Professional Documents
Culture Documents
Fundamentals of Information Security
Fundamentals of Information Security
com
HAVPUXGTL1
Foundations of Information
Security
✔CIA triad
✔Overview of cyber space
✔Risk management
✔Motives behind attacks
chandrakakumanu85@gmail.com
HAVPUXGTL1
Confidentiality
chandrakakumanu85@gmail.com
HAVPUXGTL1
Integrity Availability
• Only the authorized entity can access or read the data, objects
or resources.
chandrakakumanu85@gmail.com
HAVPUXGTL1
• Only the authorized entity can alter the data, objects &
resources.
Alert (A22-057A)
• According to SentinelLabs, the malware targets Windows devices, manipulating the master
boot record, which results in subsequent boot failure.
This file is meant for personal use by chandrakakumanu85@gmail.com only.
Sharing or publishing the contents in part or full is liable for legal action.
Availability
chandrakakumanu85@gmail.com
HAVPUXGTL1
chandrakakumanu85@gmail.com
HAVPUXGTL1
• The Internet backbone may be defined by the principal data routes between large,
strategically interconnected computer networks and core routers of the Internet.
Data Centers
Global Cloud
Cloud
chandrakakumanu85@gmail.com Infra
HAVPUXGTL1
Cyber Space
Critical
Infrastructure
Online
chandrakakumanu85@gmail.com
HAVPUXGTL1 Rights
Data
Privacy
Cyber
Security
Threats
chandrakakumanu85@gmail.com
HAVPUXGTL1
Risk
Vulnerabilities
Risk
The potential for damage when a threat exploits a vulnerability.
chandrakakumanu85@gmail.com
HAVPUXGTL1
Ransomware
Malware
This file is meant for personal use by chandrakakumanu85@gmail.com only.
Sharing or publishing the contents in part or full is liable for legal action.
Risk Analysis
chandrakakumanu85@gmail.com
HAVPUXGTL1
Risk Management is the process of identifying, analyzing, assessing, mitigating or transferring risk.
Integration
Improvement
chandrakakumanu85@gmail.com
HAVPUXGTL1 Design
Leadership &
Commitment
Evaluation Implementation
This file is meant for personal use by chandrakakumanu85@gmail.com only.
Sharing or publishing the contents in part or full is liable for legal action.
Risk Management
Ongoing Risk
Risk Mitigation
Monitoring / Response
• Reduce / Avoid
• Continuous Risk
• Transfer
Monitoring
• Accept / Reject
• Subjective in nature
• Uses words like “High”, “Medium” “Low” to describe the probability of the threat.
Probability (Likelihood)
chandrakakumanu85@gmail.com
HAVPUXGTL1
Impact (Consequence)
•
HAVPUXGTL1
Uses words like “High”, “Medium” “Low” to describe the probability of the threat.
chandrakakumanu85@gmail.com
HAVPUXGTL1
Causing
Organizational Adverse
Producing
Risk Impact
Accept
chandrakakumanu85@gmail.com
HAVPUXGTL1
Transfer
Avoid
Mitigate
• Refers to the risk remaining after all other known threats have been treated.
chandrakakumanu85@gmail.com
HAVPUXGTL1
Residual Risk
Security
Incident
Internal Threat
Audit Intelligence
chandrakakumanu85@gmail.com
HAVPUXGTL1 Vulnerability
Industry
Assessment Development
• Any act against the law in which, a computer or communication device or computer network is
used to commit or facilitate the commission of a cyber crime.
• US Department of State Diplomatic Security Service has issued a reward of 10 Million for
information on Russian GRU officers and hackers
• The hackers have been named in a poster created about this.
chandrakakumanu85@gmail.com
HAVPUXGTL1
Cyber Crime Price (in USD)
Product
SMS Spoofing 20/Month
Phishing Kit 20-200
Custom Spyware 200
Hacker-on-Hire 200+
Zero-Day in iOS 250,000
This file is meant for personal use by chandrakakumanu85@gmail.com only.
Sharing or publishing the contents in part or full is liable for legal action.
Cyber Crime
chandrakakumanu85@gmail.com
HAVPUXGTL1
• Financial gain
• Organized crime
• Hacktivism
• Extortion
• Competitive advantage
chandrakakumanu85@gmail.com
HAVPUXGTL1
Hacker Profile
People • >80% under 30
behind • started at young age
HAVPUXGTL1attacks
chandrakakumanu85@gmail.com
A call center • well educated
providing “Crime as • do NOT come from low socio-
a Service” economical background
chandrakakumanu85@gmail.com
HAVPUXGTL1
Challenge
Espionage
Money
chandrakakumanu85@gmail.com
HAVPUXGTL1
chandrakakumanu85@gmail.com
HAVPUXGTL1 Web Frameworks
IP Address
(PHP,Apache etc)
Your Company
Domains NetFlow
WHOIS Records
• An organization would get a Risk Score based on the findings in the attack surface monitoring tool.
• The score is a synonym of the credit score that an individual has.
• Higher the score, better the security of the organization.
• Monitoring the score of you and your vendors is critical for a safe security posture.
chandrakakumanu85@gmail.com
HAVPUXGTL1
chandrakakumanu85@gmail.com
HAVPUXGTL1