Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 6

Cybersecurity Basics #1 - The Goal

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Third time's a charm having some trouble streaming and set live. So I'm just going to record it straight up and then push it out on the channels afterwards. We're talking about cyber security Basics. This is the first in an ongoing series for a little while. So as always I'm looking for your feedback and looking for an input.

Hit me up online. I'm at Mark NCAA for those of you on the blog in the comments down below or is always by email me at Mark M. CA want to start by laying out why we're doing any of us. What's the goal of cybersecurity? The goal is pretty straightforward.

It's to make sure that whatever you've built does what you intended to do and only that It's pretty straightforward and simple definition. Most people can understand that whatever you should do what you want to do. But only the Packers and bad guys absolutely but that's covered in that definition definition also covers a lot more.

So let me give you an example if we had built a streaming site. So whatever Avenue you're watching or listening to this broadcast. You want to make sure that hackers can't take it down. You want to make sure that it's always available to give users. That's pretty cool. But people are broadcasting on your platform and you want to give them the ability to set things to be public or lockdown to specific accounts.

And if that doesn't work properly now, you have a potential breach in that. I'm broadcasting privately to you. What's actually going out publicly to the world. That's a security issue is well, and if you only think of security in the context of stopping fat guys, you're going to miss that other very real and frankly more common case.

So it's really important to think of that goal all the time the goal of cybersecurity to make sure that whatever you feel works as intended and only as intended and the second thing I wanted to cover in the first video second thing in the first video that makes sense was the different types of security because you're going to hear security referred to as cyber security security information security.

Sometimes you operational Security Forces physical security. Now, there's some reasoning behind all of these different definitions the you know, it's important know what they are. But I'm so physical security pretty straightforward most people get an introduction to that when they were kids you locked up your bike at school so that nobody else could take it.

Right and we practice physical security all the time. We lock her car as we lock her house is it's a pretty simple concept understand is on a New Orleans Saints practice pretty straightforward physical security operational security is the practice of the process. Around your everyday work flow and I'm so an example of operational security is what they were having a conversation at the coffee shop and I'm right where we're out of the patio at the coffee house were having a nice drink and we're having a conversation now operational Security will Define what level of a death of information that you and I can share so if we're talking about work and we're on public and talking about a really sensitive project.

It's not public yet. That's probably a breach of operational security. So the operational security process would say, hey don't share sensitive information out in public. Even if you are authorized to hear what I'm telling you the people at the tables around us or not right to operational security is that process it's that practice of security and regardless of the system of the environment.

So if you were a big fan of spy movies has basically called tradecraft. So operational security is the process. I am very much people based though. There is obviously some automated systems and play Here is cybersecurity originally referred to the defense of a digital systems. So you can you walk down servers make sure that that nobody gets to them.

Can you secure your laptop to your mobile? See how was things like that? It's expanded. Now, we use cyber security in a much broader definition and then there's information security information security is really really interesting because it's more about the information. The systems that are on top of it.

I started this is a process that are storage that's obviously critical as well. But it handles a process all three areas or digital security cyber security and Crosses operational security full physical security the information itself, and then of course, there's just security which covers everything. So can you hear those turns off then and there if they're important but they're not absolutely critical because your goal focus and you remember that that goal of all types of Securities to make sure that whatever you've built works as you intended only as in Understanding that goal moving forward helps provide context in context is absolutely critical to give you a quick example to wrap up this first video when it comes to physical security very few people question the value of seatbelts.

Most people accept them. What do you like wearing them or not? Most people accept the fact that she felt that will protect you in a collision. There is very little debate at this point around that people understand why is security control the seat belt is in place when it comes to the digital world.

We lose sight of that a lot. We don't provide people with adequate context understand why things like the little safety belt equivalents are in place. My favorite example is the password so we know the passwords are have been horribly managed and worked and presented and dealt with in journal for the last however long we've been using passwords.

We know that based on Math logic and probability and human nature that past phrases are a much better thing. So passphrase is literally a sentence or phrase that is unique to you because it's better because it's longer and the longer something is the harder it is for a human to get us but also the harder it is for computer to guess so we know the past phrases are far superior than that ridiculous 8 character needs a letter needs a number blah blah blah passphrases generate better outcomes in the official password guidance from Mist, which is a big standard but it's a National Institute for standards and technology in the officially updated their guidance last year so we know and you know, it's finally gotten through the old guards head that has phrases are better, but we really communicate this out well to users and people just Grumble along with their passwords, which is led to your password one.

I'll have to change a password to password 3 and that for me is a great example of where the security communities failed because we don't make it easy to understand the cause. Where's if you understood the context around password choices, and we'll cover that in another video because it doesn't go on forever.

But that one is that if there's really important reasons behind that, but if you was a user don't know those reasons, you're going to push back against that security control because it's in your way. So as little of Burden a seatbelt is just a click and I'll take it and click it in, you know the benefits.

So even that have second action. You understand the benefit you're getting back for it. We don't make that equivalent in cybersecurity and and so that's part of the goal of this Basics. However, this isn't like every morning with Mark this set of top of his going to be driven by you.

I need to know what you guys want to hear. What words are did you hear not understand or can't put a certain Concepts in context? And do you have a great way to explain some of these things? Let me know. Hit me up online at Mark and see if it was you watching the blogs in the comments down below and as always by email me at Mark ended the.

Ca I'd love to hear your examples your challenges. I'm always here to help. I hope you're set up for a wonderful day at I will talk to you online and I will see you on the show tomorrow hopefully streaming for shot instead of third time. Third time's a charm having some trouble streaming and set live.

