CIA, Parkerian Hexad, Risk Management and Incident Response
This week’s content involves Information Security.
The core model of all information security is the CIA Triad.
Triad: a union or group of three ”Merriam-Websters Dictionary
The CIA Triad consists of three main concepts: Confidentiality, Integrity, and Availability. The negative form of this triad would involve disclosure, alteration, and denial.
The Parkerian Hexad is a model that includes the CIA Triad. The difference is that it includes three more concepts to consider: utility, authenticity, and possession or control.
The CIA Triad and Parkerian Hexad were reviewed, we also reviewed four attack categories and their relation to the CIA Triad.
The four attack categories are Interception, Interruption, Fabrication, and Modification.
- Interception impacts Confidentiality.
- Interruption impacts Integrity and Availability.
- Fabrication impacts Integrity and Availability.
- Modification impacts Integrity and Availability.
When dealing with attacks, two concepts come to mind – Risk Management and Incident Response.
Why is Risk Management important? It allows us to identify assets, threats, vulnerabilities, and take steps to mitigate (lessen the impact) risks. Within the why are the steps of risk management.
- Identify and Categorize Assets
- Identify Threats
- Assess Vulnerabilities
- Assess Risks
- Mitigate Risks, while using controls such as physical, logical or technical, and adminstrative
How does risk management relate to incident response?
When risk management fails, incident response steps in. Houston, we have a problem and it is time to take action.
The first step is ensuring you are prepared to handle the incident.The first step in ensuring you are prepared for an incident should be taken before an event happens. Waiting until after a disaster occurs is not an efficient use of skill or resources. Preparation can include creating plans, training, or running drills.
After preparation comes detection and analysis. Did an incident occur, and through what lens do we analyze it?
The first step is ensuring you are prepared to handle the incident. Tools and/or services are used to conduct this analysis, such as Security Information and Event Management (SIEM) technology.
After an incident has been detected, it has to be contained. This is the next step, Containment.
Containment should start at the edges of the active incident to prevent the spread of damage to the environment. Containment will typically lead to the root of the incident which leads to eradication, the next step in the process.
After containing the cause, it needs to be removed. Eradication, our next step.
Okay, so we have detected, contained, and eradicated the problem. Recovery is now vital. The system should be brought back to the state in which it was prior to the incident. Once the system is restored or recovered, it’s time for post-incident activity, which involves discussing what happened and how to decrease the chances of it happening again.
Allow me to encourage you to push further into researching and understanding the above information.
It’s been a great week focused on information security.
Stay Tuned For More…