Please enable JavaScript.
Coggle requires JavaScript to display documents.
Information Security (Security Incidents (2011: Stuxnet Iran (Employed…
Information Security
Security Incidents
-
-
-
-
2011: Stuxnet Iran
-
-
Infected over 45,000 networks
-
-
-
-
-
-
Risk
Information Risk: Storage, Transmission "MIM", Access "Auth"
Application Risk: NW Virus, OS, Email, Web, FTP, DNS, Business App
System Risk: DB, Running Services
Management Risk:
30% only of Risk can be mitigated by Technology
70% can be mitigated by Management
70% of Risk coming from negligence and internal users
Management Risk Aspects:
National Policy: Effective National Info Sec, Agency to manage
Enterprise System: Sec Rules, Equipment Room Management
Management System: Security Policies, Supervision and inspection System, high Quality Security personnel
Network Risk: VLANs, Zones
-
Physical Risk: Theft, Damage, Failure, IT Facilities
Info Sec Dev
-
-
-
Examples
2017: WannaCry - Over 100,000 PCs - 8$ Billion losses
Ransomware Cryptoworm using Port 445
2012: Oceanlotus Group - Attack on China important Sectors
Spear Phishing wit email containing Trojan Horse
Watering Hole by exploiting Vulnerability for Regularly visited website
-
-
Info Sec Threats
Application Threats
Types
OS Vulnerability (Injection, XSS, Malware, Data Breach)
- Virus
- Trojan Horse
- Worm
- Backdoor
- Spyware
-
-
Defense
-
Protection through Professional Equipment:
FW, WAF, Antivirus
-
Network Threats
- DDoS Attacks
- NW Intrusion
-
Data Transmission and Device Security Threats
- Traffic Hijacking: Gues the Sequence and Sequence Increment Value
- MiTM
- Unauthorized access
- Weak Security Protection for WLAN
Defense:
Encrypt Data before Storage
Encrypt Data Before Transmission
Use Strong encryption Algorithm
-