This document discusses cyber attacks and defense strategies. It analyzes DDoS attacks and motivations for cyber attacks such as political, social, business, and personal reasons. It examines cyber warfare cases involving Afghanistan and China. The US, Russia, China, Iran and North Korea are compared in terms of their cyber offense, dependence and defense capabilities. Botnets, bot markets, and math calculations are reviewed to understand the economics of DDoS attacks. Finally, defensive strategies are proposed such as firewall rules, protocol rate limiting, and developing unique algorithms to defend against unique attack patterns.
This document discusses various cybersecurity case studies including network security, data loss prevention, cloud security, intrusion detection systems, ransomware, remote access trojans, and data breaches involving Facebook, Google, WhatsApp, and Wells Fargo. It examines the technical aspects of these security issues and potential discussion points around topics like trust, transparency, data usage, privacy, and responses to security incidents.
The document discusses ethical hacking and provides information on:
- What ethical hacking is and the difference between ethical and non-ethical hacking
- The need for security and what an ethical hacker does such as testing vulnerabilities with permission
- Types of ethical hacks including remote network hacking, social engineering, and wireless network testing
- Applications that can benefit from ethical hacking like web applications and resources used like routers and firewalls
- Ways to conduct an ethical hack including IP hacking and port scanning to identify vulnerabilities
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
The document summarizes key aspects of policy enforcement for cyber security including critical infrastructure protection, e-governance initiatives, the roles and training frequencies for different user types, and an overview of India's National Cyber Security Policy from 2013. It discusses threats like the Target and Google incidents and how interconnectivity increases vulnerability which policy aims to address through awareness training tailored to roles like privileged users, normal users and administrators.
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfHaris Chughtai
Course is designed for those who are willing to write ISC2 CC (Certified in Cybersecurity) exam and not sure where to start and how to move forward.
Course is designed in two parts, this is part 2 which focuses on each of the ISC2 CC domain. At the end of the course , it suggest the additional reference study that could help to pass the exam in first attempt. Part 1 is focused more on course outline, exam registration using free vouchers & necessary precautions to avoid exam day issues.
There are hyperlinks in the deck for quick access to useful information, you will have to download it to have links available to you.
This document discusses cyber attacks and defense strategies. It analyzes DDoS attacks and motivations for cyber attacks such as political, social, business, and personal reasons. It examines cyber warfare cases involving Afghanistan and China. The US, Russia, China, Iran and North Korea are compared in terms of their cyber offense, dependence and defense capabilities. Botnets, bot markets, and math calculations are reviewed to understand the economics of DDoS attacks. Finally, defensive strategies are proposed such as firewall rules, protocol rate limiting, and developing unique algorithms to defend against unique attack patterns.
This document discusses various cybersecurity case studies including network security, data loss prevention, cloud security, intrusion detection systems, ransomware, remote access trojans, and data breaches involving Facebook, Google, WhatsApp, and Wells Fargo. It examines the technical aspects of these security issues and potential discussion points around topics like trust, transparency, data usage, privacy, and responses to security incidents.
The document discusses ethical hacking and provides information on:
- What ethical hacking is and the difference between ethical and non-ethical hacking
- The need for security and what an ethical hacker does such as testing vulnerabilities with permission
- Types of ethical hacks including remote network hacking, social engineering, and wireless network testing
- Applications that can benefit from ethical hacking like web applications and resources used like routers and firewalls
- Ways to conduct an ethical hack including IP hacking and port scanning to identify vulnerabilities
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
The document summarizes key aspects of policy enforcement for cyber security including critical infrastructure protection, e-governance initiatives, the roles and training frequencies for different user types, and an overview of India's National Cyber Security Policy from 2013. It discusses threats like the Target and Google incidents and how interconnectivity increases vulnerability which policy aims to address through awareness training tailored to roles like privileged users, normal users and administrators.
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfHaris Chughtai
Course is designed for those who are willing to write ISC2 CC (Certified in Cybersecurity) exam and not sure where to start and how to move forward.
Course is designed in two parts, this is part 2 which focuses on each of the ISC2 CC domain. At the end of the course , it suggest the additional reference study that could help to pass the exam in first attempt. Part 1 is focused more on course outline, exam registration using free vouchers & necessary precautions to avoid exam day issues.
There are hyperlinks in the deck for quick access to useful information, you will have to download it to have links available to you.
The document discusses various cybersecurity attack vectors and how organizations can protect themselves. It outlines common attack methods like ransomware, malicious code delivery, social engineering, and phishing. It then recommends that organizations conduct regular security audits, establish governance policies, create an incident response plan, and provide cybersecurity education to employees. The document promotes cybersecurity services from Future Point of View including vulnerability testing, forensics, and training to help organizations enhance their protections.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
This presentation looks at the core component of an Incident Response plan (NIST 800-61) as well as custom practical implementation framework developed by ELYSIUMSECURITY based on NIST and FIRST.
( ** Cyber Security Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka PPT on "Penetration Testing" will help you understand all about penetration testing, its methodologies, and tools. Below is the list of topics covered in this session:
What is Penetration Testing?
