SlideShare a Scribd company logo

Security Strategies in Windows Platforms and ApplicationsL.docx

Download as DOCX, PDF
J
jeffreye3

Security Strategies in Windows Platforms and Applications Lesson 1 Microsoft Windows and the Threat Landscape © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Cover image © Sharpshot/Dreamstime.com Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Learning Objective(s) Describe information systems security and the inherent security features of the Microsoft Windows operating system. Describe threats to Microsoft Windows and applications. Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 2 Key Concepts Information systems security and the C-I-A triad Microsoft Windows and a typical IT infrastructure Vulnerabilities of Microsoft Windows systems and their applications Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 3 Information Systems Security Defense in depth A collection of strategies to make a computer environment safe Information security Main goal is to prevent loss Most decisions require balance between security and usability Security controls are mechanisms used to protect information Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 4 Security Controls Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5 Type of Control Administrative Type of Function Preventive Detective Corrective Technical Physical C-I-A Triad Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The practice of securing information involves ensuring three tenets of information security: confidentiality, integrity, and availability Known as the C-I-A triad Also known as the availability, integrity, and confidentiality (A-I-C) triad Each tenet interacts with the other two and, in some cases, may conflict 6 Confidentiality The assurance that the information cannot be accessed or viewed by unauthorized users Examples of confidential information: Financial information Medical information Secret military plans Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. A successful attack against confidential information enables the attacker to use the information to gain an inappropriate advan.

