SlideShare a Scribd company logo

1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx

Download as DOCX, PDF
A
aulasnilda

1 Copyright © 2012, Elsevier Inc. All Rights Reserved Chapter 10 Awareness Cyber Attacks Protecting National Infrastructure, 1st ed. 2 • Situational awareness is the real-time understanding within an organization of its security risk posture • Awareness of security posture requires consideration of the following – Known vulnerabilities – Security infrastructure – Network and computing architecture – Business environment – Global threats – Hardware and software profiles Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s Introduction 3 Fig. 10.1 – Optimal period of system usage for cyber security Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 4 • Factoring in all elements of situational awareness should create an overview of current security risk • Descriptors such as high, medium, and low are too vague to be helpful • Security risk levels should be linked with actionable items Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s Introduction 5 Fig. 10.2 – Rough dashboard estimate of cyber security posture Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 6 Fig. 10.3 – Security posture changes based on activity and response Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 7 Detecting Infrastructure Attacks • No security task is more difficult and complex than the detection of an ongoing attack • Many tools for detecting attack, yet none comprehensive or foolproof • Determination of risk level is a fluid process Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 8 Fig. 10.4 – Attack confidence changes based on events Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 9 Managing Vulnerability Information • Situational awareness for national infrastructure protection requires a degree of attention to daily trivia around vulnerability information • Practical heuristics for managing vulnerability information – Structured collection – Worst case assumptions – Nondefinitive conclusions – Connection to all sources Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 10 Fig. 10.5 – Vulnerability management structure Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 11 Managing Vulnerability Information • Three basic rules for managers – Always assume adversary knows as much or more about your infrastructure – Assume the adversary is always keeping vulnerability- related secrets from you – Never assume you know everything relevant to the security of your infrastructure Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e ...

