Submit Search
Upload
Chapter 13 Vulnerability Assessment and Data Security
•
Download as PPTX, PDF
•
1 like
•
976 views
Dr. Ahmed Al Zaidy
Follow
CompTIA Security+ Guide to Network Security Fundamentals, Sixth Edition
Read less
Read more
Education
Report
Share
Report
Share
1 of 52
Download now
Recommended
Chapter 15 Risk Mitigation
Chapter 15 Risk Mitigation
Dr. Ahmed Al Zaidy
Â
Chapter 1 Introduction to Security
Chapter 1 Introduction to Security
Dr. Ahmed Al Zaidy
Â
Chapter 3 Basic Cryptography
Chapter 3 Basic Cryptography
Dr. Ahmed Al Zaidy
Â
Chapter 9 Client and application Security
Chapter 9 Client and application Security
Dr. Ahmed Al Zaidy
Â
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and Technology
Dr. Ahmed Al Zaidy
Â
Chapter 4 Advanced Cryptography and P K I
Chapter 4 Advanced Cryptography and P K I
Dr. Ahmed Al Zaidy
Â
Chapter 14 Business Continuity
Chapter 14 Business Continuity
Dr. Ahmed Al Zaidy
Â
Chapter 12 Access Management
Chapter 12 Access Management
Dr. Ahmed Al Zaidy
Â
Recommended
Chapter 15 Risk Mitigation
Chapter 15 Risk Mitigation
Dr. Ahmed Al Zaidy
Â
Chapter 1 Introduction to Security
Chapter 1 Introduction to Security
Dr. Ahmed Al Zaidy
Â
Chapter 3 Basic Cryptography
Chapter 3 Basic Cryptography
Dr. Ahmed Al Zaidy
Â
Chapter 9 Client and application Security
Chapter 9 Client and application Security
Dr. Ahmed Al Zaidy
Â
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and Technology
Dr. Ahmed Al Zaidy
Â
Chapter 4 Advanced Cryptography and P K I
Chapter 4 Advanced Cryptography and P K I
Dr. Ahmed Al Zaidy
Â
Chapter 14 Business Continuity
Chapter 14 Business Continuity
Dr. Ahmed Al Zaidy
Â
Chapter 12 Access Management
Chapter 12 Access Management
Dr. Ahmed Al Zaidy
Â
Chapter 5 Networking and Server Attacks
Chapter 5 Networking and Server Attacks
Dr. Ahmed Al Zaidy
Â
Chapter 11 Authentication and Account Management
Chapter 11 Authentication and Account Management
Dr. Ahmed Al Zaidy
Â
Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering Attacks
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Â
Chapter 7 Administering a Secure Network
Chapter 7 Administering a Secure Network
Dr. Ahmed Al Zaidy
Â
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security
Dr. Ahmed Al Zaidy
Â
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
Â
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Dr. Ahmed Al Zaidy
Â
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
Nuuko, Inc.
Â
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
centralohioissa
Â
Proactive incident response
Proactive incident response
Brian Honan
Â
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
Â
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
Priyanka Aash
Â
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
Demetrio Milea
Â
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
FireEye, Inc.
Â
Top 10 Database Threats
Top 10 Database Threats
Imperva
Â
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
Â
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Veriato
Â
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
Â
Cisa ransomware guide
Cisa ransomware guide
anpapathanasiou
Â
ITT450 Chapter 1.pptx
ITT450 Chapter 1.pptx
AliffDarfriz
Â
Whitman_Ch05.pptx
Whitman_Ch05.pptx
Siphamandla9
Â
More Related Content
What's hot
Chapter 5 Networking and Server Attacks
Chapter 5 Networking and Server Attacks
Dr. Ahmed Al Zaidy
Â
Chapter 11 Authentication and Account Management
Chapter 11 Authentication and Account Management
Dr. Ahmed Al Zaidy
Â
Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering Attacks
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Â
Chapter 7 Administering a Secure Network
Chapter 7 Administering a Secure Network
Dr. Ahmed Al Zaidy
Â
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security
Dr. Ahmed Al Zaidy
Â
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
Â
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Dr. Ahmed Al Zaidy
Â
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
Nuuko, Inc.
Â
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
centralohioissa
Â
Proactive incident response
Proactive incident response
Brian Honan
Â
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
Â
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
Priyanka Aash
Â
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
Demetrio Milea
Â
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
FireEye, Inc.
