SlideShare a Scribd company logo

50 Security Shapes

Download as PPTX, PDF
Hatem ElSahhar
Hatem ElSahhar

The document outlines 50 shapes or topics related to network and information security. Some of the topics covered include the CIA security triad, symmetric and asymmetric encryption, cloud service models, hashing functions, the OSI model, firewalls vs proxies, and risk assessment processes. Each shape has a brief description or graphic explaining the key aspects of that security topic. The document is intended as a high-level overview of common concepts in network and information security.

Education
1 of 56
50 Shapes Network & Information * On slides with grey background of Security
Shape 01 : The CIA Security Triad Shape 02 : Security Requirements, Threats, and Attacks Shape 03 : How do DDoS attacks work? Shape 04 : Symmetric Encryption Shape 05 : Asymmetric Encryption Shape 06 : Digital Signature Shape 07 : The OSI Model Shape 08 : TCP 3 Way Handshake Shape 09 : TCP/IP Model vs. OSI Model Shape 10 : TLS Negotiation Shape 11 : SAML-based Single Sign-On Shape 12 : Cloud Service Models Shape 13 : Cloud Deployment Responsibilities Index
Shape 14 : Hashing Functions Shape 15 : Salted Hashes Shape 16 : Encryption, Masking, Anonymization, and Tokenization Shape 17 : Kerberos Shape 18 : Risk Terminologies Shape 19 : Defense in Depth Shape 20 : APT Life Cycle Shape 21 : OWASP Top 10 Shape 22 : Security Policy and Supporting Docs. Shape 23 : Data Security Lifecycle Shape 24 : Secure SDLC Shape 25 : Pass the Hash (PtH) Attack Index
Shape 26 : ITIL Framework Shape 27 : ISO 27001 Shape 28 : Cyber Security Domains Shape 29 : NIST Cyber Security Framework Shape 30 : SAST, IAST, DAST, and RASP Shape 31 : PCI DSS Requirements Shape 32 : Security Incident Handling Steps Shape 33 : SANS Security Incident Handling Model Shape 34 : NIST Incident Response Life Cycle Shape 35 : SOC Team Structure Shape 36 : Risk Management Process Shape 37 : Risk Assessment Process Shape 38 : Risk Assessment Matrix Index
Shape 39 : Risk Mitigation Options Shape 40 : FTPS vs. SFTP Shape 41 : Cookies Shape 42 : Malware Types Shape 43 : Firewall vs. Proxy Shape 44 : Explicit vs. Transparent Proxies Shape 45 : SD-WAN Architecture Shape 46 : SD-WAN vs. MPLS Shape 47 : Disaster Recovery Planning Shape 48 : RAID Types Shape 49 : Gartner Magic Quadrant Shape 50 : Wireless 4 Way Handshake Index
The CIA Security Triad 01 of 50 Shapes of Network & Information Security Hatem ElSahhar
Security Requirements, Threats, and Attacks 02 of 50 Shapes of Network & Information Security Hatem ElSahhar
How do DDoS attacks work? 03 of 50 Shapes of Network & Information Security Hatem ElSahhar
Symmetric Encryption 04 of 50 Shapes of Network & Information Security Hatem ElSahhar
Asymmetric Encryption 05 of 50 Shapes of Network & Information Security Hatem ElSahhar
Digital Signature 06 of 50 Shapes of Network & Information Security Hatem ElSahhar
The OSI Model 07 of 50 Shapes of Network & Information Security Hatem ElSahhar
TCP 3 Way Handshake 08 of 50 Shapes of Network & Information Security Hatem ElSahhar
TCP/IP Model vs. OSI Model 09 of 50 Shapes of Network & Information Security Hatem ElSahhar
TLS Negotiation 10 of 50 Shapes of Network & Information Security Hatem ElSahhar
SAML-based Single Sign-On 11 of 50 Shapes of Network & Information Security Hatem ElSahhar Service Provider (SP) User’s Browser Identity Provider (IdP) SP generates SAML request IdP parses SAML request and authenticates users IdP generates SAML response SP verifies SAML response SP provides user access
Cloud Service Models 12 of 50 Shapes of Network & Information Security Hatem ElSahhar
Cloud Deployment Responsibilities 13 of 50 Shapes of Network & Information Security Hatem ElSahhar On-Premises Applications Data Runtime Middleware OS Virtualization Servers Storage Networking IaaS Applications Data Runtime Middleware OS Virtualization Servers Storage Networking PaaS Applications Data Runtime Middleware OS Virtualization Servers Storage Networking SaaS Applications Data Runtime Middleware OS Virtualization Servers Storage Networking What customer manages What provider manages
