Security Principles Wrap-Up

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> Hi, everybody. For all the security principles
00:00
in the CIA triad,
00:00
we have to remember some security concepts.
00:00
First of all, security through
00:00
>> obscurity is not security.
00:00
>> There's two schools of thought with software security.
00:00
There's open code,
00:00
so that folks can look at the code
00:00
>> and recommend changes.
00:00
>> For example, TCP/IP is an open protocol,
00:00
Unix and Linux are open operating systems,
00:00
or the alternative is to have closed
00:00
and proprietary code like Microsoft.
00:00
The thought with closed code,
00:00
if you can't see it, you can't break it.
00:00
But that is security through obscurity,
00:00
and it doesn't work. We prefer openness.
00:00
Another idea is security by design.
00:00
We design a product to be secure.
00:00
Instead of coming along later,
00:00
and realizing that something is not secure.
00:00
We start by thinking about security from
00:00
the very beginning in the design of our products.
00:00
We haven't always done this.
00:00
For example, IP, HTTP,
00:00
FTP, these are all protocols that are not secure.
00:00
They had to be made secure later,
00:00
after they were designed.
00:00
Then last but not least,
00:00
layered defense is a security concept.
00:00
Here, we make an attacker go through a series of
00:00
controls and you make those controls different.
00:00
If you think about physical security,
00:00
you don't just have multiple fences.
00:00
Instead you have fences,
00:00
but also security guards,
00:00
swipe card access, maybe biometric scans, etc.
00:00
You can apply the same principle for
00:00
securing our data and our systems.
00:00
That wraps up some of those principles
00:00
and basics of security.
00:00
Always go back to the CIA triad,
00:00
confidentiality, integrity, and availability.
00:00
Those are tenants of security
00:00
and we always want to protect them.
00:00
Watch for threats like social engineering.
00:00
Consider what happens to your data remnants.
00:00
With integrity, we think about
00:00
modifications so we use hashes or digital signatures.
00:00
Then when we think about availability,
00:00
we think about denial-of-service,
00:00
so we make sure we have redundancy in place.
Up Next