3.1 Security Foundations

Question 1

3.1.1 The Cybersecurity Cube

Answer 1

Have you heard of the cybersecurity cube? It provides a useful way to think about protecting data. The cube reminds us of what the task of protecting data entails, including the three dimensons of information security.

Question 2

1. Security Principles

Answer 2

The first dimension of the cybersecurity cube identifies the goals to protect cyberspace. The foundational principles of confidentiality, integrity, and availability of data provide a focus which enables the cybersecurity expert to prioritize actions when protecting any networked system.

Data confidentiality prevents the disclosure of information to unauthorized people, resources, or processes.

Data integrity refers to the accuracy, consistency, and trustworthiness of data.

Data availability ensures that information is accessible by authorized users when needed.

You can use the acronym CIA to remember these three principles.

Question 3

2. Data States

Answer 3

The cyberspace domain contains a considerable amount of critically important data. But in what state? The second dimension of the cybersecurity cube represents the three possible data states:

Data in transit.
Data at rest or in storage.
Data in process.
Effective cybersecurity requires the safeguarding of data in all three states. We can’t focus only on protecting data that is being processed, nor just on data in storage.

Question 4

3. Safeguards

Answer 4

The third dimension of the cybersecurity cube defines the pillars on which we need to base our cybersecurity defenses in order to protect data and infrastructure in the digital realm.

These are technology, policy and practices, and improving education, training and awareness in people.

Cybersecurity professionals must use a range of different skills and disciplines available to them when protecting data and infrastructure in cyberspace.

Question 5

3.1.2 Confidentiality, Integrity, and Availability

Answer 5

Network security consists of protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Most organizations follow the CIA information security triad. Since it forms the foundation of cybsersecurity practice, it is important that you have a detailed understanding of the three principles:

Confidentiality - Only authorized individuals, entities, or processes can access sensitive information. It may require using cryptographic encryption algorithms such as AES to encrypt and decrypt data.
Integrity - Refers to protecting data from unauthorized alteration. It requires the use of cryptographic hashing algorithms such as SHA.
Availability - Authorized users must have uninterrupted access to important resources and data. It requires implementing redundant services, gateways, and links.

Question 6

3.1.3 CIA Triad - The Principle of Confidentiality

Answer 6

To accomplish confidentiality without using encryption, tokenization is a substitution technique that can isolate data elements from exposure to other data systems. A random value with no mathematical relationship replaces original data. Outside the system, a token has no value and is meaningless. Tokenization can preserve the data format (its type and data length), which makes it useful for databases and card payment processing.

Rights management covers both digital rights management (DRM) and information rights management (IRM). Both protect data from unauthorized access by using encryption.

DRM protects copyrighted material like music, films, or books. When any such content appears in digital form — for instance on CD, mp3, or e-book — it is encrypted, so the media cannot be copied without the decryption key. The decryption key is available only to licensed parties.

IRM is used with email and other files that are relevant to the activities and communications of an organization. When this information is shared with others, IRM allows the document owner, the organization, or one of its members to control and manage access to the document.

Question 7

3.1.5 Data Integrity

Answer 7

Integrity is the accuracy, consistency, and trustworthiness of data across its entire lifecycle.

Data undergoes several operations, such as capture, storage, retrieval, update, and transfer. Data must remain unaltered by unauthorized entities during all these operations.

Methods used to ensure data integrity include hashing, data validation checks, data consistency checks, and access controls. Data integrity systems can include one or more of these methods.

Data integrity is a fundamental component of information security. Ensuring data integrity is a constant challenge for most organizations. Loss of data integrity can render entire data resources unreliable or unusable.

However, the importance of data integrity varies based on how an organization uses its data. For example, a bank or financial organization assigns a higher importance to data integrity than a social media channel.

Answer 8

Low level of need
Blogs, forums, and personal pages on social media are powered by public opinion and open contribution. Data may not be verified at all, and there is a low level of trust in the content.

Answer 9

Critical level of need
In a healthcare organization, data integrity might be a matter of life or death. For example, prescription information must be accurate. Therefore, all data is continuously validated, tested and verified.

Answer 10

High level of need
In an e-commerce or analytics-based organization, transactions and customer accounts must be accurate. All data is validated and verified at frequent intervals.

Answer 11

Mid level of need
Online sales and search engines collect data that has been publicly posted. Little verification is performed, and data is not completely trustworthy.

Question 12

3.1.7 Ensuring Availability

Answer 12

There are many measures that organizations can implement to ensure the availability of their services and systems.

Question 13

Equipment Maintenance

Answer 13

Regular equipment maintenance can dramatically improve system uptime. Maintenance includes component replacement, cleaning, and alignment.

Question 14

Operating systems and software updates and patches

Answer 14

Modern operating systems, applications, and software are continuously updated to correct errors and eliminate vulnerabilities. In every organization, all systems, applications, and software should be updated to a regular schedule. Cybersecurity professionals can subscribe to alerts that announce new update releases.

Question 15

Backup Testing

Answer 15

Backup of organization data, configuration data, and personal data helps ensures availability. Backup systems and backed up data should also be tested to ensure they work properly, and that data can be recovered in the event of data loss.

Question 16

Disaster planning

Answer 16

Planning for disasters is a critical part of increasing system availability. Employees and customers should know how to respond to a disaster. The cybersecurity team should practice response protocols, test backup systems, and be familiar with procedures for restoring critical systems.

Question 17

New technology implementations

Answer 17

High availability requires continuous evaluation and testing of new technologies to counter new threats and attacks. Cybercriminals use the latest tools and tricks, so cyber professionals are also required to keep up by using new technologies, products, and devices.

Question 18

Activity monitoring

Answer 18

Continuous system monitoring increases system availability. Monitoring event logs, system alerts, and access logs provides the cybersecurity professional with real-time system information. Such monitoring can identify attacks within seconds and enable cybersecurity professionals to defend against them when they occur.

Question 19

Availability testing

Answer 19

All systems should be tested to find vulnerabilities. Testing can include port scans, vulnerability scans, and penetration tests.