Breaking

Hello world!

Evil Quinn

The Cybersecurity Blog of Leah Collins

Data Security

Data security focuses on how data is protected and maintained throughout the phases of the confidentiality, integrity, and availability CIA triad.   Classes Covered CYB-200 Cybersecurity Foundations, CYB-260 Legal and Human Factors of Cybersecurity and CYB-320 Incident Response and Investigation. 

Data Loss Prevention (DLP)

DLP is a crucial practice in the realm of cybersecurity. It involves safeguarding sensitive information from loss, corruption, misuse, or unauthorized access. DLP involves a combination of technical controls (encryption, access controls) and policy-based controls (employee training, data classification).

DLP aims to protect various types of sensitive information, including:

  • Customer Data: Such as personal details, financial records, and contact information.
  • Intellectual Property: Trade secrets, proprietary processes, and competitive data.
  • Employee Records: Confidential HR information.
  • Financial Statements: Critical financial data.
Certificate Revocation 

Certificate revocation in cybersecurity refers to the process of invalidating an SSL/TLS certificate before its natural expiration date.

  1. Reasons for Revocation Include:
    • Compromised Private Key: If a certificate’s private key is compromised (e.g., stolen or leaked), the CA will revoke the certificate to prevent unauthorized access.
    • Invalid Identity: If the certificate holder’s identity is no longer valid (e.g., due to organizational changes), the CA may revoke the certificate.
    • Errors in Issuance: If the CA issued a certificate in error (e.g., incorrect information), it should be revoked.
    • Other Security Concerns: Any other situation where there are doubts about the certificate’s integrity or trustworthiness.

Certificate Revocation List (CRL): A Certificate Revocation List (CRL) is essentially a blacklist of discredited digital certificates. It is maintained by a Certificate Authority (CA) and contains SSL certificates that the CA has revoked before their scheduled expiration dates.

Refer to the RFC280 public key infrastructure certificates revocation list here https://datatracker.ietf.org/doc/html/rfc5280

You Missed

Uncategorized

Hello world!