SlideShare a Scribd company logo

About the PresentationsThe presentations cover the objectives .docx

Download as DOCX, PDF
A
aryan532920

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning of each presentation. You may customize the presentations to fit your class needs. Some figures from the chapters are included. A complete set of images from the book can be found on the Instructor Resources disc. 1 Principles of Incident Response and Disaster Recovery, 2nd Edition Chapter 01 An Overview of Information Security and Risk Management 2 2 Objectives Define and explain information security Identify and explain the basic concepts of risk management List and discuss the components of contingency planning Describe the role of information security policy in the development of contingency plans Principles of Incident Response and Disaster Recovery, 2nd Edition 3 3 Introduction Contingency planning Being ready for incidents and disasters Example: 1/10 of one percent of online users Allows for two and a half million potential attackers Example: World Trade Center (WTC) organizations Had contingency plans due to February 1993 attack Example: 2008 Gartner report 2/3 of organizations invoked plans in prior two years Information security includes contingency planning Ensures confidentiality, integrity, availability of data Principles of Incident Response and Disaster Recovery, 2nd Edition 4 4 Information Security Committee on National Security Systems (CNSS) information security definition Protection of information and its critical elements Includes systems and hardware storing, transmitting information Part of the CNSS model (evolved from C.I.A. triangle) Conceptual framework for understanding security Information security (InfoSec) Protection of confidentiality, integrity, and availability of information In storage, during processing, and during transmission Principles of Incident Response and Disaster Recovery, 2nd Edition 5 5 Key Information Security Concepts Threat: object, person, other entity posing potential risk of loss to an asset Asset: organizational resource being protected Logical or physical Attack: attempt to cause damage to or compromise information of supporting systems Arises from a threat; intentional or unintentional Threat-agent: threat instance Specific and identifiable; exploits asset vulnerabilities Principles of Incident Response and Disaster Recovery, 2nd Edition 6 6 Key Information Security Concepts (cont’d.) Vulnerability Flaw or weakness in system security procedures, design, implementation, internal controls Results in security breach or security policy violation Well-known or latent Exercised accidently or intentionally Exploit: caused by threat-agent Can exploit system or information through illegal use Can create an exploit to target a specific vulnerability Control/safeguard/countermeasure: prevent attack Principles of Incident Response and Disaster Recovery, 2nd Edition 7 7 Key Information Security Concepts (cont’d.) Princ.