Â
Top 10 Database Threats
Top 10 Database Threats
Imperva
Â
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
Â
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Veriato
Â
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
Â
Cisa ransomware guide
Cisa ransomware guide
anpapathanasiou
Â
What's hot
(20)
Chapter 5 Networking and Server Attacks
Chapter 5 Networking and Server Attacks
Â
Chapter 11 Authentication and Account Management
Chapter 11 Authentication and Account Management
Â
Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering Attacks
Â
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Â
Chapter 7 Administering a Secure Network
Chapter 7 Administering a Secure Network
Â
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security
Â
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
Â
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Â
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
Â
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
Â
Proactive incident response
Proactive incident response
Â
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
Â
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
Â
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
Â
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
Â
Top 10 Database Threats
Top 10 Database Threats
Â
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Â
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Â
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
Â
Cisa ransomware guide
Cisa ransomware guide
Â
Similar to Chapter 13 Vulnerability Assessment and Data Security
ITT450 Chapter 1.pptx
ITT450 Chapter 1.pptx
AliffDarfriz
Â
Whitman_Ch05.pptx
Whitman_Ch05.pptx
Siphamandla9
Â
Whitman_Ch02.pptx
Whitman_Ch02.pptx
Siphamandla9
Â
Lecture 8- information technology slides
Lecture 8- information technology slides
Aiman Niazi
Â
Lecture 5.pptx
Lecture 5.pptx
DuncanWachira3
Â
Whitman_Ch12.pptx
Whitman_Ch12.pptx
Siphamandla9
Â
Whitman_Ch06.pptx
Whitman_Ch06.pptx
Siphamandla9
Â
Module 2 Threat Management and Cybersecurity Resources (1).pptx
Module 2 Threat Management and Cybersecurity Resources (1).pptx
tahreerbassam2014
Â
Securing Beyond the Cloud Generation
Securing Beyond the Cloud Generation
Forcepoint LLC
Â
How the Cloud Shifts the Burden of Security to Development
How the Cloud Shifts the Burden of Security to Development
Erika Barron
Â
Whitman_Ch11.pptx
Whitman_Ch11.pptx
Siphamandla9
Â
Python Fundamentals
Python Fundamentals
pullaravikumar
Â
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
Â
Whitman_Ch10.pptx
Whitman_Ch10.pptx
Siphamandla9
Â
Application Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
Â
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
Lalit Kale
Â
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
Denim Group
Â
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec
Â
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
WilheminaRossi174
Â
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
AppSense
Â
Similar to Chapter 13 Vulnerability Assessment and Data Security
(20)
ITT450 Chapter 1.pptx
ITT450 Chapter 1.pptx
Â
Whitman_Ch05.pptx
Whitman_Ch05.pptx
Â
Whitman_Ch02.pptx
Whitman_Ch02.pptx
Â
Lecture 8- information technology slides
Lecture 8- information technology slides
Â
Lecture 5.pptx
Lecture 5.pptx
Â
Whitman_Ch12.pptx
Whitman_Ch12.pptx
Â
Whitman_Ch06.pptx
Whitman_Ch06.pptx
Â
Module 2 Threat Management and Cybersecurity Resources (1).pptx
Module 2 Threat Management and Cybersecurity Resources (1).pptx
Â
Securing Beyond the Cloud Generation
Securing Beyond the Cloud Generation
Â
How the Cloud Shifts the Burden of Security to Development
How the Cloud Shifts the Burden of Security to Development
Â
Whitman_Ch11.pptx
Whitman_Ch11.pptx
Â
Python Fundamentals
Python Fundamentals
Â
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
Â
Whitman_Ch10.pptx
Whitman_Ch10.pptx
Â
Application Security - Your Success Depends on it
Application Security - Your Success Depends on it
Â
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
Â
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
Â
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Â
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Â
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
Â
More from Dr. Ahmed Al Zaidy
Chapter 14 Exploring Object-based Programming
Chapter 14 Exploring Object-based Programming
Dr. Ahmed Al Zaidy
Â
Chapter 13 Programming for web forms
Chapter 13 Programming for web forms
Dr. Ahmed Al Zaidy
Â
Chapter 12 Working with Document nodes and style sheets
Chapter 12 Working with Document nodes and style sheets
Dr. Ahmed Al Zaidy
Â
Chapter 11 Working with Events and Styles
Chapter 11 Working with Events and Styles
Dr. Ahmed Al Zaidy
Â
Chapter 10 Exploring arrays, loops, and conditional statements
Chapter 10 Exploring arrays, loops, and conditional statements
Dr. Ahmed Al Zaidy
Â
Chapter 9 Getting Started with JavaScript
Chapter 9 Getting Started with JavaScript
Dr. Ahmed Al Zaidy
Â
Chapter 8 Enhancing a website with multimedia
Chapter 8 Enhancing a website with multimedia
