FUNDAMENTALSOFCYBERSECURI

TY(
CYB201)LECTURENOTE

TOPI
CSI
NCLUDES:

 Conf
ident
ial
it
y

 I
ntegr
it
y

 Av
ail
abi
li
ty

 Aut
hent
icat
ion

 AccessCont
rol

 I
ntr
oduct
iont
o/needf
orCy
ber
secur
it
y

Oureverydayl i
veshav ebecomemor edependentont heconnectedtechnologicalinf
ormati
onnet wor k.Thisnet worki susedbyawi derangeoforganizat
ions,i
ncluding
medical
,financial,andeducat ionalinsti
tut
ions.Theymakeuseoft henetworkt ogat
her,
process, st
or e,andshar emassi v evol
umesofdi git
aldat
a.Thesaf etyofdigitali
nfor
mationi sbecomi ngincreasinglyimportanttoournati
onalsecuri
tyandeconomi
cstabi
li
tyasmor edi gital
dat aiscollect
edandshar ed.

Cybersecur
it
yist heongoingef f
orttopr ot
ectthesenet wor kedsyst
emsandal lofthe
data f r
om unaut hori
zed use or harm.
Youmustpr otectyouridenti
ty,data,andcomput erequipmentonaper sonall
evel.Pr
otecti
ngtheorganizati
on'sreputati
on,data,andcustomer sisevery
one'sdut
yatt he
corporat
elevel.Nati
onalsecurit
y,aswel lasindi
viduals'safetyandwell
-
being,ar
eatstakeatt hestatelevel.

YourOnl
ineandOf
fl
ineI
dent
it
y

Asmor etimeisspentonline,youronli
neandof fl
ineidenti
tiescanhav eanimpacton
yourl
if
e.Youroffl
ineidentit
yisthepersonwi thwhom y ouengagewi thyourfr
iends
andfamilyonaregularbasisathome, school,orjob.Theyhav eaccesstopersonal
i
nformati
onsuchasy ourname, age,andresidence.Whoy ouar ei
ncy ber
spaceis
youronl
ineident
it
y.Howy oushowy ourselft
opeopl eonlinei syouronli
nepersona.
Onlyali
ttl
equanti
tyofinformat i
onabouty oushouldber ev ealedthr
oughthisonli
ne
i
denti
ty.

Whenchoosingausernameoral i
asforyouronli
neidenti
ty,becautious.There
shoul
dbenoper sonali
nformati
onintheusername.Somet hingsuitableand
court
eousshoul
dbeused.Thi suser
nameshoul dnotleadst ranger
st othi
nkyouar
e
aneasytar
getforcyber
crimesorunwantedat t
ent
ion
  YourDat
a

Youcanconsi deranyinformati
onabouty out obeyourdata.Thisper sonaldat acan
beusedt ouniquelyidenti
fyyouasaper son.Thisinf
or mati
onincludest hepictures
andmessagesy ousendandr eceiveonlinewithy ourfamilyandf riends.Ot her
i
nformation,suchasname,soci alsecurit
ynumber ,dateand pl aceofbi rth,or
mother‘
s mai den name,i s known by y ou and used toi dent
ifyy ou.Medi cal
,
educati
onal,f
inanci
al,andjobinformat
ionmayal lbeusedt otracky oudownont he
i
nternet
.

 Medi
calRecor
ds

Mor einformat i
onisaddedt oy ourheal
thr ecordsev erytimey ouv i
sitthedoctor.
Yourf amilydoctor'
spr escri
pti
onbecomespar tofy ourmedi calhi
story.Yourhealt
h
records,whichmayormaynotbemedi call
yl i
nked,cont ai
ni nf
ormati
onabouty our
physicalandment alhealth,aswellasot herper sonalinformati
on.Forexampl e,if
youhadt herapyasaki dduet osever
ef amilychanges,t hiswil
lbeincludedinyour
medicalr ecords.Healthrecordsmayal socont aininfor
mat ionabouty ourfamil
yin
addit
iont oyourmedi calhist
oryandpersonal i
nformation.

Medicaldevices,suchasf it
nessbands,lever
aget hecloudplat
formt oal l
ow for
wirel
esstr
ansmi ssion,
storage,anddispl
ayofcli
nical dat
asuchashear tr
ates,bl
ood
pressur
es,andbl oodsugar s.Thesegadgetscancr eatealotofcli
nicaldata,whi
ch
couldendupi nyourmedi calrecor
ds.

 Educat
ionRecor
ds

Youreducat ionrecordmaycont ai
ni nfor
mat i
onony ourgradesandt estscores,
attendance,coursescompleted,awardsanddegr eesrecei
ved,andanydi sci
pli
nary
reportsasy oumov ethroughy oureducati
on.Thisrecor
dmayal soincl
udecont act
i
nfor mati
on,heal t
h and immuni zati
on records,and speci
aleducati
on r ecords
i
ncl udi
ngindivi
duali
zededucati
onpr ograms(IEPs)
.

 Empl
oymentandFi
nanci
alRecor
ds

I
nformati
onabouty ourincomeandex pensesmaybei ncludedinyourfinancial
r
ecord.Paycheckstubs,credi
tcar
dstatements,yourcr
edi
trati
ng,
andotherbanking
i
nformati
onar eallexampl esoft axrecords.Youremploymentinf
ormati
oncan
i
ncludeyourpastemploymentandy ourperf
ormance.

 Wher
eisYourDat
a

Alloft
hisinf
ormati
onisabouty
ou.Ev er
ynat
ionhasitsownsetofl awsthatprot
ect
yourpri
vacyanddata.Butdoyouknow wher eyourinfor
mationisstor
ed?Doy ou
knowwhocoul dhaveacopyofyourphotosi
fyoupostthem onli
newithyourf
ri
ends?
Youhav ecopiesofthephot
osony ourowndevices.Thosephotosmayhav ebeen
tr
ansfer
redint
othedevi
cesofy ourf
ri
ends.St
ranger
smayhav ecopiesofthephotos
i
ftheyarepostedpubli
cly
.Theymayei t
herdownloadorhavescreenshotsofthose
i
mages.Becauset hephot osweresharedont heint
ernet
,theyar ealsokepton
serv
ersthr
oughouttheworld.

