Napier University, profile picture
Uploaded byNapier University
152 views

2. Defence Systems

The document discusses information security, defense mechanisms, and risks. It outlines concepts like data, information, knowledge and wisdom. It describes kill chain models used to investigate security incidents and defenses that use layers like deterrence, detection, protection, reaction, recovery, and auditing. The document also covers risks, costs, benefits, and harm from physical, economic, psychological and reputational impacts.

Embed presentation

Download to read offline
Defence Systems, Policies and Risks “From bits to information”
Outline • Data, Information, Knowledge and Wisdom. • Information Security and Forensic Computing. • Impact and Harm. • Risks, Costs and Benefits. • Kill Chain Models. • Defence Mechanisms. • Defence-in-Depth.
Data to Wisdom Wisdom Knowledge Information Data
Security, Incident Response and Forensic Computing “From bits to information”
Information Security
Investigation • Investigating an intrusion on a system (incident response). This might lead to a criminal prosecution, but most of the time the intrusion is investigated in order to be able to detect it in the future, and to thwart the activities at an early stage. • Investigation of a criminal activity (forensic computing). This might lead to a criminal prosecution, or to thwart the activities in the future. • Investigation of a breach of security policy. This might lead to a disciplinary procedure within an organisation.
Due Care and Due Diligence • With due care, the organisation must make sure that it has taken the correct steps in the creation and implementation of its security policy and in its risk analysis. • Then due diligence relates to the actual operation and maintenance of its security system, especially around vulnerability testing. Thus a company might take due care in analysing and designing their security policy, but not take due diligence in actually proving that it works. It can work the other way, in that a policy might be implemented with due diligence, but the originally creation of the policy has not been properly analysed/designed. It is thus important, in terms of any future liability, that security systems are designed, analysed, implemented and maintained with both due care and due diligence.
Impact and Harm “From bits to information”
Impact and Harm Physical or Digital harm. Economic harm. Psychological harm. Reputational harm. Social and Societal harm.
Risks, Costs and Benefits “From bits to information”
Risks, Costs and Benefits ALE = AV x ARO ALE – Annual Loss Expectancy. AV – Asset Value
Risks, Costs and Benefits
CORAS Ontology
CORAS Risk Management
Kill Chain Model “From bits to information”
Incident Taxonomy
Kill Chain Model
Unified Kill Chain Phases
Unified Kill Chain Model
Defence Mechanisms “From bits to information”
Types of intelligence • begin{itemize} • item Deter. This is where the system is designed and implemented in order to initially deter intruders from attacking the system in the first place. • item Log. This is a key element in modern systems which requires some form of logging system. It is important that the data that is logged does not breach any civil liberties, and is in a form which can be used to enhance the future security of the system. • item Detect. This is where detection agents are placed within the network to detect intrusions, and has methods of tracing the events that occurred in an intrusion, so that it can be used either in a forensic computing investigation, and/or to overcome a future intrusion. Organisations often have many reasons for detecting network traffic. • item Protect. This is where policies are created which protect systems, users and data against attack, and in reducing this potential damage. A key element of this is to protect them against accidental damage, as accidental damage is often more prevalent than non-accidental damage. • item React. This is where a policy is defined which reacts to intrusions, and defines ways to overcome them in the future. Often organisations do not have formal policies for this type of activity, and often rely on ad-hoc arrangements, where the method of reacting to a security breach is created after the event. • item Recover. This is where policies are defined to overcome any system damage, whether it is actual physical damage, the abuse of users; or the damage to data. • item Audit/verify. It is important that the security policy allows for auditing and for the verification that it achieves its requirements. • end{itemize}
Defence in Depth “From bits to information”
Types of intelligence
Types of intelligence
Types of intelligence
Types of intelligence
Types of intelligence
Defence Systems, Policies and Risks “From bits to information”

More Related Content

PPT
Lesson 2- Information Asset Valuation
byMLG College of Learning, Inc
 
PPT
Lesson 3- Effectiveness of IDPS
byMLG College of Learning, Inc
 
PPT
Lesson 1- Information Policy
byMLG College of Learning, Inc
 
PPT
Lesson 3- Fair Approach
byMLG College of Learning, Inc
 
PPTX
Risk Management Approach to Cyber Security
byErnest Staats
 
PPT
Lesson 1
byMLG College of Learning, Inc
 
PPT
Lesson 1 - Introduction
byMLG College of Learning, Inc
 
PPT
Lesson 2
byMLG College of Learning, Inc
 
Lesson 2- Information Asset Valuation
byMLG College of Learning, Inc
 
Lesson 3- Effectiveness of IDPS
byMLG College of Learning, Inc
 
Lesson 1- Information Policy
byMLG College of Learning, Inc
 
Lesson 3- Fair Approach
byMLG College of Learning, Inc
 
Risk Management Approach to Cyber Security
byErnest Staats
 
Lesson 1
byMLG College of Learning, Inc
 
Lesson 1 - Introduction
byMLG College of Learning, Inc
 
Lesson 2
byMLG College of Learning, Inc
 

What's hot

PPT
Lesson 1
byMLG College of Learning, Inc
 
PDF
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
PPT
Lesson 3
byMLG College of Learning, Inc
 
