Hasan Sadiq

223604

Assignment 1:

Information Assurance

 Question no 1:

Summary of the main points covered

by the report in your own words

 The report was published in 1979 and provides recommendations for improving the security of com-
puter systems used by the Department of Defense (DoD) and other government agencies. The main
points covered in the report include the following:

 The need for a comprehensive security program: The report emphasizes the importance of establish-
ing a comprehensive security program that includes both technical and non-technical security mea-
sures.

 The importance of access controls: The report stresses the importance of access controls to prevent
unauthorized access to sensitive information.

 The need for secure communication protocols: The report recommends the use of secure communi-
cation protocols to protect information as it is transmitted across networks.

 The importance of monitoring and auditing: The report highlights the importance of monitoring and
auditing computer systems to detect and respond to security incidents.

 The need for training and awareness: The report recommends training and awareness programs to
educate users about security risks and best practices.
  The importance of physical security: The report emphasizes the need for physical security measures,
such as secure facilities and access controls, to protect computer systems from physical attacks.

 Overall, the report highlights the need for a comprehensive approach to computer security that in-
cludes technical and non-technical measures to protect computer systems and the information they
contain.

 Question no 2:
following security technologies work (preferably
with diagrams)

a) Cyber Threat Intelligence:

 Cyber Threat Intelligence (CTI) is the practice of collecting and analyzing informa-
tion about cyber threats and vulnerabilities to better understand and predict po-
tential attacks. CTI can help organizations identify and mitigate potential threats
before they can cause harm. The CTI process involves four stages: Collection,
Processing, Analysis, and Dissemination.

 Collection: This involves gathering information from a wide range of sources, in-
cluding open-source intelligence, internal data sources, and third-party feeds.
 Processing: The collected information is processed to remove irrelevant or re-
dundant data and to categorize the remaining data into various threat cate-
gories.
 Analysis: The processed information is analyzed to identify trends, patterns, and
potential threats. Analysts use a range of techniques, including statistical analysis
and machine learning algorithms, to identify potential attacks.
 Dissemination: The analyzed information is disseminated to relevant stakehold-
ers, including security teams, executives, and other decision-makers.
 (B)

SIEM is a security technology that provides real-time analysis of security alerts gener-
ated by network hardware and applications. SIEM collects security-related data from
various sources, including log files, network devices, and applications. SIEM aggre-
gates and correlates this data to identify security incidents, threats, and vulnerabili-
ties.

SIEM systems typically consist of three main components: data collection, analysis,
and reporting.

Data Collection: SIEM systems collect security-related data from various sources, in-
cluding log files, network devices, and applications. This data is normalized and cate-
gorized to facilitate analysis.
Analysis: SIEM systems analyze the collected data to identify patterns, trends, and po-
tential threats. This includes detecting anomalies, identifying suspicious behavior, and
correlating events to identify potential attacks.
Reporting: SIEM systems generate reports that summarize security incidents, threats,
and vulnerabilities. These reports can be used by security teams to identify and re-
spond to potential threats.

(C)

Security Operations Center (SOC):

A Security Operations Center (SOC) is a centralized unit that provides 24/7 monitoring
and management of an organization's security systems. SOC typically consists of
three main components: people, processes, and technology.
People: SOC teams typically consist of security analysts, incident responders, and
other security professionals who monitor and respond to security incidents.
Processes: SOC teams follow established processes and procedures for incident de-
tection, investigation, and response. These processes are designed to ensure a timely
and effective response to potential security incidents.
Technology: SOC teams use a range of security technologies, including SIEM, intrusion
detection and prevention systems (IDPS), and advanced threat intelligence tools to
detect and respond to potential security incidents.

(D) Trusted Computing:

Trusted Computing is a security technology that aims to provide a secure and trusted
computing environment. It involves the use of hardware and software components
that work together to ensure the integrity and security of the computing environ-
ment.

Trusted Computing is based on three main components: a Trusted Platform Module

(TPM), a trusted boot process, and trusted execution environments (TEEs).

Trusted Platform Module (TPM): TPM is a hardware component that provides secure
storage and processing of cryptographic keys and other sensitive information.
Trusted Boot Process: Trusted boot process ensures that only trusted software is
loaded during the boot process. This involves verifying the integrity of the boot
loader, operating system, and other software components.
Trusted Execution Environments (TEEs): TEEs provide a secure environment for run-
ning sensitive applications. This involves isolating the application from the rest of the
system and providing a secure communication channel between the application
------------------------------------------------------------------------