Education
1 of 17
Security Strategies in Windows Platforms and Applications Lesson 1 Microsoft Windows and the Threat Landscape © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Cover image © Sharpshot/Dreamstime.com Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Learning Objective(s) Describe information systems security and the inherent security features of the Microsoft Windows operating system. Describe threats to Microsoft Windows and applications. Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com
All rights reserved. 2 Key Concepts Information systems security and the C-I-A triad Microsoft Windows and a typical IT infrastructure Vulnerabilities of Microsoft Windows systems and their applications Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 3 Information Systems Security Defense in depth A collection of strategies to make a computer environment safe Information security Main goal is to prevent loss Most decisions require balance between security and usability Security controls are mechanisms used to protect information Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com
All rights reserved. 4 Security Controls Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5 Type of Control Administrative Type of Function Preventive Detective Corrective
Technical Physical C-I-A Triad Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The practice of securing information involves ensuring three tenets of information security: confidentiality, integrity, and availability Known as the C-I-A triad Also known as the availability, integrity, and confidentiality (A-I-C) triad Each tenet interacts with the other two and, in some cases, may conflict 6 Confidentiality The assurance that the information cannot be accessed or viewed by unauthorized users Examples of confidential information: Financial information
Medical information Secret military plans Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. A successful attack against confidential information enables the attacker to use the information to gain an inappropriate advantage or to extort compensation through threats to divulge the information. 7 Integrity The assurance that the information cannot be changed by unauthorized users Ensuring integrity means applying controls that prohibit unauthorized changes to information Examples of integrity controls: Security classification User clearance Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning
Company www.jblearning.com All rights reserved. 8 Availability The assurance that the information is available to authorized users in an acceptable time frame when the information is requested is availability Examples of attacks that affect availability: Denial of service (DoS) Hacktivist Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 9 Microsoft Windows and Applications in a Typical IT Infrastructure IT infrastructure Collection of computers, devices, and network components that make up an IT environment
Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 10 Microsoft Windows and Applications in a Typical IT Infrastructure Common infrastructure components: Client platforms Network segments Network devices Server instances (often listed by function) Cloud-based offerings, such as Microsoft Office 365 and Microsoft Azure Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 11 A Sample IT Infrastructure
Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Windows Clients Client systems provide functionality to end users; customer- facing systems Include desktops, laptops, and mobile devices Each application can be deployed on client systems as either a thin or a thick client Windows 10 Newest and most popular Windows client operating system Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 13 Windows Servers Server computers provide services to client applications Common server applications: Web servers, application servers, and database servers Windows Server 2019 Essentials, for small businesses Standard, for most server functions Datacenter, for large-scale deployments
Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 14 Microsoft’s End-User License Agreement (EULA) Software license agreement that contains the Microsoft Software License Terms Must be accepted prior to installation of any Microsoft Windows product Located in the Windows install folder or on the Microsoft website Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 15 Microsoft EULA Sections Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning
Company www.jblearning.com All rights reserved. Updates Additional Notices—Networks, Data, and Internet Usage Limited Warranty Exclusions from Limited Warranty Windows Threats and Vulnerabilities Successful attack: One that realizes, or carries out, a threat against vulnerabilities Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 17 Risk Any exposure to a threat
Threat Any action that could lead to damage, disruption, or loss Vulnerability Weakness in an operating system or application software Windows Threats and Vulnerabilities A threat is not necessarily dangerous Fire in fireplace = desirable Fire in data center = dangerous For damage to occur, there has to be a threat Attackers look for vulnerabilities, then devise an attack that will exploit the weakness Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 18 Anatomy of Microsoft Windows Vulnerabilities
Ransomware Malicious software that renders files or volumes inaccessible through encryption Attacker demands payment using cryptocurrency for the decryption key Well-known ransomware attacks CryptoLocker Locky WannaCry Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Most ransomware encrypts data and demands a payment using cryptocurrency in exchange for the decryption key. 19 Discovery-Analysis-Remediation Cycle Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. A recurring three-step process for addressing attacks
20 Discovery Once an attack starts, attackers become as inconspicuous as possible Need to compare suspect activity baseline (normal activity) to detect anomalies Common method of accomplishing this is to use activity and monitoring logs Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 21 Analysis Security information and event management (SIEM) tools Collect and aggregate security-related information from multiple sources and devices Help prepare data for correlation and analysis Current vulnerability and security bulletin databases Help you determine if others are experiencing same activity Page ‹#› Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. SIEM tools can often cross-reference known vulnerability databases to help identify suspect behavior. The analysis phase includes validating suspect activity as abnormal and then figuring out what is causing it. 22 Remediation Contain any damage that has occurred, recover from any loss, and implement controls to prevent a recurrence Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 23 Common Forms of AttackThreatDescriptionPhishingGenerally start with a message that contains a link or image to click, or a file to open; taking these actions launches malware attacksMalwareMalicious software designed to carry out tasks that the user would not normally allowDenial of service (DoS)Any action that dramatically slows down or blocks access
to one or more resourcesInjection attackDepends on ability to send instructions to an application that causes the application to carry out unintended actions; SQL injection is common Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 24 Common Forms of Attack (Cont.)ThreatDescriptionUnprotected Windows Share A situation that allows attackers to install tools, including malicious softwareSession hijacking and credential reuseAttempts by attackers to take over valid sessions or capture credentials to impersonate valid usersCross-site scriptingSpecially crafted malicious code used to attack web applications Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 25 Common Forms of Attack (Cont.)ThreatDescriptionPacket sniffing The process of collecting network messages as they
travel across a network in hopes of divulging sensitive information, such as passwords Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 26 Summary Information systems security and the C-I-A triad Microsoft Windows and a typical IT infrastructure Vulnerabilities of Microsoft Windows systems and their applications Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 27
Security Strategies in Windows Platforms and ApplicationsL.docx

Recommended

Current Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxCurrent Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docx
annettsparrow
 
Documentation Artifact 5Long Term Care Plan-Continuing to .docx
Documentation Artifact 5Long Term Care Plan-Continuing to .docxDocumentation Artifact 5Long Term Care Plan-Continuing to .docx
Documentation Artifact 5Long Term Care Plan-Continuing to .docx
petehbailey729071
 
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
MorganLudwig40
 
JavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaJavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for Java
Chris Bailey
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
WSO2
 
Secure Engineering Practices for Java
Secure Engineering Practices for JavaSecure Engineering Practices for Java
Secure Engineering Practices for Java
Tim Ellison
 
CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202
EstelaJeffery653
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM Security
 

Recommended

Current Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxCurrent Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docx
annettsparrow
 
