Professional Documents
Culture Documents
Ict HDMC Consolidation HDMC 18
Ict HDMC Consolidation HDMC 18
Cyber Threats
ASSETS
CYBER
VULNERABILITY
THREAT
STRATEGIES
Vulnerability –
A weakness of an asset
that can be exploited by
one or more threats
0 Technological Implementation
- Comn Protocol Design - Misconfigured Devices
- Software loopholes - Use of Default Setting
- Poor Database Design - Access by Unauth Persons
Asset Vulnerabilities
Operational Management
- Lack of Monitoring - Lack of Security Policy
- Lack of Continuity of Staff - Improper Assessment of Risk
- Lack of Backup - Poor IT Planning & Training
Security
Strategies
Type Approaches
Network
Personal
Access
Security
Security
Computer Server
Security Security
Perimeter Defence
Limiting use of
removable media
Risk
Communication
Risk
Treatment
Risk
Risk Assessment
Identification
CONFIDENTIALITY
SECURED
LOW LOW
INTEGRITY MED
RELIABLE
MED
AVAILABILITY HIGH
ACCESS
HIGH
Asset Valuation-Confidentiality
Asset Value
Class Description
(Quantified)
Non sensitive info restricted to
UNCLASS 1
internal use only
VLI
(Very Low Integrity)
Negligible 1
LI
(Low Integrity)
Minor 2
MI Significant
(Medium Integrity) 3
HI Major
(High Integrity) 4
VHI Could lead to serious or total
(Very High Integrity) failure 5
VLA
At least 25% office hours
(Very Low Availability) 1
LA
At least 50% office hours 2
(Low Availability)
MA
100% office hours 3
(Medium Availability)
RISK RATING
RISK RATING
Vulnerability L M H L M H L M H
1 1 2 3 2 3 4 3 4 5
2 2 3 4 3 4 5 4 5 6
Asset Value
Rating 3 3 4 5 4 5 6 5 6 7
(C, I, A)
4 4 5 6 5 6 7 6 7 8
5 5 6 7 6 7 8 7 8 9
Asset Value 5 5 56 5 7 56 6 5 7 7 6 6 8 7 7 7 6 8 8 7 7 9 8 8 7 9 8 9
Confidentiality
Integrity
Availability - 3
Threat Value – H
RISK RISK RISK
Vulnerability – M RATING RATING RATING
6 7 6
College of Defence Faculty of Decision Sciences
Management –
Using Risk Assessment Matrix
• Risk Ratings of Assets
– Info Storage (6,7,6) = 6 x 7 x 6 = 252
– AWWA Cmptr (2,3,4) = 2 x 3 x 4 = 24
– Asset 3……..
• Higher the Risk Rating – Higher the Risk
• Prioritise Risks – Rank order them
• Divide Risk Ratings into
– High Risk
– Medium Risk Criticality, Priority
& Urgency of Action
– Low Risk
• High Risk
• Most critical.
• Addressed on a high priority basis
• Require immediate action
• Medium Risk
• Quick action before it become critical
• Controls implemented within specified time
• Low Risk
• Reasonable steps taken and develop risk
management strategies in time
• Such risks do not require extensive resources;
rather they can be handled with smart thinking
and logical planning
Risk
Avoidance
Risk
Acceptance
Transference
Tran
Mitigation
Remediation
2. Asset 2 3x 5 x 8 = 4 1. …
120 2. ….
Human Unawareness
Policy Inadequacies
Poor Assumptions
Ignorance
Vulnerability Assessment VA
Penetration Testing PT
IT Security Audit SA
• Size
• Searchability
• Ease of Updating
• Security
• Redundancy
– Same data in No of files
• Importance
LIST OF OFFRS
Columns/Attributes or Fields
CREATE
RETRIEVE
UPDATE DATA
DELETE
• Organises data to allow better control
• Maintain
– Concurrency of Data
– Consistency of Data
– Data Integrity
– Security
– Backup & Recovery
ct
Sele
Action
https://www.includehelp.com/dbms/types-of-database-management-system.aspx
• A relational database is a
collective set of multiple data
sets organized by tables,
records and columns.
– data retrieval
– organization
– reporting
• Primary Key. A column (Field) with unique values to identify each row
in a table. One Primary Key per table.
• Foreign Key. Also called a referencing key - used to link two tables
together. We can have more than one foreign key per table.
• Foreign key is a field in one table that uniquely identifies a row of another
table.
• Foreign key is defined in a second table, but it refers to the primary key or a
unique key in the first table.
• Relationship is association linking Primary key of a table with a field of another
table called as Foreign key.
• Types of Relations.
