SlideShare a Scribd company logo

Cybersecurity concepts & Defense best practises

WAJAHAT IQBAL
WAJAHAT IQBAL

This presentation is an attempt to present the complex Subject of Cybersecurity in a concise format with main focus to present the core of Cybersecurity and best practises and standards to protect an enterprise Network.Comments of readers welcomed.Thank You (Wajahat Iqbal) Email: Wajahat_Iqbal@yahoo.com

Internet
1 of 45
Download to read offline
Cybersecurity Concept & Defense best practices Presented by Wajahat Iqbal B.E(Computer Science),ISO 27001 LI,ISO 22301 LI
Cybersecurity Concept & Framework
Definition Cybersecurity Domain is a collection of best practices,Technologies,Frameworks & Standards to protect an enterprise,organization ,Govt entities,Military establishment,Individual user from global cyber threats(Theft Identity,Cybertheft,Cyber- ransom,Infrastructure damage) resulting in either Financial,Economical,Copyright Information,Personal identity,Infrastructure loss. 3
Major Cybersecurity standards  NIST Cybersecurity Framework (De-facto standard)  ISO 27001 (Information Security Management Framework)  ISACA COBIT5  NIST SP800-53  NIST SP800-30  ISA 62443  ISO 27005 The Cybersecurity standards were first adopted in the Seoul (South Korea) Conference on Global Cybersecurity in 2013 4
Cybersecurity holistic view  Manage physical access to IT Infrastructure  Manage sensitive documents and output Devices  Monitor the Infrastructure for security related Events  Protect against Malware (*** Most challenging )  Manage Network and Connectivity security  Manage User Identity and logical access  Protect critical and vital Infrastructure (Banks,Vital Industrial installations,IT,Nuclear power,Dams,Defense) 5
Cybersecurity Lifecycle The Cybersecurity Lifecycle can be described aptly by the below (Figure-1) which decomposes the various stages . 6 (1) Identify Business outcomes (2)Understand Vulnerabilities Threats (3)Create current profile (4)Conduct Risk assessments (5)Apply Controls (6)Create Target profile (7)Determine/ prioritize gaps (8)Implement plan (9)Report to stakeholders (10)Continuous monitoring Cyber security Lifecycle
Risk actions 7 Risk Actions: The most generally accepted Actions on Risk Management Cycle are: (1) Risk Acceptance (2) Risk Transfer (3) Risk Avoidance (4) Risk Mitigation – Most practised action Depending on Risk Appetite/Risk Tolerance threshold of an Organisation These are drawn from the ISO 27001 Standard for ISMS which is the most widely used and accepted standard on IT Security involving Risk Management processes
HACKERS & ATTACKS
Threat to Cyberdefense 9 The damage caused by threats to Cyberdefense can be characterized by loss of “Confidentiality, Integrity or availability (CIA)”, the basic model of Data Security as practiced in ISO27001/27002 and other globally accepted standards
Hackers profile The different type of Hackers are:  Individual Hacker  State Sponsored (With Political & Military Agenda)  Cyber Criminals (Organised Mafia) 10
Hacker Kill Chain The USA Aeronautics Major Lockheed Martin – Kill Chain methodology describes seven steps from reconnaissance through actions on the objectives and recommends defenses be designed to align with each of the seven steps in the process below: 11
Summary of Kill Chain  Reconnaissance:  Finding the Host,Internet Website,Domain  Do IP Address Scan of the Business Domain  Do Port Scan of the Active hosts  Automated scanning by Botnets (Compromised Systems)  Locate Network Topology and identify potential access control Devices 12
Summary of Kill Chain(Cont’d)  Weaponization:  Identify the Vulnerability  Initiate the Attack  Coupling a remote access Trojan(RAT) with an Exploit into a deliverable payload,typically by means of an automated tool (The commonly used weaponizer are Adobe PDF and Microsoft Office documents)  Delivery:  Transmission of Weapon to the targeted environment  Three most prevalent delivery vectors for weaponzied payloads are – Emails,Compromised Web Sites & USB removal media 13
Summary of Kill Chain (Cont’d)  Exploitation:  Email,Website &USB explore a Vulnerability on launch and Hacket gets remote access to admin Shell  Exploitation targets Operating System or Application vulnerability  Installation:  Install Malware(Malicious Code) into Memory,Disk or Operating System Kernel,modify windows registry,modify Unix Kernel  Allow installation of remote access Trojan or backdoor on the victim system 14
Summary of Kill Chain (Cont’d)  Command & Control (C2):  Compromised system/hosts beacon back to the Master Controller to establish C2 Channel  Hacker gains complete control of the compromised system  Intruders have “hands on the keyboard” access to the targeted environment  Action:  This Activity is data exfiltration that involves collecting,encrypting and extraction information (e,g Deface Website,Steal Credit Card Information,Steal Copyright Information,Steal IE passwords,Modify Banking websites,Steal medical records) etc 15