Documentation Artifact 5Long Term Care Plan-Continuing to .docx
Documentation Artifact 5Long Term Care Plan-Continuing to .docxDocumentation Artifact 5Long Term Care Plan-Continuing to .docx
Documentation Artifact 5Long Term Care Plan-Continuing to .docx
petehbailey729071
 
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
MorganLudwig40
 
JavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaJavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for Java
Chris Bailey
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
WSO2
 
Secure Engineering Practices for Java
Secure Engineering Practices for JavaSecure Engineering Practices for Java
Secure Engineering Practices for Java
Tim Ellison
 
CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202
EstelaJeffery653
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM Security
 
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public Sector
IBMGovernmentCA
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
IBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanIBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajan
Shwetank Jayaswal
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and Defenses
IRJET Journal
 
Hacking3e ppt ch15
Hacking3e ppt ch15Hacking3e ppt ch15
Hacking3e ppt ch15
Skillspire LLC
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Cenzic
 
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
Andris Soroka
 
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docxcase analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
cowinhelen
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
UISGCON
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
TechWell
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
CSNP
 
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Inno Eroraha [NetSecurity]
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Education & Training Boards
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
IBM Security
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
Teemu Tiainen
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
Mohan Jadhav
 
Information security
Information securityInformation security
Information security
AlaaMahmoud108
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
Sujata Raskar
 
Select 2 particular media forum types from the following listNews.docx
Select 2 particular media forum types from the following listNews.docxSelect 2 particular media forum types from the following listNews.docx
Select 2 particular media forum types from the following listNews.docx
jeffreye3
 
Select 1 of the datasets.Set up a frequency table.docx
Select 1 of the datasets.Set up a frequency table.docxSelect 1 of the datasets.Set up a frequency table.docx
Select 1 of the datasets.Set up a frequency table.docx
jeffreye3
 

More Related Content

Similar to Security Strategies in Windows Platforms and ApplicationsL.docx

Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public Sector
IBMGovernmentCA
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
IBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanIBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajan
Shwetank Jayaswal
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and Defenses
IRJET Journal
 
Hacking3e ppt ch15
Hacking3e ppt ch15Hacking3e ppt ch15
Hacking3e ppt ch15
Skillspire LLC
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Cenzic
 
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
Andris Soroka
 
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docxcase analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
cowinhelen
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
UISGCON
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
TechWell
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
CSNP
 
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Inno Eroraha [NetSecurity]
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Education & Training Boards
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
IBM Security
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
Teemu Tiainen
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
Mohan Jadhav
 
Information security
Information securityInformation security
Information security
AlaaMahmoud108
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
Sujata Raskar
 

Similar to Security Strategies in Windows Platforms and ApplicationsL.docx (20)

Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public Sector
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
IBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanIBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajan
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and Defenses
 
Hacking3e ppt ch15
Hacking3e ppt ch15Hacking3e ppt ch15
Hacking3e ppt ch15
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
 
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
 
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docxcase analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
 
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Information security
Information securityInformation security
Information security
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 

More from jeffreye3

Select 2 particular media forum types from the following listNews.docx
Select 2 particular media forum types from the following listNews.docxSelect 2 particular media forum types from the following listNews.docx
Select 2 particular media forum types from the following listNews.docx
jeffreye3
 
Select 1 of the datasets.Set up a frequency table.docx
Select 1 of the datasets.Set up a frequency table.docxSelect 1 of the datasets.Set up a frequency table.docx
Select 1 of the datasets.Set up a frequency table.docx
jeffreye3
 
Select 1 alternative religion (e.g., Church of Scientology, Tr.docx
Select 1 alternative religion (e.g., Church of Scientology, Tr.docxSelect 1 alternative religion (e.g., Church of Scientology, Tr.docx
Select 1 alternative religion (e.g., Church of Scientology, Tr.docx
jeffreye3
 
Select 1 existing or defunct magazine or newspaper, and research its.docx
Select 1 existing or defunct magazine or newspaper, and research its.docxSelect 1 existing or defunct magazine or newspaper, and research its.docx
Select 1 existing or defunct magazine or newspaper, and research its.docx
jeffreye3
 
