Navigating the Labyrinth of Cybersecurity: Beyond the CIA

dariocaldera
Navigating the Labyrinth of Cybersecurity: Beyond the CIA

Cybersecurity may sound like a serious, dark topic, but who said we can’t explore this world with a dash of fun and a touch of freshness? Welcome to a journey through the bowels of the cyber world, where we will delve into the mysteries of the CIA Security Triad, their DAD counterparts and other fundamental concepts that will make you exclaim: “WOW, cybersecurity is great!”

CIA Triad: Keep It Secret, Intact and Available!

The CIA Security Triad is not a secret organization, but it sure behaves like one. These three principles, Confidentiality, Integrity and Availability, are the Holy Grail of cybersecurity. Imagine that your most private information is like your secret grandmother’s recipe. Confidentiality keeps it safe from prying eyes, integrity ensures that no one can change secret ingredients, and availability ensures that you can cook that delicious cake whenever you want. CIA, a sure recipe for online success!

  1. Confidentiality: This principle refers to keeping information protected and accessible only to those who have the necessary authorization. It’s like having a lock on your front door to prevent strangers from entering.
  2. Integrity: Integrity ensures that data is not altered in an unauthorized manner. This means that the information must remain exactly as it was created and must not be modified without permission. Think of integrity as a safety seal on a bottle of medicine: if someone breaks it, you’ll know the contents could be dangerous.
  3. Availability: Availability means that information is always available to those who need it. This means that systems must be up and running and accessible when needed. An everyday example would be the Internet service in your home: you expect it to be available when you need it for work, study or entertainment.

Now, let’s look at a real-life example where we can identify these three concepts:

Example: Protection of Medical Data

Imagine that you are the manager of a hospital and you must ensure the safety of patients’ medical records. This is where the CIA Triad comes into play:

  • Confidentiality: To maintain confidentiality, you must ensure that only authorized medical personnel have access to medical records. This involves establishing strong authentication systems, strong passwords, and strict access policies. If a curious employee attempts to access a patient’s records without authorization, they should be denied access and the attempt recorded.
  • Integrity: Integrity is essential to ensure that medical records are not altered in an unauthorized manner. You should implement measures to track any changes to medical records and ensure that only authorized personnel can make modifications. If someone tries to modify the results of a laboratory test or change the dose of a drug without permission, an alert should be generated.
  • Availability: Medical records should be available when doctors and health care personnel need them. This means having backup systems and disaster recovery plans in case of outages, such as server failures or cyber attacks. If a doctor is unable to access a medical record during an emergency due to a system outage, availability has been compromised.

The CIA Security Triad is essential in the protection of sensitive data in any context. Whether in a hospital, a company or in your daily life, these principles ensure that information is kept confidential, complete and available, which is fundamental for cybersecurity and privacy protection.

The Dark Side: DAD – Disclosure, Alteration and Destruction/Denial

But what happens when the CIA joins the dark side? Enter DAD, Disclosure, Alteration and Destruction/Denial! Imagine that your secret grandmother recipe is revealed to the world, someone changes the recipe to include broccoli instead of chocolate and then they burn the original recipe. That’s DAD in action! Cybersecurity is about preventing this from happening.

So DAD (Disclosure, Alteration and Destruction/Denial) and its concepts focus on what could go wrong if proper security measures are not taken and applied in situations where security is compromised.

  1. Disclosure: Disclosure refers to the unauthorized disclosure of confidential information. It’s as if someone opened your journal and shared it with the world without your permission.
  2. Alteration: Alteration involves changing information without authorization. It’s as if someone walked into your secret grandmother recipe and decided to add hot peppers instead of sweet chili peppers.
  3. Destruction/Denial: This is a double threat. Destruction refers to the unauthorized deletion or corruption of data, while denial refers to denying legitimate access to data or resources. It’s like someone breaks into your secret grandma recipe, burns it, and then blocks your access so you can’t cook the cake.

