CIA

CIA Principles
• Confidentiality: Protect against unauthorized access to information.
• Integrity: Protect against unauthorized modification of information.
Even if an adversary can't read your data, they can either corrupt it or
selectively modify it to cause further damage later on.
• Availability: Protect against denial of access to information. Even if an
adversary can't access or modify your data, they can prevent you from
accessing it or using it. For example, they can destroy or congest
communication lines, or bring down the data server.
the information security (InfoSec) community, “CIA” has nothing to do with a
certain well-recognized US intelligence agency. These three letters stand
for confidentiality, integrity, and availability, otherwise known as the CIA triad.
Together, these three principles form the cornerstone of any organization’s
security infrastructure; in fact, they (should) function as goals and objectives for
every security program. The CIA triad is so foundational to information security
that anytime data is leaked, a system is attacked, a user takes a phishing bait,
an account is hijacked, a website is maliciously taken down, or any number of
other security incidents occur, you can be certain that one or more of these
principles has been violated.

Reference : https://www.f5.com/labs/articles/education/what-is-the-cia-triad
10 Reasons Why Network Security Is
Important
Governments, businesses, and individuals who own a computer need
good network security. What is it exactly? It’s a preventative measure
to keep your network and data safe from viruses, unauthorized users,
and other threats. The process requires a lot of hardware devices and
tools, like routers, firewalls, and anti-malware software. For big
organizations and governments, network security is vital, but everyone
deserves a safe, secure network. Here are ten reasons why:
 1. It’s an important part of
cybersecurity
Many technical terms are used
interchangeably, so you’ll see people
say cybersecurity when they mean
network security and vice versa.
Cybersecurity is the overall umbrella
term. It involves securing everything,
including the network, but also the
devices and data. Network security
focuses on the actual network itself,
which supports various systems and
applications. An organization (or
individual) committed to security
won’t forget network security when
developing a cybersecurity plan.
2. Network security protects your data

To businesses and individuals, data is something to be treasured and

protected. If you’re a business, your data might consist of marketing
materials, financial data, and everything else that makes your business
what it is. For individuals, you also have financial data and personal
information you don’t want anyone else to access. Network security
ensures your data stays yours.
3. Network security protects client data
Governments and businesses store data that isn’t theirs. For
organizations like accounting firms and medical clinics, that data is very
sensitive. Keeping that data secure is the responsibility of the
organization. This includes backing up the data properly and ensuring
hackers can’t get into your system.
4. Network security is required
Depending on your business, you most likely have requirements you
need to meet. As an example, medical organizations must comply with
regulations like HIPAA. In the EU, organizations that deal with the data
of EU citizens must comply with GDPR. If you want to start a business
and you’re going to be dealing with data, check to see what
requirements you must follow regarding network security.
5. Network security improves your
network’s performance
Good network security doesn’t only keep your network safe; it helps it
run better. The key is to get a good system that isn’t slowed down by
redundant tools and apps. Look for systems proven to work efficiently.
If you aren’t sure what to look for, talk to a service provider about what
they recommend.
6. Network security protects against
ransomware
Ransomware attacks are common. For many, they’re the worst kind of
attack. They’re a type of malware that threatens to release or block
access to your data unless you pay a ransom. They can affect just one
individual or entire countries. Recently, the group Darkside hacked the
Colonial Pipeline in the United States. To get the pipeline back online,
the group was paid millions in cryptocurrency. This is just one example
of many.
Ransomware is a type of malware from cryptovirology that threatens
to publish the victim's personal data or permanently block access to it
unless a ransom is paid. While some simple ransomware may lock the
system without damaging any files, more advanced malware uses a
technique called cryptoviral extortion
7. Cyberattacks are on the rise
Attacks like the one on the Colonial Pipeline are becoming more
frequent. Organizations, especially big ones with money for ransoms,
need to invest in better security now. There are a few reasons why
cyberattacks are booming. The spread of the 5G network is one. As the
network expands, so do all its vulnerabilities. It isn’t enough to embrace
something new and exciting like 5G, you also need new security to
support it. Improving technology like artificial intelligence and machine
learning also helps hackers. They no longer have to manually hack
systems; they can set up systems that do it for them.
