Please enable JavaScript.
Coggle requires JavaScript to display documents.
Section 2 Cyber security concepts (Control (access lists, access control…
Section 2 Cyber security concepts
Risk
Key concept
asset
threat event
threat source
vulneralbility
inherent risk
residual list
Third party risk
different entities have different security cultures and risk tolerances
Likelihood
measure of frequency of an event occurrence
Approaches to cybersecurity risk
ad hoc (no standard)
risk based
compliance-based
Policy
Compliance document types
standard
procedure
policy
guideline
Life cycle
Type of security policy
personnel information security policy
security incident respond policy
access control policy
Attack
Malware
software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
Vector
ingress: hack into system
egress: remove data from system
attack vector --> payload --> exploit --> vulnerability ---> target (asset)
Control
access lists
access control lists
change management
privileged user management
authorization and access restrictions
configuration management
provisioning and deprovisioning
patch management
identity management
