Information Technology and Ethics/Types of Security

=Introduction=
 * Has your personal information ever been stolen from an online source? Researchers from the Journal of Information Policy reported that, in 2017, approximately $16.8 billion had been fraudulently stolen from American citizens .  Security, related to information systems, has been categorized into one of our six unique categories: physical security, network security, application security, cloud security, database security, and social engineering. Each of these individual components play a unique and pivotal role within the computer system, however, they are all interconnected. The subsequent sections will detail each of the unique roles and responsibilities of each of the six physical security components. The relationship between the categories will be outlined, as well.

=Physical Security=

Introduction to physical security
Physical security refers to the policies and procedures implemented to safeguard real property, infrastructure, and resources against unlawful entry, theft, damage, or vandalism. These precautions are necessary to protect intangible assets like intellectual property and sensitive data as well as tangible assets like infrastructure and equipment.

Why physical security is important?
Physical security is of paramount importance due to its critical role in safeguarding assets, facilities, and individuals against various threats and risks. By implementing robust physical security measures, organizations can mitigate the potential for theft, vandalism, unauthorized access, and other security breaches that could compromise their operations and assets. Access control systems, surveillance cameras, perimeter security, and security personnel contribute to creating secure environments by deterring intruders, detecting security breaches, and enabling timely responses to security incidents. Furthermore, physical security measures help ensure the safety and well-being of employees, customers, and visitors by minimizing the risk of harm or injury in emergencies. Compliance with legal and regulatory requirements related to physical security is also essential for avoiding legal liabilities and maintaining trust with stakeholders. Overall, investing in effective physical security measures is essential for protecting assets, maintaining business continuity, and fostering a safe and secure environment for all.

5 Levels of Physical Security
There are various layers or levels of physical security, each offering a distinct degree of protection. The following five degrees of physical security are widely acknowledged:


 * Deterrence: This level establishes a strong and noticeable security presence in an attempt to dissuade any attacks. It entails actions like clearly visible security cameras, warning notices placed conspicuously, and well-lit places. The intention is to cause prospective attackers to reconsider their plans before trying to circumvent security measures.
 * Detection: The main goal of detection is to spot illegal access and suspicious activity and notify the appropriate authorities. Using security systems like motion detectors, intrusion detection sensors, and surveillance cameras is part of this level. These systems keep a close eye on the surroundings and sound an alert or alarm when they see anomalous activity or security breaches.
 * Delay: Once attackers have passed the first line of defense, delay mechanisms are used to slow them down or obstruct them. Along with security doors and locks, this level also incorporates physical barriers like gates, walls, fences, and bollards. The idea is to buy time for the arrival of police enforcement or security personnel in response to the incursion.
 * Response: Response refers to the steps done in the event of a security breach or danger. This level contains procedures for reporting incidents to law enforcement, security staff, and other pertinent parties. It also includes the sending out of security officers to evaluate the circumstances, neutralize the threat, and lessen possible harm.


 * Recovery: Recovery regular operations and fixing any harm brought on by a security breach are the main goals of recovery. This level covers the protocols for evaluating vulnerabilities, carrying out post-event investigations, and putting remedial measures into place to stop such incidents in the future. It also entails repairing any interrupted services or activities and offering support and aid to the impacted people or locations.

Types of physical security
There are many different types of physical security which can be implemented to protect assets. Each type of physical security has a different purpose to fulfill. Some examples of physical security use include EAC (access cards), barriers, surveillance and alarm.


 * Access Controls: Within a facility, access controls are devices that govern and restrict access to locations or resources. Keycard access systems, biometric scanners, and conventional locks and keys are a few examples of this. Organizations can guarantee that only persons with authorization can enter restricted areas by putting access controls in place.


 * Intrusion Detection Systems: These systems identify unlawful attempts to enter or breach restricted areas and notify security staff about them. They may consist of monitoring tools, sensors, and alarms.


 * Security staff: Security personnel maintain a physical presence and serve as a warning to unauthorized persons. They keep an eye on security feeds, patrol the area, and react to crises or threats.


 * Surveillance Systems: Activities within and around a facility are monitored and recorded using surveillance systems, which include CCTV cameras, motion detectors, and alarm systems. These systems offer proof in the event of a security issue and aid in preventing attackers.


 * Environmental Controls: Systems for suppressing fires and regulating the climate, among other things, help shield physical assets from harm caused by environmental elements including flooding, fires, and extremely high or low temperatures.

=Network Security=

Introduction to Network Security
Network security is a term that describes tools and tactics implemented to prevent or protect unauthorized intrusion into your network. Network security is paramount for safeguarding data confidentiality, integrity, and availability (CIA), achieved through authentication, encryption, and access control mechanisms. It encompasses protection against a multitude of threats including data breaches, malware, SQL injection, and insider threats. Non-compliance with regulations and weak cryptography can lead to vulnerabilities, emphasizing the need for robust security measures. Network security has become a necessary tool for companies and individual residents who are keen in keeping their data safe. As we are all familiar with hackers finding every loophole to gain access to one’s information, network security is critical in our daily lives and every precaution must be taken.

Why is Network Security Needed?
⁤In this age of digital technology, network security becomes crucial to fend off a variety of threatsᅳfrom ransomware to malware and data breachesᅳthat come to hit at the very core of the business' assets and operations. ⁤⁤Proper authentication, access control, and auditing must be in place to avoid unauthorized access, thereby ensuring data privacy, especially in the light of the presence of insider threats and vulnerabilities. ⁤⁤This could lead to a series of grave incidents, such as legal penalties, and even the disruption of corporate operations when wrongly implemented data handling practices are forced along with law non-compliance. ⁤⁤Some proactive actions contained within a strong network security plan, which identifies and eliminates potential threats, protects important infrastructures, and maintains stakeholder trust, include system hardening, continuous monitoring, and vulnerability assessments. ⁤Network security usually consists of three main controls. They include:
 * Physical Network Security:
 * This is for keeping unauthorized people from the physical network component like routers.