Education
1 of 22
1 Copyright © 2012, Elsevier Inc. All Rights Reserved Chapter 10 Awareness Cyber Attacks Protecting National Infrastructure, 1st ed. 2 • Situational awareness is the real-time understanding within an organization of its security risk posture • Awareness of security posture requires consideration of the following – Known vulnerabilities – Security infrastructure – Network and computing architecture – Business environment – Global threats
– Hardware and software profiles Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s Introduction 3 Fig. 10.1 – Optimal period of system usage for cyber security
Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 4 • Factoring in all elements of situational awareness should create an overview of current security risk • Descriptors such as high, medium, and low are too vague to be helpful • Security risk levels should be linked with actionable
items Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s Introduction 5 Fig. 10.2 – Rough dashboard estimate of cyber security posture
Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 6 Fig. 10.3 – Security posture changes based on activity and response Copyright © 2012, Elsevier Inc. All rights Reserved
C h a p te r 1 0 – A w a re n e s s 7 Detecting Infrastructure Attacks • No security task is more difficult and complex than the detection of an ongoing attack • Many tools for detecting attack, yet none comprehensive or foolproof • Determination of risk level is a fluid process Copyright © 2012, Elsevier Inc.
All rights Reserved C h a p te r 1 0 – A w a re n e s s 8 Fig. 10.4 – Attack confidence changes based on events Copyright © 2012, Elsevier Inc. All rights Reserved C
h a p te r 1 0 – A w a re n e s s 9 Managing Vulnerability Information • Situational awareness for national infrastructure protection requires a degree of attention to daily trivia around vulnerability information • Practical heuristics for managing vulnerability information – Structured collection – Worst case assumptions
– Nondefinitive conclusions – Connection to all sources Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 10 Fig. 10.5 – Vulnerability management structure
Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 11 Managing Vulnerability Information • Three basic rules for managers – Always assume adversary knows as much or more about your infrastructure
– Assume the adversary is always keeping vulnerability- related secrets from you – Never assume you know everything relevant to the security of your infrastructure Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 12 Cyber Security Intelligence Reports
• Daily cyber security intelligence reports are standard in government agencies • They would be useful in enterprise settings • A cyber security intelligence report would include – Current security posture – Top and new security risks – Automated metrics – Human interpretation Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n
e s s 13 Cyber Security Intelligence Reports • Tasks for creating a cyber security intelligence report – Intelligence gathering – Interpretation and publication – Dissemination and archiving Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re
n e s s 14 Fig. 10.6 – Cyber security intelligence report creation and dissemination Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s
s 15 Risk Management Process • Security risks must be tracked and prioritized • Generally agreed upon approach to measuring risk associated with specific components begins with two estimations – Liklihood – Consequences • Actual numeric value of risk less important than overall relative risk • A useful construct compares security risk against cost of recommended action Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 –
A w a re n e s s 16 Fig. 10.7 – Risk versus cost decision path structure Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w
a re n e s s 17 Risk Management Process • Increasing risks likely incur increased costs • Summary of management considerations – Maintaining a prioritized list of security risks – Justifying all decisions Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A
w a re n e s s 18 Security Operations Centers • The security operations center (SOC) is the most visible realization of real-time security situational awareness • Most SOC designs begin with centralized model – a facility tied closely to operation • A global dispersal of SOC resources is an around-the- clock real-time analysis of security threats Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te
r 1 0 – A w a re n e s s 19 Fig. 10.8 – Security operations center (SOC) high-level design Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 –
A w a re n e s s 20 • A national-level view of security posture will require consideration of the following – Commercial versus government information – Information classification – Agency politics – SOC responsibility Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1
0 – A w a re n e s s National Awareness Program Sheet1EmployeeStarting SalaryOn Road PctState UnivCIS DegreeStayed 3 YearsTenure13890057%YesYesNo1124230068%YesYesNo5339 80075%NoYesNo2143570029%NoYesYes54040071%NoYesNo 1963640062%NoYesNo1873730041%YesNoYes83660037%NoY esNo1793460065%NoYesNo20104230053%YesYesNo16113780 073%NoYesYes123970060%NoYesNo12133610056%YesYesYe s143610042%YesYesYes153380035%NoYesYes163890036%No YesYes173550050%NoYesNo15183760058%NoYesYes1938100 78%YesYesYes203830016%NoNoYes213460029%NoYesYes22 3630026%NoYesYes233720059%YesYesNo14243770055%Yes YesYes253660045%NoYesNo13264100081%YesYesNo9274080 0111%YesYesNo7283670056%YesYesYes293770056%NoYesN o22303770042%NoYesNo11313930069%YesYesNo1632375005 0%NoYesNo18334000069%YesYesNo9344150064%YesNoNo5 353960072%NoYesNo18363690042%NoYesYes373950062%No YesNo5383780020%NoYesNo23393860057%NoYesNo8404060 070%YesYesYes414160063%YesYesYes424080044%NoNoYes 433620068%NoYesNo31443960059%NoYesNo10453610056%Y
esYesYes463610042%NoYesYes473950053%YesYesNo174839 10038%NoYesYes494030053%YesYesYes503880078%YesYes Yes513940034%YesYesNo27523840023%NoYesYes533520033 %NoYesYes543610024%NoNoYes553710044%NoYesYes56372 0064%YesYesNo23573680046%YesNoYes583650027%NoNoYe s593590029%NoNoYes603790076%YesYesNo14613790058%N oYesNo26623790028%NoYesNo14633670037%NoYesYes6437 40049%NoYesNo19653820062%YesYesYes663660051%YesYe sNo7 Sheet2 Sheet3

Recommended

Wiki Page  Chapter 10 AwarenessWikis for Learning and Collaborat.docx
Wiki Page  Chapter 10 AwarenessWikis for Learning and Collaborat.docxWiki Page  Chapter 10 AwarenessWikis for Learning and Collaborat.docx
Wiki Page  Chapter 10 AwarenessWikis for Learning and Collaborat.docxhelzerpatrina
 
11Copyright © 2012, Elsevier Inc. All Rights Reserved
11Copyright © 2012, Elsevier Inc. All Rights Reserved11Copyright © 2012, Elsevier Inc. All Rights Reserved
11Copyright © 2012, Elsevier Inc. All Rights ReservedMargenePurnell14
 
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docxaulasnilda
 
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docxRAJU852744
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docxherminaprocter
 
Lab #1 - Assessment Worksheet Configuring an Active Direct.docx
Lab #1 - Assessment Worksheet Configuring an Active Direct.docxLab #1 - Assessment Worksheet Configuring an Active Direct.docx
Lab #1 - Assessment Worksheet Configuring an Active Direct.docxmanningchassidy
 