Phases of Penetration Testing
Penetration Testing Types
Penetration Testing Tools
How to perform Penetration Testing on Kali Linux?
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
This document discusses Manning InfoSec's strategy and key considerations. It begins with an agenda covering an open discussion on drivers, challenges, the evolving infosec role, responsibilities, and concluding with a bigger picture view. Key points discussed include adopting a risk-based approach, infosec being a board responsibility, recognizing responsibilities like protecting information assets, and presenting a global cybersecurity landscape map. The document advocates developing a security strategy that keeps things simple, is endorsed by management, and takes a proactive, risk-based approach to infosec efforts.
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "Cybersecurity Fundamentals" will introduce you to the world of cybersecurity and talks about its basic concepts. Below is the list of topics covered in this session:
Need for cybersecurity
What is cybersecurity
Fundamentals of cybersecurity
Cyberattack Incident
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
This document provides an overview of cyber security and discusses recent issues in India. It begins with definitions of cyberspace and discusses the rapid growth of internet connectivity globally and in India. It then covers cyber security challenges, the evolution of threats, and recent cyber attacks impacting India. The document concludes with 10 steps for organizations to improve cyber security, such as network security, malware protection, user education, and information risk management.
The document outlines India's 2013 National Cyber Security Policy. The policy aims to build a secure cyber ecosystem in India by protecting information infrastructure, reducing cyber threats and vulnerabilities, and developing cyber security capabilities. It identifies strategic objectives and approaches across areas such as creating assurance frameworks, strengthening regulatory structures, developing threat monitoring and response mechanisms, securing e-governance, protecting critical infrastructure, fostering research and workforce development, and enhancing domestic and international cooperation. The overarching goal is to secure cyberspace for citizens, businesses and the government of India.
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
The document discusses using an attacker's tactics and techniques to design effective cybersecurity defenses. It provides examples of mapping security controls and tools to different stages of common attack models like the Lockheed Martin Kill Chain. This allows an organization to see where in the attack cycle they have visibility and can disrupt threats. The document advocates taking a strategic, intelligence-driven approach to cyber defense by understanding adversaries' full operations in order to implement controls earlier in the attack cycle.
The document provides an overview of the course on Cyber Security for B.Tech III Year students. It includes 5 units that will be covered: Introduction to Cyber Security, Cyberspace and the Law & Cyber Forensics, Cybercrime focusing on mobile devices, Cyber Security's organizational implications, and Privacy Issues. The objectives are to understand cyber attacks and laws, risks within cyber security, an overview of cyber forensics, and defensive techniques against attacks. It also lists two textbooks and two references that will be used.
The document discusses the need for cyber security courses to protect internet-enabled computer systems from cyber threats. It outlines types of cyber crimes and provides statistics on recent cyber incidents in India. It also discusses career opportunities in cyber security and introduces a post-graduate diploma program in cyber security designed by Ankit Fadia to train professionals to meet the growing demand for cyber security experts.
This document provides an introduction to cybercrime, including definitions of key terms, classifications of cybercrimes, and descriptions of common cybercrime activities. It defines cybercrime as illegal activities that target computer systems and data. Cybercrimes are categorized as those against individuals, property, organizations, and society. Examples include phishing, spamming, hacking, software piracy, and cyberterrorism. Cybercriminals are also classified as those seeking recognition, financial gain, or insider revenge.
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
Cyber security is becoming increasingly relevant within the insurance industry to the degree, that the National Association of Insurance Commissioners (NAIC) named it as the key initiative for 2015.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Kandarp Shah has over 10 years of experience in information security consulting. The presentation aims to educate students about technology, internet, and cyber crimes as well as preventative measures. Cyber crime refers to criminal acts using computers and the internet. Motivations for cyber crimes include money, curiosity, revenge, and praise. Cyber crimes are increasing due to greater internet and smartphone use. Common cyber crimes discussed include cyber pornography, identity theft, email spoofing, intellectual property crimes, and cyber defamation.
Sneha Chauhan presented on cyber crime and security techniques. The presentation discussed how the growth of the internet in India has led to new opportunities but also disadvantages like cyber crime. Several types of cyber crimes were defined, including hacking, denial of service attacks, and software piracy. The presentation provided safety tips to prevent cyber crime and outlined cyber security techniques such as using antivirus software, firewalls, and maintaining backups. It also discussed public key cryptography and private key cryptography.
The document discusses the cyber kill chain framework, which outlines the stages of a cyber attack: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on target. It describes how Panda Adaptive Defense addresses each stage of the cyber kill chain at the endpoint level to prevent, detect, and respond to threats throughout the attack lifecycle. Specifically, it uses techniques like known malware prevention, advanced malware detection, dynamic exploit detection, mitigation, remediation, and forensics to stop attacks across the various stages.