Now, let’s look at a real-life example where we can identify each of these concepts:

Example: Attack on an Online Bank Account

Imagine you have an online bank account and someone tries to compromise the security of your account:

  • Disclosure: An attacker could gain access to your banking information, such as your account number and balance, if they discover your login credentials through phishing or password theft. This unauthorized disclosure could allow them to access confidential information.
  • Alteration: If the attacker gains access to your bank account, they could make unauthorized changes to your balance, transfer money to fake accounts, or alter your transaction records to hide their activities. This would be an unauthorized alteration of your financial data.
  • Destruction/Denial: If the attacker is particularly malicious, they could try to destroy your financial records or deny you access to the account by locking it with password changes or additional security measures. This would prevent you from accessing your own funds or tracking your transactions.

In this example, we can see how DAD concepts apply in a cybersecurity context. Cyberattacks can lead to unauthorized disclosure of sensitive information, alteration of data, and in some cases, destruction of records or denial of access. Proper security measures, such as two-factor authentication and account monitoring, are critical to protect against these online risks.

Security Models: Exploring the Gateway to Digital Fortress

Now, let’s shift gears and explore security models. They’re like the different ways you can build a digital castle. The Bell-LaPadula Model is like a deep pit full of crocodiles, only allowing authorized people to enter. The Biba Integrity Model is like a library where you can only read books that are in perfect condition. And the Clark-Wilson Model is like a candy store where you can’t touch anything without proper permission. Keep your data safe with these security models!

The Bell-LaPadula Model, which is a discretionary access security model used in cybersecurity. This model focuses on confidentiality and is widely used to protect information in information security systems.

Key Principles of the Bell-LaPadula Model:

  1. Protection Object: The Bell-LaPadula model focuses on the protection of objects, such as files, folders or databases, and on the access to those objects by subjects, such as users or processes.
  2. Security Tags: Each object and subject in the system has an associated security tag. These labels indicate the level of security rating. For example, an object may have a “Confidential” label and a subject may have an “Unclassified” label.
  3. No Read Up Rule: This rule states that a subject can only read objects that have a security label equal to or less than the subject’s security label. In other words, a subject cannot “read up” in the safety hierarchy.
  4. No Write Down Rule: This rule states that a subject can only write or modify objects that have a security label equal to or greater than the subject’s security label. A subject cannot “write down” in the security hierarchy.
  5. Discretionary Access Control: The Bell-LaPadula Model is based on discretionary access control, which means that object owners can decide who they allow or deny access to their objects. This allows users with appropriate permissions to control who can access their information.

Example of Application of the Bell-LaPadula Model:

Imagine a defense company using the Bell-LaPadula Model to protect classified information. Here is an example of how the model would be applied:

  • Security Labels: Objects, such as  documents, have security labels, such as “Confidential,” “Secret,” and “Top Secret.” Employees also have security labels assigned to them, such as “Unclassified,” “Confidential,” or “Secret.”
  • Non-Disclosure Rule: An employee with a “Confidential” security label cannot access documents labeled “Secret” or “Top Secret.” However, they can access documents labeled “Confidential” or “Unclassified.”
  • No Modification Rule: An employee with a “Secret” security label cannot modify documents labeled “Confidential.” They can only edit documents with an equal or greater tag, such as “Secret” or “Top Secret.”
  • Principle of Discretion: Document owners can decide who they allow and who they deny access to. For example, an employee with a “Secret” document can allow another employee with the same security label to access the document or deny access to an employee with a “Confidential” label.

The Bell-LaPadula Model is especially important in government and military settings where confidentiality is critical. It helps ensure that only people with proper authorization can access sensitive information, thereby reducing the risk of unauthorized disclosure.

The Biba Integrity Model, which is another security model used in cybersecurity. Unlike the Bell-LaPadula Model, the Biba Integrity Model focuses on data integrity and preventing unauthorized modification.

