SlideShare a Scribd company logo

CYBR 650Current Trends in CybersecuritySpring 2016Ron Wo.docx

Download as DOCX, PDF
A
alanrgibson41217

CYBR 650 Current Trends in Cybersecurity Spring 2016 Ron Woerner WELCOME Class information Term: March 14, 2016 – June 4, 2016 Class meets Tuesdays, 6:15pm – 9:00pm Class week: Mondays – Sundays Assignments due Sunday night Enhanced class – both in class and online 2 CYBR 650 Spring 2016 CYBR 650 Spring 2016 3 Videos My objective is to not be like this: https://www.youtube.com/watch?v=uhiCFdWeQfA Or this: Why you should turn off your cell phone in class Don't Judge Too Quickly 4 CYBR 650 Spring 2016 Class Broadcast Using Adobe Connect Use a web browser – http://bellevuena6.adobeconnect.com/cybr650-spr16/ Audio over the Internet In class can join as well Online participants: I’ll been to turn on your mic as needed Use the chat window / Raise hand CYBR 650 Spring 2016 5 In Case of Emergency Tornado Fire Power Outage Active shooter Winter weather Zombiepocalypse CYBR 650 Spring 2016 6 Security News Daily Open Source Infrastructure Report SANS Internet Storm Center Threatpost CSO Online Blogs Fill in the blank with what’s happening. 7 CYBR 650 Spring 2016 Questions Have a security clearance? Is this your first class? Have taken a class with me? Have a security or IT certification? Have been jailed for security violations? How many… Identity Paradox How do you know? How do I prove it to you? Without compromising my privacy? Who am I? Introductions Ron Woerner 25+ years experience in IT CISSP for 14 years Security Professional for 15+ years Given ~50 presentations on security B.S. Comp Sci & M.S. Information Systems Call me coach 10 Who I am CYBR 650 Spring 2016 Introductions – Your turn Name Student status Work status Experience with security / hacking What are you looking for from this class? [You also need to do this on the forum.] 11 Who are you? CYBR 650 Spring 2016 Course Schedule* See the Course Syllabus 12 CYBR 650 Spring 2016 *Subject to change Class Attendance Students are expected to attend class and to complete all assignments. If you have specific attendance and/or participation requirements related to your educational funding or student visa status, you are expected to monitor your own attendance/participation to ensure you are in compliance with those requirements.  I track attendance, but don’t base your grades on it. Please be professional. CYBR 650 Spring 2016 13 Course Materials Required: Threat Modeling, Designing for Security, Adam Shostack, © 2014, Wiley Publishing, ISBN: 978-1-118-80999-0, Book Website: http://threatmodelingbook.com/ Recommended: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition, Ross Anderson, © 2008, Wiley Publishing, Inc., ISBN: 978-0-470-06852-6, Book Website: http://www.cl.cam.ac.uk/~rja14/book.html . Supplemental Reading – See the assignment’s page 14 CYBR 650 Spring 2016 Threat Modeling (book) Process for threat modeling Based on software development life cycle CYBR 650 Spring 2016 15 Course Materials See the Re.

