Scribd Logo
Upload

Welcome to Scribd!

  • On Unit 1

    Uploaded by

    Krishna Devi
    32 views97 pages
    This document discusses key concepts in cyber security including: - The importance of protecting confidential information stored and transmitted over computer networks and the internet. - The goals of cyber security being to secure information and information systems from potential online threats through specific measures like protecting applications, privacy, and from online predators. - The need for security risk analysis to identify assets, threats, vulnerabilities and their likelihoods in order to implement risk management and justified security controls.

    Original Description:

    Original Title

    PPT ON UNIT 1

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses key concepts in cyber security including: - The importance of protecting confidential information stored and transmitted over computer networks and the internet. - The goals of cyber security being to secure information and information systems from potential online threats through specific measures like protecting applications, privacy, and from online predators. - The need for security risk analysis to identify assets, threats, vulnerabilities and their likelihoods in order to implement risk management and justified security controls.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    32 views97 pages

    On Unit 1

    Uploaded by

    Krishna Devi
    This document discusses key concepts in cyber security including: - The importance of protecting confidential information stored and transmitted over computer networks and the internet. - The goals of cyber security being to secure information and information systems from potential online threats through specific measures like protecting applications, privacy, and from online predators. - The need for security risk analysis to identify assets, threats, vulnerabilities and their likelihoods in order to implement risk management and justified security controls.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 97

    CYBER SECURITY

    NOTES ON
    UNIT 1
    DEVELOPMENT OF
    INFORMATION SYSTEM
    WATERFALL MODEL
    PROTOTYP
    E MODEL
    INCREMENTA
    L MODEL
    THREATS TO
    INFORMATIO
    N SYSTEM
    CYBER
    SECURIT
    Y
    DIFFERENCE BETWEEN
    INFORMATION SECURITY
    AND CYBER SECURITY
    Security
    Services
    • enhance security of data processing systems and information
    transfers of an organization
    • intended to counter security attacks
    • using one or more security mechanisms
    Security
    •Services
    Authentication assurance that the
    communicating
    - entity is the one claimed
    • Access Control - prevention the
    unauthorized
    of use of a resource
    • Data Confidentiality –protection of data
    from unauthorized disclosure
    • Data Integrity - assurance that data is delivered
    to the intended recipient without
    any modification
    • Non-Repudiation - protection against denial by
    one of the parties in a communication
    Need for information
    •Security
    The purpose of information security management is to
    ensure business continuity and reduce business
    damage by preventing and minimizing the impact of
    security incidents.
    • The Audit Commission Update report (1998) shows that
    fraud or cases of IT abuse often occur due to the
    absence of basic controls, with one half of all detected
    frauds found by accident.
    • An Information Security Management System
    (ISMS) enables information to be shared, ensuring
    the protection of information and computing assets.
    Benefits of
    •ISMS
    ISMS is a standard of International standard of
    organization(ISO),which compatible with other standards
    prevailing in the market
    • Helps to protect and secure information in an organization
    because information is its virtual resource
    • Maintain the security of data and information
    • Protect and maintain integrity, confidentiality and availability of
    information.
    • Provide efficient organizational management.
    • Provide high –level information security
    • Encouraging clients including individual and
    other
    organization , to invest in an organization.
    Information
    Assurance
    • Information assurance defines and applies a collection of
    policies, standards, methodologies, services, and
    mechanisms to maintain mission integrity with respect to
    people, process, technology, information, and supporting
    infrastructure.
    • Information assurance for
    integrity, availability, possession, confidentiality,
    provides
    nonrepudiation, authorized use, and privacy
    utility, of authenticity,
    information
    in all forms and during all exchanges.
    IA Core
    •Principles
    Confidentiality
    – ensures the disclosure of information only Integrity
    – ensures that information remains in its original
    form; information remains true to the creators intent
    • Availability
    – information or information resource is ready for
    use within
    stated operational parameters Possession
    – information or information resource remains in the custody
    of authorized personnel
    • Authenticity
    – information or information resources conforms to reality; it is
    not misrepresented as something it is not
    Scope of
    IA
    Information Assurance 3D
    Model
    Three Dimension(3D) of
    information security

