SlideShare a Scribd company logo

Final ppt g08

Download as PPTX, PDF
H
hetvi naik

(1) As the CISO of CTS, the author is looking for solutions to a "rEvil" attack that breached the company's systems. (2) The author analyzes the attack using the McCumber cube model covering confidentiality, integrity, and availability (CIA triangle) across policy, education, and technology for storage, processing, and transmission. (3) The analysis shows the attack compromised confidentiality by accessing private information, integrity by encrypting data, and availability by encrypting data and suspending business operations until ransom is paid.

Engineering
1 of 10
Introduction • As chief information security officer at Complete Technology Solutions (CTS), we are looking for solutions to a breach within the company due to “rEvil” attack. • Security model for this attack we have consider McCumber cube covering all 3 dimensions: • Confidentiality, integrity, and availability (CIA triangle) • Policy, education, and technology • Storage, processing, and transmission 1 GROUP 08: BORIS MOLOKANOV 101234411 AMIR BOZORGMEHR 101174136 HETVI NAIK 101212340 HARDHALWINDER SINGH 101232893 ANANDU KARTHIKEYAN 101238315 ASHWINI KOTIYAN 101272672 SOLUTIONS FOR “rEvil” ATTACK
Scenario 2
Extensive McCumber study Effects • Confidentiality: “Sodinokibi” have gained access to information of patients, reports, payment methods, media, and institutional giving insurance. • Integrity: The data is encrypted and hence can be tempered. • Availability: As “rEvil” will allow the data to be encrypted. There is no access by the clients and hence entire business is suspended. 3
Confidentiality-Processing Policy Digital signatures should be assigned. Education Train the staff to download and install from only from trusted providers. Technology Different encryptions can be used 4
Confidentiality-Storage Policy External devices are restricted. Education The storage path and pattern should be assigned to staffs an clients as well. Technology Antivirus on repository and by processing data bit by bit for storage. 5 Confidentiality-Transmission Policy The sharing or personal storage should be prohibited. The personal media is not allowed. Education The staff should be trained for logging out or lock devices once the work is done. Technology Adblocker and proper siting should be used for avoiding untrusted elements.
Integrity-Processing Policy 2 step authentication can be used to decrypted or encrypt or even for accessing the data. Education Staff should be trained always to confirmed for any download attachments or installing elements. Technology Pop-ups and third-party links should be blocked with secure applications. 6 Integrity-Storage Policy There should be credentials login and restricted access along with assigned permissions to group to different group of people. Education The clients should also be trained for proper authenticated access and storage pattern. Even for using updates only by company and locking after every use. Technology Updates and maintain the firewall and blocking applications like antivirus.
Integrity- Transmission • Taking snapshot or creating backups by unauthorized user must be prohibited. Policy • Clients and staff should be trained about secure mode of communications and use codes or any type of verification before communications. Education • Additional authentication on client side for every action can reduce the risk of been hacked. Technology 7
Availability-Processing Policy For been always available for processing the system must be locked or logged out after each use and need authorized login. Education Update the staff with latest security vulnerabilities and train them to recognize it and avoid at same time. Technology Backing and storing data at different locations after encryption bit by bit is main way for shielding the data from security breaches. 8
Availability- Storage Policy To been available for storage, the intervals should be assigned for each level of authority. Education The staff and client should made aware about the authority assigned to them are different for different information and process Technology For physical access, the biometrics should be made as mode of access. On other side the virtually, the access should be credentials. 9 Availability- Storage Policy Use secure means of communication Education Train the staff having practical drills Technology •VPN used for communication.
Conclusion- Mitigation • From this study we can conclude that rEvil or Sodinokibi can be malicious software used for keep the important documents hostage and encrypt them for hackers in turn of them asking for ransomware. • McCumber Cube is basic and extensive study to develop the security model for such kind of breach and lessen the impact of it on each aspects. • The major precautions is to use the company approved apps and software along with blocked suspicious elements. The security measurements are to be taken like biometrics, assigned access controls and VPN to prevent further damages. 10

Recommended

Specialist security enigneer
Specialist security enigneerSpecialist security enigneer
Specialist security enigneerMark Long
 
Specialist Security Engineer
Specialist Security EngineerSpecialist Security Engineer
Specialist Security EngineerMark Long
 
Abdulrahman c.v
Abdulrahman c.vAbdulrahman c.v
Abdulrahman c.vabdulrahman alshehri
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3MLG College of Learning, Inc
 
Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPSMLG College of Learning, Inc
 
Fundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityFundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityTonex
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Nick Lancaster
Nick LancasterNick Lancaster
Nick LancasterNick J Lancaster
 

