Lesson 1: Fundamental Security Concepts

CIA Triad

Core security principles: Confidentiality, Integrity, Availability

Non-repudiation: Proof of origin/actions

Cybersecurity Frameworks

NIST Cybersecurity Framework (CSF)

5 Core Functions:

• Identify: Asset management, risk assessment
• Protect: Access control, encryption
• Detect: Monitoring, anomaly detection
• Respond: Incident response plan
• Recover: Backups, continuity planning

Function details:

• Identify: Understanding what needs protection - asset inventories, risk evaluations, classifying systems
• Protect: Securing systems before incidents - encryption protocols, MFA, user training, hardening configurations
• Detect: Looking for suspicious behavior - log analysis, IDS/IPS, SIEM tools, alerts
• Respond: Actions after incident occurs - isolating systems, notifying stakeholders, forensics investigation
• Recover: Getting back to normal - restoring from backups, disaster recovery sites, continuity plans

ISO Standards

• ISO 27001: Requirements for ISMS (Information Security Management System)
• ISO 27002: Best practices for security controls

Gap Analysis

Compares current security measures against standards (NIST, ISO) to identify weaknesses and compliance gaps

AAA Framework

• Authentication: Verifies identity (passwords, MFA, biometrics)
• Authorization: Determines permissions (RBAC, ABAC)
• Accounting: Logs actions (audit trails, SIEM)

Technologies:

• Authentication: RADIUS, TACACS+, LDAP, Kerberos, biometrics, smart cards, MFA
• Authorization: RBAC systems, Active Directory group policies, ACLs, ABAC
• Accounting: RADIUS accounting, TACACS+ logs, Syslog, SIEM, audit trails

Access Control Models

• RBAC (Role-Based): Permissions based on job role
• MAC (Mandatory): Labels (Top Secret, Confidential) - central authority enforces
• ABAC (Attribute-Based): Dynamic rules (time, location, user profile)
• DAC (Discretionary): Owner-controlled (file permissions)
• Rule-Based: System-wide conditions and logic applied universally

Security Control Types

By Category:

• Technical: Firewalls, IDS/IPS, encryption
• Managerial: Security policies, risk assessments, compliance requirements
• Operational: Security training, incident response plans, backup operations
• Physical: Locks, cameras, biometric scanners

By Function:

• Preventive: Firewalls, encryption
• Detective: IDS, CCTV, log monitoring
• Corrective: Patches, backups, incident response
• Deterrent: Warning signs, fines
• Compensating: Alternative controls (MFA if passwords weak)
• Directive: Security awareness training, policies

Information Security Roles

• CIO (Chief Information Officer): Overall IT responsibility
• CTO (Chief Technology Officer): New/emerging computing platforms
• DevOps: Software development + systems operations
• DevSecOps: Development + security + operations
• CIRT (Computer Incident Response Team): Incident response responsibility
• SOC (Security Operations Center): Monitor and protect critical assets
• CSO (Chief Security Officer): Overall information assurance responsibility
• ISSO (Information Systems Security Officer): Technical implementation of security policies