Cyber Security

This article will take 2 minutes to read.

Cyber Security

tags: university 7th semester

Week 1 — Why we need Security

  • A threat is an object, person, or other entity that represents a constant danger to an asset
  • Most incidents are caused by past and current employees ~56%

Categories of threats:

  1. Potential Acts of Human Error or Failure
  2. Compromises to Intellectual Property
  3. Deliberate Acts of Espionage or Trespass
  4. Deliberate Acts of Information Extortion
  5. Deliberate Acts of Sabotage or Vandalism
  6. Deliberate Acts of Theft
  7. Deliberate Software Attacks
  8. Forces of Nature
  9. Potential Deviations in Quality of Service from Service Providers
  10. Technical Hardware Failures or Errors
  11. Technical Software Failures or Errors
  12. Technological Obsolescence

Week 2

Assurance is a measure of how well the system meets its requirements

FAIR Framework

Risk - Probable frequency and magnitude of future loss

  • Frequency
    • Threat event frequency
      • Contact Frequency
      • Probability of Action
    • Vulnerability
      • Threat Capability
      • Resistance Strength
  • Magnitude
    • Primary Loss
    • Secondary Loss
      • Loss Frequency
      • Loss Magnitude

Loss Scenario

  • Insider threat
  • Outsider threat
  • etc.

Week 7

  • Security Controls
    • Physical
      • Deals with physical access
    • Administrative
      • Administrative policies like background checks
    • Technical
    • Functions
      • Preventive
        • Try to avoid activity, like lock or B.G. Check
      • Detective
        • Discover perpetrator of action
      • Deterrent
        • Discourage the activity
      • Recovery/Corrective/Compensating
        • Backups
  • Cybersecurity Countermeasures
  • COBIT 5 and ITIL frameworks
    • ITIL
      • What IT should be doing. (HOW)
      • Detailed advice on how to carry out COBIT processes.
      • Instructions to provide best service.
      • Guidelines. Best Practices
      • Customize to customers needs
    • COBIT
      • Enterprise perspective (WHAT)
      • Supports audit and evaluation of IT activities.
      • includes assessment framework
      • Goals cascade
        • allows IT activities to be linked to stakeholder needs and business objectives.
  • COSO Risk Management Framework
    • Strategic objectives.
      • Fundamental to corporate strategy
      • My have external influence
    • Operational objectives
      • Efficient use of resources.

Notes mentioning this note

There are no notes linking to this note.


Here are all the notes in this garden, along with their links, visualized as a graph.