Access control and cryptography
Data confidentiality is one of the information security model principle or function that guides cybersecurity policies. The module explored two methods of achieving data confidentiality which include access control and cryptography. The concept of access control refers to processes used to enforce authentication, authorisation and accountability security measures to protect information resources. The authentication process is responsible for verifying the users identity through various methods which include knowledge (password/phrases), token authentication, and biometrics. The process of authorisation verifies the user’s permissions in accessing information resources. The process of accountability tracks all user interactions with information resources.
Cryptography refers to the practice of transforming information into a format that is unreadable and unusable for unintended recipients. The process of making the information unreadable and unusable is referred to as encryption/enciphering, whereas the process of making the information readable and usable is referred to as decryption/deciphering. Three methods of encryption where introduced which included: symmetric, asymmetric, and hybrid encryption. Numerous cryptographic controls for popular technologies in email, and web security were outlined.
The second part of the module dealt with cybersecurity products. Cybersecurity products are tools used in cybersecurity to secure networks/data, identify vulnerabilities and prevent the exploit of such vulnerabilities. Firewalls establish the first line of defense for internal organisational networks from the broader internet. Depending on the organisations requirement, various firewall architectures can be deployed which include screened-host, dual-homed host and screened-subnet firewalls. Network traffic or data inspection products can be used to deter and detect intrusions. These inspection tools take the form of intrusion detection and presentation system (IDPS) which can be dedicated hardware systems or software. These tools are deployed to automate the process of detecting, preventing, and reporting vulnerabilities. Best practices for securing wireless communications, specifically WiFi and Bluetooth where given. Lastly, scanning and analysis tools used to penetrate and report existing cybersecurity vulnerabilities were elaborated upon.