    • Information state
    • Security services
    • Security countermeasures
    Security
    •Services
    Authentication assurance that the
    communicating
    - entity is the one claimed
    • Access Control - prevention the
    unauthorized
    of use of a resource
    • Data Confidentiality –protection of data
    from unauthorized disclosure
    • Data Integrity - assurance that data is delivered
    to the intended recipient without
    any modification
    • Non-Repudiation - protection against denial by
    one of the parties in a communication
    Security Countermeasures
    .
    1) Technology
    Technology is ever evolving. Technology
    encompasses more than the adjunctive crypto
    systems of the past.
    Technology, in a security context now includes
    hardware, software and firmware that comprise a
    system or network.
    Technology, from a security perspective now
    includes devises such are firewalls, routers,
    intrusion detection monitors, and other security
    components.
    2. Policy and Practices : Operations, as a
    security countermeasure, goes beyond policy
    and practices required for use in secure
    systems.
    Operations encompass the procedures
    employed by system users, the configurations
    implemented by system administrators, as well
    as conventions invoked by software during
    specified system operations.
    Operations also address areas such as
    personnel and operational security.
    3. People
    People are the heart and soul of secure systems.
    People require awareness, literacy, training and
    education in sound security practices in order for
    systems to be secured.
    This progression in thinking has been described as a
    continuum upon which system users, designers, as
    well as security professionals increase their
    knowledge and understanding of IA.
    We can characterize the people component by
    describing it as the action users take. Do they follow
    the policy? What happens when they are confronted
    by a new situation that is not addressed by the
    policy?
    Information Assurance(IA)
    vs Information Security
    • Both involve people, processes, techniques, and technology
    Information assurance and information security are often
    used interchangeably (incorrectly)
    • Information Security is focused on the confidentiality, integrity,
    and availability of information (electronic and non- electronic)
    • IA has broader connotations and explicitly includes reliability,
    access control, and nonrepudiation as well as a strong
    emphasis on strategic risk management
    • ISO information security management standards (ISMS) are
    more closely aligned with IA
    Why is Cyber Security
    Important?
    • Governments, military, corporations, financial
    institutions, hospitals and other businesses collect,
    process and store a great deal of confidential
    information on computers and transmit that data
    across networks to other computers.
    • With the growing volume and sophistication of
    cyber attacks, ongoing attention is required to
    protect sensitive business and personal information,
    as well as safeguard national security.
    Cyber
    • Security
    Cyber security is the protection of information and
    information systems against the potential threats on
    the internet
    • Cyber security means securing the information
    related to the use of internet
    • Security on the internet must involve information or
    information system.
    • Specific measure to maintain cyber security
    • Viruses and identity threat
    • Protection of application s and individual privacy
    • Protection from online Predators and cyberbullies
    Security Risk
    • Risk: a quantified measure of the likelihood of a threat being
    Analysis
    realised.
    • Risk Analysis involves the identification and assessment of
    the levels of risk, calculated from
    • Values of assets
    • Threats to the assets
    • Their vulnerabilities and likelihood of exploitation
    • Risk Management involves the identification, selection and
    adoption of security measures justified by
    • The identified risks to assets
    • The reduction of these risks to acceptable levels
    • Security risk analysis, otherwise known as risk
    assessment, is fundamental to the security of any
    organization. It is essential in ensuring that controls
    and expenditure are fully commensurate with the
    risks to which the organization is exposed.
    Goals of Risk
    Analysis
    • All assets have been identified
    • All threats have been identified
    • Their impact on assets has been valued
    • All vulnerabilities have been identified and assessed
    Key elements of risk
    analysis
    • Impact statement
    • Effectiveness measure
    • Recommended countermeasures
    Risk
    Assessment
    Business Objectives:

    • FOCUS on key assets


    • PROTECT against likely threats
    • PRIORITISE future actions
    • BALANCE cost with benefits
    • IDENTIFY / JUSTIFY appropriate
    Risk
    Impact
    • Monetary losses
    • Loss of personal privacy
    • Loss of commercial confidentiality
    • Legal actions
    • Public embarrassment
    • Danger to personal safety
    Risk Analysis
    Steps
    • Decide on scope of analysis
    • Set the system boundary
    • Identification of assets & business processes
    • Identification of threats and valuation of their impact on
    assets (impact valuation)
    • Identification and assessment of vulnerabilities to
    threats
    • Risk assessment
    Problems of Measuring
    Risk
    Businesses normally wish to measure in money, but
    • Many of the entities do not allow this
    • Valuation of assets
    • Value of data and in-house software - no market value
    • Value of goodwill and customer confidence
    • Likelihood of threats
    • How relevant is past data to the calculation of future probabilities?
    • The nature of future attacks is unpredictable
    • The actions of future attackers are unpredictable
    • Measurement of benefit from security measures
    • Problems with the difference of two approximate quantities
    • How does an extra security measure affect a ~10-5
    probability of attack?

    You might also like