Dr. Ahmed Al Zaidy
Â
Chapter 7 Designing a web form
Chapter 7 Designing a web form
Dr. Ahmed Al Zaidy
Â
Chapter 6 Working with Tables and Columns
Chapter 6 Working with Tables and Columns
Dr. Ahmed Al Zaidy
Â
Chapter 5 Designing for the mobile web
Chapter 5 Designing for the mobile web
Dr. Ahmed Al Zaidy
Â
Chapter 4 Graphic Design with CSS
Chapter 4 Graphic Design with CSS
Dr. Ahmed Al Zaidy
Â
Chapter 3 Designing a Page Layout
Chapter 3 Designing a Page Layout
Dr. Ahmed Al Zaidy
Â
Chapter 2 Getting Started with CSS
Chapter 2 Getting Started with CSS
Dr. Ahmed Al Zaidy
Â
Chapter 1 Getting Started with HTML5
Chapter 1 Getting Started with HTML5
Dr. Ahmed Al Zaidy
Â
Integer overflows
Integer overflows
Dr. Ahmed Al Zaidy
Â
testing throughout-the-software-life-cycle-section-2
testing throughout-the-software-life-cycle-section-2
Dr. Ahmed Al Zaidy
Â
Fundamental of testing
Fundamental of testing
Dr. Ahmed Al Zaidy
Â
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
Dr. Ahmed Al Zaidy
Â
More from Dr. Ahmed Al Zaidy
(18)
Chapter 14 Exploring Object-based Programming
Chapter 14 Exploring Object-based Programming
Â
Chapter 13 Programming for web forms
Chapter 13 Programming for web forms
Â
Chapter 12 Working with Document nodes and style sheets
Chapter 12 Working with Document nodes and style sheets
Â
Chapter 11 Working with Events and Styles
Chapter 11 Working with Events and Styles
Â
Chapter 10 Exploring arrays, loops, and conditional statements
Chapter 10 Exploring arrays, loops, and conditional statements
Â
Chapter 9 Getting Started with JavaScript
Chapter 9 Getting Started with JavaScript
Â
Chapter 8 Enhancing a website with multimedia
Chapter 8 Enhancing a website with multimedia
Â
Chapter 7 Designing a web form
Chapter 7 Designing a web form
Â
Chapter 6 Working with Tables and Columns
Chapter 6 Working with Tables and Columns
Â
Chapter 5 Designing for the mobile web
Chapter 5 Designing for the mobile web
Â
Chapter 4 Graphic Design with CSS
Chapter 4 Graphic Design with CSS
Â
Chapter 3 Designing a Page Layout
Chapter 3 Designing a Page Layout
Â
Chapter 2 Getting Started with CSS
Chapter 2 Getting Started with CSS
Â
Chapter 1 Getting Started with HTML5
Chapter 1 Getting Started with HTML5
Â
Integer overflows
Integer overflows
Â
testing throughout-the-software-life-cycle-section-2
testing throughout-the-software-life-cycle-section-2
Â
Fundamental of testing
Fundamental of testing
Â
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
Â
Recently uploaded
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Â
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Sumit Tiwari
Â
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
SamikshaHamane
Â
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Â
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
Marc Dusseiller Dusjagr
Â
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
Sabitha Banu
Â
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
Sabitha Banu
Â
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
Dr. Mazin Mohamed alkathiri
Â
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
RaymartEstabillo3
Â
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Â
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
socialsciencegdgrohi
Â
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
ssuser54595a
Â
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Celine George
Â
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
Celine George
Â
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
GaneshChakor2
Â
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
Mahmoud M. Sallam
Â
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
Â
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
CapitolTechU
Â
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
manuelaromero2013
Â
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
InMediaRes1
Â
Recently uploaded
(20)
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
Â
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Â
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
Â
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
Â
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
Â
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
Â
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
Â
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
Â
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
Â
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Â
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
Â
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
Â
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Â
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
Â
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
Â
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
Â
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Â
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
Â
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
Â
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
Â
Chapter 13 Vulnerability Assessment and Data Security
1.