Education
1 of 34
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning of each presentation. You may customize the presentations to fit your class needs. Some figures from the chapters are included. A complete set of images from the book can be found on the Instructor Resources disc. 1 Principles of Incident Response and Disaster Recovery, 2nd Edition Chapter 01 An Overview of Information Security and Risk Management 2 2 Objectives Define and explain information security Identify and explain the basic concepts of risk management List and discuss the components of contingency planning Describe the role of information security policy in the development of contingency plans
Principles of Incident Response and Disaster Recovery, 2nd Edition 3 3 Introduction Contingency planning Being ready for incidents and disasters Example: 1/10 of one percent of online users Allows for two and a half million potential attackers Example: World Trade Center (WTC) organizations Had contingency plans due to February 1993 attack Example: 2008 Gartner report 2/3 of organizations invoked plans in prior two years Information security includes contingency planning Ensures confidentiality, integrity, availability of data Principles of Incident Response and Disaster Recovery, 2nd Edition 4 4 Information Security Committee on National Security Systems (CNSS) information security definition Protection of information and its critical elements Includes systems and hardware storing, transmitting information Part of the CNSS model (evolved from C.I.A. triangle) Conceptual framework for understanding security Information security (InfoSec)
Protection of confidentiality, integrity, and availability of information In storage, during processing, and during transmission Principles of Incident Response and Disaster Recovery, 2nd Edition 5 5 Key Information Security Concepts Threat: object, person, other entity posing potential risk of loss to an asset Asset: organizational resource being protected Logical or physical Attack: attempt to cause damage to or compromise information of supporting systems Arises from a threat; intentional or unintentional Threat-agent: threat instance Specific and identifiable; exploits asset vulnerabilities Principles of Incident Response and Disaster Recovery, 2nd Edition 6 6 Key Information Security Concepts (cont’d.) Vulnerability Flaw or weakness in system security procedures, design, implementation, internal controls Results in security breach or security policy violation Well-known or latent
Exercised accidently or intentionally Exploit: caused by threat-agent Can exploit system or information through illegal use Can create an exploit to target a specific vulnerability Control/safeguard/countermeasure: prevent attack Principles of Incident Response and Disaster Recovery, 2nd Edition 7 7 Key Information Security Concepts (cont’d.) Principles of Incident Response and Disaster Recovery, 2nd Edition 8 8 Key Information Security Concepts (cont’d.) Trespass Broad category of electronic and human activities Can breach information confidentiality Leads to unauthorized real or virtual actions Results in unauthorized access to premises or system Software attacks Malicious code, malicious software, malware Designed to damage, destroy, deny service to the target systems Example: hackers Principles of Incident Response and Disaster Recovery, 2nd Edition
9 9 Key Information Security Concepts (cont’d.) Common malicious code instances Viruses and worms, Trojan horses, logic bombs, bots, rootkits, back doors, denial-of-service (DoS) attack, distributed DoS (DDoS) attack Malicious code threats: sources of confusion Method of propagation, payload, vector of infection Viruses Segments of code that perform malicious actions Macro virus: embedded automatically in macrocode Boot virus: infects key operating systems files Principles of Incident Response and Disaster Recovery, 2nd Edition 10 10 Key Information Security Concepts (cont’d.) Worms Replicate themselves constantly No other program needed Can replicate until available resources filled Back doors and trap doors Installed by virus or worm payload Provides at will special privilege system access Polymorphism Threat changes apparent shape over time Elude antivirus software detection
Principles of Incident Response and Disaster Recovery, 2nd Edition 11 11 Key Information Security Concepts (cont’d.) Propagation vectors Manner by which malicious code spreads can vary May use social engineering: Trojan horse looks desirable, but is not May leverage open network connection, file shares or software vulnerability Malware hoaxes Well-meaning people send random e-mails warning of fictitious dangerous malware Wastes a lot of time and energy Principles of Incident Response and Disaster Recovery, 2nd Edition 12 12 Key Information Security Concepts (cont’d.) Human error or failure Introduces acts performed by an authorized user No malicious intent or purpose Human error Small mistakes produce extensive damage with catastrophic results Human failure
Intentional refusal or unintentional inability to comply with policies, guidelines, and procedures, with a potential loss of information Principles of Incident Response and Disaster Recovery, 2nd Edition 13 13 Key Information Security Concepts (cont’d.) Theft Illegal taking of another’s property Property: physical, electronic, intellectual Includes acts of espionage and breach of confidentiality Methods Competitive intelligence or industrial espionage Theft or loss of mobile devices Phones, tablets, and computers Stored information more important than devices Principles of Incident Response and Disaster Recovery, 2nd Edition 14 14 Key Information Security Concepts (cont’d.) Compromises to intellectual property FOLDOC intellectual property (IP) definition The ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another person’s intellectual property may or may not involve royalty payments
or permission but should always include proper credit to the source Includes Trade secrets, copyrights, trademarks, patents Exfiltration, or unauthorized removal of information Software piracy Principles of Incident Response and Disaster Recovery, 2nd Edition 15 15 Key Information Security Concepts (cont’d.) Sabotage or vandalism Destroys asset or damages an organization’s image Assault on an organization’s Web site Cyberterrorism (more sinister hacking) Technical software failures or errors Software with unknown hidden faults Code sold before security-related bugs detected Trap doors Helpful Web sites Bugtraq and National Vulnerability Database Principles of Incident Response and Disaster Recovery, 2nd Edition 16 16 Key Information Security Concepts (cont’d.) Technical hardware failures or errors
Equipment distributed with known or unknown flaw System performs outside expected parameters Errors can be terminal or intermittent Forces of nature Known as force majeure, or acts of God Pose most dangerous threats imaginable Occur with very little warning Principles of Incident Response and Disaster Recovery, 2nd Edition 17 17 Key Information Security Concepts (cont’d.) Deviations in quality of service by service providers Product or service not delivered as expected Support systems interrupted by storms, employee illnesses, unforeseen events Technological obsolescence Antiquated or outdated infrastructure Leads to unreliable and untrustworthy systems Risk loss of data integrity from attacks Principles of Incident Response and Disaster Recovery, 2nd Edition 18 18 Key Information Security Concepts (cont’d.) Information extortion Attacker or trusted insider steals information from a computer
system Demands compensation for its return or for an agreement to not disclose the information Common in credit card number theft Other threats See Table 1-2 Principles of Incident Response and Disaster Recovery, 2nd Edition 19 19 Principles of Incident Response and Disaster Recovery, 2nd Edition 20 20 Overview of Risk Management Risk management process Identifying and controlling information asset risks Security managers play the largest roles Includes contingency planning Risk identification process Examining, documenting, and assessing the security posture of an organization’s IT and the risks it faces Risk control process Applying controls to reduce the risks Principles of Incident Response and Disaster Recovery, 2nd Edition
21 21 Overview of Risk Management (cont’d.) Principles of Incident Response and Disaster Recovery, 2nd Edition 22 22 Overview of Risk Management (cont’d.) Risk management redefined Process of identifying vulnerabilities and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of the information system “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” - Chinese General Sun Tzu Source: Oxford University Press Principles of Incident Response and Disaster Recovery, 2nd Edition 23
23 Overview of Risk Management (cont’d.) Know yourself Identify, examine, and understand the information and systems currently in place Asset: information and systems that use, store, and transmit information Question to ask when protecting assets What are they? How do they add value to the organization? To which vulnerabilities are they susceptible? Have periodic review, revision, and maintenance of control mechanisms Principles of Incident Response and Disaster Recovery, 2nd Edition 24 24 Overview of Risk Management (cont’d.) Know the enemy Identify, examine, and understand threats Determine threat aspects affecting the organization and the security of the assets List threats prioritized by importance Conduct periodic management reviews Verify completeness and accuracy of asset inventory Review and verify identified threats and vulnerabilities Review current controls and mitigation strategies Review cost effectiveness and deployment issues Verify ongoing effectiveness of every control Principles of Incident Response and Disaster Recovery, 2nd
Edition 25 25 Risk Identification Identify, classify, and prioritize information assets Threat identification process begins afterwards Asset examined to identify vulnerabilities Controls identified Controls assessed Regarding capability to limit possible losses should attack occur Principles of Incident Response and Disaster Recovery, 2nd Edition 26 26 Principles of Incident Response and Disaster Recovery, 2nd Edition 27 27 Asset Identification and Value Assessment Iterative process of identifying assets and assessing their value Information asset classification Classify with respect to security needs
Components must be specific for the creation of various priority levels Components ranked according to criteria established by the categorization Use comprehensive and mutually exclusive categories Establish clear and comprehensive category sets Principles of Incident Response and Disaster Recovery, 2nd Edition 28 28 Asset Identification and Value Assessment (cont’d.) Information asset valuation Is this asset the most critical to the organizations’ success? Does it generate the most revenue? Does it generate the most profit? Would it be the most expensive to replace? Will it be the most expensive to protect? If revealed, would it cause the most embarrassment or greatest damage? Does the law or other regulation require us to protect this asset? Principles of Incident Response and Disaster Recovery, 2nd Edition 29 29 Asset Identification and Value Assessment (cont’d.) Answers determine weighting criteria Used for asset valuation and impact evaluation Must decide criteria best suited to establish the information
asset value Perform weighted factor analysis Calculates relative importance of each asset Assign score from 0.1 to 1.0 for each critical factor Assign each critical factor a weight from 1 to 100 Identify, document and add company-specific criteria Principles of Incident Response and Disaster Recovery, 2nd Edition 30 30 Asset Identification and Value Assessment (cont’d.) Principles of Incident Response and Disaster Recovery, 2nd Edition 31 31 Data Classification and Management (cont’d.) Data classification schemes Procedures requiring organizational data to be classified into mutually exclusive categories Based on need to protect data category confidentiality Military specialized classification ratings “Public” to “For Official Use Only” to “Confidential“ to “Secret” to “Top Secret” Principles of Incident Response and Disaster Recovery, 2nd
Edition 32 32 Data Classification and Management (cont’d.) Alternative information classification scheme Public: for general public dissemination For official use: Not particularly sensitive but not for public release Sensitive: important to the business and could cause embarrassment or loss of market share if revealed Classified: requires utmost security; disclosure could severely impact the organization Personnel information security clearances On a need-to-know basis Principles of Incident Response and Disaster Recovery, 2nd Edition 33 33 Threat Identification Conduct a threat assessment Which threats present a danger to the organization’s assets in the given environment? Which threats represent the most danger to the organization’s information? Which threats would cost the most to recover from if there was an attack? Which threats require the greatest expenditure to prevent?