So I'm just going to record it straight up and then push it out on the channels afterwards. We're talking about cyber security Basics. This is the first in an ongoing series for a little while. So as always I'm looking for your feedback and looking for an input. Hit me up online.

I'm at Mark NCAA for those of you on the blog in the comments down below or is always by email me at Mark M. CA want to start by laying out why we're doing any of us. What's the goal of cybersecurity? The goal is pretty straightforward. It's to make sure that whatever you've built does what you intended to do and only that It's pretty straightforward and simple definition.

Most people can understand that whatever you should do what you want to do. But only the Packers and bad guys absolutely but that's covered in that definition definition also covers a lot more. So let me give you an example if we had built a streaming site. So whatever Avenue you're watching or listening to this broadcast.

You want to make sure that hackers can't take it down. You want to make sure that it's always available to give users. That's pretty cool. But people are broadcasting on your platform and you want to give them the ability to set things to be public or lockdown to specific accounts.

And if that doesn't work properly now, you have a potential breach in that. I'm broadcasting privately to you. What's actually going out publicly to the world. That's a security issue is well, and if you only think of security in the context of stopping fat guys, you're going to miss that other very real and frankly more common case.

So it's really important to think of that goal all the time the goal of cybersecurity to make sure that whatever you feel works as intended and only as intended and the second thing I wanted to cover in the first video second thing in the first video that makes sense was the different types of security because you're going to hear security referred to as cyber security security information security.

Sometimes you operational Security Forces physical security. Now, there's some reasoning behind all of these different definitions the you know, it's important know what they are. But I'm so physical security pretty straightforward most people get an introduction to that when they were kids you locked up your bike at school so that nobody else could take it.

Right and we practice physical security all the time. We lock her car as we lock her house is it's a pretty simple concept understand is on a New Orleans Saints practice pretty straightforward physical security operational security is the practice of the process. Around your everyday work flow and I'm so an example of operational security is what they were having a conversation at the coffee shop and I'm right where we're out of the patio at the coffee house were having a nice drink and we're having a conversation now operational Security will Define what level of a death of information that you and I can share so if we're talking about work and we're on public and talking about a really sensitive project.

It's not public yet. That's probably a breach of operational security. So the operational security process would say, hey don't share sensitive information out in public. Even if you are authorized to hear what I'm telling you the people at the tables around us or not right to operational security is that process it's that practice of security and regardless of the system of the environment.

So if you were a big fan of spy movies has basically called tradecraft. So operational security is the process. I am very much people based though. There is obviously some automated systems and play Here is cybersecurity originally referred to the defense of a digital systems. So you can you walk down servers make sure that that nobody gets to them.

Can you secure your laptop to your mobile? See how was things like that? It's expanded. Now, we use cyber security in a much broader definition and then there's information security information security is really really interesting because it's more about the information. The systems that are on top of it.

I started this is a process that are storage that's obviously critical as well. But it handles a process all three areas or digital security cyber security and Crosses operational security full physical security the information itself, and then of course, there's just security which covers everything. So can you hear those turns off then and there if they're important but they're not absolutely critical because your goal focus and you remember that that goal of all types of Securities to make sure that whatever you've built works as you intended only as in Understanding that goal moving forward helps provide context in context is absolutely critical to give you a quick example to wrap up this first video when it comes to physical security very few people question the value of seatbelts.

Most people accept them. What do you like wearing them or not? Most people accept the fact that she felt that will protect you in a collision. There is very little debate at this point around that people understand why is security control the seat belt is in place when it comes to the digital world.

We lose sight of that a lot. We don't provide people with adequate context understand why things like the little safety belt equivalents are in place. My favorite example is the password so we know the passwords are have been horribly managed and worked and presented and dealt with in journal for the last however long we've been using passwords.

We know that based on Math logic and probability and human nature that past phrases are a much better thing. So passphrase is literally a sentence or phrase that is unique to you because it's better because it's longer and the longer something is the harder it is for a human to get us but also the harder it is for computer to guess so we know the past phrases are far superior than that ridiculous 8 character needs a letter needs a number blah blah blah passphrases generate better outcomes in the official password guidance from Mist, which is a big standard but it's a National Institute for standards and technology in the officially updated their guidance last year so we know and you know, it's finally gotten through the old guards head that has phrases are better, but we really communicate this out well to users and people just Grumble along with their passwords, which is led to your password one.

I'll have to change a password to password 3 and that for me is a great example of where the security communities failed because we don't make it easy to understand the cause. Where's if you understood the context around password choices, and we'll cover that in another video because it doesn't go on forever.

But that one is that if there's really important reasons behind that, but if you was a user don't know those reasons, you're going to push back against that security control because it's in your way. So as little of Burden a seatbelt is just a click and I'll take it and click it in, you know the benefits.

So even that have second action. You understand the benefit you're getting back for it. We don't make that equivalent in cybersecurity and and so that's part of the goal of this Basics. However, this isn't like every morning with Mark this set of top of his going to be driven by you.

I need to know what you guys want to hear. What words are did you hear not understand or can't put a certain Concepts in context? And do you have a great way to explain some of these things? Let me know. Hit me up online at Mark and see if it was you watching the blogs in the comments down below and as always by email me at Mark ended the.

Ca I'd love to hear your examples your challenges. I'm always here to help. I hope you're set up for a wonderful day at I will talk to you online and I will see you on the show tomorrow hopefully streaming for shot instead of third time.