Hashing Functions 14 of 50 Shapes of Network & Information Security Hatem ElSahhar
Salted Hashes 15 of 50 Shapes of Network & Information Security Hatem ElSahhar
Encryption, Masking, Anonymization, and Tokenization 16 of 50 Shapes of Network & Information Security Hatem ElSahhar
Kerberos 17 of 50 Shapes of Network & Information Security Hatem ElSahhar
Risk Terminologies 18 of 50 Shapes of Network & Information Security Hatem ElSahhar
Defense in Depth 19 of 50 Shapes of Network & Information Security Hatem ElSahhar Assets
APT Life Cycle 20 of 50 Shapes of Network & Information Security Hatem ElSahhar
OWASP Top 10 21 of 50 Shapes of Network & Information Security Hatem ElSahhar
Security Policy and Supporting Docs. 22 of 50 Shapes of Network & Information Security Hatem ElSahhar
Data Security Lifecycle 23 of 50 Shapes of Network & Information Security Hatem ElSahhar
Secure SDLC 24 of 50 Shapes of Network & Information Security Hatem ElSahhar Requirements Design Development Testing Release Risk Assessment Threat Modeling & Design Review Static Analysis Security Testing & Code Review Security Assessment & Secure Configuration
Pass the Hash (PtH) Attack 25 of 50 Shapes of Network & Information Security Hatem ElSahhar
ITIL Framework 26 of 50 Shapes of Network & Information Security Hatem ElSahhar
ISO 27001 27 of 50 Shapes of Network & Information Security Hatem ElSahhar
Cyber Security Domains 28 of 50 Shapes of Network & Information Security Hatem ElSahhar
NIST Cyber Security Framework 29 of 50 Shapes of Network & Information Security Hatem ElSahhar
SAST, IAST, DAST, and RASP 30 of 50 Shapes of Network & Information Security Hatem ElSahhar Column1 SAST IAST DAST RASP Timeline Development QA, Testing Testing, Production Production Speed Instant to hours Instant (at runtime) Hours to Days Instant (at runtime) How it works Analyzes static code to identify vulnerabilities Analyze code and behavior of running apps through instrumentation Sends HTTP requests to test behavior of web apps Monitors and protects apps at the runtime or server layer Allows continuous security testing Yes Yes No Yes CI/CD integration Yes Yes No No Integration IDEs, build tools, issue trackers Build tools, test automation, issue trackers, APIs No real integration Language runtime, application server Accuracy Medium High Medium High Actionability High: points to vulnerable lines of codes High: points to vulnerable lines of codes Low: difficult to deduce location of problem High: detailed information on attacks
PCI DSS Requirements 31 of 50 Shapes of Network & Information Security Hatem ElSahhar
Security Incident Handling Steps 32 of 50 Shapes of Network & Information Security Hatem ElSahhar Stage 1 Planning & Preparation Stage 2 Response to security incident Stage 3 Aftermath * Security incident handling plan * Reporting procedure * Escalation procedure * Security incident response procedure * Training and education * Incident monitoring measure * Identification * Escalation * Containment * Eradication * Recovery * Post-incident analysis * Security incident report * Security assessment * Review existing protection * Investigating & prosecution
SANS Security Incident Handling Model 33 of 50 Shapes of Network & Information Security Hatem ElSahhar Preparation Identification Containment Eradication Recovery Lesson Learned
NIST Incident Response Life Cycle 34 of 50 Shapes of Network & Information Security Hatem ElSahhar
SOC Team Structure 35 of 50 Shapes of Network & Information Security Hatem ElSahhar SOC Manager L1 Monitoring Team L2/L3 SOC Analysts Incident Responders Service Desk Forensics SIEM Admins Threat Intelligence Threat Hunter