Principles of Incident Response and Disaster Recovery, 2nd Edition 34 34 Vulnerability Identification Review each asset and each threat it faces Create list of vulnerabilities Examine how each threat could be perpetrated List organization’s assets and its vulnerabilities Notes Threat may yield multiple vulnerabilities People with diverse backgrounds should participate Principles of Incident Response and Disaster Recovery, 2nd Edition 35 35 Risk Assessment Process of assigning a risk rating or score to each information asset Goal Determine relative risk of each vulnerability using various factors Likelihood Probability that a specific vulnerability will be successfully attacked Many asset/vulnerability combinations have external references for likelihood values Principles of Incident Response and Disaster Recovery, 2nd
Edition 36 36 Valuation of Information Assets Assign weighted scores for the value to the organization of each information asset Re-ask questions described in the “Threat Identification” section Which of these questions is most important to the protection of the organization’s information? Examine how current controls can reduce risk faced by specific vulnerabilities Impossible to know everything about each vulnerability Principles of Incident Response and Disaster Recovery, 2nd Edition 37 37 Risk Determination Risk = (likelihood of vulnerability x value) – percent of risk currently controlled + uncertainty of assumptions Qualitative Risk Management General categories and ranking used to evaluate risk Factor Analysis of Information Risk (FAIR) strategy Promoted by CXOWARE Residual risk Remaining risk after control applied Principles of Incident Response and Disaster Recovery, 2nd
Edition 38 38 Identify Possible Controls Controls, safeguards, and countermeasures Represent security mechanisms, policies, and procedures that reduce risk Three types of security policies Enterprise information security policy Issue-specific policies Systems-specific policies Programs Activities performed within the organization to improve security Principles of Incident Response and Disaster Recovery, 2nd Edition 39 39 Risk Control Strategies Defense approach (preferred approach) Attempts to prevent vulnerability exploitation Risk defense methods Defense through application of policy Defense through training and education programs Defense through technology application Usually requires technical solutions Eliminate asset exposure Attempt to reduce risk to an acceptable level
Principles of Incident Response and Disaster Recovery, 2nd Edition 40 40 Risk Control Strategies (cont’d.) Implement security controls and safeguards Deflect attacks to minimize the successful probability Transference Attempts to shift risk to other assets, processes, organizations Rethink how services offered Revise deployment models Outsource to other organizations Purchase insurance Implement service contracts with providers Principles of Incident Response and Disaster Recovery, 2nd Edition 41 41 Risk Control Strategies (cont’d.) Mitigation Attempts to reduce impact caused by the vulnerability exploitation Through planning and preparation Includes contingency planning Business impact analysis Incident response plan Disaster recovery plan Business continuity plan
Requires quick attack detection and response Relies on existence and quality of the other plans Principles of Incident Response and Disaster Recovery, 2nd Edition 42 42 Risk Control Strategies (cont’d.) Acceptance Do nothing to protect an information asset Accept the outcome of its potential exploitation Only valid when the organization has: Determined the level of risk Assessed the probability of attack Estimated potential damage that could occur Performed a thorough cost-benefit analysis Evaluated controls Decided asset did not justify the cost of protection Principles of Incident Response and Disaster Recovery, 2nd Edition 43 43 Risk Control Strategies (cont’d.) Termination Difference from acceptance Remove asset from the environment representing risk Two main reasons Cost of protecting an asset outweighs its value
Too difficult or expensive to protect asset compared to value or advantage asset offers Termination must be a conscious business decision Not simple asset abandonment Principles of Incident Response and Disaster Recovery, 2nd Edition 44 44 Contingency Planning and Its Components Contingency plan Used to anticipate, react to, and recover from events threatening events Restores organization to normal modes of business operations Four subordinate functions Business impact assessment (BIA) Incident response planning (IRP) Disaster recovery planning (DRP) Business continuity planning (BCP) Principles of Incident Response and Disaster Recovery, 2nd Edition 45 45 Business Impact Analysis Business impact analysis (BIA) Investigation and assessment of the impact of attacks Adds detail to prioritized threat and vulnerability list created in the risk management process Provides detailed scenarios of potential impact of each type of
attack Principles of Incident Response and Disaster Recovery, 2nd Edition 46 46 Incident Response Plan Incident Any clearly identified attack on assets Incident response plan (IRP) Deals with the identification, classification, response, and recovery from an incident Assesses the likelihood of imminent damage Informs key decision makers Enables the organization to take coordinated action Principles of Incident Response and Disaster Recovery, 2nd Edition 47 47 Disaster Recovery Plan Preparation for and recovery from natural or man-made disaster Includes: Preparations for the recovery process Strategies to limit losses during the disaster Detailed steps to follow after immediate danger Focus
Preparation before the incident Actions taken after the incident Principles of Incident Response and Disaster Recovery, 2nd Edition 48 48 BCP and BRP Business continuity plan (BCP) Expresses how to ensure critical business functions continue at an alternate location After catastrophic incident or disaster Used when DRP cannot restore primary site operations Most strategic and long-term plan Business resumption plan (BRP) Emerging new concept in contingency planning Merges the DRP and BCP into a single process Principles of Incident Response and Disaster Recovery, 2nd Edition 49 49 Contingency Planning Timeline Steps in contingency planning IR plan focuses on immediate response May move to DRP and BCP if disastrous DR plan focuses on restoring systems at original site
BC runs concurrently with DRP When major or long-term damage occurs IRP, DRP, and BCP distinction When each comes into play during the incident Principles of Incident Response and Disaster Recovery, 2nd Edition 50 50 Principles of Incident Response and Disaster Recovery, 2nd Edition 51 51 Principles of Incident Response and Disaster Recovery, 2nd Edition 52 52 Contingency Planning Timeline (cont’d.) Seven steps in NIST SP 800-34, Revision 1
Principles of Incident Response and Disaster Recovery, 2nd Edition 53 53 Role of Information Security Policy in Developing Contingency Plans Policy needs to enforce information protection requirements Before, during, and after incident Quality security programs Begin and end with policy Information security A management problem Difficulties in shaping policy Must never conflict with laws; must stand up in court if challenged; must be properly administered Principles of Incident Response and Disaster Recovery, 2nd Edition 54 54 Key Policy Definitions Policy Plan or course of action Conveys instructions from senior management to those who make decisions, take action, perform duties
Organizational law Dictates acceptable and unacceptable behavior Defines penalties for violations Standard Detailed statement of what must be done to comply De facto standard (informal standard) De jure standard (formal standard) Principles of Incident Response and Disaster Recovery, 2nd Edition 55 55 Principles of Incident Response and Disaster Recovery, 2nd Edition 56 56 Key Policy Definitions (cont’d.) Mission Written statement of an organization’s purpose Vision Written statement about organization’s goals Strategic planning Process of moving organization toward its vision Information security policy Provides rules for protecting information assets
Enterprise information security policy, issue-specific security policy, systems-specific security policy Principles of Incident Response and Disaster Recovery, 2nd Edition 57 57 Enterprise Information Security Policy Enterprise information security policy (EISP) Based on and directly supports the mission, vision, and direction of the organization Executive-level Sets strategic direction, scope, and tone for all security efforts Contains requirements to be met Defines purpose, scope, constraints, and applicability Assigns responsibilities Addresses legal compliance Principles of Incident Response and Disaster Recovery, 2nd Edition 58 58 Issue-Specific Security Policy Issue-specific security policy (ISSP) Addresses specific areas of technology Three common approaches to creating ISSPs Independent ISSP documents, each tailored to a specific issue
A single comprehensive ISSP document covering all issues Modular ISSP document that unifies policy creation and administration while maintaining each specific issue’s requirements Principles of Incident Response and Disaster Recovery, 2nd Edition 59 59 Principles of Incident Response and Disaster Recovery, 2nd Edition 60 60 Issue-Specific Security Policy (cont’d.) Statement of policy Defines scope, responsibility for implementation, technologies and issues being addressed Authorized access and usage of equipment Addresses who can use technology and for what it can be used Defines “fair and responsible use” Addresses key legal issues Prohibited usage of equipment Outlines what technology cannot be used for
Principles of Incident Response and Disaster Recovery, 2nd Edition 61 61 Issue-Specific Security Policy (cont’d.) Systems management Focuses on users’ relationship to management Violations of policy Specifies penalties and how to report violations Policy review and modification Procedures and a timetable for periodic review so users do not circumvent it as it grows obsolete Limitations of liability States company will not protect user and is not liable for their actions Principles of Incident Response and Disaster Recovery, 2nd Edition 62 62 Systems-Specific Policy Systems-specific security policies (SysSPs) Standards and procedures used when configuring or maintaining systems Access control lists (ACLs) Govern rights and privileges of particular users to particular systems
Configuration rules Specific configuration codes entered into security systems Principles of Incident Response and Disaster Recovery, 2nd Edition 63 63 Systems-Specific Policy (cont’d.) ACL policies Translated into configuration sets Controls access to systems Regulate the who, what, when, and where of access ACL rules Known as capability tables, user profiles, user policies Specify what a user can and cannot do with resources Rule policies More specific than ACLs May or may not deal with users directly Principles of Incident Response and Disaster Recovery, 2nd Edition 64 64 Policy Management Policies Constantly changing and growing Must be properly disseminated Security policies must have the following
Individual responsible for creation, revision, distribution, and storage Schedule of reviews Mechanism for recommendations for revisions Policy/revision date; possibly “sunset” expiration date Policy management software (optional) Principles of Incident Response and Disaster Recovery, 2nd Edition 65 65 Summary Information security protects information and its critical elements C.I.A. triangle: basis for CNSS model Threat: entity posing potential for loss to an asset Asset: has value to the organization Vulnerability: weakness in protection mechanisms Risk management process: identify vulnerabilities and taking steps to protect assets Principles of Incident Response and Disaster Recovery, 2nd Edition 66 66 Summary (cont’d.) Risk identification: process of identifying risks
Risk control: applying controls to reduce risk Contingency planning: avoidance, transference, mitigation, acceptance strategies Business impact analysis: assess attack type impact Incident response plan: actions taken when an incident in progress Disaster recovery plan: preparation for and recovery from a disaster Principles of Incident Response and Disaster Recovery, 2nd Edition 67 67 Summary (cont’d.) Business continuity plan: ensures critical business functions continue after a disaster Policies: organizational laws dictating behavior Enterprise information security policy: sets strategic scope, direction, tone Issue-specific security policy: addresses specific areas of technology Systems-specific security policy: used when configuring or maintaining systems Principles of Incident Response and Disaster Recovery, 2nd Edition 68
68

