Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 2 - Coggle Diagram
Chapter 2
mitigation techniques
intrusion detection system
incident response
patch management
continuous monitoring
version control
technical controls
configuration management
physical controls
separation of duties
training
documentation
policies and procedures
managing risk
principle of least privilege
principle of need to know
using access controls
using automation
principle of proportionality
including input validation
purchasing insurance
providing training
creating a security policy
using antivirus software
protecting the boundary
attackers
disgruntled employees
activists
saboteurs
other nations
advanced persistent treats (APTs)vandals
hackers
criminals
threats
can't be eliminated
always present
can persist
unintentional threats do not have a perpetrator
human
accidents
environmental
failures
intentional threats are acts that are hostile to an organization
anger
desire to damage
greed
managing exploits
performing risk assessments
performing vulnerability assessments
using configuration management
hardening servers
using security information and event management (SIEM) tools
assets
anything of value that needs to be protected
exploits
taking advantage of a vulnerability
risk = threat x vulnerability x asset