You're reading for free via Dhanush N's Friend Link. Become a member to access the best of Medium.
Member-only story
How to Build a Strong Cybersecurity Strategy ?
Not a Medium member? Read here for free
In the ever-evolving landscape of cybersecurity, organisations must adopt comprehensive strategies to protect sensitive data and maintain system integrity. Let’s explore some critical concepts and frameworks that serve as the backbone of modern information security, from Defence in Depth to threat modeling and incident response.
Defence in Depth: The Layered Approach
“Defence in Depth” is a multi-layered strategy that integrates varied security measures across an organisation’s systems and data. The idea is simple: multiple layers of protection create redundancy, ensuring that if one barrier is breached, others remain to safeguard the perimeter. This approach provides organisations with robust protection against diverse threats.
The CIA Triad: Cornerstone of Security Policies
The CIA Triad — Confidentiality, Integrity, and Availability — is the foundation of information security. Every security policy considers these three principles to balance protection with accessibility.
- Confidentiality ensures data is accessed only by authorised individuals.
- Integrity prevents unauthorised alterations to data.
- Availability guarantees that data is accessible when needed.
Access Management: Principles of Privileges
Access control is vital in safeguarding sensitive data. The level of access assigned depends on an individual’s role within the organisation and the sensitivity of the data in question. Two critical methodologies for managing privileges are:
- Privileged Identity Management (PIM): Assigns access based on roles and responsibilities.
- Privileged Access Management (PAM): Controls and audits system access rights to manage privileges effectively.
Security Models: Ensuring Confidentiality and Integrity
Bell-LaPadula Model
Designed to uphold confidentiality, the Bell-LaPadula model operates on hierarchical structures, commonly used in organisations like the military.
Key rule: “Can’t read up, can read down.”
Biba Model
The Biba model focuses on integrity, ensuring data accuracy by preventing unauthorised modifications.
Key rule: “Can read up, can’t read down.”
- For military organisations, the Bell-LaPadula model ensures restricted access to classified information.
- For software development, the Biba model ensures data remains untampered.
Threat Modelling and Incident Response: Preparing for the Unexpected
Effective cybersecurity involves proactive threat modelling, akin to workplace risk assessments. This involves:
- Preparation
- Identification
- Mitigation
- Review
Popular frameworks for threat modelling include:
- STRIDE: Spoofing identity, Tampering with data, Repudiation threats, Information disclosure, Denial of Service and Elevation of privileges. Addresses spoofing, tampering, repudiation, information disclosure, denial of service and privilege escalation.
- PASTA: Process for Attack Simulation and Threat Analysis. Focuses on attack simulation and threat analysis.
Incident Response (IR)
Despite best efforts, incidents occur. Incident response ensures organisations can recover efficiently. A Computer Security Incident Response Team (CSIRT) typically handles such situations, following six phases:
- Preparation: Proactive measures to reduce risks.
- Identification: Recognising incidents as they occur.
- Containment: Isolating the threat.
- Eradication: Removing the threat from the system.
- Recovery: Restoring systems and data to operational status.
- Lessons Learned: Reflecting on the incident to improve future defenses.
Key Takeaways
Defence in Depth
A layered approach ensures no single point of failure compromises your organisation’s security.
CIA Triad
Balancing Confidentiality, Integrity, and Availability is essential for robust security policies.
Access Control
Use PIM and PAM to effectively manage access based on roles and data sensitivity.
Security Models
Leverage the Bell-LaPadula and Biba models to secure confidentiality and integrity, respectively.
Threat Modelling and IR
Proactive threat assessments and efficient incident response keep your organisation resilient against cyber threats.
By integrating these principles and frameworks, organisations can build a robust cybersecurity infrastructure, ensuring they are prepared to prevent, detect, and respond to threats in an increasingly connected world.