Recommended

Introduction to Computer Security
Introduction to Computer SecurityIntroduction to Computer Security
Introduction to Computer SecurityKamal Acharya
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxbagotjesusa
 
Ch01_Introduction_to_Information_Securit.ppt
Ch01_Introduction_to_Information_Securit.pptCh01_Introduction_to_Information_Securit.ppt
Ch01_Introduction_to_Information_Securit.pptTayyab AlEe
 
Ch01_Introduction_to_Information_Securit.ppt
Ch01_Introduction_to_Information_Securit.pptCh01_Introduction_to_Information_Securit.ppt
Ch01_Introduction_to_Information_Securit.pptTayyab AlEe
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howlandnado-web
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPiBits
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewdr_edw777
 
Jb ia
Jb iaJb ia
Jb iaDeepal Samaraweera
 

Recommended

Introduction to Computer Security
Introduction to Computer SecurityIntroduction to Computer Security
Introduction to Computer SecurityKamal Acharya
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxbagotjesusa
 
Ch01_Introduction_to_Information_Securit.ppt
Ch01_Introduction_to_Information_Securit.pptCh01_Introduction_to_Information_Securit.ppt
Ch01_Introduction_to_Information_Securit.pptTayyab AlEe
 
Ch01_Introduction_to_Information_Securit.ppt
Ch01_Introduction_to_Information_Securit.pptCh01_Introduction_to_Information_Securit.ppt
Ch01_Introduction_to_Information_Securit.pptTayyab AlEe
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howlandnado-web
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPiBits
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewdr_edw777
 
Jb ia
Jb iaJb ia
Jb iaDeepal Samaraweera
 
Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and securitySomesh Kumar
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptRamaNingaiah
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIan Dave Balatbat
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptssuser6c59cb
 
Threat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devicesThreat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devicesFrédéric Sagez
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...Ahmad Sharifi
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET Journal
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challengescyberprosocial
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
software-security.ppt
software-security.pptsoftware-security.ppt
software-security.pptPRALHAD MAGADUM
 
((Anatomy of a Security IncidentAttack)) will survey current threat.docx
((Anatomy of a Security IncidentAttack)) will survey current threat.docx((Anatomy of a Security IncidentAttack)) will survey current threat.docx
((Anatomy of a Security IncidentAttack)) will survey current threat.docxajoy21
 
Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...Lana Sorrels
 
Computing safety
Computing safetyComputing safety
Computing safetytitoferrus
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdfUnlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdfInfosecTrain Education
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...infosecTrain
 
Ch13 - Security Engineering
Ch13 - Security EngineeringCh13 - Security Engineering
Ch13 - Security EngineeringHarsh Verdhan Raj
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docxAccording to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docxaryan532920
 
According to the text, crime has been part of the human condition si.docx
According to the text, crime has been part of the human condition si.docxAccording to the text, crime has been part of the human condition si.docx
According to the text, crime has been part of the human condition si.docxaryan532920
 

More Related Content

Similar to About the PresentationsThe presentations cover the objectives .docx

Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and securitySomesh Kumar
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptRamaNingaiah
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIan Dave Balatbat
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptssuser6c59cb
 
Threat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devicesThreat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devicesFrédéric Sagez
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...Ahmad Sharifi
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET Journal
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challengescyberprosocial
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
((Anatomy of a Security IncidentAttack)) will survey current threat.docx
((Anatomy of a Security IncidentAttack)) will survey current threat.docx((Anatomy of a Security IncidentAttack)) will survey current threat.docx
((Anatomy of a Security IncidentAttack)) will survey current threat.docxajoy21
 
Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...Lana Sorrels
 
Computing safety
Computing safetyComputing safety
Computing safetytitoferrus
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdfUnlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdfInfosecTrain Education
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...infosecTrain
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 

Similar to About the PresentationsThe presentations cover the objectives .docx (20)

Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and security
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
Threat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devicesThreat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devices
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challenges
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
 
software-security.ppt
software-security.pptsoftware-security.ppt
software-security.ppt
 
((Anatomy of a Security IncidentAttack)) will survey current threat.docx
((Anatomy of a Security IncidentAttack)) will survey current threat.docx((Anatomy of a Security IncidentAttack)) will survey current threat.docx
((Anatomy of a Security IncidentAttack)) will survey current threat.docx
 
Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...
 
Computing safety
Computing safetyComputing safety
Computing safety
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdfUnlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
 
Ch13 - Security Engineering
Ch13 - Security EngineeringCh13 - Security Engineering
Ch13 - Security Engineering
 
information security management
information security managementinformation security management
information security management
 

More from aryan532920

According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docxAccording to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docxaryan532920
 
According to the text, crime has been part of the human condition si.docx
According to the text, crime has been part of the human condition si.docxAccording to the text, crime has been part of the human condition si.docx
According to the text, crime has been part of the human condition si.docxaryan532920
 
According to Ronald Story and Bruce Laurie, The dozen years between.docx
According to Ronald Story and Bruce Laurie, The dozen years between.docxAccording to Ronald Story and Bruce Laurie, The dozen years between.docx
According to Ronald Story and Bruce Laurie, The dozen years between.docxaryan532920
 
According to Kirk (2016), most of your time will be spent work with .docx
According to Kirk (2016), most of your time will be spent work with .docxAccording to Kirk (2016), most of your time will be spent work with .docx
According to Kirk (2016), most of your time will be spent work with .docxaryan532920
 
According to the Council on Social Work Education, Competency 5 Eng.docx
According to the Council on Social Work Education, Competency 5 Eng.docxAccording to the Council on Social Work Education, Competency 5 Eng.docx
According to the Council on Social Work Education, Competency 5 Eng.docxaryan532920
 
According to Kirk (2016), most of our time will be spent working.docx
According to Kirk (2016), most of our time will be spent working.docxAccording to Kirk (2016), most of our time will be spent working.docx
According to Kirk (2016), most of our time will be spent working.docxaryan532920
 
