Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity: Threat Matrix

Published byVernon Rose Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity: Threat Matrix"— Presentation transcript:

1 Cybersecurity: Threat Matrix
Janica Edmonds

2 Cybersecurity First Principles
Domain separation Process Isolation Resource encapsulation Layering Modularization Least Privilege Information hiding Abstraction Simplicity Minimization Domain Separation: Separating areas where resources are located prevents accidents and loss of data, keeping information worlds from colliding. Process Isolation: A process occurs when a task is executed. Keeping processes separate prevents the failure of one process from negatively impacting another. Resource Encapsulation: Resources – hardware, system objects, or processes – must be separated and used as intended. Layering: Multiple layers of defense protect information. If one layer is defeated, the next one should catch it. Modularization: Able to be inserted or removed from a project; each module has its own function, interchangeable with other modules. Least Privilege: Limits what access people have to your resources and what they can do with them. Information Hiding: Any attempt to prevent people from being able to see information. Abstraction: Abstraction is a fancy word for summarizing or explaining in a way that can be easily understood. Simplicity: If something is less complicated, it is less likely to have problems and it is easier to troubleshoot and fix. Minimization: Minimization’s goal is to simplify and decrease the number of ways the software can be exploited.

3 Cyber Realm Card game Created by GenCyber Duo at California State University, San Bernardino Played in pairs Find a partner who is sitting in a row other than the one you are sitting in.

4 Security Needs Confidentiality Integrity Availability
Basic security needs are confidentiality, integrity, and availability of all components within a system or network. Confidentiality is preserving sensitive data or resources from unauthorized disclosure. Integrity is preventing the modification of data or resources by unauthorized users, preventing unauthorized or unintentional modification by authorized users, and preserving the consistency of the data and resources. Availability is the timely and uninterrupted access to data and resources.

5 Security Threats A potential occurrence, malicious or otherwise, that might damage or compromise assets. Interception – asset is diverted. Interruption – asset is delayed Modification – asset is altered. Fabrication – asset is manufactured.

6 Security Assets Components of the system or network. Hardware Software
People Data

7 Example: Mom & Pop Shop Mom & Pop Shop Security
Running a touristy type business selling handmade crafts Keep accounts and business transactions records on a computer Running a website to advertise their business Security What are the assets? How does CIA apply? What are ways that CIA could be threatened?

8 Threat Matrix Threat/Asset HW SW People Data Interception Interruption
Modification Fabrication What are some things that could happen to threaten the security of the system? -could be intentional or unintentional -could be malicious or an accident -could be natural disaster or man-made disaster

9 Example: Threat Matrix
Mom & Pop Shop Threat/Asset HW SW People Data Interception Interruption Modification Fabrication What are some things that could happen to threaten the security of the Mom & Pop Shop? Form small groups of three or four Brainstorm ways of filling in the possible threats to the security of the Mom & Pop Shop 10 minutes or so Reconvene for discussion

10 Example: Principles Applied
Domain separation Layering Least privilege Information hiding Simplicity Minimization Modularization Domain separation – keep website hosting separate from accounting records Layering – levels of security Least privilege – who has access? To what? Information hiding – keeping account #s, etc. hidden. Simplicity – Minimization – least functionality needed  no online purchases? No need for certain SW Modularization – let’s add functionality  online purchases! How does that change the threat matrix?

Download ppt "Cybersecurity: Threat Matrix"

Similar presentations

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.
Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
Introducing Computer and Network Security

Introducing Computer and Network Security
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Cmpe 471 Computer Crime: Techniques and Countermeasures.

Cmpe 471 Computer Crime: Techniques and Countermeasures.
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.

1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.
What does “secure” mean? Protecting Valuables

What does “secure” mean? Protecting Valuables
Summer, 2015 1.

Summer,
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

Similar presentations

Ads by Google