Security Series #1: Principles of Cyber Security

Today I’m starting a series of blog posts on cyber security. Before getting to various topics, I thought it could be useful to remind everyone some of the security principles that are the most useful to help you achieve a higher level of security, whichever technology you’re going to use.

Core attributes of cyber security: confidentiality, integrity, availability

First, cyber security has 3 core attributes whose initials form the CIA acronym:

  • Confidentiality: keeping secrets secret
  • Integrity: maintaining the accuracy and consistency of data and not allowing unauthorized people to modify data and systems
  • Availability: making sure data and systems are available when you need them

A note on confidentiality: maintaining confidentiality is an interesting challenge today if you consider the wide use of social networks where employees have leaked information directly or indirectly about their organization (think about these companies under attack where employees tweeted en masse that their PC was not working anymore; it was easy to deduce that an attack had occurred). Add on top of that the existence of WikiLeaks and you will probably agree with me that confidentiality is harder today.

How do you achieve cyber security?

Well, before answering that questions, please take a look at this picture.

clip_image002[4]

If you wonder what the sentence written on the door means, here is the translation: THIS DOOR MUST ALWAYS BE KEPT CLOSED.

Now, imagine that you are trying to protect something valuable which is inside that building… and answer those questions:

  • Is your valuable asset well protected?
  • How can you improve your protection?
  • If I change the door with a bigger door with several locks, will my security increase significantly?

Did you answer the questions? Please do before reading below.

OK.
So you probably have realized that leaving this door open is exposing your valuable asset. Also changing the door with a stronger door is not going to fix anything as the issue here is that the door is not closed, not the door itself.
If you look carefully you will see that the door is equipped with a mechanism to close it automatically, which fails because of a diet cola can being put between the door and the ground… This shows that someone knew people could go through the door and not close it. So they added more technologies which was not useful as one person put the can and made the entire system fail…

 

Security is a combination of People, Processes, and Technologies

So, in order to achieve security we need to combine 3 key elements:

  • People
  • Processes
  • Technologies

The most important part is probably the processes: being organized for security, having rules and procedures (‘this door should be closed at all times’).

Then comes people: making them aware of the risks, the importance of following rules and applying processes (‘this building hosts valuable assets that people entering the building could steal, read the signs asking you to close the door, close the door, don’t block the door…’)

And finally, probably the least important yet required ingredient to our recipe is technologies. Technologies are changing every day so probably the safest long term investment in terms of cyber security is in the processes and people dimensions. Then you should support them by applying the right technologies du jour.

So coming back to cyber security what do processes, people and technologies really mean? Here are some examples:

  • Processes: risk management, update management, configuration management…
  • People: employees, contractors, administrators (and high privileges accounts owners), developers (who can introduce vulnerabilities in their applications), users, insiders…
  • Technologies: not only security technologies like firewalls, antimalware, security updates management solutions, IPS, IDS, SIEM… but also any technology you’re using has to be resistant to attacks