Education
1 of 35
CYBR 650 Current Trends in Cybersecurity Spring 2016 Ron Woerner WELCOME Class information Term: March 14, 2016 – June 4, 2016 Class meets Tuesdays, 6:15pm – 9:00pm Class week: Mondays – Sundays Assignments due Sunday night Enhanced class – both in class and online 2 CYBR 650 Spring 2016 CYBR 650 Spring 2016 3 Videos My objective is to not be like this: https://www.youtube.com/watch?v=uhiCFdWeQfA Or this: Why you should turn off your cell phone in class Don't Judge Too Quickly 4
CYBR 650 Spring 2016 Class Broadcast Using Adobe Connect Use a web browser – http://bellevuena6.adobeconnect.com/cybr650-spr16/ Audio over the Internet In class can join as well Online participants: I’ll been to turn on your mic as needed Use the chat window / Raise hand CYBR 650 Spring 2016 5 In Case of Emergency Tornado Fire Power Outage Active shooter Winter weather Zombiepocalypse CYBR 650 Spring 2016 6 Security News Daily Open Source Infrastructure Report SANS Internet Storm Center Threatpost CSO Online Blogs Fill in the blank with what’s happening.
7 CYBR 650 Spring 2016 Questions Have a security clearance? Is this your first class? Have taken a class with me? Have a security or IT certification? Have been jailed for security violations? How many… Identity Paradox How do you know? How do I prove it to you? Without compromising my privacy? Who am I? Introductions Ron Woerner 25+ years experience in IT CISSP for 14 years Security Professional for 15+ years Given ~50 presentations on security B.S. Comp Sci & M.S. Information Systems
Call me coach 10 Who I am CYBR 650 Spring 2016 Introductions – Your turn Name Student status Work status Experience with security / hacking What are you looking for from this class? [You also need to do this on the forum.] 11 Who are you? CYBR 650 Spring 2016 Course Schedule* See the Course Syllabus 12 CYBR 650 Spring 2016 *Subject to change
Class Attendance Students are expected to attend class and to complete all assignments. If you have specific attendance and/or participation requirements related to your educational funding or student visa status, you are expected to monitor your own attendance/participation to ensure you are in compliance with those requirements. I track attendance, but don’t base your grades on it. Please be professional. CYBR 650 Spring 2016 13 Course Materials Required: Threat Modeling, Designing for Security, Adam Shostack, © 2014, Wiley Publishing, ISBN: 978-1-118-80999-0, Book Website: http://threatmodelingbook.com/ Recommended: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition, Ross Anderson, © 2008, Wiley Publishing, Inc., ISBN: 978-0-470-06852-6, Book Website: http://www.cl.cam.ac.uk/~rja14/book.html . Supplemental Reading – See the assignment’s page 14 CYBR 650 Spring 2016 Threat Modeling (book) Process for threat modeling Based on software development life cycle CYBR 650 Spring 2016
15 Course Materials See the Reading List 16 CYBR 650 Spring 2016 Do it now Log into Blackboard Enter the course Read the syllabus (under Course Information) Take the syllabus / class rules quiz (if you haven’t already done so) You need to do this to see the week 1 assignments. CYBR 650 Spring 2016 17 CYA* You’re here to learn (not just get a grade / credit for the class) [I’m an optimist.] You’ll come to class prepared. You still have time while I’m talking… You’ll submit assignments in a Word compatible format. 18 * Check You Assumptions CYBR 650 Spring 2016
Class Expectations – 1 Come to class (or let me know if you can’t) Read and understand the material by Thursday Participate in class and online discussions The more the better Actively learn, share, ask questions, and debate ASK QUESTIONS! 19 CYBR 650 Spring 2016 Class Expectations – 2 Be proud of your work – put your name on it Stay current with your work – turn it in on time Get out of jail free card Find, use, and cite your sources (APA or MLA) At least 3 for each research paper Over communicate Proufread you’re work Think outside the box – be creative 20 CYBR 650 Spring 2016 Class Assignments See CyberActive / BlackBoard page for the week Weekly written assignment Weekly discussion Online and in class Occasional group work Will mostly be in class You need to make it up if you won’t be in class Weekly quiz
21 CYBR 650 Spring 2016 Paper writing & formatting Ensure good English writing Tips for Creating an Information Security Assessment Report Cheat Sheet – L Zeltser Lack of good writing kills credibility Citations & References required Can be APA or MLA Papers must be professional Single links for references don’t count See Citing Your Sources 22 CYBR 650 Spring 2016 Academic Honesty Your work must be your own Copying from others (include other sections) Plagiarism (see plagiarism 101 on plagiarism.org) Cite and reference information from sources I like to know where it’s from so I can learn Learn how to properly paraphrase DON’T use a synonymizer for words. 23 CYBR 650 Spring 2016 Other stuff you should know Using Wikipedia Problem solving
Google hacking 24 CYBR 650 Spring 2016 Discussions Need at least 3 posts for minimum (B-) credit More is better At least 4 if you’re not in class Initial post Must be by Thursday’s class. Should have 2-3 paragraphs References don’t need to be APA/MLA See previous slide on plagiarism Replies by Sunday evening (approx. 6pm) Please, don’t just say, “Nice post” Answer questions asked on your thread 25 CYBR 650 Spring 2016 What this class is (really) about Threat modeling Security Engineering Current security events 26 CYBR 650 Spring 2016 27 Threat
Modeling CYBR 650 Spring 2016 Why should I care? Would you know a threat if it bit you in the ___? Makes a difference in how they’re handled, prioritized, mitigated, and managed. Definitions Risk – The probable frequency and probable magnitude of future loss. [Jack Jones] – An uncertain event or condition that, if it occurs, has an impact on a project’s or business’ objectives. [Ron ] Threat – Any circumstance, event, person or thing with the potential to inflict loss. Vulnerability – A weakness that makes a threat possible. Exploit – An action taken by a threat source that harms an asset usually by taking advantage of a vulnerability or weakness. 30 Definitions Control – The act of restricting, limiting or managing something. – The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management, or
legal nature. Threat Vector – A path or tool used by an adversary to compromise a target. Threat Analysis – Identification of the threats that exist against enterprise assets. 31 Definitions Risk Assessment – The act of identifying potential threats to and vulnerabilities in an information system or business process. Risk Management – The process of determining an acceptable level of risk, assessing the current level of risk, taking steps to reduce risk to the acceptable level, and maintaining that level of risk. Risk Appetite / Tolerance – The amount of risk an entity is willing to accept. 32 Which of the following are risks? Disgruntled insiders Internet-facing web servers Untested recovery processes Network shares containing sensitive information Weak passwords Hurricane force winds Threat Assets Deficient control Assets
Deficient control Threat Threat determination In this article, how many of these are actually threats? http://www.networkworld.com/article/3042610/security/the- dirty-dozen-12-cloud-security-threats.html CYBR 650 Spring 2016 34 Threat Modeling Using models to find (and decide about) real or potential security problems (p. 3). Using a standard process to analyze any circumstance, event, person or thing with the potential to inflict loss. Anticipate / Catch problems before they occur. CYBR 650 Spring 2016 35 CYBR 650 Spring 2016 36 https://courses.cs.washington.edu/courses/cse484/14au/slides/th read-modeling.pdf 36 37
Process Modeling CYBR 650 Spring 2016 What is Process Modeling? aka Business Process Modeling (BPM) A diagram representing a sequence of activities. It typically shows events, actions and links or connection points, in the sequence from end to end. [Business Balls] Identifying and Documenting Business Activities (also known as tasks) and Processes by Employing a Formal BPM Language. A Process MUST have a business objective. Business activities identify the steps to achieving a business goal. [Business Modeling] CYBR 650 Spring 2016 38 BusinessBalls: Business Process Modeling Business Modeling - IT & Business Allignment, http://www.modelingconcepts.com/pdf/BPM_V2.pdf. 38 Threat Process Modeling Creating a workflow to identify, analyze, and make decisions on threats to data, information, systems, networks, etc. Basically, a recipe to follow. CYBR 650 Spring 2016 39
CYBR 650 Spring 2016 40 http://www.modelingconcepts.com/pdf/BPM_V2.pdf. 40 Threat Process Modeling Identifying credible sources of threat and vulnerability information. Gathering, analyzing, and storing threat and vulnerability information. Documenting system information, both logical and physical. Gathering policies, standards, and procedures (both internal and external) that are applicable to the system. Evaluating threats and vulnerabilities to determine whether they apply to the information system. Make recommendations for controls to the system. Evaluate impact of controls to the system. Start again at Step 1! CYBR 650 Spring 2016 41 From the Weeks 1 & 2 Assignment’s page 41 Break 42 CYBR 515 Fall 2015
Week 1 Assignment Threat Model Process Develop your threat modeling process Use the one provided as a template Add steps as needed Check the flow. Does it make sense? Create a workflow diagram (Visio or equivalent) Step-by-step instructions Audience is someone who has never threat modeled Generic to be used by any type of business Initial version due in week 1. Updated version due in week 4. Submit to both the discussion forum and the assignment link. 43 CYBR 650 Spring 2016 Week 1 Assignments Assignment 1 – Discussion See the Week 1 Assignments page Pick one of the topics. Try not to repeat. Answer questions / comments on your thread. Initial post due by end of week 1 (March 20). Replies due by 6pm end of week 2 (March 27). 15 points for original post, 15 points for participation. 44 CYBR 650 Spring 2016 Week 1 Assignments
Security Blog See the instruction sheet Create your own blog and write articles for it each week. Should be 600-800 words. Make it interesting and applicable. {What do you like in a blog?} 45 CYBR 650 Spring 2016 Building your Toolkit 13 must-have security tools Vuln Hub: https://www.vulnhub.com/ Resources Brainpan, http://blog.techorganic.com/ Challenge sites: http://www.wechall.net/ What’s in Your [Security] Wallet? My Security Bookshelf SecTools.org Oldergeeks.com CYBR 650 Spring 2016 46 Questions???
47 Get to Work! Discussion posts Blog Threat process modeling Security research Wash my car <just kidding> 48 CYBR 650 Spring 2016 49 DON’t leave! CYBR 650 Spring 2016 Next Week Threat process modeling continued Deeper dive into threats Threat intelligence Sources Data analytics