According to Kirk (2016), most of your time will be spent working wi.docx
According to Kirk (2016), most of your time will be spent working wi.docxAccording to Kirk (2016), most of your time will be spent working wi.docx
According to Kirk (2016), most of your time will be spent working wi.docxaryan532920
 
According to Davenport (2014) the organizational value of healthcare.docx
According to Davenport (2014) the organizational value of healthcare.docxAccording to Davenport (2014) the organizational value of healthcare.docx
According to Davenport (2014) the organizational value of healthcare.docxaryan532920
 
According to the authors, privacy and security go hand in hand; .docx
According to the authors, privacy and security go hand in hand; .docxAccording to the authors, privacy and security go hand in hand; .docx
According to the authors, privacy and security go hand in hand; .docxaryan532920
 
According to Gilbert and Troitzsch (2005), Foundations of Simula.docx
According to Gilbert and Troitzsch (2005), Foundations of Simula.docxAccording to Gilbert and Troitzsch (2005), Foundations of Simula.docx
According to Gilbert and Troitzsch (2005), Foundations of Simula.docxaryan532920
 
According to Klein (2016), using ethical absolutism and ethical .docx
According to Klein (2016), using ethical absolutism and ethical .docxAccording to Klein (2016), using ethical absolutism and ethical .docx
According to Klein (2016), using ethical absolutism and ethical .docxaryan532920
 
According to Franks and Smallwood (2013), information has become.docx
According to Franks and Smallwood (2013), information has become.docxAccording to Franks and Smallwood (2013), information has become.docx
According to Franks and Smallwood (2013), information has become.docxaryan532920
 
According to the Council on Social Work Education, Competency 5.docx
According to the Council on Social Work Education, Competency 5.docxAccording to the Council on Social Work Education, Competency 5.docx
According to the Council on Social Work Education, Competency 5.docxaryan532920
 
According to the authors, privacy and security go hand in hand; and .docx
According to the authors, privacy and security go hand in hand; and .docxAccording to the authors, privacy and security go hand in hand; and .docx
According to the authors, privacy and security go hand in hand; and .docxaryan532920
 
According to recent surveys, China, India, and the Philippines are t.docx
According to recent surveys, China, India, and the Philippines are t.docxAccording to recent surveys, China, India, and the Philippines are t.docx
According to recent surveys, China, India, and the Philippines are t.docxaryan532920
 
According to the authors, countries that lag behind the rest of the .docx
According to the authors, countries that lag behind the rest of the .docxAccording to the authors, countries that lag behind the rest of the .docx
According to the authors, countries that lag behind the rest of the .docxaryan532920
 
According to Peskin et al. (2013) in our course reader, Studies on .docx
According to Peskin et al. (2013) in our course reader, Studies on .docxAccording to Peskin et al. (2013) in our course reader, Studies on .docx
According to Peskin et al. (2013) in our course reader, Studies on .docxaryan532920
 
According to Franks and Smallwood (2013), information has become the.docx
According to Franks and Smallwood (2013), information has become the.docxAccording to Franks and Smallwood (2013), information has become the.docx
According to Franks and Smallwood (2013), information has become the.docxaryan532920
 
According to Ang (2011), how is Social Media management differen.docx
According to Ang (2011), how is Social Media management differen.docxAccording to Ang (2011), how is Social Media management differen.docx
According to Ang (2011), how is Social Media management differen.docxaryan532920
 
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docxAccording to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docxaryan532920
 

More from aryan532920 (20)

According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docxAccording to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
 
According to the text, crime has been part of the human condition si.docx
According to the text, crime has been part of the human condition si.docxAccording to the text, crime has been part of the human condition si.docx
According to the text, crime has been part of the human condition si.docx
 
According to Ronald Story and Bruce Laurie, The dozen years between.docx
According to Ronald Story and Bruce Laurie, The dozen years between.docxAccording to Ronald Story and Bruce Laurie, The dozen years between.docx
According to Ronald Story and Bruce Laurie, The dozen years between.docx
 
According to Kirk (2016), most of your time will be spent work with .docx
According to Kirk (2016), most of your time will be spent work with .docxAccording to Kirk (2016), most of your time will be spent work with .docx
According to Kirk (2016), most of your time will be spent work with .docx
 
According to the Council on Social Work Education, Competency 5 Eng.docx
According to the Council on Social Work Education, Competency 5 Eng.docxAccording to the Council on Social Work Education, Competency 5 Eng.docx
According to the Council on Social Work Education, Competency 5 Eng.docx
 
According to Kirk (2016), most of our time will be spent working.docx
According to Kirk (2016), most of our time will be spent working.docxAccording to Kirk (2016), most of our time will be spent working.docx
According to Kirk (2016), most of our time will be spent working.docx
 
According to Kirk (2016), most of your time will be spent working wi.docx
According to Kirk (2016), most of your time will be spent working wi.docxAccording to Kirk (2016), most of your time will be spent working wi.docx
According to Kirk (2016), most of your time will be spent working wi.docx
 
According to Davenport (2014) the organizational value of healthcare.docx
According to Davenport (2014) the organizational value of healthcare.docxAccording to Davenport (2014) the organizational value of healthcare.docx
According to Davenport (2014) the organizational value of healthcare.docx
 
According to the authors, privacy and security go hand in hand; .docx
According to the authors, privacy and security go hand in hand; .docxAccording to the authors, privacy and security go hand in hand; .docx
According to the authors, privacy and security go hand in hand; .docx
 
According to Gilbert and Troitzsch (2005), Foundations of Simula.docx
According to Gilbert and Troitzsch (2005), Foundations of Simula.docxAccording to Gilbert and Troitzsch (2005), Foundations of Simula.docx
According to Gilbert and Troitzsch (2005), Foundations of Simula.docx
 
According to Klein (2016), using ethical absolutism and ethical .docx
According to Klein (2016), using ethical absolutism and ethical .docxAccording to Klein (2016), using ethical absolutism and ethical .docx
According to Klein (2016), using ethical absolutism and ethical .docx
 
According to Franks and Smallwood (2013), information has become.docx
According to Franks and Smallwood (2013), information has become.docxAccording to Franks and Smallwood (2013), information has become.docx
According to Franks and Smallwood (2013), information has become.docx
 
According to the Council on Social Work Education, Competency 5.docx
According to the Council on Social Work Education, Competency 5.docxAccording to the Council on Social Work Education, Competency 5.docx
According to the Council on Social Work Education, Competency 5.docx
 
According to the authors, privacy and security go hand in hand; and .docx
According to the authors, privacy and security go hand in hand; and .docxAccording to the authors, privacy and security go hand in hand; and .docx
According to the authors, privacy and security go hand in hand; and .docx
 
According to recent surveys, China, India, and the Philippines are t.docx
According to recent surveys, China, India, and the Philippines are t.docxAccording to recent surveys, China, India, and the Philippines are t.docx
According to recent surveys, China, India, and the Philippines are t.docx
 
According to the authors, countries that lag behind the rest of the .docx
According to the authors, countries that lag behind the rest of the .docxAccording to the authors, countries that lag behind the rest of the .docx
According to the authors, countries that lag behind the rest of the .docx
 
According to Peskin et al. (2013) in our course reader, Studies on .docx
According to Peskin et al. (2013) in our course reader, Studies on .docxAccording to Peskin et al. (2013) in our course reader, Studies on .docx
According to Peskin et al. (2013) in our course reader, Studies on .docx
 
