Skip to main content

Security Introduction

Security Introduction Facts

Security is an ongoing process that includes assessing requirements, setting up organizational security systems, hardening and monitoring those systems, responding to attacks in progress, and deterring attackers. If you can summarize the fundamental concepts that underpin security functions, you can contribute more effectively to a security team. You must also be able to explain the importance of compliance factors and best practice frameworks in driving the selection of security controls and how departments, units, and professional roles within different types of organizations implement the security function.

Security Challenges

Sophisticated attacks Sophisticated attacks are complex, making them difficult to detect and thwart. Sophisticated attacks:

  • Use common internet tools and protocols, making it difficult to distinguish an attack from legitimate traffic.
  • Vary their behavior, making the same attack appear differently each time.

Proliferation of attack software A wide variety of attack tools are available on the internet, allowing anyone with a moderate level of technical knowledge to download the tools and run an attack.

Attack scale and velocity The scale and velocity of an attack can grow to millions of computers in a matter of minutes or days due to its ability to proliferate on the internet. Because modern attacks are not limited to user interactions, such as using a floppy disk to spread an attack from machine to machine, the attacks often affect very large numbers of computers in a relatively short amount of time.

Security Control Types

Information security and cybersecurity assurance are met by implementing security controls. By identifying basic security control types, you will be better prepared to select and implement the most appropriate controls for a given scenario.

All controls are designed to fulfill three main goals: confidentiality, integrity, and availability.

  • Confidentiality ensures that data is not disclosed to unauthorized persons.
  • Integrity ensures that data is not modified or tampered with.
  • Availability ensures the data is available when needed.

Security controls can be classified in different ways to fulfill the goals of your organization.

  • Controls can be classified based on the way they are implemented. This includes oversight or managerial controls, operational controls that rely on people, technical or system-based controls, and, finally, non-technical physical controls such as alarms, locks, cameras, etc.
  • Another method is to classify controls by the goal or function they perform. This involves controls that prevent attacks before they happen, detect attacks when they occur, and help correct and restore damage caused by attacks.
  • Finally, there are controls to cover additional areas such as employee expectations, policies, and employment or disciplinary procedures. Other controls may not actually do anything but are designed to deter malicious actions. There are also times when standards or legal requirements mandate controls that should be used. If it is not possible to implement, an organization can sometimes replace that control with a replacement option that is as good or better than the original.

Security Roles and Responsibilities

You should also be able to describe how specific job roles and organizational structures can implement a comprehensive security program for organizations. IT professionals working in a role with security responsibilities must be competent in a wide range of disciplines, from network and application design to procurement and human resources (HR). The following activities might be typical of such a role:

  • Participate in risk assessments and testing of security systems and make recommendations.
  • Specify, source, install, and configure secure devices and software.
  • Set up and maintain document access control and user privilege profiles.
  • Monitor audit logs, review user privileges, and document access controls.
  • Manage security-related incident response and reporting.
  • Create and test business continuity and disaster recovery plans and procedures.
  • Participate in security training and education programs.

The following units are often used to represent the security function within the organizational hierarchy.

A security operations center (SOC) is a location where security professionals monitor and protect critical information assets across other business functions, such as finance, operations, sales/marketing, etc. Because SOCs can be difficult to establish, maintain, and finance, they are usually employed by larger corporations, like a government agency or a healthcare company.

Network operations and cloud computing make ever-increasing use of automation through software code. Traditionally, software code would be the responsibility of a programming or development team. Separate development and operations departments or teams can lead to silos, where each team does not work effectively with the other.

Development and operations (DevOps) is a cultural shift within an organization to encourage much more collaboration between developers and systems administrators. By creating a highly orchestrated environment, IT personnel and developers can build, test, and release software faster and more reliably. DevSecOps extends the boundary to security specialists and personnel, reflecting the principle that security is a primary consideration at every stage of software development and deployment. This is also known as shift left, meaning that security considerations need to be made during requirements and planning phases, not grafted on at the end. The principle of DevSecOps recognizes this and shows that security expertise must be embedded into any development project. Ancillary to this is the recognition that security operations can be conceived of as software development projects. Security tools can be automated through code. Consequently, security operations need to take on developer expertise to improve detection and monitoring.

A dedicated computer incident response team (CIRT)/computer security incident response team (CSIRT)/computer emergency response team (CERT) is a single point of contact for the notification of security incidents. This function might be handled by the SOC, or it might be established as an independent business unit.