 TheyWantYourMoney

Criminalsareinterest edi nevery

thingv al
uabl
ey ouhav e.Yourcredenti
alsont he
i
nternetar equitev aluable.Thecriminalsgetaccesstoy ouraccountsusingthese
credential
s.Yourr elationshi
psmi ghtpotenti
all
ybeusedbyacr iminal
.Theymi ght
getaccesst oyouronl ineaccountsandr eput
ati
oni nordert
odupey ouintosending
moneyt ofri
endsorf ami l
ymember s.Thethi
efmi ghtsendyoumessagescl ai
mi ng
thatyourrelat
ivesorf r
iendsneedmoneysentt othem sotheycanretur
nhomeaf t
er
l
osingt hei
rwalletswhi letravel
i
ng.

Whenitcomest odeceivingyoui
ntohandi
ngthem money,thi
evesar
ei ncredi
bly
i
maginat
ive.Theyarecapabl
eofst
eali
ngnotj
ustyourmoney,butal
soyourident
ity
andr
uini
ngy ourl
if
e.

 TheyWantYourI
dent
it
y

Apartfrom taki
ngy ourmoneyf orashort-
term monet
arygai
n,thi
evesal soaimto
takeyouridenti
tyforlong-t
erm benef
it
.Theycanusey ourst
olenident
it
yt ocreat
e
credi
tcardaccountsandr unupdebtsinyourname.Yourcr
edi
trati
ngwillsuff
erasa
resul
t,makingitmorediff
icul
tforyoutogetloans.

 Ty
pesofOr
gani
zat
ionalDat
a

 Tr
adi
ti
onalDat
a

Personnelinformat i
on,intellect
ualpr opert
y,andf i
nancialdataareal lexampl esof
corporat
edat a.Appl i
cati
onmat eri
als,paychecks,offerlett
ers,employeeagr eement s,
andanyot herinformat i
onneededi nmaki nghi r
ingchoi cesareallincludedi nt he
personnelinformation.Pat ents,t
rademar ks,andnewpr oductplansar eexampl esof
i
ntell
ectualpr opertythatal low acompanyt oobt ai
naneconomi cedgeov erits
compet i
tors.Thisintell
ectualproper t
ymi ghtbedeemedat r
adesecret,andl osingit
couldbedev astat
ingfort hecompany '
sfuture.Thef i
nancialdataofaf irm,suchas
i
ncomest atements,balancesheet s,andcashf l
owst atements,provi
desi nsightinto
thecompany '
sheal t
h.

 I
nter
netofThi
ngsandBi
gDat
a

Thereisalotmor edatatomanageandsaf eguar

dnow thattheI
nternetofThings
(I
oT)hasemer ged.TheInt
ernetofThings( I
oT)isavastnetworkofphy si
calt
hings
suchassensorsandequipmentt hatextendsbeyondatypi
calcomputernetwork.Al
l
oftheseconnecti
ons,al
ongwi t
ht hefactthatwe'vei
ncr
easedstoragecapacit
yand
stor
ageser v
icesthr
oughcloudandv i
rtual
izat
ion,haveresult
edinexponentialdata
growth.Thisinf
ormationhasspar kedanew i nt
erestintechnologyandbusi ness
knownas" BigData.
"Wi tht
hev el
ocity
,amount ,anddiversi
tyofdatacreatedbyI oT
andbusinessacti
vit
iesonar egul
arbasis,datasecurit
y,i
ntegri
ty,
andav ai
l
abili
tyare
cri
ti
caltothecompany '
sexi
stence.

Cybersecur i
tyr eferst ot he pr acti
ce ofpr otecti
ng i nternet
-connected systems,
i
ncludinghar dwar e,software,anddat a,fr
om attack,damage, orunauthori
zedaccess.
Thi
si ncludespr otectingagainstawi der angeoft hreats,i
ncludinghacking,malwar e,
and r ansomwar e. Ef fect
ive cy bersecuri
ty pract i
ces i nvolve implementing a
combi nationoft echnicalcont r
ols,suchasf i
rewal l
sand encr y
ption,aswel las
administrat i
vecont r
ols,suchasempl oyeet r
aini
ngandi ncidentresponseplans.The
goalofcy bersecur i
tyist oensur et heconf i
dent i
ali
ty,integri
ty,andav ai
labil
it
yof
i
nformat ionandsy stems.

CONFI
DENTI
ALI
TY,
INTEGRI
TY,
ANDAVAI
LABI
LITY-THECI
ATRI
AD

TheCI
ATr
iad

Conf
identi
ali
ty,i
ntegr
it
yandavai
labi
li
ty,knownast
heCI
Atr
iad,i
sagui
del
i
nef
or
i
nfor
mat i
onsecurityf
oranor
gani
zati
on.

Whati
stheCI
ATr
iad

Thegoalofcy bersecurit
yist oprotecttheorgani
zat
ion’
sv i
talasset
sagainstrapidl
y
i
ncreasi
ngcy ber-att
acks.Thi scanbeensur edbyi mplementingtherightsecurit
y
prot
ocol
st hatcandet ectandpr eventsucht hr
eat
s.. Ev er
ysecurit
ycont r
oland
ever
ysecur i
tyv ulner
abili
tycanbev iewedinl i
ghtofoneormor eoft hesekey
concept
s.Forasecur it
ypr ogram tobeconsi der
edcomprehensiveandcompl ete,i
t
mustadequatelyaddr esstheentireCIATriad.

Thekeypur poseofcy ber

securi
tyi stoensuretheConfi
denti
ali
ty,I
ntegr
it
y,and
Avail
abi
li
ty(CIA)ofdataandser vi
ces.CIAortheCIAtri
adfor
mst hefoundati
onof
anyorganizati
on’
ssecurit
yinfr
astructur
e,i
ndi
cati
ngthatoncedataorasy stem i
s
att
acked,t
hesepr i
nci
pleswereviol
ated.