1 CompTIA Security+ Guide
to Network Security Fundamentals, Sixth Edition Chapter 13 Vulnerability Assessment and Data Security © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
2.
Objectives 13.1 Explain how
to assess the security posture of an enterprise 13.2 Define vulnerability assessment and explain why it is important 13.3 Explain the differences between vulnerability scanning and penetration testing 13.4 Describe the techniques for practicing data privacy and security © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password- protected website for classroom use.
3.
3 Assessing the Security
Posture • The first step in any security protection plan begins with an assessment of the security posture of the enterprise • Will reveal existing vulnerabilities that must be addressed • A variety of techniques and tools can be used © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
4.
4 What is Vulnerability
Assessment? • A systematic and methodical evaluation of the security posture of the enterprise • It examines the exposure to attackers, forces of nature, and any potentially harmful entity • Aspects of vulnerability assessment • Asset identification • Threat evaluation • Vulnerability appraisal • Risk assessment • Risk mitigation © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
5.
5 Asset Identification (1
of 2) • Asset identification • Process of inventorying items with economic value • Common assets • People • Physical assets • Data • Hardware • Software © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
6.
6 Asset Identification (2
of 2) • After inventory has been taken, it is important to determine each item’s relative value • Factor’s to consider in determining value • How critical the asset is to the goals of organization • How much revenue asset generates • How difficult to replace asset • Impact of asset unavailability to the organization • Some organizations assign a numeric value • Example: 5 being extremely valuable and 1 being the least valuable © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
7.
7 Threat Evaluation (1
of 4) • Threat evaluation • List potential threats that come from threat agents • A threat agent is any person or thing with the power to carry out a threat against an asset • Threat modeling • Goal: understand attackers and their methods • Often done by constructing threat scenarios • Attack tree • Provides visual representation of potential attacks • Drawn as an inverted tree structure © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
8.
8 Threat Evaluation (2
of 4) Category of threat Example Natural disasters Fire, flood, or earthquake destroys data Compromise of intellectual property Software is pirated or copyright infringed Espionage Spy steals production schedule Extortion Mail clerk is blackmailed into intercepting letters Hardware failure or error Firewall blocks all network traffic Human error Employee drops laptop computer in parking lot Sabotage or vandalism Attacker implants worm that erases files Software attacks Virus, worm, or denial of service compromises hardware or software Software failure or errors Bug prevents program from properly loading Technical obsolescence Program does not function under new version of operating system Theft Desktop system is stolen from unlocked room Utility interruption Electrical power is cut off © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
9.
9 Threat Evaluation (3
of 4) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
10.
10 Threat Evaluation (4
of 4) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
11.
11 Vulnerability Appraisal • Vulnerability
appraisal • Determine current weaknesses • Takes a snapshot of current organization security • Every asset should be viewed in light of each threat • Catalog each vulnerability © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
12.
12 Risk Assessment (1
of 2) • Risk assessment • Determine damage that would result from an attack • Assess the likelihood that the vulnerability is a risk to organization © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
13.
13 Risk Assessment (2
of 2) Impact Description Example No impact This vulnerability would not affect the organization The theft of a mouse attached to a desktop computer would not affect the operations of the organization Small impact Would produce limited periods of inconvenience and possibly result in changes to a procedure A specific brand and type of hard disk drive that fails might require spare drives be made available and devices with those drive be periodically tested Significant A vulnerability that results in a loss of employee productivity due to downtime or causes a capital outlay to alleviate it could be considered significant Malware that is injected into the network could be classified as a significant vulnerability Major Major vulnerabilities are those that have a considerable negative impact on revenue The theft of the latest product research and development data through a backdoor could be considered a major vulnerability Catastrophic Vulnerabilities that are ranked as catastrophic are events that would cause the organization to cease functioning or be seriously crippled in its capacity to perform A tornado that destroys an office building and all the company’s data could be a catastrophic vulnerability © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
14.
14 Risk Mitigation • Risk
mitigation • Determine what to do about risks • Determine how much risk can be tolerated Vulnerability assessment action Steps 1. Asset identification a. Inventory the assets b. Determine the assets’ relative value 2. Threat identification a. Classify the threats by category b. Design attack tree 3. Vulnerability appraisal a. Determine current weaknesses in protecting assets b. Use vulnerability assessment tools 4. Risk assessment a. Estimate impact of vulnerability on organization b. Calculate risk likelihood and impact of the risk 5. Risk mitigation a. Decide what to do with the risk © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
15.
