Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Threat Assessment

Published byMatthew Benson Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity Threat Assessment"— Presentation transcript:

1 Cybersecurity Threat Assessment
Charles Warren and Ben Kangas

2 What is Risk? Risk is the impact of a threat exploiting a vulnerability to adversely affect an asset. Assets Resources and items that attackers seek to obtain/destroy. Ex. intellectual property, customer data, etc. Vulnerabilities Weak points in a system that can be exploited. Ex. poor staff training, lack of physical security, unpatched systems. Threat Bodies that cause damage to a system. Ex. hackers, disgruntled employees, natural disasters.

3 Qualitative Risk Risk is measured by considering the impact of a threat and the probability. Impact is described in the following terms: Negligible, Minor, Moderate, Significant, and Catastrophic Probability is described in the following terms: Rare, Unlikely, Possible, Likely, and Highly Likely. Once you describe the Impact and Probability, determine the risk:

4 Calculated Risk Quantitative Risk Assessment focuses on expressing threats in an empirical form. Key Terms: SLE - Single Loss Expectancy: Asset Value (AV) x Exposure Factor (EF) ALE - Annual Loss Expectancy: Annualised Rate of Occurrence (ARO) x Single Loss Expectancy (SLE)

5 ~ According to the Center for Internet Security
Preventive Measures 1. Inventory and Control of Hardware Assets 2. Inventory and Control of Software Assets 3. Continuous Vulnerability Management 4. Controlled Use of Administrative Privileges 5. Secure Configuration for Hardware and Software on Hosts 6. Maintenance, Monitoring and Analysis of Audit Logs 7. and Web Browser Protections 8. Malware Defenses 9. Limitation and Control of Network Ports, Protocols and Services 10. Data Recovery Capabilities 11. Secure Configuration for Network Devices 12. Boundary Defense 13. Data Protection 14. Controlled Access Based on the Need to Know 15. Wireless Access Control 16. Account Monitoring and Control 17. Implement a Security Awareness and Training Program 18. Application Software Security 19. Incident Response and Management 20. Penetration Tests and Red Team Exercises ~ According to the Center for Internet Security

6 CIA Triad In information assurance, the task of securing data can be thought of as the triad of three important concepts: Confidentiality - who can access data. Integrity - maintaining the consistency, accuracy and trustworthiness of data. Availability - Information can only be useful if it is available in a timely manner.

7 Networking and Computing Student Association, 2019

Download ppt "Cybersecurity Threat Assessment"

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
Bridging the gap between software developers and auditors.

Bridging the gap between software developers and auditors.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Introducing Computer and Network Security

Introducing Computer and Network Security
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.

Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
Conostix S.A. Sensible defence.

Conostix S.A. Sensible defence.
Information Security Rabie A. Ramadan GUC, Cairo Room C7 -310 Lecture 2.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Slide 1 Using Models Introduced in ISA-d99.00.01 Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Similar presentations

Ads by Google