SlideShare ist ein Scribd-Unternehmen logo

Security architecture principles isys 0575general att

Als DOCX, PDF herunterladen
S
SHIVA101531

Security architecture principles isys 0575general att

Bildung
1 von 28
Security Architecture Principles ISYS 0575 General Attack Process Recon Weaponize Deliver Exploit Control Execute AssetAgent Maintain Proactive Detection and Mitigation Containment and Incident Response “Kill Chain” What is Architecture? Architecture (Latin architectura, from the Greek ἀρχιτέκτων
arkhitekton "architect," from ἀρχι- "chief" and τέκτων "builder") is both the process and the product of planning, designing and constructing buildings and other physical structures. Architecture can mean: Different Things to Different People ● A general term to describe buildings and other physical structures ● The art and science of designing buildings and (some) nonbuilding structures ● The style of design and method of construction of buildings and other physical structures ● Knowledge of art, science, technology, and humanity ● The practice of the architect, where architecture means offering or rendering professional services in connection with the design and construction of buildings, or built environments Traditional Security Architecture Starts With the perimeter Network-centric Versus data-centric If work from home and BYOD didn’t kill the perimeter, Cloud
certainly did. Sherwood Applied Business Security Architecture Other Architectures Zachman The Open Group Architecture Framework (TOGAF) Modern Architectural View Then Account for the Agile Defense in Depth Another Perspective Horizontal defense in depth - Controls are placed in various places in the path of access for an asset Vertical defense in depth - Control sare placed at different system layers - hardware, OS, application, database
Effective Defense in Depth Planning and understanding of each control types strengths and weaknesses and how controls interact. What vulnerabilities are addressed by each layer? How does the layer mitigate the vulnerability? How do controls interact with or depend on the other controls? Security Controls Information Flow Control or Firewalls System or systems that enforce a boundary between one or more networks General features ● Block access to sites on Internet ● Limit traffic on an organization's public service segment to ports and addresses ● Prevent users from accessing certain servers or services ● Monitor and record communications between internal and external networks ● Encrypt packets sent between different physical locations (VPN)
Types of Firewall Packet filtering Application firewall Stateful inspection Next generation And web application firewall Isolation and Segmentation Logging and Monitoring What should we log? ● Time of event ● CRUD ● Startup / Shutdown ● Login / Logout (Failures) ● Errors / Violations Challenges of Logs ● Too much data ● Difficulty searching ● Improper configuration ● Modification of logs (integrity)
SIEM IDS / IPS Approaches ● Signature ● Statistical ● Neural Network Don’t forget HIPS/HIDS Antivirus / Antimalware Approaches ● Signature ● Heuristic ● Nextgen Security Controls Introduction to Information Security Management ISYS 0575
Agenda ● Introductions ● Syllabus review ● Class format ● Intro to Information Security Scott Eigenhuis ● Will respond to ○ Mr. Eigenhuis ○ Professor Eigenhuis ○ Professor Scott ● [email protected] ● Office ○ BUS 309 ○ Monday 5:30 to 6:30 Career Path Liberty University - BS in Journalism, minor in Linguistics University of San Francisco - Masters in Information Systems E
du ca tio n W or k ... Class Format ● Lecture / Discussion / Demonstrations ○ Credit for participation ● Quiz at end of class ○ Requires computer ○ Graded ○ Includes reading and lecture ● Two in class essays (TBD) ● One group project (TBD) What I do Information Security Officer Manage the Information Security and Privacy team and
programs for my company Work with auditors, engineers, privacy, and legal to evaluate and manage security and privacy risk. Implement, operate and monitor security controls. Detect and respond to security incidents. Remaining a viable business requires that we protect our intellectual property, customer and employee data. What? How? Why? The Security Triad Confidentiality Integrity Availability Different Aspects of Security Information Security deals with information, regardless of its format—it encompasses paper documents, digital and intellectual property in people’s minds, and verbal or visual communications. Cybersecurity is concerned with protecting digital assets— everything from
networks to hardware and information that is processed, stored or transported by internetworked information systems. Privacy is additionally concerned with the data subject's right to control information. Notice, choice and consent, data subject access. The Creepiness Factor. Often has legal focus. Security Compliance evaluates a company's stance against requirements. Relationship of Security Domains Information Security Application Security Critical Infrastructure Protection Network Security Internet Security Cybersecurity Cybercrime Cybersafety Source: ISO/IEC 27032:2012
Security Jobs CISO Compliance Analyst Application Security Engineer Information Security Architect Network Security Engineer Incident Responder Security Analyst Penetration Tester Auditor Privacy Officer / Analyst Forensics Specialist Cryptographer / Cryptanalyst CSO Sales Engineer Security Researcher Skills Gap in Information Security Source: ISACA 2018 State of Cybersecurity Study
Situational Awareness stakeholders controls vulnerabilities assetsthreats threat agents risk value wish to minimize impose to reduce that may be reduced by that may possess leading to that increase to wish to abuse and/or may damage may be aware of give rise to
that exploit Source: ISO/IEC 27032:2012 Information Security Governance ● Governance is the responsibility of board and senior management ○ Strategic Direction ○ Ensure objectives are achieved ○ Risk management ○ Use of resources ● Risk management is conducted throughout the organization through assessment and implementation of controls ● Compliance is demonstration of the adherence to mandated laws and regulations Protecting the Digital Assets Identify – Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. Protect – Develop and implement appropriate safeguards to ensure delivery of critical services. Detect – Develop and implement appropriate activities to identify the occurrence