 * Administrative Network security:
 * Works more to control behavior, who has access control and how much access they have.


 * Technical Network Security:
 * This is to protect information that is stored and shared, and also prevent unauthorized personnel from coming in.

Types of Technical Network Security:
There are over 14 technical network security tools that can be used to protect your network security and there are some environments, for example, Universities can benefit from running multiple firewalls to provide different zones of security. All listed network security techniques have different approaches to keeping the network secure. They include :
 * Anomaly Detection:
 * Just like the name, it detects anomalies in the network and alerts you immediately.


 * Email Security:
 * Phishing emails is one way hackers try to gain access to your network, email security helps detect dangerous emails and blocks you from sharing vital information.


 * Access Control:
 * Limits the amount of users that have access to specific parts of the network.


 * Anti-Malware software:
 * Identifies dangerous programs and prevents them from spreading.


 * Application Security:
 * It focuses on applications that may be relevant to your security and try to keep hackers from gaining entry.


 * Data Loss Prevention(DLS):
 * Humans are the weakest link in network security because we can literally give away important information. This security detects and blocks sensitive information.


 * Firewalls:
 * Help filter authorized and unauthorized authorities and helps with network traffic. Wireless Security:


 * Wireless Security:
 * It is much more vulnerable than traditional networks, so we need to make sure all precautions are taken.

There are many other network security that tackles different vulnerabilities. We should always remember that network security is crucial.

=Application Security =

Introduction to Application Security
Security is a critical section in protection from the many threats of the cyber world and from unauthorized entry through protection in tandem with the richly-networked current digital applications. It involves being proactive in development, integration, and testing of security features in software and hardware components to protect from vulnerabilities and attacks across the whole gamut. It focuses on authentication, encryption, access control, and secure coding practices to ensure the protection of the confidentiality, integrity, and availability (CIA) of sensitive data and resources.

Strong application security, therefore, requires putting in place measures that fight against scourges such as SQL injection, broken authentication, malware, and data breaches to instill and maintain trust in and dependability of digital applications in many a diverse environment.

Why is it important:
Application security becomes paramount when the threat landscape widens in an era of incessantly increasing technology and networking with the cloud, leading to more applications that increasingly make the attack surface open to exploitation. These risks can be lessened through application security that embeds best practices, functions, and features into software to prevent and address the threats from cyber attackers, data breaches, and many other sources.

A responsible approach in application security shall encompass the protection of sensitive data, ensure shelter against malicious attempts such as SQL injection, and, overall, ensure a malware-free platform. This is the only way by which confidentiality, integrity, and availability of essential information and resources can be guaranteed.

Types of application security features:

 * Authentication:
 * Authentication provides evidence that a claimed identity of a person is true before allowing him to access an application. Authorization helps identify the rights of access that can be granted to authenticated users; an application can make a decision to allow or deny certain activities.


 * Encryption:
 * This is actually what takes place: encryption protects data during its transmission, such that sensitive information may not be viewed by unauthorized people; it further secures the data against interception and unauthorized access during transmission..
 * Logging and Auditing:
 * Logging documents all significant events, including user access, activities performed, and system changes. Auditing enables the organizations to trace the logged data in the course of unauthorized activities or security breaches.
 * Access Control:
 * They enforce security policies that bound the user's accesses to resources based on identity and authorization, thereby insuring that sensitive data and functions are accessed only by the users who are authorized.


 * Identity and Access Management (IAM):
 * IAM frameworks enable the organization to control user identities and access rights for the resources in place in its IT infrastructure. IAM policies and technologies ensure secure and effective management of user access across applications and systems.
 * Application Security Testing:
 * They include security tests for in-app security measures which will have been put in place, vulnerability assessments, penetration testing, and code reviews to identify then fix security weaknesses so that testing of the general security posture of an application has been done.

Mobile & Web application security:

 * Mobile Applications Security:
 * Mobile application security involves incorporating measures that help in ensuring that a mobile application is protected from the occurrence of malicious attacks, unauthorized access, and data theft. Mobile applications run on mobile devices that are prone to numerous security threats such as code tampering and insecure data storage. With the need to ensure mobile application security, developers have to implement a number of security practices, including:
 * Authentication and Authorization: Strongly authenticate identity and grant access to something based on rights.
 * Encryption: The process used to encode sensitive information stored in a cell phone to prevent unauthorized access in the case of theft or loss of the cell phone.
 * Security Testing: Security testing should be carried out at periodic intervals with a view to detecting and mitigating security weaknesses.
 * Secure Coding Practices: Secure coding guidelines; for instance, secure coding practices in the light of major vulnerabilities like insecure data storage and poor input validation.
 * Web Application Security:
 * Web application security is the protection of web applications from dangerous attacks that are likely to bring about unauthorized entry and data theft. Web applications are software applications that are accessible over web browsers, so therefore, it has a possibility to be attacked using common attack methods such as cross-site scripting (XSS) and SQL injection. To improve the security of web applications, the developer should put in place the following measures:
 * Input Validation: Clean and sanitize all user inputs to avoid injection attacks such as XSS and SQL injection.
 * Authentication and Authorization: Powerful authentication and proper authorization controls are used to reduce sensitive functionalities.
 * Encryption: It safeguards the level of security for data transmission over HTTPS protocols and secures data while in transit.