15 Vulnerability Assessment Tools •
Tool available to perform vulnerability assessments: • Port scanners • Protocol analyzers • Vulnerability scanners • Honeypots and honeynets • Banner grabbing tools • Crackers • Command line tools • Other tools © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
16.
16 Port Scanners (1
of 3) • TCP/IP communication • Involves information exchange between one system’s program and another system’s corresponding program • Uses a numeric value as an identifier to the applications and services on these systems (port number) • Port number • A unique identifier for applications and services • 16 bits in length © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
17.
17 Port Scanners (2
of 3) • TCP/IP divides port numbers into three categories: • Well-known port numbers (0-1023) • Reserved for most universal applications • Registered port numbers (1024-49151) • Other applications not as widely used • Dynamic and private port numbers (49152-65535) • Available for any application to use • Knowledge of what port is being used • Can be used by attacker to target a specific service • Port scanner software • Searches system for port vulnerabilities • Used to determine port state • Open, closed, or blocked © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
18.
18 Port Scanners (3
of 3) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
19.
19 Protocol Analyzers (1
of 2) • Protocol analyzers • Hardware or software that captures packets t decode and analyze contents • Also known as sniffers • Common uses for protocol analyzers • Used by network administrators for troubleshooting • Characterizing network traffic • Security analysis • Can be used to fine-tune the network and manage bandwidth © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
20.
20 Protocol Analyzers (2
of 2) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
21.
21 Vulnerability Scanners (1
of 4) • Vulnerability scanners • A generic term for a range of products that look for vulnerabilities in networks or systems • Vulnerability scanners for enterprises are intended to • Identify several vulnerabilities and alert network administrators • Two types of vulnerability scanners: • Active scanner – sends “probes” to network devices and examine the responses received back to evaluate whether a specific device needs remediation • Passive scanner – can identify the current software OS and applications being used on the network and indicate which devices might have a vulnerability • Cannot take action to resolve security problems © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
22.
22 Vulnerability Scanners (2
of 4) • A vulnerability scanner can: • Alert when new systems are added to network • Detect when an application is compromised • Detect when an internal system begins to port scan other systems • Detect which ports are served and which ports are browsed for each individual system • Identify which applications and servers host or transmit sensitive data • Maintain a log of all interactive network sessions • Track all client and server application vulnerabilities • Track which systems communicate with other internal systems © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
23.
23 Vulnerability Scanners (3
of 4) Type Description Uses Network mapping scanner Combines network device discovery tools and network scanners to find open ports or discover shared folders Can be used to create visual maps of the network that also identify vulnerabilities that need correction Wireless scanner Can discover malicious wireless network activity such as failed login attempts, record these to an event log, and alert an administrator Detects security weaknesses inside the local wireless network with internal vulnerability scanning Configuration compliance scanner Used to evaluate and report any compliance issues related to specific industry guidelines A compliance audit is a comprehensive review of how an enterprise follows regulatory guidelines © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
24.
24 Vulnerability Scanners (4
of 4) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
25.
25 Honeypots and Honeynets
(1 of 2) • Honeypot: a computer protected by minimal security • Intentionally configured with vulnerabilities • Contains bogus data files • Goal: to trick attackers into revealing their techniques • Can then be determined if actual production systems could thwart such an attack • Honeynet: a network set up with one or more honeypots • Set up with intentional vulnerabilities © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
26.
26 Honeypots and Honeynets
(2 of 2) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
27.
27 Banner Grabbing Tools •
Banner: a message that a service transmits when another program connects to it • Example: the banner for a HT • TP service will typically show the type of server software, version number, when it was last modified, an other similar information • Banner grabbing: when a program is used to intentionally gather this information • Can be used as an assessment tool to perform an inventory on the services and systems operating on a server © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
28.
28 Crackers • Crackers • Intended
to break (“crack”) the security of a system • Using a cracker in a vulnerability assessment can help determine how secure that system is • Wireless cracker • Designed to test the security of a wireless LAN system by attempting to break its protections of Wi-Fi Protected Access (WPA) or WPA2 • Password cracker • Intended to break the digest of a password to determine its strength © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
29.