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docxoswald1horne84988
 
Running Head Personal Reflection1Personal Reflection1.docx
Running Head Personal Reflection1Personal Reflection1.docxRunning Head Personal Reflection1Personal Reflection1.docx
Running Head Personal Reflection1Personal Reflection1.docxjeanettehully
 

Recommended

Wiki Page  Chapter 10 AwarenessWikis for Learning and Collaborat.docx
Wiki Page  Chapter 10 AwarenessWikis for Learning and Collaborat.docxWiki Page  Chapter 10 AwarenessWikis for Learning and Collaborat.docx
Wiki Page  Chapter 10 AwarenessWikis for Learning and Collaborat.docxhelzerpatrina
 
11Copyright © 2012, Elsevier Inc. All Rights Reserved
11Copyright © 2012, Elsevier Inc. All Rights Reserved11Copyright © 2012, Elsevier Inc. All Rights Reserved
11Copyright © 2012, Elsevier Inc. All Rights ReservedMargenePurnell14
 
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docxaulasnilda
 
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docxRAJU852744
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docxherminaprocter
 
Lab #1 - Assessment Worksheet Configuring an Active Direct.docx
Lab #1 - Assessment Worksheet Configuring an Active Direct.docxLab #1 - Assessment Worksheet Configuring an Active Direct.docx
Lab #1 - Assessment Worksheet Configuring an Active Direct.docxmanningchassidy
 
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docxoswald1horne84988
 
Running Head Personal Reflection1Personal Reflection1.docx
Running Head Personal Reflection1Personal Reflection1.docxRunning Head Personal Reflection1Personal Reflection1.docx
Running Head Personal Reflection1Personal Reflection1.docxjeanettehully
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved
1Copyright © 2012, Elsevier Inc. All Rights Reserved1Copyright © 2012, Elsevier Inc. All Rights Reserved
1Copyright © 2012, Elsevier Inc. All Rights Reservedkendahudson
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?London School of Cyber Security
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Selex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security ForumSelex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security ForumLeonardo
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber SecurityJohn Gilligan
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentationJoseph Schorr
 
NCCDC 2019 Standards Presentation.pptx
NCCDC 2019 Standards Presentation.pptxNCCDC 2019 Standards Presentation.pptx
NCCDC 2019 Standards Presentation.pptxJeffThompson991132
 
Protect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksProtect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksIvanti
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
Jump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeJump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeDenim Group
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterpriseQuick Heal Technologies Ltd.
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series BreakfastCSO_Presentations
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityInnoTech
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthyRussell Publishing
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseEnclaveSecurity
 
1. Analyze the case and determine the factors that have made KFC a s.docx
1. Analyze the case and determine the factors that have made KFC a s.docx1. Analyze the case and determine the factors that have made KFC a s.docx
1. Analyze the case and determine the factors that have made KFC a s.docxaulasnilda
 
1. A.Discuss how the concept of health has changed over time. B.Di.docx
1. A.Discuss how the concept of health has changed over time. B.Di.docx1. A.Discuss how the concept of health has changed over time. B.Di.docx
1. A.Discuss how the concept of health has changed over time. B.Di.docxaulasnilda
 

More Related Content

Similar to 1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx

Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved
1Copyright © 2012, Elsevier Inc. All Rights Reserved1Copyright © 2012, Elsevier Inc. All Rights Reserved
1Copyright © 2012, Elsevier Inc. All Rights Reservedkendahudson
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Selex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security ForumSelex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security ForumLeonardo
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber SecurityJohn Gilligan
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentationJoseph Schorr
 
NCCDC 2019 Standards Presentation.pptx
NCCDC 2019 Standards Presentation.pptxNCCDC 2019 Standards Presentation.pptx
NCCDC 2019 Standards Presentation.pptxJeffThompson991132
 
Protect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksProtect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksIvanti
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
Jump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeJump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeDenim Group
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityInnoTech
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthyRussell Publishing
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseEnclaveSecurity
 

Similar to 1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx (20)

Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercato
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved
1Copyright © 2012, Elsevier Inc. All Rights Reserved1Copyright © 2012, Elsevier Inc. All Rights Reserved
1Copyright © 2012, Elsevier Inc. All Rights Reserved
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
Selex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security ForumSelex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security Forum
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber Security
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentation
 