This document provides an overview of cyber weapons. It defines cyber weapons as computer code used to threaten or cause harm to systems or living beings. Cyber weapons have two components - a penetration component to gain access to targeted systems, and a payload component to achieve intended effects like data destruction. Characteristics of cyber weapons include their dual-use nature for intelligence and attacks, difficulty in attribution, and potential for unintended consequences. The document discusses various definitions of cyber weapons and elements that comprise cyber weapons like vulnerabilities, exploits, and propagation methods. It also outlines the unique features of cyber weapons in cyberspace.
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
The document discusses cybersecurity threats and issues. It notes that many nations and non-state actors now have sophisticated cyber capabilities, and that cyber attacks are becoming more advanced, targeted, and potentially damaging. The document warns that nations are increasingly dependent on digital networks and systems, so major cyber attacks could significantly disrupt economies and undermine confidence in digital systems and services.
The document discusses various cybersecurity attack vectors and how organizations can protect themselves. It outlines common attack methods like ransomware, malicious code delivery, social engineering, and phishing. It then recommends that organizations conduct regular security audits, establish governance policies, create an incident response plan, and provide cybersecurity education to employees. The document promotes cybersecurity services from Future Point of View including vulnerability testing, forensics, and training to help organizations enhance their protections.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
This presentation looks at the core component of an Incident Response plan (NIST 800-61) as well as custom practical implementation framework developed by ELYSIUMSECURITY based on NIST and FIRST.
( ** Cyber Security Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka PPT on "Penetration Testing" will help you understand all about penetration testing, its methodologies, and tools. Below is the list of topics covered in this session:
What is Penetration Testing?
Phases of Penetration Testing
Penetration Testing Types
Penetration Testing Tools
How to perform Penetration Testing on Kali Linux?
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
This document discusses Manning InfoSec's strategy and key considerations. It begins with an agenda covering an open discussion on drivers, challenges, the evolving infosec role, responsibilities, and concluding with a bigger picture view. Key points discussed include adopting a risk-based approach, infosec being a board responsibility, recognizing responsibilities like protecting information assets, and presenting a global cybersecurity landscape map. The document advocates developing a security strategy that keeps things simple, is endorsed by management, and takes a proactive, risk-based approach to infosec efforts.
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "Cybersecurity Fundamentals" will introduce you to the world of cybersecurity and talks about its basic concepts. Below is the list of topics covered in this session:
Need for cybersecurity
What is cybersecurity
Fundamentals of cybersecurity
Cyberattack Incident
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
This document provides an overview of cyber security and discusses recent issues in India. It begins with definitions of cyberspace and discusses the rapid growth of internet connectivity globally and in India. It then covers cyber security challenges, the evolution of threats, and recent cyber attacks impacting India. The document concludes with 10 steps for organizations to improve cyber security, such as network security, malware protection, user education, and information risk management.
The document outlines India's 2013 National Cyber Security Policy. The policy aims to build a secure cyber ecosystem in India by protecting information infrastructure, reducing cyber threats and vulnerabilities, and developing cyber security capabilities. It identifies strategic objectives and approaches across areas such as creating assurance frameworks, strengthening regulatory structures, developing threat monitoring and response mechanisms, securing e-governance, protecting critical infrastructure, fostering research and workforce development, and enhancing domestic and international cooperation. The overarching goal is to secure cyberspace for citizens, businesses and the government of India.
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
The document discusses using an attacker's tactics and techniques to design effective cybersecurity defenses. It provides examples of mapping security controls and tools to different stages of common attack models like the Lockheed Martin Kill Chain. This allows an organization to see where in the attack cycle they have visibility and can disrupt threats. The document advocates taking a strategic, intelligence-driven approach to cyber defense by understanding adversaries' full operations in order to implement controls earlier in the attack cycle.
The document provides an overview of the course on Cyber Security for B.Tech III Year students. It includes 5 units that will be covered: Introduction to Cyber Security, Cyberspace and the Law & Cyber Forensics, Cybercrime focusing on mobile devices, Cyber Security's organizational implications, and Privacy Issues. The objectives are to understand cyber attacks and laws, risks within cyber security, an overview of cyber forensics, and defensive techniques against attacks. It also lists two textbooks and two references that will be used.
The document discusses the need for cyber security courses to protect internet-enabled computer systems from cyber threats. It outlines types of cyber crimes and provides statistics on recent cyber incidents in India. It also discusses career opportunities in cyber security and introduces a post-graduate diploma program in cyber security designed by Ankit Fadia to train professionals to meet the growing demand for cyber security experts.
This document provides an introduction to cybercrime, including definitions of key terms, classifications of cybercrimes, and descriptions of common cybercrime activities. It defines cybercrime as illegal activities that target computer systems and data. Cybercrimes are categorized as those against individuals, property, organizations, and society. Examples include phishing, spamming, hacking, software piracy, and cyberterrorism. Cybercriminals are also classified as those seeking recognition, financial gain, or insider revenge.
