man with a code in the background

Is Cybersecurity More Than Just Hacking?

In some contexts, the phrase “cybersecurity” might be deceptive. The phrase “Information Security” is used interchangeably by the Federal Government (in several publications, memorandums, regulations, and so on). So, We’ll attempt to respond in two ways:

 

If cybersecurity is synonymous with information security,

 

Cybersecurity is synonymous with risk management for the confidentiality, integrity, and availability (CIA) of information resources (data, servers, PCs, networks, app code, and so on).

 

Returning to several of our certifications, RISK = threats * vulnerabilities.

 

So, to put it crudely, if there are a billion vulnerabilities but no threats to exploit those flaws, there is no risk: RISK = a-billion * RISK = 0

 

When a result, as threats * vulnerabilities (risk) to information resources are reduced, Confidentiality, Integrity, and Availability improve (Cybersecurity). As one falls, the other rises.

 

Controls are used to decrease the risk to the CIA. The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53: Security and Privacy Controls for Federal Information Systems and Organizations is, in our opinion, the most complete set of controls available. The NIST Risk Management Framework (SP 800-39) employs these controls in cyclical processes to construct a DETAILED image of a system’s cybersecurity – the collection of information, IT components, users, and so on that exist to serve a business line or organizational purpose. NIST 800-53 controls are organized into families, such as the Access Control family, the Audit & Accountability family, and the System and Communications Protection family. Each of the families has its own set of rules that identify the granular areas of security that must be considered in order to safeguard a system (and organization).

 

Examples include:

 

System Component Inventory (CM-8) is a Configuration Management control.

 

Keep a precise inventory of the components in a system so that you may evaluate what’s Intended to be alive in the system and know when extra components appear that aren’t supposed to be there.

 

Account Management is the second Access Control control (AC-2).

 

preserve a thorough inventory of every account and account type in a system, as well as the persons to whom those accounts are assigned, and monitor account usage to guarantee that each account is only used for its intended purpose

 

Vulnerability Scanning (RA-5) is a risk assessment control.

 

Scan for system vulnerabilities at all levels: operating system configuration and patch levels, COTS application configuration and patch levels, and web application scans (for input field vulnerabilities, SQL injection vulnerabilities, etc…).

 

SI-2 (System and Information Integrity Control): Flaw Remediation

 

Take a look at this article: China is involved in a global digital propaganda campaign. (sossupport.net)

 

Patch any vulnerabilities discovered by the scans (and other things)

 

Policies (e.g., Physical & Environmental Protection policy), procedures (e.g., personnel on-boarding), standards (e.g., password complexity), technology (e.g., intrusion prevention system), people (e.g., CISO), shared information (e.g., threat intelligence), templates (e.g., Media Sanitization Log), and so on are examples of controls.

 

So, if Cybersecurity Means Information Security, YES, it’s more than simply hacking (which is ONE control in 800-53 – Assessment & Authorization control # 8 (CA-8): Penetration Testing…. that’s not even chosen on a Low or Moderate system…)

 

If Cybersecurity Means Technology/IT Security, then

This concept of cybersecurity excludes security from being aligned with the business/mission and instead focuses solely on technologies.

 

In this situation, cybersecurity includes Defense and Offense, Blue Team and Red Team, Protectors and Hackers. Most people imagine the hacker hacking into the FBI network and the FBI Agent (still wearing his Fed supplied pistol) dashing into the Operations Center to alert everyone that “WE’VE BEEN BREACHED!!”

 

RED

So, from the red team’s perspective, these are the attackers/hackers/threat actors you’re referring to. The red teams employ a variety of technologies and strategies to evade the safeguards put in place by businesses. Red teams operate at varying levels of competence and structure, but they are all seeking for holes to exploit. They DO hack

 

BLUE

 

The blue team protects and defends. These are the teams who maintain the firewalls and IPS/IDS, examine log events in the SOC, do vulnerability scans, and manage patching programs – all with the goal of finding holes to shut (hopefully BEFORE the red team can exploit them).

 

Both sides face hurdles, but once one side achieves an advantage, the other develops a strategy or technology to overcome and narrow the gap. It’s a never-ending game of cat and mouse, and the ones who suffer the most are the people whose information is released or who are harmed by a hacked service.

 

To sum up this train of thought, is cybersecurity JUST hacking? Certainly not. It’s massive, and it necessitates specialities that take years to learn. Cybersecurity professionals (red team or blue team) are expected to know everything better than anybody else – yet we seldom succeed. True security professionals must just keep trying, learning, and expanding their minds – until it aches!

 

There are several tools available to help you get started in security, but I’d recommend (depending on your experience and background) going through some of the CompTIA A+, Net+, and Security+ certifications before attempting the EC-Council Certified Ethical Hacker. But just as a starting point. Read, Read, and Read again. never give up

 

If you want to receive holistic IT-support from us, just fill out the form in our homepage, and we will contact you!

Also, you can download our free eBook! Just fill out the form and we’ll send it to your email

Get our free eBook by email!

Name