NCCDC 2019 Standards Presentation.pptx
NCCDC 2019 Standards Presentation.pptxNCCDC 2019 Standards Presentation.pptx
NCCDC 2019 Standards Presentation.pptx
 
Protect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksProtect Against 85% of Cyberattacks
Protect Against 85% of Cyberattacks
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
Jump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeJump Start Your Application Security Knowledge
Jump Start Your Application Security Knowledge
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud Security
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthy
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for Defense
 

More from aulasnilda

1. Analyze the case and determine the factors that have made KFC a s.docx
1. Analyze the case and determine the factors that have made KFC a s.docx1. Analyze the case and determine the factors that have made KFC a s.docx
1. Analyze the case and determine the factors that have made KFC a s.docxaulasnilda
 
1. A.Discuss how the concept of health has changed over time. B.Di.docx
1. A.Discuss how the concept of health has changed over time. B.Di.docx1. A.Discuss how the concept of health has changed over time. B.Di.docx
1. A.Discuss how the concept of health has changed over time. B.Di.docxaulasnilda
 
1. Abstract2. Introduction to Bitcoin and Ethereum3..docx
1. Abstract2. Introduction to Bitcoin and Ethereum3..docx1. Abstract2. Introduction to Bitcoin and Ethereum3..docx
1. Abstract2. Introduction to Bitcoin and Ethereum3..docxaulasnilda
 
1. A. Compare vulnerable populations. B. Describe an example of one .docx
1. A. Compare vulnerable populations. B. Describe an example of one .docx1. A. Compare vulnerable populations. B. Describe an example of one .docx
1. A. Compare vulnerable populations. B. Describe an example of one .docxaulasnilda
 
1. A highly capable brick and mortar electronics retailer with a l.docx
1. A highly capable brick and mortar electronics retailer with a l.docx1. A highly capable brick and mortar electronics retailer with a l.docx
1. A highly capable brick and mortar electronics retailer with a l.docxaulasnilda
 
1. A. Research the delivery, finance, management, and sustainabili.docx
1. A. Research the delivery, finance, management, and sustainabili.docx1. A. Research the delivery, finance, management, and sustainabili.docx
1. A. Research the delivery, finance, management, and sustainabili.docxaulasnilda
 
1. All of the following artists except for ONE used nudity as part.docx
1. All of the following artists except for ONE used nudity as part.docx1. All of the following artists except for ONE used nudity as part.docx
1. All of the following artists except for ONE used nudity as part.docxaulasnilda
 
1. According to the article, what is myth and how does it functi.docx
1. According to the article, what is myth and how does it functi.docx1. According to the article, what is myth and how does it functi.docx
1. According to the article, what is myth and how does it functi.docxaulasnilda
 
1. 6 Paragraph OverviewReflection on Reading Assigbnment Due Before.docx
1. 6 Paragraph OverviewReflection on Reading Assigbnment Due Before.docx1. 6 Paragraph OverviewReflection on Reading Assigbnment Due Before.docx
1. 6 Paragraph OverviewReflection on Reading Assigbnment Due Before.docxaulasnilda
 
1. A.Compare independent variables, B.dependent variables, and C.ext.docx
1. A.Compare independent variables, B.dependent variables, and C.ext.docx1. A.Compare independent variables, B.dependent variables, and C.ext.docx
1. A.Compare independent variables, B.dependent variables, and C.ext.docxaulasnilda
 
1. According to the Court, why is death a proportionate penalty for .docx
1. According to the Court, why is death a proportionate penalty for .docx1. According to the Court, why is death a proportionate penalty for .docx
1. According to the Court, why is death a proportionate penalty for .docxaulasnilda
 
1- Prisonization  What if  . . . you were sentenced to prison .docx
1- Prisonization  What if  . . . you were sentenced to prison .docx1- Prisonization  What if  . . . you were sentenced to prison .docx
1- Prisonization  What if  . . . you were sentenced to prison .docxaulasnilda
 
1. 250+ word count What is cultural and linguistic competence H.docx
1. 250+ word count What is cultural and linguistic competence H.docx1. 250+ word count What is cultural and linguistic competence H.docx
1. 250+ word count What is cultural and linguistic competence H.docxaulasnilda
 
