Cybersecurity Topic #2: Security Cycle


Security Topic #2: Cybersecurity Vocabulary for Security Cycle

In this article, we are going to build our cybersecurity vocabulary by defining some of the common terms frequently used in security conversations. These terms together form the security cycle.

Threat – a threat is a successful step toward risk management. For example, you have identified the vulnerability in a system, and you are sure it can be exploited.

Vulnerability – an absence or weakness in a system. It can occur anywhere, in software, hardware, or personnel. An example of a vulnerability could be using a weak or default password for login.

Assets – anything that has value to an organization can be called an asset. It can be physical or intangible like data, specification, etc.

Threat Agent – something or someone who executes a threat is called the threat agent. For example, an unauthorized user who got access by exploiting the default password vulnerability of the device is a threat agent.

Risk – it the probability that a threat agent can exploit the vulnerability and impact the system by threat. Risk can be high, low, or medium. Gaining unauthorized access to the application server in a banking environment is a high risk. However, gaining access to a branch public area by a threat agent is low or medium risk.

Exposure – is when an asset is available/visible for losses or attack. A device with default password settings is exposed to the possibility of unauthorized access and network disturbance.

Countermeasure – is to reduce the risk. Also known as safeguards or controls. Countermeasures should cover vulnerability, threat, and risk. For example, a good countermeasure for unauthorized access is to implement the AAA server and SSH for remote access. AAA ensures the authentication, and authorization combined with SSH can ensure data confidentiality.

All these words are critical to cybersecurity communication and if we correlate each it is a deep meaning –

ASSET à causes EXPOSURE à Needs SAFEGUARD à Affects THREAT AGENT à discovers THREAT à exposes VULNERABILITY à develops RISKS à damage ASSEST. This completes the security cycle.

Figure 1: Security Cycle

Hope you find this informative.

Continue Reading...

Further Continue Reading...