Application security controls & testing:
Application security controls are essential methods and measures implemented to strengthen software code and mitigate vulnerabilities against unexpected inputs or malicious attacks. Key application security controls include:
 * Fuzzing:
 * Fuzzing is a form of testing for unexpected inputs within software that could access vulnerabilities or unauthorized points of entry. In other words, it's done to point out the available weaknesses in a system that an attacker could use.
 * Encryption:
 * Encryption is the process of translating normal data—referred to as plaintext—into unreadable ciphertext to prevent unauthorized access. In other words, encryption ensures that only authorized users will be able to decrypt the data back to their original form.
 * Firewall:
 * A firewall is a network security device that allows or denies monitored traffic according to a predefined set of security rules. It builds a barrier from trusted internal and untrusted external networks, thereby preventing access and possible threat from unauthorized entities.
 * Security Training:
 * Security Training offers security risk education and best security practices to guard against security breaches. It covers recognition and response to threats, effective use of tools for security, creation of strong passwords, and protecting sensitive information.


 * Security audit:
 * Security audits establish how far the application fulfills the previously laid down security criteria and standards, attesting that the security measures are correctly in place and that the accessible privileges are right for authorized users.


 * Penetration testing:
 * A penetration test, frequently shortened to pen test, is an authorized practice of simulating real-world cyber attacks on a computer system in order to track down and exploit the susceptibilities to security. It verifies many use scenarios and attack vectors in the course of evaluating the resilience of the security controls, hence improving the security posture of an application.

= Embedded Security =

Introduction to Embedded Security
Embedded security encompasses the design and implementation of the protection mechanisms and strategies used to secure embedded systems. An embedded system refers to specially designed computer systems, hardware and software, that perform specific functions within larger electrical or mechanical systems. In practice, these devices have been applied across disciplines, from the internet-connected devices, dubbed the Internet of Things (IoT), to industrial control systems and medical equipment. Embedded security is responsible for maintaining the confidentiality, integrity, and availability of these systems and the information they interact with.

Why is Embedded Security important?
As embedded systems are further integrated into automotive, industrial, medical, and consumer systems, the security of these devices becomes increasingly important. By nature, embedded devices are often used to serve as safeguards, watchdogs, or even implement some of the core functionality for the systems they serve. From this perspective, the security of embedded systems is essential to safely and reliably operate the devices and systems that rely on them. Embedded security describes the specific application of security in three primary contexts: hardware, firmware, and communication.

Hardware Security
Hardware security maintains the physical protection of embedded systems. This ranges from the physical placement of an entire system to the physical properties of components in an embedded system. Hardware-based encryption, cryptographically secure storage, and tamper-resistant designs are areas of interest.

Firmware Security
Firmware security is responsible for ensuring the authenticity and integrity of firmware running on the device. Areas of interest include securing the boot and update processes, anti-firmware analysis, and protection against runtime vulnerability exploitation mechanisms.

Communication Security
In this context, communication security refers to securing communication channels within and between embedded systems. This typically refers to channels implemented in hardware on the device, but it may also describe channels established with external devices and resources. Encryption, authentication, and integrity checks are crucial to prevent unauthorized access do data in transit.

Embedded Security Techniques
There are several embedded security techniques that help protect embedded systems and devices against modern threats and vulnerabilities. These techniques exist on a spectrum with one end representing the Root of Trust and Chain of Trust at the other. Root of Trust is used to categorize hardware and firmware technologies that establish a secure foundation for verifying the integrity of components within the system. Chain of Trust refers to the security measures that are used to maintain the trust and integrity established by the Root of Trust.

Hardware-based Encryption

 * Trusted Platform Modules (TPMs) and Hardware Security Modules (HSMs) are dedicated microcontrollers designed to perform cryptographic operations and protect sensitive information. They store cryptographic keys securely and prevent firmware-level threats like ransomware attacks.

Tamper Detection and Protection

 * Secure Boot
 * Secure Boot ensures that only signed and verified firmware executes during device startup, establishing the Root of Trust.
 * Secure Firmware Updates
 * Embedded systems use digital signatures to verify the authenticity and integrity of firmware updates.

Secure Communication Protocols
Embedded systems use protocols like TLS to ensure that data transmitted between external devices or components of the system maintain the Chain of Trust.

Root of Trust

Ensures that a secure foundation is established within an embedded device. “Trusted computing is an active defense technology to ensure the system environment of the device.” This typically involves hardware mechanisms like cryptographic keys and hardware security modules (HSMs). By anchoring trust, the device is “able to distinguish trusted and untrusted programs when the embedded system is running.” Thus the risk of unauthorized access is greatly mitigated.

Chain of Trust

The chain of trust builds upon the root of trust. Extends the assurance of trust throughout a device's life. Done through a series of cryptographic operations and validation methods at each step of the boot process. Then, “the secure boot process implements a chain of trust.” Then, boot loaders and operating systems are verified through digital signatures, ensuring that only authorized code is executed. Mechanisms such as updates further reinforce the authenticity and integrity of the device's software over time.

Secure Firmware Updates

Crucial for maintaining long-term “integrity, authenticity, and confidentiality.” for embedded systems and devices. Updates are securely delivered by a combination of techniques, ensuring the mitigation of tampering and modifications.

Security Techniques regarding Ethics

Embedded security techniques must incorporate ethical considerations as an integral part of their implementation. Embedded devices have become increasingly popular in recent years, and their integration into various aspects of life requires a commitment to ethical practices. Devices can be evaluated ethically and morally through privacy by design and ethical impact assessments. By adopting such techniques, organizations, and users can build trust.

