Security Standards  «Prev  Next»

Lesson 1

Introduction to Security Standards and Network Security and Firewalls

More companies are starting to rely extensively upon the Internet for commerce, communication, and collaboration.
Now, more than ever, the integrity of sensitive information and lines of communication is an all-important concern.
Responding to threats such as viruses and hackers is a critical part of any network administrator's job.
This module discusses security, security risks and standards, and gives you some guidelines for creating a security policy for your business.

Objectives

By the end of this module, you will be able to:
  1. Describe security and security statistics
  2. Describe the types of security risks created by hackers
  3. List the attributes of an effective security system
  4. Describe security standards in current use
  5. Plan a security policy for your business
  6. Increase security effectiveness by establishing organizational training

Key Principles of Network Security

Network security revolves around the three key principles of confidentiality, integrity, and availability (C-I-A). Depending upon the application and context, one of these principles might be more important than the others. For example, a government agency would encrypt an electronically transmitted classified document to prevent an unauthorized person from reading its contents. Thus, confidentiality of the information is paramount. If an individual succeeds in breaking the encryption cipher and, then, retransmits a modified encrypted version, the integrity of the message is compromised. On the other hand, an organization such as Walmart.com would be severely damaged if its network were out of commission for an extended period of time. Thus, availability is a key concern of such e-commerce companies.

Confidentiality

Confidentiality is concerned with preventing the unauthorized disclosure of sensitive information. The disclosure could be intentional, such as breaking a cipher and reading the information, or it could be unintentional, due to carelessness or incompetence of individuals handling the information.

Integrity

There are three goals of integrity:
  1. Prevention of the modification of information by unauthorized users
  2. Prevention of the unauthorized or unintentional modification of information by authorized users
  3. Preservation of the internal and external consistency
    a) Internal consistency ensures that internal data is consistent. For example, in an organizational database, the total number of items owned by an organization must equal the sum of the same items shown in the database as being held by each element of the organization.
    b) External consistency ensures that the data stored in the database is consistent with the real world. Relative to the previous example, the total number of items physically sitting on the shelf must equal the total number of items indicated by the database.
Cybersecurity standards are techniques generally set forth in published materials that attempt to protect the network environment of an organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks. The principal objective is to reduce the risks, including prevention or mitigation of cybersecurity attacks. These published materials consist of collections of 1) tools, 2) policies, 3) security safeguards, 4) guidelines, 5)risk management approaches, 6) training, 7) best practices, 8) assurance and technologies.
The choice between writing cybersecurity as two words (cyber security) or one (cybersecurity) depends on the institution. The spelling in Europe tends to consist of two words.