WEBVTT

00:00:00.860 --> 00:00:06.660
Welcome to Security Operations for the Certified in Cybersecurity examination.

00:00:06.750 --> 00:00:09.940
Let's take a look at data security.

00:00:11.350 --> 00:00:18.000
This area of the exam is worth 18%, but we could say this area is important.

00:00:18.000 --> 00:00:22.550
It's kind of the capstone of everything we've done so far because

00:00:22.550 --> 00:00:27.340
it's in operations where we're actually carrying out all of the good

00:00:27.340 --> 00:00:30.160
things we talked about in governance, risk,

00:00:30.600 --> 00:00:33.680
access control, networks, and so on.

00:00:35.380 --> 00:00:39.080
We divided this area into three main sections,

00:00:39.080 --> 00:00:43.280
data security, security operations and administration,

00:00:43.280 --> 00:00:45.590
and security awareness training.

00:00:46.110 --> 00:00:47.610
At the end of this chapter,

00:00:47.610 --> 00:00:50.870
we will take a little look at exam review tips and

00:00:50.870 --> 00:00:52.950
techniques we can use as well.

00:00:54.280 --> 00:00:58.680
Let's start with a look at data security because protecting data,

00:00:58.680 --> 00:01:03.150
we know, is one of the most valuable assets of the organization.

00:01:04.099 --> 00:01:08.940
Data protection requires that we know who owns or,

00:01:08.940 --> 00:01:11.510
we could say, is responsible for the data.

00:01:11.510 --> 00:01:13.310
And that, ultimately,

00:01:13.310 --> 00:01:18.710
should be a very senior manager who is able to accept

00:01:18.710 --> 00:01:22.140
responsibility on behalf of the organization.

00:01:22.690 --> 00:01:27.730
But everybody who accesses our data is responsible

00:01:27.730 --> 00:01:29.260
for what they do with it as well.

00:01:29.590 --> 00:01:33.590
We need to make sure that we have communicated that with them.

00:01:33.890 --> 00:01:38.290
And one of the ways we communicate that with them is through classification.

00:01:38.290 --> 00:01:42.190
We indicate what the classification of the data is,

00:01:42.190 --> 00:01:47.110
and each classification level, whether or not it's business private,

00:01:47.120 --> 00:01:52.390
business confidential, secret, whatever classification labels we use,

00:01:52.390 --> 00:01:57.120
each one of those should have its own handling requirements so we know

00:01:57.120 --> 00:02:00.750
how to handle the data with that classification.

00:02:00.750 --> 00:02:07.080
We put labels on so people can clearly see and know what level

00:02:07.080 --> 00:02:09.530
of protection the data should be provided.

00:02:10.250 --> 00:02:12.880
We also have to have a retention policy.

00:02:13.420 --> 00:02:15.840
Now there's two factors that come in here.

00:02:16.240 --> 00:02:16.870
Number 1,

00:02:16.870 --> 00:02:21.300
we should obviously keep the data as long as we need it for business purposes.

00:02:21.730 --> 00:02:22.610
But number 2,

00:02:22.610 --> 00:02:25.250
we often have to keep data for a certain length of

00:02:25.250 --> 00:02:27.500
time because of legal reasons.

00:02:27.500 --> 00:02:32.630
We are required by law to keep it for 10 years or whatever it happens to be.

00:02:33.230 --> 00:02:39.520
So obviously, our policy on data retention should consider both of those factors.

00:02:39.910 --> 00:02:43.540
When we keep the data for an extended period of time,

00:02:43.540 --> 00:02:46.590
we have to make sure it's then kept in a way that we can

00:02:46.590 --> 00:02:49.140
retrieve it when we need to as well.

00:02:49.960 --> 00:02:52.120
But when we reach end of life,

00:02:52.120 --> 00:02:57.490
that's where we want to make sure we have the proper level

00:02:57.490 --> 00:03:00.030
of destruction for the data as well.

