Scribd Logo
Upload

Welcome to Scribd!

  • Introduction and Basic Knowledge PDF

    Uploaded by

    Leng Hour leng
    26 views24 pages

    Original Title

    Introduction and basic knowledge.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    26 views24 pages

    Introduction and Basic Knowledge PDF

    Uploaded by

    Leng Hour leng

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 24

    Introduction and

    basic knowledge
    of information
    security
    CS.521 INFORMATION AND NETWORK SECURITY
    What is the purpose of security

     Security is one of the IT topic. IT is one of the method to drive


    business. That means security is the one of method to drive
    business
     Business > Security.
     CSO (Chief Security Officer) make decision what action should
    do? Decision Based on Risk.
     Risk = Vulnerability x Threat x Asset.
    Triage of Security

     Confidential

     Integrity

     Availability

     Accountability (Non-Repudiation)
    Goal of Security

    Prevention

    Detection – Indicator of Compromise

    Response
    Goal of Attacking

    Access Attack

    Modification and repudiation


    Denial of service (DOS) and
    Distributed denial of service (DDOS)
    Hacker?

    Black Hat (Cracker)


    White Hat

    Gray Hat
    Phase of Penetration Testing
     Pre-engagement Interactions
     Scope , Testing window, Contact information, “Get
    out of jail free” card , Payment Terms
     Intelligence Gathering
     Information gathering phase

     Threat Modeling
     Plan to attack
    Phase of Penetration Testing
     Vulnerability Analysis

     Vulnerability Scanning, Testing the surface

     Exploitation

     Post Exploitation
     Reporting

     Executive Report, Technical Report


    Risk Assessment
     Asset

     Vulnerability

     Threat
    Asset
     Hardware

     Software

     Information

     People
    Category Groups Examples
    Asset Computer Hardware Servers, Desktop, Laptops, Storage the end of
    that period.
    Computer Peripheral Printers, Scanner, Shredders
    Hardware Computer protection equipment (Theft
    Electronics Devices protection equipment etc.) Telecom devices
    (Phones, faxes, Smart Phones)
    Networking Devices Routers, Hubs, Switches
    Core processing applications, Desktop and
    workstation office productivity software,
    Operating system, network Devices OSI, Back
    Commercialized Software
    office and environment software (database
    Software engines, back-up and storage management
    software)
    Internally Developed Financial Application, Personnel Application
    Software
    Documents Hard Copies (Policies, Procedures),
    Physical Information Asset
    DVDs, CDs, Backup Tape
    Information Electronics Information Asset Documents Soft Copies (Policies, Procedures),
    Database, Configuration files, Passwords file,
    Audit logs
    Asset
    Category Groups Examples
    Security Admin, Network Admin, System
    Internal Resources
    People Admin, Operator
    External Resources Third Party, Vendors Engineers, Consultants.
    Asset Valuation
     Confidentiality

     Integrity

     Availability
    Confidentiality
    Integrity
    Availability
    Asset Value
    Asset Value
    Threats Level
    Vulnerability Level
    Risk Management
    Mapping to Risk Level (MoR)
     The Risk level Scale will be from 1 to 125
    Mapping to Risk Level (MoR)
     The Risk level Scale will be from 1 to 125
    Homework
    Watch the Hack Movies.
    2001 2006 2007

    You might also like