IT Security & Risk Management - Protecting the Organization PDF

Summary

This document covers IT security and risk management, focusing on protecting organizations. It discusses information security threats, best practices such as risk assessment, and network security devices like routers and firewalls. The material is appropriate for an undergraduate level.

Full Transcript

IT Security and Risk
Management

2.0 IT Security Attacks and Countermeasures

INFORMATION SYSTEMS &
1 COMPUTER SCIENCE
 IT Security Attacks and Countermeasures
2.1 Information Security Threats
2.2 Protecting the Organization

INFORMATION SYSTEMS &
2 COMPUTER SCIENCE
 Information Security Best Practices
Perform risk assessment Regularly test incident response
Establish security governance Implement network monitoring and
analytics management tools
Physical security measures
Implement network security devices
Human resources security
measures Implement comprehensive endpoint
security solution
Perform and test backups
Educate users
Maintain security patches and
updates Encrypt data
Ensure that all custom application
codes are correct has security
measures in place
Employ access control
INFORMATION SYSTEMS &
3 COMPUTER SCIENCE
 Network Security Devices and Systems
ROUTERS
Primarily used to interconnect different network segments
together
Provide basic network filtering capabilities.

FIREWALLS
Prevents specific types of information from moving between two
different levels of networks
Designed to control or filter which communications are allowed in
and which are allowed out of a device or network
INFORMATION SYSTEMS &
4 COMPUTER SCIENCE
 Network Security Devices and Systems
INTRUSION DETECTION AND PREVENTION SYSTEM
A system that can both detect and modify its configuration and
environment to prevent intrusions
Intrusion - An adverse event in which an attacker attempts to
enter an information system or disrupt its normal operations

VIRTUAL PRIVATE NETWORK (VPN)
Private network that uses the internet to create a means for
private communication via a tunneling protocol coupled with
security procedures

INFORMATION SYSTEMS &
5 COMPUTER SCIENCE
 Which is it?
You ask the Chief Technology Officer (CTO), who explains that the
following security appliances are in place. Can you identify which category
each of these falls into?

Shows what’s happening on the network so that you can act
faster in the face of a cyber attack FIREWALL

Empowers remote workers with highly secure access to the
company’s network from any device, at any time, in any location VPN

Provides routing, filtering and encryption in a single platform ROUTER
INFORMATION SYSTEMS &
6 COMPUTER SCIENCE
 Intrusion Detection and Prevention System
IDS IPS/ IDPS

DETECTION PREVENTION
Signature-based: Performs real-time packet
Detects attacks by looking for inspection traveling across the
specific patterns or use signatures network and if deemed suspicious,
used by malware the IPS will perform one of the
following actions:
Anomaly-based: Terminate the session that has
Monitoring system activity and been exploited
classifying it as either normal or Block the offending IP address or
anomalous user account
Use machine learning to create a Reprogram or reconfigure the
model of trustworthy activity and firewall
compare new behavior to the
model Remove or replace malicious
content that remains after an attack
Reputation-based: INFORMATION SYSTEMS &
7 Recognizes the potential threats COMPUTER SCIENCE
according to the reputation scores
 Endpoint Security

ANTIMALWARE/ ANTIVIRUS
Systems that use signatures and behavioral analysis to identify
and block malicious code from being executed

ENDPOINT PROTECTION PLATFORM
Solution deployed on endpoint devices (laptops, desktops, mobile
phones, etc.) to prevent file-based malware attacks, detect
malicious activity, and provide the investigation and remediation
capabilities needed to respond to dynamic security incidents and
alerts
INFORMATION SYSTEMS &
8 COMPUTER SCIENCE
 Port Scanning
Port Number
Identifier of each application
running on a device
Used on both ends of the
transmission so that the right
data is passed to the correct
application
Process of probing a computer,
server or other network host for
open ports.
It can be used maliciously as a
tool to identify the operating
system and services running on a
INFORMATION SYSTEMS &
9 computer or host COMPUTER SCIENCE
 What does it mean?
Your line manager asks you to evaluate a company’s computer network’s
firewall and port security. You execute a port scan, which returns an ‘open’
state response.
Complete the sentence below by choosing the correct phrase.

The port scan reported an ‘open’ state response. This means that the service
running on the network can/can be accessed
cannot be accessed by other network devices.
Therefore, if the service contains a vulnerability, it can/can be exploited
cannot be exploited by an
attacker.