Whatdoeseachoft
hesepr
inci
plesmeans,
andhoweachpl
ayar
ole?
 1.CONFI
DENTI
ALI
TY

Anot hertermf orconf identi

alitywoul dbepr i
vacy.Conf i
denti
al i
tymeanst hatdat a,
objectsandr esourcesar epr otectedf rom unauthorizedv i
ewingandot heraccess.
Thepur poseof‘Conf i
dent i
ali
ty’istoensur et heprotecti
onofdat abypr ev
enti
ngt he
unaut hori
zeddi scl
osur eofi nf ormation.Companypol i
ciesshoul dlimitaccesst o
i
nf ormat i
ontoaut horizedwor kersandguar anteethatonl ythoseper sonswhoar e
author i
zedmayaccesst oit
.Thei nformat i
oncanbedi videdi nt
ocat egori
esbased
oni tslevelofsecurityorsensi tiv
ity.AJav asof t
waredev eloper,forexample,should
nothav eaccesst oal lworker s'personali nfor
mat i
on.Empl oy eesshouldal sobe
trainedont hebestpr acti
cesf orsecur i
ngsensi t
iveinformationi nordertopr ot
ect
themsel vesandt hecompanyf rom cyber -
att
acks.

 Exampl
esofdat
awi
thhi
ghconf
ident
ial
it
yconcer
nsi
ncl
ude:
 Soci
alSecur
it
ynumber
s,whi
chmustr
emai
nconf
ident
ialt
opr
eventi
dent
it
y
t
hef
t.
 passwor
ds,
whi
chmustr
emai
nconf
ident
ial
topr
otectsy
stemsandaccount
s.
 Whatt
oconsi
derwhenmanagi
ngdat
aconf
ident
ial
it
y:

 Towhom dat
acanbedi
scl
osed

 Whet
herl
aws,
regul
ati
ons,
orcont
ract
srequi
redat
ator
emai
nconf
ident
ial
 Whet
herdat
amayonl
ybeusedorr
eleasedundercer
tai
ncondi
ti
ons
 Whet
herdat
aissensi
ti
vebynat
ureandwoul
dhav
eanegat
ivei
mpacti
f
di
scl
osed
 Whet
herdat
awoul
dbev
aluabl
etot
hosewhoar
en'
tper
mit
tedt
ohav
eit(
e.g.
,
hacker
s)
 Somegui
del
inesf
ordat
aconf
ident
ial
it
y
Whenmanagi
ngdat
aconf
ident
ial
i
ty,
fol
l
owt
hesegui
del
i
nes:
 Encryptsensit
ivefi
les:Encr ypti
onisapr ocesst hatrendersdata
unreadabl
et o anyone ex cept those who hav et he appr
opri
ate
passwordorkey.Byencryptingsensit
ivefi
les(byusingfi
lepasswords,
forexample)
,youcanpr otectthem from bei
ngr eadorusedbyt hose
whoar enotenti
tl
edtodoei ther.
 Managedat aaccess:Cont rol
li
ngconf i
denti
ali
tyis,i
nlar
gepart,about
controll
ingwho hasaccesst o dat
a.Ensur i
ngt hataccessisonl y
authorizedandgr antedtothosewhohav ea" needtoknow"goesa
l
ong way i nl i
mi t
ing unnecessary exposure.Users shoul
d al so
authent i
catethei
raccesswi thstrongpasswordsand, wherepract
ical
,
two-factor authent i
cati
on. Peri
odical
lyr evi
ew access l i
sts and
prompt lyrevokeaccesswheni tisnolongernecessary.
 Physical
lysecuredev i
cesandpaperdocument s:Cont
rol
lingaccess
to dataincludes control
li
ng access ofal lki
nds,both digi
taland
physical
.Protectdevicesandpaperdocument sfr
om misuseort hef
t
byst ori
ngt hem inlockedar eas.Nev erleavedevi
cesorsensi ti
ve
document sunattent
edi npubl
i
cl ocat
ions.
 Secur
elydi
sposeofdat
a,dev
ices,
andpaperr
ecor
ds:
Whendataisnolongernecessar
yforUni
ver
sit
y-r
elat
edpur
poses,
itmustbe
di
sposedofappr
opri
atel
y.
o Sensit
ivedata,suchasSocialSecur
it
ynumbers,mustbesecur
ely
erasedtoensuret
hati
tcannotber
ecover
edandmisused.
o Devicesthatwereusedf orUniver
sity
-rel
atedpur posesorthatwere
otherwi
seusedt ostoresensi
ti
veinformati
onshoul dbedest r
oyedor
securel
yer ased t
o ensur
et hattheirprevious content
s cannotbe
recover
edandmi sused.
o Paperdocumentscont
aini
ngsensi
ti
veinf
ormat
ionshoul
dbeshr
edded
rat
herthandumpedint
ot r
ashorr
ecycl
i
ngbins.
 Managedat aacquisi
ti
on:Whencol lecti
ngsensiti
vedata,beconsci ousof
how much dat ai s actual
l
y needed and careful
ly consi
derpr i
vacy and
confident
ial
i
tyint he acqui
siti
on process.Avoi
d acquiri
ng sensi
tive data
unlessabsolut
elynecessary;oneoft hebestwayst oreduceconfidenti
ali
ty
ri
skist or
educetheamountofsensi t
ivedatabei
ngcollect
edinthefi
rstplace.
 Managedatautil
izat
ion:Conf
ident
ial
it
yriskcanbefur
therreducedbyusing
sensi
ti
vedat
aonl yasappr ov
edandasnecessar y.Mi
susingsensiti
vedata
vi
olat
esthepri
vacyandconf i
denti
ali
tyofthatdat
aandoft heindi
vi
dual
sor
 gr
oupst
hedat
arepr
esent
s.
 Managedev ices:Comput ermanagementi sabr oadtopi
ct hati
ncl
udesmany
essentialsecur i
typracti
ces.Bypr otecti
ngdev ices,youcanal soprotectthe
datat heycont ai
n.Fol l
ow basiccy bersecurit
yhy gienebyusi ng anti
-vi
rus
software,routinelypatchingsoftware,whitel
isti
ngappl i
cati
ons,usi
ngdev ice
passcodes, suspendingi nact
ivesessions,enablingfi
rewall
s,andusi
ngwhol e-
diskencryption.