1. 200 words How valuable is a having a LinkedIn profile Provid.docx
1. 200 words How valuable is a having a LinkedIn profile Provid.docx1. 200 words How valuable is a having a LinkedIn profile Provid.docx
1. 200 words How valuable is a having a LinkedIn profile Provid.docxaulasnilda
 
1. According to recent surveys, China, India, and the Philippines ar.docx
1. According to recent surveys, China, India, and the Philippines ar.docx1. According to recent surveys, China, India, and the Philippines ar.docx
1. According to recent surveys, China, India, and the Philippines ar.docxaulasnilda
 
1. Addressing inflation using Fiscal and Monetary Policy tools.S.docx
1. Addressing inflation using Fiscal and Monetary Policy tools.S.docx1. Addressing inflation using Fiscal and Monetary Policy tools.S.docx
1. Addressing inflation using Fiscal and Monetary Policy tools.S.docxaulasnilda
 
1. A vulnerability refers to a known weakness of an asset (resou.docx
1. A vulnerability refers to a known weakness of an asset (resou.docx1. A vulnerability refers to a known weakness of an asset (resou.docx
1. A vulnerability refers to a known weakness of an asset (resou.docxaulasnilda
 
1. According to the readings, philosophy began in ancient Egypt an.docx
1. According to the readings, philosophy began in ancient Egypt an.docx1. According to the readings, philosophy began in ancient Egypt an.docx
1. According to the readings, philosophy began in ancient Egypt an.docxaulasnilda
 
1-Explain what you understood from the paper with (one paragraph).docx
1-Explain what you understood from the paper with (one paragraph).docx1-Explain what you understood from the paper with (one paragraph).docx
1-Explain what you understood from the paper with (one paragraph).docxaulasnilda
 
1-Explanation of how healthcare policy can impact the advanced p.docx
1-Explanation of how healthcare policy can impact the advanced p.docx1-Explanation of how healthcare policy can impact the advanced p.docx
1-Explanation of how healthcare policy can impact the advanced p.docxaulasnilda
 

More from aulasnilda (20)

1. Analyze the case and determine the factors that have made KFC a s.docx
1. Analyze the case and determine the factors that have made KFC a s.docx1. Analyze the case and determine the factors that have made KFC a s.docx
1. Analyze the case and determine the factors that have made KFC a s.docx
 
1. A.Discuss how the concept of health has changed over time. B.Di.docx
1. A.Discuss how the concept of health has changed over time. B.Di.docx1. A.Discuss how the concept of health has changed over time. B.Di.docx
1. A.Discuss how the concept of health has changed over time. B.Di.docx
 
1. Abstract2. Introduction to Bitcoin and Ethereum3..docx
1. Abstract2. Introduction to Bitcoin and Ethereum3..docx1. Abstract2. Introduction to Bitcoin and Ethereum3..docx
1. Abstract2. Introduction to Bitcoin and Ethereum3..docx
 
1. A. Compare vulnerable populations. B. Describe an example of one .docx
1. A. Compare vulnerable populations. B. Describe an example of one .docx1. A. Compare vulnerable populations. B. Describe an example of one .docx
1. A. Compare vulnerable populations. B. Describe an example of one .docx
 
1. A highly capable brick and mortar electronics retailer with a l.docx
1. A highly capable brick and mortar electronics retailer with a l.docx1. A highly capable brick and mortar electronics retailer with a l.docx
1. A highly capable brick and mortar electronics retailer with a l.docx
 
1. A. Research the delivery, finance, management, and sustainabili.docx
1. A. Research the delivery, finance, management, and sustainabili.docx1. A. Research the delivery, finance, management, and sustainabili.docx
1. A. Research the delivery, finance, management, and sustainabili.docx
 
1. All of the following artists except for ONE used nudity as part.docx
1. All of the following artists except for ONE used nudity as part.docx1. All of the following artists except for ONE used nudity as part.docx
1. All of the following artists except for ONE used nudity as part.docx
 
1. According to the article, what is myth and how does it functi.docx
1. According to the article, what is myth and how does it functi.docx1. According to the article, what is myth and how does it functi.docx
1. According to the article, what is myth and how does it functi.docx
 
1. 6 Paragraph OverviewReflection on Reading Assigbnment Due Before.docx
1. 6 Paragraph OverviewReflection on Reading Assigbnment Due Before.docx1. 6 Paragraph OverviewReflection on Reading Assigbnment Due Before.docx
1. 6 Paragraph OverviewReflection on Reading Assigbnment Due Before.docx
 
