(Cyber) Security Overview

Incident Response LIfecycle (NIST Framework)

The NIST (National Institute of Standards and Technology) defines a 6-phase approach:

  1. Preparation

    • Develop an incident response plan (IRP).
    • Train teams, conduct security awareness programs.
    • Implement security controls like firewalls, IDS/IPS.
  2. Identification

    • Detect anomalies through logs, SIEM tools, and alerts.
    • Confirm if an incident has occurred (malware, data breach, DDoS).
    • Classify the severity and type of attack.
  3. Containment

    • Stop the attack from spreading (isolate infected systems).
    • Implement temporary patches, disable compromised accounts.
    • Ensure forensic evidence is preserved.
  4. Eradication

    • Remove the root cause of the incident (malware, vulnerabilities).
    • Apply permanent fixes, patch vulnerabilities.
    • Strengthen security measures.
  5. Recovery

    • Restore affected systems from clean backups.
    • Monitor for lingering threats, ensure full functionality.
    • Reintegrate systems into production.
  6. Lessons Learned

    • Conduct a post-mortem analysis of the incident.
    • Document findings, update response plans.
    • Improve security policies and employee training.

Threat Intelligence

(from incident to problem)

Example Use Case

Cryptography

Cryptography is the practice of securing information by converting it into an unreadable format to prevent unauthorized access. It ensures confidentiality, integrity, authenticity, and non-repudiation of data.

Key Concepts:

Types of Cryptography:

  1. Symmetric Encryption – Uses one key for both encryption and decryption (e.g., AES).
  2. Asymmetric Encryption – Uses a public and a private key (e.g., RSA, ECC).

Uses in Cybersecurity:

Protects data in transit and at rest (e.g., SSL/TLS for web security).
Secures passwords (e.g., storing hashes instead of plaintext).
Enables secure authentication (e.g., digital signatures).
Prevents data tampering (e.g., message integrity checks).

Example: HTTPS encrypts web traffic using SSL/TLS, keeping user data safe from eavesdroppers.

Cryptography is essential for privacy, secure communication, and data protection in modern cybersecurity.

Network

OSI Model

The OSI (Open Systems Interconnection) model is a 7-layer framework that standardizes communication in a network:

  1. Physical Layer – Hardware, cables, and wireless signals.
  2. Data Link Layer – MAC addresses, switches, and error detection.
  3. Network Layer – IP addressing and routing.
  4. Transport Layer – Reliable data transmission (TCP, UDP).
  5. Session Layer – Managing communication sessions.
  6. Presentation Layer – Encryption, compression, data formats.
  7. Application Layer – User interactions (HTTP, FTP, DNS).

Relation to Cybersecurity:


Revision #1
Created 19 February 2025 09:06:53 by Max
Updated 19 February 2025 09:30:21 by Max