INFORMATION SYSTEMS &
10 COMPUTER SCIENCE
 Access Control
Selective method by which systems specify who may use a particular
resource and how they may use it.
Fundamental functions of access control systems
Identification: I am a user of the system, e.g. user ID, email account
Authentication: I can prove I’m a user of the system. Authentication factors:
❑ Something you know – e.g. password
❑ Something you have – e.g. token, mobile phone (can be used for MFA)
❑ Something you are – e.g. biometrics
Authorization: Here’s what I can do with the system.
❑ Matching of an identified user, group, or entity to an access control matrix (ACL)
❑ ACL a list of information, assets and corresponding access levels.
Accountability: You can track and monitor my use of the system.
❑ Also known as auditability
❑ Ensures that all actions on a system – authorized or unauthorized – can be
attributed to an authenticated identity e.g. event logs, transaction logs

INFORMATION SYSTEMS &
11 COMPUTER SCIENCE
 Encryption

Process of scrambling data to
make it undecipherable to
unauthorized users
Cryptography
Science of encryption and
decryption
Involves mathematical operation
+ key(s)

INFORMATION SYSTEMS &
12 COMPUTER SCIENCE
 Encryption Terminologies

Cipher Symmetric key cipher
Algorithm to encrypt/decrypt Uses only one key to encrypt
and decrypt
Plaintext
Original unencrypted message Asymmetric key cipher
Uses one to encrypt and another
Key to decrypt
Number used to encrypt/decrypt
Passphrase
Ciphertext Used to unlock a key
Encrypted message

INFORMATION SYSTEMS &
13 COMPUTER SCIENCE
 Encryption Methods
Symmetric Asymmetric
One key Two keys
Algorithms are called symmetric Algorithms are called asymmetric
key cipher key cipher

INFORMATION SYSTEMS &
14 COMPUTER SCIENCE
 Symmetric vs. Asymmetric Encryption
SYMMETRIC ASYMMETRIC
Speed Faster than asymmetric Slower than symmetric
Key Distribution Secure key distribution is crucial Simplifies key distribution
Use Cases Ideal for bulk data encryption and Used for secure key exchanges,
secure communication within closed digital signatures, and authentication
systems in open systems
Security Can provide strong security when Considered more secure due to the
implemented correctly with strong key use of two separate keys, making it
management practices harder for attackers to compromise
the system
Examples Advanced Encryption System (AES) Rivest–Shamir–Adleman (RES)
TwoFish Elliptic Curve Cryptography (ECC)
Triple Data Encryption Standard INFORMATION SYSTEMS &
15 COMPUTER SCIENCE
(3DES)
 Which best practices have we discussed?
Perform risk assessment Regularly test incident response
Establish security governance Implement network monitoring and
analytics management tools
Physical security measures
Implement network security devices
Human resources security
measures Implement comprehensive endpoint
security solution
Perform and test backups
Educate users
Maintain security patches and
updates Encrypt data
Ensure that all custom application
codes are correct has security
measures in place
Employ access control
INFORMATION SYSTEMS &
16 COMPUTER SCIENCE
 NIST CSF Protect/Detect Function
PR.AC (Access Control): Ensures only authorized users
can access systems.
PR.DS (Data Security): Protects data from unauthorized
access and disclosure.
PR.PT (Protective Technology): Ensures the
implementation of security tools.
DE.AE (Anomalies and Events): Focuses on identifying
unexpected activities.
INFORMATION SYSTEMS &
17 COMPUTER SCIENCE
 End of Module 2.2

INFORMATION SYSTEMS &
18 COMPUTER SCIENCE
 References
Michael E. Whitman and Herbert J. Mattord. 2021. Principles of Information Security (7th ed.). Cengage Learning,
Massachusetts, USA.
CISCO Networking Academy. Introduction to Cybersecurity. Retrieved January 30, 2024 from https://skillsforall.com.
Trellix. What is Endpoint Security. Retrieved February 2, 2024 from https://www.trellix.com/security-
awareness/endpoint/what-is-endpoint-security/
Gartner. Endpoint Protection Platform. Retrieved February 2, 2024 from https://www.gartner.com/en/information-
technology/glossary/endpoint-protection-platform-epp#
Aby Tyas Tunggal. 2012. IDS vs. IPS: What is the Difference. 2012. UpGuard, Inc. Retrieved February 2, 2024 from
https://www.upguard.com/blog/ids-vs-ips#
Nicolas Poggi. 2021. Types of Encryption: Symmetric or Asymmetric? RSA or AES?. 2021. Prey. Retrieved February
2, 2024 from https://preyproject.com/blog/types-of-encryption-symmetric-or-asymmetric-rsa-or-aes
Ariel Maguyon, Ph.D. 2023. IT Security and Risk Management. Slides. 5_1: Attacks and Countermeasures (January
– April 2023). Ateneo De Manila University, School of Science and Engineering, Department of Information Systems
and Computer Science

INFORMATION SYSTEMS &
19 COMPUTER SCIENCE