Policy
Embedded security policy refers to guidelines, procedures, and practices that govern the implementation, management, and enforcement of security measures. An effective embedded security policy aligns with the system's objectives and responds to embedded systems' challenges.

Key Components

Policy is built upon foundational principles that guide development and implementation.


 * Risk Assessment and Management: Identifying potential risks and vulnerabilities in embedded systems to ensure objectives are met and regulatory compliance is met and maintained.
 * Security by Design Principles: Security considerations are incorporated throughout the entire lifecycle of embedded systems to address security risks and minimize vulnerabilities proactively.
 * Access Controls and Authentication: Regulation and access verification to functions based on user identification and permissions to prevent unauthorized access and protect sensitive data.

Embedded Security Pyramid
The following concepts make up the levels of the embedded security pyramid.


 * 1) Protocol: Designing secure protocols to achieve key security goals such as confidentiality, identification, data integrity, data origin authentication, and nonrepudiation.
 * 2) Algorithm: Design of cryptographic primitives and application-specific algorithms used within these protocols to ensure robust encryption, hashing, and authentication mechanisms.
 * 3) Architecture: Secure hardware/software partitioning and embedded software techniques aimed at preventing software hacks and unauthorized access to system resources.
 * 4) Microarchitecture:  Hardware design of modules specified at the architecture level, including processors and coprocessors, with a focus on implementing security features to resist hardware-level attacks and vulnerabilities.
 * 5) Circuit: Implementing transistor-level and package-level techniques to thwart various physical-layer attacks, ensuring the integrity and reliability of embedded devices in the face of potential physical threats.

=Cloud Security=

Introduction to Cloud Security
Hackers have gained access to almost any technical device available. Even something as simple as surfing the web can provide hackers with people's personal information. Hackers used to harvest data from physical hard drives by installing a virus that opened a back door and sent the data directly to the hacker's server. Now they have a second option--to hack the cloud directly. Enterprises, small companies, and ordinary people have begun to store data in the cloud as a security precaution. What the customer or company does not realize is that information stored in the cloud is just as vulnerable to hacking as information stored on a hard disk. Cloud security refers to the safeguarding of cloud computing files, software, and infrastructures. Many facets of cloud protection (whether public, private or hybrid) are the same as they are with any on-premises IT architecture. Cloud computing is described by the European Network and Information Security Agency (ENISA) as “Cloud computing is an on-demand service model for IT provision, often based on virtualization and distributed computing technologies.” We can also describe it as the distribution of hosted resources over the Internet, including applications, hardware, and storage. Cloud computing has become practically ubiquitous among enterprises of all sizes, mostly as part of a hybrid/multi-cloud service architecture, due to the advantages of accelerated rollout, availability, low up-front costs, and scalability.

Why is cloud security different?
In the early 1990s, funds for cloud computing began to emerge. The fundamental concept behind cloud computing is to isolate a system's architecture and mechanisms from the software and resources that it provides. Clouds are built in such a manner that they can quickly scale, are always usable, and have low operating costs. Due to on-demand multi-tenancy of software, content, and hardware resources, this is possible. According to Peter Mell (NIST), Tim Grance (NIST) “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.” Cloud computing allows enterprises to share computing and storage services with the goal of lowering computing costs. Furthermore, cloud storage allows people inside a cloud to share knowledge. Despite the benefits, data stored in the cloud is also vulnerable to theft and other security concerns.

As cloud computing continues to reshape the technological landscape, new trends are emerging in cloud security that redefine traditional approaches. The trends reflect both the challenges in the tech world and the future of the cloud. “Several prominent trends mark the future of cloud security. First, the adoption of multi-cloud and hybrid cloud environments is on the rise.” Organizations are increasingly leveraging multiple cloud providers and combining public and private cloud infrastructure to meet a set of diverse business needs. Multi-cloud environments offer added flexibility and scalability. “Another significant trend is the increasing focus on data privacy and compliance.” As organizations increasingly store and process sensitive data in the cloud, they face strict regulations such as “the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation.” Such regulations aim to protect privacy rights and ensure appropriate data handling practices.

Risks and Benefits
Cloud computing security issues can be divided into two categories: the provider issue and the client issue. In theory, cloud providers are more responsible for securing the transition from Infrastructure as a server (IaaS) to Software as a server (SaaS), while in the IaaS model, the customer bears more responsibility. Many businesses that produce and sell cloud storage software and services haven't given enough thought to the consequences of processing, storing, and viewing data in a decentralized and virtualized environment. Additionally, encryption is overlooked by cloud providers and developers, leaving data vulnerable to unauthorized access and breaches. Many cloud-based applications developers, in particular, fail to provide encryption. In other contexts, existing technical technologies simply do not enable developers to have real protection. On the other hand, the cloud user will simply be given responsibility for these data security policies in the IaaS model. With Platform as a server (PaaS), the cloud provider must use specific tools to track and protect access to the database supported. The material and data are the user's responsibility. However, by moving to cloud security, clients are able to reduce the cost and save money. Cloud Computing provides a cost-effective pay-when-you-use plan, helping organizations scale their infrastructure as needed. This cuts out the need for large initial spending and lowers ongoing costs, like upkeep and maintenance. Privacy and security are major concerns of cloud storage. Since customers' data and business logic are stored on distrusted cloud servers that are managed by the service operator. Privacy and security both prevent information disclosure, privacy-preservability is a stricter mode of confidentiality in certain ways. As a result, if cloud confidentiality is ever breached, privacy-preservability will be breached as well. To sum up, Cloud protection has two meanings, unlike the other security services: data privacy and computation privacy.

Security Concepts
The following concepts are important to secure data inside a cloud.