29 Command-Line Tools (1
of 2) Name Description How Used Ping Tests the connection between two network devices Can flood the network to determine how it responds to a Denial of Service attack Netstat Displays detailed information about how a device is communicating with other network devices Used to determine the source of malware that is sending out stolen information or communicating with a command and control server Tracert Shows the path that a packet takes Can detect faulty or malicious routing paths Nslookup Queries the DNS to obtain a specific domain name or IP address mapping Used to verify correct DNS configurations Dig Linux command-line alternative to Nslookup More robust tool that can also verify DNS configurations Arp View and modify Address Resolution Protocol cache Can view ARP cache to uncover ARP poisoning attacks Ipconfig Displays all current TCP/IP network configuration values and refreshes DHCP and DNS settings Used to alter current settings such as IP address, subnet mask, and default gateway IP and Ifconfig Linux implementations of Ipconfig Can test to determine if configurations are secure Tcpdump Linux command-line protocol analyzer Can monitor network traffic for unauthorized traffic © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
30.
30 Command-Line Tools (2
of 2) • There are third-party tools that can be used for vulnerability scanning • Nmap (network mapper) • A security vulnerability scanner that can determine which devices are connected to the network • Netcat • A command-line alternative to Nmap • Can be used by itself or driven by other programs and scripts © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
31.
31 Other Tools • Exploitation
framework • Used to replicate attacks during a vulnerability assessment • Provides a structure of exploits and monitoring tools • Steganography • A technology that hides the existence of data in a seemingly harmless data file, image file, audio file, or video file • Steganography assessment tools • Can be used to determine if data is hidden well enough to thwart unauthorized users from finding the data © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
32.
32 Vulnerability Scanning (1
of 2) • Vulnerability scan • An automated software search through a system for known security weaknesses • Creates a report of potential exposures • Should be compared against baseline scans • Any changes can be investigated • A scan looks to: • Identify vulnerabilities or security weaknesses found in the system • Identify a lack of security controls that are missing to establish a secure framework • Identify common misconfigurations (in hardware and software) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
33.
33 Vulnerability Scanning (2
of 2) • Two methods for performing a vulnerability scan: • Intrusive vulnerability scan - attempts to actually penetrate the system to perform a simulated attack • Non-intrusive vulnerability scan - uses only available information to hypothesize the status of the vulnerability • Credentialed vulnerability scan • Provides credentials (username and password) to the scanner so tests for additional internal vulnerabilities can be performed • Non-credentialed scans do not use credentials © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
34.
34 Penetration Testing (1
of 3) • Designed to exploit system weaknesses • Relies on tester’s skill, knowledge, cunning • Usually conducted by independent contractor • Tests are usually conducted outside the security perimeter • May even disrupt network operations • End result: penetration test report © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
35.
35 Penetration Testing (2
of 3) • Three different techniques can be used: • Black box test - tester has no prior knowledge of network infrastructure • White box test - tester has in-depth knowledge of network and systems being tested • Gray box test - some limited information has been provided to the tester • Two methods by which information is gathered: • Active reconnaissance – involves actively probing the system to find information • Passive reconnaissance – the tester uses tools that do not raise any alarms © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
36.
36 Penetration Testing (3
of 3) • Once the tester has gathered information • The next step is to perform an initial exploitation by using that information to determine if it provides entry to the secure network • Once in side the network • Tester attempts to perform a pivot (moving around inside the network) • Pentester’s goal • Privilege escalation or exploiting a vulnerability to access an ever- higher level of resources • Testers must rely on persistence to continue to probe for weaknesses and exploit them © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
37.
37 Practicing Data Privacy
and Security • Enterprise data theft may involve stealing proprietary business information • Such as research for a new product • Personal data theft involves user personal data • Such as credit card numbers • Identify theft • Practicing data privacy and security involves understanding what privacy is and its risks • As well as practical steps in keeping data safe © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
38.
38 What is Privacy? •
Privacy • The state or condition of being free from public attention to the degree that you determine • The right to be left alone to the level that you choose • Data is collected on almost all actions today • Through web surfing, purchases, user surveys, and questionnaires • Data is then aggregated by data brokers • Who sell the data to interested third parties © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
39.
39 Risks Associated with
Private Data • Risks associated with use of private data fall into three categories: • Individual inconveniences and identity theft • Associations with groups • Statistical inferences • Risks have led to concern by individuals regarding how their private data is being used © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
40.