SeleccionarSelect the item that does not belong.¿Lógico o .docx
SeleccionarSelect the item that does not belong.¿Lógico o .docxSeleccionarSelect the item that does not belong.¿Lógico o .docx
SeleccionarSelect the item that does not belong.¿Lógico o .docx
jeffreye3
 
SeleccionarSelecciona la respuesta que mejor completa cada oración.docx
SeleccionarSelecciona la respuesta que mejor completa cada oración.docxSeleccionarSelecciona la respuesta que mejor completa cada oración.docx
SeleccionarSelecciona la respuesta que mejor completa cada oración.docx
jeffreye3
 
Segmented Assimilation Theory and theLife Model An Integrat.docx
Segmented Assimilation Theory and theLife Model An Integrat.docxSegmented Assimilation Theory and theLife Model An Integrat.docx
Segmented Assimilation Theory and theLife Model An Integrat.docx
jeffreye3
 
Seeking your ability to think about criminalsocial issues .docx
Seeking your ability to think about criminalsocial issues .docxSeeking your ability to think about criminalsocial issues .docx
Seeking your ability to think about criminalsocial issues .docx
jeffreye3
 
Seeking help with week 4 UOP PSY525 team assignment.  Only one.docx
Seeking help with week 4 UOP PSY525 team assignment.  Only one.docxSeeking help with week 4 UOP PSY525 team assignment.  Only one.docx
Seeking help with week 4 UOP PSY525 team assignment.  Only one.docx
jeffreye3
 
Seeking a minimin of one page with scholarly in-text references with.docx
Seeking a minimin of one page with scholarly in-text references with.docxSeeking a minimin of one page with scholarly in-text references with.docx
Seeking a minimin of one page with scholarly in-text references with.docx
jeffreye3
 
Seeking a 500 word document that outlines(A) who most commonly .docx
Seeking a 500 word document that outlines(A) who most commonly .docxSeeking a 500 word document that outlines(A) who most commonly .docx
Seeking a 500 word document that outlines(A) who most commonly .docx
jeffreye3
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
jeffreye3
 
seek limited’s group report &meetingiiTable of C.docx
seek limited’s group report &meetingiiTable of C.docxseek limited’s group report &meetingiiTable of C.docx
seek limited’s group report &meetingiiTable of C.docx
jeffreye3
 
Seediscussions,stats,andauthorprofilesforthispublicati.docx
Seediscussions,stats,andauthorprofilesforthispublicati.docxSeediscussions,stats,andauthorprofilesforthispublicati.docx
Seediscussions,stats,andauthorprofilesforthispublicati.docx
jeffreye3
 
SEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docx
SEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docxSEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docx
SEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docx
jeffreye3
 
See ENF450 Search Strategies and the Student Resources links and sup.docx
See ENF450 Search Strategies and the Student Resources links and sup.docxSee ENF450 Search Strategies and the Student Resources links and sup.docx
See ENF450 Search Strategies and the Student Resources links and sup.docx
jeffreye3
 
Seed TagsCollect a variety of seed tags. Take photos of the .docx
Seed TagsCollect a variety of seed tags. Take photos of the .docxSeed TagsCollect a variety of seed tags. Take photos of the .docx
Seed TagsCollect a variety of seed tags. Take photos of the .docx
jeffreye3
 
see videohttpsyoutu.be-O5gsF5oylsconsider how hist.docx
see videohttpsyoutu.be-O5gsF5oylsconsider how hist.docxsee videohttpsyoutu.be-O5gsF5oylsconsider how hist.docx
see videohttpsyoutu.be-O5gsF5oylsconsider how hist.docx
jeffreye3
 
See Topic on the project 1 paperTarget- Casemanager and care.docx
See Topic on the project 1 paperTarget- Casemanager and care.docxSee Topic on the project 1 paperTarget- Casemanager and care.docx
See Topic on the project 1 paperTarget- Casemanager and care.docx
jeffreye3
 