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
Cyber security is becoming increasingly relevant within the insurance industry to the degree, that the National Association of Insurance Commissioners (NAIC) named it as the key initiative for 2015.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Kandarp Shah has over 10 years of experience in information security consulting. The presentation aims to educate students about technology, internet, and cyber crimes as well as preventative measures. Cyber crime refers to criminal acts using computers and the internet. Motivations for cyber crimes include money, curiosity, revenge, and praise. Cyber crimes are increasing due to greater internet and smartphone use. Common cyber crimes discussed include cyber pornography, identity theft, email spoofing, intellectual property crimes, and cyber defamation.
Sneha Chauhan presented on cyber crime and security techniques. The presentation discussed how the growth of the internet in India has led to new opportunities but also disadvantages like cyber crime. Several types of cyber crimes were defined, including hacking, denial of service attacks, and software piracy. The presentation provided safety tips to prevent cyber crime and outlined cyber security techniques such as using antivirus software, firewalls, and maintaining backups. It also discussed public key cryptography and private key cryptography.
The document discusses the cyber kill chain framework, which outlines the stages of a cyber attack: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on target. It describes how Panda Adaptive Defense addresses each stage of the cyber kill chain at the endpoint level to prevent, detect, and respond to threats throughout the attack lifecycle. Specifically, it uses techniques like known malware prevention, advanced malware detection, dynamic exploit detection, mitigation, remediation, and forensics to stop attacks across the various stages.
This document provides an overview of cyber weapons. It defines cyber weapons as computer code used to threaten or cause harm to systems or living beings. Cyber weapons have two components - a penetration component to gain access to targeted systems, and a payload component to achieve intended effects like data destruction. Characteristics of cyber weapons include their dual-use nature for intelligence and attacks, difficulty in attribution, and potential for unintended consequences. The document discusses various definitions of cyber weapons and elements that comprise cyber weapons like vulnerabilities, exploits, and propagation methods. It also outlines the unique features of cyber weapons in cyberspace.
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
The document discusses cybersecurity threats and issues. It notes that many nations and non-state actors now have sophisticated cyber capabilities, and that cyber attacks are becoming more advanced, targeted, and potentially damaging. The document warns that nations are increasingly dependent on digital networks and systems, so major cyber attacks could significantly disrupt economies and undermine confidence in digital systems and services.
The document outlines the Department of Defense's strategy for operating in cyberspace. It discusses 5 strategic initiatives: 1) treating cyberspace as an operational domain; 2) employing new defense operating concepts like active cyber defense and network resilience; 3) partnering with other government agencies and the private sector; 4) building international partnerships; and 5) leveraging innovation through cyber workforce development. The strategy aims to organize, train, and equip DoD to operate effectively in cyberspace while addressing growing cyber threats from state and non-state actors.
The document outlines the Department of Defense's strategy for operating in cyberspace. It discusses 5 strategic initiatives: 1) treating cyberspace as an operational domain; 2) employing new defense operating concepts like active cyber defense and network resilience; 3) partnering with other government agencies and the private sector; 4) building international partnerships; and 5) leveraging innovation through cyber workforce development. The strategy aims to organize, train, and equip DoD to operate effectively in cyberspace while addressing growing cyber threats from state and non-state actors.
The document outlines the Department of Defense's strategy for operating in cyberspace. It discusses 5 strategic initiatives: 1) treating cyberspace as an operational domain; 2) employing new defense operating concepts like active cyber defense and network resilience; 3) partnering with other government agencies and the private sector; 4) building international partnerships; and 5) developing an exceptional cyber workforce through training and innovation. The strategy aims to help the DoD organize for, defend, and leverage opportunities in cyberspace while managing threats from state and non-state actors.
This document discusses cyber security cooperation and threats. It outlines that cyber security requires shared solutions as threats know no borders. Cyber crimes include illegal access, interception of data, system interference, and fraud. Threats include cyber terrorism, radicalization, risks to financial institutions, transportation, military capacity, and governance. Areas of cooperation include information sharing, responding to incidents and crime, establishing international frameworks, and awareness raising. Military cooperation could include sharing skills in offensive and defensive attacks as well as intelligence. Cooperation between countries is needed to address these ongoing cyber security challenges.
Microsoft Digital Defense Executive Summary-2022Kevin Fream
Microsoft published its 2022 Digital Defense Report which analyzes the evolving cyber threat landscape. The report found that cybercriminals and nation state actors have increased the sophistication of their attacks, greatly impacting targets. Nation state actors are launching increasingly advanced cyberattacks to further strategic priorities, while cybercriminals act as sophisticated profit enterprises adapting their techniques. The conflict in Ukraine marked the beginning of a new era of hybrid warfare combining physical and digital attacks. The report provides insights into cybercrime trends, nation state threats, vulnerabilities in devices and infrastructure, influence operations, and improving cyber resilience.
This document discusses cyber security in the era of networking. It covers several topics including types of cyber attacks like denial of service attacks and spoofing; threats like criminals, spies, and terrorists; vulnerabilities from insiders and supply chains; risks existing everywhere networked systems are used; and approaches to cyber crisis planning, mobile security, threat intelligence, next generation firewalls, access controls, surveillance, security awareness, and conclusions. Research areas discussed include scalable trustworthy systems, malware combating, and privacy-aware security.