50 CYBR 650 Spring 2016 See http://www.darkreading.com/threat-intelligence/threat- intelligences-big-data-problem/d/d-id/1324702? 50 CYBR 650 Current Trends in Cybersecurity Spring 2016 Ron Woerner WELCOME Class information Term: March 14, 2016 – June 4, 2016 Class meets Tuesdays, 6:15pm – 9:00pm Class week: Mondays – Sundays Assignments due Sunday night Enhanced class – both in class and online 2 CYBR 650 Spring 2016 CYBR 650 Spring 2016 3
Videos My objective is to not be like this: https://www.youtube.com/watch?v=uhiCFdWeQfA Or this: Why you should turn off your cell phone in class Don't Judge Too Quickly 4 CYBR 650 Spring 2016 Class Broadcast Using Adobe Connect Use a web browser – http://bellevuena6.adobeconnect.com/cybr650-spr16/ Audio over the Internet In class can join as well Online participants: I’ll been to turn on your mic as needed Use the chat window / Raise hand CYBR 650 Spring 2016 5 In Case of Emergency Tornado Fire Power Outage Active shooter Winter weather Zombiepocalypse CYBR 650 Spring 2016 6
Security News Daily Open Source Infrastructure Report SANS Internet Storm Center Threatpost CSO Online Blogs Fill in the blank with what’s happening. 7 CYBR 650 Spring 2016 Questions Have a security clearance? Is this your first class? Have taken a class with me? Have a security or IT certification? Have been jailed for security violations? How many… Identity Paradox How do you know? How do I prove it to you? Without compromising my privacy? Who am I?
Introductions Ron Woerner 25+ years experience in IT CISSP for 14 years Security Professional for 15+ years Given ~50 presentations on security B.S. Comp Sci & M.S. Information Systems Call me coach 10 Who I am CYBR 650 Spring 2016 Introductions – Your turn Name Student status Work status Experience with security / hacking What are you looking for from this class? [You also need to do this on the forum.] 11 Who are you? CYBR 650 Spring 2016 Course Schedule*
See the Course Syllabus 12 CYBR 650 Spring 2016 *Subject to change Class Attendance Students are expected to attend class and to complete all assignments. If you have specific attendance and/or participation requirements related to your educational funding or student visa status, you are expected to monitor your own attendance/participation to ensure you are in compliance with those requirements. I track attendance, but don’t base your grades on it. Please be professional. CYBR 650 Spring 2016 13 Course Materials Required: Threat Modeling, Designing for Security, Adam Shostack, © 2014, Wiley Publishing, ISBN: 978-1-118-80999-0, Book Website: http://threatmodelingbook.com/ Recommended: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition, Ross Anderson, © 2008, Wiley Publishing, Inc., ISBN: 978-0-470-06852-6, Book Website: http://www.cl.cam.ac.uk/~rja14/book.html . Supplemental Reading – See the assignment’s page 14 CYBR 650 Spring 2016
Threat Modeling (book) Process for threat modeling Based on software development life cycle CYBR 650 Spring 2016 15 Course Materials See the Reading List 16 CYBR 650 Spring 2016 Do it now Log into Blackboard Enter the course Read the syllabus (under Course Information) Take the syllabus / class rules quiz (if you haven’t already done so) You need to do this to see the week 1 assignments. CYBR 650 Spring 2016 17 CYA* You’re here to learn (not just get a grade / credit for the class) [I’m an optimist.] You’ll come to class prepared.
You still have time while I’m talking… You’ll submit assignments in a Word compatible format. 18 * Check You Assumptions CYBR 650 Spring 2016 Class Expectations – 1 Come to class (or let me know if you can’t) Read and understand the material by Thursday Participate in class and online discussions The more the better Actively learn, share, ask questions, and debate ASK QUESTIONS! 19 CYBR 650 Spring 2016 Class Expectations – 2 Be proud of your work – put your name on it Stay current with your work – turn it in on time Get out of jail free card Find, use, and cite your sources (APA or MLA) At least 3 for each research paper Over communicate Proufread you’re work Think outside the box – be creative 20 CYBR 650 Spring 2016 Class Assignments
See CyberActive / BlackBoard page for the week Weekly written assignment Weekly discussion Online and in class Occasional group work Will mostly be in class You need to make it up if you won’t be in class Weekly quiz 21 CYBR 650 Spring 2016 Paper writing & formatting Ensure good English writing Tips for Creating an Information Security Assessment Report Cheat Sheet – L Zeltser Lack of good writing kills credibility Citations & References required Can be APA or MLA Papers must be professional Single links for references don’t count See Citing Your Sources 22 CYBR 650 Spring 2016 Academic Honesty Your work must be your own Copying from others (include other sections) Plagiarism (see plagiarism 101 on plagiarism.org) Cite and reference information from sources I like to know where it’s from so I can learn Learn how to properly paraphrase DON’T use a synonymizer for words.
23 CYBR 650 Spring 2016 Other stuff you should know Using Wikipedia Problem solving Google hacking 24 CYBR 650 Spring 2016 Discussions Need at least 3 posts for minimum (B-) credit More is better At least 4 if you’re not in class Initial post Must be by Thursday’s class. Should have 2-3 paragraphs References don’t need to be APA/MLA See previous slide on plagiarism Replies by Sunday evening (approx. 6pm) Please, don’t just say, “Nice post” Answer questions asked on your thread 25 CYBR 650 Spring 2016 What this class is (really) about Threat modeling Security Engineering Current security events
26 CYBR 650 Spring 2016 27 Threat Modeling CYBR 650 Spring 2016 Why should I care? Would you know a threat if it bit you in the ___? Makes a difference in how they’re handled, prioritized, mitigated, and managed. Definitions Risk – The probable frequency and probable magnitude of future loss. [Jack Jones] – An uncertain event or condition that, if it occurs, has an impact on a project’s or business’ objectives. [Ron ] Threat – Any circumstance, event, person or thing with the potential to inflict loss. Vulnerability – A weakness that makes a threat possible. Exploit – An action taken by a threat source that harms an asset usually by taking advantage of a vulnerability or weakness.
30 Definitions Control – The act of restricting, limiting or managing something. – The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management, or legal nature. Threat Vector – A path or tool used by an adversary to compromise a target. Threat Analysis – Identification of the threats that exist against enterprise assets. 31 Definitions Risk Assessment – The act of identifying potential threats to and vulnerabilities in an information system or business process. Risk Management – The process of determining an acceptable level of risk, assessing the current level of risk, taking steps to reduce risk to the acceptable level, and maintaining that level of risk. Risk Appetite / Tolerance – The amount of risk an entity is willing to accept. 32 Which of the following are risks? Disgruntled insiders Internet-facing web servers
Untested recovery processes Network shares containing sensitive information Weak passwords Hurricane force winds Threat Assets Deficient control Assets Deficient control Threat Threat determination In this article, how many of these are actually threats? http://www.networkworld.com/article/3042610/security/the- dirty-dozen-12-cloud-security-threats.html CYBR 650 Spring 2016 34 Threat Modeling Using models to find (and decide about) real or potential security problems (p. 3). Using a standard process to analyze any circumstance, event, person or thing with the potential to inflict loss. Anticipate / Catch problems before they occur. CYBR 650 Spring 2016 35 CYBR 650 Spring 2016 36
https://courses.cs.washington.edu/courses/cse484/14au/slides/th read-modeling.pdf 36 37 Process Modeling CYBR 650 Spring 2016 What is Process Modeling? aka Business Process Modeling (BPM) A diagram representing a sequence of activities. It typically shows events, actions and links or connection points, in the sequence from end to end. [Business Balls] Identifying and Documenting Business Activities (also known as tasks) and Processes by Employing a Formal BPM Language. A Process MUST have a business objective. Business activities identify the steps to achieving a business goal. [Business Modeling] CYBR 650 Spring 2016 38 BusinessBalls: Business Process Modeling Business Modeling - IT & Business Allignment, http://www.modelingconcepts.com/pdf/BPM_V2.pdf. 38
Threat Process Modeling Creating a workflow to identify, analyze, and make decisions on threats to data, information, systems, networks, etc. Basically, a recipe to follow. CYBR 650 Spring 2016 39 CYBR 650 Spring 2016 40 http://www.modelingconcepts.com/pdf/BPM_V2.pdf. 40 Threat Process Modeling Identifying credible sources of threat and vulnerability information. Gathering, analyzing, and storing threat and vulnerability information. Documenting system information, both logical and physical. Gathering policies, standards, and procedures (both internal and external) that are applicable to the system. Evaluating threats and vulnerabilities to determine whether they apply to the information system. Make recommendations for controls to the system. Evaluate impact of controls to the system. Start again at Step 1! CYBR 650 Spring 2016 41
From the Weeks 1 & 2 Assignment’s page 41 Break 42 CYBR 515 Fall 2015 Week 1 Assignment Threat Model Process Develop your threat modeling process Use the one provided as a template Add steps as needed Check the flow. Does it make sense? Create a workflow diagram (Visio or equivalent) Step-by-step instructions Audience is someone who has never threat modeled Generic to be used by any type of business Initial version due in week 1. Updated version due in week 4. Submit to both the discussion forum and the assignment link. 43 CYBR 650 Spring 2016 Week 1 Assignments Assignment 1 – Discussion See the Week 1 Assignments page Pick one of the topics. Try not to repeat. Answer questions / comments on your thread. Initial post due by end of week 1 (March 20). Replies due by 6pm end of week 2 (March 27). 15 points for original post, 15 points for participation.
44 CYBR 650 Spring 2016 Week 1 Assignments Security Blog See the instruction sheet Create your own blog and write articles for it each week. Should be 600-800 words. Make it interesting and applicable. {What do you like in a blog?} 45 CYBR 650 Spring 2016 Building your Toolkit 13 must-have security tools Vuln Hub: https://www.vulnhub.com/ Resources Brainpan, http://blog.techorganic.com/ Challenge sites: http://www.wechall.net/ What’s in Your [Security] Wallet? My Security Bookshelf SecTools.org Oldergeeks.com CYBR 650 Spring 2016
46 Questions??? 47 Get to Work! Discussion posts Blog Threat process modeling Security research Wash my car <just kidding> 48 CYBR 650 Spring 2016 49 DON’t leave! CYBR 650 Spring 2016
Next Week Threat process modeling continued Deeper dive into threats Threat intelligence Sources Data analytics 50 CYBR 650 Spring 2016 See http://www.darkreading.com/threat-intelligence/threat- intelligences-big-data-problem/d/d-id/1324702? 50