See attachments for information.Looking for assistance on an assig.docx
See attachments for information.Looking for assistance on an assig.docxSee attachments for information.Looking for assistance on an assig.docx
See attachments for information.Looking for assistance on an assig.docx
jeffreye3
 

More from jeffreye3 (20)

Select 2 particular media forum types from the following listNews.docx
Select 2 particular media forum types from the following listNews.docxSelect 2 particular media forum types from the following listNews.docx
Select 2 particular media forum types from the following listNews.docx
 
Select 1 of the datasets.Set up a frequency table.docx
Select 1 of the datasets.Set up a frequency table.docxSelect 1 of the datasets.Set up a frequency table.docx
Select 1 of the datasets.Set up a frequency table.docx
 
Select 1 alternative religion (e.g., Church of Scientology, Tr.docx
Select 1 alternative religion (e.g., Church of Scientology, Tr.docxSelect 1 alternative religion (e.g., Church of Scientology, Tr.docx
Select 1 alternative religion (e.g., Church of Scientology, Tr.docx
 
Select 1 existing or defunct magazine or newspaper, and research its.docx
Select 1 existing or defunct magazine or newspaper, and research its.docxSelect 1 existing or defunct magazine or newspaper, and research its.docx
Select 1 existing or defunct magazine or newspaper, and research its.docx
 
SeleccionarSelect the item that does not belong.¿Lógico o .docx
SeleccionarSelect the item that does not belong.¿Lógico o .docxSeleccionarSelect the item that does not belong.¿Lógico o .docx
SeleccionarSelect the item that does not belong.¿Lógico o .docx
 
SeleccionarSelecciona la respuesta que mejor completa cada oración.docx
SeleccionarSelecciona la respuesta que mejor completa cada oración.docxSeleccionarSelecciona la respuesta que mejor completa cada oración.docx
SeleccionarSelecciona la respuesta que mejor completa cada oración.docx
 
Segmented Assimilation Theory and theLife Model An Integrat.docx
Segmented Assimilation Theory and theLife Model An Integrat.docxSegmented Assimilation Theory and theLife Model An Integrat.docx
Segmented Assimilation Theory and theLife Model An Integrat.docx
 
Seeking your ability to think about criminalsocial issues .docx
Seeking your ability to think about criminalsocial issues .docxSeeking your ability to think about criminalsocial issues .docx
Seeking your ability to think about criminalsocial issues .docx
 
Seeking help with week 4 UOP PSY525 team assignment.  Only one.docx
Seeking help with week 4 UOP PSY525 team assignment.  Only one.docxSeeking help with week 4 UOP PSY525 team assignment.  Only one.docx
Seeking help with week 4 UOP PSY525 team assignment.  Only one.docx
 
Seeking a minimin of one page with scholarly in-text references with.docx
Seeking a minimin of one page with scholarly in-text references with.docxSeeking a minimin of one page with scholarly in-text references with.docx
Seeking a minimin of one page with scholarly in-text references with.docx
 
Seeking a 500 word document that outlines(A) who most commonly .docx
Seeking a 500 word document that outlines(A) who most commonly .docxSeeking a 500 word document that outlines(A) who most commonly .docx
Seeking a 500 word document that outlines(A) who most commonly .docx
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
 
seek limited’s group report &meetingiiTable of C.docx
seek limited’s group report &meetingiiTable of C.docxseek limited’s group report &meetingiiTable of C.docx
seek limited’s group report &meetingiiTable of C.docx
 
Seediscussions,stats,andauthorprofilesforthispublicati.docx
Seediscussions,stats,andauthorprofilesforthispublicati.docxSeediscussions,stats,andauthorprofilesforthispublicati.docx
Seediscussions,stats,andauthorprofilesforthispublicati.docx
 
SEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docx
SEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docxSEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docx
SEE YELLOW HIGHLIGHTED AREA BELOWPart 1.Laying the Foundat.docx
 
See ENF450 Search Strategies and the Student Resources links and sup.docx
See ENF450 Search Strategies and the Student Resources links and sup.docxSee ENF450 Search Strategies and the Student Resources links and sup.docx
See ENF450 Search Strategies and the Student Resources links and sup.docx
 
