Cybersafety

Март 2, 2021

Содержание

2. Objectives Review of Concepts. What is (are): Information Systems? Information Security? Information Systems Security? Information Assurance?
3. Review of Concepts What are Information Systems? Systems that store, transmit, and process information. + What
4. Review of Concepts What is Information Assurance? Emphasis on Information Sharing Establishing and controlling trust Authorization
5. Review of Concepts Progression of Terminology Computer Security (COMPUSEC) Information Security (INFOSEC) Information Assurance (IA) Cyber
6. Review of Concepts What is the Defense in Depth Strategy? Using layers of defense as protection.
7. Review of Concepts
8. ISS Management What is a Backup Plan (BP) vs Disaster Recovery Plan (DRP) vs Emergency Response
9. Why is this important? Information is valuable. therefore, Information Systems are valuable. etc… Compromise of Information
10. Why is this important? Fixed Resources Sustainable strategies reduce costs
11. Advanced Topics: Measuring Risk What is Risk? thus Qualitative v.s. Quantitative Methods Risk Assessments v.s. Risk
12. Advanced Topics: Measuring Risk Risk is conditional, NOT independent.
13. Advanced Topics: Measuring Risk Quantitative, time-dependent (continuous), Risk Distribution Function: Source: Robbins, P. (Dec, 2011). Security
14. Advanced Topics: Measuring Risk Expected Value of Risk = Product of Risks Risk is never zero
15. Advanced Topics: Measuring Risk Expected Value and Risk Loss Confidence vs Cumulative Risk Product
16. Advanced Topics: Measuring Risk Quantitative Risk Determination Expression Risk Rate & Risk Variability Adjudication of Risk
17. Advanced Topics: Measuring Risk Determining Risk Tolerance / Threshold Levels
18. Advanced Topics: Measuring Risk Risk Areas as a function of Probability and Impact
19. Present Challenges Rapid growth of Advanced Persistent Threats (APTs) Half million cases of cyber related incidents
20. Future Challenges Cyberspace: Are we at war? Cyber Crime vs Cyber Warfare vs Cyber Conflict
22. Скачать презентацию

Objectives
Review of Concepts. What is (are):
Information Systems?
Information Security?
Information Systems Security?
Information Assurance?
Cyber Security?
Defense

in Depth?
Significance / Importance of Concepts
Advanced Topics in Security Risk Analysis
Present & Future Challenges

Review of Concepts
What are Information Systems?
Systems that store, transmit, and process information.
+
What

is Information Security?
The protection of information.
-------------------------------------------------------------------------------
What is Information Systems Security?
The protection of systems that store, transmit, and process information.

Слайд 4

Review of Concepts
What is Information Assurance?
Emphasis on Information Sharing
Establishing and controlling

trust
Authorization and Authentication (A&A)
What is Cyber Security?
Protection of information and systems within networks that are connected to the Internet.

Слайд 5

Review of Concepts
Progression of Terminology
Computer Security
(COMPUSEC)
Information Security
(INFOSEC)
Information Assurance
(IA)
Cyber Security
Legacy Term (no longer

used).

Legacy Term (still used).

Term widely accepted today with focus on Information Sharing.

Broad Term quickly being adopted.

Слайд 6

Review of Concepts
What is the Defense in Depth Strategy?
Using layers of defense

as protection.
People, Technology, and Operations.

Onion Model

Слайд 7

Review of Concepts

Слайд 8

ISS Management
What is a Backup Plan (BP) vs Disaster Recovery Plan (DRP)

vs Emergency Response Plan (ERP) vs Business Recovery Plan (BRP) vs Business Impact Analysis (BIA) vs Incident Response Plan (IRP) vs Continuity of Operations Plan (COOP) vs Contingency Plan?
Policy & Planning
Test, Audit, Update
Configuration Control
Protection, Detection, Reaction
(Assessment, CND, Incident Response)

Слайд 9

Why is this important?
Information is valuable.
therefore,
Information Systems are valuable.
etc…
Compromise of Information

Security Services (C-I-A) have real consequences (loss)
Confidentiality: death, proprietary info, privacy, theft
Integrity: theft, disruption
Availability: productivity lost, C2, defense, emergency services

Слайд 10

Why is this important?
Fixed Resources
Sustainable strategies reduce costs

Слайд 11

Advanced Topics: Measuring Risk
What is Risk?
thus
Qualitative v.s. Quantitative Methods
Risk Assessments v.s. Risk

Analysis
Security Risk Analysis (SRA)
Units for measurement?