Recommended

Specialist security enigneer
Specialist security enigneerSpecialist security enigneer
Specialist security enigneerMark Long
 
Specialist Security Engineer
Specialist Security EngineerSpecialist Security Engineer
Specialist Security EngineerMark Long
 
Abdulrahman c.v
Abdulrahman c.vAbdulrahman c.v
Abdulrahman c.vabdulrahman alshehri
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3MLG College of Learning, Inc
 
Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPSMLG College of Learning, Inc
 
Fundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityFundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityTonex
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Nick Lancaster
Nick LancasterNick Lancaster
Nick LancasterNick J Lancaster
 
PCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for RetailPCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for RetailInDefense Security
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012RECIPA
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionMLG College of Learning, Inc
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application LayerMLG College of Learning, Inc
 
Managed Services Sales Sheet
Managed Services Sales SheetManaged Services Sales Sheet
Managed Services Sales SheetScott Baines
 
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...FinTech Belgium
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...Investorideas.com
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallCommonwealth Telecommunications Organisation
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2ControlCase
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
Cyber Resilience @ Dundee & Angus College
Cyber Resilience @ Dundee & Angus CollegeCyber Resilience @ Dundee & Angus College
Cyber Resilience @ Dundee & Angus CollegeCollege Development Network
 
Corporate security pdf
Corporate security pdfCorporate security pdf
Corporate security pdfG3 intelligence Ltd
 
محتويات مادة آمن الشبكات
محتويات مادة آمن الشبكاتمحتويات مادة آمن الشبكات
محتويات مادة آمن الشبكاتeng_SamMoh
 
Wouter Joossen - IBBT Security departement
Wouter Joossen - IBBT Security departementWouter Joossen - IBBT Security departement
Wouter Joossen - IBBT Security departementimec.archive
 
Cybersecurity Fact Sheet _ Defense in Depth
Cybersecurity Fact Sheet _ Defense in DepthCybersecurity Fact Sheet _ Defense in Depth
Cybersecurity Fact Sheet _ Defense in DepthSue DeRosier
 
What is Information Assurance Model in Cyber Security.pptx
What is Information Assurance Model in Cyber Security.pptxWhat is Information Assurance Model in Cyber Security.pptx
What is Information Assurance Model in Cyber Security.pptxinfosec train
 
Security and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxSecurity and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxTRSrinidi
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
Ensuring Security and Confidentiality with Remote Developers
Ensuring Security and Confidentiality with Remote DevelopersEnsuring Security and Confidentiality with Remote Developers
Ensuring Security and Confidentiality with Remote DevelopersAcquaint Softtech Private Limited
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Activity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmActivity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmcanpaksolutions04
 

More Related Content

What's hot

PCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for RetailPCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for RetailInDefense Security
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012RECIPA
 
Managed Services Sales Sheet
Managed Services Sales SheetManaged Services Sales Sheet
Managed Services Sales SheetScott Baines
 
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...FinTech Belgium
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...Investorideas.com
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2ControlCase
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
محتويات مادة آمن الشبكات
محتويات مادة آمن الشبكاتمحتويات مادة آمن الشبكات
محتويات مادة آمن الشبكاتeng_SamMoh
 
Wouter Joossen - IBBT Security departement
Wouter Joossen - IBBT Security departementWouter Joossen - IBBT Security departement
Wouter Joossen - IBBT Security departementimec.archive
 
Cybersecurity Fact Sheet _ Defense in Depth
Cybersecurity Fact Sheet _ Defense in DepthCybersecurity Fact Sheet _ Defense in Depth
Cybersecurity Fact Sheet _ Defense in DepthSue DeRosier
 

What's hot (16)

PCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for RetailPCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for Retail
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
 
Managed Services Sales Sheet
Managed Services Sales SheetManaged Services Sales Sheet
Managed Services Sales Sheet
 
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wall
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and Training
 
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 
Cyber Resilience @ Dundee & Angus College
Cyber Resilience @ Dundee & Angus CollegeCyber Resilience @ Dundee & Angus College
Cyber Resilience @ Dundee & Angus College
 
Corporate security pdf
Corporate security pdfCorporate security pdf
Corporate security pdf
 
محتويات مادة آمن الشبكات
محتويات مادة آمن الشبكاتمحتويات مادة آمن الشبكات
محتويات مادة آمن الشبكات
 
Wouter Joossen - IBBT Security departement
Wouter Joossen - IBBT Security departementWouter Joossen - IBBT Security departement
Wouter Joossen - IBBT Security departement
 
Cybersecurity Fact Sheet _ Defense in Depth
Cybersecurity Fact Sheet _ Defense in DepthCybersecurity Fact Sheet _ Defense in Depth
Cybersecurity Fact Sheet _ Defense in Depth
 