BOTNET Attack(Automated) These days professional Hackers,Malware developers,Cyber Criminals work in tandem to develop automated Tools to initiate a Cyber Attack against the intended victim/host.The mechanism is to install remote access Trojan(RAT) on compromised system(BOTNETS) which could number in thousands and then initiate the attack in phases as shown in Figure- 2 (next page) Key Components of a BOTNET Attack:  BOTNET Construction Kit  Command & Control Capability  Remote Access Trojan(RAT)  Custom developed Malware(Malicious Code) for the intended Victim/Host (Example BOTNET Attacks - ZEUS,CITADEL,GO ZEUS) 16
BOTNET Attack(Automated) These 17
Type of Cyber Attacks 18
Famous hack attacks 19
MALWARE
Malware:Types & Protection 21
SOC - CYBERSECURITY ARCHITECTURE
SOC Components Lately SOC has become an integral part of any Organisation to protect itself from Cyber attacks and detect/correct/recover from a Cyber Incident in the quickest span of time without further damage to its reputation. The critical components of a SOC are:  IDS/IPS Infrastructure  Firewall Infrastructure  SIEM (Security Information and Event Monitoring System)  Logging and Alerting mechanism  Security Incident Processes  Forensics capability  User Training & Retention  Managing Evidence 23
SOC Individual Process Layers 24
Cybersecurity Architecture 25 • Network Security • Identity,Authentication and Access Management • Data Protection and Cryptography • Monitoring Vulnerability & Patch Management • High Availablity,Disaster Recovery & Physical protection • Asset Management & Supply Chain • Policy,Audit,E-Discover & Training • Systems Adminstration • Application Security • Endpoint,Server & Device Security Cybersecurity Architecture The Cyber Architecture consists of the following components:
Defense in Depth(DOD) This is the most common practice employed by Organisation to create and implement a multilayered approach to Cybersecurity.It is described by the following process (Figure-3) and can be implemented at various layers of the Network Infrastructure 26 .
9 Basic steps of Cybersecurity These are the guidelines to follow while drawing up a comprehensive Cybersecurity program in an Organisation  #1 : Explore the Legislation and other requirements  #2: Define the Business benefits and get top Management support (Very Important)  #3: Setting the Cybersecurity requirements  #4: Choosing the framework for Cybersecurity Implementation  #5:Organizing the Implementation(Setting up Teams,PM Resources,Project Charter,Budget etc)  #6: Risk Assessment & Mitigation (Applying Controls)  #7: Implementation of Controls  #8: Training & Awareness  #9: Continuous Monitoring and Checks and Reporting to Senior Management (C Level Executives) 27
Cybersecurity operational processes To maintain an effective Cybersecurity posture,the CISO should maintain a number of enterprise operational processes to include the following:  Policies and Policies Exception Management  Project and Change Security Reviews  Risk Management  Control Management  Auditing and Deficiency Tracking  Asset Inventory and audit  Change Control  Configuration Management Database Re-Certification  Supplier reviews and Risk assessments 28
Cybersecurity operational processes  CyberIntrusion Response  All-Hazards Emergency preparedness Exercises  Vulnerability Scanning,Tracking & Management  Patch Management & Deployment  Security Monitoring  Password and Key Management  Account and Access periodic Re-Certification  Privileged Account activity Audit 29
SANS TOP 20 CRITICAL SECURITY CONTROLS
SANS top 20 Controls These are widely established critical controls to maintain a healthy Network security posture 31
INCIDENT PROCESS & MANAGEMENT
Incident Process & Management 33
NETWORK PERIMETER SECURITY (BEST PRACTISES)
Network perimeter best security practises  Restrict use of administrative utilities(e,g Microsoft Management Console)  Use secure File permission system i.e NTFS & UFS File System  Manage Users properly especially the Admin Accounts on Unix & Windows machines  Perform Effective Group Management for – Admin,Print,Power,Server operator & Normal Users in Windows 2000 O.S  Enforce strong password policy,password aging for Users  Enable Windows O.S and Unix O.S logging facility  Eliminate unnecessary Accounts (especially the Employee’s who have left the Organisation)  Disable Resource sharing service and remove hidden administrative shares – C$,ADMIN$,WIN NT$ in older version of Windows O.S  Disable unneeded Service in Unix – Telnet,Finger ,tftp,NTP(Network Time protocol)  Applications should use the latest Security patches in Production Environment 35