of a cybersecurity event. Respond – Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. Recover – Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. Source: NIST Cybersecurity Framework 1.1 Information Security Objectives Confidentiality the protection of information from unauthorized disclosure. Integrity the protection of information from unauthorized modification. Availability the timely and reliable access to and use of information and systems. Nonrepudiation ensures that a message or information is genuine. CIA model and related impacts Requirement Impact and Consequence Methods of Controls Confidentiality ● Disclosure of information protected by law
● Loss of public confidence ● Loss of competitive advantage ● Access controls ● File permissions ● Encryption Integrity ● Inaccuracy ● Erroneous decisions ● Fraud ● Loss of compliance ● Access controls ● Logging ● Hashes ● Backups Availability ● Loss of productive time ● Loss of compliance ● Fines from regulators ● Highly available systems ● Business continuity and disaster recovery Information Security Roles Board of Directors Executive
Management Senior Information Security Management Information Security Practitioners Information Security Concepts ISYS 0575 Objectives ● Review the CIA Triad ● Learn about risk, particularly security risk ● Understand the component parts that make up risk ● Learn about the interplay between the different components of risk ● Discuss the various risk treatment options ● Learn about basic controls ● Understand the different types of attacks The Security Triad Confidentiality Integrity Availability
Security Concepts and Relationships stakeholders controls vulnerabilities assetsthreats threat agents risk value wish to minimize impose to reduce that may be reduced by that may possess leading to that increase to wish to abuse and/or may damage may be aware of
give rise to that exploit Source: ISO/IEC 27032:2012 Terms and Definitions Risk — The combination of probability of an event and impact. P x I = R Threat — Anything that is capable of acting against an asset and causing harm. Asset — Something of either tangible or intangible value that is worth protecting. Vulnerability — A weakness that exposes the asset to adverse impact. Inherent risk — The risk level without taking into account management actions to protect against the risk. Residual Risk — The risk remaining after accounting for management risk response. Security Concepts and Relationships stakeholders
controls vulnerabilities assetsthreats threat agents risk value wish to minimize impose to reduce that may be reduced by that may possess leading to that increase to wish to abuse and/or may damage may be aware of give rise to that exploit
Source: ISO/IEC 27032:2012 Risk Frameworks COBIT 5 for Risk ISO 27005:2011 Information Security Risk Management NIST 800-30 Guide for Conducting Risk Assessments NIST 800-39 Managing Information Security Risk Risk Identification (Risk Scenarios) The development of risk scenarios from imagination or based on previous occurrences Top-down is based on business goals Bottom-up is based on specific events that are security related Likelihood and Impact Likelihood = Probability Absence of a known vulnerability doesn’t = 0 likelihood A vulnerability doesn’t mean there is a threat A vulnerability with no control and no management acceptance indicates a
weakness in the overall program How do we quantify likelihood and impact? Approaches to Risk Subjective or objective? Risk tolerance Size and scope of the environment in question How much data do you have available? Risk versus issue Approaches to Managing Security Risk Ad hoc — implement controls with no particular criteria. Compliance-based — Implement the controls regardless of need. Risk-based — design the controls based on identified risk. Risk Treatment Avoidance means management decides not to engage in the activity that creates the risk. Acceptance means management acknowledges the risk, but proceeds with the activity without taking any action.
Mitigation involves management implementing controls to reduce the risk. Transference means that management lets another party take the risk. Security Concepts and Relationships stakeholders controls vulnerabilities assetsthreats threat agents risk value wish to minimize impose to reduce that may be reduced by that may possess leading to
that increase to wish to abuse and/or may damage may be aware of give rise to that exploit Source: ISO/IEC 27032:2012 Threat Agents European Union Agency for Network and Information Security (ENISA) conducts ongoing evaluation of the threat landscape. Common Agents: ● Corporations ● Criminals ● Terrorists ● Nation States ● Insiders ● Hactivists ● Script Kiddies ENISA Threat Landscape
Security Concepts and Relationships stakeholders controls vulnerabilities assetsthreats threat agents risk value wish to minimize impose to reduce that may be reduced by that may possess leading to that increase to wish to abuse and/or may damage may be aware of
give rise to that exploit Source: ISO/IEC 27032:2012 Security Controls Types of controls Preventative, Detective, Responsive Administrative, Technical, Physical Security Policy Policy hierarchy Policy Standards Procedures Guidelines Attack Attributes Risk is potential activity, an attack is the occurence of a threat. The asset is the attackers target.
Path to target is the attack vector. Ingress is the focus of most attack analysis. Egress or data exfiltration is the objective of some attackers. An exploit is used to take advantage of a vulnerability. General Attack Process Recon Weaponize Deliver Exploit Control Execute AssetAgent Maintain Proactive Detection and Mitigation Containment and Incident Response “Kill Chain”
Nonadversarial Threat Event Mishandling of critical information Incorrect privilege Fire, flood, hurricane, earthquake Disk errors or other equipment failure Malware Worm - Confiker - 9 Million PCs Virus - I Love You Trojan Horse - Zeus Ransomeware - WannaCry Root Kit - Sony BMG Social Engineering Impersonation Phishing (and spear phishing) Other Attacks Advanced Persistent Threat (APT) Web attacks
Brute force attacks DoS Attacks