 Commont
hreat
sagai
nstconf
ident
ial
it
yar
e:

Eav
esdr
oppi
ngat
tacks
Encr
ypt
ioncr
acki
ng
Mal
i
ciousi
nsi
der
s
Man-
in-
the-
middl
eat
tacks

 Somei
nfor
mat
ionsecur
it
ybasi
cst
okeepy
ourdat
aconf
ident
ial
are:

Encr
ypt
ion
Passwor
d
Two-
fact
oraut
hent
icat
ion
Bi
omet
ri
cver
if
icat
ion
2.I
NTEGRI
TY

Integritymeanst hatdataispr ot
ect edf r
om unaut hori
zedchangest oensurethatiti
s
reli
abl eand cor r
ect.Integr
ityr eferst ot hedat a'scorrectness,consi
stency,and
trustwor thi
nessoveritsenti
rel i
fecy cle.Duringtr
ansit,datamustbeunmodi f
iedand
unaf fectedbyunauthorizedindividuals.Unaut hor
izedaccesscanbepr ev
entedusing
fil
eper missi
onsanduseraccesscont rol.Versi
oncont rolcanbeusedt opr ev
ent
aut hori
zed user sf rom maki ng acci dental modifi
cations. Backups must be
accessi bleincaseofdat acor r
upt i
on,andchecksum hashi ngcanbeempl oyedto
ensur edat aint
egri
tyduringtransmi ssion.

Achecksum i
susedtov eri
fytheint
egr i
tyoffil
es, orst
ringsofcharacter
s,aftert
hey
havebeentr
ansf
erredfrom onedev icetoanot heracrossy ourlocalnet
wor korthe
I
nternet
.Hash funct
ions are used t o calculate checksums.A hash f uncti
on
tr
ansfor
msdataint
oaf ixed-
lengt
hv aluethatreflect
sthedat ausingamat hematical
method.Thehashedval
ueisonl
yforcompari
sonpurposes.Theorigi
naldatacannot
beretr
ieveddi
rect
lyf
rom t
hehashedval
ue.I
fyouforgetyourpassword,f
orexample,
thehashedval
uecannotbeusedtoret
ri
evei
t.Thepasswordneedst obereset.

Youmaycheckaf il
e'sintegri
tyaf
teri
t'
sbeendownloadedbycompar i
ngthehash
val
uesfr
om thesourcetot heoneyougener
atedusi
nganyhashcal
culator
.Youcan
conf
ir
mt hatt
hefil
ehasnotbeent amper
edwi t
hordamagedduri
ngthet r
ansf
erby
compari
ngthehashv al
ues.

Acr i
ti
calrequirementofbothcommer cialandgovernmentdat
apr ocessi
ngi sto
ensuretheintegri
tyofdat
atoprev
entfraudander r
ors.Asaresul
t,nousershouldbe
abl
et oalt
erdat ainawayt hatmightcorruptordest
royasset
sorf i
nanci
alrecords,
ormakedeci sion-
makinginf
ormat
ionunr eli
abl
e.
Ai
rtraff
iccont
rolsy
stems,mil
i
tar
yf i
recont
rolsyst
ems,andsocialsecuri
tyand
wel
faresyst
emsareexampl
esofgover
nmentsyst
emswhereint
egr
it
yiscrit
ical
.
Medicalprescri
pti
onsy
stems,credi
trepor
ti
ngsy st
ems,pr
oduct
ioncont
rolsy
stems,
andpayrollsyst
emsareexamplesofcommer ci
alsyst
emsthatr
equi
reahighl
evelof
i
ntegri
ty.

 Pr
otect
ingagai
nstThr
eat
stoI
ntegr
it
y:

Li
ke confident
ial
it
y,int
egr
itycan also be arbi
tr
ated byhackers,masqueraders,
unprotect
eddownloadedfil
es,LANs,unauthori
zeduseract
ivi
ti
es,andunauthori
zed
programslikeTroj
anHorseandv i
ruses,becauseeachofthesethreadscanleadto
unauthori
zedchangestodataorprograms.
Forexampl e,unaut
hori
zed usercan corr
uptorchange data and pr
ograms
i
ntenti
onal
l
y oraccident
all
yi fthei
racti
vi
ti
es on t
he sy
stem ar
e notpr oper
ly
contr
oll
ed.

 Gener
all
y,t
hreebasi
cpr
inci
plesar
eusedt
oest
abl
ishi
ntegr
it
ycont
rol
s:

Need-
to-
know access:Usershoul
dbegr ant
edaccessonlyontothosefi
l
esand
pr
ogramsthatt
heyneedinordertoper
for
mt hei
rassi
gnedj
obsf
unct
ions.
Separ
ati
onofdut
ies:Toensur
ethatnosi
ngl
eemploy
eehascont r
olofatr
ansact
ion
fr
om begi
nni
ngtoend,t
woormor epeopl
eshoul
dberesponsi
blef
orper
for
mingit
.
Rotat
ion ofduti
es:Job assignmentshoul d be changed per
iodi
cal
lyso t
hatit
becomesmor edi
ffi
cul
tfortheuserstocoll
aborat
et oexerci
secomplet
econt
rolofa
tr
ansact
ionandsubver
titforfr
audulentpur
poses.

 I
ntegr
it
yModel
s–

Int
egrit
ymodel s are used t
o descr
ibe whatneeds t
o be done t
o enf
orce t
he
i
nformationintegr
it
ypol i
cy.Ther
ear ethreegoal
sofi nt
egr
it
y,whichthemodels
addressinvari
ousway s:
 o Pr
eventi
ng unaut
hor
ized user
sfr
om maki
ng modi
fi
cat
ions t
o dat
a or
pr
ograms.
o Pr
eventing aut
hor
ized user
s f
rom maki
ng i
mpr
oper or unaut
hor
ized
modif
icati
ons.
o Mai
ntai
ningi
nter
nal
andext
ernal
consi
stencyofdat
aandpr
ogr
ams.

3.AVAI
LABI
LITY

Av ai
labili
tymeans t hataut horized users have access tot he sy stems and t he
resour cest heyneed.I nor derf orani nfor
mat i
onsy st
em t obeusef uli tmustbe
availabletoaut horizeduser s.Av ai
l
abili
tymeasur esprotectti
mel yanduni nt er
rupted
accesst othesy stem.Theav ai
labil
ityofthenetwor kanddat atoaut horizeduser sis
ensur edbymai ntainingequi pment ,conductinghar dwarerepairs,keepingoper at
ing
systemsandsof twar eupt odate,andcr eati
ngbackups.Pl ansshoul dbei nplacet o
recov erquicklyfrom nat uralorman- madedi sasters.Securi
tyequipmentorsof t
war e,
suchasf i
rewal l
s,pr otectsagai nstdownt i
mecausedbydeni alofser v i
ceat tacks
(DoS) .Denialofser vi
ceoccur swhenanat tackerat t
emptst oov erwhelmr esources
sot heser vi
cesar enotav ail
ablet otheusers.

