Laying the Foundations: Understanding Information and Cybersecurity Principles

Overview

Building a strong foundation in information and cybersecurity is crucial for protecting digital assets. This guide provides essential knowledge, drawing from key texts, websites, and glossaries to help you grasp the fundamental concepts and principles that underpin the field of cybersecurity.

Key Readings and Resources

1. Information Security Management Principles by Taylor et al.

Reference:

• Book: Taylor, A., D. Alexander, A. Finch, and D. Sutton. Information Security Management Principles. Swindon: BCS, The Chartered Institute for IT, 2020. 3rd edition.
• Chapter 1: Information Security Principles, pp. 20–36.

Summary of Chapter 1: Chapter 1 provides an introduction to the foundational principles of information security, including confidentiality, integrity, and availability (the CIA triad). It emphasizes the importance of risk management, security policies, and the role of security controls in safeguarding information assets.

Key Topics:

• Confidentiality: Ensuring that information is accessible only to those authorized to have access.
• Integrity: Safeguarding the accuracy and completeness of information and processing methods.
• Availability: Ensuring that authorized users have access to information and associated assets when required.
• Risk Management: Identifying, assessing, and prioritizing risks followed by efforts to minimize, monitor, and control the impact of unfortunate events.
• Security Policies: Formalized statements that define how an organization manages, protects, and distributes sensitive information.

2. UK National Cyber Security Centre (NCSC) Cyber Essentials

Website: NCSC Cyber Essentials

Summary: The Cyber Essentials scheme is a government-backed initiative to help organizations protect themselves against common cyber attacks. It provides materials on starting an Information Security Management System (ISMS), especially for small enterprises.

Key Topics:

• Basic Cyber Hygiene: Steps to protect against common cyber threats.
• Self-Assessment: Tools and resources to assess your organization’s cybersecurity.
• Certification: Information on how to become certified under the Cyber Essentials scheme.

3. UK Cyber Body of Knowledge (CyBOK)

Document: Martin, A., A. Rashid, H. Chivers, S. Schneider, E. Lupu, and G. Danezis. Introduction to CyBOK Knowledge Area – version 1.1.0. The National Cyber Security Centre (2021).

Summary: CyBOK offers a comprehensive guide to cybersecurity knowledge, including fundamental terms and principles, as well as detailed discussions on various cybersecurity domains.

Key Topics:

• Introduction to Cyber Security: Fundamental terms and concepts.
• Fundamental Cyber Security Principles: Principles underpinning the practice of cybersecurity.
• Knowledge Areas: Detailed descriptions of various cybersecurity domains.

Recommended Sections:

• Introduction and Section 1: Fundamental cybersecurity terms.
• Section 3: General discussion on providing cybersecurity.
• Section 4: Important fundamental cybersecurity principles.

4. National Initiative for Cybersecurity Careers and Studies (NICCS) Cybersecurity Glossary

Website: NICCS Cybersecurity Glossary

Summary: This glossary provides definitions for a wide range of cybersecurity terminology, aiding in understanding the language used in the field.

Key Topics:

• Terminology: Definitions of key terms and concepts in cybersecurity.

5. National Cyber Security Centre (NCSC) – What is Cyber Security?

Website: NCSC – What is Cyber Security?

Summary: This site offers simple introductions to cybersecurity for various audiences, covering the basics of what cybersecurity entails and its importance.

Key Topics:

• Cyber Threats: Different types of threats faced by individuals and organizations.
• Fundamental Properties: Basic properties that cybersecurity aims to maintain, such as confidentiality, integrity, and availability.

Summary

Laying the foundations in cybersecurity involves understanding key concepts and principles such as the CIA triad, risk management, and security controls. The recommended readings and resources provide a comprehensive introduction to these principles. The Information Security Management Principles book offers a structured approach to these concepts, while resources like the NCSC Cyber Essentials and CyBOK provide practical guidance and in-depth knowledge. Additionally, glossaries and introductory websites help familiarize you with the terminology and basic ideas in the field.

These resources collectively build a solid foundation for further study and practical application in cybersecurity, equipping you with the knowledge needed to protect information assets effectively.