1) Identification: This is the first part of gaining access to a cloud, the user establishes their identity. Through unique credentials such as usernames and email addresses. Proper identification ensures that all users are authorized. In turn, this prevents unauthorized access and potential breach of security. Additionally, it links a human to the account representing them in the cloud space.

2) Authentication: Using the identification previously created, the system will test the user's identity and verifies that it is trustworthy. Authentication mechanisms such as passwords, biometrics, or tokens ensure that user identity is genuine. In turn, this establishes trustworthiness and prevents unauthorized access.

3) Accountability: This determines the actions of the user so they can later be identified. Through tracking methods, actions and events can be attributed within the cloud. The establishment of accountability enables user monitoring, detects suspicious activity, and promotes transparency.

4) Authorization: It permits the user to get in and determines the number of privileges they will get. Users can be granted or denied access to specific resources or functionalities through access control policies and role-based access controls (RBAC). Thereby reducing the risk of unauthorized access and data breaches.

5) Privacy: It establishes confidentiality and gives privacy protection to the user. Privacy also protects sensitive information from disclosure, misuse, or unauthorized access. Measures such as encryption, data anonymization, and access controls safeguard user data and ensure integrity within the cloud.

Security Options
According to IBM, security options include:


 * Identity and access management (IAM): this type of service enforces policy driven protocols like monitoring and tracking who accesses the cloud. It creates digital identities for every user that can easily be restricted when necessary, primarily this occurs during all data interactions.


 * Data loss Prevention (DLP): this service gives tools like data encryption and remediation alerts as a preventative measure and protects both active and saved date. DLP uses a combination of remediation alerts, data encryption, and other preventive measures to keep stored data safeguarded at all times.

Other security options include:
 * Security information and event management (SIEM): provides automated threat monitoring by AI. It is able to detect, respond, and monitor all data. SIEM allows for the quick application of network security protocols in the event of a potential threat.
 * Business continuity and disaster recovery: This type of service focuses on situations where all other methods have been exhausted. Regardless of the preventative measures organizations have in place for their on-premises and cloud-based infrastructures, data breaches and disruptive outages can still occur. All organizations therefore must be able to quickly react via disaster recovery plans.


 * Encryption: This service protects data by converting it into an unreadable format which can only be accessed via a decryption key. By encrypting sensitive data, organizations can ensure integrity during data transition periods. Specific methods of encryption such as fully homomorphic encryption, can “ensure query privacy and improve the efficiency of retrieval.”
 * Firewalls: The main function of firewalls, “is to protect a network against external threats and restrict internal actors.” In cloud environments, firewalls serve as the first line of defense against all cyber threats. Cloud-based firewalls are a scalable and flexible security option for both “in-home networks and in enterprise [networks].” Firewalls provide complete control over network traffic and allow for centralized visibility.
 * Intrusion detection system (IDS) : This service provides continuous monitoring for events occurring within the cloud environment. IDS analyzes for malicious activities and violations. Typically “to mitigate insider attacks”. Detects and alerts administrators of unauthorized access within the cloud environment. Various techniques for IDS are used.
 * Signature Detection (SD): The technique works based on pre-defined rules that identify known patterns or signatures. This can be “used to decide that a given pattern is that of an intruder.” SDs are highly accurate and are an excellent solution for detecting known attacks and variations of known patterns.
 * Anomaly Detection (AD): This technique is “concerned with identifying events that appear to be anomalous” to normal patterns and behavior. Unlike Signature Detection (SD), Anomaly Detection (AD) seeks to solely identify unusual patterns that may indicate a security threat.
 * Application Security: This service provides measures of protection for software applications deployed in the cloud environment. Application stacks, code data, and more are all protected through methods such as secure development practices and security patching aligned with updates.
 * Cloud Access Security Brokers (CASB): This service acts as a “security policy enforcement point positioned between enterprise users and cloud service providers.” CASB platforms act as middlemen to provide control, visibility, and security enforcement for cloud-based data and applications. CASBs also help organizations maintain compliance with government requirements.

Security Issues
The security issues within the cloud encompass a variety of challenges. “The cloud environment being distributed in nature, is facing challenges” in privacy, security, and confidentiality. Security concerns related to the cloud fall into two categories, those encountered by cloud providers and those encountered by the consumers. Other issues regarding cloud usage.


 * Who owns the data inside a cloud?

Since using a cloud service requires the user to upload onto a service that a company provides, it is not always clear who is the prime owner of the data. Storage from cloud services is often outsourced to different vendors. This becomes complicated as international laws vary with national laws regarding their regulation of it.


 * Privacy

Keeping the data secure inside the cloud is a big challenge. This is an ethical issue that the cloud service provider must deal with. The amount of privacy and security depends on the delivery model. In SaaS models, users have to trust the provider to protect their data. In PaaS models, the coders in charge of building Application on top of the platform are given some security features they can implement.


 * Cloud Provider security

Providers must be able to give the following properties to the users: ‘integrity’, ‘confidentiality’, and ‘availability’. “Integrity of data assumes a confidence that the data has not been manipulated or deleted by unauthorized actors; confidentiality assumes data has not been revealed to unauthorized parties and availability assumes the data is intact and that users can use or recover it as needed.” These three categories must always be maintained and supervised closely as a lack of attention can cause security problems. This creates and allows for data privacy to be maintained.


 * Data Encryption

Encryption techniques are thought to be a critical method in protecting cloud confidentiality and integrity. “The thought is that if data is encrypted and the keys are protected, then unauthorized users will not be able to access the unencrypted data.” However, this proves difficult. The use increasing use of third-party applications, causes the cloud environment to become more fluid. “the security perimeter is now in a state of constant flux”, meaning that there is no longer a fixed security perimeter. Allowing for more threats and vulnerabilities.