40 Maintaining Data Privacy
and Security • There is a need to keep data private and secure for legal and compliance issues, which is following the: • Requirements of legislation, prescribed rules and regulations, specified standards, and terms of a contract • Some laws include • HIPAA, Sarvox, GLBA, and PCI DSS • Steps in maintaining data privacy and security: • Creating and following a overall security methodology • Properly labeling and handling sensitive data • Ensuring that data is destroyed when no longer needed © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
41.
41 Secure Methodology • Standard
techniques for mitigating and deterring attacks • Creating a security posture • Selecting and configuring controls • Hardening • Reporting © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
42.
42 Creating a Security
Posture • Security posture describes an approach, philosophy, or strategy regarding security • Elements that make up a security posture: • Initial baseline configuration • Standard security checklist • Systems evaluated against baseline • Continuous security monitoring • Regularly observe systems and networks • Remediation • As vulnerabilities are exposed, put plan in place to address them © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
43.
43 Selecting Appropriate Controls Security
goal Common controls Confidentiality Encryption, steganography, access controls Integrity Hashing, digital signatures, certificates, nonrepudiation tools Availability Redundancy, fault tolerance, patching Safety Fencing and lighting, locks, CCTV, escape plans and routes, safety drills © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
44.
44 Configuring Controls (1
of 2) • Properly configuring controls is key to mitigating and deterring attacks • Some controls are for detection • Security camera • Some controls are for prevention • Properly positioned security guard • Information security controls • Can be configured to detect attacks and sound alarms, or prevent attacks © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
45.
45 Configuring Controls (2
of 2) • Additional consideration • When a normal function is interrupted by failure: • Which is higher priority, security or safety? • Fail-open lock unlocks doors automatically upon failure • Fail-safe lock automatically locks • Highest security level • Firewall can be configured in fail-safe or fail-open state © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
46.
46 Hardening • Purpose of
hardening • To eliminate as many security risks as possible • Types of hardening techniques include: • Protecting accounts with passwords • Disabling unnecessary accounts • Disabling unnecessary services • Protecting management interfaces and applications © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
47.
47 Reporting • It is
important to provide information regarding events that occur • So that action can be taken • Alarms or alerts • Sound warning if specific situation is occurring • Example: alert if too many failed password attempts • Reporting can provide information on trends • Can indicate a serious impending situation • Example: multiple user accounts experiencing multiple password attempts © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
48.
48 Data Labeling and
Handling (1 of 2) • Data Sensitive data must be properly labeled • If mislabeled, could accidentally be publicly distributed • Data sensitive labeling • Can help ensure proper data handling © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
49.
49 Data Labeling and
Handling (2 of 2) Data label Description Handling Confidential Highest level of security Should only be made available to users with highest level of preapproved authentication Private Restricted data with a medium level of confidentiality For users who have a need-to- know basis of the contents Proprietary Belongs to the enterprise Can be available to any current employees or contractors Public No risk of release For all public consumption; data is assumed to be public if no other data label is attached Personally Identifiable Information (PII) Data that could potentially identify a specific individual Should be kept secure so that an individual cannot be singled out for identification Protected Health Information (PHI) Data about a person’s health status, provision of health care, or payment for health care Must be kept secure as mandated by HIPAA © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
50.
50 Data Destruction • Paper
media can be destroyed by burning, shredding, pulping, or pulverizing • Electronic media • Data should never be erased using the OS “delete” command • Data could still be retrieved by using third-party tools • Wiping – overwriting the disk space with zeros or random data • Degaussing – permanently destroys the entire magnetic-based drive • By reducing or eliminating the magnetic field © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
51.
51 Chapter Summary (1
of 2) • Vulnerability assessment • Methodical evaluation of exposure of assets to risk • Three are five steps in a vulnerability assessment • One tool used to assist in determining potential threats is a process known as threat modeling • Several techniques can be used in a vulnerability assessment • Port scanners, protocol analyzers, honeypots, and honeynets are used as assessment tools • Banner grabbing can be used to perform an inventory on the services and systems operating on a server © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
52.
52 Chapter Summary (2
of 2) • A vulnerability scan searches system for known security weakness and reports findings • Penetration testing designed to exploit any discovered system weaknesses • Tester may have various levels of system knowledge • Privacy is defined as the state or condition of being free from public attention to the degree that you determine • Standard techniques used to mitigate and deter attacks • Healthy security posture • Proper configuration of controls • Hardening and reporting © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Download now