When talking about cybersecurity, people often take the basic terms and definitions for granted. However, cybersecurity is a relatively new topic, even in the world of information technology, which itself didn’t exist until the mid 20th century. Therefore, we will start a series of articles which define and explain some of the security basics. While the content of these articles might not be new to most of our readers, they will provide both a good starting point for anyone interested in getting into cybersecurity. Also, even professionals will discover some aspects of security they were’t aware of or potentially a strategy they hadn’t known before. This first article here will cover they basic definition of security, with more details and more depth coming up in subsequent posts. 

Security often takes a backstage when it comes to functionality of any products but the success of any product is dependent on it. Any attack on a system leads to mistrust by customers and thus decrease in business. 

One of the most prominent mistakes in the design of any system is the consideration that security is a feature that can be added. This is a flawed way of thinking that often only leads to several issues in a latter phase. The issues can lead to billions of dollars loss or simply loss of trust in a company or product. It is extremely important to consider the complete system and look at the business and usage scenarios so as to determine the security vulnerabilities.

So as to implement security mostly a few steps are taken: (1) determine the assets (2) determine the threats and risks to each asset and thereby set security requirements (3) design and implement countermeasures for the threats and residual risks to economical level (4) monitor, manage and update the implementation and finally (5) deter, detect and react against any attacks. These steps lead to security solutions during the complete product lifetime.

Before proceeding further let us look at some definitions:

  • Asset: Anything that is of value
  • Vulnerability: is any weakness that could be exploited to violate the security of a system or of the information that it contains
  • Threat: is a potential violation of security; accidental (e.g., program bug) or intentional (e.g., hacking) or active (e.g., unauthorized data modification) or passive (e.g., wiretapping)
  • Attack: realisation of threat, successful or not; active or passive
  • Intrusion: successful attack
  • Risk: potential that a given threat will exploit vulnerabilities to cause damage to assets
  • Risk management or sometimes security management: is the balancing of the appropriate actions to be taken in order to protect the organization to an appropriate level
  • Countermeasures or safeguardsmechanisms used to protect assets from harm or decrease effect of intrusion
  • Residual risks: risks that are accepted and are not planned to be mitigated due economical or other considerations

This text is an excerpt from the book Security for Mobile Networks and Platforms

With the definition of these terms we have now set the stage to look into different aspects of cyber security in more detail – the next article will elaborate further on threats and attacks specifically. 

Print Friendly, PDF & Email
Anand R. Prasad
CEO and Founder at wenovator LLC

Dr. ir. Anand R. Prasad is a global leader & expert in information and cyber security who has delivered security solutions for 5G, 4G, virtualization, WiFi, mobile devices, enterprise and built GRC processes from scratch. Anand has globally propagated the concept of security as the business driver with security being holistic as well as inherent to a system while considering business and architectural implications.

Anand is Founder and CEO of wenovator while he heads Rakuten Mobile’s network security and enterprise security as CISO. Anand has over 20 years of experience in the mobile and wireless networking industry with key roles in NEC Corporation, NTT DOCOMO, Genista Corporation, Lucent Technologies and Uniden Corporation. Anand is an innovator with over 50 patents, a recognized keynote speaker (RSA, GWS, MWC, ICT etc.) and a prolific writer with 6 books & over 50 peer reviewed publications.

Anand was the Chairman of 3GPP SA3 where, among others, he led the standardisation of 5G security. He was governing council member of TSDSI, is governing body member of GISFI, Fellow of IET, Fellow of IETE and CISSP. Anand is Editor-in-Chief of the Journal of ICT Standardization and Co-Founder & Co-Editor of the Cybersecurity Magazine. He did his ir (MScEE) and PhD from Delft University of Technology, The Netherlands.

 

One thought on “Security Basics

Leave a Reply

Your email address will not be published. Required fields are marked *