THE
CYBER
SECURITY
MINDSET
A VIRTUAL AND
TRANSFORMATIONAL
THINKING MODE
DEWAYNE HART
The Cybersecurity Mindset:
A Virtual and Transformational Thinking Mode
by Dewayne Hart
Copyright 2022 Dewayne Hart
ISBN 978-1-64663-587-0
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any meanselectronic, mechanical, photocopy, recording, or any otherexcept for brief quotations in printed reviews, without the prior written permission of the author.
Review Copy: This is an advanced printing subject to corrections and revisions.
Published by
3705 Shore Drive
Virginia Beach, VA 23455
- - 4811
www.koehlerbooks.com
Table of Contents
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
INTRODUCTION
HOW DID WE GET HERE?
Todays technology has survived many milestones and challenges. In the 1980s, IBM created the first personal computer during the microcomputer revolution. Before this era, mainframe computers only supported data manipulation. The IBM Model number 5150 surfaced on August 12, 1981, and created a new technology environment. During the same period, the UK introduced the Sinclair Zx81 computer, and Microsoft channeled the market with MS-DOS as the premier operating system supporting IBM-PC compatible computers. According to Microsoft, in 1994, MS-DOS was operating on 100 million computers worldwide.
In 1995, I started my post-sea-duty career or shore-duty at MacDill AFB, which was where the experience and exposure to the PC market surfaced. From 1995 to 2000, Microsoft software products and technology controlled the IT market. Many government agencies transitioned to newer technologies that were Windows-based. The internet began to surface during this trend, and as an IT professional, my technology engagement advanced. The internet became a viable source for linking these computers and a vehicle to support data transactions and multiple communication technologiessuch as cell phones, modems, and military tactical systems.
In 1995, Wells Fargo became the first US bank to offer online banking, with other banks quickly following suit. Here is where my professional career in technology and security surfaced. I remember speaking to several military friends about securing data and protection standards and how computer viruses would dominate data protection and internet safety. Since the concept was new and far from a concern, I visualized technology encountering many challenges; today, professionals are multi-challenged to defend and protect systems.
From the early 2000s to 2010, I saw many organizations develop data protection standards. This massive growth onboarded a new culture and supporting technologies, and cybersecurity became a premier concern for IT managers. Organizations integrated safe practices to protect data and monetary loss. The online banking industry exploded, and so did social mediaFacebook, Instagram, and Twitter. The industry saturated the market and created a chain of protection standards, frameworks, and social-behavioral issues. The result forced technology to grasp more understanding and meaning for security.
IT Security 101
The three pillars of IT security are Confidentiality, Integrity, and Availabilitycommonly called the CIA. Confidentiality is a principle that describes a need-to-know basis. For instance, not everyone should have access to your bank account. Thats why access requires a separate username. The creation of shared accounts can break the confidentiality scheme. Integrity is defined as free from modification. That means data transmitted and received should mirror the same format. If you transfer $1,000 to your significant other for Valentines Day, their account should increase by $1,000, not by $10,000. Of course, they may like the digitsbut sorry for you! You cannot take it back. Here is where integrity comes active. Our last principle is availability. Availability ensures that resources are available, such as a secure communication channel when executing the banking transfer, and your passwords are encrypted. Encryption enables confidentiality. Its a secret representation of your password. When you type a password such as SDER%$&JHV) *;jh, it is converted into a possible 1,024 character with unique codes. Lets not get too technicalbut you see the point. There are various forms of availability, such as logging onto a system during specific periods. Some key areas are uptime, storage access, or accessing social media sites.
In the realm of IT, security vulnerabilities and threats exist. A vulnerability is a weakness or loophole, such as a password structure. If an organization requires employee accounts to use fifteen-character passwords, and a user can successfully create a four-digit passwordthats a vulnerability. Threats exploit vulnerabilitiesthis would be a hacker (threat agent). The hacker could have prior knowledge of the password complexity requirements and gain access to confidential informationsuch as an employee email message: I have a four-character password!
IT systems utilize logical rules to counter the risk, such as a fifteen-character password. A hacker can use various password-guessing methodologies. One is to execute a dictionary attack by generating common dictionary words using hacking tools. If the device matches whats on the system, users gain access! Another method is called a brute force attack, which requires a combination of different characters. It executes through utilizing a hacking program! Risk is the probability of occurrence that vulnerabilities or threats will exist. A professional security role is to minimize risk to an acceptable level, a function of risk management. Learning Point: Threat X Vulnerabilities = Risks.
Human Interaction and Cybersecurity
Historically, culture and technology have evolved into single entities and created environments where humans, culture, and technology interact. Humans are the end users that utilize technology. Culture identifies the social behavior and norms found in human groups and societies . These groups instill practices, influence ideas, hold unique verbal languages or perceptions, and promote management strategies to navigate technology.
Technology encompasses technical resources to perform professional or personal taskssuch as projects, online banking, educational, or entertainment activities. Through cultural practices and organizational standards, humans may interact differently and use different technical approaches. For instance, Company A may operate a cybersecurity culture as the premier practicewhile Company B may work cybersecurity as a program, which demonstrates the culture approach, decisions, and work-related tasks perform differently.
While working on various federal and DoD projects, I noticed that IT and non-IT personnel would disclaim cybersecurity. To further complicate the issue, the integration and practices were defined as a dark society. Was this the culture of choice? Often, we would have security awareness training, but to embrace security as a culture was of no concern. Could this be a result of compliance serving more importance than risk?