Please enable JavaScript.
Coggle requires JavaScript to display documents.
Cybersecurity Introduction and Overview (Introduction, Definition (Tech…
Cybersecurity Introduction and Overview
CS vs IS
Comparison
Information Security
Focus : protect
information
Examples
Paper document
Digital, Intellectual property
Verbal/visual communication
CyberSecurity
Focus : protect
digital assets
Examples
Network hardware
Software
Information processed and stored in isolated/networked system
NIST Framework
Protect
Design safeguard to limit impact
Detect
Implement activities to identify occurrence of CS event
Respond
Take appropriate action after learning of security event
Recover
Plan for resilience and timely repair of compromised capabilities and services
Identify
Use of organizational understanding to minimise risk
Introduction, Definition
Wut?
Protection
of information assets by
addressing threats
to
information processed (
DATA IN USE
),
stored (
DATA AT REST
) and
transported (
DATA IN TRANSIT
) by internetworked information systems
:silhouette:
Human
:construction:
Process
,
:desktop_computer:
Technology
to protect common ground
Situational Awareness
"It is said that if you know your enemies and know yourself, you will not be imperilled in a hundred battles"
- Sun Tzu-
Understanding of
organizational environment
Knowledge of
information threats
CS and Other Security Domains
Tech Factors
Level of IT
complexity
(
less
complex is better)
Network
Connectivity
Internal
3rd Party
Public
Specialist
industry
devices/instrumentation e.g. medical-related machine
Platforms
i.e. OS,
applications
,
tools
i.e. IPS used
Operational
support
for security (people + skill)
User
community and capabilities i.e. skills of user;difference between IT company and banking company
New/emerging security
tools
i.e. Port Scanning, used to be hackers' tool
On-premise, cloud or hybrid system
Business Factors
Nature
of business i.e. retail vs online
Risk tolerance
and appetite
Security
mission, vision and strategy
to set direction
Industry
alignment
and security
trends
Compliance
requirement and regulation
Mergers
, acquisition, partnership :handshake:
Outsourcing
of services/providers - make sure they're competent, not blindly bought
CS Roles
Board of Directors
Identify assets, Verify appropriate priorities
Executive Committee
Sets tone for CS management
Security Management
Develops security and risk mitigation, Implement programs
Cybersecurity Practitioners
Design, Implement and Manage CS process
CS Objectives
CS Triad
Confidentiality
- protection of information from
unauthorised disclosure
Loss consequences
Disclose info protected by privacy law
Loss of public confidence
Loss of competitive enterprise
Legal action against enterprise
interference with national security
Loss of compliance
Preservation methods
Access Control (AC)
File Permission
Encryption
Integrity
-
Accuracy and completeness
of information in accordance with business values and expectations
Loss consequences
Inaccuracy
Erroneous decisions
Fraud
Failure of hardware
Loss of compliance
Presevation method
AC
Logging
Digital Signature
Hashes
Backups
Encryption
Availability
-
ability to access information
and resources required by the business process
Loss Consequences
Loss of functionality and operational effectiveness
Loss of productive time
Fines from regulators or law suit
Interference with the enterprise's objectives
Loss of compliance
Preservation Methods
AC
File Permission
Encryption
Non-repudiation
- concept of
ensuring
message/info is
genuine
Loss consequences
Sender/Receiver denies submission/receive of information
Preservation method
Digital signature
Transaction logs
CS Domains
CS Concepts
CS Architecture Principles
CS of Networks, Systems, Applications and Data
Incident Response
Security Implications, Adoption of Evolving Technology
