Please enable JavaScript.
Coggle requires JavaScript to display documents.
SECTION 2 : CYBERSECURITY CONCEPTS (Risk (Third-party Risk (different…
SECTION 2 : CYBERSECURITY CONCEPTS
Risk
Why
Most critical functions
Allows informed decision-making, better protection and effective costs
Approaches to Risk
Ad Hoc
Implements security with no particular rationale
Maybe driven by vendor marketing
Insufficient subject matter expertise
Compliance based
Standards-based security
Relies on regulation
Leads to a checklist attitude
Understanding Likelihood
Measures of frequency of an event's occurrence
Calculations
whether there is potential threat and to which extent
any controls or countermeasures that org has put to reduce vulnerability
used to calculate the risk faces based on number of events that may occur
Framing Risk Management
Risk Scenario
description of possible event
Actor
Threat
Major
Asset/Resource
Time
Influencing Risk Factors
Third-party Risk
different entities have different security cultures and risk tolerance
can present risk that may be difficult to quantify
should consider all arrangement witch care to ensure alignment with standards.
Policies and Procedures
Information Security Policies
specify requirements
roles and responsibilities
expected behaviors
Policy Life Cycle
create > review > update > approve
Compliance Document Types
policies
communicate required and prohibited activities and behaviors
standards
Interpret policies in specific situations
procedures
Provide details on how to comply with policies and standards
guidelines
not requirements to be met, but are strongly recommended
COBIT 5 Information Security Policy Set
Types of Security Policies
Access Control Policy
Personnel Information Security Policy
Security Incident Response Policy
Cybersecurity Controls
Controls
Identity Management
Directory services
Authentication services
Authorization services
User-management capabilities
Provisioning and Deprovisioning
provisioning
when new user is created
deprovisioning
when user leaves organization
Authorization and Access Restrictions
identify and differentiate among users
levels
read, inquire/copy only
manipulate
execute/run
combination above
Access Control Lists
users
types of access
Access Lists
filter traffic at network interfaces
if no access lists, network devices pass all packets
passes only traffic permitted by rules
Change Management
Privileged User Management
background checks for elevated access
additional activity logging
stronger password
review of privileges
Configuration Management
focuses on maintaining the security
benefits
insights into investigation after breach
ability to inspect different lines of defense
Patch Management
once patched, should be tested
Common Attack Types and Vector
Common Threat Agents
Attack Attributes
Attack vector > Payload > Exploit > Vulnerability > Target (Asset)
Two attack vectors
Ingress focus on intrusion
egress designed to remove data from system
Threat Process
Reconnaissance
create attack tools
deliver malicious capabilities
exploit
attack
achieve results
maintain presence
campaign
Non-adversarial Threat Events
mishandling information
incorrect privilege settings
natural disaster
introduction of vulnerabilities into software
aging equipment
Malware and Attack Types