Microsoft Digital Defense Report 2022.pdfNirenj George
The document is Microsoft's 2022 Digital Defense Report which provides an overview of the cyber threat landscape based on Microsoft's data and insights from July 2021 through June 2022. It covers topics like the state of cybercrime, nation state threats, devices and infrastructure vulnerabilities, cyber influence operations, and cyber resilience. The introduction notes the significant increase in sophisticated cyberattacks by both cybercriminals and nation states, and the importance of cybersecurity best practices and partnerships to improve the security of the digital ecosystem.
Cyber Operations in Smart Megacities: TechNet Augusta 2015AFCEA International
The document discusses plans for using a miniature city infrastructure called "CyberCity" to train cyber warriors. It describes CyberCity as a 1:87 scale physical model incorporating elements like a power grid, transportation systems and buildings that can be remotely controlled for offensive and defensive cyber missions. The goal is to demonstrate the kinetic impact of cyber attacks in a hands-on way and help trainees recognize real-world consequences. Initial missions discussed include disabling enemy weapons and manipulating traffic to support first responders. The document recommends starting with simpler missions and expanding complexity over time.
talks about the present status of the cyber security in India. The policy of cyber security is also discussed. the general principles of the cyber security is highlighted.
Legal position of cyber security and instances of breach of information technology code is also discussed.
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...cyberprosocial
With the digital world becoming an essential aspect of our connected environment, there is always a risk of cyberattacks. The phrase "CyberAttacks" refers to a broad category of malevolent actions directed towards computer networks
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INFORMATION SYSTEMS 1
Security and safety of the power grid and its related computer information systems
Name of the student:
Name of the institution:
There have been increased use and application of information and communication technologies in most of critical infrastructures and departments of the government. They have proved to be fundamentally significant in helping the various departments to carry out their daily activities with a lot of ease and proficiency. However, these systems have also opened quite a considerable unforeseen opportunity both positive and negative. The infrastructures have become highly efficient and flexible and this has been very beneficial to the people. On the other hand, there have been persistent problems with cybercrimes and hackers who have outsmarted the government and the set securities protocols every now and then. This has made the state lose billions of dollars in a theft of its secrets and high-level information. In this case, it is right to analyze all the general impacts that can be put in place to prevent cybercrimes as well as threats. It is hence important to validate all the necessary measures that need to be put in place in every organization. The paper will hence give recommendations that can help the named organization solve the issues mentioned.
To address this issue, proper precautions needs to be put in place. The government has to demonstrate preparedness in combating this crime both in terms of systems put in place and also the legal jurisprudence (Higgins, 2016). The US power grid system is an interconnected system that is made up of power generation, transmissions software, and its distribution with a capacity to bring down the whole economy if not well protected. The nation's department of defense (DoD) is one of the most critical and sensitive institutions that can paralyze the state if tampered with by unscrupulous individuals. The situation is even worse if there is an advanced persistent threat (APT) against computers and software that operates the western interconnection power grid. This needs an urgent measure to remove the threat immediately and avoid its reoccurrence. We recommend the following security and safety of the power grid and its related computer information systems are taken by the concerned departments:
a. Creation of a special branch that is specifically dedicated to cyber security
It is high time for the government to come up with a special branch of the military personnel that will be dedicated to fighting cybercrimes (Higgins, 2016). Its main function will be to detect cybercrime activities, to develop mechanisms to prevent cybercrimes, apprehend, arrest and align cyber criminals in a court of law.
b. Creation of special court to determine cybercrime cases
Security and safety of the power grid and its related computer information systems and those crimes associated w.
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxstilliegeorgiana
Project 4: Threat Analysis and Exploitation
Transcript (background):
You are part of a collaborative team that was created to address cyber threats and exploitation of US financial systems critical infrastructure. Your team has been assembled by the White House Cyber National security staff to provide situational awareness about a current network breach and cyber attack against several financial service institutions. Your team consists of four roles, a representative from the financial services sector who has discovered the network breach and the cyber attacks. These attacks include distributed denial of service attacks, DDOS, web defacements, sensitive data exfiltration, and other attack vectors typical of this nation state actor. A representative from law enforcement who has provided additional evidence of network attacks found using network defense tools. A representative from the intelligence agency who has identified the nation state actor from numerous public and government provided threat intelligence reports. This representative will provide threat intelligence on the tools, techniques, and procedures of this nation state actor. A representative from the Department of Homeland Security who will provide the risk, response, and recovery actions taken as a result of this cyber threat. Your team will have to provide education and security awareness to the financial services sector about the threats, vulnerabilities, risks, and risk mitigation and remediation procedures to be implemented to maintain a robust security posture. Finally, your team will take the lessons learned from this cyber incident and share that knowledge with the rest of the cyber threat analysis community. At the end of the response to this cyber incident, your team will provide two deliverables, a situational analysis report, or SAR, to the White House Cyber National security staff and an After Action Report and lesson learned to the cyber threat analyst community.
