It seems that every day, society often hears about cybersecurity. The interpretation can be very confusing and then sometimes scary. The core of cybersecurity involves protection and defense standards that help to remediate attacks and secure data. So, have we gained control of whats cybersecurity and how to control the issues? There are plenty of technology-driven practices in place, so what’s the problem? One area is that the mentality is very unstructured and overlooked. In the Cybersecurity Mindset: A Virtual and Transformational Mode, the mentality is discussed and presented formally. The technical and non-technical communities now have a playbook to learn and think about their security practices and understand protection basics.
The three pillars of IT security are Confidentiality, Integrity, and Availability – commonly called the CIA triad. Confidentiality is a principle that describes a need-to-know basis. For instance, not everyone should have access to your bank account. That’s why access requires a separate username. The creation of shared accounts can break the confidentiality scheme. Integrity is defined as free from modification. That means data transmitted and received should mirror the same format. If you transfer $1,000 to your significant other for “Valentine” day, their account should increase by $1,000, not by$10,000. Of course, they may like the digits – but sorry for you! You cannot take it back. Here is where integrity comes active. Our last principle is availability. Availability ensures that resources are available, such as a secure communication channel when executing the banking transfer, and your passwords are encrypted. Encryption enables confidentiality. It’s a secret representation of your password. When you type a password such as “SDER%$&JHV) *;jh,” it is converted into a possible 1,024 character with unique codes. Let’s not get too technical – but you see the point. There are various forms of availability, such as logging onto a system during specific periods. Some key areas are uptime, storage access, or accessing social media sites.
In the realm of IT Security, Vulnerabilities and Threats exist. A vulnerability is a weakness or loophole, such as a password structure. If an organization requires employee accounts to use 15-character passwords, and a user can successfully create a 4-digit password – that’s a vulnerability. Threats exploit vulnerabilities – this would be a hacker (threat agent). The hacker could have prior knowledge of the password complexity requirements and gain access to confidential information – such as an employee email message: “I have a 4-character password”!
As you can see, the goal is to secure data and information. As complex as cybersecurity may be – so is the complexity of knowledge. That means we must remain more intelligent, agile, and focused with the appropriate mentality.