Welcome to Scribd!

Risk-Based Cybersecurity Concepts

Uploaded by

0% found this document useful (0 votes)

72 views2 pages

This document discusses cybersecurity concepts including risk-based approaches, key terms, and common attack types and vectors. A risk-based approach allows for informed decision making and better protection using budgets and resources. Key terms are defined such as asset, threat event, vulnerability, inherent risk, and residual risk. Common attack vectors include ingress focusing on intrusion and egress designed to remove data. Policies and procedures are important to specify requirements, define roles, and outline guidelines. The policy lifecycle includes creating, approving, reviewing, and updating policies.

Original Description:

kokokokokok

Original Title

CSXF

Copyright

Available Formats

TXT, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as TXT, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

72 views2 pages

Risk-Based Cybersecurity Concepts

Uploaded by

fadhil

Copyright:

Available Formats

Download as TXT, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 2

Search inside document

Section 2 Cybersecurity Concept

Topic 1 Risk
Why a risk oriented approach?
Using risk based approach to cybersecurity allows informed decision -making, better
protection, and effective application of bdgets and resources.

Approaches To Cybersecurity Risk

-Ad hoc : this approach simply implements security with no particular
-Compliance Based : relies on regulations or standards to determine security
implementations.
-RIsk Based

Key Terms and Definition

-Asset
-Treat Event
-Threat Event
-Vulnerability
-Inherent risk
-Residual Risk

Understanding likelihood
-Measures of frequency of event occurrence

Framing Risk Management (PPT)

Risk Scenario (PPT)
- Description of a possible event whose occurrence will have an uncertain impact on
the achievement of the enterprise objectives, which may be positive or negative

Influencing Risk Factors (PPT)

Third Party Risk
-Dapat memunculkan risiko juga, because have different security cultures and risk
tolerances
-Outsourcing and mergers and acquisitions can introduce securiy challenges
-These arrangements can present risk that may be difficult to quantify pottentially
difficult to mitigate
-Security strategy should consider all third party arrangmenets with care to ensure
alignment with internal cybersecurity standards

Topic 2 Common Attack Types & Vectors

-Common Threat Agents (PPT)
-Attack Attributes : Activity by a threat agent (pr adversary) against an asset.
-Attack vector -> Payload -> Exploit -> Vulnerability -> Target (Asset)
-Attack vectors ada dua
-ingress : focus on intrusion or hacking into systems
-egress : designed to remove data from systems and network

-Threat process (PPT)

-Adversial Attack : result of adversial activity
-NonAdversial Threat Event : not result of adversial activity (Natural hazard,
mishandling,disk errors)

Topic 3
Poicies and procedures
-Specify requirements
-Define the rolse and responsibilities within the organization
-Outline

Policy lifecycle
Create
Approved
Review
Update

Compliace document
-Policies : Communicate required and prohibted acitvities and behaviors
-Standards : Interpret policies in specific situatuins
-Procedures : Provide details on how to comply with policies and standards
-Guidelines : Proovide general guidance on issues such as "what to do in particular
circumstances" There are not requierements to be met, but are strongly recomended.

Cobit 5 information security policy set (PPT)

Type of security poliiy
-Access control policy : provides proper access to internal and external
stakeholders to accomplish business goals.
-Pesonnel information security policy
-Security incident response policy