Step 2: Assessing Suspicious Activity
Your team is assembled and you have a plan. It's time to get to work. You have a suite of tools at your disposal from your work in Project 1, Project 2, and Project 3, which can be used together to create a full common operating picture of the cyber threats and vulnerabilities that are facing the US critical infrastructure.
To be completed by all team members: Leverage the network security skills of using port scans, network scanning tools, and analyzing Wireshark files, to assess any suspicious network activity and network vulnerabilities.
Step 3: The Financial Sector
To be completed by the Financial Services Representative: Provide a description of the impact the threat would have on the financial services sector. These impact statements can include the loss of control of the systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the financial ...
While traditional cybersecurity defenses focus on prevention, there are many vulnerabilities and potential attacks against weapon systems. While weapon systems are more software dependent and networked than ever before, cybersecurity has not always been prioritized with regards to weapon systems acquisition.
Threat actors have advanced in their sophistication as they are well-resourced and highly skilled, oftentimes gathering detailed knowledge of the systems they want to attack. Ensuring stronger detection methods is imperative, but because these types of threats are very targeted and advanced, agencies need the capability to proactively hunt.
This document provides a briefing on cyberwarfare. It begins with definitions of cyber, warfare, and cyberwarfare. It then discusses three recent cyberwarfare events: 1) Russia attacking Georgia in 2008 through DDoS and hacking, 2) An unknown agency attacking US military networks in 2008 through an infected USB drive, and 3) An unknown attacker (allegedly Israel) targeting Iran's nuclear facilities in 2010 through the Stuxnet virus. It analyzes the impacts and countermeasures for each event. Finally, it concludes with questions around regulating cyber groups and establishing protocols for cyberweapons.
This document presents a roadmap for cybersecurity research with the goal of addressing critical vulnerabilities and protecting systems and infrastructure. It identifies 11 hard problem areas that require research investment, including scalable trustworthy systems, enterprise metrics, combating insider threats and malware, identity management, system survivability, and privacy-aware security. For each problem area, the roadmap outlines needs, gaps in research, and a proposed research agenda to address issues in the near, medium and long term through government-funded R&D efforts. It aims to help secure current systems while getting ahead of adversaries through next-generation technologies.
Similar to Case studies in cybersecurity strategies (20)
1) The document discusses acquiring and analyzing RAM dumps from suspect systems to gather forensic evidence for use in court.
2) It describes RAM acquisition methods like live acquisition, hibernation, and using a RAM acquisition OS. It also discusses verifying RAM dumps through hashing.
3) General analysis methods discussed include using hex editors and string/grep searches to look for artifacts in RAW RAM dumps. Advanced methods parse OS structures to recover more system state information.
The document discusses the future of work and challenges in cybersecurity. It notes that a skills gap exists where job seekers lack the competencies demanded by employers, and this gap will likely worsen with increased automation. Specifically, there are over 3.5 million unfilled cybersecurity jobs due to many seeking work in the field falling short of employers' standards of competence, especially in areas of personal effectiveness.
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfBen Linders
Psychological safety in teams is important; team members must feel safe and able to communicate and collaborate effectively to deliver value. It’s also necessary to build long-lasting teams since things will happen and relationships will be strained.
But, how safe is a team? How can we determine if there are any factors that make the team unsafe or have an impact on the team’s culture?
In this mini-workshop, we’ll play games for psychological safety and team culture utilizing a deck of coaching cards, The Psychological Safety Cards. We will learn how to use gamification to gain a better understanding of what’s going on in teams. Individuals share what they have learned from working in teams, what has impacted the team’s safety and culture, and what has led to positive change.
Different game formats will be played in groups in parallel. Examples are an ice-breaker to get people talking about psychological safety, a constellation where people take positions about aspects of psychological safety in their team or organization, and collaborative card games where people work together to create an environment that fosters psychological safety.
This presentation by OECD, OECD Secretariat, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...Suzanne Lagerweij
This is a workshop about communication and collaboration. We will experience how we can analyze the reasons for resistance to change (exercise 1) and practice how to improve our conversation style and be more in control and effective in the way we communicate (exercise 2).
This session will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
Abstract:
Let’s talk about powerful conversations! We all know how to lead a constructive conversation, right? Then why is it so difficult to have those conversations with people at work, especially those in powerful positions that show resistance to change?
Learning to control and direct conversations takes understanding and practice.
We can combine our innate empathy with our analytical skills to gain a deeper understanding of complex situations at work. Join this session to learn how to prepare for difficult conversations and how to improve our agile conversations in order to be more influential without power. We will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
In the session you will experience how preparing and reflecting on your conversation can help you be more influential at work. You will learn how to communicate more effectively with the people needed to achieve positive change. You will leave with a self-revised version of a difficult conversation and a practical model to use when you get back to work.
Come learn more on how to become a real influencer!