Recommended

Cis 558 Effective Communication-snaptutorial.com
Cis 558 Effective Communication-snaptutorial.comCis 558 Effective Communication-snaptutorial.com
Cis 558 Effective Communication-snaptutorial.comjhonklinz11
 
Cis 558 Exceptional Education-snaptutorial.com
Cis 558 Exceptional Education-snaptutorial.comCis 558 Exceptional Education-snaptutorial.com
Cis 558 Exceptional Education-snaptutorial.comrobertleses9
 
CIS 558 Enhance teaching / snaptutorial.com
CIS 558 Enhance teaching / snaptutorial.comCIS 558 Enhance teaching / snaptutorial.com
CIS 558 Enhance teaching / snaptutorial.comdonaldzs56
 
CIS 558 Education Organization / snaptutorial.com
CIS 558 Education Organization / snaptutorial.comCIS 558 Education Organization / snaptutorial.com
CIS 558 Education Organization / snaptutorial.comMcdonaldRyan39
 
Assignment 2 Organizational Risk Appetite and Risk AssessmentDu.docx
Assignment 2 Organizational Risk Appetite and Risk AssessmentDu.docxAssignment 2 Organizational Risk Appetite and Risk AssessmentDu.docx
Assignment 2 Organizational Risk Appetite and Risk AssessmentDu.docxjosephinepaterson7611
 
Cis 558 Education Specialist-snaptutorial.com
Cis 558 Education Specialist-snaptutorial.comCis 558 Education Specialist-snaptutorial.com
Cis 558 Education Specialist-snaptutorial.comrobertlesew96
 
CIS 558 Success Begins / snaptutorial.com
CIS 558 Success Begins / snaptutorial.comCIS 558 Success Begins / snaptutorial.com
CIS 558 Success Begins / snaptutorial.comRobinson075
 
Cis 558 Technology levels--snaptutorial.com
Cis 558 Technology levels--snaptutorial.comCis 558 Technology levels--snaptutorial.com
Cis 558 Technology levels--snaptutorial.comsholingarjosh63
 

Recommended

Cis 558 Effective Communication-snaptutorial.com
Cis 558 Effective Communication-snaptutorial.comCis 558 Effective Communication-snaptutorial.com
Cis 558 Effective Communication-snaptutorial.comjhonklinz11
 
Cis 558 Exceptional Education-snaptutorial.com
Cis 558 Exceptional Education-snaptutorial.comCis 558 Exceptional Education-snaptutorial.com
Cis 558 Exceptional Education-snaptutorial.comrobertleses9
 
CIS 558 Enhance teaching / snaptutorial.com
CIS 558 Enhance teaching / snaptutorial.comCIS 558 Enhance teaching / snaptutorial.com
CIS 558 Enhance teaching / snaptutorial.comdonaldzs56
 
CIS 558 Education Organization / snaptutorial.com
CIS 558 Education Organization / snaptutorial.comCIS 558 Education Organization / snaptutorial.com
CIS 558 Education Organization / snaptutorial.comMcdonaldRyan39
 
Assignment 2 Organizational Risk Appetite and Risk AssessmentDu.docx
Assignment 2 Organizational Risk Appetite and Risk AssessmentDu.docxAssignment 2 Organizational Risk Appetite and Risk AssessmentDu.docx
Assignment 2 Organizational Risk Appetite and Risk AssessmentDu.docxjosephinepaterson7611
 
Cis 558 Education Specialist-snaptutorial.com
Cis 558 Education Specialist-snaptutorial.comCis 558 Education Specialist-snaptutorial.com
Cis 558 Education Specialist-snaptutorial.comrobertlesew96
 
CIS 558 Success Begins / snaptutorial.com
CIS 558 Success Begins / snaptutorial.comCIS 558 Success Begins / snaptutorial.com
CIS 558 Success Begins / snaptutorial.comRobinson075
 
Cis 558 Technology levels--snaptutorial.com
Cis 558 Technology levels--snaptutorial.comCis 558 Technology levels--snaptutorial.com
Cis 558 Technology levels--snaptutorial.comsholingarjosh63
 
Cis 558 Enthusiastic Study / snaptutorial.com
Cis 558 Enthusiastic Study / snaptutorial.comCis 558 Enthusiastic Study / snaptutorial.com
Cis 558 Enthusiastic Study / snaptutorial.comStephenson06
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
Incident_Response_for_Management_Presentation.pptx
Incident_Response_for_Management_Presentation.pptxIncident_Response_for_Management_Presentation.pptx
Incident_Response_for_Management_Presentation.pptxssuser2a8bb7
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Cis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newAmyBell2017
 
Cis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newEmeliaJackson2017
 
Cis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newlynnruffin
 
Cis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCarolMurray2018
 
Multi-vocal Review of security orchestration
Multi-vocal Review of security orchestrationMulti-vocal Review of security orchestration
Multi-vocal Review of security orchestrationChadni Islam
 
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?Izar Tarandach
 
Active Shooter Preparedness Survey: Key Findings & Best Practices
Active Shooter Preparedness Survey: Key Findings & Best PracticesActive Shooter Preparedness Survey: Key Findings & Best Practices
Active Shooter Preparedness Survey: Key Findings & Best PracticesWilliam Penfield
 
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksStrayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksshyaminfopvtltd
 
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksStrayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksshyaminfotech
 
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksStrayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksvindaniel123
 
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksStrayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksElijahEthaan
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
 
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docxAssignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docxrock73
 
ISE 510 Final Project Milestone Two Guidelines and Rubric .docx
ISE 510 Final Project Milestone Two Guidelines and Rubric .docx ISE 510 Final Project Milestone Two Guidelines and Rubric .docx
ISE 510 Final Project Milestone Two Guidelines and Rubric .docxaryan532920
 
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad AndrewsNorth Texas Chapter of the ISSA
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
Identity and Attribution in Intercultural CommunicationPlease .docx
Identity and Attribution in Intercultural CommunicationPlease .docxIdentity and Attribution in Intercultural CommunicationPlease .docx
Identity and Attribution in Intercultural CommunicationPlease .docxalanrgibson41217
 
If a parent brought their son Ethan to your office who had a lot of .docx
If a parent brought their son Ethan to your office who had a lot of .docxIf a parent brought their son Ethan to your office who had a lot of .docx
If a parent brought their son Ethan to your office who had a lot of .docxalanrgibson41217
 

More Related Content

Similar to CYBR 650Current Trends in CybersecuritySpring 2016Ron Wo.docx

Cis 558 Enthusiastic Study / snaptutorial.com
Cis 558 Enthusiastic Study / snaptutorial.comCis 558 Enthusiastic Study / snaptutorial.com
Cis 558 Enthusiastic Study / snaptutorial.comStephenson06
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
Incident_Response_for_Management_Presentation.pptx
Incident_Response_for_Management_Presentation.pptxIncident_Response_for_Management_Presentation.pptx
Incident_Response_for_Management_Presentation.pptxssuser2a8bb7
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Cis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newAmyBell2017
 
Cis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newEmeliaJackson2017
 
Cis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newlynnruffin
 
Cis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCarolMurray2018
 
Multi-vocal Review of security orchestration
Multi-vocal Review of security orchestrationMulti-vocal Review of security orchestration
Multi-vocal Review of security orchestrationChadni Islam
 
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?Izar Tarandach
 
Active Shooter Preparedness Survey: Key Findings & Best Practices
Active Shooter Preparedness Survey: Key Findings & Best PracticesActive Shooter Preparedness Survey: Key Findings & Best Practices
Active Shooter Preparedness Survey: Key Findings & Best PracticesWilliam Penfield
 
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksStrayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksshyaminfopvtltd
 
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksStrayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksshyaminfotech
 
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksStrayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksvindaniel123
 
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksStrayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksElijahEthaan
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
 
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docxAssignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docxrock73
 
ISE 510 Final Project Milestone Two Guidelines and Rubric .docx
ISE 510 Final Project Milestone Two Guidelines and Rubric .docx ISE 510 Final Project Milestone Two Guidelines and Rubric .docx
ISE 510 Final Project Milestone Two Guidelines and Rubric .docxaryan532920
 
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad AndrewsNorth Texas Chapter of the ISSA
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 

Similar to CYBR 650Current Trends in CybersecuritySpring 2016Ron Wo.docx (20)

Cis 558 Enthusiastic Study / snaptutorial.com
Cis 558 Enthusiastic Study / snaptutorial.comCis 558 Enthusiastic Study / snaptutorial.com
Cis 558 Enthusiastic Study / snaptutorial.com
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
Incident_Response_for_Management_Presentation.pptx
Incident_Response_for_Management_Presentation.pptxIncident_Response_for_Management_Presentation.pptx
Incident_Response_for_Management_Presentation.pptx
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Cis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer new
 
