Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Threat Assessment

Similar presentations


Presentation on theme: "Cybersecurity Threat Assessment"— Presentation transcript:

1 Cybersecurity Threat Assessment
Charles Warren and Ben Kangas

2 What is Risk? Risk is the impact of a threat exploiting a vulnerability to adversely affect an asset. Assets Resources and items that attackers seek to obtain/destroy. Ex. intellectual property, customer data, etc. Vulnerabilities Weak points in a system that can be exploited. Ex. poor staff training, lack of physical security, unpatched systems. Threat Bodies that cause damage to a system. Ex. hackers, disgruntled employees, natural disasters.

3 Qualitative Risk Risk is measured by considering the impact of a threat and the probability. Impact is described in the following terms: Negligible, Minor, Moderate, Significant, and Catastrophic Probability is described in the following terms: Rare, Unlikely, Possible, Likely, and Highly Likely. Once you describe the Impact and Probability, determine the risk:

4 Calculated Risk Quantitative Risk Assessment focuses on expressing threats in an empirical form. Key Terms: SLE - Single Loss Expectancy: Asset Value (AV) x Exposure Factor (EF) ALE - Annual Loss Expectancy: Annualised Rate of Occurrence (ARO) x Single Loss Expectancy (SLE)

5 ~ According to the Center for Internet Security
Preventive Measures 1. Inventory and Control of Hardware Assets 2. Inventory and Control of Software Assets 3. Continuous Vulnerability Management 4. Controlled Use of Administrative Privileges 5. Secure Configuration for Hardware and Software on Hosts 6. Maintenance, Monitoring and Analysis of Audit Logs 7. and Web Browser Protections 8. Malware Defenses 9. Limitation and Control of Network Ports, Protocols and Services 10. Data Recovery Capabilities 11. Secure Configuration for Network Devices 12. Boundary Defense 13. Data Protection 14. Controlled Access Based on the Need to Know 15. Wireless Access Control 16. Account Monitoring and Control 17. Implement a Security Awareness and Training Program 18. Application Software Security 19. Incident Response and Management 20. Penetration Tests and Red Team Exercises ~ According to the Center for Internet Security

6 CIA Triad In information assurance, the task of securing data can be thought of as the triad of three important concepts: Confidentiality - who can access data. Integrity - maintaining the consistency, accuracy and trustworthiness of data. Availability - Information can only be useful if it is available in a timely manner.

7 Networking and Computing Student Association, 2019


Download ppt "Cybersecurity Threat Assessment"

Similar presentations


Ads by Google