Similar to Final ppt g08

What is Information Assurance Model in Cyber Security.pptx
What is Information Assurance Model in Cyber Security.pptxWhat is Information Assurance Model in Cyber Security.pptx
What is Information Assurance Model in Cyber Security.pptxinfosec train
 
Security and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxSecurity and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxTRSrinidi
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
Ensuring Security and Confidentiality with Remote Developers
Ensuring Security and Confidentiality with Remote DevelopersEnsuring Security and Confidentiality with Remote Developers
Ensuring Security and Confidentiality with Remote DevelopersAcquaint Softtech Private Limited
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Activity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmActivity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmcanpaksolutions04
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...IT Network marcus evans
 
ETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptx
ETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptxETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptx
ETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptxnorsubaisLibrary12
 
Security, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSecurity, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSheldon Byron
 
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationKoenig Solutions Ltd.
 
Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity SMKCreations
 
Security With Hosted Exchange
Security With Hosted ExchangeSecurity With Hosted Exchange
Security With Hosted ExchangeIntermedia2013
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxdotco
 

Similar to Final ppt g08 (20)

What is Information Assurance Model in Cyber Security.pptx
What is Information Assurance Model in Cyber Security.pptxWhat is Information Assurance Model in Cyber Security.pptx
What is Information Assurance Model in Cyber Security.pptx
 
Security and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxSecurity and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptx
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
Ensuring Security and Confidentiality with Remote Developers
Ensuring Security and Confidentiality with Remote DevelopersEnsuring Security and Confidentiality with Remote Developers
Ensuring Security and Confidentiality with Remote Developers
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Activity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmActivity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmm
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
 
ETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptx
ETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptxETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptx
ETHICS AND PROFESSIONALISM OF EMERGING TECHNOLOGIES.pptx
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
 
Security, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSecurity, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptx
 
Cloud_Security.pptx
Cloud_Security.pptxCloud_Security.pptx
Cloud_Security.pptx
 
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical Information
 
Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity
 
Jason r mc kinney halfday
Jason r mc kinney halfdayJason r mc kinney halfday
Jason r mc kinney halfday
 
Security With Hosted Exchange
Security With Hosted ExchangeSecurity With Hosted Exchange
Security With Hosted Exchange
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 

More from hetvi naik

plan for penetration test
plan for penetration testplan for penetration test
plan for penetration testhetvi naik
 
Cleaning equipment
Cleaning equipmentCleaning equipment
Cleaning equipmenthetvi naik
 
disadvantages of learning foreign language
disadvantages of learning foreign languagedisadvantages of learning foreign language
disadvantages of learning foreign languagehetvi naik
 
Face detection and recognition report with pi in single poster
Face detection and recognition report with pi in single posterFace detection and recognition report with pi in single poster
Face detection and recognition report with pi in single posterhetvi naik
 
BMC report for face detection and recognition using pi-3
BMC report for face detection and recognition using pi-3BMC report for face detection and recognition using pi-3
BMC report for face detection and recognition using pi-3hetvi naik
 
Face detection and recognition report
Face detection and recognition reportFace detection and recognition report
Face detection and recognition reporthetvi naik
 
Face detection and recognition with pi
Face detection and recognition with piFace detection and recognition with pi
Face detection and recognition with pihetvi naik
 
Face recognition with pi
Face recognition with piFace recognition with pi
Face recognition with pihetvi naik
 
Wireless power transfer report
Wireless power transfer reportWireless power transfer report
Wireless power transfer reporthetvi naik
 
wireless power transfer
wireless power transferwireless power transfer
wireless power transferhetvi naik
 
Nb iot (naik hetvi)
Nb iot (naik hetvi)Nb iot (naik hetvi)
Nb iot (naik hetvi)hetvi naik
 
Region filling
Region fillingRegion filling
Region fillinghetvi naik
 
Number plate recogition
Number plate recogitionNumber plate recogition
Number plate recogitionhetvi naik
 

More from hetvi naik (16)

plan for penetration test
plan for penetration testplan for penetration test
plan for penetration test
 
Team black
Team blackTeam black
Team black
 
Cleaning equipment
Cleaning equipmentCleaning equipment
Cleaning equipment
 
disadvantages of learning foreign language
disadvantages of learning foreign languagedisadvantages of learning foreign language
disadvantages of learning foreign language
 
Face detection and recognition report with pi in single poster
Face detection and recognition report with pi in single posterFace detection and recognition report with pi in single poster
Face detection and recognition report with pi in single poster
 
