Security Fundamentals
Core security principles, CIA triad, defense in depth, and security frameworks.
Overview
Understanding security fundamentals is essential for protecting digital assets.
Key Concepts
- CIA Triad β Confidentiality, Integrity, Availability
- Defense in Depth β Multiple security layers
- Least Privilege β Minimum necessary access
- Zero Trust β Never trust, always verify
- Security Frameworks β NIST, ISO 27001, CIS
Core Principles
Confidentiality
- Information accessible only to authorized users
- Encryption, access controls, authentication
- Data classification and handling
Integrity
- Data remains accurate and unmodified
- Hashing, digital signatures, version control
- Change management and audit logs
Availability
- Systems accessible when needed
- Redundancy, backups, disaster recovery
- DDoS protection and capacity planning
Defense in Depth Layers
Architecture Diagram
+-------------------------------------+
| Physical Security |
+-------------------------------------+
| Network Security |
+-------------------------------------+
| Host Security |
+-------------------------------------+
| Application Security |
+-------------------------------------+
| Data Security |
+-------------------------------------+
Common Threats
| Threat | Description | Mitigation |
|---|---|---|
| Malware | Malicious software | Antivirus, training |
| Phishing | Social engineering | Awareness, filtering |
| DDoS | Service disruption | Rate limiting, CDN |
| Insider Threats | Internal risks | Monitoring, access controls |
| SQL Injection | Database attacks | Input validation, ORM |
Practice
Identify security risks in a sample application and propose mitigations.