According to Franks and Smallwood (2013), information has become the.docx
According to Franks and Smallwood (2013), information has become the.docxAccording to Franks and Smallwood (2013), information has become the.docx
According to Franks and Smallwood (2013), information has become the.docx
 
According to Ang (2011), how is Social Media management differen.docx
According to Ang (2011), how is Social Media management differen.docxAccording to Ang (2011), how is Social Media management differen.docx
According to Ang (2011), how is Social Media management differen.docx
 
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docxAccording to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
 

Recently uploaded

Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 

Recently uploaded (20)

Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 

About the PresentationsThe presentations cover the objectives .docx

  • 1. About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning of each presentation. You may customize the presentations to fit your class needs. Some figures from the chapters are included. A complete set of images from the book can be found on the Instructor Resources disc. 1 Principles of Incident Response and Disaster Recovery, 2nd Edition Chapter 01 An Overview of Information Security and Risk Management 2 2 Objectives Define and explain information security Identify and explain the basic concepts of risk management List and discuss the components of contingency planning Describe the role of information security policy in the development of contingency plans
  • 2. Principles of Incident Response and Disaster Recovery, 2nd Edition 3 3 Introduction Contingency planning Being ready for incidents and disasters Example: 1/10 of one percent of online users Allows for two and a half million potential attackers Example: World Trade Center (WTC) organizations Had contingency plans due to February 1993 attack Example: 2008 Gartner report 2/3 of organizations invoked plans in prior two years Information security includes contingency planning Ensures confidentiality, integrity, availability of data Principles of Incident Response and Disaster Recovery, 2nd Edition 4 4 Information Security Committee on National Security Systems (CNSS) information security definition Protection of information and its critical elements Includes systems and hardware storing, transmitting information Part of the CNSS model (evolved from C.I.A. triangle) Conceptual framework for understanding security Information security (InfoSec)
  • 3. Protection of confidentiality, integrity, and availability of information In storage, during processing, and during transmission Principles of Incident Response and Disaster Recovery, 2nd Edition 5 5 Key Information Security Concepts Threat: object, person, other entity posing potential risk of loss to an asset Asset: organizational resource being protected Logical or physical Attack: attempt to cause damage to or compromise information of supporting systems Arises from a threat; intentional or unintentional Threat-agent: threat instance Specific and identifiable; exploits asset vulnerabilities Principles of Incident Response and Disaster Recovery, 2nd Edition 6 6 Key Information Security Concepts (cont’d.) Vulnerability Flaw or weakness in system security procedures, design, implementation, internal controls Results in security breach or security policy violation Well-known or latent
  • 4. Exercised accidently or intentionally Exploit: caused by threat-agent Can exploit system or information through illegal use Can create an exploit to target a specific vulnerability Control/safeguard/countermeasure: prevent attack Principles of Incident Response and Disaster Recovery, 2nd Edition 7 7 Key Information Security Concepts (cont’d.) Principles of Incident Response and Disaster Recovery, 2nd Edition 8 8 Key Information Security Concepts (cont’d.) Trespass Broad category of electronic and human activities Can breach information confidentiality Leads to unauthorized real or virtual actions Results in unauthorized access to premises or system Software attacks Malicious code, malicious software, malware Designed to damage, destroy, deny service to the target systems Example: hackers Principles of Incident Response and Disaster Recovery, 2nd Edition
  • 5. 9 9 Key Information Security Concepts (cont’d.) Common malicious code instances Viruses and worms, Trojan horses, logic bombs, bots, rootkits, back doors, denial-of-service (DoS) attack, distributed DoS (DDoS) attack Malicious code threats: sources of confusion Method of propagation, payload, vector of infection Viruses Segments of code that perform malicious actions Macro virus: embedded automatically in macrocode Boot virus: infects key operating systems files Principles of Incident Response and Disaster Recovery, 2nd Edition 10 10 Key Information Security Concepts (cont’d.) Worms Replicate themselves constantly No other program needed Can replicate until available resources filled Back doors and trap doors Installed by virus or worm payload Provides at will special privilege system access Polymorphism Threat changes apparent shape over time Elude antivirus software detection
  • 6. Principles of Incident Response and Disaster Recovery, 2nd Edition 11 11 Key Information Security Concepts (cont’d.) Propagation vectors Manner by which malicious code spreads can vary May use social engineering: Trojan horse looks desirable, but is not May leverage open network connection, file shares or software vulnerability Malware hoaxes Well-meaning people send random e-mails warning of fictitious dangerous malware Wastes a lot of time and energy Principles of Incident Response and Disaster Recovery, 2nd Edition 12 12 Key Information Security Concepts (cont’d.) Human error or failure Introduces acts performed by an authorized user No malicious intent or purpose Human error Small mistakes produce extensive damage with catastrophic results Human failure
  • 7. Intentional refusal or unintentional inability to comply with policies, guidelines, and procedures, with a potential loss of information Principles of Incident Response and Disaster Recovery, 2nd Edition 13 13 Key Information Security Concepts (cont’d.) Theft Illegal taking of another’s property Property: physical, electronic, intellectual Includes acts of espionage and breach of confidentiality Methods Competitive intelligence or industrial espionage Theft or loss of mobile devices Phones, tablets, and computers Stored information more important than devices Principles of Incident Response and Disaster Recovery, 2nd Edition 14 14 Key Information Security Concepts (cont’d.) Compromises to intellectual property FOLDOC intellectual property (IP) definition The ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another person’s intellectual property may or may not involve royalty payments
  • 8. or permission but should always include proper credit to the source Includes Trade secrets, copyrights, trademarks, patents Exfiltration, or unauthorized removal of information Software piracy Principles of Incident Response and Disaster Recovery, 2nd Edition 15 15 Key Information Security Concepts (cont’d.) Sabotage or vandalism Destroys asset or damages an organization’s image Assault on an organization’s Web site Cyberterrorism (more sinister hacking) Technical software failures or errors Software with unknown hidden faults Code sold before security-related bugs detected Trap doors Helpful Web sites Bugtraq and National Vulnerability Database Principles of Incident Response and Disaster Recovery, 2nd Edition 16 16 Key Information Security Concepts (cont’d.) Technical hardware failures or errors
  • 9. Equipment distributed with known or unknown flaw System performs outside expected parameters Errors can be terminal or intermittent Forces of nature Known as force majeure, or acts of God Pose most dangerous threats imaginable Occur with very little warning Principles of Incident Response and Disaster Recovery, 2nd Edition 17 17 Key Information Security Concepts (cont’d.) Deviations in quality of service by service providers Product or service not delivered as expected Support systems interrupted by storms, employee illnesses, unforeseen events Technological obsolescence Antiquated or outdated infrastructure Leads to unreliable and untrustworthy systems Risk loss of data integrity from attacks Principles of Incident Response and Disaster Recovery, 2nd Edition 18 18 Key Information Security Concepts (cont’d.) Information extortion Attacker or trusted insider steals information from a computer
  • 10. system Demands compensation for its return or for an agreement to not disclose the information Common in credit card number theft Other threats See Table 1-2 Principles of Incident Response and Disaster Recovery, 2nd Edition 19 19 Principles of Incident Response and Disaster Recovery, 2nd Edition 20 20 Overview of Risk Management Risk management process Identifying and controlling information asset risks Security managers play the largest roles Includes contingency planning Risk identification process Examining, documenting, and assessing the security posture of an organization’s IT and the risks it faces Risk control process Applying controls to reduce the risks Principles of Incident Response and Disaster Recovery, 2nd Edition