00:03:00.220 --> 00:03:04.940
Now, in many cases, this will be secure destruction with things like shredding,

00:03:04.940 --> 00:03:10.300
for example, destroying the actual equipment that the data was on,

00:03:10.300 --> 00:03:12.690
and making sure that was actually done,

00:03:12.690 --> 00:03:17.170
not that we employed somebody to get rid of old equipment

00:03:17.170 --> 00:03:19.360
and turns out they were reselling it.

00:03:19.580 --> 00:03:22.640
We've had that happen in a number of cases actually.

00:03:22.640 --> 00:03:25.970
So, secure destruction means it's auditable,

00:03:25.970 --> 00:03:30.930
and we validated that that data cannot be recovered.

00:03:30.930 --> 00:03:32.710
It was destroyed properly.

00:03:34.060 --> 00:03:38.070
One of the things that scares many people is cryptography,

00:03:38.070 --> 00:03:40.410
but don't be afraid of it.

00:03:40.420 --> 00:03:42.660
Cryptography is really just logical.

00:03:42.660 --> 00:03:45.120
We'll take a few minutes here to look at it,

00:03:45.120 --> 00:03:48.750
and maybe you'll want to even listen or watch this a few more times.

00:03:48.750 --> 00:03:49.560
That's great.

00:03:49.770 --> 00:03:52.830
But it really is just a logical sequence.

00:03:52.830 --> 00:03:55.480
The hardest thing is the terminology.

00:03:56.080 --> 00:03:58.280
Now, why do we have that here?

00:03:58.280 --> 00:04:01.990
Because this is one of the main ways we protect our data.

00:04:02.450 --> 00:04:05.660
So let's say we have a person who has a message.

00:04:05.660 --> 00:04:07.700
We'll call the message M.

00:04:07.700 --> 00:04:12.860
And that message in its normal format is what we would call plaintextx,

00:04:12.860 --> 00:04:14.900
or you could call it clear text.

00:04:15.150 --> 00:04:17.220
Anybody could read it.

00:04:17.220 --> 00:04:19.779
But we want to protect this data.

00:04:19.950 --> 00:04:21.620
We want to protect this message,

00:04:21.620 --> 00:04:26.620
whether or not it's a file or an email or even a communication,

00:04:26.620 --> 00:04:27.350
for example.

00:04:27.920 --> 00:04:31.310
So what we do is we feed it into a crypto system.

00:04:31.770 --> 00:04:36.880
A crypto system is basically just some type of process that will

00:04:36.880 --> 00:04:39.320
perform something that we call encryption.

00:04:39.970 --> 00:04:45.370
Now we could also use terms like to encipher the data or to encode the data.

00:04:45.920 --> 00:04:48.530
Very often, we just use the term encryption.

00:04:48.530 --> 00:04:50.650
There is a difference between these three,

00:04:50.650 --> 00:04:52.950
but it doesn't really matter in this case.

00:04:52.950 --> 00:04:57.160
The whole point is within the crypto system is a little

00:04:57.160 --> 00:05:00.430
mathematical operation known as an algorithm,

00:05:00.430 --> 00:05:07.350
and that algorithm will then convert that plaintextx into unreadable text.

00:05:08.020 --> 00:05:11.110
It does this under the control of a key.

00:05:11.610 --> 00:05:17.840
Now, the key, just like a password, is also sometimes known as a crypto variable.

00:05:18.320 --> 00:05:21.990
It's the key you chose to lock your data.

00:05:21.990 --> 00:05:28.680
And when I mix together the plaintext and the key using this crypto system,

00:05:28.680 --> 00:05:32.100
I generate cipher text of that message.

00:05:32.490 --> 00:05:37.600
We'll call that CT for cipher text ‑ M of the message itself.

00:05:38.150 --> 00:05:41.240
You'll also sometimes hear this called a cryptogram.