Cis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer new
 
Cis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer new
 
Cis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer newCis 560 week 10 term paper – strayer new
Cis 560 week 10 term paper – strayer new
 
Multi-vocal Review of security orchestration
Multi-vocal Review of security orchestrationMulti-vocal Review of security orchestration
Multi-vocal Review of security orchestration
 
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
 
Active Shooter Preparedness Survey: Key Findings & Best Practices
Active Shooter Preparedness Survey: Key Findings & Best PracticesActive Shooter Preparedness Survey: Key Findings & Best Practices
Active Shooter Preparedness Survey: Key Findings & Best Practices
 
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksStrayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
 
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksStrayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
 
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksStrayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
 
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risksStrayer cis 558 week 4 case study 1 mitigating cloud computing risks
Strayer cis 558 week 4 case study 1 mitigating cloud computing risks
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
 
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docxAssignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
 
ISE 510 Final Project Milestone Two Guidelines and Rubric .docx
ISE 510 Final Project Milestone Two Guidelines and Rubric .docx ISE 510 Final Project Milestone Two Guidelines and Rubric .docx
ISE 510 Final Project Milestone Two Guidelines and Rubric .docx
 
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docx
 

More from alanrgibson41217

Identity and Attribution in Intercultural CommunicationPlease .docx
Identity and Attribution in Intercultural CommunicationPlease .docxIdentity and Attribution in Intercultural CommunicationPlease .docx
Identity and Attribution in Intercultural CommunicationPlease .docxalanrgibson41217
 
If a parent brought their son Ethan to your office who had a lot of .docx
If a parent brought their son Ethan to your office who had a lot of .docxIf a parent brought their son Ethan to your office who had a lot of .docx
If a parent brought their son Ethan to your office who had a lot of .docxalanrgibson41217
 
Identity ProfileThis assignment is a reflection and analysis.docx
Identity ProfileThis assignment is a reflection and analysis.docxIdentity ProfileThis assignment is a reflection and analysis.docx
Identity ProfileThis assignment is a reflection and analysis.docxalanrgibson41217
 
If a company’s CVP analyses showed it was not operating at break.docx
If a company’s CVP analyses showed it was not operating at break.docxIf a company’s CVP analyses showed it was not operating at break.docx
If a company’s CVP analyses showed it was not operating at break.docxalanrgibson41217
 
Identify an international police organization.Research at le.docx
Identify an international police organization.Research at le.docxIdentify an international police organization.Research at le.docx
Identify an international police organization.Research at le.docxalanrgibson41217
 
Identifyingand ManagingProject Risk................docx
Identifyingand ManagingProject Risk................docxIdentifyingand ManagingProject Risk................docx
Identifyingand ManagingProject Risk................docxalanrgibson41217
 
IDS 400 Milestone Four Guidelines and Rubric Analyzing an .docx
IDS 400 Milestone Four Guidelines and Rubric Analyzing an .docxIDS 400 Milestone Four Guidelines and Rubric Analyzing an .docx
IDS 400 Milestone Four Guidelines and Rubric Analyzing an .docxalanrgibson41217
 
IEP Team Members 10.0 Summary comprehensively and correctly id.docx
IEP Team Members 10.0 Summary comprehensively and correctly id.docxIEP Team Members 10.0 Summary comprehensively and correctly id.docx
IEP Team Members 10.0 Summary comprehensively and correctly id.docxalanrgibson41217
 
Identifying Your Group for AssignmentIdentify a disenfranchi.docx
Identifying Your Group for AssignmentIdentify a disenfranchi.docxIdentifying Your Group for AssignmentIdentify a disenfranchi.docx
Identifying Your Group for AssignmentIdentify a disenfranchi.docxalanrgibson41217
 
Identifying and communicating effectively is required. Choose an org.docx
Identifying and communicating effectively is required. Choose an org.docxIdentifying and communicating effectively is required. Choose an org.docx
Identifying and communicating effectively is required. Choose an org.docxalanrgibson41217
 
Identify your earliest exposure to people who were racially or cul.docx
Identify your earliest exposure to people who were racially or cul.docxIdentify your earliest exposure to people who were racially or cul.docx
Identify your earliest exposure to people who were racially or cul.docxalanrgibson41217
 
Identify your earliest exposure to people who were racially or c.docx
Identify your earliest exposure to people who were racially or c.docxIdentify your earliest exposure to people who were racially or c.docx
Identify your earliest exposure to people who were racially or c.docxalanrgibson41217
 
Identify two U.S. criminal justice system policy development agencie.docx
Identify two U.S. criminal justice system policy development agencie.docxIdentify two U.S. criminal justice system policy development agencie.docx
Identify two U.S. criminal justice system policy development agencie.docxalanrgibson41217
 
Identify two types of assessments discussed in the textbook, andor .docx
Identify two types of assessments discussed in the textbook, andor .docxIdentify two types of assessments discussed in the textbook, andor .docx
Identify two types of assessments discussed in the textbook, andor .docxalanrgibson41217
 
identify two projects in which you have been involved recently.1.docx
identify two projects in which you have been involved recently.1.docxidentify two projects in which you have been involved recently.1.docx
identify two projects in which you have been involved recently.1.docxalanrgibson41217
 
identify three internet service businesses. they can be organization.docx
identify three internet service businesses. they can be organization.docxidentify three internet service businesses. they can be organization.docx
identify three internet service businesses. they can be organization.docxalanrgibson41217
 
Identify three diseases related to homeostatic instability within th.docx
Identify three diseases related to homeostatic instability within th.docxIdentify three diseases related to homeostatic instability within th.docx
Identify three diseases related to homeostatic instability within th.docxalanrgibson41217
 
Identify the three main domains of executive function and explai.docx
Identify the three main domains of executive function and explai.docxIdentify the three main domains of executive function and explai.docx
Identify the three main domains of executive function and explai.docxalanrgibson41217
 
Identify the telos of Erikson’s theory of human development. Compare.docx
Identify the telos of Erikson’s theory of human development. Compare.docxIdentify the telos of Erikson’s theory of human development. Compare.docx
Identify the telos of Erikson’s theory of human development. Compare.docxalanrgibson41217
 
Identify the scales of measurement for each variable.Ide.docx
Identify the scales of measurement for each variable.Ide.docxIdentify the scales of measurement for each variable.Ide.docx
Identify the scales of measurement for each variable.Ide.docxalanrgibson41217
 

More from alanrgibson41217 (20)

Identity and Attribution in Intercultural CommunicationPlease .docx
Identity and Attribution in Intercultural CommunicationPlease .docxIdentity and Attribution in Intercultural CommunicationPlease .docx
Identity and Attribution in Intercultural CommunicationPlease .docx
 
If a parent brought their son Ethan to your office who had a lot of .docx
If a parent brought their son Ethan to your office who had a lot of .docxIf a parent brought their son Ethan to your office who had a lot of .docx
If a parent brought their son Ethan to your office who had a lot of .docx
 
Identity ProfileThis assignment is a reflection and analysis.docx
Identity ProfileThis assignment is a reflection and analysis.docxIdentity ProfileThis assignment is a reflection and analysis.docx
Identity ProfileThis assignment is a reflection and analysis.docx
 
If a company’s CVP analyses showed it was not operating at break.docx
If a company’s CVP analyses showed it was not operating at break.docxIf a company’s CVP analyses showed it was not operating at break.docx
If a company’s CVP analyses showed it was not operating at break.docx
 
Identify an international police organization.Research at le.docx
Identify an international police organization.Research at le.docxIdentify an international police organization.Research at le.docx
Identify an international police organization.Research at le.docx
 
Identifyingand ManagingProject Risk................docx
Identifyingand ManagingProject Risk................docxIdentifyingand ManagingProject Risk................docx
Identifyingand ManagingProject Risk................docx
 
IDS 400 Milestone Four Guidelines and Rubric Analyzing an .docx
IDS 400 Milestone Four Guidelines and Rubric Analyzing an .docxIDS 400 Milestone Four Guidelines and Rubric Analyzing an .docx
IDS 400 Milestone Four Guidelines and Rubric Analyzing an .docx
 
