Contents
Copyright 2020.DR.PATRICK JEFF
All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law.
What I Cbrurt?
In short, brurt xtl wht t sounds like. A Chr Clmn, president of Wz U, sums t u, brurt th rt f protecting ltrn data, ntwrk, mutr tm, nd thr confidential nfrmtn.
Sfll, this content nd to b protected frm br-ttkr. Th gl f brttk typically to btg bun r, xtrt mn frm ur, r , tl, or dtr ntv information.
Wh Cbrurt Imrtnt?
Cbrurt mttr for vrn frm gvrnmnt nd lrg companies to mll bun wnr, employees, and vn ndvdul t hm.
W lv n a wrld f unrdntd nntdn. Every r w more vrd devices nntd to th Intrnt. At the same time, nrl every rt f our lives r trkd ltrnll. This includes all of ur hlth rrd, financial information, power numtn, wht we wr, whn w get hm, where w trvl and whn t. Wth the rght dt, mhn n buld rfl that undrtnd u bttr than w undrtnd ourselves.
Th undrln the importance f ndvdul knwldg nd tn. Yur dt is rd mr places than vr, nd t u t u to rtt t. Yu need t tk untblt fr knwng whr u share your dt, undrtndng th mltn of tht hrng, nd tkng vr t u n t mng th rk for urlf.
Fr mn, brttk are increasingly mmn and tl. Grtnr rrt tht enterprises are xtd to spend uwrd f $1.7 blln glbll n cybersecurity in 2020, n increase f 10.7% frm 2019.
Thr n xldng numbr f unmngd nd unrttd IT [Internet of Thng] dv n u wthn mn, so th ttk lnd grwng xnntll. Cbrrmnl and ntn tt r targeting IT due t the lack f urt bult into th dv. Ive seen vndng mhn dng dt exfiltration. We saw IT ttk up 300% in th first rt of 2018.
Bu brttk hv the potential to rl bun, companies are recognizing th nd to make brurt training nd hiring a rrt. In the past vrl r, urt h trnfrmd frm a technical dln within IT t a bun rk mngmnt function. (And t warranted, nearly fv mlln dt records r lt r tln worldwide vr ngl day.)
On a lrgr l tll, vn lt, dlm, nd l hn t stake. W see ntn tlng untld munt of secrets nd ntlltul rrt frm h thr, nflunng h thr' elections, nd vn ur broader l dur. Mhn n b ud at scale t fft nrl every rt of our t, all th w down t n ndvdul level. Th nr th nd t mbt urt rk.
Wrkng n Cybersecurity
Now, lets turn to brurt careers themselvesstarting wth wh its a fld tht wlm th frm ll backgrounds, nludng nn-thnl n. Thn, well vr the jb outlook nd lt u can xlr.
Th Vlu of Transitioning from a Non-Technical Bkgrund
It a mtk to thnk of urt a ngl rr th. Thr r dzn of dtnt rr paths within urt, offering rtunt fr nn with a passion fr protecting our br infrastructure. Th nd for urt professionals krktng nd hw n signs f tng, the futur is bright for th kng careers n this fld.
If u thnk u nd a CS degree and ten r of experience n th to ndr th fld, thnk gn. Dng urt well, at l, rur a mx f law, psychology, sociology, thnlg, nd rgnztnl sciences. Cbrurt ffr a wide vrt f rtunt fr technical nd nn-thnl l.
Most l tnd to fu n technical operators nd ndn rn ngnr the b career th, but brurt l nd rgrm mngr, ftwr dvlr, professional mmuntr, dt ntt, systems nlt, nd more. And tht dnt vr ll of the g-t-mrkt rr in a urt mn, like rdut mngmnt, mrktng, ubl rltn, nd l.
In th way, a non-technical bkgrund n actually b n dvntg, which sets you apart and gv u unu perspectives and blt. My urt tm nlud l who have bn lbrrn, jurnlt, lwr, nd control tm. W hr thm bu w nd th skill t in th urt rr fld.
Fr xml, Surt rttnr n cover l and lw, whl thr can buld large-scale dtrbutd tm, fnd urt flw, r fu n fndng vl that's lurkng whr t doesn't blng.
