Professional Documents
Culture Documents
Fundamentals
Security+ اإلعداد لشهادة
Hemaya.org.sa
@HemayaGroup
Part 5 .
Risk Management
Hemaya.org.sa @HemayaGroup
2
Business Impact Analysis (BIA)
3
Recovery Time Objective (RTO)
4
Recovery Point Objective (RPO)
5
Maximum Tolerable Downtime (MTD)
6
RISK MANAGEMENT
The process of identifying and reducing risk to a
level that is acceptable and then implementing
controls to maintain that level
7
Threat Assessment
Analysis of the threats that confront an enterprise
• Generally you cannot change the threat, however,
you can change how it affects you.
Environmental threats
• Tornado, hurricane, earthquake, severe weather
Man-made threats
• Internal threats are from employees (delete files)
• External threats are from outside the
organizations (Attackers)
8
Quantitative risk assessment
Quantitative measures give the clearest measure of relative
risk and expected return on investment
• Quantitative (think quantity) is expressed numerically
(~money cost)
9
Risk Measurements & Assessment
Very High
High
LIKELIHOOD
Moderate
Low
IMPACT
10
Risk response techniques
Risk-avoidance
• Stop participating in high-risk activity
Transference
• Buy some insurance
Acceptance
• A business decision;
• we’ll take the risk!
Mitigation
• Reduce the risk level
• Invest in security systems
11
Incident Response Planning
The steps an organization performs in
response to any situation determined to be
abnormal in the operation of a computer
system.
12
Incident Response Process
The set of actions security personnel perform in
response to a wide range of triggering events.
Preparing
• Communication methods
• Incident handling hardware and software
• Incident analysis resources
• Documentation, network diagrams
• Critical file hash values
• Clean OS and application images
• Policies needed for incident handling
13
Identification and Analysis
In this process you need to work out whether you are
dealing with an event or an incident.
Containment
Working with the business to limit the damage caused
to systems and prevent any further damage from
occurring
Eradication
Ensuring you have a clean system ready to restore.
• Reimage of a system
• a restore from a known good backup
14
Recovery
Determine when to bring the system back in to
production and how long we monitor the system for any
signs of abnormal activity.
Lessons Learned
• Why did it happen? How can we prevent it.
• What did we do wrong?
• Was something missing?
• …
15
Part 6 .
Cryptography and PKI
Hemaya.org.sa @HemayaGroup
16
Cryptography
The process of converting readable data
(called plaintext) into unreadable text
Plaintext
• An unencrypted message (in the clear)
Ciphertext
• An encrypted message
Cipher
• The algorithm used to encrypt and/or
decrypt
Cryptanalysis
• The art of cracking encryptions
17
Symmetric encryption
Asymmetric encryption
• Private key (Keep this private)
• Public key (Anyone can see this key)
• Used mostly to share symmetric key
• Very slow compared to symmetric
18
Symmetric Algorithms
AES (Advanced Encryption Standards)
• 128-, 192-, and 256-bit keys
• Used in WPA2 & WPA3 and many places
Asymmetric Algorithms
• Diffie-Hellman key exchange
• RSA
• ElGamal
19
Stream ciphers
•
Block ciphers
• Used with Symmetric and Asymmetric
• Encrypt fixed-length groups
• Often 64-bit or 128-bit blocks
• Pad added to short blocks
20
Digital signatures
21
22
Data in-transit (In Motion)
• Data transmitted over the network
• Network-based protection - Firewall, IPS
• TLS (Transport Layer Security)
• IPsec (Internet Protocol Security)
Data at-rest
• Hard drive, SSD, flash drive, etc.
• Use disk encryption, database encryption
• File- or folder-level encryption
Data in use
• System RAM, CPU registers and cache
• The data is almost always decrypted
• Otherwise, you couldn’t do anything with it
23
Encrypting HTTPS traffic SSL/TLS
• Client requests secure session
• Server sends its certificate including its public key
• The client creates a symmetric key and encrypts it with the servers
public key
• The client sends the encrypted symmetric key to the server
• The server decrypts the symmetric key using its private key
• All of the session data from thereon is encrypted with the symmetric
key
24
The END!
@Fahad_Alduraibi :تويتر
https://fadvisor.net/blog/:المدونة
fadroid :سناب
25