Network perimeter best security practises  Enforce using NAT(Network Address Translation) & PAT(Port Address Translation) in internal Network (Firewalls & Routers)  Enable DNS Spoofing,DOS Attacks (Smurf & Direct Broadcast Attacks) mitigation policies on Gateway Routers via ACL and Cisco IOS  Enforce Best Industry practice of secure Application Coding to mitigate “Buffer Overflow” Vulnerability in the Memory  Enforce strong password policy,password aging,lockout policy for Application Databases (Oracle,Sybase)  Install latest O.S and Application patches as soon they are available from Vendors  Install latest Security patches for Browsers,Flash Players,Microsoft Applications  Update the Anti-Virus & IDS/IPS /HIDS Signatures on frequent basis  Update the Business Continuity/DR Plan and keep latest backup of all critical Servers 36
Network perimeter best security practises  Update and Install latest Security patches for Application Gateways(Proxies),Web Filltering Devices,Firewalls  Check the Logs daily on Firewalls,IPS/IDS,HIDS for any Security Incident triggered by any malicious Activity  Implement Industry Best practices to secure the Network (NIST Guidelines,SANS 20 Critical Security Controls,NSA Guidelines etc)  Place the Mission Critical Web Servers (User Interface) on a Screened Subnet,DMZ and the backend Application Server & Oracle Database Server in the internal Network  Change the Default Password of SNMP Community string on Network Devices 37
NETWORK PERIMETER SECURITY (CASE STUDY)
CASE STUDY – Cyber attack secure design 39
CASE STUDY – Cyber attack secure design Design Features:  Border Router:A Gateway Router connects the network to the Internet and provides basic Filtering through ACL(Access Control Lists) on Ingress & Egress Interfaces  Just behind the Gateway Router is Stateful Inspection Firewall that enforces the majority of access control of the network  Public services and private services have been separated by putting them on different network segments (DMZ,Corporate & Screened Subnet)  Split DNS is being used on public DNS Server and it provides Name resolution for public services only  Intrusion Detection Systems(IDS) are located on the public,private,network perimeter end points to watch for unusual activity  The Front end Application Web server is on the Screened Subnet and the backed Oracle DB Server is behind the Internal Firewall 40
CASE STUDY – Cyber attack secure design  Host based IDS(HIDS) complement the Network by adding additional layer of security and are placed on the individual mission critical servers(Anti-Virus,Email Proxy,Web Proxy,Internal Email Server,Oracle DB Server) to monitor the systems network activity,log files,Files Systems Integrity and User actions.A host based IDS will also detect and generate an alarm when it detects escalation of privileges for a Guest user to Admin Account  Host based IDS can help detect attacks that network IDS evasion techniques  Host based IDS is also useful for correlating attacks picked up by Network sensors  All security log entries are sent to the SIEM(Security Information and Event Monitoring System) for Data Analysis and Forensics.The SIEM generates an Alert when suspicious activity is detected  For the Remote Office users all their Laptops are installed with Personal Firewalls to mitigate/detect Hacker entry through backdoor channels 41
CASE STUDY – Cyber attack secure design  All configuration of security devices is performed from the management console  Additionally one can install TACACS,RADIUS Servers to monitor Users access on the Gateway Router and other mission critical Servers The sample Rule base configured for the above Network Design on the Stateful Inspection Firewall can be as follows (Illustrative purpose only): Next page 42
CASE STUDY – Cyber attack secure design 43
CONCLUSION Conclusion Note: The process to securing and making a perfect “Digital World” is a ongoing continuous Journey ,and with ever changing Modus operandi of the Hackers and the Cyber Criminals globally,we always have to be one step forward in the race to protect our Digital Assets,Intellectual property,Identity,Infrastructure. Thank You (Wajahat Iqbal) 44
Disclaimer Note: This is Copyright Material © of Wajahat Iqbal (2016) and the Information shown is collected from Internet repositories and any typo, error, omission is regretted on behalf of Author.The Author does not hold any responsibility or liability for the incorrectness of the Information shared.This technical presentation can be shared/Printed/Distributed keeping in view that Credit is given rightly to the Author. Contact E-Mail: Wajahat_Iqbal@Yahoo.com LinkedIn: http://www.linkedin.com/in/wiqbal 45

