Professional Documents
Culture Documents
BIT3
CYBER SECURITY AND DIGITAL
FORENSICS
Prepared by
Rebecca Kushemererwa(CISA,CISM,MPAM,PGD.INFOsec,BCE)
CYBER SECURITY,IT AUDIT & RISK MANAGEMENT CONSULTANT
0701550031- kushbeckyle@gmail.com
CYBER SECURITY-INTRODUCTION
• Most people, and by extension most organizations, are afraid of crime. A person
may be worried that he will be mugged on the street or that his house may be
burgled. In the last few years, the threat of cybercrime has become quite well
publicized.
• -For example, a cracker may gain access to a computer and steal data files from
it.
• 1) The first step in establishing a security policy is to obtain genuine support and commitment for such a
policy throughout the organization especially Top management or board
• 2) The next step is to analyze risks to security within the organization. Risks are components, processes,
situations, or events that could cause the loss, damage, destruction, or theft of data or materials.
• 3) Having identified risks, the next step is to implement controls that detect and prevent losses and
procedures that enable the organization to recover from losses (or other disasters) with a minimum of
interruption to business continuity.
• 4) The "final" step in the process is to review, test, and update procedures continually. An organization must
ensure continued compliance with its security policy and the relevance of that policy to new and changing
risks.
ROLES AND RESPONSIBILITIES
TECHNICAL CLASS
Access control
• Audit and accountability
• Dentification and Authentication
• System and Communications Protection
• Whether administrative or technical, controls can also be classified according to the goal or
function of the control in a simpler schema than the families identified by NIST.
• ■ Preventive - the control physically or logically restricts unauthorized access. A directive can
be thought of as an administrative version of a preventive control. (IPS-give more examples)
• ■ Deterrent - the control may not physically or logically prevent access, but psychologically
discourages an attacker from attempting an intrusion. (audit trails,logs,penalties- give more
examples)
• ■ Detective - the control may not prevent or deter access, but it will identify and record any
attempted or successful intrusion(IDS- give more examples
CONTROLS….
• Corrective - the control responds to and fixes an incident and may also prevent
its reoccurrence. Eg IPS,anti virus,patches,OS hardening
• ■ Compensating - the control does not prevent the attack but restores the
function of the system through some other means, such as using data backup or
an alternative site.
QUESTIONS??????????