1. A.Compare independent variables, B.dependent variables, and C.ext.docx
1. A.Compare independent variables, B.dependent variables, and C.ext.docx1. A.Compare independent variables, B.dependent variables, and C.ext.docx
1. A.Compare independent variables, B.dependent variables, and C.ext.docx
 
1. According to the Court, why is death a proportionate penalty for .docx
1. According to the Court, why is death a proportionate penalty for .docx1. According to the Court, why is death a proportionate penalty for .docx
1. According to the Court, why is death a proportionate penalty for .docx
 
1- Prisonization  What if  . . . you were sentenced to prison .docx
1- Prisonization  What if  . . . you were sentenced to prison .docx1- Prisonization  What if  . . . you were sentenced to prison .docx
1- Prisonization  What if  . . . you were sentenced to prison .docx
 
1. 250+ word count What is cultural and linguistic competence H.docx
1. 250+ word count What is cultural and linguistic competence H.docx1. 250+ word count What is cultural and linguistic competence H.docx
1. 250+ word count What is cultural and linguistic competence H.docx
 
1. 200 words How valuable is a having a LinkedIn profile Provid.docx
1. 200 words How valuable is a having a LinkedIn profile Provid.docx1. 200 words How valuable is a having a LinkedIn profile Provid.docx
1. 200 words How valuable is a having a LinkedIn profile Provid.docx
 
1. According to recent surveys, China, India, and the Philippines ar.docx
1. According to recent surveys, China, India, and the Philippines ar.docx1. According to recent surveys, China, India, and the Philippines ar.docx
1. According to recent surveys, China, India, and the Philippines ar.docx
 
1. Addressing inflation using Fiscal and Monetary Policy tools.S.docx
1. Addressing inflation using Fiscal and Monetary Policy tools.S.docx1. Addressing inflation using Fiscal and Monetary Policy tools.S.docx
1. Addressing inflation using Fiscal and Monetary Policy tools.S.docx
 
1. A vulnerability refers to a known weakness of an asset (resou.docx
1. A vulnerability refers to a known weakness of an asset (resou.docx1. A vulnerability refers to a known weakness of an asset (resou.docx
1. A vulnerability refers to a known weakness of an asset (resou.docx
 
1. According to the readings, philosophy began in ancient Egypt an.docx
1. According to the readings, philosophy began in ancient Egypt an.docx1. According to the readings, philosophy began in ancient Egypt an.docx
1. According to the readings, philosophy began in ancient Egypt an.docx
 
1-Explain what you understood from the paper with (one paragraph).docx
1-Explain what you understood from the paper with (one paragraph).docx1-Explain what you understood from the paper with (one paragraph).docx
1-Explain what you understood from the paper with (one paragraph).docx
 
1-Explanation of how healthcare policy can impact the advanced p.docx
1-Explanation of how healthcare policy can impact the advanced p.docx1-Explanation of how healthcare policy can impact the advanced p.docx
1-Explanation of how healthcare policy can impact the advanced p.docx
 

Recently uploaded

How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17Celine George
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxUmeshTimilsina1
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 

Recently uploaded (20)