PPT
Lesson 3
byMLG College of Learning, Inc
 
PPT
Lesson 3
byMLG College of Learning, Inc
 
PPSX
Cyber Security Awareness Month 2017- Nugget2
byChinatu Uzuegbu
 
PDF
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
by360 BSI
 
PPT
Lesson 2
byMLG College of Learning, Inc
 
PPSX
Cyber Security Awareness Month 2017-Nugget 3
byChinatu Uzuegbu
 
PPT
Lesson 1 - Technical Controls
byMLG College of Learning, Inc
 
PPT
Lesson 1- Risk Managment
byMLG College of Learning, Inc
 
PPTX
17 info sec_ma_imt_27_2_2012
byRECIPA
 
PPTX
Cybersecurity Priorities and Roadmap: Recommendations to DHS
byJohn Gilligan
 
PPT
Lesson 2
byMLG College of Learning, Inc
 
PPTX
#BCMeeting2019: Rethinking Cybersecurity
byInternational Chamber of Commerce - ICC
 
PPT
Lesson 1
byMLG College of Learning, Inc
 
PPTX
Cissp- Security and Risk Management
byHamed Moghaddam
 
PPT
Isys20261 lecture 01
byWiliam Ferraciolli
 
PPT
Introduction to information security - by Ivan Nganda
bySee You Rise Holdings
 
PPT
Chapter 5
bysivadnolram
 
Lesson 1
byMLG College of Learning, Inc
 
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
Lesson 3
byMLG College of Learning, Inc
 
Lesson 3
byMLG College of Learning, Inc
 
Lesson 3
byMLG College of Learning, Inc
 
Cyber Security Awareness Month 2017- Nugget2
byChinatu Uzuegbu
 
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
by360 BSI
 
Lesson 2
byMLG College of Learning, Inc
 
Cyber Security Awareness Month 2017-Nugget 3
byChinatu Uzuegbu
 
Lesson 1 - Technical Controls
byMLG College of Learning, Inc
 
Lesson 1- Risk Managment
byMLG College of Learning, Inc
 
17 info sec_ma_imt_27_2_2012
byRECIPA
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
byJohn Gilligan
 
Lesson 2
byMLG College of Learning, Inc
 
#BCMeeting2019: Rethinking Cybersecurity
byInternational Chamber of Commerce - ICC
 
Lesson 1
byMLG College of Learning, Inc
 
Cissp- Security and Risk Management
byHamed Moghaddam
 
Isys20261 lecture 01
byWiliam Ferraciolli
 
Introduction to information security - by Ivan Nganda
bySee You Rise Holdings
 
Chapter 5
bysivadnolram
 

Similar to 2. Defence Systems

PPTX
IS Chap 1 by whitman chapter 1 pptx.pptx
bysania82678
 
PPT
Chapter 1 overview
bydr_edw777
 
PPT
Security.ppt
byssuser50c54b
 
PPT
Network Security
byRaymond Jose
 
PPTX
Information security
byRohit Gir
 
PDF
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
byDana Gardner
 
PPTX
Information security: importance of having defined policy & process
byInformation Technology Society Nepal
 
PPT
Risk Assessment And Management
byvikasraina
 
PPT
Chapter003
byJeanie Delos Arcos
 
PPTX
Defense-in-Depth - ITE-Defense-in-Depth - ITE-Defense-in-Depth - ITE.pptx
bysamadyasrah
 
PDF
Stalking the Kill Chain
byEMC
 
PPTX
Information security Chap 1 whitman.pptx
bysania82678
 
PPTX
Introduction to Information Security - Information Security
byabeerqashou1
 
PDF
Unit 1&2.pdf
byNdheh
 
PDF
Describe two methods for communicating the material in an Informatio.pdf
byarchgeetsenterprises
 
PPT
Handout infosec defense-mechanism-y3dips
byAmmar WK
 
PPT
Ch09 Performing Vulnerability Assessments
byInformation Technology
 
PPT
Lecture1 Introduction
byrajakhurram
 
DOCX
Network and web security
byNitesh Saitwal
 
PPTX
Information Security introduction and management.pptx
bydaudevarist18
 
IS Chap 1 by whitman chapter 1 pptx.pptx
bysania82678
 
Chapter 1 overview
bydr_edw777
 
Security.ppt
byssuser50c54b
 
Network Security
byRaymond Jose
 
Information security
byRohit Gir
 
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
byDana Gardner
 
Information security: importance of having defined policy & process
byInformation Technology Society Nepal
 