Key Principles of the Biba Integrity Model:

  1. Object of Protection: As in the Bell-LaPadula Model, the Biba Integrity Model focuses on the protection of objects, such as files or data, and the access to those objects by subjects, such as users or processes.
  2. Integrity Labels: Instead of security labels as in the Bell-LaPadula Model, the Biba Integrity Model uses integrity labels. These tags indicate the level of integrity of an object or subject. Integrity labels fall into two categories: “Subject Integrity” and “Object Integrity”.
  3. No Write Up Rule: This rule states that a subject can only write data to objects that have an integrity tag equal to or greater than the subject’s integrity tag. This prevents subjects with a low integrity label from modifying objects with high integrity, which could compromise data integrity.
  4. No Read Down Rule: This rule states that a subject can only read data from objects that have an integrity tag equal to or less than the subject’s integrity label. It prevents subjects with a high integrity label from obtaining information from objects with low integrity, which could introduce unreliable data into their environment.

Example of Application of the Biba Integrity Model:

Imagine a financial institution using the Biba Integrity Model to protect the integrity of financial data. Here is an example of how the model would be applied:

  • Integrity Labels: Financial data has integrity labels, such as “High Integrity” and “Low Integrity.” Employees and systems also have integrity labels assigned to them, such as “High Integrity” or “Low Integrity.”
  • Non-Corruption Rule: An employee with a “Low” integrity  label cannot modify financial data with a “High” integrity label. This ensures that critical data is not altered by employees with a lower level of integrity.
  • Unreliable No Modification Rule: An employee with a “High” integrity label  cannot access financial data with a “Low” integrity label. This prevents employees with a high level of integrity from accessing data that might have been compromised or modified by untrusted sources.

The Biba Integrity Model is used to ensure that data maintains its integrity and is not modified by unauthorized persons or systems. It is especially important in settings where data accuracy is critical, such as in financial institutions or health systems. By applying this model, the risk of data corruption is reduced and information integrity is ensured.

Unlike previous models such as Bell-LaPadula and Biba, the Clark-Wilson Model focuses on ensuring data integrity and maintaining information consistency across critical systems.

Key Principles of the Clark-Wilson Model:

  1. Access Sets:
    • In the Clark-Wilson Model, access sets are defined for data and processes.
    • Data is divided into datasets, and each set has specific access restrictions.
    • Processes or programs are designed so that they can only operate on data within specific data sets.
  2. Transformation Rules:
    • Transformation rules are established that define how data can be modified or transformed.
    • These rules ensure that any modification of the data maintains its integrity and complies with the established restrictions.
  3. Audit Log:
    • An audit trail is maintained that records all operations performed on the data.
    • This allows all modifications to be tracked and ensures accountability in case of problems.
  4. Separation of Duties (SoD) Violation:
    • The Clark-Wilson Model emphasizes the separation of duties, meaning that different people or roles have separate responsibilities in the system.
    • This avoids conflicts of interest and reduces the risk of malicious activity or errors.

Example of Application of the Clark-Wilson Model:

Suppose a financial institution uses the Clark-Wilson Model to manage its financial transactions. Here is an example of how the model would be applied:

  • Access Sets: Datasets are defined for different types of financial transactions, such as deposits, withdrawals, and transfers. Each dataset has specific access restrictions.
  • Transformation Rules: Transformation rules are established that dictate how transactions can be made. For example, a rule might state that transfers can only be made between accounts if the balance in the source account is sufficient.
  • Audit Log: An audit log is maintained that records all financial transactions made by users. Any modification or transaction is recorded for later review.
  • Separation of Duties (SoD): Ensures that different roles have separate responsibilities in the financial transaction process. For example, the employee entering a transaction should not be the same person who approves it.

The Clark-Wilson Model is especially useful in environments where data integrity is critical, such as in financial institutions, healthcare systems, and industrial process control systems. It helps ensure that transactions are consistent, secure and adhere to established rules, thereby reducing the risk of fraud and errors. In addition, the separation of duties in the model is an important measure to prevent conflicts of interest and ensure accountability.