  • 11. 21 21 Overview of Risk Management (cont’d.) Principles of Incident Response and Disaster Recovery, 2nd Edition 22 22 Overview of Risk Management (cont’d.) Risk management redefined Process of identifying vulnerabilities and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of the information system “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” - Chinese General Sun Tzu Source: Oxford University Press Principles of Incident Response and Disaster Recovery, 2nd Edition 23
  • 12. 23 Overview of Risk Management (cont’d.) Know yourself Identify, examine, and understand the information and systems currently in place Asset: information and systems that use, store, and transmit information Question to ask when protecting assets What are they? How do they add value to the organization? To which vulnerabilities are they susceptible? Have periodic review, revision, and maintenance of control mechanisms Principles of Incident Response and Disaster Recovery, 2nd Edition 24 24 Overview of Risk Management (cont’d.) Know the enemy Identify, examine, and understand threats Determine threat aspects affecting the organization and the security of the assets List threats prioritized by importance Conduct periodic management reviews Verify completeness and accuracy of asset inventory Review and verify identified threats and vulnerabilities Review current controls and mitigation strategies Review cost effectiveness and deployment issues Verify ongoing effectiveness of every control Principles of Incident Response and Disaster Recovery, 2nd
  • 13. Edition 25 25 Risk Identification Identify, classify, and prioritize information assets Threat identification process begins afterwards Asset examined to identify vulnerabilities Controls identified Controls assessed Regarding capability to limit possible losses should attack occur Principles of Incident Response and Disaster Recovery, 2nd Edition 26 26 Principles of Incident Response and Disaster Recovery, 2nd Edition 27 27 Asset Identification and Value Assessment Iterative process of identifying assets and assessing their value Information asset classification Classify with respect to security needs
  • 14. Components must be specific for the creation of various priority levels Components ranked according to criteria established by the categorization Use comprehensive and mutually exclusive categories Establish clear and comprehensive category sets Principles of Incident Response and Disaster Recovery, 2nd Edition 28 28 Asset Identification and Value Assessment (cont’d.) Information asset valuation Is this asset the most critical to the organizations’ success? Does it generate the most revenue? Does it generate the most profit? Would it be the most expensive to replace? Will it be the most expensive to protect? If revealed, would it cause the most embarrassment or greatest damage? Does the law or other regulation require us to protect this asset? Principles of Incident Response and Disaster Recovery, 2nd Edition 29 29 Asset Identification and Value Assessment (cont’d.) Answers determine weighting criteria Used for asset valuation and impact evaluation Must decide criteria best suited to establish the information
  • 15. asset value Perform weighted factor analysis Calculates relative importance of each asset Assign score from 0.1 to 1.0 for each critical factor Assign each critical factor a weight from 1 to 100 Identify, document and add company-specific criteria Principles of Incident Response and Disaster Recovery, 2nd Edition 30 30 Asset Identification and Value Assessment (cont’d.) Principles of Incident Response and Disaster Recovery, 2nd Edition 31 31 Data Classification and Management (cont’d.) Data classification schemes Procedures requiring organizational data to be classified into mutually exclusive categories Based on need to protect data category confidentiality Military specialized classification ratings “Public” to “For Official Use Only” to “Confidential“ to “Secret” to “Top Secret” Principles of Incident Response and Disaster Recovery, 2nd
  • 16. Edition 32 32 Data Classification and Management (cont’d.) Alternative information classification scheme Public: for general public dissemination For official use: Not particularly sensitive but not for public release Sensitive: important to the business and could cause embarrassment or loss of market share if revealed Classified: requires utmost security; disclosure could severely impact the organization Personnel information security clearances On a need-to-know basis Principles of Incident Response and Disaster Recovery, 2nd Edition 33 33 Threat Identification Conduct a threat assessment Which threats present a danger to the organization’s assets in the given environment? Which threats represent the most danger to the organization’s information? Which threats would cost the most to recover from if there was an attack? Which threats require the greatest expenditure to prevent?
  • 17. Principles of Incident Response and Disaster Recovery, 2nd Edition 34 34 Vulnerability Identification Review each asset and each threat it faces Create list of vulnerabilities Examine how each threat could be perpetrated List organization’s assets and its vulnerabilities Notes Threat may yield multiple vulnerabilities People with diverse backgrounds should participate Principles of Incident Response and Disaster Recovery, 2nd Edition 35 35 Risk Assessment Process of assigning a risk rating or score to each information asset Goal Determine relative risk of each vulnerability using various factors Likelihood Probability that a specific vulnerability will be successfully attacked Many asset/vulnerability combinations have external references for likelihood values Principles of Incident Response and Disaster Recovery, 2nd
  • 18. Edition 36 36 Valuation of Information Assets Assign weighted scores for the value to the organization of each information asset Re-ask questions described in the “Threat Identification” section Which of these questions is most important to the protection of the organization’s information? Examine how current controls can reduce risk faced by specific vulnerabilities Impossible to know everything about each vulnerability Principles of Incident Response and Disaster Recovery, 2nd Edition 37 37 Risk Determination Risk = (likelihood of vulnerability x value) – percent of risk currently controlled + uncertainty of assumptions Qualitative Risk Management General categories and ranking used to evaluate risk Factor Analysis of Information Risk (FAIR) strategy Promoted by CXOWARE Residual risk Remaining risk after control applied Principles of Incident Response and Disaster Recovery, 2nd
  • 19. Edition 38 38 Identify Possible Controls Controls, safeguards, and countermeasures Represent security mechanisms, policies, and procedures that reduce risk Three types of security policies Enterprise information security policy Issue-specific policies Systems-specific policies Programs Activities performed within the organization to improve security Principles of Incident Response and Disaster Recovery, 2nd Edition 39 39 Risk Control Strategies Defense approach (preferred approach) Attempts to prevent vulnerability exploitation Risk defense methods Defense through application of policy Defense through training and education programs Defense through technology application Usually requires technical solutions Eliminate asset exposure Attempt to reduce risk to an acceptable level
  • 20. Principles of Incident Response and Disaster Recovery, 2nd Edition 40 40 Risk Control Strategies (cont’d.) Implement security controls and safeguards Deflect attacks to minimize the successful probability Transference Attempts to shift risk to other assets, processes, organizations Rethink how services offered Revise deployment models Outsource to other organizations Purchase insurance Implement service contracts with providers Principles of Incident Response and Disaster Recovery, 2nd Edition 41 41 Risk Control Strategies (cont’d.) Mitigation Attempts to reduce impact caused by the vulnerability exploitation Through planning and preparation Includes contingency planning Business impact analysis Incident response plan Disaster recovery plan Business continuity plan
  • 21. Requires quick attack detection and response Relies on existence and quality of the other plans Principles of Incident Response and Disaster Recovery, 2nd Edition 42 42 Risk Control Strategies (cont’d.) Acceptance Do nothing to protect an information asset Accept the outcome of its potential exploitation Only valid when the organization has: Determined the level of risk Assessed the probability of attack Estimated potential damage that could occur Performed a thorough cost-benefit analysis Evaluated controls Decided asset did not justify the cost of protection Principles of Incident Response and Disaster Recovery, 2nd Edition 43 43 Risk Control Strategies (cont’d.) Termination Difference from acceptance Remove asset from the environment representing risk Two main reasons Cost of protecting an asset outweighs its value
