Thinking Like a Pro
Security is not a product you buy; it is a process you follow. It requires a specific way of thinking that balances usability with protection.
1. The CIA Triad
The three pillars of information security:
- Confidentiality: Only authorized people see the data. (Encryption enforces this).
- Integrity: The data has not been changed. (Hashing enforces this).
- Availability: The data is accessible when needed. (Backups and redundancy enforce this).
2. Least Privilege
Users and programs should only have the bare minimum permissions necessary to do their job. If a secretary doesn't need to delete the company database, they shouldn't have the permission to do so. This limits the damage if an account is compromised.
3. Defense in Depth
Never rely on a single defensive mechanism. If you have a firewall, add an antivirus. If you have an antivirus, add MFA. Security is like an onion: it should have layers.
🔬 Lab Exercise: The Lockdown
Objective: Audit a computer for basic security.
Perform a self-audit on your own PC:
- Is the Firewall turned on?
- Is the automatic screen lock set to 5 minutes or less?
- Is the Guest account disabled?
- Are you running as an Administrator for daily tasks? (You shouldn't be!)
- Do you have unique passwords for every major account?