IT-Security
Protection of information which can be stored and processed in IT
systems
Cybersecurity
Protection of information which can be stored and processed in IT systems
connected to the Internet or similar networks
Information Security
Protection of information which can be stored and processed on paper, in
heads or IT and communication systems
Classes of sensitive information
Any information that can be used to positively identify an individual
Name, birthday, credit card numbers, address information (street, email, phone numbers) etc.
A subset of PII
Creates and maintains electronic medical records (EMRs)
Regulated by Health Insurance Portability and Accountability Act (HIPAA)
Security Goals
The practice of keeping secrets, maintaining privacy, or concealing
valuables
The integrity of the data is the fact that the data has not been modified in an
unauthorized fashion or from unauthorized parties
Information, resources, or services must be available whenever legitimate
parties need them
Layered Defense
Implement multiple layers of security controls, such as firewalls, intrusion
detection systems, and encryption, to provide a comprehensive defense against
various attack vectors.
Least Privilege/Need-to-know
Limit/Control user and system access to only the resources and data
necessary to perform their tasks. This minimizes potential damage if a breach
occurs
Separation/Rotation of Duty
Divide responsibilities, no single person or entity can carry out a
potentially harmful action without the involvement or oversight of others.
Periodically rotating employees through different roles, the organization aims to
prevent any single individual from gaining prolonged and exclusive access
to critical processes, systems, or sensitive information
Defense in Depth
Use a combination of security measures at different layers (network,
application, data) to provide redundant protection even if one layer is
compromised
Patch Management
Regularly update and patch software, operating systems, and applications
to address known vulnerabilities and reduce the risk of exploitation
Access Control
Implement strict access controls, authentication, and authorization
mechanisms to ensure that only authorized users can access sensitive
resources
Strong Authentication
Require multifactor authentication (MFA) or two-factor authentication (2FA)
to add an extra layer of security beyond just passwords
Encryption
Encrypt data in transit (e.g., using HTTPS), data at rest (e.g., full disk
encryption), data in use (e.g., using FHE) to protect information from
unauthorized access
Auditing and Monitoring
Maintain logs and implement real-time monitoring to detect and respond to
unusual activities and security incidents
Incident Response
Develop and practice a well-defined incident response plan to effectively
manage and mitigate the impact of security incidents
User Education
Provide cybersecurity awareness training to users, helping them recognize
phishing attempts, social engineering, and other common attack methods
Vendor Risk Management
Evaluate the security practices of third-party vendors and partners to
ensure they meet your organization's security standards
Data Backup and Recovery
Regularly back up critical data and systems to enable recovery in case of
data loss or system compromise
Secure Development
Follow secure coding practices during application development to prevent
common vulnerabilities like SQL injection and cross-site scripting (XSS)
Network Segmentation
Divide networks into segments with limited communication between them,
reducing the potential for lateral movement by attackers
Continuous Improvement
Regularly assess and update your cybersecurity measures based on
emerging threats, vulnerabilities, and best practices
Security Policy
A statement of what is, and what is not allowed
Security Mechanism
A method, tool, or procedure for enforcing a security policy.
A security mechanism is secure if R
⊆ Q; it is precise if R = Q; and it is broad
if there are states r such that r ∈ R and r ∉ Q.
S := set of all possible states
Q := set of secure states as specified by the security policy
R := set of states enforced by the security mechanism
Weakness/Flaw
A state from which an IT system can become vulnerable
Vulnerablity
A weakness/flaw through which the security mechanisms of the IT system
can be circumvented, deceived or modified without authorization
Threat
A potential violation of security policies which can be caused by one or
more vulnerabilities
Where do threats originate from?
accidentally or intentionally from an internal user, such as an employee or contract partner
Have the potential to cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices. Internal attackers typically have knowledge of the corporate network, its’ resources, and its’ confidential data. They may also have knowledge of security countermeasures, policies and higher levels of administrative privileges
External threats from amateurs or skilled attackers can exploit vulnerabilities in networked devices, or can use social engineering, such as phishing, to gain access.
External attacks exploit weaknesses or vulnerabilities to gain access to internal resources
Risk
The probability of occurrence of a damage event and the potential amount
of damage that is related to a threat
Exploit
A method, procedure, or programming code used to violate security
policies by means of one or more vulnerabilities
Attacks
Passive or active actions that can violate security policies
Attacker
Those who perform or cause actions that violate security policies
Identification
Provisioning of a unique identity and their characteristic properties of a
subject or an object
Authentication
Verifying whether a provisioned unique identify matches its characteristic
properties
Authorization
Verifying, if a subject is entitled to access an object
Access Rights
Permissions of subject to access an object
Last changed12 days ago