Empfohlen

Residency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiResidency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiSHIVA101531
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 

Empfohlen

Residency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiResidency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiSHIVA101531
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1Mohammad Ashfaqur Rahman
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Mukesh Chinta
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 
Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Twinkle Sebastian
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayIvanti
 
SCADA Security Training
SCADA Security TrainingSCADA Security Training
SCADA Security TrainingBryan Len
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
Aspects of data security
Aspects of data securityAspects of data security
Aspects of data securitySaranSwathi1
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Data security
Data securityData security
Data securitySoumen Mondal
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
Ics & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesIcs & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesomriyad
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Mukesh Chinta
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber securityInderjeet Singh
 
CCA study group
CCA study groupCCA study group
CCA study groupIIBA UK Chapter
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Mukesh Chinta
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 
Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Twinkle Sebastian
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayIvanti
 
SCADA Security Training
SCADA Security TrainingSCADA Security Training
SCADA Security TrainingBryan Len
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
Aspects of data security
Aspects of data securityAspects of data security
Aspects of data securitySaranSwathi1
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
Ics & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesIcs & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesomriyad
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Mukesh Chinta
 

Was ist angesagt? (20)

002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
 
Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges Today
 
SCADA Security Training
SCADA Security TrainingSCADA Security Training
SCADA Security Training
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
 
Aspects of data security
Aspects of data securityAspects of data security
Aspects of data security
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
Data security
Data securityData security
Data security
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 
Ics & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesIcs & computer security for nuclear facilities
Ics & computer security for nuclear facilities
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8
 

Ähnlich wie Security architecture principles isys 0575general att

Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber securityInderjeet Singh
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1Anne Starr
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challengescyberprosocial
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1securityAnne Starr
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehAnne Starr
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingKnoldus Inc.
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Cyber security
Cyber securityCyber security
Cyber securityPrem Raval
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgJohn M. Kennedy
 
11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docxmoggdede
 
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Software
 

Ähnlich wie Security architecture principles isys 0575general att (20)

Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
)k
)k)k
)k
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challenges
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1security
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat Modelling
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Information Security
Information Security Information Security
Information Security
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
 
11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx
 
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, Entreda
 

Mehr von SHIVA101531

Answer the following questions in a minimum of 1-2 paragraphs ea.docx
Answer the following questions in a minimum of 1-2 paragraphs ea.docxAnswer the following questions in a minimum of 1-2 paragraphs ea.docx
Answer the following questions in a minimum of 1-2 paragraphs ea.docxSHIVA101531
 
Answer the following questions using scholarly sources as references.docx
Answer the following questions using scholarly sources as references.docxAnswer the following questions using scholarly sources as references.docx
Answer the following questions using scholarly sources as references.docxSHIVA101531
 
Answer the following questions about this case studyClient .docx
Answer the following questions about this case studyClient .docxAnswer the following questions about this case studyClient .docx
Answer the following questions about this case studyClient .docxSHIVA101531
 
Answer the following questions using art vocabulary and ideas from L.docx
Answer the following questions using art vocabulary and ideas from L.docxAnswer the following questions using art vocabulary and ideas from L.docx
Answer the following questions using art vocabulary and ideas from L.docxSHIVA101531
 
Answer the following questions in a total of 3 pages (900 words). My.docx
Answer the following questions in a total of 3 pages (900 words). My.docxAnswer the following questions in a total of 3 pages (900 words). My.docx
Answer the following questions in a total of 3 pages (900 words). My.docxSHIVA101531
 
Answer the following questions No single word responses (at lea.docx
Answer the following questions No single word responses (at lea.docxAnswer the following questions No single word responses (at lea.docx
Answer the following questions No single word responses (at lea.docxSHIVA101531
 
Answer the following questions based on the ethnography Dancing Skel.docx
Answer the following questions based on the ethnography Dancing Skel.docxAnswer the following questions based on the ethnography Dancing Skel.docx
Answer the following questions based on the ethnography Dancing Skel.docxSHIVA101531
 
Answer the following questions to the best of your ability1) De.docx
Answer the following questions to the best of your ability1) De.docxAnswer the following questions to the best of your ability1) De.docx
Answer the following questions to the best of your ability1) De.docxSHIVA101531
 
Answer the following questionDo you think it is necessary to .docx
Answer the following questionDo you think it is necessary to .docxAnswer the following questionDo you think it is necessary to .docx
Answer the following questionDo you think it is necessary to .docxSHIVA101531
 
Answer the following question. Use facts and examples to support.docx
Answer the following question. Use facts and examples to support.docxAnswer the following question. Use facts and examples to support.docx
Answer the following question. Use facts and examples to support.docxSHIVA101531
 
Answer the bottom questions  in apa format and decent answer no shor.docx
Answer the bottom questions  in apa format and decent answer no shor.docxAnswer the bottom questions  in apa format and decent answer no shor.docx
Answer the bottom questions  in apa format and decent answer no shor.docxSHIVA101531
 
Answer the following below using the EXCEL attachment. chapter 5.docx
Answer the following below using the EXCEL attachment. chapter 5.docxAnswer the following below using the EXCEL attachment. chapter 5.docx
Answer the following below using the EXCEL attachment. chapter 5.docxSHIVA101531
 
Answer the following prompts about A Germanic People Create a Code .docx
Answer the following prompts about A Germanic People Create a Code .docxAnswer the following prompts about A Germanic People Create a Code .docx
Answer the following prompts about A Germanic People Create a Code .docxSHIVA101531
 
Answer the following discussion board question below minumun 25.docx
Answer the following discussion board question below minumun 25.docxAnswer the following discussion board question below minumun 25.docx
Answer the following discussion board question below minumun 25.docxSHIVA101531
 
Answer the following questions about IT Project Management. What.docx
Answer the following questions about IT Project Management. What.docxAnswer the following questions about IT Project Management. What.docx
Answer the following questions about IT Project Management. What.docxSHIVA101531
 
Answer the following in at least 100 words minimum each1.Of.docx
Answer the following in at least 100 words minimum each1.Of.docxAnswer the following in at least 100 words minimum each1.Of.docx
Answer the following in at least 100 words minimum each1.Of.docxSHIVA101531
 
