Latest

Security Dose 231123 - It's about Security!!

It's About "Security"

The “Security Dose” is a new initiative from our end. These kinds of articles will be a 300-feet overview of the security concepts. It will primarily focus on theories, not the deep-dive configuration stuff. Hope you will find this initiative informative and useful.

Network Security

Let’s start with Security why do we need it in the first place? Security is the top priority today for everyone starting from end-users to top business management. It helps to ensure that you are able to continue to operate in spite of any attempts to steal data or compromise any physical or logical elements in the system.

To understand the scope of security, let’s compare it with Information Technology (IT). IT is a combination of hardware & software that support the operations of a business to drive revenue.  

A Security System is a business management tool that ensures the reliable and protected operation of IT. Security is implemented to support the objectives, missions, and goals of the organization.

Often team wants to know how to start the security implementation. We need to understand that security is a journey not a final implementation of any security system. This journey of security implementation starts with adopting a security framework i.e. for instance a security framework to secure network access, external threat protection, or data transfer protection. Once a framework is adopted, security systems continuously evolve using various assessments.

These assessments may include – Risk Assessment, Vulnerability Assessment, and Penetration Assessment. Let’s look at each of these briefly –

Risk Assessment starts with collecting information about assets, threats around them, and vulnerabilities that may be there. Once all this information is collected a risk is calculated if there is a breach. This information provides input to guide improvements of existing security systems.

Vulnerability assessment generally uses the automated approach to find the security risks associated with systems. The identified vulnerabilities are addressed by adding more defense systems or adjusting the settings of existing security systems.

Finally, the Penetration Testing assessment is where trusted individuals are hired or appointed to perform the stress test of the system to find out any issues that can allow an attacker to breach the system. Normally, penetration testing is done to find issues that are not identified in risk and vulnerability assessments.

 

Figure 1: Security Evolution

⚡⚡ Is it required security to be legally defensible? 📜

Today, in this agile environment perimeters are getting dissolved, and we are surrounded by bad actors on our network or outside the network. It requires security to be legally defensible. Solid legally defensible security systems can protect an organization from facing fines, penalties, and charges of negligence in case someone intrudes environment and harms critical entities or resources.

As already said you cannot implement 100% security. It’s a journey and never concluded process. It is because the security issues are always changing. The defenses that were sufficient yesterday may not be sufficient tomorrow. 

For instance, perimeter security for protecting internal resources in a central site does not scale well in a cloud-first area. As we discover new vulnerabilities or new attacks are designed, we need to respond to them with a new security approach.

We hope you find this informative we come with more such doses frequently.

Continue Reading...