The 7 layers of cybersecurity- a comprehensive guide to ensure your protection up to the human layer
We must admit, a network-only approach to cybersecurity is becoming irrelevant and outdated. The vulnerabilities across your communication transactions mesh are expanding from network-vectored only to applications and humans alike. Focusing exclusively on the network layer leaves a range of entry points for cybercriminals on your attack surface. This is why MHE decided to curate this blog post, to give security officers and professionals a full view over the security landscape in a full-fledged digitally enabled and online-facing business.
Back to the basics, when we tried to categorize the cybersecurity domains, we couldn’t start by jumping immediately into the map. We first had to go back to the OSI and the TCP/IP models to have a clearer view over which attacks take place where and where exactly do the vulnerabilities reside.
The OSI and TCP/IP models:
The Open System Interconnection (OSI) model elaborates the 7-layers of communication between computer systems over a network. It was the first standardized model for such communication to be adopted by computer and telecom companies in the 1980s. While the modern communication systems do not exactly follow the same model, a simpler TCP/IP model started to get widely used. There are no differences between both the OSI and the TCP/IP model, but rather a simpler way to categorize the communication protocol and its components with just minor differences. Here is an infographic for simplicity.
The core differences between OSI and TCP/IP models:
TCP/IP is simpler, more widely adopted and is utilized in practical, rather than academic or theoretical settings.
Layers 1 & 2 in the OSI model are combined into the Network Access Layer in the TCP/IP protocol yet sequencing and acknowledgment functions aren't within the responsibilities of TCP/IP but rather of the transport layer.
In the TCP/IP model, applications use all layers by default, unlike the OSI model, where layers 1,2 and 3 are the only mandatory layers to enable any data communication.
How does this relate to the 7 layers of cybersecurity?
By evolving the OSI model to the TCP/IP model, and now that we have established that all layers are used by default, the 7 layers of cybersecurity places the TCP/IP layers in the middle, but encloses it within the human layer, and places "Mission Critical Assets" at the core of the map.
Are there only 7 layers of cybersecurity?
There is no one standard for cybersecurity or framework that fits all purposes. Different entities and organizations categorize the domains or functions of cybersecurity differently. The NIST cybersecurity framework for example classifies the various aspect following a 5-functions model (Identify, Protect, Detect, Respond and Recover) while MITRE ATT&CK and SANS frameworks break those down to 20 Critical Security Controls. On the other hand, The Cyber Kill Chain model uses 7 stages to describe the different changes a cyber-attack typically takes place (Which are different to the layers we are presenting next). In short, all these models are intended to help professionals and businesses prioritize and allocate their cybersecurity strategies however they see fit. We are presenting this blog particularly for that reason. It is a go-to guide to help security professionals with a comprehensive view over the available technologies and layers with the below infographic:
The 7 layers of cybersecurity:
Here is the comprehensive map for preventative, operative and reactive cybersecurity measures and technologies you can start using to map your strategy and find out your security gaps and vulnerabilities:
What Assets are considered Mission Critical?
Those are any form of physical or digital assets that are vital to achieving an organization's mission or business operations. Any loss, damage, or compromise to such assets would disrupt the business operations and cause significant harm to the organization. Which is -naturally- why they are at the core of the cybersecurity strategy and are the most valuable targets for cybercriminals and attackers. Examples of these assets are not limited to the following but could include:
Proprietary software code, intellectual property and patents.
Systems and applications related to customer databases and supply chain management.
Equipment, servers, or industrial systems.