Cybersecurity Topic #2: Security Cycle
Security Topic #2: Cybersecurity Vocabulary for Security Cycle
In this article, we are going to build our cybersecurity
vocabulary by defining some of the common terms frequently used in security
conversations. These terms together form the security cycle.
Threat – a threat is a successful step toward risk
management. For example, you have identified the vulnerability in a system, and
you are sure it can be exploited.
Vulnerability – an absence or weakness in a system. It can
occur anywhere, in software, hardware, or personnel. An example of a
vulnerability could be using a weak or default password for login.
Assets – anything that has value to an organization can be
called an asset. It can be physical or intangible like data, specification,
etc.
Threat Agent – something or someone who executes a threat is
called the threat agent. For example, an unauthorized user who got access by
exploiting the default password vulnerability of the device is a threat agent.
Risk – it the probability that a threat agent can exploit the
vulnerability and impact the system by threat. Risk can be high, low, or
medium. Gaining unauthorized access to the application server in a banking
environment is a high risk. However, gaining access to a branch public area by a
threat agent is low or medium risk.
Exposure – is when an asset is available/visible for losses
or attack. A device with default password settings is exposed to the
possibility of unauthorized access and network disturbance.
Countermeasure – is to reduce the risk. Also known as
safeguards or controls. Countermeasures should cover vulnerability, threat, and
risk. For example, a good countermeasure for unauthorized access is to implement
the AAA server and SSH for remote access. AAA ensures the authentication, and
authorization combined with SSH can ensure data confidentiality.
All these words are critical to cybersecurity communication
and if we correlate each it is a deep meaning –
ASSET Ã
causes EXPOSURE Ã Needs
SAFEGUARD Ã
Affects THREAT AGENT Ã
discovers THREAT Ã
exposes VULNERABILITY Ã
develops RISKS Ã
damage ASSEST. This completes the security cycle.
Figure 1:
Security Cycle
Hope you find this informative.
Continue Reading...
- What is Smurf attack and the protection? - The Network DNA
- Don't Leave Your Network Vulnerable : Reasons to Switch to a NGFWs
- Cisco DUO & Authentication Flow - The Network DNA
- How to Strengthen Mac Security Using FileVault Encryption?
- How to Make Your Computer Less Prone to Potential Threats
- Top 5 tools to use alongside a firewall for the best network protection in 2020
- Securing Open Source Code Repositories Against Exfiltration Attacks
Further Continue Reading...