Safety Principles: More Than Just Nice Words

Let’s talk about security principles that sound sophisticated but are essential. Defense in Depth is like having layers of protection: a walled castle, a moat, and a guardian dragon. Zero Trust is like saying “not even my grandmother can enter without identification.” And Trust But Verifies is like giving your friend a cake, but first you make sure it doesn’t contain broccoli. Be astute in cybersecurity!

The principle of “Defense in Depth” is a  fundamental approach in cybersecurity that is used to protect systems and data by implementing multiple layers of security rather than relying on a single security measure. This strategy is based on the idea that if one layer of security fails, additional layers must still provide protection.

Here is a more detailed exploration of the principle of Defense in Depth:

Security Layers: In a Defense in Depth approach, multiple layers of security are implemented at different levels of a system or network. These layers can include firewalls, intrusion detection systems, access control, antivirus, security patches, two-factor authentication, encryption, and more.

Main Benefits:

  1. Failure Resistance: Having multiple layers of security, a failure in one layer does not necessarily compromise the security of the entire system. For example, if an attacker bypasses the firewall, they will still have to get around other layers of security before accessing critical data.
  2. Early Detection: Different layers of security can detect threats at early stages. For example, an intrusion detection system can identify suspicious activity before an attacker can cause damage.
  3. Greater Resiliency: Redundant security layers increase the system’s resilience to attacks or technical failures. If one layer is compromised, others can still function to protect the integrity of data and infrastructure.

Defense in Depth Example:

Let’s say you have a business network that stores sensitive customer and employee information. Here is an example of how the principle of Defense in Depth could be applied:

  1. Perimeter Firewall: You place a firewall at the edge of your network to block unauthorized traffic from the Internet.
  2. Intrusion Detection System (IDS):  You implement an IDS to monitor internal traffic and detect unusual behavior or attacks.
  3. Two-Factor Authentication (2FA): Requires two-factor authentication for employees to access critical systems, which adds an extra layer of security.
  4. Data Encryption: Encrypts stored and transmitted data to protect it in case an attacker gains physical access or intercepts the communication.
  5. Updates and Patches: You keep systems and applications updated with the latest security patches to avoid known vulnerabilities.
  6. Security Audits: You conduct regular audits to continuously assess and improve the security of your network.

With these layers of security in place, your network is more protected against a variety of threats, from malware attacks to intrusion attempts. Defense in Depth is essential in an ever-evolving world of cyber threats, helping to mitigate risks and maintain the integrity of systems and data.

The principle of “Zero Trust” is an approach to cybersecurity that challenges the age-old notion of automatically trusting users and devices within a corporate network. Rather than assuming that everything within the network is secure, the Zero Trust philosophy assumes that nothing is trustworthy and demands constant and rigorous verification of identity and security before granting access to sensitive resources or data. Here is a more detailed exploration of this security principle:

Key Principles of Zero Trust:

  1. Continuous Verification: In a Zero Trust architecture, all users and devices, even those within the corporate network, must be verified on an ongoing basis. This means that trust is not granted once, but is verified in every interaction.
  2. Least Privilege Policy: A “least privilege” policy is enforced in which users and devices only gain access to the minimum resources necessary to perform their functions. This limits the attack surface and reduces risks.
  3. Microsegmentation: The network is divided into smaller, isolated segments, meaning that even if an attacker gains access to one segment, they don’t necessarily have access to others. This reduces the spread of threats.
  4. Visibility and Analytics: Monitoring and analysis tools are implemented to constantly monitor network activity and detect unusual behavior or threats in real time.
  5. Multi-factor authentication (MFA): Multi-factor authentication is used to ensure that users provide multiple proofs of identity before accessing sensitive systems or data.