Ther
ear
emai
nlyt
wot
hreat
stoav
ail
abi
l
ityoft
hesy
stem whi
char
easf
oll
ows:
o Deni
alofSer
vice

o LossofDat
aPr
ocessi
ngCapabi
l
iti
es

Theabov
etwof
acet
sofav
ail
abi
l
ityar
eexpl
ainedasf
oll
owi
ngbel
ow:
i
. Deni
alofSer
vice:
Deni alofServi
cespecif
iestoactionsthatlockupcomput ingservi
cesina
wayt hattheauthori
zedusersar eunabl et ouset hesystem whenev er
needed. Av ail
abi
li
tyis also bl ocked in case,i f a securit
y offi
ce
unintenti
onall
ylocksupanaccesscont rolofdat abasedur i
ngtherouti
ne
mai ntenanceofthesystem t
husf oraper i
odoft imeaut hori
zedusersar e
blockt oaccess.I
nthecomput ersystems,int
ernetwor m overl
oadedabout
10%oft hesystem onthenetwork,causingt hem tobenonr esponsi
vet o
theneedofuser sisanexampleofdeni alofser v
ice.
 i
i. LossofDat
aPr
ocessi
ngCapabi
li
ti
es:

Thel ossofdat a pr
ocessing capabili
ti
esar egener allycaused bythe
natural disast
ers or human act ions i s perhaps mor e common.
Contingencyplanni
ngist hemeasuret ocountersuchty peoflosses,whi
ch
helpsinmi nimi
zingthetimef ort
hatadat apr ocessi
ngcapabi l
ityremai
ns
unavail
able.Cont i
ngency planni
ng pr ovides an alternat
ive means of
processingwhichinvolvesbusinessr esumptionplanning,alt
ernati
vesi
te
processing orsimplydi sast
errecover yplanning t
her ebyensuresdata
avail
abil
ity
.

 Secur
it
yaspect
sofAv
ail
abi
li
ty:
Gener
all
y,thr
eebasici ssuesar
easpect
sofsecur
it
yini
ti
ati
vest
hatar
eusedt
o
addr
essavail
abi
l
ity
,theyare:
i
. Phy
sicali
ssues:
Thephysi
calissuesincludesaccesscont r
olst
hatpreventunauthori
zed
per
sonsfrom comingintocontactwit
hcomput i
ngresources,v
ari
ousf i
re
andwatercontrolmechanisms,hotandcol dsi
tesforusei nalt
ernati
ve
si
tepr
ocessi
ng, andbackupstoragef
acil
i
ties.
i
i. Techni
cali
ssues:
Technicalissues includes the faul
t-
tol
erance mechani sms,elect
ronic
vaul
ting(automati
cal l
ybackupt oasecurel ocat
ion)andaccesscont rol
soft
war etor est
ri
ctunaut horizedusersfrom disrupti
ngser vi
ces.Fault
tol
erancemechani smsi nvolv
eshar dwareredundancy,diskmirror
ingand
appli
cati
oncheckpoi ntrest
art.
i
ii
. Admi
nist
rat
ivei
ssues:
Theissuescomesi nt headmini
str
ativeaspectofav ai
l
abili
tyareaccess
contr
olpolici
es,operati
ng pr
ocedures,contingencyplanni
ng and user
tr
aini
ng.Pr
opertrai
ningofoperat
ors,programmer sandsecuri
typer
sonnel
canhelpavoidmanycomput i
ngstagest hatl
eadstothelossofavai
labi
li
ty.

 I
nformati
on secur
it
ymeasur
esf
ormi
ti
gat
ing t
hreat
sto dat
a av
ail
abi
li
ty
i
nclude:
i
. Off-
sit
ebackups:Of
f-
sit
ebackupisamet hodofbacki
ngupdatatoa
r
emot eser
verortomediathati
st r
ansport
edoffsi
te,usual
l
yvi
athe
I
nternet
.
 i
i
. Disast
errecovery:Disast
err ecoveryisanor ganizat
ion'
smet hodof
regai
ningaccessandf uncti
onalit
yt oit
sITinfrast
ructur
eafterevent
s
l
ikeanaturaldi
saster
,cyberattack,orevenbusi
nessdisrupti
ons.
i
i
i. Redundancy
:Dat aredundancyoccur
swhent
hesamepi
eceofdat
a
exi
stsi
nmul t
ipl
eplaces
i
v. Fai
lover:Fai
loveri
stheabi
l
ityt
oswi
tchaut
omat
ical
l
yandseaml
essl
y
toareli
ablebackupsyst
em.
v
. Proper moni
tor
ing:Securi
ty monit
ori
ng act
ivi
ti
es hel
p protect a
businessf
rom t
hreat
swithi
nt hecompany,aswellasfrom exter
nal
thr
eats.
v
i. Envir
onment alcontr
ols:Physi
calandenvir
onment alsecur
it
yprograms
defi
net hev ari
ousmeasur esorcont rol
st hatpr ot
ectorganizat
ions
fr
om l oss ofconnect i
vi
tyand av ai
l
abili
tyofcomput erprocessing
caused by t hef
t,fire,fl
ood,intent
ionaldestructi
on,unintenti
onal
damage, mechanicalequi
pmentf ai
l
ureandpowerf ail
ures.
v
ii
. Virt
ualizat
ion:Vi rt
uali
zati
on securit
yi sthe col lect
ive measures,
proceduresandpr ocessesthatensuretheprotecti
onofav i
rt
uali
zati
on
i
nfrastruct
ure/env ir
onment .Virt
ual
i
zationusessof twaretocreatean
abstracti
onl ay
erov ercomput erhardwaret hatallowst hehardware
el
ement s ofa single comput er
—processor
s,memor y,st
orage and
mor e—tobedi videdintomul t
iplevi
rt
ualcomput ers,commonl ycall
ed
vi
rtualmachines( VMs).
v
ii
i. Serverclust
eri
ng:A ser
vercl ust
eris a unifi
ed group ofservers,
di
stri
butedandmanagedunderasi ngl
eIPaddr ess,whi
chservesasa
si
ngleentit
ytoensurehi
gherav ai
labi
li
ty,pr
operl oadbal
ancing,and
syst
em scalabi
l
ity
.Eachser
v erisanodewi thi tsownstorage(hard
dri
ve),
memor y(RAM),
andprocessing(
CPU)r esourcest
ocommand.
i
x. Continuit
yofoper ati
onspl anni
ng:A cont i
nui
tyofoper at
ionsplan
establi
shes policy and guidance ensur i
ng that cr
iti
calfuncti
ons
continue and thatper sonneland r esources ar
er elocat
ed to an
al
ternatef aci
l
ityi ncaseofemer gencies.Theplanshoul d devel
op
proceduresfor:aler
ti
ng,noti
fyi
ng,act
ivati
nganddepl oy
ingemployees
4.AUTHENTI
CATI
ON

