4. Opportunity for Intrusion
Rapid adoption of networks
Exploitable vulnerabilities in technology
Lack of awareness about info security
Shortage of administrators, technical
security staff
Lack of applicable laws and means of
enforcement
5. Intruders – Who they are ?
Internal vs external
Hackers, Crackers and
Cyber Criminals
Your own IT staff ?
15. Risk Impact
Loss or compromise of critical information
Loss or compromise of key technologies
Loss of nations confidence
Loss of trust in the network systems
Loss of life or property
16. Understanding Risk
Identifying and prioritising assets
Relating threats and vulnerabilities
Performing risk analysis
Recognised risk must be managed
Risk can be mitigated, but can not be eliminated
21. Safeguards, Vulnerabilities and Threats
Safeguard Vulnerability Threats
Access control
Firewalls
ACLs
Physical security
Encryption Technologies
Redundancy
Software flaws
Buffer Overflow
Default cofiguration
Lack of policies
and procedures
Intrusions
Virus, worms and
Trojan Horses
DoS
Sniffing and Spoofing
Single point of failure
24. Risk Management
‘Risk Management is the process
used to identify, analyse and
mitigate the risk and provide
strategies for sustaining the
security requirements of an info
asset’
28. OCTAVE- A Risk Assessment
Method
Operationally Critical Threat, Asset and Vulnerability
Evaluation (OCTAVE)
A Risk-based security assessment and planning
technique for security
Based on capturing organisations own knowledge of
security practices and weaknesses
Not executed by an outsider, consultant etc.
29. Founding Philosophy
You can not mitigate all info
security risks
You have limited resources
You can not prevent all determined
incursions
Enterprise survivability most imp
31. Phase I - Asset
What are the critical info assets in
the org ?
What is the threat to each critical
asset ?
What is currently being done to
protect this asset ?
What weaknesses in policy and
practice exist in the org ?
Asset Identification and Criticality
32. Phase II - Vulnerabilities
How do people access each critical
asset ?
What infrastructure component are
related to each asset ?
What technological weaknesses
expose your critical assets to
threats ?
Vulnerability Evaluation Strategy
33. Phase III - Threats
What is the impact due to each threat ?
What is the highest priority risk ?
What policies and practices are needed to
address these risks ?
What technological weaknesses need to
be addressed immediately ?
Risk Impact Evaluation Criteria
35. Survivability
The capability of the system to fulfill its
mission, in a timely manner, in the
presence of attacks, failure or accidents
Survivability provides a new perspective
to security
From a narrow technical specialty
Towards a risk management perspective
36. Info Assurance
Info operations that protect and defend
info and info systems by ensuring their
availability, integrity and confidentiality.
This includes providing for restoration of
info systems by incorporating protection,
detection and reaction capability.
37. Security vs. Survivability
Security Survivability
Focus on protecting Info Focus on continuity of
operations
Systems are bounded Systems are unbounded
Considered an overhead
expense
Considered an investment
Narrow technology based
solution
Part of Risk Management
Protect system component Entire mission sustained
39. IT Security
System and network management
System administration tools
Monitoring and auditing IT security
Authentication and authorisation
Vulnerability management
Encryption
Security architecture and design
40. Anticipate Intrusion and
Failures
Contingency planning
Disaster recovery
Difference between natural disasters and disruptions
due to cyber attacks ?
41. Protecting Info Assets- CERT
Avoidance
Prevention
Detection
Containment and Response
Recovery
Improvement
44. Practice Vigilance
Test systems before deployment
Implement monitoring and logging
Check integrity of files and directories
Scan for Virus, Trojans and Worms
Practice readiness to respond
Keep patches up to date
Raise user awareness
45. 1.POLICY
Establish process, standards,
and guidelines
2.INVENTORY
Discover all assets
across the network
3.PRIORITIZE
Assign business value to
assets
4.VULNERABILITIES
Determine vulnerabilities
on assets
5.THREATS
View potential
threats
10.COMPLIANCE
Review for policy
compliance
9.MEASURE
Measure impact of security
decisions and actions
8.REMEDIATION
Proactively fix
vulnerabilities
7.SHIELD
Stop intrusion in
real-time
6.RISK
Determine risk level