Risk Management Process 36 of 50 Shapes of Network & Information Security Hatem ElSahhar •Actions & mechanism to minimize risks •Risk acceptance •Continuous monitoring of risks •Actions to control them •Estimate like hood and impact of risk •Quantitative vs. Qualitative •Identification of risk and their causes Risk Identification Risk Categorization Risk Mitigation Risk Management
Risk Assessment Process 37 of 50 Shapes of Network & Information Security Hatem ElSahhar System Characterization Threat Identification Vulnerability Identification Control Analysis Likelihood Determination Impact Analysis Risk Determination Control Recommendations Results Documentation
Risk Assessment Matrix 38 of 50 Shapes of Network & Information Security Hatem ElSahhar
Risk Avoid Eliminate the risk factor Stop Don’t provide the product or service Outsource Your vendor accepts the risk Accept Can you afford to cover the cost? Self Insure Pay out of pocket or with a deductible Transfer Move the risk to someone else Contract Agreement says customer provides insurance Insure Your policy covers potential cost Reduce Take steps to reduce the cost of a loss Loss Control Program Take actions to reduce risk Technology / Training Use technology to reduce risk Risk Mitigation Options 39 of 50 Shapes of Network & Information Security Hatem ElSahhar
FTPS vs. SFTP 40 of 50 Shapes of Network & Information Security Hatem ElSahhar Features FTPS Also known as: FTP over SSL (Secure Socket Layer) SFTP Also known as: FTP over SSH (Secure Shell) Implements strong encryption algorithms Algorithms such as AES and Triple DES are used to encrypt transferred data Algorithms such as AES and Triple DES are used to encrypt transferred data. Encrypts usernames and passwords User IDs and passwords over the FTPS connection are encrypted. User IDs and passwords over the SFTP connection are encrypted. Supports key-based authentication Key-based authentication is not supported. SSH keys can be used to authenticate SFTP connections in addition to (or instead of) passwords. Supports certificates Connections are authenticated using a user ID, password, and certificate(s). Certificates are not supported. Firewall-friendly Can be very difficult to patch through a tightly secured firewall since FTPS uses multiple port numbers Only needs a single port number (default of 22) to be opened through the firewall
Cookies 41 of 50 Shapes of Network & Information Security Hatem ElSahhar Session cookie Persistent cookie HttpOnly cookie Secure cookie First-party cookie Third-party (tracking) cookie
Malware Types 42 of 50 Shapes of Network & Information Security Hatem ElSahhar Spyware Virus Spam Worm Trojan Back- doors Rootkit Key loggers Ransom ware
Firewall vs. Proxy 43 of 50 Shapes of Network & Information Security Hatem ElSahhar
• Proxy will intercept the user agent requests without the user agent’s knowledge • The user agent thinks it is talking with the web server directly • The proxy will issue origin- style challenge (HTTP 401) as the browser will not accept proxy challenges • The user agent (i.e. web browser) is configured with the proxy server IP address to direct the traffic to it • The user agent knows it is using a proxy • The proxy will issue a proxy challenge (HTTP 407) Explicit Proxy Transparent Proxy Explicit vs. Transparent Proxies 44 of 50 Shapes of Network & Information Security Hatem ElSahhar
SD-WAN Architecture 45 of 50 Shapes of Network & Information Security Hatem ElSahhar
SD-WAN vs. MPLS 46 of 50 Shapes of Network & Information Security Hatem ElSahhar
Disaster Recovery Planning 47 of 50 Shapes of Network & Information Security Hatem ElSahhar
RAID Types 48 of 50 Shapes of Network & Information Security Hatem ElSahhar
Gartner Magic Quadrant 49 of 50 Shapes of Network & Information Security Hatem ElSahhar
Wireless 4 Way Handshake 50 of 50 Shapes of Network & Information Security Hatem ElSahhar
The End 50 Shapes of Network & Information Security Hatem ElSahhar