CISSP Study Guide
Document73 pages
CISSP Study Guide
Steve Norfolk
91% (11)
INFO 333 - Introduction To Information Security: Week 1
Document5 pages
INFO 333 - Introduction To Information Security: Week 1
Marty Sharkington
No ratings yet
IT Security Risk Assessment Guide
Document34 pages
IT Security Risk Assessment Guide
Firas Zawaideh
No ratings yet
Comptia Security+ Notes: 1. Risk Management
Document4 pages
Comptia Security+ Notes: 1. Risk Management
Cameron
No ratings yet
Introduction to Cybersecurity Fundamentals
Document23 pages
Introduction to Cybersecurity Fundamentals
fadhil
No ratings yet
Concise Guide to CompTIA Security +
From Everand
Concise Guide to CompTIA Security +
alasdair gilchrist
Rating: 3 out of 5 stars
3/5 (2)
CSS 8
Document14 pages
CSS 8
Imran K Dhanji
No ratings yet
ISO17799 InfoSec Management Guide
Document44 pages
ISO17799 InfoSec Management Guide
deltafx1
No ratings yet
Reviewer Daw
Document13 pages
Reviewer Daw
Mark G
No ratings yet
Untitled
Document8 pages
Untitled
LEE PEI YI YUKI
No ratings yet
Ccna Security Ch2 Understanding Security Policies Lifecycle Approach
Document7 pages
Ccna Security Ch2 Understanding Security Policies Lifecycle Approach
florinn81
No ratings yet
Preparation Guide CISSP
Document104 pages
Preparation Guide CISSP
Muthiani Muoka
100% (1)
Information Security Week 03
Document18 pages
Information Security Week 03
Danish Khan
No ratings yet
Quiz2
Document4 pages
Quiz2
miry.baba
No ratings yet
Risk Analysis and Minimizing Network Threats
Document41 pages
Risk Analysis and Minimizing Network Threats
Juan
No ratings yet
CIA Security Model Explained
Document26 pages
CIA Security Model Explained
Wajiha Rehman
100% (1)
Computer Security Q - A
Document5 pages
Computer Security Q - A
danmuteti57
No ratings yet
Information Security Risk Management Standard
Document5 pages
Information Security Risk Management Standard
Nahom Dejene
No ratings yet
Fundamental Common Technologies MIBA University
Document12 pages
Fundamental Common Technologies MIBA University
Barty Waine
No ratings yet
CISSP Notes Prep Guide
Document96 pages
CISSP Notes Prep Guide
Usman Sarwar
50% (2)
Cyber Security1
Document6 pages
Cyber Security1
Mr. RAVI KUMAR I
No ratings yet
Comparison Between ISO 27005
Document6 pages
Comparison Between ISO 27005
Indrian Wahyudi
No ratings yet
Chapter Objectives: Ethical Hacking and Intrusion Detection/ Forensics
Document34 pages
Chapter Objectives: Ethical Hacking and Intrusion Detection/ Forensics
juhil
No ratings yet
Computer Security Ad
Document7 pages
Computer Security Ad
Mikiyas Getasew
No ratings yet
Information Assurace and Security 1
Document23 pages
Information Assurace and Security 1
TE O LO
No ratings yet
Understanding Cybersecurity Risk Assessment
Document15 pages
Understanding Cybersecurity Risk Assessment
him2000him
No ratings yet
What Is A Security Audit?
Document5 pages
What Is A Security Audit?
Joe Lagarteja
No ratings yet
Ias101 Sbit3l W8sum Vida, John Paul S.
Document3 pages
Ias101 Sbit3l W8sum Vida, John Paul S.
Vida, John Paul
No ratings yet
Introduction to Information Security
Document47 pages
Introduction to Information Security
thalz142
No ratings yet
MSIS 4253 Exam 1-Chapters 1-5 Lecture Notes
Document19 pages
MSIS 4253 Exam 1-Chapters 1-5 Lecture Notes
nightmonkey215
No ratings yet
Cosf 322 - 1
Document37 pages
Cosf 322 - 1
ojangoh2
No ratings yet
8 Access Control - CISSP
Document86 pages
8 Access Control - CISSP
Christian Gcc
No ratings yet
Critical Characteristics of Information in Information Security
Document49 pages
Critical Characteristics of Information in Information Security
Eswin Angel
50% (6)
NS - 12 Incident Response
Document24 pages
NS - 12 Incident Response
YogaRizwan
No ratings yet
ICT502_S1_2023_Master_Plan_SecSol
Document25 pages
ICT502_S1_2023_Master_Plan_SecSol
sangaykhengs
No ratings yet
Enhancing Information System Security - Strategies For Compliance and Proactive Defence
Document10 pages
Enhancing Information System Security - Strategies For Compliance and Proactive Defence
Amit kapooria
No ratings yet
Assignment #2 IS
Document3 pages
Assignment #2 IS
Narender Singh Chauhan
No ratings yet
A Security Requirement