Example of Zero Trust Application:

Suppose a company adopts the principle of Zero Trust to protect its resources and data. Here is an example of how this approach would be applied:

  • Remote Access: An employee needs to access corporate systems from outside the office. Instead of allowing automatic access with just a password, the company implements multi-factor authentication (MFA) that requires a password, code generated by an authenticator app, and a fingerprint. This rigorous verification ensures that only the authorized employee can access the systems.
  • Access Control: The company implements strict access control policies based on the need to know. Each employee only has access to the resources and data needed to perform their job. Systems use segmentation to ensure that even if an employee is compromised, their access is limited to only certain areas of the network.
  • Continuous Monitoring: Security monitoring tools are used to constantly monitor network activity. If unusual behavior is detected, such as unauthorized access attempts or suspicious activity, immediate action is taken to investigate and mitigate the threat.

The Zero Trust approach is especially relevant in an ever-evolving cyber threat environment, where it cannot be taken for granted that even internal users and devices are trusted. This principle promotes a more proactive security posture and improves protection against internal and external threats.

The principle of “Trust but Verify” is a fundamental approach in cybersecurity and security management that involves granting a certain initial level of trust to users and devices, but then continuously checking their behavior and policy compliance to ensure that they maintain their integrity and do not pose a security risk. This principle derives from a famous quote attributed to US President Ronald Reagan: “Trust, but verify”. Here’s a more detailed exploration of this security principle:

Key Principles of Trust but Check:

  1. Grant Initial Trust: In this approach, users and devices are granted a certain level of trust at first. For example, certain access privileges may be granted to a new employee based on their position and role.
  2. Continuous Verification: Despite the initial trust, continuous verification mechanisms are implemented to ensure that users and devices continue to comply with established security policies. This may include periodic audits, activity monitoring, and verification of policy compliance.
  3. Least Privilege Policy: A “least privilege” policy similar to Zero Trust applies. Users and devices only gain access to the minimum resources necessary to perform their functions, and these privileges can be increased or decreased as needed, but always within set limits.
  4. Audits and Reports: Audits and logs are used to track activities and policy compliance. The reports generated from these logs allow for continuous monitoring and early identification of security issues.

Example of Trusted Application but Verifies:

Imagine an organization that applies the principle of Trust but Verifies for its employees and information systems:

  • New Employees: When a new employee joins the company, they are granted certain access privileges according to their position and function. For example, a marketing analyst can access certain marketing resource folders.
  • Continuous Verification: As the employee works in the company, their activities and access to resources are monitored on an ongoing basis. Activities such as accessing resource folders or modifying files are checked to ensure that they conform to security policies.
  • Least Privilege Policy: If the employee changes roles or responsibilities, their access privileges are adjusted accordingly. If you assume a new role that requires access to sensitive information, you are granted the appropriate permissions.
  • Audits and Reports: Records of employee activities are maintained and audit reports are generated that show their compliance with security policies and access to resources. If unusual or unauthorized activity is detected, corrective action is taken.

The Trust but Verifies principle helps balance the need to grant certain privileges to users with the need to maintain the security and integrity of systems and data. This approach enables more flexible and adaptive management of access permissions, improving the ever-changing security of a cyber environment.

And so, we conclude our journey through the maze of cybersecurity. From the CIA to DAD, security models and core principles, we’ve unraveled the secrets of the digital fortress. Next time you browse the web, remember these lessons and keep your data safe. Cybersecurity is a fascinating world, and together, we can tackle any challenge that comes our digital journey! Until the next adventure in the world of cybersecurity! 

Thank you for reading friend.

dariocaldera Avatar
dariocaldera
MBA | MSC | Cybersecurity Architect | CPHE

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

Latest Posts

Latest Comments

Categories

Archives

Tags

5G ABAC ACL API CAS CIA COBIT DAC Datapower DTP EDR HSM IAM Incapsula ISO Istio MAC Masking MFA MITRE NGFW NIST Oauth Obfuscation OpenID OSB PDAC Proxy RAdius RBAC SAML Secure Enclave SecurityGroups SecurityList SELinux Steganography SWG Tokenization TPM VPN WAF WiFI XDR zero trust ZTA

Signup Newsletter

Sign up to receive each new topic in your email immediately.

Newsletter

By signing up, you agree to the our terms and our Privacy Policy agreement.