Risk Assessment And Management
byvikasraina
 
Chapter003
byJeanie Delos Arcos
 
Defense-in-Depth - ITE-Defense-in-Depth - ITE-Defense-in-Depth - ITE.pptx
bysamadyasrah
 
Stalking the Kill Chain
byEMC
 
Information security Chap 1 whitman.pptx
bysania82678
 
Introduction to Information Security - Information Security
byabeerqashou1
 
Unit 1&2.pdf
byNdheh
 
Describe two methods for communicating the material in an Informatio.pdf
byarchgeetsenterprises
 
Handout infosec defense-mechanism-y3dips
byAmmar WK
 
Ch09 Performing Vulnerability Assessments
byInformation Technology
 
Lecture1 Introduction
byrajakhurram
 
Network and web security
byNitesh Saitwal
 
Information Security introduction and management.pptx
bydaudevarist18
 

More from Napier University

PDF
Intrusion Detection Systems
byNapier University
 
PPTX
Networks
byNapier University
 
PPTX
Memory, Big Data and SIEM
byNapier University
 
PPTX
What is Cyber Data?
byNapier University
 
PPTX
Open Source Intelligence
byNapier University
 
PDF
10. Data to Information: NumPy and Pandas
byNapier University
 
PDF
1. Cyber and Intelligence
byNapier University
 
PPTX
The Road Ahead for Ripple, Marjan Delatinne
byNapier University
 
PDF
Delivering The Tel Aviv Stock Exchange Securities, Duncan Johnston-Watt
byNapier University
 
PPTX
ARTiFACTS, Emma Boswood
byNapier University
 
PPTX
RMIT Blockchain Innovation Hub, Chris Berg
byNapier University
 
PPTX
Keynote, Naseem Naqvi
byNapier University
 
PPT
Browser-based Crypto M, C. F Mondschein
byNapier University
 
PPTX
Should we transform or adapt to blockchain - a public sector perspective?, Al...
byNapier University
 
PPTX
IoT device attestation system using blockchain, Alistair Duke
byNapier University
 
PPTX
Robust Programming of Smart Contracts in Solidity+, RK Shyamasundar
byNapier University
 
PDF
Using Blockchain for Evidence Purpose, Rafael Prabucki
byNapier University
 
PPTX
Cryptocurrencies and cyberlaundering- the need for regulation, Gian Marco Bov...
byNapier University
 
PPTX
Emerging Regulatory Approaches to Blockchain-based Token Economy, Agata Fereirra
byNapier University
 
PPTX
P2P Publication Model on Blockchain, Imtiaz Khan
byNapier University
 
Intrusion Detection Systems
byNapier University
 
Networks
byNapier University
 
Memory, Big Data and SIEM
byNapier University
 
What is Cyber Data?
byNapier University
 
Open Source Intelligence
byNapier University
 
10. Data to Information: NumPy and Pandas
byNapier University
 
1. Cyber and Intelligence
byNapier University
 
The Road Ahead for Ripple, Marjan Delatinne
byNapier University
 
Delivering The Tel Aviv Stock Exchange Securities, Duncan Johnston-Watt
byNapier University
 
ARTiFACTS, Emma Boswood
byNapier University
 
RMIT Blockchain Innovation Hub, Chris Berg
byNapier University
 
Keynote, Naseem Naqvi
byNapier University
 
Browser-based Crypto M, C. F Mondschein
byNapier University
 
Should we transform or adapt to blockchain - a public sector perspective?, Al...
byNapier University
 
IoT device attestation system using blockchain, Alistair Duke
byNapier University
 
Robust Programming of Smart Contracts in Solidity+, RK Shyamasundar
byNapier University
 
Using Blockchain for Evidence Purpose, Rafael Prabucki
byNapier University
 
Cryptocurrencies and cyberlaundering- the need for regulation, Gian Marco Bov...
byNapier University
 
Emerging Regulatory Approaches to Blockchain-based Token Economy, Agata Fereirra
byNapier University
 
P2P Publication Model on Blockchain, Imtiaz Khan
byNapier University
 

Recently uploaded

PPTX
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
PPTX
Math 8 Quarter 4 Week 3 PRIMARY DATA.pptx
byshahanieabbat3
 