IEP Team Members 10.0 Summary comprehensively and correctly id.docx
IEP Team Members 10.0 Summary comprehensively and correctly id.docxIEP Team Members 10.0 Summary comprehensively and correctly id.docx
IEP Team Members 10.0 Summary comprehensively and correctly id.docx
 
Identifying Your Group for AssignmentIdentify a disenfranchi.docx
Identifying Your Group for AssignmentIdentify a disenfranchi.docxIdentifying Your Group for AssignmentIdentify a disenfranchi.docx
Identifying Your Group for AssignmentIdentify a disenfranchi.docx
 
Identifying and communicating effectively is required. Choose an org.docx
Identifying and communicating effectively is required. Choose an org.docxIdentifying and communicating effectively is required. Choose an org.docx
Identifying and communicating effectively is required. Choose an org.docx
 
Identify your earliest exposure to people who were racially or cul.docx
Identify your earliest exposure to people who were racially or cul.docxIdentify your earliest exposure to people who were racially or cul.docx
Identify your earliest exposure to people who were racially or cul.docx
 
Identify your earliest exposure to people who were racially or c.docx
Identify your earliest exposure to people who were racially or c.docxIdentify your earliest exposure to people who were racially or c.docx
Identify your earliest exposure to people who were racially or c.docx
 
Identify two U.S. criminal justice system policy development agencie.docx
Identify two U.S. criminal justice system policy development agencie.docxIdentify two U.S. criminal justice system policy development agencie.docx
Identify two U.S. criminal justice system policy development agencie.docx
 
Identify two types of assessments discussed in the textbook, andor .docx
Identify two types of assessments discussed in the textbook, andor .docxIdentify two types of assessments discussed in the textbook, andor .docx
Identify two types of assessments discussed in the textbook, andor .docx
 
identify two projects in which you have been involved recently.1.docx
identify two projects in which you have been involved recently.1.docxidentify two projects in which you have been involved recently.1.docx
identify two projects in which you have been involved recently.1.docx
 
identify three internet service businesses. they can be organization.docx
identify three internet service businesses. they can be organization.docxidentify three internet service businesses. they can be organization.docx
identify three internet service businesses. they can be organization.docx
 
Identify three diseases related to homeostatic instability within th.docx
Identify three diseases related to homeostatic instability within th.docxIdentify three diseases related to homeostatic instability within th.docx
Identify three diseases related to homeostatic instability within th.docx
 
Identify the three main domains of executive function and explai.docx
Identify the three main domains of executive function and explai.docxIdentify the three main domains of executive function and explai.docx
Identify the three main domains of executive function and explai.docx
 
Identify the telos of Erikson’s theory of human development. Compare.docx
Identify the telos of Erikson’s theory of human development. Compare.docxIdentify the telos of Erikson’s theory of human development. Compare.docx
Identify the telos of Erikson’s theory of human development. Compare.docx
 
Identify the scales of measurement for each variable.Ide.docx
Identify the scales of measurement for each variable.Ide.docxIdentify the scales of measurement for each variable.Ide.docx
Identify the scales of measurement for each variable.Ide.docx
 

Recently uploaded

History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 

Recently uploaded (20)

