Cybersecurity: Threat Matrix

Slides:

Advertisements

Similar presentations

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.

Advertisements

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.

OCTAVESM Process 4 Create Threat Profiles

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Introducing Computer and Network Security

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Storage Security and Management: Security Framework

Cmpe 471 Computer Crime: Techniques and Countermeasures.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.

What does “secure” mean? Protecting Valuables

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.

Information Security What is Information Security?

JMU GenCyber Boot Camp Summer, Welcome Cyber Defense Boot camp for High School Teachers Cyber Defense Lab (ISAT/CS Room 140) Department of Computer.

14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Chap1: Is there a Security Problem in Computing?.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

CONTROLLING INFORMATION SYSTEMS

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Computer threats, Attacks and Assets upasana pandit T.E comp.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

Copyright © 2013 – Curt Hill Computer Security An Overview.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.

Cybersecurity: Risk Management

JMU GenCyber Boot Camp Summer, 2016

Network security Vlasov Illia

CS457 Introduction to Information Security Systems

Securing Network Servers

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

Modularity Most useful abstractions an OS wants to offer can’t be directly realized by hardware Modularity is one technique the OS uses to provide better.

3.6 Fundamentals of cyber security

CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.

Issues and Protections

Cybersecurity First Principles

Security+ All-In-One Edition Chapter 1 – General Security Concepts

Operating Systems Protection Alok Kumar Jagadev.

CS 450/650 Fundamentals of Integrated Computer Security

Understand Core Security Principles

Official levels of Computer Security

First Principles of Cybersecurity

JMU GenCyber Boot Camp Wrap up

How to Mitigate the Consequences What are the Countermeasures?

Faculty of Science IT Department By Raz Dara MA.

Database Security &Threats

DATABASE SECURITY For CSCL (BIM).

Chapter 29: Program Security

Lorenzo Biasiolo 3°AI INFORMATION SECURITY.

Cybersecurity Threat Assessment

Computer Security By: Muhammed Anwar.

Mohammad Alauthman Computer Security Mohammad Alauthman

First Principles of Cybersecurity

Cloud and Database Security

Presentation transcript:

Cybersecurity: Threat Matrix Janica Edmonds

Cybersecurity First Principles Domain separation Process Isolation Resource encapsulation Layering Modularization Least Privilege Information hiding Abstraction Simplicity Minimization Domain Separation: Separating areas where resources are located prevents accidents and loss of data, keeping information worlds from colliding. Process Isolation: A process occurs when a task is executed. Keeping processes separate prevents the failure of one process from negatively impacting another. Resource Encapsulation: Resources – hardware, system objects, or processes – must be separated and used as intended. Layering: Multiple layers of defense protect information. If one layer is defeated, the next one should catch it. Modularization: Able to be inserted or removed from a project; each module has its own function, interchangeable with other modules. Least Privilege: Limits what access people have to your resources and what they can do with them. Information Hiding: Any attempt to prevent people from being able to see information. Abstraction: Abstraction is a fancy word for summarizing or explaining in a way that can be easily understood. Simplicity: If something is less complicated, it is less likely to have problems and it is easier to troubleshoot and fix. Minimization: Minimization’s goal is to simplify and decrease the number of ways the software can be exploited.

Cyber Realm Card game Created by GenCyber Duo at California State University, San Bernardino Played in pairs Find a partner who is sitting in a row other than the one you are sitting in.

Security Needs Confidentiality Integrity Availability Basic security needs are confidentiality, integrity, and availability of all components within a system or network. Confidentiality is preserving sensitive data or resources from unauthorized disclosure. Integrity is preventing the modification of data or resources by unauthorized users, preventing unauthorized or unintentional modification by authorized users, and preserving the consistency of the data and resources. Availability is the timely and uninterrupted access to data and resources.

Security Threats A potential occurrence, malicious or otherwise, that might damage or compromise assets. Interception – asset is diverted. Interruption – asset is delayed Modification – asset is altered. Fabrication – asset is manufactured.

Security Assets Components of the system or network. Hardware Software People Data

Example: Mom & Pop Shop Mom & Pop Shop Security Running a touristy type business selling handmade crafts Keep accounts and business transactions records on a computer Running a website to advertise their business Security What are the assets? How does CIA apply? What are ways that CIA could be threatened?

Threat Matrix Threat/Asset HW SW People Data Interception Interruption Modification Fabrication What are some things that could happen to threaten the security of the system? -could be intentional or unintentional -could be malicious or an accident -could be natural disaster or man-made disaster

Example: Threat Matrix Mom & Pop Shop Threat/Asset HW SW People Data Interception Interruption Modification Fabrication What are some things that could happen to threaten the security of the Mom & Pop Shop? Form small groups of three or four Brainstorm ways of filling in the possible threats to the security of the Mom & Pop Shop 10 minutes or so Reconvene for discussion

Example: Principles Applied Domain separation Layering Least privilege Information hiding Simplicity Minimization Modularization Domain separation – keep website hosting separate from accounting records Layering – levels of security Least privilege – who has access? To what? Information hiding – keeping account #s, etc. hidden. Simplicity – Minimization – least functionality needed  no online purchases? No need for certain SW Modularization – let’s add functionality  online purchases! How does that change the threat matrix?