Cyber Sec 1

Amity Business School
CYBER SECURITY
OBJECTIVE OF THE SESSION
• TO UNDRSTAND INFORMATION AND ITS

CHARACTERSTICS
• CONCEPT OF SECURE INFORMATION

SYSTEMS
• SECURITY REQUIREMENTS FOR

INFROMATION SYSTEM
2
INFORMATION AND ITS CHARACTERSTICS
3
INFORMATION
INFORMATION REFERS TO THE COLLECTION

OF FACTS AND FIGURES THAT HAS MEANING
ATTATCHED TO IT AND PLAYS A CRUCIAL ROLE
IN TAKING DECISIONS
4
VARIOUS CHARACTERSTICS OF INFROMATION ARE:
RELEVENT TRANSPARENT
NON REDUNDANT ACCURATE
COMPLETE COST EFFECTIVE

SECURE
TIMELY CONSISTENT
SECURE
5
INFORMATION SYSTEMS
H
SOFTWARE A
R
D
W
A
R
E
TECHNOLOGY
PEOPLE
PROCESS
6
AT
TH
G E N
N E I S
L E C I
A L FA LD
H S O R TY
C ON W RI
IN T I L CU
M A A I A
E I S I G S E
N
TH GA ’S D ION
OR DAY MAT
TO FOR
IN 7
SECURITY Amity Business School
SAFEGUARDING
AGAINST ANY
ADVERSARIES
WHICH CAN BE
MAN MADE OR
NATURAL
8
L E S
A RI
U R A
T R S
A
N V E
A D
9
MAN MADE ADVERSARIES
10
SECURITY MEANS PRIVACY:

PRIVACY : Controlled Disclosure
Privacy is considered to be the right to

have power on who can learn about user,
communications conducted by user and
activities performed by user.
11
Information privacy has 3 aspects.
1. Sensitive data
2. Affected parties
3. Controlled access
12
SENSITIVE DATA :
Data people may consider private:
• Identity
• Finance matters
• Details of bank account
• Legal matters
• Medical reports
• Voting, opinions
13
• Performance in school reflected in

record books
• Ratings based on performance at work
place by employer
• Activities – reading habits
• Air travel data
• Communications • History
• Illegal activities, criminal records
14
INFORMATION SECURITY DEPEND ON THREE CONCEPTS
CONFIDENTIALITY
SECURITY GOALS
15
CONFIDENTIALITY Amity Business School
PERSONAL DATA & INFORMATION
• CREIT CARD PASSWORD
• BANK ACCOUNT NO
• SSN
 INTELLECTUAL PROPERTY:
 PATENTS, COPYRIGHT, SOURCE

CODE, CUSTOMER DATA
16
AND
NCY
SI STE
N
S CO
EAN
M
RITY
EG CY
INT URA
C
AC
T ED
U P N
RR IO
C O AT
U N RM
O
I D, INF
AL E
V T
I N RA
NTA CU
A I AC
M D
AN
17
GOAL THREAT
DATA CONFIDENTIAITY EXPOSURE OF

DATA
DATA INTEGRITY TEMPERING WITH DATA
SYSTEMS AVAIIBILITY DENIAL OF SERVICE BY

MALICIOUS PEOPLE
AVAILIBILITY Amity Business School
AVALIBILITY REFERS TO MEASUREMET OF TIME APPLIED TO HOW AND

WHETHER SYSTEMS, APPLICATIONS AND DATA CAN BE USED.
 AVAILABILITY MEASUREMENT INCLUDES:
 UPTIME
 DOWN TIME
 AVALIBILITY
 MEAN TIME TO FAILURE (MTTF)
 MEAN TIME TO REPAIR (MTTR)
 RECOVERY TIME OBJECTIVE(RTO)
19
COMPUTER RELATED
PRIVACY PROBLEMS
20
Information Information
Collection Usage
Informat
ion
Retenti
on
Policy
change Informat
ion
Disclos
ure
Monitori Informat
Access
ng ion
control
security
21
ess
ren
wa
of a
k
Lac
22
ss
ce
t ac
ne
r
te
in
n
pe
eo
id
W
23
ffic
tra
ork
tw
Ne
24
ts
orp
en
Op
orts
p
p en
O
25
ds
or
w
ss
pa
sy
Ea
26
Threats in Network What makes aAmity Business School
Network Vulnerable?
sharing
Many
points
of
Unknow attack
What
n path
makes
network
vunrable
anonimity
Unknow
n Comple
permim xity of
eter system
27
There are two categories of attacks:

