Lesson 2: Governance and Risk Management PDF

Summary

This document provides a comprehensive overview of governance and risk management, discussing assets like data and equipment, threats, and countermeasures for preventing attacks.

Full Transcript

Lesson 2 Governance and Risk Management OBJECTIVES a. identify assets b. identify vulnerabilities c. identify threats d. identify controls 2.1 ASSETS, ATTACKS, RISKS, THREATS, VULNERABILITIES AND COUNTERMEASURES ASSETS ASSETS  CrownJewels refer to a precious ornament or jewelries worn by...

Lesson 2 Governance and Risk Management OBJECTIVES a. identify assets b. identify vulnerabilities c. identify threats d. identify controls 2.1 ASSETS, ATTACKS, RISKS, THREATS, VULNERABILITIES AND COUNTERMEASURES ASSETS ASSETS  CrownJewels refer to a precious ornament or jewelries worn by a sovereign on certain state occasions. Simply, crown jewels are particularly valuable or prized possession or something we secure to a safe place.  This analogy will give us what an ASSET is. In every Information System we develop, we treat every data as a “crown jewels”.  InInformation Security, ASSET refers to any pieces of information, device or some other parts related to them that supports business activities. Assets are either components of a computer and/or the data that are stored in it. Basically, assets are the stuff that should be put under strict security measure because failure to do so may result into losses to the organization.  Toput is simply, assets are the main reason why we need to secure and assure our information system, that once these are exposed, it may lead to problems leading to the organizations’ losses.  On a detailed part, mismanagement on the assets may lead into attacks. Attacks refer to activities that are intended to snatch assets for the intention of using them for bad interests. This attacks are everywhere whether on public or private sectors. One example of attacks is Data Breaches. Data Breaches is an event wherein an information is accessed without the consent of the authorized. This data breach is widely observed on the Web- based Information Systems because many assets exposed over the internet are attacker’s apple of the eye. In fact, victims rise at 80% in India in 2019. The chart below shows the different types of attacks happened in the web recorded in the Month of September, 2019. Source: https://www.hackmageddon.com/2019/11/04/september-2019-cyber-attacks- statistics/ The following are the list of Assets that Information Assurance and Security is trying to protect: 1. Customer Data 2. IT and Network Infrastructure 3. Intellectual Property 4. Finances and Financial Data 5. Service Availability and Productivity 6. Reputation  On the other hand, the person with a bad intention to attack one’s asset is a Hacker. Hackers refer to anyone with a professional skill to access assets without any authorization. Their intention is basically to commit crimes, mostly to steal and destroy systems. Sometimes, systems were being hacked to hold the assets of the system in hostage wherein ransom is being collected in condition to bringing back the assets. However, good hackers also exist. They are the one who uses their skills in hardware and software to bypass security of a device or a network. Their intention is to provide service to the victims of attacks. Either public or private sectors are hiring good hackers to help them keep their systems safe. Computer Security Professional named hackers metaphorically using hat colors such as White, Black and Gray. This name comes from the old spaghetti in the western country sides where black has been worn by bad cowboys, white has been worn by the good ones and gray in neutral. Black Hat Hackers  BlackHat Hackers basically have an advanced knowledge in destroying networks. They perform the hacking through bypassing the security measures of the networks. This type of hacker also has a knowledge in creating malware which intends to gain access to the systems to steal personal and financial assets. White Hat Hackers  Hackers who utilizes their skills to do good is referred to as White Hat Hackers. Most of the big companies intentionally employs white hat hackers to work for them. Their main responsibility is to check and find ditch in their systems through hacking.  The main difference of White Hat Hackers to the Black ones is that, white hat performs hacking with the owner’s permission while the black one, doesn’t. In fact, they are some trainings and certifications for ethical hacking. Grey Hat Hackers  Grey can neither be white or black. This analogy applies with the Grey Hat Hackers. They are combinations of ethical and unethical hackers. Sometimes, they will find for a system or organizations’ weakness without authorized access and report it to the company. Companies then will hire them to secure the asset. However, if they do not employ the Grey Hat Hackers, they will exploit the said assets online for the other Black Hat Hackers perform their intentions.  Theterm hacker always means not good to us. However, it is very important for us to understand that our judgement to them shall always depend on their intentions.  Asidefrom hackers, we also have someone who violate or breaks the security of the remote machines. They are known as Crackers. Initially, crackers get unauthorized access to the vital data and deprive it to the original user or owner.  Crackers can be identified as fortunately few and far between—experts who discovers security ditch and exploit them and/or the script kiddie—one who knows how to get programs and run them legitimately.  These hackers and crackers are the one whom Information Security is trying to catch.  Every Attacker, whether a Hacker or a Cracker, uses tools to perform their attacks. The following are the tools they utilize to do their intentions;  1.Protocol Analyzers (Sniffers). These applications put the host NIC into mode that passes all traffic to the CPU rather than to the controller it is designed to receive.  2.Port Scanner is an application that intends to probe a host for open port.  3. Finger scanning, is a way to acquire human biometric like fingerprints.  4.Vulnerability Scanning Tools are automated tools that scans web-based applications and finds vulnerability. Examples are Cross-site scripting, SQL Injection, Command Injection, Path Traversal and insecure server configuration.  5.Exploit Software is a bit of technology, a chunk of data or a series of commands that compromises a bug or vulnerability to trigger unintended or unforeseen behavior to occur on computer software, hardware or anything electronic.  6.War dialers. This can be used to find backdoors into your network. This dials telephones to check if there is a line that contains data through a modem and the like.  7. Password Cracker. This software is used to retrieve a forgotten password or other network resources. Sometimes, these are used to access resources without permission.  