Cyber Security Objectives and Services

Ad

Mapping of Attack Categories to Security Objectives/Services

Incident	A Generalized View	Category of Attack	Objective or Service Violated
The hacker got access to the bank's database server which resulted in leak of sensitive information of its customers	Personal data leak	Information disclosure	Confidentiality
The hacker updated the phone number of few customers	Unauthorized alteration of personal data	Tampering	Integrity
The hacker then flooded the website with fake traffic thereby bringing the application and the database server down. The customers as well as the application team were unable to access the website	Website made unavailable for legitimate users	Denial of Service	Availability
The default password of a default user account (that gets created during server installation) was never changed, aiding the hacker to login to the database as this user	Attacker pretends to be an authentic user (impersonation)	Spoofing	Authentication
Before updating the phone number the privilege of the default user account was not verified	A user performs an action due to excess privilege	Elevation of privilege	Authorization
The insider (Bank Teller) executes some unauthorized fund transfers and later denies these fund transfers	Bank needs to verify if the Bank Teller is falsely denying the action (repudiation)	Repudiation	Accounting

Definition of Security Objectives and Services

Each of these attacks violate a specific desired property of security. These properties are termed as security objectives. Security objectives are also known as security goals, characteristics of information, and information systems.

Three Standard Pillars of Cyber Security

• Confidentiality: Ensures that data remains private and confidential, and should not be viewed by unauthorized people through any means.
• Integrity: Assures that data is protected from accidental or any deliberate modification.
• Availability: Ensures timely and reliable access to information and its use.

These three principles are together called the CIA (Confidentiality, Integrity, and Availability) triad. An alternate way of referring to CIA is through DAD (Disclosure, Alteration, and Denial) triad.

AAA (Authentication, Authorization, and Accounting) Services

There are three more important concepts in information security to support these pillars known as AAA (Authentication, Authorization, and Accounting) services. These services are used to support the CIA principles.

• Authentication: Verifying an identity.
• Authorization: Determining whether a particular user is allowed to access a particular resource or function.
• Accounting (Non-repudiation): Includes two components - auditing and non-repudiation.
• Auditing: Recording a log of activities of a user in a system.
• Accounting: Reviewing the log file to check for violations and hold users answerable to their actions. It includes non-repudiation.

Cybersecurity Terminology

In addition to the CIA Objectives and AAA services, it's essential to understand some commonly referenced terms in the field of cybersecurity.

Asset

An asset is anything valuable to an individual or organization. This includes computing devices, IT systems, networks, software, virtual computing platforms (common in cloud and virtualized environments), and related hardware such as locks, cabinets, and keyboards.

Information Asset

Information or data that holds economic value for an organization is known as an information asset. Characteristics include:

• It is part of the organization's identity.
• It may be highly confidential or top secret.
• It can include details about people, procedures, software, hardware, and networking elements.

Examples: Confidential emails, identity information, system data, bank transactions, newly developed project designs, etc.

Vulnerability

A vulnerability is a flaw or weakness in security procedures, design, implementation, or internal controls that could result in a security breach.

Examples: Software bugs, inefficient controls, hardware flaws, human errors.

Exploit

An exploit is a piece of software or a series of commands that takes advantage of a vulnerability to cause unintended behavior in computer software or hardware.

Examples: Computer viruses, malware, server request flooding by bots.

Threat

A threat is any potential danger associated with the exploitation of a vulnerability. It represents an undesirable event that can affect assets.

Example: An organization using a Windows OS was targeted and blocked until a ransom was paid. The threat here is the potential data leak.

Threat Agent

A threat agent is an individual or group that can pose a threat. It is crucial to identify who might want to exploit the organization's assets, their capabilities, and intentions.

Formula: Threat Agent = Capabilities + Intentions + Past Activities

Example: The hacker in the above example is the threat agent.

Risk

Risk is the likelihood of a threat agent exploiting a particular vulnerability and the resulting impact on the organization.

Formula: Risk = Likelihood * Impact

• Likelihood: The probability of the threat occurring.
• Impact: The magnitude of harm caused by the threat, which can be business or technical.

Risk assessment is crucial for estimating potential impacts on the organization and prioritizing security enhancements. Some industry standards and government regulations mandate risk calculation.

Attack Vectors

Attack vectors are the various paths attackers can use to harm a business through its applications. These paths represent potential risks that may vary in severity.

Paths can be easy or hard to exploit, and the consequences can range from minor to severe.

Controls

Controls are measures taken to protect assets from risks. For instance, applying the latest Microsoft patches could have prevented the WannaCry ransomware attack on systems running Windows OS.

In today's digital world, most communications occur over the internet, including critical transactions like online shopping and financial exchanges. With the proliferation of the Internet of Things (IoT), cybersecurity is essential to protect against viruses, malware, and data theft. Understanding and applying the principles of CIA (Confidentiality, Integrity, Availability) and AAA (Authentication, Authorization, Accounting) is crucial in designing, coding, and testing secure applications.

Ad