What is Network Security?

Network Security protects your network and data from breaches, intrusions and other
threats. This is a vast and overarching term that describes hardware and software solutions
as well as processes or rules and configurations relating to network use, accessibility, and
overall threat protection. Network Security involves access control, virus and antivirus
software, application security, network analytics, types of network-related security
(endpoint, web, wireless), firewalls, VPN encryption and more.

Benefits of Network Security

Network Security is vital in protecting client data and information, keeping shared data
secure and ensuring reliable access and network performance as well as protection from
cyber threats. A well designed network security solution reduces overhead expenses and
safeguards organizations from costly losses that occur from a data breach or other security
incident. Ensuring legitimate access to systems, applications and data enables business
operations and delivery of services and products to customers.

Types of Network Security Protections

Firewall

Firewalls control incoming and outgoing traffic on networks, with predetermined security
rules. Firewalls keep out unfriendly traffic and is a necessary part of daily computing.
Network Security relies heavily on Firewalls, and especially Next Generation Firewalls, which
focus on blocking malware and application-layer attacks.

Network Segmentation

Network segmentation defines boundaries between network segments where assets within
the group have a common function, risk or role within an organization. For instance, the
perimeter gateway segments a company network from the Internet. Potential threats
outside the network are prevented, ensuring that an organization’s sensitive data remains
inside. Organizations can go further by defining additional internal boundaries within their
network, which can provide improved security and access control.
What is Access Control?

Access control defines the people or groups and the devices that have access to network
applications and systems thereby denying unsanctioned access, and maybe threats.
Integrations with Identity and Access Management (IAM) products can strongly identify the
user and Role-based Access Control (RBAC) policies ensure the person and device are
authorized access to the asset.

Remote Access VPN

Remote access VPN provides remote and secure access to a company network to individual
hosts or clients, such as telecommuters, mobile users, and extranet consumers. Each host
typically has VPN client software loaded or uses a web-based client. Privacy and integrity of
sensitive information is ensured through multi-factor authentication, endpoint compliance
scanning, and encryption of all transmitted data.

Zero Trust Network Access (ZTNA)

The zero trust security model states that a user should only have the access and
permissions that they require to fulfill their role. This is a very different approach from that
provided by traditional security solutions, like VPNs, that grant a user full access to the
target network. Zero trust network access (ZTNA) also known as software-defined perimeter
(SDP) solutions permits granular access to an organization’s applications from users who
require that access to perform their duties.

Email Security

Email security refers to any processes, products, and services designed to protect your
email accounts and email content safe from external threats. Most email service providers
have built-in email security features designed to keep you secure, but these may not be
enough to stop cybercriminals from accessing your information.

Data Loss Prevention (DLP)

Data loss prevention (DLP) is a cybersecurity methodology that combines technology and
best practices to prevent the exposure of sensitive information outside of an organization,
especially regulated data such as personally identifiable information (PII) and compliance
related data: HIPAA, SOX, PCI DSS, etc.
Intrusion Prevention Systems (IPS)

IPS technologies can detect or prevent network security attacks such as brute force attacks,
Denial of Service (DoS) attacks and exploits of known vulnerabilities. A vulnerability is a
weakness for instance in a software system and an exploit is an attack that leverages that
vulnerability to gain control of that system. When an exploit is announced, there is often a
window of opportunity for attackers to exploit that vulnerability before the security patch is
applied. An Intrusion Prevention System can be used in these cases to quickly block these
attacks.

Cloud Network Security

Applications and workloads are no longer exclusively hosted on-premises in a local data
center. Protecting the modern data center requires greater flexibility and innovation to keep
pace with the migration of application workloads to the cloud. Software-defined Networking
(SDN) and Software-defined Wide Area Network (SD-WAN) solutions enable network
security solutions in private, public, hybrid and cloud-hosted Firewall-as-a-Service (FWaaS)
deployments.

