The Cybersecurity Cube

Diadopsikan dari materi : Cisco Cybersecurity Essentials v1.1

Dr. Shelvie Nidya Neyman, S.Kom, M.Si

Sections & Objectives
The Cybersecurity
Describe the three dimensions of the McCumber Cube (Cybersecurity Cube).
Cube

CIA TRIAD Describe the principles of confidentiality, integrity, and availability.

States of Data Differentiate the three states of data.

Cybersecurity
Compare the types of cybersecurity countermeasures.
Countermeasures

IT Security
Management Describe the ISO Cybersecurity Model
Framework
The Three Dimensions of
the Cybersecurity Cube
The Principles of Security
• The first dimension of the cybersecurity cube identifies the goals
to protect the cyber world. The goals identified in the first
dimension are the foundational principles of the cybersecurity
world.
• These three principles are confidentiality, integrity and availability.
• The principles provide focus and enable cybersecurity specialists
to prioritize actions in protecting the cyber world.
• Use the acronym CIA to remember these three principles.
The States of Data
• The cyber world is a world of data; therefore, cybersecurity
specialists focus on protecting data. The second dimension of the
cybersecurity cube focuses on the problems of protecting all of
the states of data in the cyber world. Data has three possible
states:
1) Data at rest or in storage 2) Data in transit 3) Data in process
The Three
Dimensions of the
Cybersecurity Cube
Cybersecurity Safeguards
• The third dimension of the
cybersecurity sorcery cube
defines the types of powers used
to protect the cyber world. The
sorcery cube identifies the three
types of powers:
• Technologies - devices, and
products available to protect
information systems and fend off
cyber criminals.
• Policies and Practices -
procedures, and guidelines that
enable the citizens of the cyber
world to stay safe and follow good
practices.
• People - Aware and
knowledgeable about their world
and the dangers that threaten
their world.
CIA TRIAD -
Confidentiality
The Principle of Confidentiality
• Confidentiality prevents the disclosure of information to
unauthorized people, resources and processes. Another
term for confidentiality is privacy.
• Organizations need to train employees about best
practices in safeguarding sensitive information to
protect themselves and the organization from attacks.
• Methods used to ensure confidentiality include data
encryption, authentication, and access control.
Protecting Data Privacy
• Organizations collect a large amount of data and much
of this data is not sensitive because it is publicly
available, like names and telephone numbers.
• Other data collected, though, is sensitive. Sensitive
information is data protected from unauthorized access
to safeguard an individual or an organization.
CIA TRIAD-
Confidentiality
(Cont.)
Controlling Access
Access control defines a number of protection
schemes that prevent unauthorized access to a
computer, network, database, or other data
resources.
The concepts of AAA involve three security
services: Authentication, Authorization and
Accounting.
Authentication verifies the identity of a user to
prevent unauthorized access. Users prove their
identity with a username or I.D.
Authorization services determine which resources
users can access, along with the operations that
users can perform. Authorization can also control
when a user has access to a specific resource.
Accounting keeps track of what users do, including
what they access, the amount of time they access
resources, and any changes made.
CIA TRIAD- Confidentiality
(Cont.)

Confidentiality and privacy seem interchangeable, but

from a legal standpoint, they mean different things.
• Most privacy data is confidential, but not all
confidential data is private. Access to confidential
information occurs after confirming proper
authorization. Financial institutions, hospitals, medical
professionals, law firms, and businesses handle
confidential information.
• Confidential information has a non-public status.
Maintaining confidentiality is more of an ethical duty.
• Privacy is the appropriate use of data. When
organizations collect information provided by
customers or employees, they should only use that
data for its intended purpose.
CIA TRIAD - Integrity
Principle of Data Integrity
• Integrity is the accuracy, consistency, and
trustworthiness of data during its entire life cycle.
• Another term for integrity is quality.
• Methods used to ensure data integrity include
hashing, data validation checks, data consistency
checks, and access controls.
Need for Data Integrity
• The need for data integrity varies based on how an
organization uses data. For example, Facebook does
not verify the data that a user posts in a profile.
• A bank or financial organization assigns a higher
importance to data integrity than Facebook does.
Transactions and customer accounts must be
accurate.
• Protecting data integrity is a constant challenge for
most organizations. Loss of data integrity can render
entire data resources unreliable or unusable.
Integrity Checks
• An integrity check is a way to measure the
consistency of a collection of data (a file, a picture, or
a record). The integrity check performs a process
called a hash function to take a snapshot of data at
an instant in time.
Data availability is the principle used to describe the
need to maintain availability of information systems and
services at all times. Cyberattacks and system failures can
prevent access to information systems and services.
• Methods used to ensure availability include system
redundancy, system backups, increased system
resiliency, equipment maintenance, up-to-date
operating systems and software, and plans in place to
recover quickly from unforeseen disasters.

