https://github.com/ysayaovong/security-principles

Try Hack Me Security Principles Lab
https://github.com/ysayaovong/security-principles

Last synced: about 1 month ago
JSON representation

Try Hack Me Security Principles Lab

• Host: GitHub
• URL: https://github.com/ysayaovong/security-principles
• Owner: YSayaovong
• Created: 2024-09-06T18:24:28.000Z (4 months ago)
• Default Branch: main
• Last Pushed: 2024-09-06T18:25:03.000Z (4 months ago)
• Last Synced: 2024-09-06T21:50:21.539Z (4 months ago)
• Size: 125 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Security: Security Principles.pdf

Awesome Lists containing this project

README

        
# TryHackMe - Security Principles Room

## Overview

This room introduces the foundational concepts of **Security Principles**, including CIA (Confidentiality, Integrity, Availability), Defense-in-Depth, and Zero Trust models. It provides a comprehensive guide to understand how security models and principles are implemented to protect systems and data.

## What I Learned

1. **Task 1: Introduction**  

   - Learned the basic concepts and the importance of security principles in designing and securing systems.

2. **Task 2: CIA**  

   - Studied the **Confidentiality, Integrity, and Availability (CIA)** triad, a fundamental security model:

     - **Confidentiality**: Protecting sensitive data from unauthorized access.

     - **Integrity**: Ensuring data is accurate and untampered.

     - **Availability**: Ensuring data and services are accessible when needed.

3. **Task 3: DAD**  

   - Explored the **Disclosure, Alteration, Destruction (DAD)** model, which focuses on security risks and how to protect against data disclosure, unauthorized alteration, and destruction.

4. **Task 4: Fundamental Concepts of Security Models**  

   - Learned about different security models used to protect systems, including:

     - **Bell-LaPadula** for ensuring confidentiality.

     - **Biba** for enforcing data integrity.

  

5. **Task 5: Defence-in-Depth**  

   - Understood the concept of **Defence-in-Depth**, a multi-layered security approach that employs different security measures to protect against various threats.

6. **Task 6: ISO/IEC 19249**  

   - Explored the **ISO/IEC 19249** standard for defining the architecture of security models and principles for the protection of systems.

7. **Task 7: Zero Trust versus Trust but Verify**  

   - Learned about the **Zero Trust** model where no user or device is trusted by default, and compared it to the traditional **Trust but Verify** model.

8. **Task 8: Threat versus Risk**  

   - Distinction between **threats** (potential danger to a system) and **risks** (the likelihood of that threat materializing), and how to assess and manage both.

9. **Task 9: Conclusion**  

   - Summarized the security principles learned and how they are applied in real-world cybersecurity to ensure the protection of systems and data.

## Accomplishments

- Successfully completed all tasks related to security principles and models.

- Gained hands-on experience with the CIA triad, DAD model, and Defence-in-Depth strategy.

- Implemented security principles in simulated environments to reinforce learning.

## Conclusion

The **Security Principles** room provides essential knowledge of the fundamental principles and models that secure modern IT systems. Understanding these principles is crucial for building and maintaining secure infrastructures.