Summary

This document appears to be a study guide or reviewer for a midterm exam in a course related to information assurance and cybersecurity. Topics covered include cyber-enabled espionage, insider threats, and risk management concepts. The document is a great starting point for reviewing the basics of these areas.

Full Transcript

MODULE 1 Cyber-enabled Espionage. Hackers have launched numerous computer network operations targeting Information security is “the practice of preventing...

MODULE 1 Cyber-enabled Espionage. Hackers have launched numerous computer network operations targeting Information security is “the practice of preventing various government agencies, businesses, and unauthorized access, use, disclosure, disruption, modification, universities. inspection, recording or destruction” of sensitive records. Insider Threats. Insiders have caused significant Cyber security is the application of technologies, processes, damage to government interests from the theft and and controls to protect systems, networks, programs, devices unauthorized disclosure of classified, economic, and and data from cyber-attacks. proprietary information and other acts of espionage. Espionage. Many government reports that foreign countries are aggressive and successful purveyors of IMPORTANCE OF CYBER SECURITY economic espionage. Hacktivism (Hacker Activism). This is defined as “The The costs of cyber security breaches are rising. activity of using computers to try to achieve social or Cyber-attacks are increasingly sophisticated. political change. Cyber security is a critical, board-level issue. Cyber Cartels (aka Cyber Mafia). These large, Cyber-crime is a big business. dispersed organized cybercrime syndicates use sophisticated and persistent attempts to gain access COMMON TYPES OF CYBER THREATS to private computer networks and systems to steal Malware – ransomware, botnet software, trojan information for personal gains (e.g., identity theft and Backdoors blackmail). Form jacking MODULE 2 Cryptojacking DDoS (Distributed denial-of-service) attack RISK MANAGEMENT - the continuing process to identify, DNS (Domain Name System) Poisoning attack analyze, evaluate and treat loss exposure and monitor risk control to mitigate the effects of loss. TYPES OF CYBER SECURITY STEPS TO MANAGE SDLC RISK Network security - involves addressing vulnerabilities affecting your operating systems and network 1. Define risk management plan risk identification architecture, including servers and hosts, firewalls analysis and prioritization and wireless access points, and network protocols. implement risk responses Cloud security - is concerned with securing data, monitoring and control risk applications, and infrastructure in the Cloud. learn and improve from risk IoT security - involves securing smart devices and 2. Identify and document risks Brainstorming networks connected to the IoT. IoT devices include Interviews things that connect to the Internet without human Surveys intervention, such as smart fire alarms, lights, Checklists historical data thermostats, and other appliances. expert opinions Application security - involves addressing Risk register - which is a tool that captures the risk name, vulnerabilities resulting from insecure development description, category, probability, impact, and status. It also helps processes in designing, coding, and publishing to keep track of the identified risks in software. software or a website. 3. Analyze and prioritize risks risk matrices Cyber security is about protecting networks, devices, simulations (what if scenarios) programs, and data from attacks or unauthorized access, decision trees (graphical representation na parang tress structure) information security is above all about preventing 4. Plan and implement risk responses information from being leaked, distorted, and destroyed. Avoid - means eliminating the risk or its source. Information security is also about all data, no matter its Transfer - means shifting the risk or its consequences form. to a third party Mitigate - means reducing the probability or impact of Counterintelligence (counter-intelligence) or the risk counterespionage (counter-espionage) is any activity Accept - means acknowledging the risk and its effects. aimed at protecting an agency's intelligence program from 5. Monitor and control risks an opposition's intelligence service. 6. Learn and improve from risks ISO 31000's overall seven-step process is a useful guide to follow for developing a plan and then implementing an ERM framework, according to Witte. Here is a more detailed rundown of its components: 1. Communication and consultation. 2. Establishing the scope and context. 3. Risk identification. This step defines the risk scenarios that could have a positive or negative impact on the organization's ability to conduct business. 4. Risk analysis. The likelihood and impact of each risk is analyzed to help sort risks. Making a risk heat map can be useful here; also known as a risk assessment matrix, it provides a visual representation of the nature and impact of a company's risks. 5. Risk evaluation. Risk avoidance, when the organization seeks to eliminate, withdraw from or not be involved in the potential risk. Risk mitigation, in which the organization takes THREE MAJOR PROCESSES IN RISK MANAGEMENT actions to limit or optimize a risk. Risk sharing or transfer, which involves 1. Risk identification - The process of examining & contracting with a third party (e.g., an insurer) to documenting the security posture of an organization’s bear some or all costs of a risk that might or might information technology and the risks it faces. not occur. 2. Risk assessment - determination of the extent to Risk acceptance, when a risk falls within the which the organization’s information assets are organization's risk appetite and tolerance and is exposed or at risk. accepted without taking any risk reduction 3. Risk control - application of controls to reduce the measures. risks to an organization’s data and information 6. Risk treatment. This step involves applying the systems. agreed-upon controls and processes and confirming they work as planned. 