This presentation by Nathaniel Lane, Associate Professor in Economics at Oxford University, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
This presentation by Juraj Čorba, Chair of OECD Working Party on Artificial Intelligence Governance (AIGO), was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
The importance of sustainable and efficient computational practices in artificial intelligence (AI) and deep learning has become increasingly critical. This webinar focuses on the intersection of sustainability and AI, highlighting the significance of energy-efficient deep learning, innovative randomization techniques in neural networks, the potential of reservoir computing, and the cutting-edge realm of neuromorphic computing. This webinar aims to connect theoretical knowledge with practical applications and provide insights into how these innovative approaches can lead to more robust, efficient, and environmentally conscious AI systems.
Webinar Speaker: Prof. Claudio Gallicchio, Assistant Professor, University of Pisa
Claudio Gallicchio is an Assistant Professor at the Department of Computer Science of the University of Pisa, Italy. His research involves merging concepts from Deep Learning, Dynamical Systems, and Randomized Neural Systems, and he has co-authored over 100 scientific publications on the subject. He is the founder of the IEEE CIS Task Force on Reservoir Computing, and the co-founder and chair of the IEEE Task Force on Randomization-based Neural Networks and Learning Systems. He is an associate editor of IEEE Transactions on Neural Networks and Learning Systems (TNNLS).
XP 2024 presentation: A New Look to Leadershipsamililja
Presentation slides from XP2024 conference, Bolzano IT. The slides describe a new view to leadership and combines it with anthro-complexity (aka cynefin).
This presentation by Yong Lim, Professor of Economic Law at Seoul National University School of Law, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by Professor Alex Robson, Deputy Chair of Australia’s Productivity Commission, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Carrer goals.pptx and their importance in real lifeartemacademy2
Career goals serve as a roadmap for individuals, guiding them toward achieving long-term professional aspirations and personal fulfillment. Establishing clear career goals enables professionals to focus their efforts on developing specific skills, gaining relevant experience, and making strategic decisions that align with their desired career trajectory. By setting both short-term and long-term objectives, individuals can systematically track their progress, make necessary adjustments, and stay motivated. Short-term goals often include acquiring new qualifications, mastering particular competencies, or securing a specific role, while long-term goals might encompass reaching executive positions, becoming industry experts, or launching entrepreneurial ventures.
Moreover, having well-defined career goals fosters a sense of purpose and direction, enhancing job satisfaction and overall productivity. It encourages continuous learning and adaptation, as professionals remain attuned to industry trends and evolving job market demands. Career goals also facilitate better time management and resource allocation, as individuals prioritize tasks and opportunities that advance their professional growth. In addition, articulating career goals can aid in networking and mentorship, as it allows individuals to communicate their aspirations clearly to potential mentors, colleagues, and employers, thereby opening doors to valuable guidance and support. Ultimately, career goals are integral to personal and professional development, driving individuals toward sustained success and fulfillment in their chosen fields.
This presentation by Tim Capel, Director of the UK Information Commissioner’s Office Legal Service, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
2. 1. The Spectrum of Cyberwarfare
2. Offensive Cyber Operations
3. The ART of Defense
4. A comparative studies of nation states capabilities
PLAN
2
3. Key definitions :
Cyberwarfare :
A set of strategies used by a nation state actor or organization aimed at attacking countries
information systems infrastructure with the intention of disrupting , damaging or destroying.
Cyberwar :
The act of waging war on a nation state or organization to achieve a strategic political , economic or
ideological objective.
Cybersecurity strategy :
A high-level plan that defines how an organization or nation state actor intends to improve the
resilience and security of its cyberspace.
The Spectrum of Cyberwarfare
3
4. A “jus ad bellum” for Cyberwarfare :
Military Intelligence gathering
Collection of confidential information on current state of military capabilities and operations of a given nation-
state in support of current of futur operations. Example : Interception of digital communication to uncover
military plans
Geopolitical influence
Accrued tendency of nation-state to increase their existing capacity of influence & control on other nations from
the geophysical domain into the cyberspace through information warfare.
Support of Military Operations
Cyberwarfare is an enabler in support of tangible warfare operations such as disruption of a military
center of operations via a computer virus.
Strategic economic warfare
Attacks against a nation state using cyber technology with the aim of weakening its economy
through acquisition of trade secrets , sabotage of industrial facilities.
Cyber counterintelligence
Activities designed to prevent or thwart spying, intelligence gathering, and sabotage by an enemy or
other foreign entity.
The Spectrum of Cyberwarfare
4
5. The Spectrum of Cyberwarfare
Targets of Interest Example Attribution
Military Infrastructure
Espionage
NSA , FSB , GCHQ , MSS , DGRE
Electoral System &
Process
United States Election (2016) Russia’s FSB
Electrical powergrid Ukraine powergrid (2015) Russia’s FSB
Nuclear powerplant Iranian nuclear plant
Stuxnet virus (2010)
NSA & Israel Unit 8200
Communication systems BGP Hijacking Any major global telecom provider
Supply chain SolarWinds cyberattack (2020) Russia’s Cozy Bear
Any national infrastructure
considered critical
Colonial pipeline Any nation state actor with accrued geopolitical
motivation
5
6. The Spectrum of Cyberwarfare
6
A library of known adversary
Tactics – the adversary’s technical goals
Techniques – how those goals are achieved
Procedures – specific implementations of techniques
The framework contains 3 Matrices : Enterprise , Mobile and Industrial Control System
https://attack.mitre.org/
7. Offensive Cyber Operations
Into the premise of offensive cyberwarfare : from spies to APTs
APT ( Advanced Persistent Threat ) : Sophisticated cyber intrusion technique that exploits a
given vulnerability in a system inorder to gain extended persistent foothold with the aim of
achieving a specific malicious objective.