00:05:41.620 --> 00:05:44.010
For some reason, in this world of cryptography,

00:05:44.010 --> 00:05:46.650
they like to use two terms for everything.

00:05:47.900 --> 00:05:53.280
We can now take that cipher text, and we know that it's secure.

00:05:53.290 --> 00:05:56.410
Unauthorized people wouldn't be able to read it because

00:05:56.410 --> 00:05:59.000
they wouldn't have the key to unlock it.

00:06:00.000 --> 00:06:03.960
We could store it, for example, on a hard drive.

00:06:03.960 --> 00:06:09.600
Or we could transmit it through an insecure channel, such as the internet.

00:06:10.300 --> 00:06:13.940
And when we transmit this cipher text through that channel,

00:06:13.940 --> 00:06:17.970
there could always be someone who's sniffing and watching the traffic.

00:06:17.970 --> 00:06:21.250
But even if they captured that traffic going by,

00:06:21.250 --> 00:06:25.060
it would be unreadable to them because they don't have the key.

00:06:26.270 --> 00:06:31.240
The person who is intended to be able to read it will receive

00:06:31.240 --> 00:06:35.770
this cipher text and feed it into that same type of crypto system

00:06:35.780 --> 00:06:38.220
where we'll do the inverse operation.

00:06:38.220 --> 00:06:42.870
We will decrypt, decipher, or decode the message.

00:06:42.870 --> 00:06:46.570
But in order to do that, we need the correct key.

00:06:46.870 --> 00:06:48.410
If I have the wrong key,

00:06:48.410 --> 00:06:52.810
I'll just get garbage But if the person has the correct key,

00:06:52.810 --> 00:06:57.320
they will be able to decrypt and get the message itself.

00:06:57.740 --> 00:07:00.560
So this is how cryptography works.

00:07:00.560 --> 00:07:01.040
As we said,

00:07:01.040 --> 00:07:06.250
it's mostly just a logical process and just understanding the terminology.

00:07:06.250 --> 00:07:12.230
We have, within the crypto systems, two main types of algorithms,

00:07:12.420 --> 00:07:16.520
symmetric algorithms and asymmetric algorithms.

00:07:16.770 --> 00:07:19.890
Let's look first of all that symmetric algorithms.

00:07:19.890 --> 00:07:25.030
A symmetric algorithm is one that uses the same key in both

00:07:25.030 --> 00:07:27.700
the encryption and decryption process.

00:07:28.360 --> 00:07:34.170
So, in that case, if Alice is going to send a message to Bob,

00:07:34.180 --> 00:07:38.990
she also has to make sure the key gets to Bob because he needs that same

00:07:38.990 --> 00:07:43.050
type of a key in order to be able to decrypt the message.

00:07:43.940 --> 00:07:48.950
The characteristics of symmetric are, first, it's good for confidentiality.

00:07:49.450 --> 00:07:53.560
It does a very good job of protecting our data from being compromised.

00:07:53.930 --> 00:07:58.020
It's relatively fast, especially when we compare it to its,

00:07:58.020 --> 00:08:01.640
should we say, other type of algorithm, asymmetric.

00:08:02.290 --> 00:08:06.380
And therefore, it's good for encrypting things like streaming content.

00:08:06.380 --> 00:08:07.990
You take, for example,

00:08:07.990 --> 00:08:11.280
wireless communications are encrypted usually using

00:08:11.280 --> 00:08:16.850
some type of symmetric algorithm, if you're watching a video that's encrypted,

00:08:16.850 --> 00:08:21.050
these sorts of things, or encrypted voice over IP communications.

00:08:21.790 --> 00:08:28.390
Now, the thing about, of course, symmetric algorithms is that they are free.

00:08:28.540 --> 00:08:30.180
They're freely available.

00:08:30.180 --> 00:08:36.750
And we all pretty much use the same algorithms because it wouldn't

00:08:36.750 --> 00:08:39.030
help if you used a different one than I did,

00:08:39.030 --> 00:08:42.980
and we couldn't understand each other's messages.

