SlideShare ist ein Scribd-Unternehmen logo

Introduction to Cybersecurity.pdf

S
ssuserf98dd4

cyber security useful

Technologie
1 von 15
Downloaden Sie, um offline zu lesen
Introduction to Cybersecurity Security is protection. Protection from threat actors. Those who will harm, intentionally or otherwise.
WHAT IS CYBERSECURITY? Cybersecurity refers to the body of technologies, processes, and practices designed to protect networks, devices, software, and data. These are protected from attack, damage, or unauthorized access. Cybersecurity Models form the basis for each cybersecurity implementation. • Organizations that use firewalls as the primary means of security are based on a perimeter security model • Organizations that implement a variety of security mechanisms are based upon a layered defense model Each cybersecurity design makes key assumptions: 1. What is fully trusted, partially trusted, and what is not trusted 2. Who has access to what valued assets The model enables governance frameworks to serve as more effective and applicable guidance for protecting the computing environment. These are implemented as Security Policy → Security Model → People, Process, Technology 2
Why do we need cybersecurity? Components of information security: • Computer Security • Data Security • Governance • Management Systems • Network Security • Policy The pillars of information security: • Confidentiality • Integrity • Availability Known as the C.I.A Triad 3
CYBERSECURITY GOVERNANCE • The typical driver for cybersecurity governance remains the prevention of fraud and abuse • Prevention of abuse and fraud have led to increased regulations, standards, and guidelines. • Organizations now pay greater attention to governance, which has changed the dynamics of information security management. • Computer crimes & cyber attacks are on the rise, many of which are perpetrated using social engineering techniques. • Building security awareness into the governance structure has become essential. • Information security professionals are faced with ever-evolving technologies. These include sophisticated and determined cybercriminals and a blended threat landscape. • Even those security practitioners who work in non-regulated environments are expected to follow a common set of practices, criteria, and standards. • An understanding of the laws, regulations, and standards that apply to the field of information security is essential. • The most common frameworks are the National Institute of Standards and Technology (NIST) and International Organization for Standardization (ISO 27001 and ISO 27002). 4
CYBERSECURITY CONTROL FAMILIES (Based on ISO 27001) • Access Control • Awareness and Training • Audit and Accountability • Security Assessment and Authorization • Configuration Management • Contingency Planning • Identification and Authentication • Incident Response • Maintenance • Media Protection • Physical and Environmental Protection • Planning • Personnel Security • Risk Assessment • System and Services Acquisition • System and Communications Protection • System and Information Integrity • Program Management 5
6 KEY INFORMATION SECURITY CONCEPTS • Access – A subject of objects ability to use, manipulate, modify, or affect another subject or object. • Asset – The resources that are being protected - workstation, servers, and network devices. • Attack – A intentional or unintentional act that can damage or compromise information systems. • Control, Safeguard, or Countermeasure – The security mechanisms, policies, or procedures that counter attacks, reduce risk, and resolve vulnerabilities • Exploit – A technique used to compromise a system. • Exposure – A state of being exposed when a vulnerability exist. • Loss – A instance of an information asset suffering damage. • Risk – The probability of an unwanted experience such as a loss. • Subject and Object – These people and assets in the IT infrastructure. • Threat – The danger to an information asset. • Vulnerability – A weakness or fault in a system or protection mechanism.
7 THETHREE DIMENTIONS OFTHE CYBERSECURITY CUBE Manage Protection • Domains • Internet • Network Three foundational principles: • Information States • Critical Information Characteristics • Security Measures. Information states include Transmission, storage, and processing. Critical Information Characteristics include confidentiality, integrity, and availability. Security Measures include technology, policies and practice, and the education, training, and awareness of people.
8 BALANCING INFORMATION SECURITY AND ACCESS Manage Access • Applications • Data • Encryption • Network The risk with people and information is balancing between access to information assets, threats, and vulnerabilities.
9 SECURITY PROFESSIONALS ANDTHE ORGANIZATION The Information Security Program • Professional Training • System Requirements • System Design • Implementation • Verification • Release • Incident Response Thinking about security helps to cut through the information overload. Incorporating cybersecurity frameworks, patterns, and best practices help to create a defense in-breath security paradigm. A skilled workforce helps to drive cybersecurity governance in the organization.
10 THE CYBERSECURITY KILL CHAIN Stop The Threat A framework that is part of the Intelligence Driven Defense model for identification and prevention of cyber intrusions. This model identifies what the threat actor must complete in order to achieve their objective. The seven steps enhance visibility into an attack and enrich professionals with the understanding of an actor’s tactics, techniques, and procedures.
11 NIST CYBERSECURITY FRAMEWORK
12 IMPLEMENTING STRATEGIC CYBERSECURITY GOVERNANCE
13 CRITICALTHINKING FOR SITUATIONAL & OPERATIONAL INTELLIGENCE Identify Protect Detect Respond Recover Reconnaissance X Weaponization Delivery Exploitation Installation Command & Control Actions on Objectives Deny Degrade Disrupt Deceive Destroy
14 PUTTING IT ALLTOGETHER Basic intro to what cyber security is today What does the Enterprise need to do to protect itself via People, Process, Tech Start working in the field Intro Hands-on Tech Enterprise: P, P, T Frameworks Ready to Start! Learn the basics of the CLI and how to hack like malicious players Learn the basics of the NIST Cyber Security Framework
THANKYOU