(i) Active v/s passive attack
(ii) Insider v/s outsider attack Who attacks

Networks?
The attacker attacks for different reasons.
1. Challenge Fame Money and

2. Espionage
3. Organized crime
4. Ideology
28
Hactivism and cyberterrorism:
Hactivism involves all kinds of activities with hacking

techniques applied to a target’s network.
These activities just disrupt routine operations, do not

cause serious damage.
Cyberterrorism involves all kind of activities (politically

motivated) with hacking operations that cause harm
including loss of life or economic brekdown.
29
How attackers gather information?
Port scan
Pinging
Port Scan can reveal three facts.
1. Which standard ports are up and services are running and answering on the
target system.
2. Which operating system is installed on target machine?
3. What applications and their versions are installed?
30
Pinging: Ping is used to check whether host is

alive. Ping, sends ICMP echo request, causing
the target to respond with an ICMP reply packet
Port scanning : For rendering services, TCP/IP

protocol suit uses 2 primary protocols
1) TCP
2) UDP
31
Every TCP and UDP packet contains

information about source port and
destination port. Port numbers are given
numbers ranging from 0-65535 which
requires 16 bits.
32
Port scanning methods –
1. TCP Connect(Not stealth-not secret)
• Uses open system call provided by kernel to connect to

specified ports on the target host.
• Opens TCP connection via TCP 3 way handshake
33
Threats in Transit:
• EAVESDROPPING
• WIRETAPPING
34
Risk Management Guide for

Information Technology
Systems
35
Risk management encompasses three

processes:
1. Risk assessment,
2. Risk mitigation, and
3.Evaluation and assessment.
36
RISK ASSESSMENT
Risk assessment is the first process in the risk

management methodology.
Organizations use risk assessment to determine the

extent of the potential threat and the risk
associated with an IT system throughout its
SDLC.
The output of this process helps to identify

appropriate controls for reducing or eliminating
37
risk during the risk mitigation process
• Risk is a function of the likelihood of a given threat-source’s exercising a

particular potential vulnerability, and the resulting impact of that adverse
event on the organization.
• To determine the likelihood of a future adverse event, threats to an IT

system must be analyzed in conjunction with the potential vulnerabilities
and the controls in place for the IT system.
• Impact refers to the magnitude of harm that could be caused by a threat’s

exercise of a vulnerability.
• The level of impact is governed by the potential mission impacts and in

turn produces a relative value for the IT assets and resources affected
(e.g., the criticality and sensitivity of the IT system components and data
38
The risk assessment methodology encompasses nine primary steps,
which are described as under:
• System Characterization
• Threat Identification
• Vulnerability Identification
• Control Analysis
• Likelihood Determination
• Impact Analysis
• Risk Determination
• Control Recommendations 39
40
41
42
Integration of Risk Management into the SDLC

SDLC Phases Phase Characteristics Support from Risk Management
Activities
Phase 1—Initiation
The need for an IT system is expressed and the purpose and scope of the IT
system is documented
• Identified risks are used to support the development of the system requirements,
including security requirements, and a security concept of operations (strategy)
Phase 2—Development or Acquisition
The IT system is designed, purchased, programmed, developed, or otherwise

constructed
• The risks identified during this phase can be used to support the security
analyses of the IT system that may lead to architecture and design tradeoffs
during system development
43
Phase 3—Implementation
The system security features should be configured, enabled, tested, and

verified
• The risk management process supports the assessment of the system

implementation against its requirements and within its modeled
operational environment. Decisions regarding risks identified must be
made prior to system operation
44
Phase 4—Operation or Maintenance
The system performs its functions. Typically the system is being modified on an
ongoing basis through the addition of hardware and software and by changes to
organizational processes, policies, and procedures
• Risk management activities are performed for periodic system reauthorization (or
reaccreditation) or whenever major changes are made to an IT system in its
operational, production environment (e.g., new system interfaces)
Phase 5—Disposal
This phase may involve the disposition of information, hardware, and software.
Activities may include moving, archiving, discarding, or destroying information and
sanitizing the hardware and software
• Risk management activities are performed for system components that will be
disposed of or replaced to ensure that the hardware and software are properly
disposed of, that residual data is appropriately handled, and that system migration is
conducted in a secure and systematic manner
45
46
HOME ASSIGNMNET: DATE OF SUBMISSION