CIA TRIAD • High availability systems typically include three design

principles: eliminate single points of failure, provide for
reliable crossover, and detect failures as they occur.
Availability Organizations can ensure availability by implementing
the following:
1. Equipment maintenance
2. OS and system updates
3. Test backups
4. Plan for disasters
5. Implement new technologies
6. Monitor unusual activity
7. Test to verify availability
States of Data
Data at Rest
• Stored data refers to data at rest. Data
at rest means that a type of storage
device retains the data when no user
or process is using it.
• A storage device can be local (on a
computing device) or centralized (on
the network).
• A number of options exist for storing
data.
• Direct-attached storage (DAS) is
storage connected to a computer. A
hard drive or USB flash drive is an
example of direct-attached storage.
States of Data
Data at Rest
(Cont.)
• Redundant array of independent
disks (RAID) uses multiple hard drives
in an array, which is a method of
combining multiple disks so that the
operating system sees them as a
single disk. RAID provides improved
performance and fault tolerance.
• A network attached storage (NAS)
device is a storage device connected
to a network that allows storage and
retrieval of data from a centralized
location by authorized network users.
NAS devices are flexible and scalable,
meaning administrators can increase
the capacity as needed.
• A storage area network (SAN)
architecture is a network-based
storage system. SAN systems connect
to the network using high-speed
interfaces allowing improved
performance and the ability to
connect multiple servers to a
centralized disk storage repository.
Data transmission involves sending information from one device to another. There
are numerous methods to transmit information between devices including:
• Sneaker net – uses removable media to physically move data from one
computer to another
• Wired networks – uses cables to transmit data

States of Data • Wireless networks – uses the airwaves to transmit data

The protection of transmitted data is one of the most challenging jobs of a
Data In Transit cybersecurity professional. The greatest challenges are:
• Protecting data confidentiality – cyber criminals can capture, save and steal
data in-transit.
• Protecting data integrity – cyber criminals can intercept and alter data in-
transit.
• Protecting data availability - cyber criminals can use rogue or unauthorized
devices to interrupt data availability.
States of Data
Data In Process
The third state of data is data in process. This refers to data during initial input,
modification, computation, or output.
• Protection of data integrity starts with the initial input of data.
• Organizations use several methods to collect data, such as manual data entry, scanning
forms, file uploads, and data collected from sensors.
• Each of these methods pose potential threats to data integrity.
• Data modification refers to any changes to the original data such as users manually
modifying data, programs processing and changing data, and equipment failing resulting
in data modification.
• Processes like encoding/decoding, compression/decompression and
encryption/decryption are all examples of data modification. Malicious code also results
in data corruption.
Cybersecurity Countermeasures
Technologies
Software-based Technology Safeguards
• Software safeguards include programs and
services that protect operating systems,
databases, and other services operating on
workstations, portable devices, and servers.
There are several software-based technologies
used to safeguard an organization’s assets.
Hardware-based Technology Safeguards
• Hardware based technologies are appliances
that are installed within the network faculties.
They can include: Firewall appliances, Intrusion
Detection Systems (IDS),Intrusion Prevention
Systems (IPS) and Content filtering systems.
Cybersecurity
Countermeasures
Technologies
Network-based Technology Safeguards
Technological countermeasures can also include
network-based technologies.
• Virtual Private Network (VPN) is a secure
virtual network that uses the public network
(i.e., the Internet). The security of a VPN lies in
the encryption of packet content between the
endpoints that define the VPN.
• Network access control (NAC) requires a set of
checks before allowing a device to connect to
a network. Some common checks include up-
to-data antivirus software or operating system
updates installed.
• Wireless access point security includes the
implementation of authentication and
encryption.
Cloud-based Technology Safeguards
• Technological countermeasures now also include cloud-based
technologies. Cloud-based technologies shift the technology

Cybersecurity
component from the organization to the cloud provider.
• Software as a Service (SaaS) allows users to gain access to

Countermeasures application software and databases. Cloud providers manage the

infrastructure. Users store data on the cloud provider’s servers.