Recommended

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 

Recommended

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
Aaron Clark-Ginsberg
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill Chain
Dragos, Inc.
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
Joey Hernandez
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
FireEye, Inc.
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Insider threat
Insider threatInsider threat
Insider threat
ARCON TECHSOLUTIONS
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
merlyna
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
JustinBrown267905
 
Cybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptxCybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptx
Art Ocain
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
aletarw
 
Clearance barriers to Cyber Security Profession
Clearance barriers to Cyber Security ProfessionClearance barriers to Cyber Security Profession
Clearance barriers to Cyber Security Profession
aletarw
 

More Related Content

What's hot

Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
Aaron Clark-Ginsberg
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill Chain
Dragos, Inc.
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
Joey Hernandez
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
FireEye, Inc.
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Insider threat
Insider threatInsider threat
Insider threat
ARCON TECHSOLUTIONS
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
merlyna
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
JustinBrown267905
 
Cybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptxCybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptx
Art Ocain
 

What's hot (20)

Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill Chain
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Insider threat
Insider threatInsider threat
Insider threat
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Cybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptxCybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptx
 

Viewers also liked

Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
aletarw
 
Clearance barriers to Cyber Security Profession
Clearance barriers to Cyber Security ProfessionClearance barriers to Cyber Security Profession
Clearance barriers to Cyber Security Profession
aletarw
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Kyle Lai
 
Uud amandemen
Uud amandemenUud amandemen
Uud amandemen
Billy Buhaiba
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
Community Protection Forum
 
International Nuclear and Radiological Event Scale (INES) - 12 April 2011
International Nuclear and Radiological Event Scale (INES) - 12 April 2011International Nuclear and Radiological Event Scale (INES) - 12 April 2011
International Nuclear and Radiological Event Scale (INES) - 12 April 2011
International Atomic Energy Agency
 
Lesson 5 Fission and Chain Reactions | The Harnessed Atom (2016)
Lesson 5 Fission and Chain Reactions | The Harnessed Atom (2016)Lesson 5 Fission and Chain Reactions | The Harnessed Atom (2016)
Lesson 5 Fission and Chain Reactions | The Harnessed Atom (2016)
ORAU
 
Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013
Dr. Amitabha Yadav
 
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittNIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittJack Whitsitt
 
Countering insider threat attacks - CDE themed call launch 14 May 2013
Countering insider threat attacks - CDE themed call launch 14 May 2013Countering insider threat attacks - CDE themed call launch 14 May 2013
Countering insider threat attacks - CDE themed call launch 14 May 2013
Defence and Security Accelerator
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
National Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action PlanNational Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action Plan
Dr David Probert
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
William McBorrough
 
Cyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaCyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaEvan Pathiratne
 
Ht seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHt seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscape
Haris Tahir
 
Basic Safety Concepts in Nuclear Engineering
Basic Safety Concepts in Nuclear EngineeringBasic Safety Concepts in Nuclear Engineering
Basic Safety Concepts in Nuclear Engineering
Global Risk Forum GRFDavos
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8
John Palfreyman
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
Jim Gilsinn
 

Viewers also liked (20)

Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
 
Clearance barriers to Cyber Security Profession
Clearance barriers to Cyber Security ProfessionClearance barriers to Cyber Security Profession
Clearance barriers to Cyber Security Profession
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
 
Uud amandemen
Uud amandemenUud amandemen
Uud amandemen
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
 
International Nuclear and Radiological Event Scale (INES) - 12 April 2011
International Nuclear and Radiological Event Scale (INES) - 12 April 2011International Nuclear and Radiological Event Scale (INES) - 12 April 2011
International Nuclear and Radiological Event Scale (INES) - 12 April 2011
 
