Lesson 1 - Security Architecture and Controls
Objectives:
• Introduction
• CIA tried
• Security vulnerabilities, threats, risks and exposure\cyberattack elements
• Defense in depth
Introduction: attackers make more attacks when the users use automation
Why security architecture? It aims to examine existing processes technologies and models to
understand where the gaps are found and apply frameworks and controls to mitigate the potential
damage of threats
Robust security is applied to ensure that organization have good infrastructure to prevent, detect
and respond to attacks, it helps to determine when and which technologies to implement, giving
security decision makers the ability to add new capabilities
What is security architecture? Is a strategy for designing and building company’s security
infrastructure, it includes like policy, risk management and determination of controls and
procedures, it is applied in network security, application security and business information
security, it takes approach to combine security measures with business objectives across people,
processes and technology
Benefits of security architecture:
• Reduce security breaches: with robust cybersecurity architecture reduce the volume and
severity of threats by systematically addressing security issues
• Speed up response time: strong security architecture closes those gaps and provide
protocols in the event of breach since security teams are equipped to respond
immediately and eliminate threats as soon as it appears
• Improve operational efficiency: critical updates, threat response and user experience are
closely managed creates a highly scalable security infrastructure that maximizes
operational efficiency
• Comply with industry regulations: strong security architecture helps to ensure
compliance with relevant authorities and regulations
CIA tried:
• Confidentiality: refers to the protection of data and ensure that is accessible by
authorized users
Exp of breaches on confidentiality: stealing credit card data, shoulder surfing, stealing
password and breaking encryption
Confidentiality attained by: encryption, access control and awareness training
• Integrity: ensure that the data is modified by authorized people, ensure accuracy and
reliability
, Exp of breaches on integrity: when an attacker insert virus, logic bomb, back door into
system defaces web site or changes the content of files
Integrity attained by: hashing and digital signature
• Availability: ensure that data is accessible 7/24
Exp of breaches on availability: DoS, distributed DoS, and disaster
Availability attained by: load balancing, redundant network and power, backup and
business continuity management
Security vulnerabilities, threats, risks, and exposures:
• Vulnerabilities: any weakness can be exploited, exp: applications vulnerabilities,
unpatched systems and misconfigured network devices
Exp: company has antivirus software but is expired and does not keep the signatures up
to date
• Threats: any event that can damage and exploitation of vulnerabilities, actors that exploit
vulnerabilities are called threat agents
Exp: a virus will show up in the environment and disrupt productivity
• Exposure: the potential that security breach could occur
Exp: unpatched system exposes the organization to potential loss
• Risk: the likelihood that a vulnerability could be exploited and corresponding impact of
such an event, risk ties the vulnerability, threat and likelihood of exploitation to the
resulting business impact
Exp: is the likelihood of a virus infiltrates the company’s environment and the resulting
potential damage
• Countermeasures: a control that put in place to mitigate a risk, controls include the use
of access control lists, deployment of firewalls, enforcement of strong password and the
use of encryption
situation is to purchase and install the Antivirus software on all computers
Note: the main objective of architecture is to reduce the risk of security breaches, protect
companies from threats and align with company goals
Cyberattack elements:
• Reconnaissance: the attacker tries to collect information as much as the attacker can like
domain names, corporate information, network diagram, network diagrams, names of
employees and key managers
• Enumeration: the attacker analyzes the reconnaissance to identify and target specific
people, departments and names
• Exploitation: this involves investigation and exploiting specific vulnerabilities to gain
unauthorized access to the enterprise
• Action on objectives: this involves exfiltration or stealing data (compromise of
confidentiality), modifying data (compromise on integrity) and disrupting the
environment (compromise on availability)
, Defense on depth: is the concept that a company should not relay on one control for protection
but need to use layers of control to increase the work factor of potential attack
Is the coordinated use of multiple security in a layered approach, multilayered defense system
minimize the probability of successful penetration and compromise, because the attacker will
need to overcome multiple layers of protection
Questions:
A student compromises a system that contains test grades and changes her grade on a recent
test from a D to A. Which of the following has been compromised?
A. Integrity
B. Availability.
C. Confidentiality
D. Both Availability and Integrity
Which of the following is the most correct?
A. A countermeasure is usually intended to reduce a threat.
B. Risks, threats, and exposures are generally the same.
C. Vulnerabilities are the result of poor password management.
D. A countermeasure is a control that is put into place to mitigate a risk
The purpose of NIST framework is to establish a set of standardized, minimum-security controls
for IT systems addressing low, moderate, and high levels of concern for
A. Confidentiality, Integrity and Availability
B. Assurance, Compliance and Availability
C. International Compliance
D. Integrity and Availability
Which of the following is the MOST important for a Security Architect to understand when
identifying threats?