History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 

CYBR 650Current Trends in CybersecuritySpring 2016Ron Wo.docx

  • 1. CYBR 650 Current Trends in Cybersecurity Spring 2016 Ron Woerner WELCOME Class information Term: March 14, 2016 – June 4, 2016 Class meets Tuesdays, 6:15pm – 9:00pm Class week: Mondays – Sundays Assignments due Sunday night Enhanced class – both in class and online 2 CYBR 650 Spring 2016 CYBR 650 Spring 2016 3 Videos My objective is to not be like this: https://www.youtube.com/watch?v=uhiCFdWeQfA Or this: Why you should turn off your cell phone in class Don't Judge Too Quickly 4
  • 2. CYBR 650 Spring 2016 Class Broadcast Using Adobe Connect Use a web browser – http://bellevuena6.adobeconnect.com/cybr650-spr16/ Audio over the Internet In class can join as well Online participants: I’ll been to turn on your mic as needed Use the chat window / Raise hand CYBR 650 Spring 2016 5 In Case of Emergency Tornado Fire Power Outage Active shooter Winter weather Zombiepocalypse CYBR 650 Spring 2016 6 Security News Daily Open Source Infrastructure Report SANS Internet Storm Center Threatpost CSO Online Blogs Fill in the blank with what’s happening.
  • 3. 7 CYBR 650 Spring 2016 Questions Have a security clearance? Is this your first class? Have taken a class with me? Have a security or IT certification? Have been jailed for security violations? How many… Identity Paradox How do you know? How do I prove it to you? Without compromising my privacy? Who am I? Introductions Ron Woerner 25+ years experience in IT CISSP for 14 years Security Professional for 15+ years Given ~50 presentations on security B.S. Comp Sci & M.S. Information Systems
  • 4. Call me coach 10 Who I am CYBR 650 Spring 2016 Introductions – Your turn Name Student status Work status Experience with security / hacking What are you looking for from this class? [You also need to do this on the forum.] 11 Who are you? CYBR 650 Spring 2016 Course Schedule* See the Course Syllabus 12 CYBR 650 Spring 2016 *Subject to change
  • 5. Class Attendance Students are expected to attend class and to complete all assignments. If you have specific attendance and/or participation requirements related to your educational funding or student visa status, you are expected to monitor your own attendance/participation to ensure you are in compliance with those requirements. I track attendance, but don’t base your grades on it. Please be professional. CYBR 650 Spring 2016 13 Course Materials Required: Threat Modeling, Designing for Security, Adam Shostack, © 2014, Wiley Publishing, ISBN: 978-1-118-80999-0, Book Website: http://threatmodelingbook.com/ Recommended: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition, Ross Anderson, © 2008, Wiley Publishing, Inc., ISBN: 978-0-470-06852-6, Book Website: http://www.cl.cam.ac.uk/~rja14/book.html . Supplemental Reading – See the assignment’s page 14 CYBR 650 Spring 2016 Threat Modeling (book) Process for threat modeling Based on software development life cycle CYBR 650 Spring 2016
  • 6. 15 Course Materials See the Reading List 16 CYBR 650 Spring 2016 Do it now Log into Blackboard Enter the course Read the syllabus (under Course Information) Take the syllabus / class rules quiz (if you haven’t already done so) You need to do this to see the week 1 assignments. CYBR 650 Spring 2016 17 CYA* You’re here to learn (not just get a grade / credit for the class) [I’m an optimist.] You’ll come to class prepared. You still have time while I’m talking… You’ll submit assignments in a Word compatible format. 18 * Check You Assumptions CYBR 650 Spring 2016
  • 7. Class Expectations – 1 Come to class (or let me know if you can’t) Read and understand the material by Thursday Participate in class and online discussions The more the better Actively learn, share, ask questions, and debate ASK QUESTIONS! 19 CYBR 650 Spring 2016 Class Expectations – 2 Be proud of your work – put your name on it Stay current with your work – turn it in on time Get out of jail free card Find, use, and cite your sources (APA or MLA) At least 3 for each research paper Over communicate Proufread you’re work Think outside the box – be creative 20 CYBR 650 Spring 2016 Class Assignments See CyberActive / BlackBoard page for the week Weekly written assignment Weekly discussion Online and in class Occasional group work Will mostly be in class You need to make it up if you won’t be in class Weekly quiz
  • 8. 21 CYBR 650 Spring 2016 Paper writing & formatting Ensure good English writing Tips for Creating an Information Security Assessment Report Cheat Sheet – L Zeltser Lack of good writing kills credibility Citations & References required Can be APA or MLA Papers must be professional Single links for references don’t count See Citing Your Sources 22 CYBR 650 Spring 2016 Academic Honesty Your work must be your own Copying from others (include other sections) Plagiarism (see plagiarism 101 on plagiarism.org) Cite and reference information from sources I like to know where it’s from so I can learn Learn how to properly paraphrase DON’T use a synonymizer for words. 23 CYBR 650 Spring 2016 Other stuff you should know Using Wikipedia Problem solving
  • 9. Google hacking 24 CYBR 650 Spring 2016 Discussions Need at least 3 posts for minimum (B-) credit More is better At least 4 if you’re not in class Initial post Must be by Thursday’s class. Should have 2-3 paragraphs References don’t need to be APA/MLA See previous slide on plagiarism Replies by Sunday evening (approx. 6pm) Please, don’t just say, “Nice post” Answer questions asked on your thread 25 CYBR 650 Spring 2016 What this class is (really) about Threat modeling Security Engineering Current security events 26 CYBR 650 Spring 2016 27 Threat
  • 10. Modeling CYBR 650 Spring 2016 Why should I care? Would you know a threat if it bit you in the ___? Makes a difference in how they’re handled, prioritized, mitigated, and managed. Definitions Risk – The probable frequency and probable magnitude of future loss. [Jack Jones] – An uncertain event or condition that, if it occurs, has an impact on a project’s or business’ objectives. [Ron ] Threat – Any circumstance, event, person or thing with the potential to inflict loss. Vulnerability – A weakness that makes a threat possible. Exploit – An action taken by a threat source that harms an asset usually by taking advantage of a vulnerability or weakness. 30 Definitions Control – The act of restricting, limiting or managing something. – The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management, or
  • 11. legal nature. Threat Vector – A path or tool used by an adversary to compromise a target. Threat Analysis – Identification of the threats that exist against enterprise assets. 31 Definitions Risk Assessment – The act of identifying potential threats to and vulnerabilities in an information system or business process. Risk Management – The process of determining an acceptable level of risk, assessing the current level of risk, taking steps to reduce risk to the acceptable level, and maintaining that level of risk. Risk Appetite / Tolerance – The amount of risk an entity is willing to accept. 32 Which of the following are risks? Disgruntled insiders Internet-facing web servers Untested recovery processes Network shares containing sensitive information Weak passwords Hurricane force winds Threat Assets Deficient control Assets
  • 12. Deficient control Threat Threat determination In this article, how many of these are actually threats? http://www.networkworld.com/article/3042610/security/the- dirty-dozen-12-cloud-security-threats.html CYBR 650 Spring 2016 34 Threat Modeling Using models to find (and decide about) real or potential security problems (p. 3). Using a standard process to analyze any circumstance, event, person or thing with the potential to inflict loss. Anticipate / Catch problems before they occur. CYBR 650 Spring 2016 35 CYBR 650 Spring 2016 36 https://courses.cs.washington.edu/courses/cse484/14au/slides/th read-modeling.pdf 36 37
  • 13. Process Modeling CYBR 650 Spring 2016 What is Process Modeling? aka Business Process Modeling (BPM) A diagram representing a sequence of activities. It typically shows events, actions and links or connection points, in the sequence from end to end. [Business Balls] Identifying and Documenting Business Activities (also known as tasks) and Processes by Employing a Formal BPM Language. A Process MUST have a business objective. Business activities identify the steps to achieving a business goal. [Business Modeling] CYBR 650 Spring 2016 38 BusinessBalls: Business Process Modeling Business Modeling - IT & Business Allignment, http://www.modelingconcepts.com/pdf/BPM_V2.pdf. 38 Threat Process Modeling Creating a workflow to identify, analyze, and make decisions on threats to data, information, systems, networks, etc. Basically, a recipe to follow. CYBR 650 Spring 2016 39
  • 14. CYBR 650 Spring 2016 40 http://www.modelingconcepts.com/pdf/BPM_V2.pdf. 40 Threat Process Modeling Identifying credible sources of threat and vulnerability information. Gathering, analyzing, and storing threat and vulnerability information. Documenting system information, both logical and physical. Gathering policies, standards, and procedures (both internal and external) that are applicable to the system. Evaluating threats and vulnerabilities to determine whether they apply to the information system. Make recommendations for controls to the system. Evaluate impact of controls to the system. Start again at Step 1! CYBR 650 Spring 2016 41 From the Weeks 1 & 2 Assignment’s page 41 Break 42 CYBR 515 Fall 2015
  • 15. Week 1 Assignment Threat Model Process Develop your threat modeling process Use the one provided as a template Add steps as needed Check the flow. Does it make sense? Create a workflow diagram (Visio or equivalent) Step-by-step instructions Audience is someone who has never threat modeled Generic to be used by any type of business Initial version due in week 1. Updated version due in week 4. Submit to both the discussion forum and the assignment link. 43 CYBR 650 Spring 2016 Week 1 Assignments Assignment 1 – Discussion See the Week 1 Assignments page Pick one of the topics. Try not to repeat. Answer questions / comments on your thread. Initial post due by end of week 1 (March 20). Replies due by 6pm end of week 2 (March 27). 15 points for original post, 15 points for participation. 44 CYBR 650 Spring 2016 Week 1 Assignments
  • 16. Security Blog See the instruction sheet Create your own blog and write articles for it each week. Should be 600-800 words. Make it interesting and applicable. {What do you like in a blog?} 45 CYBR 650 Spring 2016 Building your Toolkit 13 must-have security tools Vuln Hub: https://www.vulnhub.com/ Resources Brainpan, http://blog.techorganic.com/ Challenge sites: http://www.wechall.net/ What’s in Your [Security] Wallet? My Security Bookshelf SecTools.org Oldergeeks.com CYBR 650 Spring 2016 46 Questions???
  • 17. 47 Get to Work! Discussion posts Blog Threat process modeling Security research Wash my car <just kidding> 48 CYBR 650 Spring 2016 49 DON’t leave! CYBR 650 Spring 2016 Next Week Threat process modeling continued Deeper dive into threats Threat intelligence Sources Data analytics
