Cyber Security
This article will take 2 minutes to read.
Cyber Security
tags: university 7th semester
Week 1 — Why we need Security
- A threat is an object, person, or other entity that represents a constant danger to an asset
- Most incidents are caused by past and current employees ~56%
Categories of threats:
- Potential Acts of Human Error or Failure
- Compromises to Intellectual Property
- Deliberate Acts of Espionage or Trespass
- Deliberate Acts of Information Extortion
- Deliberate Acts of Sabotage or Vandalism
- Deliberate Acts of Theft
- Deliberate Software Attacks
- Forces of Nature
- Potential Deviations in Quality of Service from Service Providers
- Technical Hardware Failures or Errors
- Technical Software Failures or Errors
- Technological Obsolescence
Week 2
Assurance is a measure of how well the system meets its requirements
FAIR Framework
Risk - Probable frequency and magnitude of future loss
- Frequency
- Threat event frequency
- Contact Frequency
- Probability of Action
- Vulnerability
- Threat Capability
- Resistance Strength
- Threat event frequency
- Magnitude
- Primary Loss
- Secondary Loss
- Loss Frequency
- Loss Magnitude
Loss Scenario
- Insider threat
- Outsider threat
- etc.
Week 7
- Security Controls
- Physical
- Deals with physical access
- Administrative
- Administrative policies like background checks
- Technical
- Functions
- Preventive
- Try to avoid activity, like lock or B.G. Check
- Detective
- Discover perpetrator of action
- Deterrent
- Discourage the activity
- Recovery/Corrective/Compensating
- Backups
- Preventive
- Physical
- Cybersecurity Countermeasures
- COBIT 5 and ITIL frameworks
- ITIL
- What IT should be doing. (HOW)
- Detailed advice on how to carry out COBIT processes.
- Instructions to provide best service.
- Guidelines. Best Practices
- Customize to customers needs
- COBIT
- Enterprise perspective (WHAT)
- Supports audit and evaluation of IT activities.
- includes assessment framework
- Goals cascade
- allows IT activities to be linked to stakeholder needs and business objectives.
- ITIL
- COSO Risk Management Framework
- Strategic objectives.
- Fundamental to corporate strategy
- My have external influence
- Operational objectives
- Efficient use of resources.
- Strategic objectives.
Notes mentioning this note
There are no notes linking to this note.