  • 22. Too difficult or expensive to protect asset compared to value or advantage asset offers Termination must be a conscious business decision Not simple asset abandonment Principles of Incident Response and Disaster Recovery, 2nd Edition 44 44 Contingency Planning and Its Components Contingency plan Used to anticipate, react to, and recover from events threatening events Restores organization to normal modes of business operations Four subordinate functions Business impact assessment (BIA) Incident response planning (IRP) Disaster recovery planning (DRP) Business continuity planning (BCP) Principles of Incident Response and Disaster Recovery, 2nd Edition 45 45 Business Impact Analysis Business impact analysis (BIA) Investigation and assessment of the impact of attacks Adds detail to prioritized threat and vulnerability list created in the risk management process Provides detailed scenarios of potential impact of each type of
  • 23. attack Principles of Incident Response and Disaster Recovery, 2nd Edition 46 46 Incident Response Plan Incident Any clearly identified attack on assets Incident response plan (IRP) Deals with the identification, classification, response, and recovery from an incident Assesses the likelihood of imminent damage Informs key decision makers Enables the organization to take coordinated action Principles of Incident Response and Disaster Recovery, 2nd Edition 47 47 Disaster Recovery Plan Preparation for and recovery from natural or man-made disaster Includes: Preparations for the recovery process Strategies to limit losses during the disaster Detailed steps to follow after immediate danger Focus
  • 24. Preparation before the incident Actions taken after the incident Principles of Incident Response and Disaster Recovery, 2nd Edition 48 48 BCP and BRP Business continuity plan (BCP) Expresses how to ensure critical business functions continue at an alternate location After catastrophic incident or disaster Used when DRP cannot restore primary site operations Most strategic and long-term plan Business resumption plan (BRP) Emerging new concept in contingency planning Merges the DRP and BCP into a single process Principles of Incident Response and Disaster Recovery, 2nd Edition 49 49 Contingency Planning Timeline Steps in contingency planning IR plan focuses on immediate response May move to DRP and BCP if disastrous DR plan focuses on restoring systems at original site
  • 25. BC runs concurrently with DRP When major or long-term damage occurs IRP, DRP, and BCP distinction When each comes into play during the incident Principles of Incident Response and Disaster Recovery, 2nd Edition 50 50 Principles of Incident Response and Disaster Recovery, 2nd Edition 51 51 Principles of Incident Response and Disaster Recovery, 2nd Edition 52 52 Contingency Planning Timeline (cont’d.) Seven steps in NIST SP 800-34, Revision 1
  • 26. Principles of Incident Response and Disaster Recovery, 2nd Edition 53 53 Role of Information Security Policy in Developing Contingency Plans Policy needs to enforce information protection requirements Before, during, and after incident Quality security programs Begin and end with policy Information security A management problem Difficulties in shaping policy Must never conflict with laws; must stand up in court if challenged; must be properly administered Principles of Incident Response and Disaster Recovery, 2nd Edition 54 54 Key Policy Definitions Policy Plan or course of action Conveys instructions from senior management to those who make decisions, take action, perform duties
  • 27. Organizational law Dictates acceptable and unacceptable behavior Defines penalties for violations Standard Detailed statement of what must be done to comply De facto standard (informal standard) De jure standard (formal standard) Principles of Incident Response and Disaster Recovery, 2nd Edition 55 55 Principles of Incident Response and Disaster Recovery, 2nd Edition 56 56 Key Policy Definitions (cont’d.) Mission Written statement of an organization’s purpose Vision Written statement about organization’s goals Strategic planning Process of moving organization toward its vision Information security policy Provides rules for protecting information assets
  • 28. Enterprise information security policy, issue-specific security policy, systems-specific security policy Principles of Incident Response and Disaster Recovery, 2nd Edition 57 57 Enterprise Information Security Policy Enterprise information security policy (EISP) Based on and directly supports the mission, vision, and direction of the organization Executive-level Sets strategic direction, scope, and tone for all security efforts Contains requirements to be met Defines purpose, scope, constraints, and applicability Assigns responsibilities Addresses legal compliance Principles of Incident Response and Disaster Recovery, 2nd Edition 58 58 Issue-Specific Security Policy Issue-specific security policy (ISSP) Addresses specific areas of technology Three common approaches to creating ISSPs Independent ISSP documents, each tailored to a specific issue
  • 29. A single comprehensive ISSP document covering all issues Modular ISSP document that unifies policy creation and administration while maintaining each specific issue’s requirements Principles of Incident Response and Disaster Recovery, 2nd Edition 59 59 Principles of Incident Response and Disaster Recovery, 2nd Edition 60 60 Issue-Specific Security Policy (cont’d.) Statement of policy Defines scope, responsibility for implementation, technologies and issues being addressed Authorized access and usage of equipment Addresses who can use technology and for what it can be used Defines “fair and responsible use” Addresses key legal issues Prohibited usage of equipment Outlines what technology cannot be used for
  • 30. Principles of Incident Response and Disaster Recovery, 2nd Edition 61 61 Issue-Specific Security Policy (cont’d.) Systems management Focuses on users’ relationship to management Violations of policy Specifies penalties and how to report violations Policy review and modification Procedures and a timetable for periodic review so users do not circumvent it as it grows obsolete Limitations of liability States company will not protect user and is not liable for their actions Principles of Incident Response and Disaster Recovery, 2nd Edition 62 62 Systems-Specific Policy Systems-specific security policies (SysSPs) Standards and procedures used when configuring or maintaining systems Access control lists (ACLs) Govern rights and privileges of particular users to particular systems
  • 31. Configuration rules Specific configuration codes entered into security systems Principles of Incident Response and Disaster Recovery, 2nd Edition 63 63 Systems-Specific Policy (cont’d.) ACL policies Translated into configuration sets Controls access to systems Regulate the who, what, when, and where of access ACL rules Known as capability tables, user profiles, user policies Specify what a user can and cannot do with resources Rule policies More specific than ACLs May or may not deal with users directly Principles of Incident Response and Disaster Recovery, 2nd Edition 64 64 Policy Management Policies Constantly changing and growing Must be properly disseminated Security policies must have the following
  • 32. Individual responsible for creation, revision, distribution, and storage Schedule of reviews Mechanism for recommendations for revisions Policy/revision date; possibly “sunset” expiration date Policy management software (optional) Principles of Incident Response and Disaster Recovery, 2nd Edition 65 65 Summary Information security protects information and its critical elements C.I.A. triangle: basis for CNSS model Threat: entity posing potential for loss to an asset Asset: has value to the organization Vulnerability: weakness in protection mechanisms Risk management process: identify vulnerabilities and taking steps to protect assets Principles of Incident Response and Disaster Recovery, 2nd Edition 66 66 Summary (cont’d.) Risk identification: process of identifying risks
  • 33. Risk control: applying controls to reduce risk Contingency planning: avoidance, transference, mitigation, acceptance strategies Business impact analysis: assess attack type impact Incident response plan: actions taken when an incident in progress Disaster recovery plan: preparation for and recovery from a disaster Principles of Incident Response and Disaster Recovery, 2nd Edition 67 67 Summary (cont’d.) Business continuity plan: ensures critical business functions continue after a disaster Policies: organizational laws dictating behavior Enterprise information security policy: sets strategic scope, direction, tone Issue-specific security policy: addresses specific areas of technology Systems-specific security policy: used when configuring or maintaining systems Principles of Incident Response and Disaster Recovery, 2nd Edition 68
  • 34. 68