BMC report for face detection and recognition using pi-3
BMC report for face detection and recognition using pi-3BMC report for face detection and recognition using pi-3
BMC report for face detection and recognition using pi-3
 
Face detection and recognition report
Face detection and recognition reportFace detection and recognition report
Face detection and recognition report
 
Face detection and recognition with pi
Face detection and recognition with piFace detection and recognition with pi
Face detection and recognition with pi
 
Face recognition with pi
Face recognition with piFace recognition with pi
Face recognition with pi
 
Wireless power transfer report
Wireless power transfer reportWireless power transfer report
Wireless power transfer report
 
wireless power transfer
wireless power transferwireless power transfer
wireless power transfer
 
Nb iot (naik hetvi)
Nb iot (naik hetvi)Nb iot (naik hetvi)
Nb iot (naik hetvi)
 
GRO n GO
GRO n GO GRO n GO
GRO n GO
 
AAA server
AAA serverAAA server
AAA server
 
Region filling
Region fillingRegion filling
Region filling
 
Number plate recogition
Number plate recogitionNumber plate recogition
Number plate recogition
 

Recently uploaded

Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 

Recently uploaded (20)

Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 

Final ppt g08

  • 1. Introduction • As chief information security officer at Complete Technology Solutions (CTS), we are looking for solutions to a breach within the company due to “rEvil” attack. • Security model for this attack we have consider McCumber cube covering all 3 dimensions: • Confidentiality, integrity, and availability (CIA triangle) • Policy, education, and technology • Storage, processing, and transmission 1 GROUP 08: BORIS MOLOKANOV 101234411 AMIR BOZORGMEHR 101174136 HETVI NAIK 101212340 HARDHALWINDER SINGH 101232893 ANANDU KARTHIKEYAN 101238315 ASHWINI KOTIYAN 101272672 SOLUTIONS FOR “rEvil” ATTACK
  • 3. Extensive McCumber study Effects • Confidentiality: “Sodinokibi” have gained access to information of patients, reports, payment methods, media, and institutional giving insurance. • Integrity: The data is encrypted and hence can be tempered. • Availability: As “rEvil” will allow the data to be encrypted. There is no access by the clients and hence entire business is suspended. 3
  • 4. Confidentiality-Processing Policy Digital signatures should be assigned. Education Train the staff to download and install from only from trusted providers. Technology Different encryptions can be used 4
  • 5. Confidentiality-Storage Policy External devices are restricted. Education The storage path and pattern should be assigned to staffs an clients as well. Technology Antivirus on repository and by processing data bit by bit for storage. 5 Confidentiality-Transmission Policy The sharing or personal storage should be prohibited. The personal media is not allowed. Education The staff should be trained for logging out or lock devices once the work is done. Technology Adblocker and proper siting should be used for avoiding untrusted elements.
  • 6. Integrity-Processing Policy 2 step authentication can be used to decrypted or encrypt or even for accessing the data. Education Staff should be trained always to confirmed for any download attachments or installing elements. Technology Pop-ups and third-party links should be blocked with secure applications. 6 Integrity-Storage Policy There should be credentials login and restricted access along with assigned permissions to group to different group of people. Education The clients should also be trained for proper authenticated access and storage pattern. Even for using updates only by company and locking after every use. Technology Updates and maintain the firewall and blocking applications like antivirus.
  • 7. Integrity- Transmission • Taking snapshot or creating backups by unauthorized user must be prohibited. Policy • Clients and staff should be trained about secure mode of communications and use codes or any type of verification before communications. Education • Additional authentication on client side for every action can reduce the risk of been hacked. Technology 7
  • 8. Availability-Processing Policy For been always available for processing the system must be locked or logged out after each use and need authorized login. Education Update the staff with latest security vulnerabilities and train them to recognize it and avoid at same time. Technology Backing and storing data at different locations after encryption bit by bit is main way for shielding the data from security breaches. 8
  • 9. Availability- Storage Policy To been available for storage, the intervals should be assigned for each level of authority. Education The staff and client should made aware about the authority assigned to them are different for different information and process Technology For physical access, the biometrics should be made as mode of access. On other side the virtually, the access should be credentials. 9 Availability- Storage Policy Use secure means of communication Education Train the staff having practical drills Technology •VPN used for communication.
  • 10. Conclusion- Mitigation • From this study we can conclude that rEvil or Sodinokibi can be malicious software used for keep the important documents hostage and encrypt them for hackers in turn of them asking for ransomware. • McCumber Cube is basic and extensive study to develop the security model for such kind of breach and lessen the impact of it on each aspects. • The major precautions is to use the company approved apps and software along with blocked suspicious elements. The security measurements are to be taken like biometrics, assigned access controls and VPN to prevent further damages. 10