8. Not having protection costs money
As we saw from the Colonial Pipeline hack, not having good network
security can be expensive. When Yahoo had a breach that affected its 3
billion customers, the direct costs ended up costing them around $350
million. On an individual level, attacks can leave you with a drained
bank account. There’s also the emotional distress of having your
information stolen or sold. While good network security may cost you
upfront, it more than pays for itself.
10. The world depends on technology
Network security matters so much because of peoples’ dependence on
technology. We use it for almost everything, including communication,
production, record-keeping, and more. There are cameras in our
computers, phones, cars, and even certain children’s toys. Peoples’
entire lives can be found online if you know where to look. This
dependency will only increase, so network security needs to keep up.
 Network Security Threats And Solutions
- Common Network Security Issues-
(poor network security)
1) Internal Security Threats
Over 90% of cyberattacks are caused by human error. This can take the form of phishing attacks, careless decision-
making, weak passwords, and more.
Insider actions that negatively impact your business's network and sensitive data can result in downtime, loss of
revenue, and disgruntled customers.
2) Distributed Denial-Of-Service (DDoS) Attacks
A DDoS attack causes websites to crash, malfunction, or experience slow loading times. In these cases,
cybercriminals infect internet-connected devices (mobile phones, computers, etc.) and convert them into bots.
Hackers send the bots to a victim's IP address.
This results in a high volume of internet traffic bombarding the website with requests and causing it to go offline.
These attacks make it difficult to separate legitimate and compromised traffic.
3) Rogue Security Software
Rogue security software tricks businesses into believing their IT infrastructure is not operational due to a virus. It
usually appears as a warning message sent by a legitimate anti-malware solution.
Once a device is infected with a rogue program, the malware spams the victim with messages, forcing them to pay
for a non-existent security solution, which is often malware. Rogue security software can also corrupt your pre-
existing cyber security programs to prolong their attack.
4) Malware
Malware are malicious software programs used to gather information about victims through compromised devices. After successful
deployments, hackers can mine devices for classified information (email addresses, bank accounts, passwords, etc.) and use them to commit
identity theft, blackmail, or other business-damaging actions.
Malware includes:
Worms – exploits weaknesses in computer systems to spread to other devices.
Rootkits – grants unauthorised access to systems in the form of fraudulent access privilege without the victim's knowledge.
Trojan viruses – slips under a network's radar by hitchhiking on other software and provides hackers with unprecedented access to systems.
Spyware – gathers information on how devices are used by their owners.
5) Ransomware
Ransomware is a type of malware that encrypts files within infected systems and holds them for ransom, forcing victims to pay for a
decryption key to unlock the data. This can take the form of ransomware-as-a-service (RaaS).
RaaS is like software-as-a-service (SaaS), specifically for ransomware. RaaS dealers develop codes that buyers can use to develop their own
malware and launch cyberattacks. Some common RaaS examples include BlackMatter, LockBit, DarkSide, and REvil.
6) Phishing Attacks
Phishing attacks are scams where hackers disguise themselves as a trusted entity and attempt to gain access to networks and steal personal
information, such as credit card details. Phishing scams take the form of emails, text messages, or phone calls.
Similar to rogue security software, phishing attacks are designed to appear legitimate. This encourages victims to click on malicious links or
download malware-laden attachments.
7) Viruses
Computer viruses are commonly attached to downloadable files from emails or websites. Once you open the file, the virus exploits
vulnerabilities in your software to infect your computer with malicious code to disrupt network traffic, steal data, and more.
Viruses are not to be confused with worms. Though they both are a type of malware, the difference is in how they penetrate networks.
Simply put, computer viruses cannot infect systems until their host (the file) is opened. Worms can infect networks as soon as they enter a
business's IT infrastructure.
How To Protect Your Organisation's IT
Infrastructure
• Backing up data and files.
• Investing in comprehensive cyber security awareness training for you
and your team.
• Promoting a work environment that values application security and safe
practices.
