Professional Documents
Culture Documents
Fundamentals of Information Security
Fundamentals of Information Security
com
FCQDU25HIV
Foundations of Information
Security
✔CIA triad
✔Overview of cyber space
✔Risk management
✔Motives behind attacks
yovan7raja@gmail.com
FCQDU25HIV
Confidentiality
yovan7raja@gmail.com
FCQDU25HIV
Integrity Availability
• Only the authorized entity can access or read the data, objects
or resources.
yovan7raja@gmail.com
FCQDU25HIV
• Only the authorized entity can alter the data, objects &
resources.
Alert (A22-057A)
• According to SentinelLabs, the malware targets Windows devices, manipulating the master
boot record, which results in subsequent boot failure.
This file is meant for personal use by yovan7raja@gmail.com only.
Sharing or publishing the contents in part or full is liable for legal action.
Availability
yovan7raja@gmail.com
FCQDU25HIV
yovan7raja@gmail.com
FCQDU25HIV
• The Internet backbone may be defined by the principal data routes between large,
strategically interconnected computer networks and core routers of the Internet.
Data Centers
Global Cloud
Cloud
yovan7raja@gmail.com Infra
FCQDU25HIV
Cyber Space
Critical
Infrastructure
Online
yovan7raja@gmail.com
FCQDU25HIV Rights
Data
Privacy
Cyber
Security
Threats
yovan7raja@gmail.com
FCQDU25HIV
Risk
Vulnerabilities
Risk
The potential for damage when a threat exploits a vulnerability.
yovan7raja@gmail.com
FCQDU25HIV
Ransomware
Malware
This file is meant for personal use by yovan7raja@gmail.com only.
Sharing or publishing the contents in part or full is liable for legal action.
Risk Analysis
yovan7raja@gmail.com
FCQDU25HIV
Risk Management is the process of identifying, analyzing, assessing, mitigating or transferring risk.
Integration
Improvement
yovan7raja@gmail.com
FCQDU25HIV Design
Leadership &
Commitment
Evaluation Implementation
This file is meant for personal use by yovan7raja@gmail.com only.
Sharing or publishing the contents in part or full is liable for legal action.
Risk Management
Ongoing Risk
Risk Mitigation
Monitoring / Response
• Reduce / Avoid
• Continuous Risk
• Transfer
Monitoring
• Accept / Reject
• Subjective in nature
• Uses words like “High”, “Medium” “Low” to describe the probability of the threat.
Probability (Likelihood)
yovan7raja@gmail.com
FCQDU25HIV
Impact (Consequence)
•
FCQDU25HIV
Uses words like “High”, “Medium” “Low” to describe the probability of the threat.
yovan7raja@gmail.com
FCQDU25HIV
Causing
Organizational Adverse
Producing
Risk Impact
Accept
yovan7raja@gmail.com
FCQDU25HIV
Transfer
Avoid
Mitigate
• Refers to the risk remaining after all other known threats have been treated.
yovan7raja@gmail.com
FCQDU25HIV
Residual Risk
Security
Incident
Internal Threat
Audit Intelligence
yovan7raja@gmail.com
FCQDU25HIV Vulnerability Industry
Assessment Development
• Any act against the law in which, a computer or communication device or computer network is
used to commit or facilitate the commission of a cyber crime.
• US Department of State Diplomatic Security Service has issued a reward of 10 Million for
information on Russian GRU officers and hackers
• The hackers have been named in a poster created about this.
yovan7raja@gmail.com
FCQDU25HIV
Cyber Crime Price (in USD)
Product
SMS Spoofing 20/Month
Phishing Kit 20-200
Custom Spyware 200
Hacker-on-Hire 200+
Zero-Day in iOS 250,000
This file is meant for personal use by yovan7raja@gmail.com only.
Sharing or publishing the contents in part or full is liable for legal action.
Cyber Crime
yovan7raja@gmail.com
FCQDU25HIV
• Financial gain
• Organized crime
• Hacktivism
• Extortion
• Competitive advantage
yovan7raja@gmail.com
FCQDU25HIV
Hacker Profile
People • >80% under 30
behind • started at young age
FCQDU25HIVattacks
yovan7raja@gmail.com
A call center • well educated
providing “Crime as • do NOT come from low socio-
a Service” economical background
yovan7raja@gmail.com
FCQDU25HIV
Challenge
Espionage
Money
yovan7raja@gmail.com
FCQDU25HIV
yovan7raja@gmail.com
FCQDU25HIV Web Frameworks
IP Address
(PHP,Apache etc)
Your Company
Domains NetFlow
WHOIS Records
• An organization would get a Risk Score based on the findings in the attack surface monitoring tool.
• The score is a synonym of the credit score that an individual has.
• Higher the score, better the security of the organization.
• Monitoring the score of you and your vendors is critical for a safe security posture.
yovan7raja@gmail.com
FCQDU25HIV
yovan7raja@gmail.com
FCQDU25HIV