Empfohlen

chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxkevlekalakala
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxdotco
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxTechnocracy2
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 

Empfohlen

chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxkevlekalakala
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxdotco
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxTechnocracy2
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdfRimurutempest594985
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Information security
Information securityInformation security
Information securityPraveen Minz
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
ISM-CS5750-01.pptx
ISM-CS5750-01.pptxISM-CS5750-01.pptx
ISM-CS5750-01.pptxRashidSahito1
 
Information security
Information security Information security
Information security razendar79
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGIT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGThumilvannanSambanda
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Conceptsprimeteacher32
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1Royalzig Luxury Furniture
 
Security, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSecurity, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSheldon Byron
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012RECIPA
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...360 BSI
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introductionyuliana_mar
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 

Weitere ähnliche Inhalte

Ähnlich wie Introduction to Cybersecurity.pdf

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Information security
Information securityInformation security
Information securityPraveen Minz
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Information security
Information security Information security
Information security razendar79
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGIT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGThumilvannanSambanda
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Conceptsprimeteacher32
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Security, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSecurity, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSheldon Byron
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012RECIPA
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...360 BSI
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introductionyuliana_mar
 

Ähnlich wie Introduction to Cybersecurity.pdf (20)

1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Information security
Information securityInformation security
Information security
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Information Security
Information Security Information Security
Information Security
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
ISM-CS5750-01.pptx
ISM-CS5750-01.pptxISM-CS5750-01.pptx
ISM-CS5750-01.pptx
 
Information security
Information security Information security
Information security
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
 
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGIT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Concepts
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
Security, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSecurity, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptx
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introduction
 

Kürzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Kürzlich hochgeladen (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Introduction to Cybersecurity.pdf