Technologies • Infrastructure as a Service (IaaS) provides virtualized computing

resources over the Internet. The provider hosts the hardware,
software, servers, and storage components.
• Virtual security appliances run inside a virtual environment with a
pre-packaged, hardened operating system running on virtualized
hardware.
Cybersecurity Countermeasures
Implementing Cybersecurity
Education and Training

A security awareness program is extremely

important for an organization. An employee may
not be purposefully malicious but just unaware of
what the proper procedures are.
There are several ways to implement a formal
training program:
• Make security awareness training a part of the
employee’s onboarding process
• Tie security awareness to job requirements or
performance evaluations
• Conduct in-person training sessions
• Complete online courses
Security awareness should be an ongoing process
since new threats and techniques are always on
the horizon.
Cybersecurity Countermeasures
Cybersecurity Policies and Procedures
• A security policy is a set of security objectives for a company that includes rules of
behavior for users and administrators and specifies system requirements. These
objectives, rules, and requirements collectively ensure the security of a network, the
data, and the computer systems within an organization.
• Standards help an IT staff maintain consistency in operating the network. Standards
provide the technologies that specific users or programs need in addition to any
program requirements or criteria that an organization must follow.
• Guidelines are a list of suggestions on how to do things more efficiently and securely.
They are similar to standards, but are more flexible and are not usually mandatory.
Guidelines define how standards are developed and guarantee adherence to general
security policies.
• Procedure documents are longer and more detailed than standards and guidelines.
Procedure documents include implementation details that usually contain step-by-step
instructions and graphics.
Security Security professionals need to secure information
from end-to-end within the organization. This is a
Management monumental task, and it is unreasonable to expect
one individual to have all of the requisite
Framework knowledge.

The ISO The International Organization for

Standardization (ISO)/International
Model Electrotechnical Commission (IEC) developed a
comprehensive framework to guide information
security management.
The ISO cybersecurity model is to cybersecurity
professionals what the OSI networking model is to
network engineers. Both provide a framework for
understanding and approaching complex tasks.
Security Management
Framework
The ISO Model
(Cont.)

ISO/IEC 27000 is an
information security
standard published in 2005
and revised in 2013, latest
2018. ISO publishes the
ISO 27000 standards.
Even though the standards
are not mandatory, most
countries use them as a de
facto framework for
implementing information
security.
Security Management
Framework
Using the ISO
Cybersecurity Model

• The ISO 27000 is a

universal framework for
every type of organization.
In order to use the
framework effectively, an
organization must narrow
down which domains,
control objectives, and
controls apply to its
environment and
operations.
• The ISO 27001 control
objectives serve as a
checklist. The first step an
organization takes is to
determine if these control
objectives are applicable to
the organization.
Security Management
Framework
Using the ISO Cybersecurity
Model (Cont.)

The ISO Cybersecurity Model and the States

of Data
• Different groups within an organization
may be responsible for data in each of the
various states.
• For example, the network security group is
responsible for data during transmission.
• Programmers and data entry people are
responsible for data during processing.
• The hardware and server support
specialists are responsible for stored data.
The ISO Controls specifically address
security objectives for data in each of the
three states.
Security Management Framework
Using the ISO Cybersecurity Model (Cont.)
The ISO Cybersecurity Model and Safeguards
• The ISO 27001 control objectives relate directly to the organization’s cybersecurity
policies, procedures and guidelines which upper management determines.
• The ISO 27002 controls provide technical direction. For example, upper management
establishes a policy specifying the protection of all data coming in to or out of the
organization. Implementing the technology to meet the policy objectives would not
involve upper management.
• It is the responsibility of IT professionals to properly implement and configure the
equipment used to fulfill the policy directives set by upper management.
Selesai
[email protected]