Basic security concepts are the fundamental principles and practices that form the foundation of modern cybersecurity.
Computer Security can be defined as technological and managerial procedures applied to computer systems to ensure the availability, integrity, and confidentiality of the information managed by the computer. It means the protection of Integrity, Availability, and Confidentiality of Computer Assets and Services from associated Threats and vulnerabilities.
There are several types of computer security, including:
- Network security: The protection of computer networks from unauthorized access, theft, and damage.
- Information security: The protection of sensitive information, such as personal data, financial information, and intellectual property, from unauthorized access and theft.
- Application security: The protection of computer applications from security threats, such as malware, hacking, and other types of attacks.
- Operating system security: The protection of computer operating systems from security threats, such as malware, hacking, and other types of attacks.
- Database security: The protection of computer databases from unauthorized access, theft, and damage.
- Endpoint security: The protection of computer endpoints, such as desktop computers, laptops, and mobile devices, from security threats, such as malware, hacking, and other types of attacks.
- Cloud security: The protection of data and resources stored in cloud computing environments from security threats, such as hacking, data breaches, and other types of attacks.
Each type of computer security is designed to address specific security threats and risks, and organizations and individuals need to understand the different types of computer security and implement appropriate security measures to protect their computer systems and networks.
Goals of Computer Security
The CIA triad is a model for understanding the three main goals of computer security, which are Confidentiality, Integrity, and Availability.
Relationship between Confidentiality, Integrity, and Availability |
Integrity
Integrity refers to the protection of data and systems from unauthorized modification, tampering, or corruption. Ensuring data integrity helps to maintain the accuracy and consistency of information, and it is crucial for maintaining trust in computer systems and networks.
An example of integrity in computer security is data hashing. Data hashing is a technique used to create a unique digital signature for data, which can be used to detect any unauthorized changes to the data. For example, if a user downloads a file from the Internet, a data hash can be generated for the file, and the hash can be used to verify the integrity of the file at a later time.
Confidentiality
Confidentiality refers to the protection of sensitive information from unauthorized access and disclosure. Confidentiality is crucial for protecting sensitive information such as personal data, financial information, and trade secrets.
An example of confidentiality in computer security is encryption. Encryption is a technique used to scramble sensitive information so that it cannot be read by unauthorized individuals. For example, when a user sends an email containing sensitive information, the email can be encrypted to ensure that the information remains confidential, even if the email is intercepted by an unauthorized individual.
Availability
Availability refers to ensuring that authorized users have access to the information and resources they need when they need them. Ensuring system availability helps to ensure that critical business processes can continue uninterrupted, and it is crucial for the functioning of many organizations.
An example of availability in computer security is disaster recovery planning. Disaster recovery planning is the process of developing a plan to restore systems and data after a disaster, such as a fire, flood, or cyberattack. For example, if a company's main data center is destroyed in a fire, the company can implement its disaster recovery plan to restore systems and data as quickly as possible, ensuring that the company can continue to operate with minimal disruption.
These are just a few examples of how the CIA triad can be understood and implemented in computer security. By focusing on the three main goals of confidentiality, integrity, and availability, organizations and individuals can help to ensure that their sensitive information and resources are protected against a wide range of security threats and risks.
Although the use of CIA-Triad to define security objectives is well established, there are additional concepts that are important to learn and understand which make the complete picture, they are Authentication, Authorization, and non-repudiation, Incident response. Understanding each of the six concepts will help to implement robust security mechanisms.
Authentication
The process of verifying the identity of a user, device, or service before granting access to resources or information. The primary goal is to focus the information on being genuine and the source of the message for any security system. This means that users are who they say and every piece of information came from a trusted source.
Nowadays we have seen Authentication system requires more than one factor of authentication, it is called Multifactor Authentication.
A password is required to combine with a Fingerprint or retina scan or voice verification and PIN (Personal Identification Number), as it is useful in validating the user (owner of the fingerprint) and PIN number (something that the user knows).
Authorization
Authorization is the process of granting or denying access to resources or actions based on a set of rules or policies. Authorization is an important aspect of computer security, as it helps to ensure that only authorized users can access sensitive information and resources.
Authorization is typically based on authentication, which is the process of verifying a user's identity. Once a user's identity has been authenticated, authorization can be used to determine what resources and actions the user is allowed to access. For example, a user may be authenticated as an employee of a company, but authorization may be used to determine that the user is only allowed to access certain files or systems, and not others.
Non-repudiation
Non-repudiation is a security concept that refers to the assurance that a sender of information or a performer of an action cannot deny that they performed the action. Non-repudiation provides evidence that the sender or performer was responsible for the action, and helps to prevent disputes over the authenticity or validity of the information or action.
Here's an example of how non-repudiation works:
- Alice wants to send Bob a secure message. She uses digital signatures to sign the message, which is a technique for providing a digital "stamp" that verifies that the message came from her and has not been altered.
- Bob receives the message and verifies the digital signature using Alice's public key. This confirms that the message came from Alice and has not been altered in transit.
- If Bob later claims that he did not receive the message or that the message was altered, Alice can use the digital signature as proof that she sent the message and that it was not altered.
- The digital signature provides non-repudiation, as it makes it difficult for Alice to deny that she sent the message. This helps to prevent disputes and provides a clear chain of evidence in case of any legal or security issues.
Incident response
Incident response is the process of detecting, analyzing, and mitigating security incidents in a computer system. The goal of incident response is to minimize the impact of a security incident and to restore normal operations as quickly as possible.
Here's an example of how incident response might work:- A security incident is detected, such as a malware infection or unauthorized access to a system.
- The incident response team is notified and begins to gather information about the incident, such as the type of incident, the systems and data that are affected, and the potential impact on the organization.
- The incident response team assesses the situation and decides on the best course of action to contain the incident and prevent further damage. For example, the team may isolate the affected systems, shut down network access, or quarantine files to prevent the spread of malware.
- The incident response team investigates the incident to determine the root cause and to identify any additional systems or data that may be affected.
- The incident response team implements a remediation plan to clean up any malware or other security threats and to restore normal operations.
- After the incident has been resolved, the incident response team conducts a post-incident review to evaluate the effectiveness of the response and to identify areas for improvement.
To meet such requirements, systems normally rely on asymmetric cryptography or public key cryptography. While symmetric key systems use a single key to encrypt and decrypt the data. Asymmetric cryptography uses one key(private) for signing the data and another key(public) for verifying the data.