Security + - Risk Management

Maicon Alencar
Mind Map by Maicon Alencar, updated 8 months ago
Maicon Alencar
Created by Maicon Alencar 8 months ago


Primeiro modulo do curso Udemy

Resource summary

Security + - Risk Management
1 Aula 2 - The CIA - Confidentiality, integrity, Availability
1.1 Objetivos da Segurança da Informação
1.1.1 THE CIA // O CID Confidencialidade Visualização / manuseio de dados Manter os dados secretos de quem não precisa acessá-los Integridade Enviar / Transmitir / Receber / Guardar Nenhuma alteração/deleção sem autorização pode ocorrer Disponibilidade Garantir que informaçao esteja disponivel Acesso de um usuário autorizado Complementar o CID Accountability & Audition Logging Quem acessou esse arquivo? Quem fez esta alteração? Non Repudiation Usuario Não pode negar que fez tal ação. Ele não pode apagar rastros
1.2 Quick Review
1.2.1 The goal of security is Defined as CIA CIA stands for confidentiality, integrity, and availability Dont forget auditing, accountability and non-repudiation
2 Aula 3 - Threat Actors
2.1 Attributes
2.1.1 Internal? / External?
2.1.2 What is the intention? What's the goal?
2.1.3 How Sophisticated is? More sophisticated = more dangerous
2.1.4 Using open user inteligence? It means, facebook, twitter, shodan, etc etc
2.2 Types of Threat Actors
2.2.1 Script kiddies easily blocked Dont have sophistication Use Pre-made tools Trivial attack knowledge
2.2.2 Hacktivist Motivation/intent/ ideology
2.2.3 Organized crime Group of people working togetter money
2.2.4 Nation States / Advanced Persistent Threat (APT) probably the biggest issue Big resources Big sophistication between governments
2.2.5 Insiders somebody who is in the structure of company not always an employee has access to information who can access asset
2.2.6 Competitors between organizations Its like coca cola vs pepsi less common today
3 Aula 4 - What is Risk?
3.1 Assets
3.1.1 Computers
3.1.2 equipments
3.1.3 plants
3.1.4 people
3.1.5 intangible things
3.2 Vulnerabilities
3.2.1 weakness to an asset leaves it open to bad things happening to it example default user name in a server server room unlocked garbage in street with confidential data
3.3 Threats
3.3.1 Action Negative event that exploits a vulnerability Example someone reads the garbage someone unauthorized running into your server room someone unauthorized get access to your server
3.4 method to Protect our stuff from bad things
3.5 Likelihood
3.5.1 The level of certainty (certeza) that something will happen two ways to measure Quantitative likelihood numbers, statistics, historic your power supply have a MTBF of 100 000 hours Qualitative likelihood things that its so hard put numbers to measure customer loyalty (lealdade de cliente)
3.6 Impact
3.6.1 The harm caused by a threat measurements quantitative cost labor (trabalho) people work hours lost time how is the ETR? qualitative corporate reputation
3.7 Guide for risk management
3.7.1 N1ST SP 800-300
3.8 quick review
3.8.1 Threats exploit vulnerabilities to harm assets
3.8.2 assets can have vulnerabilities
3.8.3 use SP 800-30 as part of risk assessment
Show full summary Hide full summary


CET_TARDE - Security Fundamentals 2017 - Part 2
Hawerth Castro
CET_TARDE - Security Fundamentals 2017 - Preparing for the certified
Hawerth Castro
CET_TARDE - Security Fundamentals 2017 - Part 1
Hawerth Castro
Security Plus
ATI - Accountability and Talent Improvement
Leandro de Oliveira
(1) Obtenção de Informações
Rafael Silva
CET_TARDE - Security Fundamentals 2017 - Part 3
Hawerth Castro
CET_TARDE - Security Fundamentals 2017 - Part 1
Filipe Lopes
ATI - Accountability and Talent Improvement
Leandro de Oliveira