Principles of Security: TryHackMe

Task 1 Introduction

No answer needed

Task 2 The CIA Triad

CIA Triad:

• Confidentiality:
• Protects data from unauthorized access and misuse.
• Examples include employee records and accounting documents.
• Access controls and sensitivity classification rating systems are used.
• Integrity:
• Ensures information is accurate and consistent, authorized changes only.
• Defenses include access control, rigorous authentication, hash verifications, and digital signatures.
• Availability:
• Information must be available and accessible to authorized users.
• Key benchmark for organizations, often measured in uptime percentages (e.g., 99.99%).
• Achieved through reliable hardware, redundant technology, and robust security protocols.

Additional Points:

• CIA Triad is a continuous cycle, and all three elements must be addressed for effective security.
• If one element is not met, the others become less effective (similar to the fire triangle).
• The model applies beyond cybersecurity, encompassing scenarios like filing and record storage.
• Originating in 1998, the CIA Triad is an industry-standard security model.
• Security policies should address Confidentiality, Integrity, and Availability to be effective.

What element of the CIA triad ensures that data cannot be altered by unauthorised people?

Ans: integrity

What element of the CIA triad ensures that data is available?

Ans: availability

What element of the CIA triad ensures that data is only accessed by authorised people?

Ans: confidentiality

Task 3 Principles of Privileges

• Levels of Access Determination:
• Based on the individual’s role/function within the organization.
• Influenced by the sensitivity of the information stored on the system.
• Key Concepts for Access Management:
• Privileged Identity Management (PIM):
• Translates a user’s role within an organization into an access role on a system.
• Privileged Access Management (PAM):
• Manages the privileges of a system’s access role.
• Encompasses security policies like password management, auditing, and reducing the attack surface.

• Principle of Least Privilege:
• Users should have the minimum privileges necessary for their duties.
• Enhances trust in user actions and reduces potential risks.
• PAM’s Comprehensive Scope:
• Beyond access assignment, includes enforcing security policies.
• Involves aspects like password management, auditing, and minimizing the system’s attack surface.

What does the acronym “PIM” stand for?

Ans: Privileged Identity Management

What does the acronym “PAM” stand for?

Ans: Privileged Access Management

If you wanted to manage the privileges a system access role had, what methodology would you use?

Ans: PAM

If you wanted to create a system role that is based on a users role/responsibilities with an organisation, what methodology is this?

Ans: PIM

Task 4 Security Models Continued

What is the name of the model that uses the rule “can’t read up, can read down”?

Ans: The Bell-LaPadula Model

What is the name of the model that uses the rule “can read up, can’t read down”?

Ans: The Biba Model

If you were a military, what security model would you use?

Ans: The Bell-LaPadula Model

If you were a software developer, what security model would the company perhaps use?

Ans: The Biba Model

Task 5 Threat Modelling & Incident Response

What model outlines “Spoofing”?

Correct Answer

What does the acronym “IR” stand for?

Correct Answer

You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this?

Correct Answer

An attacker has penetrated your organisation’s security and stolen data. It is your task to return the organisation to business as usual. What incident response stage is this?

**Threat Modelling:**

- **Definition:**
— Process of reviewing, improving, and testing security protocols in an organization’s IT infrastructure.
— Involves identifying likely threats and vulnerabilities in applications or systems.

- **Process Principles:**
— **Preparation:**
— Ready the organization for threat modelling.
— **Identification:**
— Identify likely threats and vulnerabilities.
— **Mitigations:**
— Develop strategies to mitigate identified threats.
— **Review:**
— Constantly review and discuss the threat model with a dedicated team.

- **Effective Threat Model Includes:**
— Threat intelligence
— Asset identification
— Mitigation capabilities
— Risk assessment

- **Frameworks:**
— **STRIDE:**
— Spoofing
— Tampering
— Repudiation
— Information Disclosure
— Denial of Service
— Elevation of Privileges

- **PASTA:**
— Process for Attack Simulation and Threat Analysis

**Incident Response (IR):**

- **Definition:**
— Actions taken to resolve and remediate security incidents.

- **Classification:**
— Incidents are classified by urgency and impact.

- **CSIRT:**
— Computer Security Incident Response Team
— A prearranged group with technical knowledge to respond to incidents.

• **Six Phases of Incident Response:**
  — **Preparation:**
  — Ensure resources and plans are in place.
  — **Identification:**
  — Correctly identify the threat and actor.
  — **Containment:**
  — Contain the threat to prevent further impact.
  — **Eradication:**
  — Remove the active threat.
  — **Recovery:**
  — Review impacted systems to return to normal operations.
  — **Lessons Learned:**
  — Learn from the incident; improve training and measures.

What model outlines “Spoofing”?

Ans: STRIDE

What does the acronym “IR” stand for?

Ans: Incident Response

You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this?

Ans: Tampering

An attacker has penetrated your organisation’s security and stolen data. It is your task to return the organisation to business as usual. What incident response stage is this?

Ans: Recovery