What is Application Security?

Application security aims to protect software application code and data against cyber
threats. You can and should apply application security during all phases of development,
including design, development, and deployment.

Here are several ways to promote application security throughout the software development
lifecycle (SDLC):

 Introduce security standards and tools during design and application development
phases. For example, include vulnerability scanning during early development.
 Implement security procedures and systems to protect applications in production
environments. For example, perform continuous security testing.
 Implement strong authentication for applications that contain sensitive data or are
mission critical.
 Use security systems such as firewalls, web application firewalls (WAF), and intrusion
prevention systems (IPS).
Information and Data Security
Information and Data Security is a recognition of the direct link between mastery of data
and the ability to protect it. With data theft impacting over 1 billion people and businesses,
IDC identifies and quantifies solutions that can protect data against an evolving host of
threats. Topic areas include using content as the control point for cybersecurity and data
protection, including message security and sensitive data management technologies. Other
topics include the evolution of cryptography as we move toward cloud computing, Big Data
and analytics, and the collection of massive amounts of machine and user-created content,
which is increasingly turning many enterprises into data brokers. This service also includes
coverage of masking and tokenization techniques as enterprise data stores grow with the
promise of analytics and the use of data to enable behavioral security solutions, cognitive
analytics, and monitoring and supervision
What is Identity Management?

Identity management (IdM), also known as identity and access management (IAM)

ensures that authorized people – and only authorized people – have access to the
technology resources they need to perform their job functions. It includes polices and
technologies that encompass an organization-wide process to properly identify,
authenticate, and authorize people, groups of people, or software applications through
attributes including user access rights and restrictions based on their identities.

How does Identity Management Work?

As part of an overall IAM framework which covers access management and identity
management, enterprises typically utilize both user management component and a central
directory component such as Active Directory for Windows or Apache Directory Studio or
Open LDAP for Linux systems.

The user management component handles delegation of admin authority, tracking roles and
responsibilities for each user and group, provisioning and de-provisioning user accounts,
and password management. Some or all of these functions, such as password reset, are
typically self-service to reduce the burden on IT staff.

What is Operational Security?

Operational security (OPSEC) is a security and risk management process that prevents
sensitive information from getting into the wrong hands. 
Another OPSEC meaning is a process that identifies seemingly innocuous actions that could
inadvertently reveal critical or sensitive data to a cyber criminal. OPSEC is both a process
and a strategy, and it encourages IT and security managers to view their operations and
systems from the perspective of a potential attacker. It includes analytical activities and
processes like behavior monitoring, social media monitoring, and security best practice.

A crucial piece of what is OPSEC is the use of risk management to discover potential threats
and vulnerabilities in organizations’ processes, the way they operate, and the software and
hardware their employees use. Looking at systems and operations from a third party’s point
of view enables OPSEC teams to discover issues they may have overlooked and can be
crucial to implementing the appropriate countermeasures that will keep their most sensitive
data secure.

What is mobile security (wireless security)?

Mobile security is the protection of smartphones, tablets, laptops and other portable

computing devices, and the networks they connect to, from threats and vulnerabilities
associated with wireless computing.

Why is mobile security important?

Securing mobile devices has become increasingly important as the number of devices and
the ways those devices are used have expanded dramatically. In the enterprise, this is
particularly problematic when employee-owned devices connect to the corporate network.

Increased corporate data on devices increases the draw of cybercriminals who can target
both the device and the back-end systems they tap into with mobile malware. IT
departments work to ensure that employees know what the acceptable use policies are, and
administrators enforce those guidelines.

Without mobile device security measures, organizations can be vulnerable to malicious

software, data leakage and other mobile threats. Security breaches can cause widespread
disruptions in the business, including complicating IT operations and affecting user
productivity if systems must shut down.

Some of these best practices pertain to the way the device itself is configured, but
other best practices have more to do with the way the user uses the device.