Lesson 5 Fission and Chain Reactions | The Harnessed Atom (2016)
Lesson 5 Fission and Chain Reactions | The Harnessed Atom (2016)Lesson 5 Fission and Chain Reactions | The Harnessed Atom (2016)
Lesson 5 Fission and Chain Reactions | The Harnessed Atom (2016)
 
Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013
 
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittNIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
 
Countering insider threat attacks - CDE themed call launch 14 May 2013
Countering insider threat attacks - CDE themed call launch 14 May 2013Countering insider threat attacks - CDE themed call launch 14 May 2013
Countering insider threat attacks - CDE themed call launch 14 May 2013
 
APR 1400 Presentation
APR 1400 PresentationAPR 1400 Presentation
APR 1400 Presentation
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
National Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action PlanNational Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action Plan
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
Cyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaCyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri Lanka
 
Ht seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHt seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscape
 
Basic Safety Concepts in Nuclear Engineering
Basic Safety Concepts in Nuclear EngineeringBasic Safety Concepts in Nuclear Engineering
Basic Safety Concepts in Nuclear Engineering
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
 

Similar to Cybersecurity concepts & Defense best practises

CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Shakeel Ali
 
Analysis on Common Network Attacks & Vulnerability Scanners
Analysis on Common Network Attacks & Vulnerability ScannersAnalysis on Common Network Attacks & Vulnerability Scanners
Analysis on Common Network Attacks & Vulnerability Scanners
PROBOTEK
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
Daniel Thomas
 
Advantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcAdvantages And Disadvantages Of Nc
Advantages And Disadvantages Of Nc
Kristen Wilson
 
Best Practices in IBM i Security
Best Practices in IBM i SecurityBest Practices in IBM i Security
Best Practices in IBM i Security
Precisely
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
Geeks Anonymes
 
CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11
Nil Menon
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
Tiffany Graham
 
NSA's panic. JetBrains [EN].pdf
NSA's panic. JetBrains [EN].pdfNSA's panic. JetBrains [EN].pdf
NSA's panic. JetBrains [EN].pdf
Overkill Security
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
Area41
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
wajug
 
How can a successful SOC2-compliant ISMS be built without power, money and a...
How can a successful SOC2-compliant ISMS be built without power, money and a...How can a successful SOC2-compliant ISMS be built without power, money and a...
How can a successful SOC2-compliant ISMS be built without power, money and a...
Vsevolod Shabad
 
Secure Financial Intelligence System
Secure Financial Intelligence SystemSecure Financial Intelligence System
Secure Financial Intelligence SystemJoseph Yosi Margalit
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
John Gilligan
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11
Irsandi Hasan
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Cybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfCybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdf
Haris Chughtai
 

Similar to Cybersecurity concepts & Defense best practises (20)

CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
 
Analysis on Common Network Attacks & Vulnerability Scanners
Analysis on Common Network Attacks & Vulnerability ScannersAnalysis on Common Network Attacks & Vulnerability Scanners
Analysis on Common Network Attacks & Vulnerability Scanners
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Advantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcAdvantages And Disadvantages Of Nc
Advantages And Disadvantages Of Nc
 
Best Practices in IBM i Security
Best Practices in IBM i SecurityBest Practices in IBM i Security
Best Practices in IBM i Security
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
 
CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
NSA's panic. JetBrains [EN].pdf
NSA's panic. JetBrains [EN].pdfNSA's panic. JetBrains [EN].pdf
NSA's panic. JetBrains [EN].pdf
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
 
How can a successful SOC2-compliant ISMS be built without power, money and a...
How can a successful SOC2-compliant ISMS be built without power, money and a...How can a successful SOC2-compliant ISMS be built without power, money and a...
How can a successful SOC2-compliant ISMS be built without power, money and a...
 