Document7 pages
A Security Requirement
wejdan alharbi
No ratings yet
Lec2risk AssessmentA
Document21 pages
Lec2risk AssessmentA
Affan Khawaja
No ratings yet
Security Specs
Document8 pages
Security Specs
Tee Bee
No ratings yet
ADA Security Policy Summary
Document30 pages
ADA Security Policy Summary
Inbox
No ratings yet
Information Security
Document12 pages
Information Security
Iqra Razaq
No ratings yet
Program:B.Tech (BA+BD) Course Code:CSBD4070 Course Name:Big Data Security
Document23 pages
Program:B.Tech (BA+BD) Course Code:CSBD4070 Course Name:Big Data Security
Vairavel Chenniyappan
No ratings yet
Cyber Law and Security: UNIT-2
Document48 pages
Cyber Law and Security: UNIT-2
Vishal Gupta
No ratings yet
Certified in Cybersecurity - Chapter 1 Terms & Definitions
Document4 pages
Certified in Cybersecurity - Chapter 1 Terms & Definitions
Profgooner
No ratings yet
Computer Security Notes
Document28 pages
Computer Security Notes
Dr. Sandeep Saxena
No ratings yet
Chap 8
Document22 pages
Chap 8
nikhil
No ratings yet
Cyber Law and Security: UNIT-3
Document48 pages
Cyber Law and Security: UNIT-3
Vishal Gupta
No ratings yet
Information Security Governance and Risk Management
Document6 pages
Information Security Governance and Risk Management
jbrackett239
No ratings yet
CSSLP 2016 Notes
Document26 pages
CSSLP 2016 Notes
parul154
No ratings yet
Lesson 2 Security Concepts
Document77 pages
Lesson 2 Security Concepts
pofwahcantt
No ratings yet
Lab4-Le Quang Vu-SE160967-IA1702
Document8 pages
Lab4-Le Quang Vu-SE160967-IA1702
Le Quang Vu (K16HCM)
No ratings yet
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
Document4 pages
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
360 BSI
No ratings yet
Sri Manakula Vinayagar Engineering College Information Security Risk Management
Document39 pages
Sri Manakula Vinayagar Engineering College Information Security Risk Management
KalpanaMohan
No ratings yet
Categorization: Categorize The Information System
Document22 pages
Categorization: Categorize The Information System
TK
No ratings yet
Section 2 Security-Policy
Document18 pages
Section 2 Security-Policy
ahmadjoe04
No ratings yet
The 12 Elements of An Information Security Policy - Reader View
Document7 pages
The 12 Elements of An Information Security Policy - Reader View
Honey Dhaliwal
No ratings yet
Tata Kelola TI Risks Management
Document24 pages
Tata Kelola TI Risks Management
Mik Asa
No ratings yet
Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response
From Everand
Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response
Leighton Johnson
Rating: 3.5 out of 5 stars
3.5/5 (2)
The Certified Ethical Hacker Exam - version 8 (The concise study guide)
From Everand
The Certified Ethical Hacker Exam - version 8 (The concise study guide)
alasdair gilchrist
Rating: 3 out of 5 stars
3/5 (9)
Okapi Slide Deck by Slidesgo
Document52 pages
Okapi Slide Deck by Slidesgo
fadhil
No ratings yet
License
Document1 page
License
Rahmat Tri Saputra Sukri
No ratings yet
Inixindo Price List 2017 Courses
Document3 pages
Inixindo Price List 2017 Courses
fadhil
No ratings yet
README
Document19 pages
README
api-3778843
No ratings yet
SMSSQL PDF
Document1 page
SMSSQL PDF
Rakesh Kumar Behera
No ratings yet
CSX-Exam-Guide Bro Eng 1014
Document13 pages
CSX-Exam-Guide Bro Eng 1014
ellococareloco
No ratings yet
Section 5: Incident Response: 1. Topic 1 Event Vs Incident
Document7 pages
Section 5: Incident Response: 1. Topic 1 Event Vs Incident
fadhil
No ratings yet
Section 5 - Incident Response
Document2 pages
Section 5 - Incident Response
fadhil
No ratings yet
Section 3 - Security Architecture Principle
Document2 pages
Section 3 - Security Architecture Principle
fadhil
No ratings yet
Section 6 - Security Implications and Adoption Od Evolving Technology
Document2 pages
Section 6 - Security Implications and Adoption Od Evolving Technology
fadhil
No ratings yet
Section 4 - Security of Netwroks, Systems, Applications and Data
Document2 pages
Section 4 - Security of Netwroks, Systems, Applications and Data
fadhil
100% (1)
Section 2 - Cybersecurity Concepts
Document30 pages
Section 2 - Cybersecurity Concepts
fadhil
No ratings yet
