Security Standards and Network Security and Firewalls
More companies are starting to rely extensively upon the Internet for commerce, communication, and collaboration.
Now, more than ever, the integrity of sensitive information and lines of communication is an all-important concern.
Responding to threats such as viruses and hackers is a critical part of any network administrator's job.
This module discusses security, security risks and standards, and gives you some guidelines for creating a security policy for your business.
By the end of this module, you will be able to:
- Describe security and security statistics
- Describe the types of security risks created by hackers
- List the attributes of an effective security system
- Describe security standards in current use
- Plan a security policy for your business
Increase security effectiveness by establishing organizational training
Key Principles of Network Security
Network security revolves around the three key principles of confidentiality, integrity, and availability (C-I-A). Depending
upon the application and context, one of these principles might be more important than the others. For example, a government
agency would encrypt an electronically transmitted classified document to prevent an unauthorized person from reading its contents. Thus, confidentiality of the information is paramount. If an individual succeeds in breaking the encryption cipher and, then, retransmits a modified encrypted version, the integrity of the message is compromised. On the
other hand, an organization such as Walmart.com would be severely damaged if its network were out of commission for an extended period of time. Thus, availability is a key concern of such e-commerce companies.
Confidentiality is concerned with preventing the unauthorized disclosure of sensitive information. The disclosure could be intentional, such as breaking a cipher and reading the information, or it could be unintentional, due to carelessness or incompetence of individuals handling the information.
There are three goals of integrity:
- Prevention of the modification of information by unauthorized users
- Prevention of the unauthorized or unintentional modification of information by authorized users
- Preservation of the internal and external consistency
a) Internal consistency ensures that internal data is consistent. For example, in an organizational database, the total number of items owned by an organization must equal the sum of the same items shown in the
database as being held by each element of the organization.
b) External consistency ensures that the data stored in the database is consistent with the real world. Relative to the previous example, the total number of items physically sitting on the shelf must equal the total
number of items indicated by the database.
Cybersecurity standards are techniques generally set forth in published materials that attempt to protect the network environment of an organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.
The principal objective is to reduce the risks, including prevention or mitigation of cybersecurity attacks.
These published materials consist of collections of 1) tools, 2) policies, 3) security safeguards, 4) guidelines, 5)risk management approaches, 6) training, 7) best practices, 8) assurance and technologies.
The choice between writing cybersecurity as two words (cyber security) or one (cybersecurity) depends on the institution. The spelling in Europe tends to consist of two words.