 * Access Controls

Providers must be able to offer access controls that are robust and adaptable. Only authorized users and services should be able to access private data and resources. To mitigate risks associated with access controls, providers fall back to the three areas of the CIA Triad, which are confidentiality, integrity, and availability. However, access controls present risks including privilege escalation, insider threats, and inadequate monitoring. Providers, therefore, must address issues through the triad and continuous monitoring.


 * Network Security

Ensuring network security within cloud environments presents challenges. Providers need to address ethical issues with safeguarding data transmitted over networks. Ethical responsibilities include the level of privacy and security based on different delivery models. Network security gives rise to various issues outside of ethics, such as breaches, data interceptions, Denial of Service attacks (DDoS), and Man-in-the-Middle attacks (MITM).

Security Ethics
Cloud computing and subsequently cloud security raises ethical concerns stemming from issues related to privacy, consent, and transparency. “The ethical implications of Cloud Computing are influenced by several technological factors such as security, privacy, compliance, performance metrics, etc.”

Standards

With the increase in the usage of the Cloud in various sectors, appropriate regulatory bodies and standards must be created and kept in place. Presently, “none of the standardization organizations have provided or released an interoperable cloud standards platform.” “The IEEE P2302 Standards for Cloud Federation is working on aligning with NIST-800-322”, making this partnership the closest working project that is planning to provide uniform governance. Therefore, the only mitigating factor to keep Cloud Security in check is through developing insights and control.

Responsibility

Ethics play an important role in ensuring responsible behavior by all stakeholders involved. All stakeholders are responsible for upholding the principles of integrity, accountability, and transparency. Decisions and actions related to data, privacy, and risk within the cloud should be thought of through the lens of ethics, to ensure fairness and trust.

=Database Security=

Introduction to Database Security
Database Security refers to the tools, controls, and measures designed to establish and preserve database confidentiality, integrity, and availability. Securing databases ensures that data is protected from threat actors and malicious attacks with common exploits seen in unauthorized access.

Types of Database Security
Ensuring the confidentiality of a database requires controls that protect against unauthorized access and enable the database system to manage access to data. Maintaining database integrity involves preventing unauthorized modifications to the data and ensuring its availability by avoiding data loss or compromise. Integrating all three functions will provide cohesive protection for databases.

Standard types of database security are as follows.
 * Authentication: The process of validating user credentials stored in the database.
 * Privileges: Upon successfully authenticating their credentials, users have access to their designated controls.
 * Encryption: Converts information into a coded form (ciphertexts), unreadable to anyone without the decryption key.
 * Network Security: Measures such as firewalls, intrusion detection systems, and encryption protect information and assets stored on computer networks. These security measures will promote confidentiality by protecting assets from unauthorized access, theft, or damage.
 * Access Control: A method of restricting access to personal data to only authorized users by implementing passwords, multi-factor authentication, and role-based access control.
 * Backup and Recovery: Stored copies of data that allow companies to recover data in case of a disaster or stolen or corrupted data. This process promotes a 3-2-1 data backup method, backing up three copies of data on two local devices, and one off-site (ex: cloud-based).
 * Auditing: Involves monitoring and recording all logins to the database and operating system and can include logs of actions performed on sensitive data. Audits on the database must be performed regularly to identify potential vulnerabilities in the system and network.
 * Data Monitoring: A system that alerts designated personnel of suspicious or risky user activity by monitoring who is accessing the database and when and how the data is being used.
 * Physical Security: Protects devices and facilities that contain sensitive information by using vaults or secured storage cabinets, installing cameras and alarms, or implementing access control systems with biometric authentication or key cards. Devices such as laptops and mobile phones that are susceptible to theft benefit from secure passwords, encryption, and remote wipe capabilities.

Threats and Challenges in Database Security
Organizations face a variety of threats to their database security; the following portion lists the top 10 security threats in databases. Meeting these compliance requirements in accordance with OWASP and industry best practices will strengthen risk mitigation and data protection efforts. Classifying major risks of an attack is based on three factors: threats, vulnerabilities, and impacts.
 * SQL Injection: Threat actor injects unauthorized information into a vulnerable SQL data string where the information is then sent to the database to be executed. This attack method is used to steal sensitive information or gain unlimited access to an entire database.
 * Broken Authentication and Access Control: Threat actors could gain unauthorized access to sensitive information by having insufficient authentication measures in place, poor access controls, or misconfigured permissions.
 * Data Breaches:  The release of data that was unauthorized, compromising the confidentiality of the database security.
 * Malware and Ransomware Attacks: Malicious code used in phishing attacks or unpatched software updates that can compromise the confidentiality, integrity, and availability of data.
 * Insider Threats: Authorized personnel that misuse, expose, or gain unauthorized access to sensitive data whether it is with malicious intent or unintended.
 * Weak Cryptography: Data becomes vulnerable and susceptible to unauthorized access when there are weak encryption practices, inadequate algorithms, poor key management, or lack of encryption.
 * Insecure Data Handling: The unintentional exposure or loss of data due to improper storage, transmission, or disposal of sensitive data.
 * Inadequate Third-Party Security: Vulnerabilities that can be exploited because of third-party vendors as a result of their inadequate security measures.
 * Data Inventory and Data Management: Lack of accurate inventory management makes protecting and securing data assets difficult.
 * Non-Compliance with Data Protection Regulations: Lack of compliance with industry standards, legal requirements, and data protection regulations leading to legal liabilities and reputational harm for organizations.
 * Excessive Privilege Abuse: Users or applications with more privileges than required for their job function can abuse this excessive access for malicious purposes. This can lead to unauthorized data manipulation, data breaches, and other security threats.
 * Abuse of Legitimate Privilege: Users can abuse their privileges through careless or deliberate actions to access database information for unauthorized purposes.