Basi
cConceptofAut
hent
icat
ion

Trustandrecognit
ionhav ebeenstaplesofhumanrel
ati
onshi
pssincethebeginni
ng
oftime,forci
ngear l
yhumanst ocreatewaysofi
denti
fyi
ngeachot hert
hroughthe
useofsi gnatur
es,f acialfeat
ures,names,andmor erecent
lythroughtheuseof
document sli
keofficialident
if
icat
ionandpassport
s.Theconceptofauthenti
cati
on
hasbecomei ncredi
blycompli
catedwi ththeadventanduseoft hei nternetindail
y
l
ife.Admini
str
atorssitbehi
ndscreens,unabletov er
if
yt hei
dent
it
yofi nv i
sibl
eusers
bysight,nameorsi gnatur
e–now t heyuset echnologytoprotecttheirnetworks
fr
om thosewiththedesiret
obypassaut hent
icati
onmet hodswit
hmal iciousint
ent.

 Def
ini
ti
onofAut
hent
icat
ion

Thepr ocessofaut hent icati

onint hecont extofcomput ersystemsmeansassur ance
andconf i
rmationofauser '
sident i
ty.Beforeauserat tempt stoaccessi nf
ormation
storedonanet work,heorshemustpr ovet heiridenti
tyandper missiontoaccess
the data.When l oggi ng ont o a net work ,a usermustpr ov i
de unique l
og- i
n
i
nf ormationincludi
ngausernameandpasswor d,apract i
cewhi chwasdesi gnedt o
protectanet wor kfrom i nfi
l
trati
onbyhacker s.Aut henticati
onhasf ur
therexpanded
i
nr ecenty earst or equiremor eper sonali nformation oft heuser ,f orexampl e,
biomet r
ics,toensur et hesecur i
tyoft heaccountandnet workf rom thosewi t
ht he
technicalskil
lstotakeadv antageofv ulnerabi
lit
ies.

 Hi
stor
yofAut
hent
icat
ion

Passwor dswer edev eloped and puti nto usei nt he1960' sforl argert han l i
fe
comput erswi thmul t
ipleuser s.Int he1970' s,Bel lLabsr esearcherRober tMor r
is
l
ear nedthatitwasabadi deatost orepasswor dsi nacl eart extfi
le.Mor ri
scr eateda
cryptographi
cconcept ,orhashf uncti
on,designedt ov eri
fytheident it
yoft heuser
withoutstori
ngt heact ualpasswor dinthemachi ne.Interestingl
yenough,asacl ear
i
ndicatorofwhatwast ocomei nt hetechnologyi ndust ry,Mor r
iscr eatedt hef i
rst
evercomput erwor m,i n1988.I nt he1970's,pr i
vatekeycr yptographyal loweduser s
tomai ntainonesetofi nformationt ouset ov er
ifyt heiridentit
ywhenl oggingi ntoa
system,andonesetofi nf or
mat i
ont oshar ewi tht hewor l
dwhenusi ngi nternet–
thusgi vi
ngi nternetuser saf aceandnameont hei nternet.One- t
imepasswor ds,
public-
keycry ptographyandCAPTCHAsf ol
lowed, br i
ngingust otoday, wher eweuse
bothMFA( mul ti
-fact
oraut henti
cation)andbiomet r
ics.

 HowAut
hent
icat
ionwor
kwi
thsecur
it
y

Authenti
cati
on empl oys dif
ferentcombinations ofdat a,passcodes,QR codes,
passwords,passcards,digit
alsignatur
es,
fingerpr
int
,ret
inal,f
aceandv oicescansto
ver
ifyauser s'i
dentit
ybef or
et heycanaccessanet work.Pr operauthenti
cati
onis
oft
enpr ovi
dedt hroughasol uti
onlikeasecur ewebgat ewayanddepl oymentof
multi
ple,cohesi
vesecur i
typr otect
ionsandsol uti
ons,li
kenext -gener
ationfi
rewal
l
andendpointprotecti
on.

 Aut
hent
icat
ionl
eadst
oAut
hor
izat
ion

Authenti
cat
ionnow givesall
oweduser saccesst osyst
emsandappl icat
ions.But
ther
ei smore,Oncethesystem knowswhouser sar
e,poli
ciescanbeappl i
edthat
contr
olwheretheuserscango, whatt
heuserscando, andwhatresour
cest heycan
access.Thi
si scal
ledauthori
zati
on.Author
izat
ionisimportantasitensuresthat
userscannothav emoreaccesstosy st
emsandr esourcesthentheyneed.Thisalso
makesi tpossibletoidenti
fywhensomeonei st r
yingtoaccesssomet hi
ngt hey
should not.Forexampl e,onlygiv
ing medicalpersonneland notadmi ni
strati
ve
personnelaccesstopati
entrecor
ds,ensur
ingpati
entconfident
ial
i
ty.