• Installing anti-malware solutions, such as next-generation firewalls.
• Restrict access to your network's security controls for authorised
personnel only.
• Upgrade devices and secure your endpoints with multi-factor
authentication, strong passwords, etc.
Cybersecurity refers to a company’s protection against unauthorized or criminal use of
electronic data, and cybersecurity services are the overarching processes put in place to
achieve this security and protect against common cyber threats.
These common threats that cybersecurity services target can include:
Malware: Malware — or malicious software — is a program installed into a system to
compromise its data’s availability, integrity or confidentiality. Malware programs are
discreet but have become one of the biggest external threats facing business networks
today.
Ransomware: Ransomware uses malware to limit access to your own system through
encryption and then asks you to pay a “ransom” online to decrypt the system and regain
your access.
Phishing: Cybercriminals use phishing to obtain data by pretending to be a legitimate
business representative. They’ll often issue a warning related to your account and ask you
for a response with a link to a fake website asking you to provide passwords or other
sensitive information.
Distributed denial of service (DDoS) attacks: DDoS attacks limit access to a network by
overwhelming it with traffic requests to slow website response time. This is often used as a
distraction while criminals commit other types of cybercrime.
Cybersecurity targets these and other
attacks through a broad array
of network security measures designed
to protect your data, networks and
systems. Some of the many available
cybersecurity solutions include:
• Encryption: Data encryption ensures that even if your data is stolen, hackers wouldn’t be able
to read it. Encryption is especially important if you often transfer data from one system to
another, as it might be stolen during the transfer.
• Data loss prevention: Data is essential in your day-to-day operation, and data loss prevention
methods ensure your data is available for your access at all times.
• Access management: Not just anyone in your company should have access to the organization’s
sensitive information. Access and identity management ensures data is accessed only on a
need-to-know basis and that those obtaining the information are who they say they are.
• Firewalls: Firewalls control the flow of outgoing and incoming network traffic to protect against
untrusted networks and potential malicious attacks.
• Anti-virus and anti-malware solutions: Anti-virus and anti-malware software is one of the most
fundamental cybersecurity solutions in any computer network. It scans the system for threats
and blocks viruses from accessing your devices.
• Web filtering: Web filtering stops employees from accidentally accessing harmful services on
the company’s network that could expose the business to a data breach.
• Risk and compliance management: Businesses in many industries need cybersecurity services
to meet federal regulations or industry standards. Risk and compliance management provides a
dedicated solution for meeting these needs.
Problems Cybersecurity Solutions Solve
Businesses of any size and type experience an
array of possible security vulnerabilities every day.
Cybersecurity solutions can mitigate problems
such as these:
Human error: Employee error — not malicious intent — is by far the biggest reason for data breaches.
Web filtering and other cybersecurity tools lessen the risk of human error by stopping employees from
accessing harmful sites and falling prey to phishing schemes.
External threats: Hackers are becoming increasingly skilled in finding ways to get around traditional
firewalls and steal your data. Cybersecurity services ensure your firewalls, anti-virus software and other
solutions are continually up-to-date and ready to protect your infrastructure.
Insider criminal activity: Unfortunately, one of the hardest realities for both small and large businesses
is the stealing of data from within the organization. Security solutions safeguard your information from
the inside and make sure only those who need to know can access your sensitive data.
Unsecured cloud storage: As cloud servers grow in popularity, so too are cloud storage security
breaches on the rise. Network security services ensure your cloud systems have the proper security in
place to avoid data breaches.
Third-party app security: Not all programs are created with your company’s safety in mind. Many third-
party apps don’t come with sufficient or updatable security measures. Cybersecurity weeds out these
unsafe applications and puts the security solutions in place that many apps lack.
Subpar IT processes: Sometimes, small businesses don’t have the funds or knowledge to keep up with
increasing threats or changing security best practices. Without the budget to hire a dedicated IT team,
many companies unknowingly leave their infrastructure at risk. But outsourced or cloud-based
cybersecurity solutions offer an inexpensive alternative that helps you avoid loss of income after a
security breach.