♯ One to One. Service Number of an Offr
Transform Support
Store &
into Decision
Org Data
Information Making
BIG DATA
Large & Complex
Difficult to process
Stored in Distributed storage on cloud
Size: TBs, PBs, EBs…
• THIS IS INFORMATION
TRANSACTIONS
INTERACTIONS
OBSERVATIONS
• HIGHLY STRUCTURED • HOW PEOPLE INTERACT GATHERED FROM THE IoT
DATA WITH ONE ANOTHER, OR •
• GPS COORDINATES
• RELATED TO EVENTS WITH YOUR BUSINESS
• IT ALWAYS INCLUDES • RFID CHIPS IN ATM
CARDS
TIME • FACEBOOK POSTS AND
• INVOICES, TRAVEL LIKES, SOCIAL FEEDS,
PLANS, ACTIVITY GENERATED CONTENT
RECORDS, PAYMENTS AND EVEN BLOGS
A = APPLY ANALYTICS
College of Defence Faculty of Decision Sciences
Management R = REPORT RESULTS –
Process
01 02 03
INTEGRATE MANAGE ANALYSE
• Disparate sources and • Big data requires storage. • Visual analysis of your
applications varied data sets
• Storage solution can be in
• ETL tools not sufficient the cloud, on premises, or • Build data models with
both machine learning and
• New strategies and artificial intelligence
technologies to analyze big • Cloud is gradually gaining
data sets at terabyte, or even popularity because it
petabyte supports compute
requirements and enables
• Formatted and available in a you to spin up resources as
form that your business needed
analysts can get started with
Map Reduce
Task B Task D
Task C
Business Intelligence
Unfathomable volumes of data that come into Multiple tasks on the incoming
the system at high velocities and wide varieties series of data (the “data
stream”)
HR management
Medical mapping
Situational awareness
Lgs & Med (fuel & amn sup, monitoring vital statistics of tps in terms of heart-rate, oxygen saturation,
etc)
Creating a C4ISR system
Goals of AI.
• To Create Expert Systems − The systems which exhibit intelligent
behavior, learn, demonstrate, explain, and advise its users
• To Implement Human Intelligence in Machines − Creating
systems that understand, think, learn, and behave like humans
DEFINITIONS
OF
ARTIFICIAL
INTELLIGENCE
• Acting humanly –
Turing Test
TO AI Rational Agent
Behaving Have more attributes than just
rightly and a pgme (Perceiving envt/
• Acting humanly –
capb of Adapting to change/Reach
Turing Test reasoning the Goal)
• Thinking humanly
• Thinking rationally
• Acting rationally • Act to achieve goals, given a set of belief
• Rational behavior is doing the “right thing”
• Thing which expects to maximise goal
achievement
AN AI SYSTEM :
AGENTS &
ENVIRON-MENTS
• Deals with interaction between computers & humans using natural language.
• Ultimate objective of NLP - to read, decipher, understand, and make sense of
human languages in a manner that is valuable.
• Most NLP techniques rely on ML to derive meaning from human languages.
• Reactive Machines
–One of the basic forms of AI
–They don’t have past memory or historic data to use & to
make current decisions
–Such machines work on present, to perform task that is
right in front of them
–Example: IBM chess programme that beat Garry
Kasparov
• Limited Memory
–These AI systems can use past experiences to take
future decisions
–They have limited memory or short-lived memory
–Example: self-driving cars
• Theory of Mind AI
– Simply thinking like a human
– Understands human emotions,
thoughts and can interact socially
• Self-Aware AI
– Machines are self-conscious, and
self-aware like humans
– Can be future of robots
• Unlabeled data used to train algorithm (data that has no historical labels)
• Clustering
• Deals with finding a structure or pattern
in a collection of uncategorised data
• Clustering algorithms will process your
data and find natural clusters(groups) if
they exist in the data
• Association
• Allows establishment of associations amongst data objects inside
large databases
• Interesting relationships can be discovered between variables in
large databases
• Frequently appeared patterns over large transactional databases
• Examples
• People who buy a new home are most likely to buy new
furniture
• Groups of shoppers based on their browsing and purchasing
histories
WORKBOOK
POSTER
PAGE
RIBBON
VIEWS
VISUALIZATIONS FIELDS
PANEL PANEL
PAGES TAB
REPORT VIEW
DATA VIEW
RELATIONSHIPS VIEW
• Filters
– Implement Visual, Page & Report/All Page Level filters
Highlig
Filter None
ht
• Slicers
– Remember Pivot Tables ?
– Implement Slicers to limit data to display
– Across Individual Pages
Merge
https://radacad.com/append-vs-merge-in-power-bi-and-power-query
Type of Visuals
• Single Value
• Textual
• Visual FILLED
MAP
• Multiple Values
BING MAP
AZURE
MAP
• Tabular SHAPE
MAP
• Visual
• Geo-Visual Arc GIS
MAP
• Slicers
College of Defence Faculty of Decision Sciences
Management –
ADV EXCEL
Conditional Formatting
=LOWER( A1)
Removing Duplicates
=UPPER(A1)
Multiple Blanks
=PROPER(A1) Text to Coln
=MID/LEFT/RIGHT Data Validation
Macros
=TRIM(TEXT)
=CONCATENATE
PIVOT TABLE
=VLOOKUP
=HLOOKUP
TWO DATASETS
=COUNTIF/IFS
=SUMIF/IFS
=INDEX(MATCH)