 Way
stoAut
hent
icat
e

Therearethreemethodsofauthent
icat
ion:somethi
ngyouknow (i
.e.passwords),
somethi
ngy ouhav
e( i
.e.t
okenkeys)
,orsomet hi
ngyouare(
scannedbodypar t
,i.e.
fi
ngerpr
int
):
 Somet
hingYouAr
e
Thistendstobet hest
rongestandhardestt ocr
ack—i t
’snoteasyt orepli
cateaniri
s
scanordupl i
cat
eaf ingerpri
nt.However,thet echnologyto deployt hi
st y
peof
authenti
cati
onisexpensiveanddoesnott ransl
ateeasi l
ytoalltheway sweaccess
resources.Wear estart
ingt oseemor eadopt ionoft hi
saut hent
icati
onmet hod
(thi
nkFaceIDi ni
Phones),butweareyearsawayf rom thismakingseriousheadway.
 Somet
hingYouHav
e
Thishasbecomei ncreasi nglypopulargivenourgener alunwi l
l
ingnesst odet ach
from ourmobil
ephones.Thi stypeofaccesscont r
oltypical
lytakest heform ofaone
-ti
met okenkeyt haty ougetf rom anext ernalsource( akey ,y ouremai l
,at ext
message,oranaut henticationapp).Traditi
onal
ly,providi
nguser swit
ht hedev i
ce
thatdeli
verst
hetokenkeyhasbeent hebiggestdet er
renttowi derdepl oy
ment ,but
todaywi t
hmostuser shav i
ngsmar tdevicesalway sav ai
lable,thesomet hingy ou
havemet hodofauthenticationisgai
ningground.
 Somet
hingYouKnow
Themostcommonexampl eofthisisourpasswor ds—nospecialhardwar
eneeded
forbi
o-scans,
noadditi
onaltool
sneededt oprovi
desecretcodes.Thisiswhyitisso
i
mpor t
antthatyoucreat
epasswor dsthatar
ehardt oguess.I
nmostsi t
uat
ions,
y our
passwordistheonlypieceofinformationthatotherpeopl
edonotknow,andt he
onlywayforyoutokeepyourinf
ormationsecure.

 TwoFact
orAut
hent
icat
ion

Popularonlineservices,suchasGoogl e,Facebook,Twi t
ter,Li
nkedI
n,Appleand
Microsoft
,usetwof actorauthenti
cat
iont
oaddanext ralayerofsecuri
tyf
oraccount
l
ogins.Besidestheuser nameandpasswor d,
orpersonalidenti
fi
cati
onnumber(PIN)
orpatter
n,twofactoraut hent
icat
ionr
equi
resasecondtoken, suchasa:

 Physi
calobject-credi
tcard,ATM card,phone,
orfob
 Bi
omet r
icscan-f i
ngerpr
int,
palm pri
nt,
aswel lasf
aci
alorv
oicer
ecogni
ti
on

Evenwithtwofact
orauthent
icat
ion,hacker
scanst i
l
lgainaccesstoy ouronline
account
sthr
oughat
tackssuchasphishi
ngattacks,
malwar
e,andsoci
alengineer
ing.
 5.ACCESSCONTROL

Accesscontroli
sasecuri
tyt
echniquet
hatregulat
eswhoorwhatcanv i
ew oruse
resour
cesinacomput ingenvi
ronment.Iti
saf undament
alconcepti
nsecuri
ty
thatmini
mizesri
skt
othebusi
nessororgani
zati
on.

Accesscontrolist heprocessofcontrol
ling who doeswhatand r angesf r
om
managingphysicalaccesstoequi
pmenttodi ctat
ingwhohasaccesst oar esource,
suchasaf il
e,andwhatt heycandowi t
hit,suchasr eadorchanget hefil
e.Many
secur
it
yvulnerabi
li
ti
esarecreat
edbytheimpr operuseofaccesscont
rols.

Tosecur eaf aci

li
ty,organizati
onsuseelectr
onicaccesscontrolsystemsthatrel
yon
usercredential
s,accesscar dreader
s,auditi
ngandr eportst
otrackempl oyeeaccess
torestr
ictedbusinessl ocati
onsandpropriet
aryareas,suchasdat acent
ers.Someof
thesesy stemsi ncorporateaccesscont rolpanelstor est
ri
ctent rytoroomsand
buil
dings,aswel lasal ar
msandl ockdowncapabi li
ti
es,topr eventunauthor
ized
accessoroper ati
ons.

Accesscont rolsy stemsper form i

dentif
icat
ionaut henticat
ionandauthori
zationof
users and entit
ies by ev al
uati
ng requi
red logi
n cr edenti
alsthatcan i nclude
passwords,personali dentifi
cati
onnumber s(PINs)
, biomet ri
cscans,securi
tytokens
orotherauthenti
cationf actors.Mult
if
actorauthent
icat i
on( MFA),whichrequir
est wo
ormor eauthenticati
onf actors,i
softenani mportantpar tofalayereddefenset o
prot
ectaccesscont r
ol systems.

 Whyaccesscont
roli
simpor
tant

Thegoalofaccesscont r
oli stominimizethesecuri
tyri
skofunaut hor
izedaccessto
physi
caland l ogi
calsystems.Access cont r
olisaf undament alcomponentof
securit
ycompl i
anceprogr
amst hatensuressecuri
tytechnologyandaccesscont rol
poli
ciesar einpl acetopr otectconf i
denti
ali
nfor
mat i
on,suchascust omerdat a.
Mostor ganizati
onshaveinfrastr
uctur
eandpr oceduresthatl
imitaccesstonetworks,
comput ersy stems,applicati
ons,f i
les and sensit
ive dat
a,such as per sonally
i
dentifi
ableinformati
on(PII)andint
ellect
ualproper
ty.

Accesscont r
olsystemsar ecomplexandcanbechall
engingt
omanagei ndy namic
I
Tenv ironmentsthatinvol
v eon-
premisessy
stemsandcloudser v
ices.Aftersome
high-
profil
ebreaches,technol
ogyv endor
shav eshi
ft
edawayf rom singlesign-on
(SSO)sy st
emst ounifi
edaccessmanagement ,whi
choff
ersaccesscontrol
sf oron-
premisesandcloudenv i
ronments.

 Howaccesscont
rolwor
ks

Thesesecuri
tycontr
olsworkbyi
dentif
yinganindi
vi
dualorentity,veri
fyi
ngthatthe
personorappl
icat
ioniswhoorwhatitcl
aimstobe,andauthori
zingt heaccessl
ev el
andsetofactionsassoci
atedwi
ththeusernameorI nt
ernetProtocol(IP)addr
ess.
Direct
oryserv i
cesandpr ot
ocols,i
ncl
udingLightweightDir
ectoryAccessProt
ocol
(LDAP)andSecur i
tyAssert
ionMarkupLanguage( SAML),provi
deaccesscontr
ols
forauthenti
catingandauthori
zi
ngusersandent i
tiesandenablingthem t
oconnect
tocomput erresour
ces,suchasdist
ri
butedappli
cationsandwebserv er
s.