:WEDNESDAY 8SEP ,2021
1.DESIGN CIA TRIANGLE FOR ATM TRANSACTION USING AUTHENTICATION,
NON REPUDIATION, AUTHORIZATION, AUTHENTICITY TO VARIFY USERS
2. DIFFERENTIATE BETWEEN STEPS USED IN SDLC & SEC-SDLC TAKE ANY

FINANCIAL APPLICATION
3.WHAT ARE VARIOUS RISK ASSESMENT ACTIVITIES

DESIGN A FLOW CHART OF ALL STEPS INVOLVED USING RISK ASSESMENT
FLOW CHART
4.DESIGN A RISK MITIGATION ACTION FLOW CHART FOR A FINANCIAL

ORGANISATION 47

Cyber Sec 1

Uploaded by

Copyright:

Available Formats

You might also like

Cyber Sec 1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Sec 1

Uploaded by

Copyright:

Available Formats

Amity Business School

OBJECTIVE OF THE SESSION

• TO UNDRSTAND INFORMATION AND ITS

• CONCEPT OF SECURE INFORMATION

• SECURITY REQUIREMENTS FOR

INFORMATION AND ITS CHARACTERSTICS

INFORMATION REFERS TO THE COLLECTION

VARIOUS CHARACTERSTICS OF INFROMATION ARE:

NON REDUNDANT ACCURATE

COMPLETE COST EFFECTIVE

MAN MADE ADVERSARIES

SECURITY MEANS PRIVACY:

Privacy is considered to be the right to

Information privacy has 3 aspects.

Data people may consider private:

• Performance in school reflected in

INFORMATION SECURITY DEPEND ON THREE CONCEPTS

PERSONAL DATA & INFORMATION

• CREIT CARD PASSWORD

 PATENTS, COPYRIGHT, SOURCE

DATA CONFIDENTIAITY EXPOSURE OF

DATA INTEGRITY TEMPERING WITH DATA

SYSTEMS AVAIIBILITY DENIAL OF SERVICE BY

AVALIBILITY REFERS TO MEASUREMET OF TIME APPLIED TO HOW AND

 AVAILABILITY MEASUREMENT INCLUDES:

 MEAN TIME TO FAILURE (MTTF)

 MEAN TIME TO REPAIR (MTTR)

 RECOVERY TIME OBJECTIVE(RTO)

There are two categories of attacks:

(ii) Insider v/s outsider attack Who attacks

The attacker attacks for different reasons.

1. Challenge Fame Money and

Hactivism and cyberterrorism:

Hactivism involves all kinds of activities with hacking

These activities just disrupt routine operations, do not

Cyberterrorism involves all kind of activities (politically

How attackers gather information?

Port Scan can reveal three facts.

3. What applications and their versions are installed?

Pinging: Ping is used to check whether host is

Port scanning : For rendering services, TCP/IP

Every TCP and UDP packet contains

Port scanning methods –

1. TCP Connect(Not stealth-not secret)

• Uses open system call provided by kernel to connect to

• Opens TCP connection via TCP 3 way handshake

Risk Management Guide for

Risk management encompasses three

2. Risk mitigation, and

3.Evaluation and assessment.

Risk assessment is the first process in the risk

Organizations use risk assessment to determine the

The output of this process helps to identify

• Risk is a function of the likelihood of a given threat-source’s exercising a

• To determine the likelihood of a future adverse event, threats to an IT

• Impact refers to the magnitude of harm that could be caused by a threat’s

• The level of impact is governed by the potential mission impacts and in

Integration of Risk Management into the SDLC