Secure Financial Intelligence System
Secure Financial Intelligence SystemSecure Financial Intelligence System
Secure Financial Intelligence System
 
Ak03402100217
Ak03402100217Ak03402100217
Ak03402100217
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Cybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfCybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdf
 

Recently uploaded

Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
ShahulHameed54211
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
Himani415946
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
TristanJasperRamos
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 

Recently uploaded (16)

Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 

Cybersecurity concepts & Defense best practises

  • 1. Cybersecurity Concept & Defense best practices Presented by Wajahat Iqbal B.E(Computer Science),ISO 27001 LI,ISO 22301 LI
  • 3. Definition Cybersecurity Domain is a collection of best practices,Technologies,Frameworks & Standards to protect an enterprise,organization ,Govt entities,Military establishment,Individual user from global cyber threats(Theft Identity,Cybertheft,Cyber- ransom,Infrastructure damage) resulting in either Financial,Economical,Copyright Information,Personal identity,Infrastructure loss. 3
  • 4. Major Cybersecurity standards  NIST Cybersecurity Framework (De-facto standard)  ISO 27001 (Information Security Management Framework)  ISACA COBIT5  NIST SP800-53  NIST SP800-30  ISA 62443  ISO 27005 The Cybersecurity standards were first adopted in the Seoul (South Korea) Conference on Global Cybersecurity in 2013 4
  • 5. Cybersecurity holistic view  Manage physical access to IT Infrastructure  Manage sensitive documents and output Devices  Monitor the Infrastructure for security related Events  Protect against Malware (*** Most challenging )  Manage Network and Connectivity security  Manage User Identity and logical access  Protect critical and vital Infrastructure (Banks,Vital Industrial installations,IT,Nuclear power,Dams,Defense) 5
  • 6. Cybersecurity Lifecycle The Cybersecurity Lifecycle can be described aptly by the below (Figure-1) which decomposes the various stages . 6 (1) Identify Business outcomes (2)Understand Vulnerabilities Threats (3)Create current profile (4)Conduct Risk assessments (5)Apply Controls (6)Create Target profile (7)Determine/ prioritize gaps (8)Implement plan (9)Report to stakeholders (10)Continuous monitoring Cyber security Lifecycle
  • 7. Risk actions 7 Risk Actions: The most generally accepted Actions on Risk Management Cycle are: (1) Risk Acceptance (2) Risk Transfer (3) Risk Avoidance (4) Risk Mitigation – Most practised action Depending on Risk Appetite/Risk Tolerance threshold of an Organisation These are drawn from the ISO 27001 Standard for ISMS which is the most widely used and accepted standard on IT Security involving Risk Management processes
  • 9. Threat to Cyberdefense 9 The damage caused by threats to Cyberdefense can be characterized by loss of “Confidentiality, Integrity or availability (CIA)”, the basic model of Data Security as practiced in ISO27001/27002 and other globally accepted standards
  • 10. Hackers profile The different type of Hackers are:  Individual Hacker  State Sponsored (With Political & Military Agenda)  Cyber Criminals (Organised Mafia) 10
  • 11. Hacker Kill Chain The USA Aeronautics Major Lockheed Martin – Kill Chain methodology describes seven steps from reconnaissance through actions on the objectives and recommends defenses be designed to align with each of the seven steps in the process below: 11
  • 12. Summary of Kill Chain  Reconnaissance:  Finding the Host,Internet Website,Domain  Do IP Address Scan of the Business Domain  Do Port Scan of the Active hosts  Automated scanning by Botnets (Compromised Systems)  Locate Network Topology and identify potential access control Devices 12
  • 13. Summary of Kill Chain(Cont’d)  Weaponization:  Identify the Vulnerability  Initiate the Attack  Coupling a remote access Trojan(RAT) with an Exploit into a deliverable payload,typically by means of an automated tool (The commonly used weaponizer are Adobe PDF and Microsoft Office documents)  Delivery:  Transmission of Weapon to the targeted environment  Three most prevalent delivery vectors for weaponzied payloads are – Emails,Compromised Web Sites & USB removal media 13
  • 14. Summary of Kill Chain (Cont’d)  Exploitation:  Email,Website &USB explore a Vulnerability on launch and Hacket gets remote access to admin Shell  Exploitation targets Operating System or Application vulnerability  Installation:  Install Malware(Malicious Code) into Memory,Disk or Operating System Kernel,modify windows registry,modify Unix Kernel  Allow installation of remote access Trojan or backdoor on the victim system 14
