Cyber Security Terminology

Question 1

What is Cyber Security?

Answer 1

Cyber Security involves safeguarding information systems—comprising hardware, software, and related infrastructure—along with the data they contain and the services they offer, against unauthorised access, damage, or misuse. This protection extends to both intentional harm by the system operator and accidental harm resulting from neglecting security protocols.

Question 2

What is the difference between an incident and a breach?

Answer 2

Incident: A cybersecurity incident refers to any event that potentially compromises the confidentiality, integrity, or availability of an information system. Incidents can range from minor events, like suspicious network activity, to more serious occurrences, such as malware infections or unauthorized access attempts. Not all incidents result in data being compromised or accessed; some may be contained or mitigated without further damage.

Breach: A breach is a specific type of incident where there is confirmed unauthorized access to or disclosure of sensitive information. In other words, a breach occurs when an attacker successfully infiltrates a system and accesses or exfiltrates data that they are not authorized to see. Breaches typically have legal and regulatory implications, especially if they involve personal or confidential data.

Question 3

What is the CIA triad?

Answer 3

The CIA triad is a fundamental set of security objectives crucial for the efficient safeguarding of systems, networks, and data:

1. Confidentiality: Ensures that sensitive information is accessible only to those who are authorized to access it, protecting it from unauthorized disclosure.
2. Integrity: Ensures that data is accurate and trustworthy, protecting it from unauthorized modification or tampering.
3. Availability: Ensures that information and resources are accessible to authorized users whenever needed, protecting it from disruptions.

These three elements are fundamental to information security and are used to guide policies, procedures, and technologies that protect data.

Question 4

What is the “Triple A”?

Answer 4

The “Triple A” in the context of information security typically refers to AAA, which stands for Authentication, Authorisation, and Accounting. These three objectives form the foundation for managing access to resources in secure systems while providing clear accountability.

1. Authentication: The process of verifying the identity of a user, device, or system. This can involve passwords, biometrics, tokens, or other forms of credentials to ensure that the entity requesting access is who they claim to be.
2. Authorisation: The process of determining whether an authenticated entity has the permission to access a particular resource or perform a specific action. Authorisation controls what a user or system can do after they are authenticated.
3. Accounting (or Auditing): The process of tracking and recording the actions taken by authenticated and authorised users within a system. This includes logging access and activities for security monitoring, compliance, and auditing purposes.

Together, these three components form a comprehensive framework for controlling and managing access to resources in secure environments.

Question 5

What is Authentication?

Answer 5

Authentication is the process of linking an identity to an entity (being a user, device, or system) before granting access to a resource or service. It ensures that the entity requesting access is indeed who or what it claims to be.

There are various methods of authentication, typically categorized into three main types:

1. Something You Know: This involves information that the user knows, such as passwords, PINs, or security questions.
2. Something You Have: This refers to physical items that the user possesses, such as a security token, smart card, or a mobile device.
3. Something You Are: This category involves biometrics, where the authentication is based on unique physical characteristics of the user, such as fingerprints, facial recognition, or iris scans.

In some systems, a combination of these methods is used, which is known as multi-factor authentication (MFA). MFA adds an extra layer of security by requiring multiple forms of verification before granting access.

Question 6

What is out of band authentication (OOBA)?

Answer 6

Out-of-band authentication (OOBA) is a method of verifying a user’s identity through a channel that is separate from the primary communication or transaction channel. It is commonly used as an additional security measure to protect against fraud or unauthorized access, particularly in online banking and other sensitive transactions.

Here’s how out-of-band authentication works:

1. Primary Interaction: The user initiates a transaction or login attempt through a primary channel, such as a web browser or mobile app.
2. Secondary Verification: The system triggers a secondary authentication step through a different communication channel, such as sending a one-time password (OTP) via SMS, an automated phone call, or an email. The user must confirm their identity through this secondary channel.
3. Completion: The user enters the code or responds to the prompt from the secondary channel to complete the authentication process. Only after successful verification is the original request processed.

Out-of-band authentication is effective because it adds a layer of security that is difficult for attackers to compromise. Even if an attacker gains access to the primary channel (e.g., by phishing or session hijacking), they would also need to control the secondary channel to successfully authenticate and gain unauthorized access.

Question 7

What is Authorisation?

Answer 7

Authorisation is the process of determining whether an authenticated user or system has the permission to access a specific resource or perform a particular action within a system. It comes into play after authentication, which verifies the identity of the user or system.

Authorisation defines what an authenticated entity is allowed to do, such as:

• Accessing certain files or databases.
• Using specific applications or services.
• Executing particular commands or functions.
• Modifying or deleting data.

The rules for authorisation are typically defined by security policies, role-based access controls (RBAC), or attribute-based access controls (ABAC).

Authorisation ensures that even after a user or system is authenticated, they can only perform actions and access resources for which they have explicit permission. This helps maintain security and privacy by limiting access to sensitive information and critical system functions.

Question 8

What is Accounting?

Answer 8

Accounting (sometimes referred to as auditing) refers to the process of tracking and recording the activities and behaviours of users, systems, and applications within a network or system. This includes logging details about who accessed what resources, when they accessed them, and what actions they performed.

Key aspects of accounting in cybersecurity include:

1. Logging and Monitoring: Recording events such as login attempts, file access, changes to system configurations, and transactions. These logs provide a detailed record of activity that can be used for monitoring, analysis, and auditing.
2. Auditing: Reviewing and analysing logs and other records to ensure compliance with security policies, detect anomalies, and identify potential security incidents. Auditing helps in verifying that systems are functioning as intended and that users are following established security protocols.
3. Accountability: Ensuring that users and systems can be held responsible for their actions. By maintaining detailed logs, organisations can trace activities back to specific users or processes, which is crucial for investigating security incidents or policy violations.
4. Compliance: Many regulations and standards (such as GDPR, HIPAA, or ISO 27001) require organisations to keep detailed records of user activities and system operations to ensure compliance with legal and regulatory requirements.

Accounting plays a crucial role in maintaining the integrity, security, and compliance of an IT environment. It allows organisations to detect unauthorised access, troubleshoot issues, ensure proper use of resources, and provide evidence in case of legal disputes or investigations.