Organizati
onsusedif
fer
entaccesscontr
olmodel
sdependingonthei
rcompl
iance
requir
ement sandt
hesecur
it
ylevel
sofinfor
mat
iontechnol
ogy(
IT)t
heyar
etr
yingto
protect.

 Ty
pesofaccesscont
rol

Themai
nmodel
sofaccesscont
rol
aret
hef
oll
owi
ng:

 Mandat
oryaccesscont
rol(
MAC)
.Thi
sisasecur
it
ymodeli
nwhi
chaccess
ri
ghtsareregul
atedbyacent ralaut
horit
ybasedonmul tipl
elevel
sofsecurity.
Often used i
n gover
nmentand mi l
it
aryenvir
onment s,classi
fi
cat
ions are
assignedtosy st
em resourcesandt heoperati
ngsy stem (OS)orsecur it
y
kernel.I
tgrant
sordeni esaccesst othoseresour
ceobj ectsbasedont he
i
nformationsecuri
tycl
earanceoft heuserordev i
ce.Forexampl e,Securit
y
EnhancedLinux(SELi
nux)isani mplementat
ionofMACont heLinuxOS.

 Di
scr
eti
onar
yaccesscont
rol(
DAC)
.Thi
sisanaccesscont
rolmet
hodi
n
whichowner soradministr
ator
softheprot
ectedsyst
em, dat
aorr esourceset
thepoli
ciesdefini
ngwhoorwhati sauthor
izedtoaccesstheresource.Many
ofthesesy stemsenabl eadmini
str
atorst
ol i
mitthepropagati
onofaccess
ri
ghts.Acommoncr i
ti
cism ofDACsystemsisalackofcentr
ali
zedcontrol.

 Rol
e-based access cont
rol(
RBAC)
.Thi
sis a wi
del
yused access cont
rol
mechani sm thatrestr
ictsaccesst ocomput err esourcesbasedoni ndividuals
orgr oupswi thdef i
nedbusi nessf uncti
ons- -e. g.,executi
velevel,engi neer
l
ev el1,etc.--rathert hanthei dentit
iesofi ndividualusers.Ther ole-based
securit
ymodelr el
ies on a compl ex st
ructur e ofr ol
e assignment s,r ole
authorizat
ions and role permissions developed usi ng rol
e engineering t o
regulat
eempl oy
eeaccesst osy stems.RBACsy stemscanbeusedt oenf orce
MACandDACf ramewor ks.

 Rul
e-basedaccesscont
rol
.Thi
sisasecur
it
ymodeli
nwhi
cht
hesy
stem
administ
rat
ordef
inesther ul
esthatgov er
naccesst oresour
ceobjects.Oft
en,
theserul
esarebasedoncondi t
ions,suchast imeofdayorlocati
on.Itisnot
uncommont ousesomef orm ofbothr ul
e-basedaccesscontr
olandRBACt o
enfor
ceaccesspoli
ciesandpr ocedures.

 At
tri
but
e-basedaccesscont
rol(
ABAC)
.Thi
sisamet
hodol
ogyt
hatmanages
accessri
ghtsbyeval
uati
ngasetofr
ules,
pol
ici
esandrelat
ionshi
psusi
ngt
he
att
ri
butesofuser
s,sy
stemsandenvi
ronment
alcondi
ti
ons.
  I
mpl
ement
ingaccesscont
rol

Accesscontroli
sapr ocessthatisi
ntegrat
edintoanorganizat
ion'
sITenv
ironment
.
Itcan invol
vei denti
ty managementand access managementsy st
ems.These
systemsprovideaccesscontrolsof
tware,auserdatabase,andmanagementt ool
s
foraccesscontr
ol pol
i
cies,
audit
ingandenforcement
.

Whenauseri
saddedt oanaccessmanagementsy
stem,syst
em admi
nist
rat
orsuse
anaut
omatedpr
ov i
sioni
ngsy st
em t
osetuppermissi
onsbasedonaccesscontr
ol
fr
amewor
ks,j
obresponsibi
l
iti
esandwor
kfl
ows.

Thebestpr
act
iceofl
eastpr
ivi
l
egerest
rict
saccesst
oonl
yresour
cest
hatempl
oyees
requi
ret
operf
ormthei
rimmediat
ejobfuncti
ons.

 Chal
lengesofaccesscont
rol

Manyofthechal
lengesofaccesscontrolst
em fr
om thehi
ghlydi
str
ibut
ednatur
eof
moder
nI T.I
tisdi f
fi
cul
ttokeept rackofconstant
lyevolvi
ngassetsastheyar e
spr
ead outboth physi
cal
lyand logical
ly.Some speci
fi
c examples i
ncl
ude the
fol
l
owi
ng:

 dynami
cal
l
ymanagi
ngdi
str
ibut
edI
Tenv
ironment
s;

 passwor
dfat
igue;

 compl
i
ancev
isi
bil
i
tyt
hroughconsi
stentr
epor
ti
ng;

 cent
ral
i
zinguserdi
rect
ori
esandav
oidi
ngappl
i
cat
ion-
speci
fi
csi
l
os;
and

 dat
agov
ernanceandv
isi
bil
i
tyt
hroughconsi
stentr
epor
ti
ng.

 Access-
cont
rolpr
obl
ems

Nearlyallaccesscontr
olsandsecur it
ypracti
cescanbeov ercomei ftheattackerhas
physicalaccesst otar
getequipment .Forexampl e,nomat terwhaty ousetaf i
le’
s
permissionsto,theoperati
ngsy stem cannotpreventsomeonef rom by passingthe
operatingsystem andreadi
ngt hedat adir
ectl
yof fthedisk.Topr ot ectthemachi ne
and t he dataitcontains,phy sicalaccess mustbe r estri
cted and encr ypt
ion
techniquesmustbeusedt oprot ectdatafr
om beingstolenorcor rupt ed.