Recommended

Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
Residency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiResidency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiSHIVA101531
 
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Oscar Ferreira
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Data leakage prevention EN Final
Data leakage prevention EN FinalData leakage prevention EN Final
Data leakage prevention EN FinalZdravko Stoychev, CISM, CRISC
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copyyuliana_mar
 

Recommended

Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
Residency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiResidency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiSHIVA101531
 
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Oscar Ferreira
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Data leakage prevention EN Final
Data leakage prevention EN FinalData leakage prevention EN Final
Data leakage prevention EN FinalZdravko Stoychev, CISM, CRISC
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copyyuliana_mar
 
Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general attSHIVA101531
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Csa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCsa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCSA Argentina
 
Topic11
Topic11Topic11
Topic11Anne Starr
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and driversFreeform Dynamics
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business CaseEnterprise Technology Management (ETM)
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
Digital IQ in managing risk and cyber threats
Digital IQ in managing risk and cyber threatsDigital IQ in managing risk and cyber threats
Digital IQ in managing risk and cyber threatsMaganathin Veeraragaloo
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Mukesh Chinta
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 
System of security controls
System of security controlsSystem of security controls
System of security controlsS.E. CTS CERT-GOV-MD
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENTUNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENTUlf Mattsson
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 

More Related Content

What's hot

Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general attSHIVA101531
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Csa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCsa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCSA Argentina
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and driversFreeform Dynamics
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
Digital IQ in managing risk and cyber threats
Digital IQ in managing risk and cyber threatsDigital IQ in managing risk and cyber threats
Digital IQ in managing risk and cyber threatsMaganathin Veeraragaloo
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Mukesh Chinta
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 

What's hot (20)

Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general att
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Csa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCsa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionals
 
Topic11
Topic11Topic11
Topic11
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and drivers
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Digital IQ in managing risk and cyber threats
Digital IQ in managing risk and cyber threatsDigital IQ in managing risk and cyber threats
Digital IQ in managing risk and cyber threats
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del ciso
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...
 
System of security controls
System of security controlsSystem of security controls
System of security controls
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 

Similar to 50 Security Shapes

UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENTUNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENTUlf Mattsson
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Making Security Approachable for Developers and Operators
Making Security Approachable for Developers and OperatorsMaking Security Approachable for Developers and Operators
Making Security Approachable for Developers and OperatorsArmonDadgar
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvanitrraincity
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETTravarsaPrivateLimit
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
str-w04_next-wave-of-security-operationalization
str-w04_next-wave-of-security-operationalizationstr-w04_next-wave-of-security-operationalization
str-w04_next-wave-of-security-operationalizationpeter lam
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014Ulf Mattsson
 
Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementMarco Morana
 
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...Andris Soroka
 
Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security CertificationVskills
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics Robb Boyd
 
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...Infragard atlanta ulf mattsson - cloud security - regulations and data prot...
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...Ulf Mattsson
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
G-Clouds Architecture and Security (fragment of course materials)
G-Clouds Architecture and Security (fragment of course materials)G-Clouds Architecture and Security (fragment of course materials)
G-Clouds Architecture and Security (fragment of course materials)Вячеслав Аксёнов
 

Similar to 50 Security Shapes (20)

UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENTUNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Making Security Approachable for Developers and Operators
Making Security Approachable for Developers and OperatorsMaking Security Approachable for Developers and Operators
Making Security Approachable for Developers and Operators
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
str-w04_next-wave-of-security-operationalization
str-w04_next-wave-of-security-operationalizationstr-w04_next-wave-of-security-operationalization
str-w04_next-wave-of-security-operationalization
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 
Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014
 
Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk Management
 
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce Security
 
Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security Certification
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics
 
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...Infragard atlanta ulf mattsson - cloud security - regulations and data prot...
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
 
G-Clouds Architecture and Security (fragment of course materials)
G-Clouds Architecture and Security (fragment of course materials)G-Clouds Architecture and Security (fragment of course materials)
G-Clouds Architecture and Security (fragment of course materials)
 

Recently uploaded

Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 

Recently uploaded (20)

Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 

50 Security Shapes

  • 1. 50 Shapes Network & Information * On slides with grey background of Security
  • 2. Shape 01 : The CIA Security Triad Shape 02 : Security Requirements, Threats, and Attacks Shape 03 : How do DDoS attacks work? Shape 04 : Symmetric Encryption Shape 05 : Asymmetric Encryption Shape 06 : Digital Signature Shape 07 : The OSI Model Shape 08 : TCP 3 Way Handshake Shape 09 : TCP/IP Model vs. OSI Model Shape 10 : TLS Negotiation Shape 11 : SAML-based Single Sign-On Shape 12 : Cloud Service Models Shape 13 : Cloud Deployment Responsibilities Index
  • 3. Shape 14 : Hashing Functions Shape 15 : Salted Hashes Shape 16 : Encryption, Masking, Anonymization, and Tokenization Shape 17 : Kerberos Shape 18 : Risk Terminologies Shape 19 : Defense in Depth Shape 20 : APT Life Cycle Shape 21 : OWASP Top 10 Shape 22 : Security Policy and Supporting Docs. Shape 23 : Data Security Lifecycle Shape 24 : Secure SDLC Shape 25 : Pass the Hash (PtH) Attack Index
  • 4. Shape 26 : ITIL Framework Shape 27 : ISO 27001 Shape 28 : Cyber Security Domains Shape 29 : NIST Cyber Security Framework Shape 30 : SAST, IAST, DAST, and RASP Shape 31 : PCI DSS Requirements Shape 32 : Security Incident Handling Steps Shape 33 : SANS Security Incident Handling Model Shape 34 : NIST Incident Response Life Cycle Shape 35 : SOC Team Structure Shape 36 : Risk Management Process Shape 37 : Risk Assessment Process Shape 38 : Risk Assessment Matrix Index
  • 5. Shape 39 : Risk Mitigation Options Shape 40 : FTPS vs. SFTP Shape 41 : Cookies Shape 42 : Malware Types Shape 43 : Firewall vs. Proxy Shape 44 : Explicit vs. Transparent Proxies Shape 45 : SD-WAN Architecture Shape 46 : SD-WAN vs. MPLS Shape 47 : Disaster Recovery Planning Shape 48 : RAID Types Shape 49 : Gartner Magic Quadrant Shape 50 : Wireless 4 Way Handshake Index
  • 6. The CIA Security Triad 01 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 7. Security Requirements, Threats, and Attacks 02 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 8. How do DDoS attacks work? 03 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 9. Symmetric Encryption 04 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 10. Asymmetric Encryption 05 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 11. Digital Signature 06 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 12. The OSI Model 07 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 13. TCP 3 Way Handshake 08 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 14. TCP/IP Model vs. OSI Model 09 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 15. TLS Negotiation 10 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 16. SAML-based Single Sign-On 11 of 50 Shapes of Network & Information Security Hatem ElSahhar Service Provider (SP) User’s Browser Identity Provider (IdP) SP generates SAML request IdP parses SAML request and authenticates users IdP generates SAML response SP verifies SAML response SP provides user access
  • 17. Cloud Service Models 12 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 18. Cloud Deployment Responsibilities 13 of 50 Shapes of Network & Information Security Hatem ElSahhar On-Premises Applications Data Runtime Middleware OS Virtualization Servers Storage Networking IaaS Applications Data Runtime Middleware OS Virtualization Servers Storage Networking PaaS Applications Data Runtime Middleware OS Virtualization Servers Storage Networking SaaS Applications Data Runtime Middleware OS Virtualization Servers Storage Networking What customer manages What provider manages
  • 19. Hashing Functions 14 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 20. Salted Hashes 15 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 21. Encryption, Masking, Anonymization, and Tokenization 16 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 22. Kerberos 17 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 23. Risk Terminologies 18 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 24. Defense in Depth 19 of 50 Shapes of Network & Information Security Hatem ElSahhar Assets
  • 25. APT Life Cycle 20 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 26. OWASP Top 10 21 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 27. Security Policy and Supporting Docs. 22 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 28. Data Security Lifecycle 23 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 29. Secure SDLC 24 of 50 Shapes of Network & Information Security Hatem ElSahhar Requirements Design Development Testing Release Risk Assessment Threat Modeling & Design Review Static Analysis Security Testing & Code Review Security Assessment & Secure Configuration
  • 30. Pass the Hash (PtH) Attack 25 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 31. ITIL Framework 26 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 32. ISO 27001 27 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 33. Cyber Security Domains 28 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 34. NIST Cyber Security Framework 29 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 35. SAST, IAST, DAST, and RASP 30 of 50 Shapes of Network & Information Security Hatem ElSahhar Column1 SAST IAST DAST RASP Timeline Development QA, Testing Testing, Production Production Speed Instant to hours Instant (at runtime) Hours to Days Instant (at runtime) How it works Analyzes static code to identify vulnerabilities Analyze code and behavior of running apps through instrumentation Sends HTTP requests to test behavior of web apps Monitors and protects apps at the runtime or server layer Allows continuous security testing Yes Yes No Yes CI/CD integration Yes Yes No No Integration IDEs, build tools, issue trackers Build tools, test automation, issue trackers, APIs No real integration Language runtime, application server Accuracy Medium High Medium High Actionability High: points to vulnerable lines of codes High: points to vulnerable lines of codes Low: difficult to deduce location of problem High: detailed information on attacks