Answer the following questions(at least 200 words) and responses 2 p.docx
Answer the following questions(at least 200 words) and responses 2 p.docxAnswer the following questions(at least 200 words) and responses 2 p.docx
Answer the following questions(at least 200 words) and responses 2 p.docxSHIVA101531
 
Answer the following questions in a Word document and upload it by M.docx
Answer the following questions in a Word document and upload it by M.docxAnswer the following questions in a Word document and upload it by M.docx
Answer the following questions in a Word document and upload it by M.docxSHIVA101531
 
Answer the following questions in complete sentences. Each answer sh.docx
Answer the following questions in complete sentences. Each answer sh.docxAnswer the following questions in complete sentences. Each answer sh.docx
Answer the following questions in complete sentences. Each answer sh.docxSHIVA101531
 
ANSWER THE DISCUSSION QUESTION 250 WORDS MINDiscussion Q.docx
ANSWER THE DISCUSSION QUESTION 250 WORDS MINDiscussion Q.docxANSWER THE DISCUSSION QUESTION 250 WORDS MINDiscussion Q.docx
ANSWER THE DISCUSSION QUESTION 250 WORDS MINDiscussion Q.docxSHIVA101531
 

Mehr von SHIVA101531 (20)

Answer the following questions in a minimum of 1-2 paragraphs ea.docx
Answer the following questions in a minimum of 1-2 paragraphs ea.docxAnswer the following questions in a minimum of 1-2 paragraphs ea.docx
Answer the following questions in a minimum of 1-2 paragraphs ea.docx
 
Answer the following questions using scholarly sources as references.docx
Answer the following questions using scholarly sources as references.docxAnswer the following questions using scholarly sources as references.docx
Answer the following questions using scholarly sources as references.docx
 
Answer the following questions about this case studyClient .docx
Answer the following questions about this case studyClient .docxAnswer the following questions about this case studyClient .docx
Answer the following questions about this case studyClient .docx
 
Answer the following questions using art vocabulary and ideas from L.docx
Answer the following questions using art vocabulary and ideas from L.docxAnswer the following questions using art vocabulary and ideas from L.docx
Answer the following questions using art vocabulary and ideas from L.docx
 
Answer the following questions in a total of 3 pages (900 words). My.docx
Answer the following questions in a total of 3 pages (900 words). My.docxAnswer the following questions in a total of 3 pages (900 words). My.docx
Answer the following questions in a total of 3 pages (900 words). My.docx
 
Answer the following questions No single word responses (at lea.docx
Answer the following questions No single word responses (at lea.docxAnswer the following questions No single word responses (at lea.docx
Answer the following questions No single word responses (at lea.docx
 
Answer the following questions based on the ethnography Dancing Skel.docx
Answer the following questions based on the ethnography Dancing Skel.docxAnswer the following questions based on the ethnography Dancing Skel.docx
Answer the following questions based on the ethnography Dancing Skel.docx
 
Answer the following questions to the best of your ability1) De.docx
Answer the following questions to the best of your ability1) De.docxAnswer the following questions to the best of your ability1) De.docx
Answer the following questions to the best of your ability1) De.docx
 
Answer the following questionDo you think it is necessary to .docx
Answer the following questionDo you think it is necessary to .docxAnswer the following questionDo you think it is necessary to .docx
Answer the following questionDo you think it is necessary to .docx
 
Answer the following question. Use facts and examples to support.docx
Answer the following question. Use facts and examples to support.docxAnswer the following question. Use facts and examples to support.docx
Answer the following question. Use facts and examples to support.docx
 
Answer the bottom questions  in apa format and decent answer no shor.docx
Answer the bottom questions  in apa format and decent answer no shor.docxAnswer the bottom questions  in apa format and decent answer no shor.docx
Answer the bottom questions  in apa format and decent answer no shor.docx
 
Answer the following below using the EXCEL attachment. chapter 5.docx
Answer the following below using the EXCEL attachment. chapter 5.docxAnswer the following below using the EXCEL attachment. chapter 5.docx
Answer the following below using the EXCEL attachment. chapter 5.docx
 
Answer the following prompts about A Germanic People Create a Code .docx
Answer the following prompts about A Germanic People Create a Code .docxAnswer the following prompts about A Germanic People Create a Code .docx
Answer the following prompts about A Germanic People Create a Code .docx
 