Device security. From a device configuration standpoint, many organizations put policies

into place requiring devices to be locked with a password or to require biometric
authentication. Organizations also use mobile device security software that allows them to
deploy matches to devices, audit the OS levels that are used on devices and remote wipe a
device. For instance, an organization may want to remotely wipe a phone that an employee
accidentally leaves in public.

End-user practices. Some end-user mobile security best practices might include avoiding
public Wi-Fi or connecting to corporate resources through a virtual private network (VPN).
IT staff can also educate users on mobile threats such as malicious software and seemingly
legitimate apps that are designed to steal data.

What are the benefits of mobile security?

The most obvious benefit to mobile security is preventing sensitive data from being leaked
or stolen. Another important benefit, however, is that by diligently adhering to security best
practices, an organization may be able to prevent ransomware attacks that target mobile
devices.

At a higher level, a solid mobile device security plan can help to ensure regulatory
compliance. A strategy also makes mobile devices and the software that runs on them
easier to manage.

Cloud security definition

Cloud security is a discipline of cyber security dedicated to securing cloud computing

systems. This includes keeping data private and safe across online-based infrastructure,
applications, and platforms. Securing these systems involves the efforts of cloud providers
and the clients that use them, whether an individual, small to medium business, or
enterprise uses.

Cloud providers host services on their servers through always-on internet connections.
Since their business relies on customer trust, cloud security methods are used to keep client
data private and safely stored. However, cloud security also partially rests in the client’s
hands as well. Understanding both facets is pivotal to a healthy cloud security solution.

At its core, cloud security is composed of the following categories:

 Data security

 Identity and access management (IAM)

  Governance (policies on threat prevention, detection, and mitigation)

 Data retention (DR) and business continuity (BC) planning

 Legal compliance

Cloud security may appear like legacy IT security, but this framework actually demands a
different approach. Before diving deeper, let’s first look at what cloud security is.

What is cloud security?

Cloud security is the whole bundle of technology, protocols, and best practices that protect
cloud computing environments, applications running in the cloud, and data held in the
cloud. Securing cloud services begins with understanding what exactly is being secured, as
well as, the system aspects that must be managed.

As an overview, backend development against security vulnerabilities is largely within the

hands of cloud service providers. Aside from choosing a security-conscious provider, clients
must focus mostly on proper service configuration and safe use habits. Additionally, clients
should be sure that any end-user hardware and networks are properly secured.

The full scope of cloud security is designed to protect the following, regardless of your
responsibilities:

 Physical networks — routers, electrical power, cabling, climate controls, etc.

 Data storage — hard drives, etc.
 Data servers — core network computing hardware and software
 Computer virtualization frameworks — virtual machine software, host machines,
and guest machines
 Operating systems (OS) — software that houses
 Middleware — application programming interface (API) management,
 Runtime environments — execution and upkeep of a running program
 Data — all the information stored, modified, and accessed
 Applications — traditional software services (email, tax software, productivity
suites, etc.)
 End-user hardware — computers, mobile devices, Internet of Things (IoT) devices,
etc.
What is Disaster Recovery?
Disaster recovery is an organization’s method of regaining access and functionality to its
IT infrastructure after events like a natural disaster, cyber attack, or even business
disruptions related to the COVID-19 pandemic. A variety of disaster recovery (DR) methods
can be part of a disaster recovery plan. DR is one aspect of business continuity.
How does disaster recovery work?
Disaster recovery relies upon the replication of data and computer processing in an off-
premises location not affected by the disaster. When servers go down because of a natural
disaster, equipment failure or cyber attack, a business needs to recover lost data from a
second location where the data is backed up. Ideally, an organization can transfer its
computer processing to that remote location as well in order to continue operations. 
5 top elements of an effective disaster recovery plan
1. Disaster recovery team: This assigned group of specialists will be responsible
for creating, implementing and managing the disaster recovery plan. This plan
should define each team member’s role and responsibilities. In the event of a
disaster, the recovery team should know how to communicate with each other,
employees, vendors, and customers.