  • 36. PCI DSS Requirements 31 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 37. Security Incident Handling Steps 32 of 50 Shapes of Network & Information Security Hatem ElSahhar Stage 1 Planning & Preparation Stage 2 Response to security incident Stage 3 Aftermath * Security incident handling plan * Reporting procedure * Escalation procedure * Security incident response procedure * Training and education * Incident monitoring measure * Identification * Escalation * Containment * Eradication * Recovery * Post-incident analysis * Security incident report * Security assessment * Review existing protection * Investigating & prosecution
  • 38. SANS Security Incident Handling Model 33 of 50 Shapes of Network & Information Security Hatem ElSahhar Preparation Identification Containment Eradication Recovery Lesson Learned
  • 39. NIST Incident Response Life Cycle 34 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 40. SOC Team Structure 35 of 50 Shapes of Network & Information Security Hatem ElSahhar SOC Manager L1 Monitoring Team L2/L3 SOC Analysts Incident Responders Service Desk Forensics SIEM Admins Threat Intelligence Threat Hunter
  • 41. Risk Management Process 36 of 50 Shapes of Network & Information Security Hatem ElSahhar •Actions & mechanism to minimize risks •Risk acceptance •Continuous monitoring of risks •Actions to control them •Estimate like hood and impact of risk •Quantitative vs. Qualitative •Identification of risk and their causes Risk Identification Risk Categorization Risk Mitigation Risk Management
  • 42. Risk Assessment Process 37 of 50 Shapes of Network & Information Security Hatem ElSahhar System Characterization Threat Identification Vulnerability Identification Control Analysis Likelihood Determination Impact Analysis Risk Determination Control Recommendations Results Documentation
  • 43. Risk Assessment Matrix 38 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 44. Risk Avoid Eliminate the risk factor Stop Don’t provide the product or service Outsource Your vendor accepts the risk Accept Can you afford to cover the cost? Self Insure Pay out of pocket or with a deductible Transfer Move the risk to someone else Contract Agreement says customer provides insurance Insure Your policy covers potential cost Reduce Take steps to reduce the cost of a loss Loss Control Program Take actions to reduce risk Technology / Training Use technology to reduce risk Risk Mitigation Options 39 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 45. FTPS vs. SFTP 40 of 50 Shapes of Network & Information Security Hatem ElSahhar Features FTPS Also known as: FTP over SSL (Secure Socket Layer) SFTP Also known as: FTP over SSH (Secure Shell) Implements strong encryption algorithms Algorithms such as AES and Triple DES are used to encrypt transferred data Algorithms such as AES and Triple DES are used to encrypt transferred data. Encrypts usernames and passwords User IDs and passwords over the FTPS connection are encrypted. User IDs and passwords over the SFTP connection are encrypted. Supports key-based authentication Key-based authentication is not supported. SSH keys can be used to authenticate SFTP connections in addition to (or instead of) passwords. Supports certificates Connections are authenticated using a user ID, password, and certificate(s). Certificates are not supported. Firewall-friendly Can be very difficult to patch through a tightly secured firewall since FTPS uses multiple port numbers Only needs a single port number (default of 22) to be opened through the firewall
  • 46. Cookies 41 of 50 Shapes of Network & Information Security Hatem ElSahhar Session cookie Persistent cookie HttpOnly cookie Secure cookie First-party cookie Third-party (tracking) cookie
  • 47. Malware Types 42 of 50 Shapes of Network & Information Security Hatem ElSahhar Spyware Virus Spam Worm Trojan Back- doors Rootkit Key loggers Ransom ware
  • 48. Firewall vs. Proxy 43 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 49. • Proxy will intercept the user agent requests without the user agent’s knowledge • The user agent thinks it is talking with the web server directly • The proxy will issue origin- style challenge (HTTP 401) as the browser will not accept proxy challenges • The user agent (i.e. web browser) is configured with the proxy server IP address to direct the traffic to it • The user agent knows it is using a proxy • The proxy will issue a proxy challenge (HTTP 407) Explicit Proxy Transparent Proxy Explicit vs. Transparent Proxies 44 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 50. SD-WAN Architecture 45 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 51. SD-WAN vs. MPLS 46 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 52. Disaster Recovery Planning 47 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 53. RAID Types 48 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 54. Gartner Magic Quadrant 49 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 55. Wireless 4 Way Handshake 50 of 50 Shapes of Network & Information Security Hatem ElSahhar
  • 56. The End 50 Shapes of Network & Information Security Hatem ElSahhar