Before starting our exciting journey to the cyberland, to be able to talk the same language you need to get familiar with fundamental terminology and acronyms. Please check them out first. I do not expect you to memorize them but you should be familiar with the terms and abbreviations. In this first part of the fundamentals of cybersecurity series, we review the basic terms and the main pillars of cybersecurity such as CIA Triad, the Cyber Kill Chain, MITRE ATT&CK and the Diamond Model.
IT Security vs Cybersecurity vs Network Security
IT Security, Cybersecurity, and Network Security are not the same thing. Let’s clear this up once and for all! So, What are they? and What’s the difference?
IT Security is the set of defenses put in place to counter threats to technology infrastructure and data resources. IT security ensures protection for both physical and digital data.
Cybersecurity is the act of securing and protecting individuals, businesses, organizations, and governments that are connected to the Internet and the Web. Cybersecurity, a subset of information security (or IT security, also known as InfoSec).
Network Security is to protect networking components, connections, and contents. Network security, a subset of cybersecurity.
Confidentiality, Integrity, and Availability (CIA) triad is one of the main pillars of cybersecurity. Confidentiality helps prevent the unauthorized disclosure of data. Integrity provides assurances that data has not been modified, tampered with, or corrupted. Availability indicates that data and services are available when needed.
Confidentiality, Integrity, and Availability Model and Related Impact figure by ISACA may give you a better idea about CIA Triad.
Cybersecurity Threat Agents
A mind-map of Cybersecurity Threat Agents developed by the European Union Network and Information Security Agency (ENISA) can give us an idea about the cyber actors.
The Cyber Kill Chain, MITRE ATT&CK, The Diamond Model
Developed by Lockheed Martin, the Cyber Kill Chain® framework is part of the Intelligence Driven Defense® model for the identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objectives. The seven steps of the Cyber Kill Chain® enhance visibility into an attack and enrich an analyst’s understanding of an adversary’s tactics, techniques, and procedures.
MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
The Diamond Model of intrusion analysis, comprising the core features of an intrusion event: adversary, capability, infrastructure, and victim. The core features are linked via edges to represent the fundamental relationships between the features that can be exploited analytically to further discover and develop knowledge of the malicious activity. The meta-features are listed as well, and while not core features, highlights their importance in higher-order analysis, grouping, and planning functions.