntled employee can create a cyber-threat which may affect the entire organization's network.

State actors

• This type of hackers are hired by the government

• Their job role is focused on nation security and performing hacks on another nation.

• They well-funded and has the best hacking tools to develop Advanced Persistent Threats (APTs) malware to infect their targets.

Hacktivists

• This term is a combination between a hacker and an activist.

• They usually use their hacking skills to serve either a political or social agenda.

• Some of their actions may include defacing website, creating denial of service attacks, disclosure of confidential documents and so on.

Script kiddies

• The script kiddies are the type which usually download hacking tools and follow tutorials or instructions on how to perform certain cyber-attacks.

• Scripts kiddies often does not understand how the hacking tools work or what is really happening.

• However their actions can cause a lot of harm on a system or network.

Criminal syndicates

• These types of hacker as well-funded to acquire the best hacking tools money can buy.

• Their motivation is financial gain

• Group of hacker where each person has their own role and duties during the attack.

Hackers

• White Hat - These are security professionals who uses their hacking skills to help organizations secure their systems and networks.

• Black Hat - These are hackers  who uses their skills for malicious purposes.

• Gray Hat - This type of hacker uses their skills for both good and bad intentions.

Shadow IT

• This is the technique to using systems, devices and applications without authorization from the IT department.

Competitors

• Competitors are always looking for many ways to ensure their opponents in the business industry loose reputation

• Creates a competitive advantage to gain new customers

• Sometimes a competitor may hire a hacker to exfiltrate confidential data from another company or even leak financial records on the Internet.

Zero-Trust model

• The policy to trust no one or anything on the system or network.

• Each time a user has to access as resource, they will need to re-authenticate each time.