8.Keystroke Loggers. Keylogger refers to a surveillance application that has the ability to record every keystroke that is made on the system. This intends to record log file that is usually encrypted. Security Breach  Security breaches happen a lot — not at your house necessarily, but in large and small organizations. Intention to destroy a company’s standing and finances is one concrete reason why Security Breach exists.  Security and data breaches can happen on a large uncontrollable scale.  This happens when an attacker or intruder gains access without the permission of the asset’s owner or keeper. They use bypass mechanism that typically can reach the restricted areas. Security breach is a violation that can lead to damage and even loss of assets.  Simply, Security Breaches refers to any action that would result in a violation of any rules of the Central Intelligence Agency. Most of these breaches disrupt services intentionally. However, some of them are accidental but both can cause hardware or software failures. The following are activities that cause Security Breaches: 1. Attack through Denial of Service (DoS). This refers to an attack that kills a machine or network, resulting for a legitimate user not to use the destroyed asset.  2.Distributed denial-of-service (DDoS). This happens when an attacker floods network traffic to the target making it impossible for a legitimate user be denied to use the network or a node.  3.Unacceptable Web Browsing. Acceptable web browsing is defined in an Acceptable Use Policy (AUP) like finding for a file in the directory or browsing restricted sites.  4.Wiretapping. Wiretapping refers to the practice of connecting a listening device to a telephone line to secretly monitor a conversation.  5. Backdoors. This refers to the hidden access included by the developers. Backdoors are used to obtain exposure to the data repositories.  6. Data Modifications. Refers to the change in data that happens purposely or accidentally. It may also include incomplete and truncated data. Additional Security Challenges may include:  1. Spam and Spim. Spam refers to unsolicited email spim are spams over instant messaging.  2. Cookies. Cookies contain little chunks of data that may include login credentials that make it possible for a user to have a great browsing experience.  3. Hoaxes. A hoax is a message that claims to warn recipients of a (non- existent) computer virus threat. RISK, THREATS AND VULNERABILITIES  Risk,Threats and Vulnerabilities are some characteristic that describes something that is needs to be taken care. Failing to do so may lead into an attack,  Riskrefers to the probability that bad things will happen to a specific asset.  Threatis defined as any action that might compromise or destroy an asset.  Vulnerability is a weakness that may harm systems or networks. Threats can be categorized into Three Types which includes: 1. Disclosure Threats. These threats may include sabotage and espionage. 2. Unauthorized Threats. One of the examples in relation to Unauthorized Threats is the Unauthorized Changes— modifications made exceeding the policy that has been agreed upon 3. Denial or Destruction Threats. DoS and/or DDoS best explains these threats. Categories of Malicious Attacks Malicious Attacks can be regarded according to the intent of actions. These may include the following:  1. An interception refers to an access gained by an unauthorized party to an asset. This may include elicit program copying and/or wiretapping.  2. Interruption happens when a system becomes lost, unavailable or unusable.  3. Modification occurs when an unauthorized attacker tampers an asset.  4. Fabrication refers to the counterfeiting of a system or network that is done by unauthorized party. Types of Active Threats The following enlists types of threats that is currently active that developers or Information Security Professional shall be aware of: 1. Birthday Attacks 2. Brute-Force Password Attacks 3. Dictionary Password Attacks 4. IP Addressing Spoofing Types of Active Threats 5. Hijacking 6. Replay Attacks 7. Man-In-The-Middle Attacks 8. Masquerading 9. Social Engineering 10. Phishing 11. Phreaking 12. Pharming Malicious Software (Malware) In the context of installing before, during and after installing software to our systems, we can say that is it malicious if it; 1. Causes damage 2. Escalates security privileges 3. Divulges private data 4. Modifies or deletes data General Classification of Malware Virus Like human being, our systems or assets can be infected by a virus too. In computing, virus comes into another program or application. Basically, it contaminate a program and can cause it to be copied to other computers themselves. Most of the time, when the user uses an infected application, the virus triggers. Worm Worm refers to a program that is self- contained. This also duplicates and send itself to other hosts without any user intervention. One scary thing about worm is that, it does not need an application that is installed to contaminate the whole system. Trojan Horse Trojan Horse is a malware that hides into a useful program. This collects sensitive information, and may open backdoors into computers. Trojan Horse can actively upload and download files. Rootkit A rootkit is a group of software that is malicious. Basically, these applications gets access to a machine unauthorizedly and hides their existence on the other applications. Spyware Spywares are type of malwares. They target the confidential data. Mostly, they can monitor the actions and even can do a course of actions like scanning, snooping and installing another spyware. They can even change the default browser of a computer. COUNTERMEASURES As our Old English Saying states, prevention is better than cure, in information security we can also cure, if not prevent these attacks to happen. There are suggested activities and tools so that we, as Information Security Professional can do as an antidote or defense from the said attacks. Countermeasures, basically is an action to detect vulnerabilities, prevent attacks and/or react to the impacts of positive attacks. In cases of an attack, a victim can get help from the security consultants, law enforcement offices and/ or experts. The following are countermeasures that can help in preventing and/or curing malware: 1. Training events for users 2. Regular updates and bulletins about malwares 3. Do not transfer assets to untrusted or unknown sources. 4. Evaluate new programs or quarantine files on a computer 5. Purchase and install anti-malware software and scan your files on a regular basis 6. Use comprehensive login credentials On the other hand, Firewall can defend your system from various forms of attacks too. Basically, firewall is a program or a dedicated device that inspects network traffic present in a network. It’s purpose is to deny or permit traffic depending on protocols.

Use Quizgecko on...
Browser
Browser