2.2 Understanding Security Layers Part 2
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
2 hours 22 minutes
Hello and welcome back to the Cyber is empty. A 98 3 67 security Fundamental certification Prep course As a reminder. This is a continuation on Marjah one where we begin the price of discussing again understanding security layers in the previous presentation. Discuss understanding, security principles
moving forward. Be looking at understanding
physical security that was understanding, threat modeling.
We begin also at last in the last president recall we discuss the state of my security. We learned that it's becoming apparent that
they just simply by Maur hardware and software opposite, not to complete answer to the issue of dealing specifically security because security is a moving target. The answers to improve the price of security information, not merely some of the technical mechanism. This is a process called governess. So what is in fact governess
now, according to the I T Governess Institute
again, governess is a set of responsibilities and practice exercise by your board of directors and Executive mansion.
Obviously, the goal is to provide strategic direction, ensuring that objectives are chief, ascertained that risk or mention appropriately and verifying that the enterprise resource use responsibly. So influence security Governess is the responsibility of the border directors and senior is active. It must be an inter get transplant. Part
off Enterprise Governor must be a line with Artie governors
frameworks. That's very important. We also learn again and the previous processing by the CIA Triad. We learned that the CIA tra it represents something that we scrapped. Detain whether then a agency of the United States government. We learn what comes into, Alan admit well, his integrity as well as availability. So that brings us to a pre assessment question.
But this particular course instruction
would your father in the first line of defense when set up your network is a physically security network, Is it be configured a dedication? Is the sea configure encryption or configure access control nous? If you said like that, eh? You're absolutely correct because your first line of defense is physical security.
So, looking at physical security, we realize that fits extremity
is in fact the first on the fence. There number of factors to consider when you design and implement or reviewing your physical security marriages taking to protect your assets, your assets could be people gonna be o B software. It can be computers and so forth. These include understanding the site, security and computer security, securing removal devices.
And and it was looking at your access control.
Also agitating again the security level of your mobile devices. This they've been logging on locally capability and identifying and removing what we call key logger. So these are things that we could do from a proactive standpoint.
Then we have to look at access control Now. Access control is the price of descriptive access to resource, the only permit users application or computer systems. When you look at access control, using must present credentials before they can be granted access and physical system, these credentials may come and some many forms,
but credentials that can't be transferred
provide the most security. So after control is a way of limited access to your system or they're physically or virtual resource is as well.
Now another important components called defence in depth. Now it's an approach to Cyprus Court in which you have a serious of defensive mechanism, are layered in order to protect valuable data. Information it one mechanism failed. Another steps up Emilie toe throught the attack. This multilayered approach with intentional redundancies, increase your security
as a whole and addressed many different attack vectors.
Defence in depth is common for two as a castle approach because it mirrors the layered defenses of a medieval castle. Before you can penetrate a castle, you're faced with the most
with a moat you got again. You may have some alligators that you got towels. You got battlements and so forth
force the goal of physical security again. It is basically described merger designed to ensure the physical protection Artie assets like facilities, equipment, personnel resource and other properties from damage and are not devise physical access. Physical game We look at physical security measures are taking an order
to protect those assets from physical threats, including theft, vandalism, fire
as well as what we call natural disasters again. Some of the things that we can do to ensure that we had looking at that occasion making sure again, in the case of something, means verifying the identity of the person who's actually trying to access that resource access control opposite. Once a person has getting. We went through the process that in case it didn't you have access control,
did you to figure out what that person that needs to happen. That's baseball.
I need to know, or at least privilege. We also had to make sure we have processes in place, toe on it again and seeing what people are doing Now. There's two primary phases of physical skill. You have deterrent basis methods in and measures that are meant to deter attacks. Then we have detection.
It allows security personnel to take
and locate potential intruders using what we call some type of surveillance equipment like cameras, motion sensor security lights personal like security guards and well, as watchdogs.
Fours are physical remedies again. They could be divided. Three logical areas. External primer, perimeter
internal permanent as what? Our secure areas as well.
So we're looking at external we had given them. We're talking about something. It could be your first out of defence that's comprised of cameras. You may have parking lot life. These are things that you have on the very outskirts of your perimeter.
Another area again when we're looking at Security House what they consider an internal security permanent again. One where we can have a mitigate. Those exposed by having locks makes you have God deaths, patrol smoke detectors. These are things that we could be doing print by as a proactive measures to mitigate exposures.
Then we have our area call secure areas.
Now again, we could actually implement card readers. We can implore biometrics technology cameras. These are things that we get ruin the securities areas. You lies in various types of technologies.
We still have to think about. Computer security is very important because if you want a computer, be perfect secure. You can't feel it with concrete and dumped into the ocean. This will protect any information on the computer from inappropriate use. Unfortunately, what happens? The computer would be completely unusable. So you probably don't want to do that since you want to.
Since you want to both usual computer
and keep it safe, you should practice what we call a good computer and security. Computer security allows you to use the computer while keeping it safe from threats. So again, we want to make sure that we implement these various controls. So as we can protect those devices as well. We also have to think about the mobile devices
because what we're starting to see 90 move over the ice and coming price
quite prevailing. within that society often tell you, have people have tablets their iPhone with all these various mobile devices, mobile devices and mobile stores devices? Among the business. Biggest challenge that facing many organization, particularly when we look at Security Professionals Day because of their size as well as their popularity
well said to think about our removal device is now is when you think of our more devices any type of stores, advice that could be removed from a computer while the system is running. Example. Mood of media includes CDs, DVDs, blue Ray discs as well as discounts and USB drives as well or thumb drives.
So again, this is kind of shown us again. The three basic types of security issues again associate again when you look at move device that thing about loss
obscene, deaf as well as expert. Not so again, these are things that we had to look at.
Then we have again term call key loggers. Now, key logger is a physical or larger device used to capture keystrokes. What happens? Attacker will either place a device between the keyboard and in feeder or install a software program to record each keystroke taken and then he or she can use the software
to repent. Basic little ***. When we play the data and capture the critical information
like, for example, your used I D. You're you're so security information and so forth. So key logger is a physical, ah, larger device used to capture key scopes.
Now we get to threaten modeling now opposite. When you look at threat, Mullen is a process by which potential threats such a scriptural, vulnerable is can be identified, enumerated and prioritize. All for my hypothetical attack or point of view. Threaten, Madam. It's a procedure for optimizing your network security by identifying your vulnerabilities or the worst. Your weakness. Identifying their risk
in the worst Ahlborn certain Liza's well,
so again, these are things that we can do
looking at Threat Marlon that brazen out to a post assessment question here.
Which of the following is a physical or larger device used to capture key scope? Is it a your USB flash drive? Is it B p. D A. Is it see a smartphone
or d Your key logger,
if you sell it again on the key. Lovely, absolutely correct is the key. Lara is a physical or logical device isn't used to capture your key. Scopes and attacker were either placed that device between the keyboard and then computer or installed a software program to record each keystroke take. And then he or she can use it somewhere
to replay the data and capture critical information. Maybe mention before
you had the information and so forth.
Now, doing this particular model margin among one we discussed understanding security principles was understanding. Physical security is, well, it's understanding the term call threat modeling
in the upcoming module margin Number two will be just guessing. What would the term call dedication authorization in a county specifically looking at understanding user authentication, as was understanding permission? Look forward to seeing your next video.