Objectives:
• Introduction
• CIA tried
• Security vulnerabilities, threats, risks and exposure\cyberattack elements
• Defense in depth
Introduction: attackers make more attacks when the users use automation
Why security architecture? It aims to examine existing processes technologies and models to
understand where the gaps are found and apply frameworks and controls to mitigate the potential
damage of threats
Robust security is applied to ensure that organization have good infrastructure to prevent, detect
and respond to attacks, it helps to determine when and which technologies to implement, giving
security decision makers the ability to add new capabilities
What is security architecture? Is a strategy for designing and building company’s security
infrastructure, it includes like policy, risk management and determination of controls and
procedures, it is applied in network security, application security and business information
security, it takes approach to combine security measures with business objectives across people,
processes and technology
Benefits of security architecture:
• Reduce security breaches: with robust cybersecurity architecture reduce the volume and
severity of threats by systematically addressing security issues
• Speed up response time: strong security architecture closes those gaps and provide
protocols in the event of breach since security teams are equipped to respond
immediately and eliminate threats as soon as it appears
• Improve operational efficiency: critical updates, threat response and user experience are
closely managed creates a highly scalable security infrastructure that maximizes
operational efficiency
• Comply with industry regulations: strong security architecture helps to ensure
compliance with relevant authorities and regulations
CIA tried:
• Confidentiality: refers to the protection of data and ensure that is accessible by
authorized users
Exp of breaches on confidentiality: stealing credit card data, shoulder surfing, stealing
password and breaking encryption
Confidentiality attained by: encryption, access control and awareness training
• Integrity: ensure that the data is modified by authorized people, ensure accuracy and
reliability
, Exp of breaches on integrity: when an attacker insert virus, logic bomb, back door into
system defaces web site or changes the content of files
Integrity attained by: hashing and digital signature
• Availability: ensure that data is accessible 7/24
Exp of breaches on availability: DoS, distributed DoS, and disaster
Availability attained by: load balancing, redundant network and power, backup and
business continuity management
Security vulnerabilities, threats, risks, and exposures:
• Vulnerabilities: any weakness can be exploited, exp: applications vulnerabilities,
unpatched systems and misconfigured network devices
Exp: company has antivirus software but is expired and does not keep the signatures up
to date
• Threats: any event that can damage and exploitation of vulnerabilities, actors that exploit
vulnerabilities are called threat agents
Exp: a virus will show up in the environment and disrupt productivity
• Exposure: the potential that security breach could occur
Exp: unpatched system exposes the organization to potential loss
• Risk: the likelihood that a vulnerability could be exploited and corresponding impact of
such an event, risk ties the vulnerability, threat and likelihood of exploitation to the
resulting business impact
Exp: is the likelihood of a virus infiltrates the company’s environment and the resulting
potential damage
• Countermeasures: a control that put in place to mitigate a risk, controls include the use
of access control lists, deployment of firewalls, enforcement of strong password and the
use of encryption
situation is to purchase and install the Antivirus software on all computers
Note: the main objective of architecture is to reduce the risk of security breaches, protect
companies from threats and align with company goals
Cyberattack elements:
• Reconnaissance: the attacker tries to collect information as much as the attacker can like
domain names, corporate information, network diagram, network diagrams, names of
employees and key managers
• Enumeration: the attacker analyzes the reconnaissance to identify and target specific
people, departments and names
• Exploitation: this involves investigation and exploiting specific vulnerabilities to gain
unauthorized access to the enterprise
• Action on objectives: this involves exfiltration or stealing data (compromise of
confidentiality), modifying data (compromise on integrity) and disrupting the
environment (compromise on availability)
, Defense on depth: is the concept that a company should not relay on one control for protection
but need to use layers of control to increase the work factor of potential attack
Is the coordinated use of multiple security in a layered approach, multilayered defense system
minimize the probability of successful penetration and compromise, because the attacker will
need to overcome multiple layers of protection
Questions:
A student compromises a system that contains test grades and changes her grade on a recent
test from a D to A. Which of the following has been compromised?
A. Integrity
B. Availability.
C. Confidentiality
D. Both Availability and Integrity
Which of the following is the most correct?
A. A countermeasure is usually intended to reduce a threat.
B. Risks, threats, and exposures are generally the same.
C. Vulnerabilities are the result of poor password management.
D. A countermeasure is a control that is put into place to mitigate a risk
The purpose of NIST framework is to establish a set of standardized, minimum-security controls
for IT systems addressing low, moderate, and high levels of concern for
A. Confidentiality, Integrity and Availability
B. Assurance, Compliance and Availability
C. International Compliance
D. Integrity and Availability
Which of the following is the MOST important for a Security Architect to understand when
identifying threats?