00:08:42.980 --> 00:08:49.020
The beginning of symmetric happened thousands of years ago.

00:08:49.020 --> 00:08:51.860
But when we came to the area of technology,

00:08:51.860 --> 00:08:55.920
then we saw the development of the Data Encryption Standard,

00:08:55.920 --> 00:08:56.590
DES.

00:08:56.590 --> 00:09:00.820
And it was the standard for use in the US Federal Government.

00:09:00.820 --> 00:09:06.300
And it served for many years from the mid‑70s up until the late

00:09:06.300 --> 00:09:09.390
'90s as the standard for data encryption.

00:09:10.060 --> 00:09:13.220
But it began to lose its effectiveness.

00:09:13.830 --> 00:09:16.400
Computational power increased,

00:09:16.400 --> 00:09:19.310
and it was getting to the point of being possible to

00:09:19.310 --> 00:09:21.500
break a DES‑encrypted message.

00:09:22.100 --> 00:09:25.190
One of the solutions for that was triple DES.

00:09:25.190 --> 00:09:28.680
Well, encrypt it three times with different keys,

00:09:28.680 --> 00:09:31.440
and that would make it quite a bit stronger,

00:09:31.440 --> 00:09:33.800
but also quite a bit slower.

00:09:34.390 --> 00:09:40.490
And so there was a program to develop a new encryption standard for the US

00:09:40.490 --> 00:09:43.880
Federal Government called the Advanced Encryption Standard,

00:09:44.300 --> 00:09:48.440
and there are a number of different algorithms that were proposed for this.

00:09:48.910 --> 00:09:52.430
And the algorithm that actually won that was Rijndael.

00:09:52.530 --> 00:09:56.430
Rijndael was found to be very fast.

00:09:56.430 --> 00:10:01.700
In fact, of the five finalists, it scored first in every category,

00:10:01.700 --> 00:10:04.890
a product out of Belgium actually.

00:10:04.890 --> 00:10:09.280
The other competitors for that were MARS from IBM,

00:10:09.280 --> 00:10:14.530
SERPENT, a UK‑Israeli project, RC 4, 5, 6.

00:10:14.530 --> 00:10:18.280
Now RC 6 was the competitor, Rivest cipher,

00:10:18.280 --> 00:10:21.940
which is part of the RSA family, and, of course,

00:10:21.940 --> 00:10:23.820
Blowfish from Bruce Schneier.

00:10:24.390 --> 00:10:27.080
These are all very good symmetric algorithms,

00:10:27.080 --> 00:10:29.860
and they're all free to use, which gives,

00:10:29.860 --> 00:10:30.310
of course,

00:10:30.310 --> 00:10:34.240
a tremendous advantage that we can all use them without having to worry

00:10:34.240 --> 00:10:38.430
about all sorts of patents and license fees and so on.

00:10:39.990 --> 00:10:42.480
Then came the world of asymmetric.

00:10:42.780 --> 00:10:46.820
This was developed back in the mid‑70s actually,

00:10:46.820 --> 00:10:49.830
and it's based on the use of a key pair.

00:10:51.340 --> 00:10:54.790
You could choose a private key, your own private,

00:10:54.790 --> 00:10:58.140
should we say here, password if you want to call it that.

00:10:58.140 --> 00:11:03.230
Then, the point, of course, with this, as with any password,

00:11:03.230 --> 00:11:05.370
is it must be kept secret.

00:11:05.610 --> 00:11:07.260
You don't share that with anybody.

00:11:08.370 --> 00:11:09.070
But,

00:11:09.070 --> 00:11:15.920
what you could do is run your private key through a mathematical

00:11:15.920 --> 00:11:19.760
process and generate from that a public key.

00:11:20.310 --> 00:11:24.310
That basically meant it was derived from the private key

00:11:24.480 --> 00:11:27.100
using what we called a one‑way function.