Answer the following discussion board question below minumun 25.docx
Answer the following discussion board question below minumun 25.docxAnswer the following discussion board question below minumun 25.docx
Answer the following discussion board question below minumun 25.docx
 
Answer the following questions about IT Project Management. What.docx
Answer the following questions about IT Project Management. What.docxAnswer the following questions about IT Project Management. What.docx
Answer the following questions about IT Project Management. What.docx
 
Answer the following in at least 100 words minimum each1.Of.docx
Answer the following in at least 100 words minimum each1.Of.docxAnswer the following in at least 100 words minimum each1.Of.docx
Answer the following in at least 100 words minimum each1.Of.docx
 
Answer the following questions(at least 200 words) and responses 2 p.docx
Answer the following questions(at least 200 words) and responses 2 p.docxAnswer the following questions(at least 200 words) and responses 2 p.docx
Answer the following questions(at least 200 words) and responses 2 p.docx
 
Answer the following questions in a Word document and upload it by M.docx
Answer the following questions in a Word document and upload it by M.docxAnswer the following questions in a Word document and upload it by M.docx
Answer the following questions in a Word document and upload it by M.docx
 
Answer the following questions in complete sentences. Each answer sh.docx
Answer the following questions in complete sentences. Each answer sh.docxAnswer the following questions in complete sentences. Each answer sh.docx
Answer the following questions in complete sentences. Each answer sh.docx
 
ANSWER THE DISCUSSION QUESTION 250 WORDS MINDiscussion Q.docx
ANSWER THE DISCUSSION QUESTION 250 WORDS MINDiscussion Q.docxANSWER THE DISCUSSION QUESTION 250 WORDS MINDiscussion Q.docx
ANSWER THE DISCUSSION QUESTION 250 WORDS MINDiscussion Q.docx
 

Kürzlich hochgeladen

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...RKavithamani
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 

Kürzlich hochgeladen (20)