7. Monitoring and review. Are the controls working as intended? Can they be improved? Monitoring activities should measure performance and look for key risk indicators that might trigger a change in strategy. MODULE 3 FOUR BASIC TYPE OF THREAT CATEGORIES 1. Insider threat. 2. External threats. 3. Man-made threat. 4. Natural disaster. Risk management plan - describes how an organization will manage risk. It lays out elements such as the organization's risk approach, the roles and responsibilities of risk management teams, resources that will be used in the risk management process and internal policies and procedures. protection of the integrity, availability, authenticity, non- repudiation, and confidentiality of data in the system. RISK CATEGORIES It consists of the following characteristics: 1. Information Exposure/Loss 2. Unauthorized Use Availability - means that authorized users have timely and 3. Exposure to Contaminated Environments easy access to information services. 4. Weak Processes Integrity - Data should not be altered or destroyed during 5. Loss of Public Confidence transmission and storage. 6. Exposure to Legal Action Authentication - designed to establish the validity of a transmission, message, or originator, or a means of MODULE 4 verifying an individual’s authorization to receive specific information. RISK ASSESSMENT METHODOLOGIES Confidentiality – information not disclosed to unauthorized individuals. Non-repudiation. - attribute assures the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity. QUALITATIVE METHOD - The qualitative risk analysis is a process of assessing of the impact of the identified risks within Information Assurance (IA) is the practice of an enterprise. By using this process, the priorities of protecting against and managing risks related to vulnerabilities are determined to solve the risks based on the the use, processing, storage, and transmission of impact they could have on the enterprise. data and information systems. QUANTITATIVE METHOD - Through the quantitative risk Information security, on the other hand, is a practice of protecting information by mitigating information risks. analysis method, the assessment team can obtain some Typically, it involves reducing the probability of unauthorized numerical results that express an approximate probability of access to data, or illegal use of it. each risk factor and its consequences on the objectives of the enterprise, but also the risks at the individual vulnerability DIFFERENCE BETWEEN INFORMATION ASSURANCE AND level. INFORMATION SECURITY MODULE 5 IA or information assurance can be called a practice of assuring and managing the risks related to confidential information, throughout the process of transmission, processing, and storing data. Information assurance is mostly focused on the Configuration Rules – Instructional codes that guide the execution of the system when information is passing through MODULE 6 it. Network equipment vendors have proprietary configuration Security controls are countermeasures or safeguards used to rules that manage the operation of their ACL objects. reduce the chances that a threat will exploit a vulnerability. 2. Administrative security controls refer to policies, Risk Mitigation – the act of reducing risk. procedures, or guidelines that define personnel or business practices in accordance with the Risks in cyber security are the likelihood that a threat will organization’s security goals. exploit a vulnerability resulting in a loss. PROCESSES THAT MONITOR AND ENFORCE THE ADMIISTRATIVE CONTROLS ARE: Threats are any event with the potential to compromise the Management controls: The security controls confidentiality, integrity, and availability (CIA) of information. that focus on the management of risk and Vulnerabilities are a weakness or flaw in the software, the management of information system hardware, or organizational processes, which when security. compromised by a threat, can result in a security incident. Operational controls: The security controls that are primarily implemented and Security incidents are an occurrence that actually or executed by people (as opposed to systems). potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the 3. Physical security controls are the implementation of system processes, stores, or transmits or that constitutes a security measures in a defined structure used to deter violation or imminent threat of violation of security policies, or prevent unauthorized access to sensitive material. security procedures, or acceptable use policies. EXAMPLES OF PHYSICAL SECURITY CONTROLS ARE: Closed-circuit surveillance cameras Motion or thermal alarm systems Security guards Picture IDs Locked and dead-bolted steel doors Biometrics (includes fingerprint, voice, face, iris, handwriting, and other automated methods used to recognize individuals) CONTROL FUNCTIONS a. Preventative Controls - is designed to be implemented prior to a threat event and reduce TYPES OF SECURITY CONTROLS and/or avoid the likelihood and potential impact of a 1. Technical security controls, also known as logic successful threat event. controls, use technology to reduce vulnerabilities in Examples of preventative controls include: hardware and software. Automated software tools Hardening are installed and configured to protect these assets. Security Awareness Training Security Guards Examples of technical controls include: Change Management Account Disablement Policy Encryption b. Detective Controls - is designed to detect errors and Antivirus And Anti-Malware Software locate attacks against information systems that Firewalls c. have already occurred. Security Information and Event Management Examples of detective controls include: (SIEM) Log Monitoring Intrusion Detection Systems (IDS) and Intrusion SIEM Prevention Systems (IPS) Trend Analysis COMMON EXAMPLE OF TECHNICAL CONTROL TYPES Security Audits Video Surveillance Access Control Lists (ACL) – Network traffic filters that can Motion Detection control incoming or outgoing traffic. ACLs are common in d. Corrective Controls routers or firewalls, but they can also be configured in any Examples of corrective controls include: device that runs in the network, from hosts, network devices, IPS and servers. Backups And System Recovery

Use Quizgecko on...
Browser
Browser