00:11:27.540 --> 00:11:30.800
It's very easy to go from the private to the public,

00:11:30.800 --> 00:11:36.530
but it's computational infeasible to go from the public back to the private.

00:11:36.530 --> 00:11:41.530
And the idea of the public key is that you could

00:11:41.530 --> 00:11:44.380
share that with absolutely anyone.

00:11:44.970 --> 00:11:47.470
It was linked to the private key.

00:11:47.840 --> 00:11:51.270
But because it was a one‑way function, yeah,

00:11:51.280 --> 00:11:56.560
you could share it freely, and these keys would only work as a pair.

00:11:57.260 --> 00:12:00.650
This private key would only work with that public key,

00:12:00.650 --> 00:12:05.400
and that public key would only work with that corresponding private key.

00:12:05.680 --> 00:12:08.160
That's an important part of all of this.

00:12:09.860 --> 00:12:15.070
So, there were three basic asymmetric algorithms we use,

00:12:15.080 --> 00:12:18.070
Diffie‑Hellman, with Diffie, of course,

00:12:18.070 --> 00:12:19.830
one of the people that helped develop this,

00:12:19.830 --> 00:12:20.790
Marty Hellman.

00:12:20.790 --> 00:12:25.510
And then the combination from RSA, Rivest Shamir Adelman.

00:12:25.510 --> 00:12:28.430
And Elliptic Curve Cryptography,

00:12:28.430 --> 00:12:32.810
a product partially out of BlackBerry University of

00:12:32.810 --> 00:12:35.060
Waterloo out of Denmark and so on.

00:12:35.730 --> 00:12:41.070
And these are pretty much the three major ones we've used to date.

00:12:42.560 --> 00:12:46.450
If I'm going to encrypt a message using asymmetric,

00:12:46.450 --> 00:12:49.420
or we often call it public key crypto,

00:12:49.420 --> 00:12:55.830
I can send a confidential message by taking that message,

00:12:55.830 --> 00:12:57.150
say, from Alice,

00:12:57.150 --> 00:13:01.360
putting it into a crypto system that now has an

00:13:01.370 --> 00:13:04.410
asymmetric mathematical formula in it,

00:13:04.410 --> 00:13:08.420
and encrypting it using the public key of Bob.

00:13:08.420 --> 00:13:12.970
That creates cipher text of that message I can send

00:13:12.970 --> 00:13:15.050
through that insecure channel.

00:13:15.050 --> 00:13:17.170
When that is received,

00:13:17.180 --> 00:13:20.620
Bob needs to put it through the same crypto system

00:13:20.630 --> 00:13:22.960
using the same asymmetric algorithm.

00:13:23.490 --> 00:13:28.040
But the only key that would work with this would be Bob's private key,

00:13:28.040 --> 00:13:30.720
which Bob never shares with anybody.

00:13:31.110 --> 00:13:32.410
And therefore,

00:13:32.410 --> 00:13:37.550
anybody who encrypts a message with Bob's public key can only

00:13:37.550 --> 00:13:42.570
be opened by Bob using his private key, and now he has the message.

00:13:43.530 --> 00:13:48.180
So you can say, well, how does Alice get Bob's public key?

00:13:48.900 --> 00:13:52.320
Usually this is done through something we call a certificate.

00:13:52.320 --> 00:13:59.840
Bob has a certificate that's generated that says this public key belongs to Bob.

00:13:59.870 --> 00:14:03.740
So we have an attestation or confidence of that.

00:14:03.740 --> 00:14:07.500
When that certificate is shared with Alice,

00:14:07.500 --> 00:14:14.070
Alice can extract that public key that she then used to encrypt the message.

00:14:14.500 --> 00:14:17.180
So this is how simple it all works.

00:14:17.200 --> 00:14:20.650
It's kind of a, should we say, logical process.

00:14:20.650 --> 00:14:25.290
And, if necessary, it can be good to just go over this again.