  • 15. Summary of Kill Chain (Cont’d)  Command & Control (C2):  Compromised system/hosts beacon back to the Master Controller to establish C2 Channel  Hacker gains complete control of the compromised system  Intruders have “hands on the keyboard” access to the targeted environment  Action:  This Activity is data exfiltration that involves collecting,encrypting and extraction information (e,g Deface Website,Steal Credit Card Information,Steal Copyright Information,Steal IE passwords,Modify Banking websites,Steal medical records) etc 15
  • 16. BOTNET Attack(Automated) These days professional Hackers,Malware developers,Cyber Criminals work in tandem to develop automated Tools to initiate a Cyber Attack against the intended victim/host.The mechanism is to install remote access Trojan(RAT) on compromised system(BOTNETS) which could number in thousands and then initiate the attack in phases as shown in Figure- 2 (next page) Key Components of a BOTNET Attack:  BOTNET Construction Kit  Command & Control Capability  Remote Access Trojan(RAT)  Custom developed Malware(Malicious Code) for the intended Victim/Host (Example BOTNET Attacks - ZEUS,CITADEL,GO ZEUS) 16
  • 18. Type of Cyber Attacks 18
  • 23. SOC Components Lately SOC has become an integral part of any Organisation to protect itself from Cyber attacks and detect/correct/recover from a Cyber Incident in the quickest span of time without further damage to its reputation. The critical components of a SOC are:  IDS/IPS Infrastructure  Firewall Infrastructure  SIEM (Security Information and Event Monitoring System)  Logging and Alerting mechanism  Security Incident Processes  Forensics capability  User Training & Retention  Managing Evidence 23
  • 25. Cybersecurity Architecture 25 • Network Security • Identity,Authentication and Access Management • Data Protection and Cryptography • Monitoring Vulnerability & Patch Management • High Availablity,Disaster Recovery & Physical protection • Asset Management & Supply Chain • Policy,Audit,E-Discover & Training • Systems Adminstration • Application Security • Endpoint,Server & Device Security Cybersecurity Architecture The Cyber Architecture consists of the following components:
  • 26. Defense in Depth(DOD) This is the most common practice employed by Organisation to create and implement a multilayered approach to Cybersecurity.It is described by the following process (Figure-3) and can be implemented at various layers of the Network Infrastructure 26 .
  • 27. 9 Basic steps of Cybersecurity These are the guidelines to follow while drawing up a comprehensive Cybersecurity program in an Organisation  #1 : Explore the Legislation and other requirements  #2: Define the Business benefits and get top Management support (Very Important)  #3: Setting the Cybersecurity requirements  #4: Choosing the framework for Cybersecurity Implementation  #5:Organizing the Implementation(Setting up Teams,PM Resources,Project Charter,Budget etc)  #6: Risk Assessment & Mitigation (Applying Controls)  #7: Implementation of Controls  #8: Training & Awareness  #9: Continuous Monitoring and Checks and Reporting to Senior Management (C Level Executives) 27
  • 28. Cybersecurity operational processes To maintain an effective Cybersecurity posture,the CISO should maintain a number of enterprise operational processes to include the following:  Policies and Policies Exception Management  Project and Change Security Reviews  Risk Management  Control Management  Auditing and Deficiency Tracking  Asset Inventory and audit  Change Control  Configuration Management Database Re-Certification  Supplier reviews and Risk assessments 28
  • 29. Cybersecurity operational processes  CyberIntrusion Response  All-Hazards Emergency preparedness Exercises  Vulnerability Scanning,Tracking & Management  Patch Management & Deployment  Security Monitoring  Password and Key Management  Account and Access periodic Re-Certification  Privileged Account activity Audit 29
  • 30. SANS TOP 20 CRITICAL SECURITY CONTROLS
  • 31. SANS top 20 Controls These are widely established critical controls to maintain a healthy Network security posture 31
  • 33. Incident Process & Management 33
  • 35. Network perimeter best security practises  Restrict use of administrative utilities(e,g Microsoft Management Console)  Use secure File permission system i.e NTFS & UFS File System  Manage Users properly especially the Admin Accounts on Unix & Windows machines  Perform Effective Group Management for – Admin,Print,Power,Server operator & Normal Users in Windows 2000 O.S  Enforce strong password policy,password aging for Users  Enable Windows O.S and Unix O.S logging facility  Eliminate unnecessary Accounts (especially the Employee’s who have left the Organisation)  Disable Resource sharing service and remove hidden administrative shares – C$,ADMIN$,WIN NT$ in older version of Windows O.S  Disable unneeded Service in Unix – Telnet,Finger ,tftp,NTP(Network Time protocol)  Applications should use the latest Security patches in Production Environment 35