Слайд 12

Advanced Topics: Measuring Risk
Risk is conditional, NOT independent.

Слайд 13

Advanced Topics: Measuring Risk
Quantitative, time-dependent (continuous),
Risk Distribution Function:
Source:
Robbins, P. (Dec, 2011). Security

Risk Analysis and Critical Information Systems (Master's Thesis). Hawaii Pacific University, Honolulu, HI.

Слайд 14

Advanced Topics: Measuring Risk
Expected Value of Risk = Product of Risks
Risk is

never zero
Risk Dimension (units): confidence in ISS, C-I-A

Слайд 15

Advanced Topics: Measuring Risk
Expected Value and Risk Loss Confidence vs Cumulative Risk

Product

Слайд 16

Advanced Topics: Measuring Risk
Quantitative Risk Determination Expression
Risk Rate & Risk Variability
Adjudication of

Risk

Слайд 17

Advanced Topics: Measuring Risk
Determining Risk Tolerance / Threshold Levels

Слайд 18

Advanced Topics: Measuring Risk
Risk Areas as a function of Probability and Impact

Слайд 19

Present Challenges
Rapid growth of Advanced Persistent Threats (APTs)
Half million cases of cyber

related incidents in 2012.
Is this a problem?
What about vulnerabilities
associated with
interconnections?

Source: US-CERT

Слайд 20

Future Challenges
Cyberspace: Are we at war?
Cyber Crime vs Cyber Warfare vs Cyber

Conflict

Cybersafety

Содержание

ObjectivesReview of Concepts. What is (are):Information Systems?Information Security?Information Systems Security?Information Assurance?Cyber Security?Defense

Review of ConceptsWhat are Information Systems?Systems that store, transmit, and process information.+What

Review of ConceptsWhat is Information Assurance? Emphasis on Information SharingEstablishing and controlling

Review of ConceptsProgression of TerminologyComputer Security(COMPUSEC)Information Security(INFOSEC)Information Assurance(IA)Cyber SecurityLegacy Term (no longer

Review of ConceptsWhat is the Defense in Depth Strategy?Using layers of defense

Review of Concepts

ISS ManagementWhat is a Backup Plan (BP) vs Disaster Recovery Plan (DRP)

Why is this important?Information is valuable.therefore, Information Systems are valuable.etc…Compromise of Information

Why is this important?Fixed ResourcesSustainable strategies reduce costs

Advanced Topics: Measuring RiskWhat is Risk?thusQualitative v.s. Quantitative MethodsRisk Assessments v.s. Risk

Advanced Topics: Measuring RiskRisk is conditional, NOT independent.

Advanced Topics: Measuring RiskQuantitative, time-dependent (continuous),Risk Distribution Function:Source:Robbins, P. (Dec, 2011). Security

Advanced Topics: Measuring RiskExpected Value of Risk = Product of RisksRisk is

Advanced Topics: Measuring RiskExpected Value and Risk Loss Confidence vs Cumulative Risk

Advanced Topics: Measuring RiskQuantitative Risk Determination ExpressionRisk Rate & Risk VariabilityAdjudication of

Advanced Topics: Measuring RiskDetermining Risk Tolerance / Threshold Levels

Advanced Topics: Measuring RiskRisk Areas as a function of Probability and Impact

Present ChallengesRapid growth of Advanced Persistent Threats (APTs)Half million cases of cyber

Future ChallengesCyberspace: Are we at war?Cyber Crime vs Cyber Warfare vs Cyber

Похожие презентации