Professional Documents
Culture Documents
Introduction and Basic Knowledge PDF
Introduction and Basic Knowledge PDF
basic knowledge
of information
security
CS.521 INFORMATION AND NETWORK SECURITY
What is the purpose of security
Confidential
Integrity
Availability
Accountability (Non-Repudiation)
Goal of Security
Prevention
Response
Goal of Attacking
Access Attack
Gray Hat
Phase of Penetration Testing
Pre-engagement Interactions
Scope , Testing window, Contact information, “Get
out of jail free” card , Payment Terms
Intelligence Gathering
Information gathering phase
Threat Modeling
Plan to attack
Phase of Penetration Testing
Vulnerability Analysis
Exploitation
Post Exploitation
Reporting
Vulnerability
Threat
Asset
Hardware
Software
Information
People
Category Groups Examples
Asset Computer Hardware Servers, Desktop, Laptops, Storage the end of
that period.
Computer Peripheral Printers, Scanner, Shredders
Hardware Computer protection equipment (Theft
Electronics Devices protection equipment etc.) Telecom devices
(Phones, faxes, Smart Phones)
Networking Devices Routers, Hubs, Switches
Core processing applications, Desktop and
workstation office productivity software,
Operating system, network Devices OSI, Back
Commercialized Software
office and environment software (database
Software engines, back-up and storage management
software)
Internally Developed Financial Application, Personnel Application
Software
Documents Hard Copies (Policies, Procedures),
Physical Information Asset
DVDs, CDs, Backup Tape
Information Electronics Information Asset Documents Soft Copies (Policies, Procedures),
Database, Configuration files, Passwords file,
Audit logs
Asset
Category Groups Examples
Security Admin, Network Admin, System
Internal Resources
People Admin, Operator
External Resources Third Party, Vendors Engineers, Consultants.
Asset Valuation
Confidentiality
Integrity
Availability
Confidentiality
Integrity
Availability
Asset Value
Asset Value
Threats Level
Vulnerability Level
Risk Management
Mapping to Risk Level (MoR)
The Risk level Scale will be from 1 to 125
Mapping to Risk Level (MoR)
The Risk level Scale will be from 1 to 125
Homework
Watch the Hack Movies.
2001 2006 2007