stanley-chingling/IT-Security-Defense

# IT Security Defense & Incident Response ## What It Does - **Threat Analysis**: Identifying and classifying security threats (malware, phishing, social engineering) - **Security Hardening**: Implementing defensive measures to protect systems and data - **Encryption**: Applying cryptographic principles to secure sensitive information - **Incident Response**: Following structured procedures to detect, analyze, and recover from security incidents ## Security Frameworks Applied ### 1. CIA Triad | Principle | Application | |-----------|-------------| | Confidentiality | Encryption of sensitive data, access controls, MFA | | Integrity | Hash verification, digital signatures, audit logs | | Availability | Backup strategies, redundancy, disaster recovery | ### 2. Defense in Depth Multiple layers of security controls: - **Perimeter**: Firewalls, network segmentation - **Network**: Intrusion detection, traffic monitoring - **Endpoint**: Antivirus, host-based firewalls, patch management - **Application**: Input validation, secure coding - **Data**: Encryption at rest and in transit, access controls ## Security Measures Implemented ### Threat Identification & Mitigation | Threat Type | Example | Mitigation Strategy | |-------------|---------|---------------------| | Malware | Ransomware, trojans | Antivirus, email filtering, user training | | Phishing | Fake login pages | Email authentication, MFA, awareness training | | Social Engineering | Pretexting calls | Verification protocols, least privilege | | Insider Threat | Data exfiltration | Access logging, RBAC, data loss prevention | ### Encryption Implementation - **Symmetric Encryption**: AES for data at rest - **Asymmetric Encryption**: RSA for secure key exchange - **Hashing**: SHA-256 for integrity verification - **Digital Certificates**: SSL/TLS for secure communications ### Incident Response Procedure 1. **Preparation**: Establish response team, tools, and communication channels 2. **Identification**: Detect anomalies through monitoring and alerts 3. **Containment**: Isolate affected systems to prevent spread 4. **Eradication**: Remove threat and close vulnerabilities 5. **Recovery**: Restore systems from clean backups 6. **Lessons Learned**: Document incident and improve defenses ## Security Audit Checklist - [ ] Password policies enforced (complexity, rotation, MFA) - [ ] User access reviewed and least privilege applied - [ ] System patches and updates current - [ ] Firewall rules validated and logged - [ ] Backup integrity verified and tested - [ ] Audit logs reviewed for anomalies - [ ] Incident response plan documented and tested - [ ] Security awareness training completed ## What I Learned - How to classify and prioritize security threats - The importance of layered security (Defense in Depth) - Cryptographic principles and their practical applications - Structured incident response procedures - The role of IT Support in organizational security - Compliance requirements (POPIA, GDPR) and their technical implications ## Environment - Platform: Linux (Alpine/ISH Environment) / Windows - Tools: OpenSSL, GnuPG, system logs, firewall configurations - Date: April 2026