The rush to take the CompTIA Security + exam over the past two years has been a refreshing version of the growing acceptance of the importance of data security. Although the motivator, in most cases, was government regulations, according to DOD 8570, the enthusiasm of the certificate applicants was not only surprising but encouraging. All the security classes I taught were in bootcamp format. The students were asked to assimilate an overwhelming amount of information in a fairly short space of time. Against all odds, they were successful and I think I have learned more from my students than they have learned from me. I learned from software developers, SQL specialists, VMWare implementers, and newbies.

Most people are unaware of the amount of security they practice. We all live protecting our assets. Our houses, our cars, our families, our reputations, and ourselves. All of these are things of value. The amount of protection we provide to any asset is determined by the value we assign to it. Let’s look at the security measures we use for our homes.

1. We build a fence. The fence is on the perimeter and defines where it is private and where it is public. The fence keeps certain things outside and other things inside. It also controls access to our property. Entry and exit are controlled by building a door or doors. We have all repaired a hole or a broken post in our fence.

2. We got a dog. It can be an outside dog or an outside / inside dog. If fed properly and treated well, it will alert us when an unknown or known visitor attempts to enter our property. Detect and alert.

3. We install anti-theft protection on windows and security doors on our front and rear doors. Basically what we are doing is creating a layered defense system for our homes.

4. We install motion detectors for high weather and cameras to monitor our property.

5. We install the burglar alarm system which can be set automatically or manually every day.

6. We control access to our house by having a group of people authorized to enter. They are usually given a key.

7. There is a group of people who are allowed access to our house, temporarily, for example, the meter reader, the cable guy or the exterminator. In all cases we request some type of identification to authenticate this visitor. You can show a plaque. Although they are allowed access, they are not allowed to go where they choose. Your access is controlled.

8. Our houses are divided. It is segmented to create rooms where our possessions are stored. Pots in the kitchen, family pictures in the living room and towels in the bathroom. Other things have much more security than this. A passport, for example, is not going to be left on the kitchen table. It’s locked up, out of sight, and out of reach. So is that $ 800,000 … LOL!

9. At my mother and father’s house, when I was a child, it was an unwritten rule that access to their bedroom was not open.

10. My brothers, sisters, and I were constantly reminded and made aware of the threats, risks, and the need to lock doors, safeguard our keys, and the importance of not bringing questionable friends home.

Now let’s put some Security + terminology to these aforementioned activities.

* The fence plays the role of a firewall.
* That puppy is an intrusion detection system. (IDS). If he only barks, he is passive. If it barks and attacks, it is active.
* Theft protection, security cameras, motion detectors are all physical access control and monitoring devices.
* Authorized persons are trusted. All others are considered untrustworthy. These authorized individuals are trained (aware) to protect your keys, not share them, and promptly report if a key is lost. At that time, that key is considered compromised.
* Requesting some type of identification from the meter reader is authentication. You need to provide something to verify that you are who you say you are.
* With our passport or deed we are providing secure storage. We occasionally check to make sure things haven’t been tampered with or stolen.
* The $ 800,000 stored in my father’s room was not public knowledge. That was kept confidential. I found out after I got married. (Sigh!) My father was practicing the need to know.
* My father was constantly repairing things. Broken windows, non-working locks. All of these were vulnerabilities or weaknesses. Each of these weaknesses could be used to break (compromise) the security of our home. He was lowering the risk of having his $ 800,000 stolen (mitigating).

In Part 2 of this article, we will delve into the concepts we already understand and create definitions related to the fundamentals and principles of data security. Subscribe and let me know what you think of this article. Keep assuring!