Security Essay

 Security essay 

 

Why is CIA Important? 

CIA stands for confidentiality, integrity and availability. It relates to how data and information should be managed and stored within an organisation. The CIA triad was created to keep data consistent and available: 

    • Confidentiality – this relates to how data should be kept private. Sensitive information such as payment information, passwords, house addresses, etc... should be kept confidential. The Data Protection Act of 2018 enforces the confidentiality of stored information. 
    • Integrity – this relates to the consistency and accuracy of the data. Data stored and managed should not be altered as to keep the data trustworthy and accurate to the original provider/source. 
    • Availability – this relates to how information should be kept available for reading by authorised people. Data availability is essential to a company’s transparency and trustworthiness. 

 

Common Network Vulnerabilities 

Network vulnerabilities can come from lots of sources. Some common ones are insider threats, malware, outdated software and hackers. 

    • Insider threats – An insider threat is a vulnerability that comes from within the organisation’s network. Most of the time, people who cause insider threats don’t have malicious intent and are causing vulnerabilities accidentally. This could be things such as falling for social engineering attacks, inserting malicious drives into their computer, downloading malware and keyloggers, and opening unsecure attachments. To mitigate insider threats, employees should be educated upon how to spot and deal with social engineering attacks. The company should also create policies such as BYOD (bring your own device) which mitigates the risks given when an employee wants to use their own device on the company’s network. 
    • Malware – Malware is software created by a hacker to carry out malicious actions on a computer. There are many different types of malware ranging from stealthy to blatant and vary on effectiveness. Some stealthy malware could include spyware and keyloggers which is where the victim’s actions are logged and sent to the hacker to steal sensitive information like passwords. Some blatant malware could include ransomware where files are encrypted on the victim’s machine and a payment is required to decrypt those files. To combat this, companies should implement strong anti-malware software to scan the network for malicious files and executables. This will help protect the organisation from getting data stolen by malware. They could also implement employee education to educate the employees about malware and how to spot it. 
    • Outdated software – Outdated software causes a threat to businesses as it can contain unpatched vulnerabilities and bugs hackers can use to exploit the network. To combat this, software should be kept up to date and set to notify network administrators when a new update is made available. 
    • Hackers – Hackers are one of the biggest threats to information security. “Hackers” is an umbrella term for people who cause harm and break into networks and systems. A black hat hacker is someone who breaks into the network with malicious intent such as to steal or leak data. A white hat hacker (sometimes known as an ethical hacker) is hired by the business to break into their own systems to check for vulnerabilities which can be patched to stop black hat hackers. A grey hat hacker is somewhere in the middle, where they would hack a business without consent but, they would tell the business where the vulnerabilities were usually for a fee. To combat hackers, businesses can hire penetration testers to test and secure their systems. They may also create honeypots to lure hackers in and catch them in the act. 

 

Network Segmentation 

Network segmentation is the act of dividing a computer network down into smaller parts which are easier to manage and secure. Being able to segment a network brings forth lots of benefits such as being able to monitor each individual part more closely. This helps the business fix vulnerabilities as it narrows down where they are located. Network segmentation also allows network administrators to set permissions for groups on the network, known as access controls. These permissions can block certain groups from accessing resources they won't need, for example the IT team may need access to the servers whilst the marketing team won’t. This helps keep the business more secure. 

 

 

 

IDS and IPS 

An IDS (intrusion detection system) is a feature of a network to detect when an intrusion occurs. Once it has positively detected an intrusion, it will send a report to the network administrator containing details of the intrusion, where it happened and when it happened. The network administrator will then fix the vulnerability mentioned by the report to secure the network from further intrusions. An IPS (intrusion prevention system) works the same way however, when it finds an intrusion in the network, it will act upon it to isolate and eliminate the threat. IDS and IPS can either be hardware or software based and are essential in securing a network from intrusions and vulnerabilities. 

 

 

 

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 3 GUIDE

Image
  OSA Assignment 1 – Task 3 Guide     Exam parameters   Time length – 5 hours (2x 2 ½ sessions)   Marks available – 28     Task 3: Design – Communication Equipment   In this task you are required to submit :   A technical proposal covering the switches, wireless infrastructure and specifications   Justification of planned network architecture and considerations for security, resilience, performance and redundancy   Evidence print screens   Annotated floor plan/network diagram     Technical Proposal   The technical proposal in task 3 follows a similar format as task 2. It's another large document detailing the requirements and recommendations for the company. In task 3, however , it should discuss communication and other digital equipment such as switches, CCTV and APs.   You should recommend multiple hardware solutions and justify between them.   Here are some examples of tables and information ...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more