2. Risk evaluation: Assess potential hazards that put your organization at risk.
Depending on the type of event, strategize what measures and resources will be
needed to resume business. For example, in the event of a cyber attack, what
data protection measures will the recovery team have in place to respond?

3. Business-critical asset identification: A good disaster recovery plan includes

documentation of which systems, applications, data, and other resources are
most critical for business continuity, as well as the necessary steps to recover
data.

4. Backups: Determine what needs backup (or to be relocated), who should

perform backups, and how backups will be implemented. Include a recovery
point objective (RPO) that states the frequency of backups and a recovery time
objective (RTO) that defines the maximum amount of downtime allowable after
a disaster. These metrics create limits to guide the choice of IT strategy,
processes and procedures that make up an organization’s disaster recovery plan.
The amount of downtime an organization can handle and how frequently the
organization backs up its data will inform the disaster recovery strategy.
 5. Testing and optimization: The recovery team should continually test and
update its strategy to address ever-evolving threats and business needs. By
continually ensuring that a company is ready to face the worst-case scenarios in
disaster situations, it can successfully navigate such challenges. In planning how
to respond to a cyber attack, for example, it’s important that organizations
continually test and optimize their security and data protection strategies and
have protective measures in place to detect potential security breaches.
How to build a disaster recovery team?

Whether creating a disaster recovery strategy from scratch or improving an existing plan,
assembling the right collaborative team of experts is a critical first step. It starts with
tapping IT specialists and other key individuals to provide leadership over the following key
areas in the event of a disaster:

 Crisis management: This leadership role commences recovery plans,

coordinates efforts throughout the recovery process, and resolves problems or
delays that emerge.
 Business continuity: The expert overseeing this ensures that the recovery
plan aligns with the company’s business needs, based on the business impact
analysis.
 Impact assessment and recovery: The team responsible for this area of
recovery has technical expertise in IT infrastructure including servers, storage,
databases and networks.
 IT applications: This role monitors which application activities should be
implemented based on a restorative plan. Tasks include application integrations,
application settings and configuration, and data consistency.

What Is a Business Continuity Plan (BCP)? 

A business continuity plan (BCP) is a system of prevention and recovery from potential
threats to a company. The plan ensures that personnel and assets are protected and are
able to function quickly in the event of a disaster.

 Business continuity plans (BCPs) are prevention and recovery systems for potential
threats, such as natural disasters or cyber-attacks.
  BCP is designed to protect personnel and assets and make sure they can function
quickly when disaster strikes.
 BCPs should be tested to ensure there are no weaknesses, which can be identified
and corrected.

What is the CIA Triad?

The CIA Triad is a fundamental cybersecurity model that acts as a foundation in the
development of security policies designed to protect data. The three letters in CIA
Triad stand for Confidentiality, Integrity, and Availability.
In theory, the CIA Triad combines three distinct means of interacting with data to create a
model for data security. First, the principle of confidentiality requires that only authorized
users have access to data within a system.

The second tenet of integrity imparts the necessity of the trustworthiness and veracity of
data. The final component of availability dictates that data must be accessible where and
when users need it. The intersection of these three concepts is a guiding framework for
protecting digital information.

What Are the Origins of the Triad?

As much as the name implies, the CIA Triad is not related to the Central Intelligence
Agency; although, their cyber security program almost assuredly utilizes the model.

The individual principles have existed since even before computer data became a reality in
the mid-twentieth century. And they were independently utilized in data security since then,
but it is not known when the tenets were first thought of as a triad.

