Security + - Risk Management

Aula 2 - The CIA - Confidentiality, integrity, Availability
1. Objetivos da Segurança da Informação
  1. THE CIA // O CID
    1. Confidencialidade
      1. Visualização / manuseio de dados
        Manter os dados secretos de quem não precisa acessá-los
    2. Integridade
      1. Enviar / Transmitir / Receber / Guardar
        Nenhuma alteração/deleção sem autorização pode ocorrer
    3. Disponibilidade
      1. Garantir que informaçao esteja disponivel
        Acesso de um usuário autorizado
    4. Complementar o CID
      1. Accountability & Audition
        Logging
        Quem acessou esse arquivo?
        Quem fez esta alteração?
      2. Non Repudiation
        Usuario
        Não pode negar que fez tal ação. Ele não pode apagar rastros
2. Quick Review
  1. The goal of security is Defined as CIA
    1. CIA stands for confidentiality, integrity, and availability
      1. Dont forget auditing, accountability and non-repudiation
Aula 3 - Threat Actors
1. Attributes
  1. Internal? / External?
  2. What is the intention? What's the goal?
  3. How Sophisticated is? More sophisticated = more dangerous
  4. Using open user inteligence? It means, facebook, twitter, shodan, etc etc
2. Types of Threat Actors
  1. Script kiddies
    1. easily blocked
    2. Dont have sophistication
    3. Use Pre-made tools
    4. Trivial attack knowledge
  2. Hacktivist
    1. Motivation/intent/ ideology
  3. Organized crime
    1. Group of people working togetter
      1. money
  4. Nation States / Advanced Persistent Threat (APT)
    1. probably the biggest issue
    2. Big resources
    3. Big sophistication
    4. between governments
  5. Insiders
    1. somebody who is in the structure of company
      1. not always an employee
    2. has access to information
    3. who can access asset
  6. Competitors
    1. between organizations
      1. Its like coca cola vs pepsi
    2. less common today
Aula 4 - What is Risk?
1. Assets
  1. Computers
  2. equipments
  3. plants
  4. people
  5. intangible things
2. Vulnerabilities
  1. weakness to an asset
    1. leaves it open to bad things happening to it
      1. example
        default user name in a server
        server room unlocked
        garbage in street with confidential data
3. Threats
  1. Action
    1. Negative event that exploits a vulnerability
      1. Example
        someone reads the garbage
        someone unauthorized running into your server room
        someone unauthorized get access to your server
4. method to Protect our stuff from bad things
5. Likelihood
  1. The level of certainty (certeza) that something will happen
    1. two ways to measure
      1. Quantitative likelihood
        numbers, statistics, historic
        your power supply have a MTBF of 100 000 hours
      2. Qualitative likelihood
        things that its so hard put numbers to measure
        customer loyalty (lealdade de cliente)
6. Impact
  1. The harm caused by a threat
    1. measurements
      1. quantitative
        cost
      2. labor (trabalho)
        people work hours lost
      3. time
        how is the ETR?
      4. qualitative
        corporate reputation
7. Guide for risk management
  1. N1ST SP 800-300
8. quick review
  1. Threats exploit vulnerabilities to harm assets
  2. assets can have vulnerabilities
  3. use SP 800-30 as part of risk assessment

Next up

Security + - Risk Management

Description

Resource summary

Media attachments

Similar

	Created by Maicon Alencar almost 5 years ago