Section 2 - Cybersecurity Concept
Document2 pages
Section 2 - Cybersecurity Concept
fadhil
No ratings yet
CSX Fundamentals Brochure With Pricing - Bro - Eng - 0816 PDF
Document2 pages
CSX Fundamentals Brochure With Pricing - Bro - Eng - 0816 PDF
fadhil
No ratings yet
Section 3 - Security Architecture Principle
Document2 pages
Section 3 - Security Architecture Principle
fadhil
No ratings yet
Section 1 - Cybersecurity Introduction and Overview
Document2 pages
Section 1 - Cybersecurity Introduction and Overview
fadhil
No ratings yet
ITSM Week0405 - Service Design v0.1
Document75 pages
ITSM Week0405 - Service Design v0.1
fadhil
No ratings yet
Differences
Document5 pages
Differences
Robert ouma
No ratings yet
ARTEP 19-667-30 MP Guard Company
Document174 pages
ARTEP 19-667-30 MP Guard Company
foxbat1988
No ratings yet
A Publication For Study Notes and Theory - A CISSP Study Guide
Document141 pages
A Publication For Study Notes and Theory - A CISSP Study Guide
Edward Holder
No ratings yet
London Diplomatic List - October 2019
Document146 pages
London Diplomatic List - October 2019
Zocha BaBa
No ratings yet
A Survey On Various Cyber Attacks and Their Classification
Document7 pages
A Survey On Various Cyber Attacks and Their Classification
rajvaibhav nimbalkar
No ratings yet
EY S Approach To Data Privacy and Information
Document8 pages
EY S Approach To Data Privacy and Information
Can dien tu Thai Binh Duong
No ratings yet
Notes On Industrial Security Management
Document23 pages
Notes On Industrial Security Management
criminologyalliance
100% (2)
INTERIOR GUARD DUTY Coorected
Document4 pages
INTERIOR GUARD DUTY Coorected
Ninia Crishelle A. Manzano
No ratings yet
Mass Surveillance Report
Document32 pages
Mass Surveillance Report
The Guardian
100% (5)
FM 34-60
Document241 pages
FM 34-60
Ethan Caduff
100% (2)
Ball-CyberDefenceWarfare-2013
Document9 pages
Ball-CyberDefenceWarfare-2013
s.ahmadshukri
No ratings yet
Nambia: Annual Human Rights Report: 2008
Document252 pages
Nambia: Annual Human Rights Report: 2008
André Le Roux
No ratings yet
Swat
Document67 pages
Swat
Wesley Von Kres
100% (5)
A. Registration of Firearms Card
Document2 pages
A. Registration of Firearms Card
Notebook
No ratings yet
JP 3-05.1 Joint Special Ops TF Ops
Document401 pages
JP 3-05.1 Joint Special Ops TF Ops
Anonymous 8j1Wsyn
No ratings yet
Cyber Crime &HACKING: "Is The Internet The New WILD WILD WEST?"
Document21 pages
Cyber Crime &HACKING: "Is The Internet The New WILD WILD WEST?"
Vikas Sharma
No ratings yet
Cyber Defense Magazine - February 2023 PDF
Document186 pages
Cyber Defense Magazine - February 2023 PDF
Paul Mitnick
No ratings yet
Security Proposal
Document17 pages
Security Proposal
Wealthy Briam
100% (2)
Cybersecurity Framework/Privacy Framework To NIST Special Publication 800-53, Revision 5 Mapping
Document31 pages
Cybersecurity Framework/Privacy Framework To NIST Special Publication 800-53, Revision 5 Mapping
jessy_patty
No ratings yet
3 Audit Scope
Document3 pages
3 Audit Scope
mhuzaifa
No ratings yet
Sec 3 NT Science Chap 1
Document5 pages
Sec 3 NT Science Chap 1
Hwee Hong Ang
No ratings yet
Pub 1087
Document525 pages
Pub 1087
vico_lev
No ratings yet
Review Questions Police Patrol With Communication
Document9 pages
Review Questions Police Patrol With Communication
Niño Kabiling
88% (8)
SIS Napredna Sigurnosna Analitika
Document51 pages
SIS Napredna Sigurnosna Analitika
Shporet
No ratings yet
Da Pam 600-3-31 Branch Code 31 Military Police
Document18 pages
Da Pam 600-3-31 Branch Code 31 Military Police
Mark Cheney
No ratings yet
PRE TEST - BIORISK MANAGEMENT - Online Biosafety Training - September 2023
Document1 page
PRE TEST - BIORISK MANAGEMENT - Online Biosafety Training - September 2023
Joy Dublas
No ratings yet
Unit 3 Nis 22620
Document6 pages
Unit 3 Nis 22620
Komal Jadhav
No ratings yet
CSC 466 Assignment 2
Document11 pages
CSC 466 Assignment 2
Mndzebele Siphelele
No ratings yet
Mem Tehnic Electrice
Document24 pages
Mem Tehnic Electrice
Sanda Neuman
No ratings yet
Discretionary Access Control (DAC) : What Is Authentication?
Document7 pages
Discretionary Access Control (DAC) : What Is Authentication?
Pabitra Roy
No ratings yet