PPTX
ELIMINATION NEEDS Fundamentals of Nursing .pptx
bySonali Gupta
 
PPTX
Math 8 Quarter 4 Week 4-SECONDARY DATA.pptx
byshahanieabbat3
 
PPTX
Fluorimetric Analysis- Theory, Instrumentation and Application
bySayali Powar
 
PDF
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
PDF
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
PDF
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
PPTX
How to Manage Reservation Method in Odoo 18 Inventory
byCeline George
 
PDF
Bones by Sadu Kassam (play) story ppt pdf
byRonnieMaeBorres
 
PPTX
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
PPTX
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
PPTX
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
PDF
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
PDF
java full stack programming and interview questions
byrajuashokit
 
PPTX
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
PDF
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
PDF
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
PPTX
How to Change Shipping Label Size in Odoo 18 Inventory
byCeline George
 
PPTX
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
Math 8 Quarter 4 Week 3 PRIMARY DATA.pptx
byshahanieabbat3
 
ELIMINATION NEEDS Fundamentals of Nursing .pptx
bySonali Gupta
 
Math 8 Quarter 4 Week 4-SECONDARY DATA.pptx
byshahanieabbat3
 
Fluorimetric Analysis- Theory, Instrumentation and Application
bySayali Powar
 
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
How to Manage Reservation Method in Odoo 18 Inventory
byCeline George
 
Bones by Sadu Kassam (play) story ppt pdf
byRonnieMaeBorres
 
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
java full stack programming and interview questions
byrajuashokit
 
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
How to Change Shipping Label Size in Odoo 18 Inventory
byCeline George
 
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 

2. Defence Systems

  • 1.
    Defence Systems, Policies andRisks “From bits to information”
  • 2.
    Outline • Data, Information,Knowledge and Wisdom. • Information Security and Forensic Computing. • Impact and Harm. • Risks, Costs and Benefits. • Kill Chain Models. • Defence Mechanisms. • Defence-in-Depth.
  • 3.
  • 4.
  • 5.
  • 6.
    Investigation • Investigating anintrusion on a system (incident response). This might lead to a criminal prosecution, but most of the time the intrusion is investigated in order to be able to detect it in the future, and to thwart the activities at an early stage. • Investigation of a criminal activity (forensic computing). This might lead to a criminal prosecution, or to thwart the activities in the future. • Investigation of a breach of security policy. This might lead to a disciplinary procedure within an organisation.
  • 7.
    Due Care andDue Diligence • With due care, the organisation must make sure that it has taken the correct steps in the creation and implementation of its security policy and in its risk analysis. • Then due diligence relates to the actual operation and maintenance of its security system, especially around vulnerability testing. Thus a company might take due care in analysing and designing their security policy, but not take due diligence in actually proving that it works. It can work the other way, in that a policy might be implemented with due diligence, but the originally creation of the policy has not been properly analysed/designed. It is thus important, in terms of any future liability, that security systems are designed, analysed, implemented and maintained with both due care and due diligence.
  • 8.
    Impact and Harm “Frombits to information”
  • 9.
    Impact and Harm Physicalor Digital harm. Economic harm. Psychological harm. Reputational harm. Social and Societal harm.
  • 10.
    Risks, Costs and Benefits “Frombits to information”
  • 11.
    Risks, Costs andBenefits ALE = AV x ARO ALE – Annual Loss Expectancy. AV – Asset Value
  • 12.
  • 13.
  • 14.
  • 15.
    Kill Chain Model “Frombits to information”
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
    Types of intelligence •begin{itemize} • item Deter. This is where the system is designed and implemented in order to initially deter intruders from attacking the system in the first place. • item Log. This is a key element in modern systems which requires some form of logging system. It is important that the data that is logged does not breach any civil liberties, and is in a form which can be used to enhance the future security of the system. • item Detect. This is where detection agents are placed within the network to detect intrusions, and has methods of tracing the events that occurred in an intrusion, so that it can be used either in a forensic computing investigation, and/or to overcome a future intrusion. Organisations often have many reasons for detecting network traffic. • item Protect. This is where policies are created which protect systems, users and data against attack, and in reducing this potential damage. A key element of this is to protect them against accidental damage, as accidental damage is often more prevalent than non-accidental damage. • item React. This is where a policy is defined which reacts to intrusions, and defines ways to overcome them in the future. Often organisations do not have formal policies for this type of activity, and often rely on ad-hoc arrangements, where the method of reacting to a security breach is created after the event. • item Recover. This is where policies are defined to overcome any system damage, whether it is actual physical damage, the abuse of users; or the damage to data. • item Audit/verify. It is important that the security policy allows for auditing and for the verification that it achieves its requirements. • end{itemize}
  • 22.
    Defence in Depth “Frombits to information”
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
    Defence Systems, Policies andRisks “From bits to information”