Introduction to Information Security

Cybersecurity and information security are often used interchangeably, but they do have some distinct differences.

Cybersecurity is the practice of protecting computers, networks, and devices from digital attacks, theft, and damage. It involves the use of technical measures, such as firewalls and antivirus software, as well as policies and procedures, to prevent unauthorized access to or misuse of information and systems.

Information security, on the other hand, is the practice of protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. It involves the use of technical, physical, and administrative measures to ensure the confidentiality, integrity, and availability(CIA) of information and systems.

In short, cybersecurity is focused on protecting against attacks and threats that target computer systems and networks, while information security is focused on protecting the confidentiality, integrity, and availability of information and information systems.

Both cybersecurity and information security are important for organizations, as they help to protect against a wide range of threats, including data breaches, malware attacks, and ransomware attacks. Implementing strong cybersecurity and information security measures can help to protect against these threats and ensure the confidentiality, integrity, and availability of sensitive information and systems.

What is CIA?

Confidentiality: Only authorized users and processes should be able to access or modify the data

Integrity: Data should be maintained in a correct state, and nobody should be able to improperly modify it, either accidentally or maliciously

Availability: Authorized users should be able to access data whenever they need to do so

An example of the CIA triad in practice

Think of logging into an e-commerce site to check your orders and make an additional purpose. The e-commerce site uses the three principles of the CIA triad in the following ways:

Confidentiality: When you log in, you’re asked for a password. If it’s been a while since your last log-in, you may be asked to input a code that’s been sent to you or some other form of two-factor authentication.

Integrity: Data integrity is provided by making sure your purchases are reflected in your account and allowing you to contact a representative if there’s a discrepancy.

Availability: You can log into your account whenever you want, and you may even be able to contact customer support at any time of the day or night.

Non-repudiation:

Method by which the sender of data is provided with a proof of delivery and the recipient is assured of the sender’s identity (ID), so that neither can later deny having processed the data.

User authentication methods:

The main factors used in user authentication include the following:

• Knowledge: In the knowledge-based authentication method, the user is authenticated based on what the user knows. For example, it could be a PIN, password, or maybe a secret key that is required to access the online account.

What the user knows—knowledge-based authentication (e.g., password, PIN, passcode)

• Possession: In the possession-based authentication method, the user is authenticated based on what the user has. For example, it could be a device (smartphone, tablet, or computer), token, or a smart card.

What the user has—possession-based authentication (e.g., memory card and smart card tokens)

• Inherence/Biometric: In the inherence-based authentication method, the user is authenticated based on what the user is. For example, biometric elements such as voice patterns, face biometrics, fingerprints, etc.

What the user is—biometric-based authentication: physiological (e.g., fingerprint) or behavioral (e.g., keyboard dynamics) characteristics

Identification, authentication, authorization, and accountability are four important concepts in information security.

• Identification: This refers to the process of identifying an individual or device in order to determine their identity. This can be done through the use of user accounts, passwords, and other types of credentials.

• Authentication: This refers to the process of verifying the identity of an individual or device. This can be done through the use of passwords, security tokens, biometric authentication, or other types of authentication methods.

• Authorization: This refers to the process of granting access to resources or privileges to an individual or device based on their identity and permissions. This can be done through the use of user accounts, permissions, and access controls.

• Accountability: This refers to the ability to trace actions or events back to an individual or device. This is important in order to ensure that individuals or devices are held accountable for their actions and that any security incidents can be properly investigated and resolved.

These concepts are closely related and are often used together to ensure information and systems security. Organizations can control access to resources by identifying and authenticating users and ensure that individuals are held accountable for their actions.

Threat vs Vulnerability vs Risk

A threat is a potential source of harm or danger to an organization or its assets. Threats can come in many forms, including cyber attacks, natural disasters, and human errors.

A vulnerability is a weakness or gap in an organization's security that can be exploited by a threat. Vulnerabilities can be technical, such as a software vulnerability that can be exploited by malware, or they can be organizational, such as a lack of security policies or procedures.

Risk is the potential impact of a threat exploiting a vulnerability. It measures the likelihood that a threat will occur and the potential impact it will have on an organization.

Technical Example: A cyber attack is a threat that could exploit an organization's security vulnerability, such as a software vulnerability or a weak password policy. The risk of this threat occurring is a function of the likelihood of the attack occurring and the potential impact that it could have on the organization, such as the loss of sensitive data or disruption of operations.

General Example: The threat of a hurricane is outside of one’s control. However, knowing that a hurricane could strike can help business owners assess weak points and develop an action plan to minimize the impact. In this scenario, a vulnerability would be not having a data recovery plan in place if your physical assets are damaged due to the hurricane. The risk to your business would be the loss of information or disruption in business due to not addressing your vulnerabilities.