Professional Documents
Culture Documents
Cyber Sec 1
Cyber Sec 1
Cyber Sec 1
CYBER SECURITY
Amity Business School
3
Amity Business School
INFORMATION
4
Amity Business School
RELEVENT TRANSPARENT
5
INFORMATION SYSTEMS
Amity Business School
H
SOFTWARE A
R
D
W
A
R
E
TECHNOLOGY
PEOPLE
PROCESS
6
Amity Business School
AT
TH
G E N
N E I S
L E C I
A L FA LD
H S O R TY
C ON W RI
IN T I L CU
M A A I A
E I S I G S E
N
TH GA ’S D ION
OR DAY MAT
TO FOR
IN 7
SECURITY Amity Business School
SAFEGUARDING
AGAINST ANY
ADVERSARIES
WHICH CAN BE
MAN MADE OR
NATURAL
8
Amity Business School
L E S
A RI
U R A
T R S
A
N V E
A D
9
Amity Business School
10
Amity Business School
11
Amity Business School
1. Sensitive data
2. Affected parties
3. Controlled access
12
Amity Business School
SENSITIVE DATA :
• Identity
• Finance matters
• Details of bank account
• Legal matters
• Medical reports
• Voting, opinions
13
Amity Business School
14
Amity Business School
CONFIDENTIALITY
SECURITY GOALS
15
CONFIDENTIALITY Amity Business School
• BANK ACCOUNT NO
• SSN
INTELLECTUAL PROPERTY:
16
Amity Business School
AND
NCY
SI STE
N
S CO
EAN
M
RITY
EG CY
INT URA
C
AC
T ED
U P N
RR IO
C O AT
U N RM
O
I D, INF
AL E
V T
I N RA
NTA CU
A I AC
M D
AN
17
GOAL THREAT
UPTIME
DOWN TIME
AVALIBILITY
19
Amity Business School
COMPUTER RELATED
PRIVACY PROBLEMS
20
Amity Business School
Information Information
Collection Usage
Informat
ion
Retenti
on
Policy
change Informat
ion
Disclos
ure
Monitori Informat
Access
ng ion
control
security
21
Amity Business School
ess
ren
wa
of a
k
Lac
22
Amity Business School
ss
ce
t ac
ne
r
te
in
n
pe
eo
id
W
23
Amity Business School
ffic
tra
ork
tw
Ne
24
Amity Business School
ts
orp
en
Op
orts
p
p en
O
25
ds
Amity Business School
or
w
ss
pa
sy
Ea
26
Threats in Network What makes aAmity Business School
Network Vulnerable?
sharing
Many
points
of
Unknow attack
What
n path
makes
network
vunrable
anonimity
Unknow
n Comple
permim xity of
eter system
27
Amity Business School
28
Amity Business School
29
Amity Business School
Port scan
Pinging
1. Which standard ports are up and services are running and answering on the
target system.
2. Which operating system is installed on target machine?
30
Amity Business School
31
Amity Business School
32
Amity Business School
33
Amity Business School
Threats in Transit:
• EAVESDROPPING
• WIRETAPPING
34
Amity Business School
35
Amity Business School
1. Risk assessment,
36
Amity Business School
RISK ASSESSMENT
38
The risk assessment methodology encompasses nine primary steps,
which are described as under:
Amity Business School
• System Characterization
• Threat Identification
• Vulnerability Identification
• Control Analysis
• Likelihood Determination
• Impact Analysis
• Risk Determination
• Control Recommendations 39
Amity Business School
40
Amity Business School
41
Amity Business School
42
Amity Business School
Phase 1—Initiation
The need for an IT system is expressed and the purpose and scope of the IT
system is documented
• Identified risks are used to support the development of the system requirements,
including security requirements, and a security concept of operations (strategy)
• The risks identified during this phase can be used to support the security
analyses of the IT system that may lead to architecture and design tradeoffs
during system development
43
Amity Business School
Phase 3—Implementation
44
Amity Business School
Phase 4—Operation or Maintenance
The system performs its functions. Typically the system is being modified on an
ongoing basis through the addition of hardware and software and by changes to
organizational processes, policies, and procedures
• Risk management activities are performed for periodic system reauthorization (or
reaccreditation) or whenever major changes are made to an IT system in its
operational, production environment (e.g., new system interfaces)
Phase 5—Disposal
This phase may involve the disposition of information, hardware, and software.
Activities may include moving, archiving, discarding, or destroying information and
sanitizing the hardware and software
• Risk management activities are performed for system components that will be
disposed of or replaced to ensure that the hardware and software are properly
disposed of, that residual data is appropriately handled, and that system migration is
conducted in a secure and systematic manner
45
Amity Business School
46
Amity Business School