How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 

1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx

  • 1. 1 Copyright © 2012, Elsevier Inc. All Rights Reserved Chapter 10 Awareness Cyber Attacks Protecting National Infrastructure, 1st ed. 2 • Situational awareness is the real-time understanding within an organization of its security risk posture • Awareness of security posture requires consideration of the following – Known vulnerabilities – Security infrastructure – Network and computing architecture – Business environment – Global threats
  • 2. – Hardware and software profiles Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s Introduction 3 Fig. 10.1 – Optimal period of system usage for cyber security
  • 3. Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 4 • Factoring in all elements of situational awareness should create an overview of current security risk • Descriptors such as high, medium, and low are too vague to be helpful • Security risk levels should be linked with actionable
  • 4. items Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s Introduction 5 Fig. 10.2 – Rough dashboard estimate of cyber security posture
  • 5. Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 6 Fig. 10.3 – Security posture changes based on activity and response Copyright © 2012, Elsevier Inc. All rights Reserved
  • 6. C h a p te r 1 0 – A w a re n e s s 7 Detecting Infrastructure Attacks • No security task is more difficult and complex than the detection of an ongoing attack • Many tools for detecting attack, yet none comprehensive or foolproof • Determination of risk level is a fluid process Copyright © 2012, Elsevier Inc.
  • 7. All rights Reserved C h a p te r 1 0 – A w a re n e s s 8 Fig. 10.4 – Attack confidence changes based on events Copyright © 2012, Elsevier Inc. All rights Reserved C
  • 8. h a p te r 1 0 – A w a re n e s s 9 Managing Vulnerability Information • Situational awareness for national infrastructure protection requires a degree of attention to daily trivia around vulnerability information • Practical heuristics for managing vulnerability information – Structured collection – Worst case assumptions
  • 9. – Nondefinitive conclusions – Connection to all sources Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 10 Fig. 10.5 – Vulnerability management structure
  • 10. Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 11 Managing Vulnerability Information • Three basic rules for managers – Always assume adversary knows as much or more about your infrastructure
  • 11. – Assume the adversary is always keeping vulnerability- related secrets from you – Never assume you know everything relevant to the security of your infrastructure Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s s 12 Cyber Security Intelligence Reports
  • 12. • Daily cyber security intelligence reports are standard in government agencies • They would be useful in enterprise settings • A cyber security intelligence report would include – Current security posture – Top and new security risks – Automated metrics – Human interpretation Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n
  • 13. e s s 13 Cyber Security Intelligence Reports • Tasks for creating a cyber security intelligence report – Intelligence gathering – Interpretation and publication – Dissemination and archiving Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re
  • 14. n e s s 14 Fig. 10.6 – Cyber security intelligence report creation and dissemination Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w a re n e s
  • 15. s 15 Risk Management Process • Security risks must be tracked and prioritized • Generally agreed upon approach to measuring risk associated with specific components begins with two estimations – Liklihood – Consequences • Actual numeric value of risk less important than overall relative risk • A useful construct compares security risk against cost of recommended action Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 –
  • 16. A w a re n e s s 16 Fig. 10.7 – Risk versus cost decision path structure Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A w
  • 17. a re n e s s 17 Risk Management Process • Increasing risks likely incur increased costs • Summary of management considerations – Maintaining a prioritized list of security risks – Justifying all decisions Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 – A
  • 18. w a re n e s s 18 Security Operations Centers • The security operations center (SOC) is the most visible realization of real-time security situational awareness • Most SOC designs begin with centralized model – a facility tied closely to operation • A global dispersal of SOC resources is an around-the- clock real-time analysis of security threats Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te
  • 19. r 1 0 – A w a re n e s s 19 Fig. 10.8 – Security operations center (SOC) high-level design Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1 0 –
  • 20. A w a re n e s s 20 • A national-level view of security posture will require consideration of the following – Commercial versus government information – Information classification – Agency politics – SOC responsibility Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 1
  • 21. 0 – A w a re n e s s National Awareness Program Sheet1EmployeeStarting SalaryOn Road PctState UnivCIS DegreeStayed 3 YearsTenure13890057%YesYesNo1124230068%YesYesNo5339 80075%NoYesNo2143570029%NoYesYes54040071%NoYesNo 1963640062%NoYesNo1873730041%YesNoYes83660037%NoY esNo1793460065%NoYesNo20104230053%YesYesNo16113780 073%NoYesYes123970060%NoYesNo12133610056%YesYesYe s143610042%YesYesYes153380035%NoYesYes163890036%No YesYes173550050%NoYesNo15183760058%NoYesYes1938100 78%YesYesYes203830016%NoNoYes213460029%NoYesYes22 3630026%NoYesYes233720059%YesYesNo14243770055%Yes YesYes253660045%NoYesNo13264100081%YesYesNo9274080 0111%YesYesNo7283670056%YesYesYes293770056%NoYesN o22303770042%NoYesNo11313930069%YesYesNo1632375005 0%NoYesNo18334000069%YesYesNo9344150064%YesNoNo5 353960072%NoYesNo18363690042%NoYesYes373950062%No YesNo5383780020%NoYesNo23393860057%NoYesNo8404060 070%YesYesYes414160063%YesYesYes424080044%NoNoYes 433620068%NoYesNo31443960059%NoYesNo10453610056%Y