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 

Security architecture principles isys 0575general att

  • 1. Security Architecture Principles ISYS 0575 General Attack Process Recon Weaponize Deliver Exploit Control Execute AssetAgent Maintain Proactive Detection and Mitigation Containment and Incident Response “Kill Chain” What is Architecture? Architecture (Latin architectura, from the Greek ἀρχιτέκτων
  • 2. arkhitekton "architect," from ἀρχι- "chief" and τέκτων "builder") is both the process and the product of planning, designing and constructing buildings and other physical structures. Architecture can mean: Different Things to Different People ● A general term to describe buildings and other physical structures ● The art and science of designing buildings and (some) nonbuilding structures ● The style of design and method of construction of buildings and other physical structures ● Knowledge of art, science, technology, and humanity ● The practice of the architect, where architecture means offering or rendering professional services in connection with the design and construction of buildings, or built environments Traditional Security Architecture Starts With the perimeter Network-centric Versus data-centric If work from home and BYOD didn’t kill the perimeter, Cloud
  • 3. certainly did. Sherwood Applied Business Security Architecture Other Architectures Zachman The Open Group Architecture Framework (TOGAF) Modern Architectural View Then Account for the Agile Defense in Depth Another Perspective Horizontal defense in depth - Controls are placed in various places in the path of access for an asset Vertical defense in depth - Control sare placed at different system layers - hardware, OS, application, database
  • 4. Effective Defense in Depth Planning and understanding of each control types strengths and weaknesses and how controls interact. What vulnerabilities are addressed by each layer? How does the layer mitigate the vulnerability? How do controls interact with or depend on the other controls? Security Controls Information Flow Control or Firewalls System or systems that enforce a boundary between one or more networks General features ● Block access to sites on Internet ● Limit traffic on an organization's public service segment to ports and addresses ● Prevent users from accessing certain servers or services ● Monitor and record communications between internal and external networks ● Encrypt packets sent between different physical locations (VPN)
  • 5. Types of Firewall Packet filtering Application firewall Stateful inspection Next generation And web application firewall Isolation and Segmentation Logging and Monitoring What should we log? ● Time of event ● CRUD ● Startup / Shutdown ● Login / Logout (Failures) ● Errors / Violations Challenges of Logs ● Too much data ● Difficulty searching ● Improper configuration ● Modification of logs (integrity)
  • 6. SIEM IDS / IPS Approaches ● Signature ● Statistical ● Neural Network Don’t forget HIPS/HIDS Antivirus / Antimalware Approaches ● Signature ● Heuristic ● Nextgen Security Controls Introduction to Information Security Management ISYS 0575
  • 7. Agenda ● Introductions ● Syllabus review ● Class format ● Intro to Information Security Scott Eigenhuis ● Will respond to ○ Mr. Eigenhuis ○ Professor Eigenhuis ○ Professor Scott ● [email protected] ● Office ○ BUS 309 ○ Monday 5:30 to 6:30 Career Path Liberty University - BS in Journalism, minor in Linguistics University of San Francisco - Masters in Information Systems E
  • 8. du ca tio n W or k ... Class Format ● Lecture / Discussion / Demonstrations ○ Credit for participation ● Quiz at end of class ○ Requires computer ○ Graded ○ Includes reading and lecture ● Two in class essays (TBD) ● One group project (TBD) What I do Information Security Officer Manage the Information Security and Privacy team and
  • 9. programs for my company Work with auditors, engineers, privacy, and legal to evaluate and manage security and privacy risk. Implement, operate and monitor security controls. Detect and respond to security incidents. Remaining a viable business requires that we protect our intellectual property, customer and employee data. What? How? Why? The Security Triad Confidentiality Integrity Availability Different Aspects of Security Information Security deals with information, regardless of its format—it encompasses paper documents, digital and intellectual property in people’s minds, and verbal or visual communications. Cybersecurity is concerned with protecting digital assets— everything from
  • 10. networks to hardware and information that is processed, stored or transported by internetworked information systems. Privacy is additionally concerned with the data subject's right to control information. Notice, choice and consent, data subject access. The Creepiness Factor. Often has legal focus. Security Compliance evaluates a company's stance against requirements. Relationship of Security Domains Information Security Application Security Critical Infrastructure Protection Network Security Internet Security Cybersecurity Cybercrime Cybersafety Source: ISO/IEC 27032:2012
  • 11. Security Jobs CISO Compliance Analyst Application Security Engineer Information Security Architect Network Security Engineer Incident Responder Security Analyst Penetration Tester Auditor Privacy Officer / Analyst Forensics Specialist Cryptographer / Cryptanalyst CSO Sales Engineer Security Researcher Skills Gap in Information Security Source: ISACA 2018 State of Cybersecurity Study
  • 12. Situational Awareness stakeholders controls vulnerabilities assetsthreats threat agents risk value wish to minimize impose to reduce that may be reduced by that may possess leading to that increase to wish to abuse and/or may damage may be aware of give rise to
  • 13. that exploit Source: ISO/IEC 27032:2012 Information Security Governance ● Governance is the responsibility of board and senior management ○ Strategic Direction ○ Ensure objectives are achieved ○ Risk management ○ Use of resources ● Risk management is conducted throughout the organization through assessment and implementation of controls ● Compliance is demonstration of the adherence to mandated laws and regulations Protecting the Digital Assets Identify – Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. Protect – Develop and implement appropriate safeguards to ensure delivery of critical services. Detect – Develop and implement appropriate activities to identify the occurrence