Cyber Surt Fundamentals
Ntwrk nd Security Concepts
Information Aurn Fundmntl
Authentication, uthrztn, nd nnrudtn r tl tht tm dgnr n u t mntn tm urt wth rt t confidentiality, ntgrt, nd vlblt. Undrtndng h f th x nt nd how th relate t n nthr hl urt rfnl dgn nd mlmnt secure systems. Eh mnnt is critical t overall security, with th failure f n one component rultng n potential system mrm.
There r thr key nt, known th CIA trd, whh nn who rtt n nfrmtn system mut understand: nfdntlt, ntgrt, and availability. Infrmtn urt rfnl r ddtd to ensuring th rttn of th rnl fr h tm they protect. Addtnll, thr are three key nt tht urt professionals mut understand t enforce th CIA rnl rrl: uthnttn, uthrztn, and nnrudtn. In this section, we explain each of th nt nd how they relate t h thr n the digital urt rlm. All dfntn ud n th section rgnt frm th Ntnl Infrmtn Assurance Glr (NIAG) published by the U.S. Cmmtt on National Security Stm.
Authentication: Authentication mrtnt to n secure system, as t th key to vrfng the ur f a message or tht an individual whom h or she lm. Th NIAG defines uthnttn as a security measure designed to establish the vldt f a trnmn, mg, or rgntr, or a mn f verifying n individuals authorization t rv f tgr f nfrmtn.
Thr are many mthd vlbl t authenticate a rn. In h method, th uthnttr issues a hllng tht a rn must nwr. This hllng normally mr rutng a piece f nfrmtn tht only authentic users n supply. Th pieces of nfrmtn nrmll fll nt th thr classifications knwn factors f uthnttn.
When n uthnttn tm rur mr than n f these ftr, the urt community lf it a system rurng multifactor uthnttn. Two ntn of th same ftr, such as a wrd mbnd wth a users mthr mdn nm, r nt multifactor uthnttn, but mbnng a fngrrnt scan nd a personal identification numbr (PIN) is, it validates something th user is (th wnr f tht fngrrnt) and mthng th ur knw ( PIN).
Authnttn also l to validating the source f a message, such as a ntwrk packet r e-mail. At a lw lvl, mg uthnttn tm nnt rely on th m factors that l to humn uthnttn. Message uthnttn tm ftn rl on rtgrh gntur, which consist of a dgt r hash of th mg generated wth a secret key. Since nl n rn has t the k tht gnrt th gntur, the recipient is able to vldt th sender f a mg.
Wthut a und uthnttn tm, t impossible to trust tht a ur who h r h says that h r h , r tht a message from wh it lm t b.
Authorization: While uthnttn relates t vrfng identities, authorization fu n determining wht a ur h rmn t do. Th NIAG dfn uthrztn as rvlg granted t a ur, rgrm, or r.
Aftr a secure tm uthntt users, t mut l dd wht rvlg th hv. For ntn, n online banking ltn wll uthntt a user based on h r her rdntl, but t mut thn determine th accounts to whh tht ur has . Addtnll, th tm determines what tn the ur can take regarding th unt, such viewing bln and mkng transfers.
Nonrepudiation: Imgn a nr wherein Alice urhng a car frm Bob and gn a contract stating tht she wll $20,000 fr th r and will take wnrh of it n Thursday. If Al ltr decides nt t buy the car, h mght claim tht mn forged hr signature and tht h not rnbl fr th ntrt. T refute hr lm, Bb uld show tht a notary ubl vrfd Al dntt and stamped the document t ndt th vrftn. In th , th ntr stamp has gvn th contract th rrt f nonrepudiation, whh th NIAG dfn assurance th sender f data is provided wth rf f dlvr nd th rnt is rvdd wth proof of th ndr dntt, nthr can ltr deny hvng rd the dt.
In th wrld f dgtl communications, n notary n tm h trnmttd mg, but nnrudtn is tll nr. To mt th rurmnt, ur tm normally rl n asymmetric (or public key) cryptography. Whl symmetric key tm u a ngl k t nrt nd drt data, asymmetric tm u a k pair. These tm use n k (private) for signing dt and u the other k (ubl) fr vrfng data. If th m k can bth gn nd vrf th ntnt f a mg, th ndr n claim tht anyone who has t the k could easily have frgd t. Asymmetric k systems have the nonrepudiation rrt bu th gnr f a mg n keep h or hr rvt key secret.
Confidentiality: The term nfdntlt is fmlr t mt l, vn th not n the urt ndutr. The NIAG dfn nfdntlt urn tht nfrmtn is nt disclosed t unauthorized individuals, processes, r dv.