 * Threats: Potential events or actions that can expose sensitive information from a database. Examples of threats are seen in insider threats, external attackers, and physical security threats.
 * Vulnerabilities: Flaws or weaknesses in a database or its digital infrastructure that can be exploited for malicious purposes. SQL injection, insecure access controls, and unpatched software are vulnerabilities used to gain unauthorized access to these databases.
 * Impacts: Once a successful breach has been contained, measuring the damage and identifying areas of improvement ensure that weaknesses are fixed.

Connection to the Database
Newly created databases require proper configuration that revolve around the connectivity, operational, and communications aspects of systems. Properly configured databases with lessen the number of unwanted intrusion efforts.

System Hardening and monitoring
System Hardening refers to the process of implementing several security measures at various levels of the system to enhance security. This model promotes safer access to stored data and a decrease in data breaches. Additionally, database systems allow user management by assigning different levels of privileges that will benefit from implementing system hardening to prevent unauthorized activities from taking place.

Auditing
Auditing and monitoring records individual and aggregate actions performed by users or system events. Compared to other security mechanisms that focus on mitigating incidents, regular audits establish the root cause of the incident through a forensic analysis. Database auditing is categorized into five categories. = Security Against Social Engineering =
 * Authentication and Access Control Auditing: Gathers the who, what, when, and how of accessed information.
 * Subject/User Auditing: Locating actions committed by users/administrators of a database system, this can include insert, update, and delete activities.
 * Security Activity Monitoring: The process of locating and flagging any suspicious or unusual activity/access to sensitive information.
 * Vulnerability and Threat Analysis: Identifying vulnerabilities in the database and actively monitoring for users attempting to exploit these weaknesses.
 * Change Auditing: Integrating baseline policy for database components (. i.e. users, privileges, schemas, objects, and configurations) that will be monitored for alterations.

Introduction to Social Engineering
Social engineering typically involves tricking people into helping threat actors with their attack(s) without their knowledge by using social manipulation and psychological tricks. It’s reliance on human trust and deception make social engineering an exemplary test of network security. Threat actors can use a variety of technologies and human emotions/trust to gain unauthorized access to a network. Little to no technology is required to conduct a successful social engineering attack due to its high reliability on the threat actor’s confidence but they can benefit from phones, email, and text messages. Due to this reliance on human error and manipulation, establishing protection measures against social engineering cannot be easily done with technology. Instead, it requires a “robust information security architecture, established policies, and standards, and ongoing vulnerability evaluations”.

In this case, typical defense measures taken such as malware, firewalls, and even passwords will prove beneficial to some extent but will not guarantee full protection against social engineering. According to the 2023 Verizon Data Breach Report, 74% of all breaches include a human element “via Error, Privilege Misuse, Use of stolen credentials, or Social Engineering”.

Principles of Social Engineering Attacks
The standard lifecycle of a social engineering attacks revolves around four steps:


 * Investigation: The threat actor chooses a victim, collects background information on them, and identifies a suitable attack method.
 * Hook: A relationship is established by the threat actor to get closer and gain the trust of the victim.
 * Play: As the relationship is advancing, the threat actor will begin to manipulate the victim towards attaining information relevant to their attack.
 * Exit: Once the necessary amount of information is collected or the victim executes the desired action, the threat actor ends all communication and moves onto a new target.

Given this outline, relevant principles can be identified that align with the tactics used in social engineering attacks.


 * Reciprocity: The act of returning a favor is common etiquette in many cultures, a threat actor may offer their victim something of value to prompt them towards reciprocating a favor.
 * Commitment and Consistency: Once people have committed to a decision, they become more likely to honor that commitment to not tarnish their self-image. A victim may be inclined to continue interacting with the threat actor because of prior conversations.


 * Social Proof: The act of following the crowd can result in people over-sharing information if they feel safe.


 * Authority: Compromised user accounts from authority figures allow threat actors to impersonate their likeliness or the company and prompt users towards carrying out their demands.


 * Liking: People are more likely to fall for a threat actor that presents themselves with a kind personality even if they are feigning.


 * Scarcity: Presenting an offer as “limited time” or “rare” can lead to a immediate response from the victim.

Social Engineering Attack Types
There are multiple social engineering attack types that attackers can use to compromise organizations, below is a list of these methods.

Baiting: Making false promises to lure users into revealing personal information or installing malware. These scams can come in the form of ads promising a new phone or money.

Diversion Threat: Tricking the user into sending sensitive information to the wrong sender.

Whaling: Targeted phishing attacks, typically on a high-profile individual, using in-depth research to personalize phishing attempts and gain access to their device or personal information.

Spoofing: Attackers pretend to be a trusted source to their target by presenting legitimate information with malicious intent, used for IP, DNS, GPS, website, and calls.

Smishing/SMS-phishing: Sending people fake text messages that are meant to trick them into downloading malware or sending the attackers money.

Vishing: Similar to phishing with emails, vishing focuses on fraudulent phone calls that trick the target into providing sensitive information.

Quid Pro Quo: Threat actor promises their target a favor in exchange for something of value, often information. The phrase “quid pro quo” stands for “something for something”.

Pretexting: Using fabricated stories to gain a victim’s trust and trick them into sharing sensitive information, sending money, or downloading malware. Tailgaiting/Piggybacking: Gaining unauthorized access into a physical space by closely following an individual with the appropriate credentials entering the space.

