Cybersecurity Essentials: Information Assurance and Threat Definitions
Defining Information and Information Assurance (IA)
What is Information?
Information is a form of knowledge that we acquire through education, communication, practical experience, research, analysis, or ratiocination. It consists of data, facts, and conclusions.
- To the scientist concerned with communications theory, it is the opposite of entropy.
- To the computer scientist, it is any data that can be expressed as a sequence of ones and zeros.
Information Assurance (IA)
Information Assurance refers to measures that protect and defend information and information systems by assuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
Information assurance is comprised of the technologies and methods we use to protect the confidentiality, integrity, and availability of information and the computers, systems, and networks that create, process, store, and communicate our information.
Core Principles of Information Assurance
Confidentiality
Confidentiality ensures that information is not disclosed to unauthorized individuals, entities, or processes.
Assets Requiring Protection:
- Military and diplomatic information
- Personal information
- Privileged information
- Business secrets
- Economic secrets
- Geological, littoral, or environmental information
Authentication and Non-Repudiation
Confidentiality and integrity can only be protected if we can control access to information assets.
IA Capabilities and Risk Management
Protection, Detection, and Correction
- Protection Steps: Measures taken to ensure that our information assets and systems keep information safe from disclosure, misuse, or destruction. (As a practical matter, protection can never be 100%.)
- Detection Steps: Measures taken to recognize that information assets are vulnerable or are under attack.
- Correction: Includes Computer Emergency Response Teams (CERTs) and re-engineering to correct vulnerabilities.
Risk Management
Risk management involves identifying, assessing, and reducing risk to an acceptable level.
Risk Formula:
Risk = (Threats x Vulnerabilities) / (Countermeasures x Impact)
We must consider measures employed (PPT: People, Process, Technology) to ensure information characteristics (CIA: Confidentiality, Integrity, Availability) across various states (as it is stored, processed, and transmitted/communicated).
Understanding Cyber Threats
Defining a Threat
A threat is any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Threat Shifting Domains
Threat shifting describes how attackers adapt their strategies:
- Time Domain: Delay in attack or illegal entry to conduct additional surveillance.
- Target Domain: Selecting a different, less-protected target.
- Resource Domain: Adding resources to the attack in order to reduce uncertainty or overcome countermeasures.
- Planning/Attack Method Domain: Changing the weapon or path of the intended attack or illegal entry.
Malware Types and Definitions
Virus
A virus is a self-replicating program that runs and spreads by modifying other programs or files on a single computer.
Worm
A worm is a self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself to many computers.
Trojan Horse
A Trojan horse is a non-self-replicating program that seems to have a useful purpose as a legitimate file or helpful program, but in reality has a different, malicious purpose.
Blended Attack
A Blended Attack (sometimes called a “malware cocktail”) bundles some of the worst aspects of viruses, worms, Trojan horses, and malicious code into one single threat.
Metamorphic Code
Metamorphic code is used by computer viruses to translate their own binary code into a temporary representation, editing the temporary representation of themselves, and then translating the edited form back to machine code again.
Polymorphic Code
Polymorphic Code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact. The code changes itself each time it runs, but the function of the code will not change at all.
Logic Bomb
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Attack Vectors and Social Engineering Tactics
Attack Vector
An attack vector is an avenue or tool that a threat uses in order to gain access to a device, system, or network in order to launch attacks, gather information, or deliver/leave malicious items in those devices, systems, or networks.
Social Engineering
Social engineering is an attempt to trick someone into revealing information that can be used to attack systems or networks.
Phishing, Spear Phishing, and Whaling
- Phishing: Tricking an individual into disclosing sensitive personal information through deceptive computer-based means.
- Spear Phishing: Targets specific individuals.
- Whaling: Targets “big fish” like executives, celebrities, or high-ranking government officials.
Physical and Advanced Attack Methods
Covert Channel Attacks
A covert channel attack is an unauthorized communication path that manipulates a communications medium in an unexpected, unconventional, or unforeseen way in order to transmit information without detection by anyone other than the entities operating the covert channel.
Tailgating
Tailgating is when an attacker, seeking entry to a restricted area secured by unattended, electronic access control, simply walks in behind a person who has legitimate access.
Dumpster Diving
Dumpster Diving: Sifting through commercial or residential waste to find items that have been discarded by their owners, but that may prove useful to the dumpster diver.
Eavesdropping on Emanations
Eavesdropping on Emanations: Computer equipment emits electromagnetic impulses. Whenever you strike a computer key, an electronic impulse is sent into the immediate area or system buffer. Attackers may take advantage of these electronic emanations by monitoring, intercepting, and decoding them.
Password Cracking
Password cracking is the process of recovering secret passwords stored in a computer system or transmitted over a network.
Insider Threats and Cyber Espionage
Insider Threat
An insider threat is an entity with authorized access (i.e., within the security domain) that has the potential to harm an information system or enterprise through destruction, disclosure, modification of data, and/or denial of service.
Cyber Espionage
Cyber espionage is the act or practice of obtaining secrets without the permission of the holder of the information from individuals, competitors, rivals, groups, governments, and enemies for personal, economic, political, or military advantage using methods on the Internet, networks, or individual computers through the use of cracking techniques and malicious software including Trojan horses and spyware.
Critical Infrastructure Protection (CIP)
Critical Infrastructure Definition
Critical Infrastructure: Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.