  • 1. Introduction to Cybersecurity Security is protection. Protection from threat actors. Those who will harm, intentionally or otherwise.
  • 2. WHAT IS CYBERSECURITY? Cybersecurity refers to the body of technologies, processes, and practices designed to protect networks, devices, software, and data. These are protected from attack, damage, or unauthorized access. Cybersecurity Models form the basis for each cybersecurity implementation. • Organizations that use firewalls as the primary means of security are based on a perimeter security model • Organizations that implement a variety of security mechanisms are based upon a layered defense model Each cybersecurity design makes key assumptions: 1. What is fully trusted, partially trusted, and what is not trusted 2. Who has access to what valued assets The model enables governance frameworks to serve as more effective and applicable guidance for protecting the computing environment. These are implemented as Security Policy → Security Model → People, Process, Technology 2
  • 3. Why do we need cybersecurity? Components of information security: • Computer Security • Data Security • Governance • Management Systems • Network Security • Policy The pillars of information security: • Confidentiality • Integrity • Availability Known as the C.I.A Triad 3
  • 4. CYBERSECURITY GOVERNANCE • The typical driver for cybersecurity governance remains the prevention of fraud and abuse • Prevention of abuse and fraud have led to increased regulations, standards, and guidelines. • Organizations now pay greater attention to governance, which has changed the dynamics of information security management. • Computer crimes & cyber attacks are on the rise, many of which are perpetrated using social engineering techniques. • Building security awareness into the governance structure has become essential. • Information security professionals are faced with ever-evolving technologies. These include sophisticated and determined cybercriminals and a blended threat landscape. • Even those security practitioners who work in non-regulated environments are expected to follow a common set of practices, criteria, and standards. • An understanding of the laws, regulations, and standards that apply to the field of information security is essential. • The most common frameworks are the National Institute of Standards and Technology (NIST) and International Organization for Standardization (ISO 27001 and ISO 27002). 4
  • 5. CYBERSECURITY CONTROL FAMILIES (Based on ISO 27001) • Access Control • Awareness and Training • Audit and Accountability • Security Assessment and Authorization • Configuration Management • Contingency Planning • Identification and Authentication • Incident Response • Maintenance • Media Protection • Physical and Environmental Protection • Planning • Personnel Security • Risk Assessment • System and Services Acquisition • System and Communications Protection • System and Information Integrity • Program Management 5
  • 6. 6 KEY INFORMATION SECURITY CONCEPTS • Access – A subject of objects ability to use, manipulate, modify, or affect another subject or object. • Asset – The resources that are being protected - workstation, servers, and network devices. • Attack – A intentional or unintentional act that can damage or compromise information systems. • Control, Safeguard, or Countermeasure – The security mechanisms, policies, or procedures that counter attacks, reduce risk, and resolve vulnerabilities • Exploit – A technique used to compromise a system. • Exposure – A state of being exposed when a vulnerability exist. • Loss – A instance of an information asset suffering damage. • Risk – The probability of an unwanted experience such as a loss. • Subject and Object – These people and assets in the IT infrastructure. • Threat – The danger to an information asset. • Vulnerability – A weakness or fault in a system or protection mechanism.
  • 7. 7 THETHREE DIMENTIONS OFTHE CYBERSECURITY CUBE Manage Protection • Domains • Internet • Network Three foundational principles: • Information States • Critical Information Characteristics • Security Measures. Information states include Transmission, storage, and processing. Critical Information Characteristics include confidentiality, integrity, and availability. Security Measures include technology, policies and practice, and the education, training, and awareness of people.
  • 8. 8 BALANCING INFORMATION SECURITY AND ACCESS Manage Access • Applications • Data • Encryption • Network The risk with people and information is balancing between access to information assets, threats, and vulnerabilities.
  • 9. 9 SECURITY PROFESSIONALS ANDTHE ORGANIZATION The Information Security Program • Professional Training • System Requirements • System Design • Implementation • Verification • Release • Incident Response Thinking about security helps to cut through the information overload. Incorporating cybersecurity frameworks, patterns, and best practices help to create a defense in-breath security paradigm. A skilled workforce helps to drive cybersecurity governance in the organization.
  • 10. 10 THE CYBERSECURITY KILL CHAIN Stop The Threat A framework that is part of the Intelligence Driven Defense model for identification and prevention of cyber intrusions. This model identifies what the threat actor must complete in order to achieve their objective. The seven steps enhance visibility into an attack and enrich professionals with the understanding of an actor’s tactics, techniques, and procedures.
  • 13. 13 CRITICALTHINKING FOR SITUATIONAL & OPERATIONAL INTELLIGENCE Identify Protect Detect Respond Recover Reconnaissance X Weaponization Delivery Exploitation Installation Command & Control Actions on Objectives Deny Degrade Disrupt Deceive Destroy
  • 14. 14 PUTTING IT ALLTOGETHER Basic intro to what cyber security is today What does the Enterprise need to do to protect itself via People, Process, Tech Start working in the field Intro Hands-on Tech Enterprise: P, P, T Frameworks Ready to Start! Learn the basics of the CLI and how to hack like malicious players Learn the basics of the NIST Cyber Security Framework