Dumpster Diving: Going through dumpsters with the intention of finding improperly disposed of sensitive information or non-wiped devices. Physical Breach Attack: Gaining unauthorized access into a physical space using deception tactics. For example, gaining unauthorized entry into an office space and stealing physical documents with sensitive information. Scareware: Uses fear to prompt people into visiting infected websites or download malware. DNS Spoofing: Manipulating DNS records with the intention of redirecting users towards a malicious site that resembles the user’s intended direction. Watering Hole Attack: Targeted attack meant to compromise users from a specific group or industry by infecting websites they tend to visit or baiting them towards a malicious site.

Goals of Social Engineering Attacks
Social engineering attackers typically have one of two goals:

1.    Sabotage: Corrupt or disrupt data/services to cause harm or inconvenience.

2.    Theft: Gather valuable information, money, or access.

The motivation behind conducting social engineering attacks for many attackers is by means of financial gain. Stealing sensitive information for identity theft, gaining unauthorized access to banking accounts, and credit card details are ways in which these attackers benefit from abusing human trust and being manipulative.

Examples of Recent Attacks
MGM Breach

In 2023, hackers were able to infiltrate MGM Resorts’ systems leading to a significant cybersecurity breach. The attackers used social engineering techniques to manipulate a customer support employee into providing access credentials. By impersonating authorized personnel and using persuasive tactics, the hackers were able to gain access to critical systems. This breach had substantial repercussions, causing operational disruptions, and compromising customer data across multiple MGM properties leading to a loss of approximately $100 million.

T-Mobile Data Breach

Being labeled one of the largest cybersecurity incidents of the year, the personal information of over 50 million T-Mobile customers was exposed in August 2021. Attackers used social engineering tactics, such as manipulating employees into giving access credentials or using other potential methods to gain entry to T-Mobile's systems. This allowed them to breach T-Mobile's servers and extract large amounts of sensitive customer data, including names, social security numbers, and other personal information. The incident demonstrated the vulnerability that large companies face towards targeted attacks exploiting human error or trust. The breach had significant repercussions for T-Mobile's reputation and prompted increased scrutiny of data security measures.

UK Energy Company CEO Tricked by AI Phone Call

Attackers used AI speech synthesis software to mimic the voice of a chief executive and demand a transfer of $243,000 over the phone. The victim believed he was talking to his German-based boss and initiated the transfer. The transferred funds were sent to a Hungarian bank account and later moved to Mexico before being dispersed to various locations. It is unknown whether the criminals used bots to answer the victim's questions. This is quite a unique case and a prime example of the kinds of clever ways attackers can use new AI technologies to take advantage of unsuspecting victims.

2020 Twitter Account Hijacking

In July 2020, the Twitter accounts of several celebrities and executives were compromised through a "phone spear phishing attack" targeted at a small number of employees. The attack gave the hackers access to Twitter's internal administrative systems, which they exploited to post Bitcoin scam messages. The company admitted that the incident was due to a loss of control of its internal systems to hackers who may have bribed, deceived, or coerced Twitter employees.

The attackers targeted a few employees and pretended to be Twitter personnel while contacting them, taking advantage of the remote working conditions caused by the pandemic. They directed their victims to log in to a fake internal Twitter VPN, which was made to look like the real one using information obtained from public sources. To bypass two-factor authentication, the attackers entered stolen credentials into the real Twitter VPN portal and asked for the two-factor authentication code within seconds of the employees entering their information into the fake VPN.

2021 Robinhood Data Breach

In 2021, Robinhood faced yet another security breach where it was revealed that an unauthorized third party had managed to access millions of its customers' data. Robinhood announced that an "unauthorized party" was able to socially engineer a customer support employee over the phone and gain access to some customer support systems. The company disclosed that the unauthorized party obtained a list of email addresses for roughly five million individuals, and full names for a separate group of two million people. Additionally, personal information such as name, date of birth, and zip code were exposed for approximately 310 individuals, while a small subset of about 10 customers had more detailed account information compromised.

2022 Uber Data Breach

In September 2022, Uber was breached by a social engineering attack, where a hacker was able to deceive an employee into divulging their login credentials. The hacker gained entry into the company's internal systems by compromising an employee's Slack account. The individual responsible for the attack claimed to have posed as a corporate IT professional in a text message to the employee, convincing them to disclose a password that enabled the hacker to access Uber's systems. Despite Uber's multi-factor authentication (MFA) policy, the attacker persisted in sending multiple MFA requests to the employee until they were granted access and ultimately managed to compromise the system. This was not the first instance of data theft from Uber, as in 2016, hackers stole information from 57 million driver and rider accounts and demanded $100,000 from Uber in exchange for deleting their copy of the data. While Uber did pay the ransom, they kept the breach a secret for over a year.

Preventative Steps Against Social Engineering Attacks
Being aware of how these threat actors identify targets can lower the likelihood of being targeted and stop a social engineering attack. Below are key steps to take as listed by the US Cybersecurity and Infrastructure Agency (CISA).


 * Be suspicious of unknown phone calls, visits, and emails where the person is requesting personal information from an employee or even internal information. If the person claims to be from an organization, verify their identity with the company.
 * If you are not sure about a person's identity and authority, do not share personal or organizational information.
 * Educate people on common tactics used by social engineering hackers as an educated person is more likely to recognize their tactics and avoid them.
 * Do not send personal and sensitive information over the internet without checking the website’s security. Look for “https” on the URL demonstrating that the site is secure and a closed padlock icon signifying that information will be encrypted.
 * Use multi-factor authentication (MFA) when configuring devices and services.
 * Verify any links and files are secure and legitimate by matching the URL with the email.
 * Anti-virus software, firewalls, and email filters help lower the amount of phishing emails received by people.

= References =