What is Cyber Security?
So let’s talk about cybersecurity at a very high level and look at the purpose of security so if you’ve done any research on security in general you’ll probably see these terms quite frequently information security information assurance system security cyber security. There’s a there’s so many different names and terms that apply to pretty much the same thing at a very deep technical level there are certainly differences between information security or InfoSec and IA but at a very high level. There’s really no difference it’s really one in the same you’re still focused on the same thing so cyber security can be defined as the techniques and practices designed to protect data and when we talk data we’re talking about digital data so data that’s stored transmitted or used on an information system after all that’s what the attackers are after they’re after the data the the network or the computers or the servers or any of those things those are just mechanisms to get to the data so you know a lot of people get confused about security is I need to lock down this computer or I need to change my password I need to do all these things right and those are all protective mechanisms to keep people from accessing data so when a attacker is coming into your system or trying to get something they’re trying to get the data they’re not trying to get your computer they’re not trying to get your phone they’re trying to get your data and that is exactly what we’re trying to protect so what are we protecting data from really what you’re trying to protect data from is unauthorized access unauthorized modification and unauthorized deletion now. You’ll see terms Vannucci ality integrity and availability those three terms are pretty synonymous with security those are the core three terms that you’ll see and you’ll see it called the CIA triad or the ica triad and those are the core principles of security and when you’re talking about unauthorized access.
You’re talking about you don’t want people to see data which is keep it confidential right keep it secret you don’t want anyone seeing the data unless they’re authorized to do so the same with changing the data modifying it that protects the integrity of the data and lastly you don’t want anybody deleting data or you want it to be available so they’re pretty simple concepts but believe it or not it’s very complex when you get into actually implementing these on an information system and implementing security using these principles but at its core again these are the three main principles unauthorized access unauthorized modification and unauthorized deletion is exactly what you’re defending so let me give you a couple examples of each one of them an example of access is anyone using a computer or device like a mobile device a phone a tablet or getting into an actual folder or directory that contains files getting into those files or executing a software application running a software application every user that does this needs to be authorized to do so you need to tightly control that to make sure that whoever is opening devices or using devices or opening files is authorized to do so and the same with modification anybody changing a computer or device changing the configuration of the computer or device same with changing the configuration of a folder or directory you can actually modify permissions who can get in who can get out you don’t want anybody changing those unless they’re authorized to do it same with files and software applications. So it’s very important to control who can modify things on your information system and lastly you don’t want anybody deleting anything unless they’re authorized to do it right so if you go to use the data that you need access to and it’s not there hey who deleted that I don’t know you need to know it’s important it’s it’s critical that’s probably in my opinion this is probably one of the more important principles is the availability or the deletion of data you want to make sure that that data that system whatever it is is available when your customers or when you need to use it so in closing. Consider using a tool like IGA, which can help system admins manage user identities and entitlements. For more about what is identity governance, check the link. I wanted to add this this awesome picture I found this on the internet and thought it was hilarious you know guy just napping and you know hanging out and I just wanted to drive home the the principles of you really want to make sure that you’re vigilant and that you’re protecting it gets unauthorized access modification and deletion so be the opposite of this guy.