Seed TagsCollect a variety of seed tags. Take photos of the .docx
Seed TagsCollect a variety of seed tags. Take photos of the .docxSeed TagsCollect a variety of seed tags. Take photos of the .docx
Seed TagsCollect a variety of seed tags. Take photos of the .docx
 
see videohttpsyoutu.be-O5gsF5oylsconsider how hist.docx
see videohttpsyoutu.be-O5gsF5oylsconsider how hist.docxsee videohttpsyoutu.be-O5gsF5oylsconsider how hist.docx
see videohttpsyoutu.be-O5gsF5oylsconsider how hist.docx
 
See Topic on the project 1 paperTarget- Casemanager and care.docx
See Topic on the project 1 paperTarget- Casemanager and care.docxSee Topic on the project 1 paperTarget- Casemanager and care.docx
See Topic on the project 1 paperTarget- Casemanager and care.docx
 
See attachments for information.Looking for assistance on an assig.docx
See attachments for information.Looking for assistance on an assig.docxSee attachments for information.Looking for assistance on an assig.docx
See attachments for information.Looking for assistance on an assig.docx
 

Recently uploaded

How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
Celine George
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
Celine George
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
mulvey2
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
IreneSebastianRueco1
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
Celine George
 
Types of Herbal Cosmetics its standardization.
Types of Herbal Cosmetics its standardization.Types of Herbal Cosmetics its standardization.
Types of Herbal Cosmetics its standardization.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
Priyankaranawat4
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
Nicholas Montgomery
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
ak6969907
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
Dr. Mulla Adam Ali
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
TechSoup
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
adhitya5119
 

Recently uploaded (20)

How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
 
Types of Herbal Cosmetics its standardization.
Types of Herbal Cosmetics its standardization.Types of Herbal Cosmetics its standardization.
Types of Herbal Cosmetics its standardization.
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
 

