“A mugger can only attack one person at a time… cybercriminals can defraud thousands of people simultaneously.”
DE:CODED is the official podcast from SE Labs.Listen on Apple Podcasts Listen on Spotify Listen on Google Podcasts Listen on Stitcher
Show notes for series 1, episode 4
In this episode we describe cyber security first principles.
Why can’t we just lock everything up in a safe?
There is a lot of complexity around security, some of which is necessary but there’s also a lot of over-complication. We thought it would be a good idea to look at what security really means. Why can’t we just lock up everything in a safe and know it’s all secured?
We also have to consider that with cyber security there are targeted attacks and more generalised attacks that can affect everyone. In the physical world a mugger can only really attack one person at a time. A burglar can only case so many targets and break in every so often. Whereas cybercriminals can send tricky emails and defraud thousands of people simultaneously.
But the thing every person and business has in common is that they should follow these steps, which are to:
- Identify the threats
- Assess the risks, and
- Mitigate the risks
Cyber security first principles for governments
Even governments start with a few cyber security first principles. Consider the CIA Triad of:
- Confidentiality – where you limit access to information
- Integrity – where information is trustworthy and accurate
- Availability – Authorised people can access the information reliably
The podcast contains this and much more content and detail.
Sign up to our newsletter!
- Don’t be too secure!
- Threat profiling
- Infosec principles
- General advice vs. CIA Triad
- After Checking Your Bank Account, Remember To Log Out, Close The Web Browser, And Throw Your Computer Into The Ocean – The Onion
- Common security advice vs. the CIA Triad of Confidentiality, Integrity and Availability
|Anti-virus||Y||1/2 – reduced interference||1/2 – ransomware|
|Firewalls||Y||1/2 – reduced interference||X|
|Shoulder surfing awareness||Y||X||X|
|Password complexity, re-use and storage||Y||1/2 – reduced interference||X|
|Update devices||Y||1/2 – reduced interference||X|
|Encryption on devices||Y||1/2 – reduced interference||X|
|Encryption in apps||Y||1/2 – reduced interference||X|
Peek further behind the curtain with DE:CODED Circle.
If you would like access to exclusive, private content from the security testers at SE Labs, please consider applying to join DE:CODED Circle.
DE:CODED Circle is a moderated, vetted community built with the goal of sharing threat intelligence and business-focussed security knowledge to responsible peers.
Please send your comments, questions and concerns to firstname.lastname@example.org.