  • 18. 50 CYBR 650 Spring 2016 See http://www.darkreading.com/threat-intelligence/threat- intelligences-big-data-problem/d/d-id/1324702? 50 CYBR 650 Current Trends in Cybersecurity Spring 2016 Ron Woerner WELCOME Class information Term: March 14, 2016 – June 4, 2016 Class meets Tuesdays, 6:15pm – 9:00pm Class week: Mondays – Sundays Assignments due Sunday night Enhanced class – both in class and online 2 CYBR 650 Spring 2016 CYBR 650 Spring 2016 3
  • 19. Videos My objective is to not be like this: https://www.youtube.com/watch?v=uhiCFdWeQfA Or this: Why you should turn off your cell phone in class Don't Judge Too Quickly 4 CYBR 650 Spring 2016 Class Broadcast Using Adobe Connect Use a web browser – http://bellevuena6.adobeconnect.com/cybr650-spr16/ Audio over the Internet In class can join as well Online participants: I’ll been to turn on your mic as needed Use the chat window / Raise hand CYBR 650 Spring 2016 5 In Case of Emergency Tornado Fire Power Outage Active shooter Winter weather Zombiepocalypse CYBR 650 Spring 2016 6
  • 20. Security News Daily Open Source Infrastructure Report SANS Internet Storm Center Threatpost CSO Online Blogs Fill in the blank with what’s happening. 7 CYBR 650 Spring 2016 Questions Have a security clearance? Is this your first class? Have taken a class with me? Have a security or IT certification? Have been jailed for security violations? How many… Identity Paradox How do you know? How do I prove it to you? Without compromising my privacy? Who am I?
  • 21. Introductions Ron Woerner 25+ years experience in IT CISSP for 14 years Security Professional for 15+ years Given ~50 presentations on security B.S. Comp Sci & M.S. Information Systems Call me coach 10 Who I am CYBR 650 Spring 2016 Introductions – Your turn Name Student status Work status Experience with security / hacking What are you looking for from this class? [You also need to do this on the forum.] 11 Who are you? CYBR 650 Spring 2016 Course Schedule*
  • 22. See the Course Syllabus 12 CYBR 650 Spring 2016 *Subject to change Class Attendance Students are expected to attend class and to complete all assignments. If you have specific attendance and/or participation requirements related to your educational funding or student visa status, you are expected to monitor your own attendance/participation to ensure you are in compliance with those requirements. I track attendance, but don’t base your grades on it. Please be professional. CYBR 650 Spring 2016 13 Course Materials Required: Threat Modeling, Designing for Security, Adam Shostack, © 2014, Wiley Publishing, ISBN: 978-1-118-80999-0, Book Website: http://threatmodelingbook.com/ Recommended: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition, Ross Anderson, © 2008, Wiley Publishing, Inc., ISBN: 978-0-470-06852-6, Book Website: http://www.cl.cam.ac.uk/~rja14/book.html . Supplemental Reading – See the assignment’s page 14 CYBR 650 Spring 2016
  • 23. Threat Modeling (book) Process for threat modeling Based on software development life cycle CYBR 650 Spring 2016 15 Course Materials See the Reading List 16 CYBR 650 Spring 2016 Do it now Log into Blackboard Enter the course Read the syllabus (under Course Information) Take the syllabus / class rules quiz (if you haven’t already done so) You need to do this to see the week 1 assignments. CYBR 650 Spring 2016 17 CYA* You’re here to learn (not just get a grade / credit for the class) [I’m an optimist.] You’ll come to class prepared.
  • 24. You still have time while I’m talking… You’ll submit assignments in a Word compatible format. 18 * Check You Assumptions CYBR 650 Spring 2016 Class Expectations – 1 Come to class (or let me know if you can’t) Read and understand the material by Thursday Participate in class and online discussions The more the better Actively learn, share, ask questions, and debate ASK QUESTIONS! 19 CYBR 650 Spring 2016 Class Expectations – 2 Be proud of your work – put your name on it Stay current with your work – turn it in on time Get out of jail free card Find, use, and cite your sources (APA or MLA) At least 3 for each research paper Over communicate Proufread you’re work Think outside the box – be creative 20 CYBR 650 Spring 2016 Class Assignments
  • 25. See CyberActive / BlackBoard page for the week Weekly written assignment Weekly discussion Online and in class Occasional group work Will mostly be in class You need to make it up if you won’t be in class Weekly quiz 21 CYBR 650 Spring 2016 Paper writing & formatting Ensure good English writing Tips for Creating an Information Security Assessment Report Cheat Sheet – L Zeltser Lack of good writing kills credibility Citations & References required Can be APA or MLA Papers must be professional Single links for references don’t count See Citing Your Sources 22 CYBR 650 Spring 2016 Academic Honesty Your work must be your own Copying from others (include other sections) Plagiarism (see plagiarism 101 on plagiarism.org) Cite and reference information from sources I like to know where it’s from so I can learn Learn how to properly paraphrase DON’T use a synonymizer for words.
  • 26. 23 CYBR 650 Spring 2016 Other stuff you should know Using Wikipedia Problem solving Google hacking 24 CYBR 650 Spring 2016 Discussions Need at least 3 posts for minimum (B-) credit More is better At least 4 if you’re not in class Initial post Must be by Thursday’s class. Should have 2-3 paragraphs References don’t need to be APA/MLA See previous slide on plagiarism Replies by Sunday evening (approx. 6pm) Please, don’t just say, “Nice post” Answer questions asked on your thread 25 CYBR 650 Spring 2016 What this class is (really) about Threat modeling Security Engineering Current security events
  • 27. 26 CYBR 650 Spring 2016 27 Threat Modeling CYBR 650 Spring 2016 Why should I care? Would you know a threat if it bit you in the ___? Makes a difference in how they’re handled, prioritized, mitigated, and managed. Definitions Risk – The probable frequency and probable magnitude of future loss. [Jack Jones] – An uncertain event or condition that, if it occurs, has an impact on a project’s or business’ objectives. [Ron ] Threat – Any circumstance, event, person or thing with the potential to inflict loss. Vulnerability – A weakness that makes a threat possible. Exploit – An action taken by a threat source that harms an asset usually by taking advantage of a vulnerability or weakness.
  • 28. 30 Definitions Control – The act of restricting, limiting or managing something. – The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management, or legal nature. Threat Vector – A path or tool used by an adversary to compromise a target. Threat Analysis – Identification of the threats that exist against enterprise assets. 31 Definitions Risk Assessment – The act of identifying potential threats to and vulnerabilities in an information system or business process. Risk Management – The process of determining an acceptable level of risk, assessing the current level of risk, taking steps to reduce risk to the acceptable level, and maintaining that level of risk. Risk Appetite / Tolerance – The amount of risk an entity is willing to accept. 32 Which of the following are risks? Disgruntled insiders Internet-facing web servers
  • 29. Untested recovery processes Network shares containing sensitive information Weak passwords Hurricane force winds Threat Assets Deficient control Assets Deficient control Threat Threat determination In this article, how many of these are actually threats? http://www.networkworld.com/article/3042610/security/the- dirty-dozen-12-cloud-security-threats.html CYBR 650 Spring 2016 34 Threat Modeling Using models to find (and decide about) real or potential security problems (p. 3). Using a standard process to analyze any circumstance, event, person or thing with the potential to inflict loss. Anticipate / Catch problems before they occur. CYBR 650 Spring 2016 35 CYBR 650 Spring 2016 36
  • 30. https://courses.cs.washington.edu/courses/cse484/14au/slides/th read-modeling.pdf 36 37 Process Modeling CYBR 650 Spring 2016 What is Process Modeling? aka Business Process Modeling (BPM) A diagram representing a sequence of activities. It typically shows events, actions and links or connection points, in the sequence from end to end. [Business Balls] Identifying and Documenting Business Activities (also known as tasks) and Processes by Employing a Formal BPM Language. A Process MUST have a business objective. Business activities identify the steps to achieving a business goal. [Business Modeling] CYBR 650 Spring 2016 38 BusinessBalls: Business Process Modeling Business Modeling - IT & Business Allignment, http://www.modelingconcepts.com/pdf/BPM_V2.pdf. 38
  • 31. Threat Process Modeling Creating a workflow to identify, analyze, and make decisions on threats to data, information, systems, networks, etc. Basically, a recipe to follow. CYBR 650 Spring 2016 39 CYBR 650 Spring 2016 40 http://www.modelingconcepts.com/pdf/BPM_V2.pdf. 40 Threat Process Modeling Identifying credible sources of threat and vulnerability information. Gathering, analyzing, and storing threat and vulnerability information. Documenting system information, both logical and physical. Gathering policies, standards, and procedures (both internal and external) that are applicable to the system. Evaluating threats and vulnerabilities to determine whether they apply to the information system. Make recommendations for controls to the system. Evaluate impact of controls to the system. Start again at Step 1! CYBR 650 Spring 2016 41
  • 32. From the Weeks 1 & 2 Assignment’s page 41 Break 42 CYBR 515 Fall 2015 Week 1 Assignment Threat Model Process Develop your threat modeling process Use the one provided as a template Add steps as needed Check the flow. Does it make sense? Create a workflow diagram (Visio or equivalent) Step-by-step instructions Audience is someone who has never threat modeled Generic to be used by any type of business Initial version due in week 1. Updated version due in week 4. Submit to both the discussion forum and the assignment link. 43 CYBR 650 Spring 2016 Week 1 Assignments Assignment 1 – Discussion See the Week 1 Assignments page Pick one of the topics. Try not to repeat. Answer questions / comments on your thread. Initial post due by end of week 1 (March 20). Replies due by 6pm end of week 2 (March 27). 15 points for original post, 15 points for participation.
  • 33. 44 CYBR 650 Spring 2016 Week 1 Assignments Security Blog See the instruction sheet Create your own blog and write articles for it each week. Should be 600-800 words. Make it interesting and applicable. {What do you like in a blog?} 45 CYBR 650 Spring 2016 Building your Toolkit 13 must-have security tools Vuln Hub: https://www.vulnhub.com/ Resources Brainpan, http://blog.techorganic.com/ Challenge sites: http://www.wechall.net/ What’s in Your [Security] Wallet? My Security Bookshelf SecTools.org Oldergeeks.com CYBR 650 Spring 2016
  • 34. 46 Questions??? 47 Get to Work! Discussion posts Blog Threat process modeling Security research Wash my car <just kidding> 48 CYBR 650 Spring 2016 49 DON’t leave! CYBR 650 Spring 2016
  • 35. Next Week Threat process modeling continued Deeper dive into threats Threat intelligence Sources Data analytics 50 CYBR 650 Spring 2016 See http://www.darkreading.com/threat-intelligence/threat- intelligences-big-data-problem/d/d-id/1324702? 50