Security Strategies in Windows Platforms and ApplicationsL.docx

  • 1. Security Strategies in Windows Platforms and Applications Lesson 1 Microsoft Windows and the Threat Landscape © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Cover image © Sharpshot/Dreamstime.com Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Learning Objective(s) Describe information systems security and the inherent security features of the Microsoft Windows operating system. Describe threats to Microsoft Windows and applications. Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com
  • 2. All rights reserved. 2 Key Concepts Information systems security and the C-I-A triad Microsoft Windows and a typical IT infrastructure Vulnerabilities of Microsoft Windows systems and their applications Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 3 Information Systems Security Defense in depth A collection of strategies to make a computer environment safe Information security Main goal is to prevent loss Most decisions require balance between security and usability Security controls are mechanisms used to protect information Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com
  • 3. All rights reserved. 4 Security Controls Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5 Type of Control Administrative Type of Function Preventive Detective Corrective
  • 4. Technical Physical C-I-A Triad Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The practice of securing information involves ensuring three tenets of information security: confidentiality, integrity, and availability Known as the C-I-A triad Also known as the availability, integrity, and confidentiality (A-I-C) triad Each tenet interacts with the other two and, in some cases, may conflict 6 Confidentiality The assurance that the information cannot be accessed or viewed by unauthorized users Examples of confidential information: Financial information
  • 5. Medical information Secret military plans Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. A successful attack against confidential information enables the attacker to use the information to gain an inappropriate advantage or to extort compensation through threats to divulge the information. 7 Integrity The assurance that the information cannot be changed by unauthorized users Ensuring integrity means applying controls that prohibit unauthorized changes to information Examples of integrity controls: Security classification User clearance Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning
  • 6. Company www.jblearning.com All rights reserved. 8 Availability The assurance that the information is available to authorized users in an acceptable time frame when the information is requested is availability Examples of attacks that affect availability: Denial of service (DoS) Hacktivist Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 9 Microsoft Windows and Applications in a Typical IT Infrastructure IT infrastructure Collection of computers, devices, and network components that make up an IT environment
  • 7. Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 10 Microsoft Windows and Applications in a Typical IT Infrastructure Common infrastructure components: Client platforms Network segments Network devices Server instances (often listed by function) Cloud-based offerings, such as Microsoft Office 365 and Microsoft Azure Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 11 A Sample IT Infrastructure
  • 8. Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Windows Clients Client systems provide functionality to end users; customer- facing systems Include desktops, laptops, and mobile devices Each application can be deployed on client systems as either a thin or a thick client Windows 10 Newest and most popular Windows client operating system Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 13 Windows Servers Server computers provide services to client applications Common server applications: Web servers, application servers, and database servers Windows Server 2019 Essentials, for small businesses Standard, for most server functions Datacenter, for large-scale deployments
  • 9. Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 14 Microsoft’s End-User License Agreement (EULA) Software license agreement that contains the Microsoft Software License Terms Must be accepted prior to installation of any Microsoft Windows product Located in the Windows install folder or on the Microsoft website Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 15 Microsoft EULA Sections Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning
  • 10. Company www.jblearning.com All rights reserved. Updates Additional Notices—Networks, Data, and Internet Usage Limited Warranty Exclusions from Limited Warranty Windows Threats and Vulnerabilities Successful attack: One that realizes, or carries out, a threat against vulnerabilities Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 17 Risk Any exposure to a threat
  • 11. Threat Any action that could lead to damage, disruption, or loss Vulnerability Weakness in an operating system or application software Windows Threats and Vulnerabilities A threat is not necessarily dangerous Fire in fireplace = desirable Fire in data center = dangerous For damage to occur, there has to be a threat Attackers look for vulnerabilities, then devise an attack that will exploit the weakness Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 18 Anatomy of Microsoft Windows Vulnerabilities
  • 12. Ransomware Malicious software that renders files or volumes inaccessible through encryption Attacker demands payment using cryptocurrency for the decryption key Well-known ransomware attacks CryptoLocker Locky WannaCry Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Most ransomware encrypts data and demands a payment using cryptocurrency in exchange for the decryption key. 19 Discovery-Analysis-Remediation Cycle Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. A recurring three-step process for addressing attacks
  • 13. 20 Discovery Once an attack starts, attackers become as inconspicuous as possible Need to compare suspect activity baseline (normal activity) to detect anomalies Common method of accomplishing this is to use activity and monitoring logs Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 21 Analysis Security information and event management (SIEM) tools Collect and aggregate security-related information from multiple sources and devices Help prepare data for correlation and analysis Current vulnerability and security bulletin databases Help you determine if others are experiencing same activity Page ‹#› Security Strategies in Windows Platforms and Applications
  • 14. © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. SIEM tools can often cross-reference known vulnerability databases to help identify suspect behavior. The analysis phase includes validating suspect activity as abnormal and then figuring out what is causing it. 22 Remediation Contain any damage that has occurred, recover from any loss, and implement controls to prevent a recurrence Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 23 Common Forms of AttackThreatDescriptionPhishingGenerally start with a message that contains a link or image to click, or a file to open; taking these actions launches malware attacksMalwareMalicious software designed to carry out tasks that the user would not normally allowDenial of service (DoS)Any action that dramatically slows down or blocks access
  • 15. to one or more resourcesInjection attackDepends on ability to send instructions to an application that causes the application to carry out unintended actions; SQL injection is common Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 24 Common Forms of Attack (Cont.)ThreatDescriptionUnprotected Windows Share A situation that allows attackers to install tools, including malicious softwareSession hijacking and credential reuseAttempts by attackers to take over valid sessions or capture credentials to impersonate valid usersCross-site scriptingSpecially crafted malicious code used to attack web applications Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 25 Common Forms of Attack (Cont.)ThreatDescriptionPacket sniffing The process of collecting network messages as they
  • 16. travel across a network in hopes of divulging sensitive information, such as passwords Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 26 Summary Information systems security and the C-I-A triad Microsoft Windows and a typical IT infrastructure Vulnerabilities of Microsoft Windows systems and their applications Page ‹#› Security Strategies in Windows Platforms and Applications © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 27