  • 36. Network perimeter best security practises  Enforce using NAT(Network Address Translation) & PAT(Port Address Translation) in internal Network (Firewalls & Routers)  Enable DNS Spoofing,DOS Attacks (Smurf & Direct Broadcast Attacks) mitigation policies on Gateway Routers via ACL and Cisco IOS  Enforce Best Industry practice of secure Application Coding to mitigate “Buffer Overflow” Vulnerability in the Memory  Enforce strong password policy,password aging,lockout policy for Application Databases (Oracle,Sybase)  Install latest O.S and Application patches as soon they are available from Vendors  Install latest Security patches for Browsers,Flash Players,Microsoft Applications  Update the Anti-Virus & IDS/IPS /HIDS Signatures on frequent basis  Update the Business Continuity/DR Plan and keep latest backup of all critical Servers 36
  • 37. Network perimeter best security practises  Update and Install latest Security patches for Application Gateways(Proxies),Web Filltering Devices,Firewalls  Check the Logs daily on Firewalls,IPS/IDS,HIDS for any Security Incident triggered by any malicious Activity  Implement Industry Best practices to secure the Network (NIST Guidelines,SANS 20 Critical Security Controls,NSA Guidelines etc)  Place the Mission Critical Web Servers (User Interface) on a Screened Subnet,DMZ and the backend Application Server & Oracle Database Server in the internal Network  Change the Default Password of SNMP Community string on Network Devices 37
  • 39. CASE STUDY – Cyber attack secure design 39
  • 40. CASE STUDY – Cyber attack secure design Design Features:  Border Router:A Gateway Router connects the network to the Internet and provides basic Filtering through ACL(Access Control Lists) on Ingress & Egress Interfaces  Just behind the Gateway Router is Stateful Inspection Firewall that enforces the majority of access control of the network  Public services and private services have been separated by putting them on different network segments (DMZ,Corporate & Screened Subnet)  Split DNS is being used on public DNS Server and it provides Name resolution for public services only  Intrusion Detection Systems(IDS) are located on the public,private,network perimeter end points to watch for unusual activity  The Front end Application Web server is on the Screened Subnet and the backed Oracle DB Server is behind the Internal Firewall 40
  • 41. CASE STUDY – Cyber attack secure design  Host based IDS(HIDS) complement the Network by adding additional layer of security and are placed on the individual mission critical servers(Anti-Virus,Email Proxy,Web Proxy,Internal Email Server,Oracle DB Server) to monitor the systems network activity,log files,Files Systems Integrity and User actions.A host based IDS will also detect and generate an alarm when it detects escalation of privileges for a Guest user to Admin Account  Host based IDS can help detect attacks that network IDS evasion techniques  Host based IDS is also useful for correlating attacks picked up by Network sensors  All security log entries are sent to the SIEM(Security Information and Event Monitoring System) for Data Analysis and Forensics.The SIEM generates an Alert when suspicious activity is detected  For the Remote Office users all their Laptops are installed with Personal Firewalls to mitigate/detect Hacker entry through backdoor channels 41
  • 42. CASE STUDY – Cyber attack secure design  All configuration of security devices is performed from the management console  Additionally one can install TACACS,RADIUS Servers to monitor Users access on the Gateway Router and other mission critical Servers The sample Rule base configured for the above Network Design on the Stateful Inspection Firewall can be as follows (Illustrative purpose only): Next page 42
  • 43. CASE STUDY – Cyber attack secure design 43
  • 44. CONCLUSION Conclusion Note: The process to securing and making a perfect “Digital World” is a ongoing continuous Journey ,and with ever changing Modus operandi of the Hackers and the Cyber Criminals globally,we always have to be one step forward in the race to protect our Digital Assets,Intellectual property,Identity,Infrastructure. Thank You (Wajahat Iqbal) 44
  • 45. Disclaimer Note: This is Copyright Material © of Wajahat Iqbal (2016) and the Information shown is collected from Internet repositories and any typo, error, omission is regretted on behalf of Author.The Author does not hold any responsibility or liability for the incorrectness of the Information shared.This technical presentation can be shared/Printed/Distributed keeping in view that Credit is given rightly to the Author. Contact E-Mail: Wajahat_Iqbal@Yahoo.com LinkedIn: http://www.linkedin.com/in/wiqbal 45