Lockheed Martin Cyberkill chain :
7
8. From Blitzkrieg to Bitskrieg :
- An intense german military stategy intended to bring about a swift victory in WW II
- Think about a series of swift attacks intended to shutdown a nation’s cyberspace
- Example : Shutdown of Ukraine Electrical Power Grid in 2015 by Sandworm
- Objective : Render your target’s system unoperational through disruptive intrusion in the shortest
possible time frame.
- Possibly : Erase disk , encrypt files , corrupt system kernel , change SCADA programming logic
Offensive Cyber Operations
8
9. DDOS Distributed Denial of Service:
Directing malicious traffic to a target by using a range of infected devices controlled by C² Servers.
Aim : Disrupt the availability of an online system
Examples :
▪ DNS Amplification Attack
▪ MIRAI Botnet Attack
Offensive Cyber Operations
9
10. Hunting for vulnerabilities & bugs :
A zero day (or 0-day) vulnerability is a security risk in a piece of software that is not publicly known
about and the vendor is not aware of. A zero- ay exploit is the method an attacker uses to access the
vulnerable system.
❑ Active purchase of 0-day exploitsby nation-state to compromise systems ... USA , EU
❑ Advanced vulnerability research program (R&D) ... China
❑ Development of exploits for known vulnerabilities ... Russia
Strategic Objective :
✓ Obtain initial access to a foreign nation state’s system
✓ Maintain a tactical advantage on other nation state
Example : Kaseya Attack , MSRPC Printer Spooler Relay , Zerologon , Stuxnet
Offensive Cyber Operations
10
11. Social Engineering & Phishing :
Social engineering is the psychological manipulation of people into performing actions or divulging
confidential information.
Cialdini's 6 Principles of Influence are : Reciprocity , Commitment/consistency, Social proof
,Authority, Liking, Scarcity.
Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or
otherwise deceptive) message designed to trick a person into revealing sensitive information to the
attacker
Objective : Leakage of confidential information
Offensive Cyber Operations
11
12. “If you know the enemy and know yourself, you need not fear the result of a
hundred battles. If you know yourself but not the enemy, for every victory
gained you will also suffer a defeat. If you know neither the enemy nor
yourself, you will succumb in every battle.”
“Sun Tzu
The ART of Defense
STEP ROAD MAP TO PLANNING A NATION-WIDE DEFENSE STATREGY
1 Assess your national cybersecurity landscape
2 Assess the cyber-risk landscape
3 Produce your national cyber strategy
4 Develop an action plan
5 Monitor and evaluate defined metrics of your strategy
6 Continuous improvement & update
12
13. The ART of Defense
BLUE PRINT FOR BUILDING A NATIONAL CYBERSECURITY DEFENSE STRATEGY
Governance Risk Management Legislation & Regulation
❑ Ensure the highest level of support
❑ Establish a competent cybersecurity
authority
❑ Ensure intra-government cooperation
❑ Ensure inter-sectoral cooperation
❑ Allocate dedicated budget and resources
❑ Define a risk-management approach
❑ Identify a common methodology for
managing cybersecurity risk
❑ Develop sectoral cybersecurity risk profiles
❑ Establishing cybersecurity policies
❑ Establish cybercrime legislation
❑ Recognise and safeguard individual rights and
liberties
❑ Create compliance mechanisms
❑ Promote capacity-building for law enforcement
Preparedness & Resilience Capability & Capacity Building Critical Infrastructure services & essential
services
❑ Establish cyber-incident response
capabilities
❑ Establish contingency plans for
cybersecurity crisis management
❑ Promote information-sharing
❑ Conduct cybersecurity exercises
❑ Develop cybersecurity curricula
❑ Stimulate skills development and workforce
training
❑ Implement a coordinated cybersecurity
awareness-raising programme
❑ Foster cybersecurity innovation and R&D
❑ Establish a risk-management approach to
protecting critical infrastructures
❑ and services
❑ Adopt a governance model with clear
responsibilities
❑ Define minimum cybersecurity baselines
❑ Establish public-private partnerships
13
14. Defending your critical infrastructure
The ART of Defense
Security best practices and trends
Threat Intelligence & Hunting Quantum & Post Quantum Cryptography
Vulnerability Management Threat Emulation
Compliance Audit Defense in depth
EDR ( End-point detection & response) Zero-Trust Architecture
Security Awareness Secure Enclaves
SIEM ( Security Information &Event Management) ❑ MFA (Multi factor Authentication)
SOAR ( Security Orchestration , Automation & Response ) ❑ Risk Management
DLP ( Data loss prevention ) ❑ Next Generation Firewall
14