CIA Modelo de Seguridad

Todo sistema que quiera considerarse seguro debe cumplir con tres aspectos fundamentales: confidencialidad, integridad y disponibilidad. Estos aspectos se relacionan para mantener un sistema funcional y proteger la información.

Confidencialidad

Consiste en la garantía de que la información que se proporciona al sistema, no pueda ser accedida por personas no autorizadas ni será divulgada.

Un ejemplo en el que este aspecto falló fue la filtración del padrón electoral del INE el pasado mes de abril. Esta información terminó siendo subastada en Amazon, revelando información confidencial como nombres, apellidos, domicilios, etc. de más de 93 millones de mexicanos.

Padrón del INE en Amazon

Integridad

Es el principio que se encarga de que la información en el sistema sea correcta y válida y que no pueda ser modificada por alguien no autorizado.

Un ejemplo con consecuencias financieras graves, fue un hack de bancos en Bangladesh, Sri Lanka, Filipinas, con daños de $951 millones de dólares. El hack consistió en explotar una debilidad en SWIFT, en donde la base de datos fue comprometida.

Robos cibernéticos en bancos.

Disponibilidad

Consiste en que la información y los recursos relacionados estén disponible para los usuarios autorizados cuando lo requieran, incluso en momentos de emergencia o alto tráfico.

La caída del servicio de PlayStation Network en 2011 debido a una vulnerabilidad es un claro ejemplo de este principio debido a que ningún usuario podía acceder al servicio.

Caída del servicio de PlayStation en 2011.

Realizado en colaboración con Guazaman, Marysol y Camendoz.

So what’s the deal with information security?

Usually when we talk about information security we only think in big companies and gigantic infrastructures that custody and protect their data, nevertheless everybody must protect his data.

Granting that the resources of a company are available any time and that they are not damaged or infected for external factors is known as information security.

In general terms, the security can be understood like those technical rules or activities that are intended to prevent, protect and backup your data.

Why is so important the information security?

Due to other people that are looking to stole, destroy, or alter your data, this people also known as hackers,  they want to have access to your network and do whatever they want to do.

But also that people can belong to the company, mostly they want to hijack your data or sold it to other company. More of the data attacks are done by people inside the company due to the fact that is easier for them to know the company’s processes and its vulnerabilities.

There is not perfect system that will never have vulnerabilities but most of the attacks that have been performed successfully were done because the network didn’t implement  good security practices .

This results in the loss and alteration of sensible data in the organization which usually represents a damage of billions of dollars.

Threats and vulnerabilities 

In order to reduce and prevent a possible attack, it is necessary to implement security measures, for instance:

• Identify and select the data that you want to protect (sensible data).
• Establish priority levels and the importance of the data in each levels.
• Know the consequences that the company would have to pay in terms of money, productivity and loss of sensible data.
• Identify threats and vulnerability levels in the network.
• Implement and immediate response in case of an attack.

This kind of security politics will save you money and productivity for your company.

Tools to get it done

Your company architecture must have an antivirus, backup tools,   network monitoring, firewalls, authentication (two steps) and online security services. This will keep the user alert in case of any attack, know its roots, and solve the problem before it happens again.

 

Not Found 404 – My First Post

Hi this is my first blog, in this blog I’ll be talking about computer and information security also if I have enough time I’ll make some tutorials about hacking using Kali Linux.

I am a man of few words so mostly I’ll be blogging only about the topic without digressing.

So this is it my first blog and this meme that I just found is pretty funny because it’s actually the reality.