Saturday, December 28, 2019

Cybersecurity

What is Cybersecurity?


Security (for Information and Communication Technology, or aka ICT) is concerned about ensuring the protection of computer systems (IT, OT, IoT, etc) in such a way that the functions of the system is not impeded. It should protect the system against both accidental and malicious attacks, whether these are natural or man-made in origin.

Security should be comprehensive enough to protect the system from both digital and physical attacks. We shouldn't focus on protecting from digital attacks and forget about the physical portion. For example, you have a lot of precious photos in your computer. You have anti-virus, up-to-date patches, and switch off the network connection when not in use. You think you are safe. Have you catered for hardware failure or accidental coffee spills?

Like how we maintain our health, there is no way to guarantee a system to be 100% safe after improving security for the systems. We can eat very healthily, exercise regularly, and sleep well, but we all know for sure, this don't guarantee we won't fall sick. Likewise, we can apply the most sophisticated or even the most expensive security implementations to protect the system, we can never be sure the system is 100%. We can only try to minimise the chance of an attack or a breach from occurring, and if it ever occurs, we try to minimise the consequence of an attack or a breach.

So cyber security is security for cyber.:P Whether cyber or not, i believe security should apply across the whole ICT, save for some differences in mitigating treatment for some areas.


What are the aspect of security are we concerned about?


There are many different models available that can be used for security. CIA is one popular model, taught in almost all security courses and schools.

C - Confidentiality, which is concerned about allowing access to the system or data only to authorised party.

I - Integrity, which is concerned about allowing modification to the system or data only to authorised party.

A - Availability, which is concerned about guaranteeing the reliable access to the information only by authorised party.

CIA is a basic model but we can extend it to include the following, or more:

Authenticity - verifying the identity of the entity that wants to interact with the system or data.

Authorisation - specifying the permission for accessing the system or data. Usually it is preceded by authentication, especially in software defined parameter framework.

Non-repudiation - providing assurance that the sender of information is provided with proof of delivery and the recipient is provided with the proof of sender's identity, so neither can later deny having processed the information.

In other words, when we want to improve security, we think of what are the concerns on these security aspects and how they can affect the security of the systems. We then think of solution to address the concerns. I will find time to write about how to find, evaluate, and address these concerns.

So, what's your view on cybersecurity?