This topic will introduce the key concepts, terminology and definitions relevant to cyber security, relevant to gathering data from various sources, analysing and interpreting threat data.
In this topic, you will learn about:
- cybersecurity best practices and guidelines
- the CIA triad
- cyber security threat hunting.
Let us begin.
ISM: Cybersecurity Principles
The Information Security Manual (ISM) published by the Australian Signals Directorate (ASD) outlines a cyber security framework that organisations can apply to safeguard their data and systems from cyber threats. The ISM servers as a comprehensive framework that outlines cybersecurity principles, strategies and controls for implementing effective cybersecurity measures.
The ISM also emphasises risk management, promoting a proactive approach to identify, assess, and mitigate cybersecurity risks. It advocates for continuous monitoring, incident response planning, and user education to foster a resilient cybersecurity posture. By adhering to the ISM, organisations can strengthen their cybersecurity defences and respond effectively to evolving threats, aligning with international best practices for information security. 4
The Essential Eight Maturity Model
The Essential Eight Maturity Model is a framework developed by the Australian Signals Directorate (ASD) to help organisations enhance their cybersecurity posture by focusing on eight essential strategies. These strategies are designed to mitigate a range of cyber threats effectively.
How It Is Used to Gather, Analyse and Interpret Threat Data
Gathering threat data: The maturity model encourages organisations to implement controls that can generate valuable threat data, such as logs and alerts related to application whitelisting, user authentication attempts and system configurations.
Analysing threat data: Security teams can analyse threat data generated by the implemented controls to identify anomalies, potential security incidents, or unauthorised activities. For example, analysing logs from application whitelisting can reveal attempts to execute unauthorised code.
Interpreting threat data: The maturity model provides a structured framework for interpreting threat data in the context of the implemented controls. For instance, analysing user authentication logs in conjunction with multi-factor authentication implementation can help assess the effectiveness of access controls.
Reading
Refer to the Information Security Manual (ISM) and read about the cybersecurity principles.
The CIA triad is a fundamental concept in information security that represents three core principles: Confidentiality, Integrity, and Availability. This triad forms the basis for designing and implementing effective security controls to protect information assets. Here is how the CIA triad is used in gathering, analysing, and interpreting threat data:
Confidentiality
Confidentiality ensures that information is only accessible to authorised individuals, preventing unauthorised disclosure.
- Gathering threat data: The confidentiality principle ensures that information is accessible only to authorised individuals. Gathering threat data involves identifying potential breaches or unauthorised access attempts that could compromise sensitive information.
- Analysing threat data: Security analysts examine data logs and access records to identify instances where confidentiality might have been breached. Unusual access patterns or attempts to access classified information may be indicative of a threat.
- Interpreting threat data: Interpretation involves understanding the impact of potential breaches on confidentiality. For example, analysing data access patterns or unauthorised disclosure helps assess the severity of a security incident.
Integrity
Integrity ensures that data remains unaltered and trustworthy, guarding against unauthorised modifications.
Gathering threat data: The integrity principle ensures that information is accurate, unaltered, and trustworthy. Threat data related to integrity involves detecting any unauthorised modifications or alterations to data.
Analysing threat data: Security analysts examine logs and checksums to identify instances where data integrity may have been compromised. For instance, alterations to critical system files or unauthorised database changes are red flags.
Interpreting threat data: Interpreting integrity-related threat data involves assessing the potential impact of data tampering. It helps in understanding whether the integrity of critical systems or data has been compromised and the extent of the damage.
Availability
Availability ensures that systems and data are accessible when needed, preventing disruptions and ensuring timely access.
- Gathering threat data: Availability ensures that information and resources are accessible when needed. Threat data related to availability involves monitoring for denial-of-service attacks, system failures, or other events that disrupt services.
- Analysing threat data: Security analysts examine logs and performance metrics to identify patterns of service disruptions or unexpected downtime. Unusual spikes in network traffic or persistent attempts to overwhelm systems may indicate availability threats.
- Interpreting threat data: Interpretation involves assessing the impact of availability threats on the organisation. For example, understanding the extent of downtime, the criticality of affected services, and the potential financial or operational consequences.
The following video provides an overview of the CIA triad and the key cybersecurity principles.
Knowledge Check
Complete the following five (5) activities to check your ability understand key cybersecurity concepts. You may repeat this activity as often as you like. Use the arrows to move between the different activities.
Threat Hunting: An Overview
Threat hunting is a valuable practice that helps organisations stay ahead of cyber threats, protect their data and assets, and maintain a robust cybersecurity posture.
The following video will provide an overview of threat hunting.
The Value of Threat Hunting
The following video explains the goal of threat hunting, how a cyber security analyst would go about threat hunting and the overall value of threat hunting to organisations.
Key Skills for Threat Hunting
The following video discusses the essential threat-hunting skills one should focus on as a threat hunter.
How Did You Go?
Congratulations on completing the topic Cybersecurity concepts.
In this topic, you learnt about the following cyber security concepts related to gathering, analysing and interpreting threat data.
- Cybersecurity best practices and guidelines
- The CIA triad
- Cyber security threat hunting
