Chapter 1- The Cybersecurity Cube

Framework called cybersecurity cube- John McCumbe

The first dimension of the Cybersecurity Cube includes the three principles of information
security(These three principles are confidentiality, integrity and availability). The second
dimension identifies the three states of information or data(Data in transit, Data at rest or
in storage, Data in process). The third dimension of the cube identifies the expertise
required to provide protection(Tech, Policies and practice, people). These are often called
the three categories of cybersecurity safeguards.

CIA Traid:

Confidentiality- Confidentiality prevents the disclosure of information to unauthorized

people, resources and processes. Methods used to ensure confidentiality include data
encryption, authentication, and access control.

Controlling access- AAA(Authentication(Who are you?), Authorization(How much access

you have?), Accounting(Track of what you do)) Eg. Credit card

Most privacy data is confidential, but not all confidential data is private.

Integrity- Integrity is the accuracy, consistency, and trustworthiness of data during its
entire life cycle. Another term for integrity is quality. Methods used to ensure data integrity
include hashing, data validation checks, data consistency checks, and access controls.

An integrity check is a way to measure the consistency of a collection of data (a file, a

picture, or a record). The integrity check performs a process called a hash function to take
a snapshot of data at an instant in time. The integrity check uses the snapshot to ensure
data remains unchanged. A checksum is one example of a hash function. 

Availability- Data availability is the principle used to describe the need to maintain
availability of information systems and services at all times. Methods used to ensure
availability include system redundancy, system backups, increased system resiliency,
equipment maintenance, up-to-date operating systems and software, and plans in place to
recover quickly from unforeseen disasters. One of the most popular high availability
practices is five nines. The five nines refer to 99.999%. This means that downtime is less
than 5.26 minutes per year.

(Eliminate single points of failure, Provide for reliable crossover, Detect failures as they
occur)

States of Data:-

Data at Rest- Stored data refers to data at rest. Data at rest means that a type of
storage device retains the data when no user or process is using it. Direct-attached
storage(DAS). Redundant array of independent disks (RAID) uses multiple hard drives in an
array, which is a method of combining multiple disks so that the operating system sees
them as a single disk. A network attached storage (NAS) device is a storage device
connected to a network that allows storage and retrieval of data from a centralized
location by authorized network users. Cloud storage is a remote storage option that uses
space on a data center provider and is accessible from any computer with Internet access.

Direct-attached storage can be one of the most difficult types of data storage to manage
and control. Direct-attached storage is vulnerable to malicious attacks on the local host.

Data In-Transit- Sneaker net – uses removable media to physically move data from one
computer to another, Wired networks – uses cables to transmit data, Wireless networks –
uses radio waves to transmit data. The cybersecurity professional must deal with several
challenges in protecting this data: Confidentiality, Integrity and Availability
Countermeasures- VPNs, SSL, IPsec, Encryption/Decryption, Hashing, Redundancy, Hot
standby

Data in Process- Protecting against invalid data modification during processing can
have an adverse impact. Software errors are the reason for many mishaps and disasters.

Countermeasures- Access control, Data validation and data duplication

Cybersecurity Countermeasures:-

Technologies- Administrators install software-based countermeasures or safeguards on

individual hosts or servers. Firewalls, port scanners, Protocol and signal analyser,
Vulnerability scanners are computer programs designed to assess weaknesses on
computers or networks, Host-based intrusion detection systems (IDS).

Hardware based- Firewalls, Dedicated Intrusion Detection Systems (IDS), Intrusion

Prevention Systems (IPS), Content filtering services control access and transmission of
objectionable or offensive content.

Network based- VPNs, Network access control (NAC), Wireless access point security

Cloud based- Software as a Service (SaaS), IaaS, PaaS. Cloud service providers have
extended these options to include IT as a Service (ITaaS), which provides IT support for
IaaS, PaaS, and SaaS service models.

Education, Awareness and Training

Policies and Procedures- A security policy is a set of security objectives for a

company that includes rules of behavior for users and administrators and specifies system
requirements. (Identification and Authentication policies, password policies, Acceptable
use policies(AUP), Remote access policies, Ntwk maintainance policies, Incident handling
policies).

Standards help an IT staff maintain consistency in operating the network. Standards

documents provide the technologies that specific users or programs need in addition to
any program requirements or criteria that an organization must follow. This helps IT staff
improve efficiency and simplicity in design, maintenance, and troubleshooting.

Guidelines are a list of suggestions on how to do things more efficiently and securely. They
are similar to standards, but are more flexible and are not usually mandatory. Guidelines
define how standards are developed and guarantee adherence to general security policies.

The ISO Cybersecurity Model:-

Twelve Domains of Cybersecurity:-

Risk Assessment, Security Policy, Organization and Info Security, Asset Management,
Human Resource security, Physical and environmental security, Communication and opr
management, (Info System Acquisition, development and maintainance), Access control,
Info security and incident management, Business continuity management, Compliance

Certification and compliance provide confidence for two organizations that need to trust
each other’s confidential data and operations. Compliance and security audits prove that
organizations are continuously improving their information security management system.

Most organizations generate a document called the Statement of Applicability (SOA). The
SOA defines which control objectives that the organization needs to use. Different
organizations place greater priority on confidentiality, integrity, and availability depending
on the type of industry. For example, Google places the highest value on user data
confidentiality and availability and less on integrity. Google does not verify user data.
Amazon places high emphasis on availability. If the site is not available, Amazon does not
make the sale. This does not mean that Amazon ignores confidentiality in favor of
availability. Amazon just places a higher priority on availability. Therefore, Amazon may
spend more resources ensuring that there are more servers available to handle customer
purchases.