REQUEST MORE INFORMATION TODAY // REQUEST INFO

REQUEST INFO

Categories: Cyber Security
8 March, 2019
by Lee McWhorter
Woz U Cyber Security Instructor
In classes and webinars, I often say Cyber Security is protecting the keys to the digital kingdom. While catchy and overall true, more formally Cyber Security is a discipline that is involved in helping organizations protect their digital information and assets.

Almost every organization, large or small, has at least some information which needs to remain private.  This might simply be customer, employee, and vendor information or more elaborate forms of intelligential property such as source code or sales/marketing plans.

Regardless of what form of information we are protecting, Cyber Security professionals are guided by three principles, or what I like to call the three promises we make to the organizations for which we work.  These principles, or promises, are collectively called the CIA Triad, standing for Confidentiality, Integrity, and Availability.

Confidentiality is probably the most straightforward and easiest to understand.  As previously stated, almost every organization has something they need to keep private.  Cyber Security professionals are directly involved in helping their organizations secure such data and have many tools in their arsenal to attempt to do so, including encryption, firewalls, intrusion detection, penetration testing, as well as security awareness training and policies.  While it might seem easy to just encrypt everything, in reality Cyber Security has to balance the need to protect information with the need to make such information available so the organization can accomplish its objectives.  An outbound sales organization cannot make any sales [KR1] if their sales people cannot access the sales leads database, for example.  Cyber Security professionals use the concept of Least Privilege to help decide when and where to grant access to sensitive information.

Integrity is the second promise and involves ensuring that information is not changed in an un-approved[KR2]  way.  The 1980’s movie “War Games” contains a scene showing a young hacker breaking into his school’s computer systems to change grades and it is not uncommon for more recent movies to show hackers changing bank account balances.  These are all clear cut examples of an Integrity violation and something Cyber Security professionals seek to prevent from happening.  Access controls, logging, monitoring, and auditing are all tools used to ensure the Integrity promise is kept.  As with Confidentiality, Cyber Security professionals cannot simply lock away information to prevent an Integrity violation.  Information within an organization does and must change (i.e., balances are updated in Accounting systems and new leads enter the Sales databases, etc.), but it must only change in approved and auditable ways.  The next time you log into your computer at work or your social media sites, realize that this step is not just an annoying administrative process, but a critical step in being able to show that the Integrity of the organization’s information is being maintained.

The last promise, Availability, is often overlooked and I always tell my students to never forget to cover the “A.”  Availability involves ensuring that the organization has access to and use of its information, even in the event something does (and it will) happen.  Whether that is a breach by a malicious hacker or more likely simply a natural disaster, organizations which lose access to their information have a much higher chance of failing if the Availability promise is not taken into account.  Cyber Security professionals must not only protect against digital attackers, but anything which could disrupt access to needed organizational information.  Those in the field use concepts such as Business Continuity Planning and Disaster Recovery Planning to ensure that this does not happen to their organizations.  In Cyber Security, a balance must always be found between the costs of ensuring access to information and determining which information is critical for the organization to survive an event.

In the Woz U Cyber Security program, we cover all three promises and all of the concepts, tools, and techniques (including all mentioned above and more) needed to ensure our students become solid Cyber Security professionals able to address all of these promises for the organizations for which they go on to work.  For more information about our program, please visit: https://woz-u.com/cyber-security/ or click “Request Info” in the upper right corner of this page.

Don't miss these highlights:
 

Our Programs:
Software Development: https://woz-u.com/software-developer/
Data Science: https://woz-u.com/data-science/
Cyber Security: https://woz-u.com/cyber-security/

Events
Keep up with workshops, webinars, and socials: https://woz-u.com/events/

Woz U Social Media:
Follow us on Facebook: https://www.facebook.com/TheWozU/
Follow us on Twitter: https://twitter.com/TheWozU
Follow us on LinkedIn: https://www.linkedin.com/school/woz-u/
Follow us on Instagram: https://www.instagram.com/thewozu/
Subscribe on YouTube: http://www.youtube.com/c/WozUOfficial

Partnership Opportunities: https://woz-u.com/business/ or email enterprise@woz-u.com
Lee McWhorter

Lee McWhorter is the Lead Author and Instructor for the Cyber Security program at Woz U. Lee has been involved in the PC revolution since his first computer, a Commodore VIC-20, on which he taught himself to program BASIC in the early 80's. He has stayed involved in the industry ever since and has successfully run his own IT consulting, services, and security firms. Lee has also designed and taught programming, networking, and security courses for such institutions as Tulane University, ITT, and Midwestern State. In his free time, Lee is a Big Brother in Big Brothers Big Sisters and is a Board Member of a wonderful animal rescue charity, Amen for Animals.

WordPress Lightbox
Chat Now Button