  • 14. of a cybersecurity event. Respond – Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. Recover – Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. Source: NIST Cybersecurity Framework 1.1 Information Security Objectives Confidentiality the protection of information from unauthorized disclosure. Integrity the protection of information from unauthorized modification. Availability the timely and reliable access to and use of information and systems. Nonrepudiation ensures that a message or information is genuine. CIA model and related impacts Requirement Impact and Consequence Methods of Controls Confidentiality ● Disclosure of information protected by law
  • 15. ● Loss of public confidence ● Loss of competitive advantage ● Access controls ● File permissions ● Encryption Integrity ● Inaccuracy ● Erroneous decisions ● Fraud ● Loss of compliance ● Access controls ● Logging ● Hashes ● Backups Availability ● Loss of productive time ● Loss of compliance ● Fines from regulators ● Highly available systems ● Business continuity and disaster recovery Information Security Roles Board of Directors Executive
  • 16. Management Senior Information Security Management Information Security Practitioners Information Security Concepts ISYS 0575 Objectives ● Review the CIA Triad ● Learn about risk, particularly security risk ● Understand the component parts that make up risk ● Learn about the interplay between the different components of risk ● Discuss the various risk treatment options ● Learn about basic controls ● Understand the different types of attacks The Security Triad Confidentiality Integrity Availability
  • 17. Security Concepts and Relationships stakeholders controls vulnerabilities assetsthreats threat agents risk value wish to minimize impose to reduce that may be reduced by that may possess leading to that increase to wish to abuse and/or may damage may be aware of
  • 18. give rise to that exploit Source: ISO/IEC 27032:2012 Terms and Definitions Risk — The combination of probability of an event and impact. P x I = R Threat — Anything that is capable of acting against an asset and causing harm. Asset — Something of either tangible or intangible value that is worth protecting. Vulnerability — A weakness that exposes the asset to adverse impact. Inherent risk — The risk level without taking into account management actions to protect against the risk. Residual Risk — The risk remaining after accounting for management risk response. Security Concepts and Relationships stakeholders
  • 19. controls vulnerabilities assetsthreats threat agents risk value wish to minimize impose to reduce that may be reduced by that may possess leading to that increase to wish to abuse and/or may damage may be aware of give rise to that exploit
  • 20. Source: ISO/IEC 27032:2012 Risk Frameworks COBIT 5 for Risk ISO 27005:2011 Information Security Risk Management NIST 800-30 Guide for Conducting Risk Assessments NIST 800-39 Managing Information Security Risk Risk Identification (Risk Scenarios) The development of risk scenarios from imagination or based on previous occurrences Top-down is based on business goals Bottom-up is based on specific events that are security related Likelihood and Impact Likelihood = Probability Absence of a known vulnerability doesn’t = 0 likelihood A vulnerability doesn’t mean there is a threat A vulnerability with no control and no management acceptance indicates a
  • 21. weakness in the overall program How do we quantify likelihood and impact? Approaches to Risk Subjective or objective? Risk tolerance Size and scope of the environment in question How much data do you have available? Risk versus issue Approaches to Managing Security Risk Ad hoc — implement controls with no particular criteria. Compliance-based — Implement the controls regardless of need. Risk-based — design the controls based on identified risk. Risk Treatment Avoidance means management decides not to engage in the activity that creates the risk. Acceptance means management acknowledges the risk, but proceeds with the activity without taking any action.
  • 22. Mitigation involves management implementing controls to reduce the risk. Transference means that management lets another party take the risk. Security Concepts and Relationships stakeholders controls vulnerabilities assetsthreats threat agents risk value wish to minimize impose to reduce that may be reduced by that may possess leading to
  • 23. that increase to wish to abuse and/or may damage may be aware of give rise to that exploit Source: ISO/IEC 27032:2012 Threat Agents European Union Agency for Network and Information Security (ENISA) conducts ongoing evaluation of the threat landscape. Common Agents: ● Corporations ● Criminals ● Terrorists ● Nation States ● Insiders ● Hactivists ● Script Kiddies ENISA Threat Landscape
  • 24. Security Concepts and Relationships stakeholders controls vulnerabilities assetsthreats threat agents risk value wish to minimize impose to reduce that may be reduced by that may possess leading to that increase to wish to abuse and/or may damage may be aware of
  • 25. give rise to that exploit Source: ISO/IEC 27032:2012 Security Controls Types of controls Preventative, Detective, Responsive Administrative, Technical, Physical Security Policy Policy hierarchy Policy Standards Procedures Guidelines Attack Attributes Risk is potential activity, an attack is the occurence of a threat. The asset is the attackers target.
  • 26. Path to target is the attack vector. Ingress is the focus of most attack analysis. Egress or data exfiltration is the objective of some attackers. An exploit is used to take advantage of a vulnerability. General Attack Process Recon Weaponize Deliver Exploit Control Execute AssetAgent Maintain Proactive Detection and Mitigation Containment and Incident Response “Kill Chain”
  • 27. Nonadversarial Threat Event Mishandling of critical information Incorrect privilege Fire, flood, hurricane, earthquake Disk errors or other equipment failure Malware Worm - Confiker - 9 Million PCs Virus - I Love You Trojan Horse - Zeus Ransomeware - WannaCry Root Kit - Sony BMG Social Engineering Impersonation Phishing (and spear phishing) Other Attacks Advanced Persistent Threat (APT) Web attacks