What is Information Security (InfoSec)?
National Institute of Standards and Technology defines information security as protecting data and systems from:
- Unauthorized access
- Attacks
- Theft
- Damage
Data can be vulnerable during:
- Storage
- Transfer
- Processing
So security is not only about files — it also includes:
- Networks
- Applications
- Servers
- Devices
- Users
- Communication channels
CIA Triad (Core Security Model)
The foundation of cybersecurity is the CIA Triad.
+------------------+
| Confidentiality|
+------------------+
/\
/ \
/ \
/ \
/ \
+------------------+ +------------------+
| Integrity | | Availability |
+------------------+ +------------------+
1. Confidentiality
Only authorized people can access data.
Goal
Prevent unauthorized disclosure of information.
Examples
- Passwords
- Encryption
- Access permissions
- MFA
Real-world Example
Only HR employees can access salary data.
2. Integrity
Data must remain accurate and unmodified unless properly authorized.
Goal
Prevent unauthorized modification.
Examples
- Hashing
- Digital signatures
- Checksums
- File permissions
Real-world Example
A bank transaction amount should not change during transfer.
3. Availability
Systems and data must be accessible when needed.
Goal
Ensure uptime and reliability.
Examples
- Backups
- Redundancy
- Failover systems
- DDoS protection
Real-world Example
An online store should remain available during high traffic.
Non-Repudiation
Another important security property:
A user cannot deny performing an action.
User ---> Signs/Creates Action ---> Evidence Stored
|
v
Cannot deny later
Achieved Using
- Digital signatures
- Audit logs
- Certificates
- Witnesses/legal validation
Example
A signed contract proves who approved it.
Cybersecurity vs Information Security
Information Security
│
├── Policies
├── Physical Security
├── Data Protection
└── Cybersecurity
├── Networks
├── Systems
├── Applications
└── Digital Threats
- Information Security = broad protection of information
- Cybersecurity = protection of digital systems and networks
NIST Cybersecurity Framework (5 Functions)
The cybersecurity lifecycle is commonly divided into 5 functions:
+-----------+
| Identify |
+-----------+
↓
+-----------+
| Protect |
+-----------+
↓
+-----------+
| Detect |
+-----------+
↓
+-----------+
| Respond |
+-----------+
↓
+-----------+
| Recover |
+-----------+
1. Identify
Understand assets, risks, threats, and vulnerabilities.
Includes
- Asset inventory
- Risk assessments
- Policies
- Governance
Example
Knowing:
- What servers exist
- What software is installed
- What risks affect them
2. Protect
Implement controls to secure systems.
Includes
- Firewalls
- Encryption
- IAM
- Antivirus
- Security policies
Goal
Reduce attack success probability.
3. Detect
Discover attacks quickly.
Includes
- Monitoring
- SIEM
- IDS/IPS
- Log analysis
Goal
Find threats before major damage occurs.
4. Respond
Contain and remove threats.
Includes
- Incident response
- Isolation
- Malware removal
- Communication
Goal
Minimize impact.
5. Recover
Restore systems and operations.
Includes
- Disaster recovery
- Backups
- Business continuity
Goal
Return to normal operation.
Security Lifecycle Relationship
Threats
↓
+----------------------+
| Identify |
+----------------------+
↓
+----------------------+
| Protect |
+----------------------+
↓
+----------------------+
| Detect |
+----------------------+
↓
+----------------------+
| Respond |
+----------------------+
↓
+----------------------+
| Recover |
+----------------------+
Feedback Loop:
Detect/Respond ---> Improve Identify & Protect
Gap Analysis
What is Gap Analysis?
Comparing current security posture against a required framework or standard.
Current State ---------> Desired State
\ /
\ /
\---- GAP --------/
Why Gap Analysis Matters
Organizations use it to:
- Measure security maturity
- Meet compliance requirements
- Find missing controls
- Prioritize investments
Gap Analysis Workflow
1. Choose Framework
↓
2. Assess Current Controls
↓
3. Identify Missing Controls
↓
4. Measure Risk
↓
5. Recommend Fixes
↓
6. Set Remediation Timeline
Example Findings
| Function | Problem | Risk |
|---|---|---|
| Identify | Poor asset inventory | Unknown systems |
| Protect | Weak access control | Data leakage |
| Detect | No monitoring | Delayed attack discovery |
| Respond | No IR plan | Slow containment |
| Recover | Weak backups | Long downtime |
Access Control
Purpose
Ensure that:
- Authorized users get access
- Unauthorized users are blocked
Subject/User ----requests----> Object/Resource
Subjects vs Objects
| Type | Meaning |
|---|---|
| Subject | User, device, process |
| Object | File, database, server, app |
IAM (Identity and Access Management)
Modern access control uses IAM.
IAM
├── Identification
├── Authentication
├── Authorization
└── Accounting
These are often called AAA:
- Authentication
- Authorization
- Accounting
(Identification is now commonly added.)
1. Identification
Claiming an identity.
Example
Entering username:
amr.tarek
Goal
Create a unique identity/account.
2. Authentication
Proving the identity is real.
Authentication Factors
| Factor Type | Example |
|---|---|
| Something you know | Password |
| Something you have | Smart card |
| Something you are | Fingerprint |
Example Flow
User enters password
↓
System hashes password
↓
Compare with stored hash
↓
Access granted/denied
3. Authorization
Determining what actions are allowed.
Example
- User A can read file
- User B can modify file
Authorization Models
| Model | Description |
|---|---|
| Discretionary (DAC) | Owner assigns permissions |
| Mandatory (MAC) | System enforces rules |
| Role-Based (RBAC) | Access based on job role |
ACL (Access Control List)
Authorization commonly uses ACLs.
File: payroll.xlsx
ACL:
- HR_Manager : Read/Write
- Employee : Read
- Guest : Deny
4. Accounting
Tracking and logging actions.
Includes
- Audit logs
- Usage tracking
- Alerts
Goal
Support:
- Monitoring
- Compliance
- Non-repudiation
- Investigations
Complete IAM Flow
+------------------+
| Identification |
| "I am Amr" |
+------------------+
↓
+------------------+
| Authentication |
| "Prove it" |
+------------------+
↓
+------------------+
| Authorization |
| "What can you do?"|
+------------------+
↓
+------------------+
| Accounting |
| "Log everything" |
+------------------+
E-Commerce Example
Applying IAM to Online Shopping
Identification
Customer creates account.
Authentication
Customer logs in using password/MFA.
Authorization
Customer can:
- Place orders
- Access own profile
- Use loyalty rewards
Accounting
System logs:
- Orders
- Payments
- Refunds
- Login activity
Key Memory Connections
CIA Triad
│
├── Confidentiality -> Access Control
├── Integrity ------> Hashing/Validation
└── Availability ---> Backups/Redundancy
IAM
│
├── Identification
├── Authentication
├── Authorization
└── Accounting
NIST Framework
│
├── Identify
├── Protect
├── Detect
├── Respond
└── Recover
Quick Exam Notes
CIA Triad
- C = secrecy
- I = accuracy
- A = uptime
Non-Repudiation
- Cannot deny actions
- Uses signatures/logs
NIST Functions
- Identify
- Protect
- Detect
- Respond
- Recover
IAM Flow
- Identify → Authenticate → Authorize → Account
Gap Analysis
- Compare current vs required security posture