The term is mentioned in the 1998 book Fighting Computer Crime, and it appeared to be
the standard among security practices at that time. No matter when the idea of the Triad
was first conceptualized, the principles have long been in use by security professionals who
understood the need to make information more secure.
Where Does the CIA Triad Fit into Cybersecurity?
Effective protection of digital assets begins with the principles of the CIA Triad. All three
tenets are necessary for data protection, and a security incident for one can cause issues for
another. Although confidentiality and integrity are often seen as at odds in cybersecurity
(i.e., encryption can compromise integrity), they should be balanced against risks when
designing a security plan.
The CIA Triad forces system designers and security experts to consider all three principles
when developing a security program to protect against modern data loss from cyber threats,
human error, natural disasters, and other potential threats. It is a springboard for
conceptualizing how information should be protected and for determining the best way to
implement that protection within a given environment.

integrity, and availability.

1. Confidentiality refers to protecting information such that only those with
authorized access will have it.
2. Integrity relates to the veracity and reliability of data. Data must be
authentic, and any attempts to alter it must be detectable.
3. Availability is a crucial component because data is only useful if it is
accessible. Availability ensures that data can be accessed when needed and will
continue to function when required.
That’s the theory behind the Triad. Now, we will take a look at how Triad is put into action
cyber security strategy with some real-life examples.

→ Putting Confidentiality into Practice:

1. Data encryption is one way to ensure confidentiality and that unauthorized
users cannot retrieve data for which they do not have access.
2. Access control is also an integral part of maintaining confidentiality by
managing which users have permissions for accessing data.
3. Life science organizations that utilize patient data must maintain
confidentiality or violate HIPAA.
→ Putting Integrity into Practice: 
1. Event log management within a Security Incident and Event Management
system is crucial for practicing data integrity.
2. Implementing version control and audit trails into your IT program will allow
your organization to guarantee that its data is accurate and authentic.
3. Integrity is an essential component for organizations with compliance
requirements. For example, a condition of the SEC compliance requirements for
financial services organizations requires providing accurate and complete
information to federal regulators.
→ Putting Availability into Practice:
1. Employing a backup system and a disaster recovery plan is essential for
maintaining data availability should a disaster, cyber-attack, or another threat
disrupt operations.
2. Utilizing cloud solutions for data storage is one way in which an organization
can increase the availability of data for its users.
3. As the reliance on data analytics expands, the need for data to be available
and accessible grows for sectors like financial services and life sciences.
Is the CIA Triad Limited as a Cyber Security Strategy?
As the amount of data explodes and as the complexity of securing that data has deepened,
the CIA Triad may seem to be an oversimplification of the reality of modern-day cyber
security strategy. However, it is critical to remember that the Triad is not actually a
strategy; but instead, it is a starting place from which a security team can create a strategy.

It is a foundational concept on which to build a full-scale, robust cyber security strategy. It

cannot eliminate risk, but it can help prioritize systemic risks to address them better.
Additionally, the CIA Triad cannot prevent all forms of compromise, but it helps reduce the
likelihood of unnecessary exposure and can help decrease the impact of a cyber attack.

Why the CIA Security Triad is Essential

The Triad is essential because it is a reliable and balanced way to assess data security. It
weighs the relationship between confidentiality, integrity, and availability from an
overarching perspective. The framework requires that any attempt to secure digital
information will not weaken another pillar of defense.
Additionally, the CIA Triad effectively identifies risk factors in IT systems. It is also a
gateway for even more advanced risk assessment and management tools, such as
the Common Vulnerabilities and Exposures (CVE) list and the National Vulnerability
Database.
How Does Coretelligent Utilize the CIA Triad?
Coretelligent incorporates the core tenets of the CIA triad into our cybersecurity, managed
IT services, cloud solutions, and more. In addition, we practice defense in depth strategy,
which is a system of overlapping layers of protection that range from easy-to-implement
controls to complex security measures.
These layers are designed to create an interlocking barrier, not unlike the security system at
your home.

We guide our clients on how best to balance making their data secure, available, and
reliable. To learn more about our solutions, reach out for a consultation with our team.