Skip to main content

Cyber Security 101 - Basic principles

CYBER SECURITY 101

With changes in technology and everyone connected digitally often create a havoc thought of privacy and security, often termed as Cyber Security.

Do's and Don'ts  -  Wants and Needs, often dictates our choices of selection. But before we go deeper in discussion , let's talk Security at basic level to better understand it.

Here are basic principles which can help understand security  for better designed solutions for physical or  cyber security needs.

1) Security Vs Convenience  : It's usual that higher the level of security is create lower the convenience level it creates for user in order to safely go through all layers of security. Ease to access means limited security for user as well as intruder. Choosing the balance wisely with needs and requirements is essential.

2) Security is continuous process : Issues can be fixed and resolved to mitigate the risk but there's always be new avenues of exposure and it's impossible to eliminate all risks. Establishing a best security policy, analyzing risks and fixing any realized issues.

3) Risk formula : The level of risk can be understood using simple equation : 
                            [ Risk = Impact  X Probability ] 
If a cause has higher impact or higher probability or both, then it has higher risk factor.

4) Cost vs Cause : Not all risks needs to be mitigated because cost vs cause factor dictates this choice. If cost of execution for a security need is significantly higher than preventing content, it may not be advisable to spent on that cause.

5) Security is a 2-way road : Often misconception is that security is about building walls and closing plugs that no unauthorized access can happen but security is more than that. It's also about making it strong inside that unwanted information do not get released by error or unknowingly  a window or door left open  or hole got created while in process. Security is about preventing from intrusion and limiting error exposure.

6) Irrelevant  ROI : When comes to expenses for security, calculating Return Of Investment(ROI) is often irrelevant as the benefits always doesn't translate directly in to monetary  but into peace of mind.

7) CIA Triad : An industry accepted model for securing systems(data). Where CIA stands for - Confidentiality, Integrity, Availability

8) Security methods Categorization :  Prevention ( stop unexpected activity before it happens ) , Detection (Monitor, observe and detect any unusual activity ) and Deterrents ( Counter response any unusual activity )

9) Fail Safe : Despite all efforts there's always an avenue of chances which can cause security to fall, so it's essential to know the range and extension security design to better understand how much it can withstand. It's better if you know what it takes or what could cause security breach so you can can fix and update before someone else does.

10) Layers and Privileges : More the layer, stronger the system and less prone for breach but often by simply limited the privileges to limited audience as well sun dividing what can be accessed and how it's access can also reduces risk of errors which can compromise integrity. 

This simple and basic principles can help you plan and design complex and robust solution for cyber security needs.

Learn more about evaluating you digital platform, servers, websites and online contents for threat analysis, security and risk analysis to prevent and deter possible intrusions. Contact Estiopi Cybersafe a partnered solution provider for Solnet Canada

Comments

Popular posts from this blog

CE Code Handbook for Fiber Optic Cable

In CE Code handbook, installation of fiber optic cable in same vicinity of electrical cables has be discussed. Section 56 is intended to ensure that optical fiber cables installed adjacent to, or in the same raceway and enclosures as, component of electrical systems do not pose, or contribute, to a fire or shock Section 56 – Optical Fiber Cables Rule 56-000 Scope Section 56 includes additional and specific requirements for the installation of optical fibre cable adjacent to electrical conductors or electrical system equipment. These optical fiber cables are used for control, signalling and communications functions that are generally performed by electrical conductors. The optical fibers transmit modulated light patterns that are encoded and decoded by terminal equipment. They do not transmit electrical voltages or currents, nor are they affected by electrical contact or induction. Shock and fire hazards, however, can arise from following: 1) The type of optical fib...

Work from Home and Remote Access for Small Business

  Work from Home and Remote Access for Small Business   This pandemic has taught us many things and one of those things includes being flexible and adaptable in business. Not all business has opportunities to be completely flexible and adaptable according to business situations but all business has certain avenues to do so. Adaptability can be seen as being lean in operations, reduce overhead costs, revisiting technology and recurring expenses, offering employee flexibility, entering into online marketplace, creating digital presence and marketing, reducing maintenance costs are to name a few. If researched properly, many businesses needs just few small steps can help cover the basics and make business more flexible to be adaptable. Every business is different with varying scope of changes. Many businesses which are office based, who share common space and technology to perform day to day tasks. A work from home setup is very fruitful for those businesses as it allows ...

Acronym for Network System, interconnection and cabling

Common Acronym used for  Network System, Interconnection and Cabling ACL : Access Control List ADSL : Asymmetric Digital Subscriber Line AES : Advanced Encryption Statndard AP : Access Point ARIN : American Registry for Internet Numbers ARP : Address Resolution Protocol ATM : Asynchronous Transfer Mode BERT : Bit-Error Rate Test BGP : Border Gateway Protocol BLE : Bluetooth Low Energy CaaS : Communication as a Service CAN : Campus Area Network CASB : Cloud Access Security Broker CAT : Category CCTV : Closed Circuit Television CDMA : Code Division Multiple Access CoS : Class of Service CPU : Central Processing Unit CRC : Cyclic Redundancy Check dB : Decibel DHCP : Dynamic Host Configuration Protocol DLC : Data Link Control DLP : Data Loss Prevention DMZ : Demilitarized Zone DNS : Domain Name Service/Server/System DOCSIS : Data-Over-Cable Service Interface Specification DSL : Digital Subscriber Line E1 : E-carrier level 1 E...