Episode 1 - The Security Triad

By
This episode talks about the 3 pillars of information security - Confidentiality, Integrity, and Availability. 

Comments

Post a Comment

You may also like to read...

The CISSP CAT Exam Experience

By
Image
I wrote a blog post in the month of December where I detailed about the new CISSP CAT format being launched by the (ISC)2. The post gave details about the new exam – what would it be all about, what does the new exam mean for you and important points to consider. Well, since I had passed the exam way back in July, there was no way, I would decide to sit for this difficult exam again. Luckily, few of my friends gave the CISSP CAT exam and passed it, so I spoke to them to understand their experience with this new exam format and decided to write about it. So here it goes… The Study Material The first question that comes to everyone’s mind is – Do I need to look for a new study material since the exam format has changed. The answer is NO. The CISSP study material remains the same. My friends referred to the following material, but this is not an exhaustive list in any way. My recommendation would be to stick to one particular book and get to know every word and line of it. ...
Continue Reading...

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

By
Image
Identity and Access Management is an extremely vital part of information security. An access control model is a framework which helps to manage the identity and the access management in the organization. There are 5 main types of access control models: discretionary, rule-based, role-based, attribute-based and mandatory access control model. Every model uses different methods to control how subjects access objects. While one may focus on rules, the other focus on roles of the subject. As a security professional, we must know all about these different access control models. While one company may choose to implement one of these models depending on their culture, there is no rule book which says that you cannot implement multiple models in your organization. These models are built into the core or the kernel of the different operating systems and possibly their supporting applications. Every operating system has a security kernel that enforces a reference monitor concept, whi...
Continue Reading...

Cryptographic Hash Function Explained: A Beginner’s Guide

By
Image
Your fingerprints help identify you uniquely. Your fingerprints are made of multiple lines that run in a fashion that is unique for every individual on this planet. A slight change in the fingerprint will result in altogether a new person. Well, hash values can be thought of as fingerprints for files and it’s time for us to understand in detail about them. Hash values are generated by a mathematical function called the one-way hash function. A one-way hash is a function that takes a variable-length string (a message) and produces a fixed-length value called a hash value.  Furthermore, a one-way hash function is designed in such a way that it is hard to reverse the process, that is, to find a string that hashes to a given value (hence the name one-way.) A good hash function also makes it hard to find two strings that would produce the same hash value. All modern hash algorithms produce hash values of 128 bits and higher. For example - If I want to send across a message to my...
Continue Reading...

Symmetric and Asymmetric Cryptography

By
Image
Having learned about cryptography in the previous article, it is now time to learn about the types of cryptography. You are right, nothing is complete till we understand its types and subtypes and so on. Remember, your best friends, Alice and Bob!!! They are going to help us understand the types of cryptography. Before we go into the details, we ought to recapitulate a few terms.  1. Plain text – Data in a readable or understandable format. 2.  Ciphertext – Random and unreadable text  3. Encryption – Process of converting plain text into cipher text. 4. Key – Sequence of random bits 5. Algorithm – Rules by which encryption and decryption will take place. It is really important to clearly understand these terms, else, the journey ahead will be difficult. So lets us begin. Cryptography algorithms are either symmetric algorithms, which use symmetric keys (also called secret keys), or asymmetric algorithms, which use asymmetric keys (also ca...
Continue Reading...

Understanding TCP & UDP

By
Image
Have you ever wondered what happens behind the scenes when you click a video on your favorite website? Or when you are trying to log onto a secure website? There are multiple protocols that run behind the scenes to help you out and allow you to watch that favorite video of yours or buy that dress which you longed for. Two such important protocols are TCP ( Transmission Control Protocol) and UDP (User Datagram Protocol). These are one of the two most common protocols used during networking and setting up a secure infrastructure. Multiple services run on the top of this protocol or in simple terms utilize their services. Before we go further and understand the technicalities involved, we must try to learn what happens in simple terms. Everything we work upon is actually one and zeros only in the computer universe. The data that is sent across from one computer to another is a bunch of ones and zeros flowing from here to there. For the sake of simplicity, we will call this b...
Continue Reading...