Cybersafety

Содержание

Слайд 2

Objectives

Review of Concepts. What is (are):
Information Systems?
Information Security?
Information Systems Security?
Information Assurance?
Cyber Security?
Defense

Objectives Review of Concepts. What is (are): Information Systems? Information Security? Information
in Depth?
Significance / Importance of Concepts
Advanced Topics in Security Risk Analysis
Present & Future Challenges

Слайд 3

Review of Concepts

What are Information Systems?
Systems that store, transmit, and process information.
+
What

Review of Concepts What are Information Systems? Systems that store, transmit, and
is Information Security?
The protection of information.
-------------------------------------------------------------------------------
What is Information Systems Security?
The protection of systems that store, transmit, and process information.

Слайд 4

Review of Concepts

What is Information Assurance?
Emphasis on Information Sharing
Establishing and controlling

Review of Concepts What is Information Assurance? Emphasis on Information Sharing Establishing
trust
Authorization and Authentication (A&A)
What is Cyber Security?
Protection of information and systems within networks that are connected to the Internet.

Слайд 5

Review of Concepts

Progression of Terminology

Computer Security
(COMPUSEC)

Information Security
(INFOSEC)

Information Assurance
(IA)

Cyber Security

Legacy Term (no longer

Review of Concepts Progression of Terminology Computer Security (COMPUSEC) Information Security (INFOSEC)
used).

Legacy Term (still used).

Term widely accepted today with focus on Information Sharing.

Broad Term quickly being adopted.

Слайд 6

Review of Concepts

What is the Defense in Depth Strategy?
Using layers of defense

Review of Concepts What is the Defense in Depth Strategy? Using layers
as protection.
People, Technology, and Operations.

Onion Model

Слайд 7

Review of Concepts

Review of Concepts

Слайд 8

ISS Management

What is a Backup Plan (BP) vs Disaster Recovery Plan (DRP)

ISS Management What is a Backup Plan (BP) vs Disaster Recovery Plan
vs Emergency Response Plan (ERP) vs Business Recovery Plan (BRP) vs Business Impact Analysis (BIA) vs Incident Response Plan (IRP) vs Continuity of Operations Plan (COOP) vs Contingency Plan?
Policy & Planning
Test, Audit, Update
Configuration Control
Protection, Detection, Reaction
(Assessment, CND, Incident Response)

Слайд 9

Why is this important?

Information is valuable.
therefore,
Information Systems are valuable.
etc…
Compromise of Information

Why is this important? Information is valuable. therefore, Information Systems are valuable.
Security Services (C-I-A) have real consequences (loss)
Confidentiality: death, proprietary info, privacy, theft
Integrity: theft, disruption
Availability: productivity lost, C2, defense, emergency services

Слайд 10

Why is this important?

Fixed Resources
Sustainable strategies reduce costs

Why is this important? Fixed Resources Sustainable strategies reduce costs

Слайд 11

Advanced Topics: Measuring Risk

What is Risk?
thus
Qualitative v.s. Quantitative Methods
Risk Assessments v.s. Risk

Advanced Topics: Measuring Risk What is Risk? thus Qualitative v.s. Quantitative Methods
Analysis
Security Risk Analysis (SRA)
Units for measurement?

Слайд 12

Advanced Topics: Measuring Risk

Risk is conditional, NOT independent.

Advanced Topics: Measuring Risk Risk is conditional, NOT independent.

Слайд 13

Advanced Topics: Measuring Risk

Quantitative, time-dependent (continuous),
Risk Distribution Function:

Source:
Robbins, P. (Dec, 2011). Security

Advanced Topics: Measuring Risk Quantitative, time-dependent (continuous), Risk Distribution Function: Source: Robbins,
Risk Analysis and Critical Information Systems (Master's Thesis). Hawaii Pacific University, Honolulu, HI.

Слайд 14

Advanced Topics: Measuring Risk

Expected Value of Risk = Product of Risks
Risk is

Advanced Topics: Measuring Risk Expected Value of Risk = Product of Risks
never zero
Risk Dimension (units): confidence in ISS, C-I-A

Слайд 15

Advanced Topics: Measuring Risk

Expected Value and Risk Loss Confidence vs Cumulative Risk

Advanced Topics: Measuring Risk Expected Value and Risk Loss Confidence vs Cumulative Risk Product
Product

Слайд 16

Advanced Topics: Measuring Risk

Quantitative Risk Determination Expression
Risk Rate & Risk Variability
Adjudication of

Advanced Topics: Measuring Risk Quantitative Risk Determination Expression Risk Rate & Risk Variability Adjudication of Risk
Risk

Слайд 17

Advanced Topics: Measuring Risk

Determining Risk Tolerance / Threshold Levels

Advanced Topics: Measuring Risk Determining Risk Tolerance / Threshold Levels

Слайд 18

Advanced Topics: Measuring Risk

Risk Areas as a function of Probability and Impact

Advanced Topics: Measuring Risk Risk Areas as a function of Probability and Impact

Слайд 19

Present Challenges

Rapid growth of Advanced Persistent Threats (APTs)
Half million cases of cyber

Present Challenges Rapid growth of Advanced Persistent Threats (APTs) Half million cases
related incidents in 2012.
Is this a problem?
What about vulnerabilities
associated with
interconnections?

Source: US-CERT

Слайд 20

Future Challenges

Cyberspace: Are we at war?
Cyber Crime vs Cyber Warfare vs Cyber

Future Challenges Cyberspace: Are we at war? Cyber Crime vs Cyber Warfare vs Cyber Conflict
Conflict
Имя файла: Cybersafety.pptx
Количество просмотров: 40
Количество скачиваний: 0