This day deals with discussing foundational cybersecurity ethical models, certain defense principles and tools used by an entry-level cybersecurity analyst.
CIA model
CIA is used as a base model for most cybersecurity frameworks. It consists of three fundamental principles revolving around information confidentiality, integrity and availability (CIA).
This helps establish proper security controls and reduce risks.
Refresher: Security frameworks
Security frameworks are sets of guidelines that helps an organization document security goals and achieve strong security goals ethically and lawfully.
International standpoint on counterattacks
The international court of justice has ruled out that if there a cyberattack, the affected party is only allowed to counterattack if:
the counterattack only affects the attacker and nobody else.
the counterattack is a direct signal for the attacker to stop
the counterattack does not escalate the situation
the counterattack's effects can be reversed.
Entry level analyst's toolkit
SIEM (System Information and Event Management): Application that logs activity in the network and alerts the user incase of any suspicious activity found.
IDS (Intrusion detection systems): Application that analyses real-time flow of data to detect unauthorized access in the network.
Network protocol analysers (Packet sniffers): Applications that log network traffic for analysis.
Playbook: A guide for any operational action, such as how to respond to a security incident.
Chain of custody: process of documenting evidence possession and control methods
Protecting and preserving: process of preserving evidence for investigations
- Order of volatility: Sequential preference in preservation given to the most volatile data.