Scribd
Upload
135 views

Security Mindset

This document discusses the importance of cyber security and developing a security mindset. It outlines common cyber threats like cyber criminals, hacktivists, and nation states exploiting vulnerabilities in software, networks, and humans. Examples are given of data breaches at Target and Sony Pictures. The document recommends striving to maintain the confidentiality, integrity, and availability of sensitive data. It suggests approaches to address cyber security like reducing vulnerabilities by following secure design principles, preventing intrusions, detecting intrusions, responding to incidents, and restoring systems after attacks.

Uploaded by

cykablyat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
135 views

Security Mindset

This document discusses the importance of cyber security and developing a security mindset. It outlines common cyber threats like cyber criminals, hacktivists, and nation states exploiting vulnerabilities in software, networks, and humans. Examples are given of data breaches at Target and Sony Pictures. The document recommends striving to maintain the confidentiality, integrity, and availability of sensitive data. It suggests approaches to address cyber security like reducing vulnerabilities by following secure design principles, preventing intrusions, detecting intrusions, responding to incidents, and restoring systems after attacks.

Uploaded by

cykablyat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Security 

Mindset 
 
Why Cyber Security 
When you have something of value and there is a risk to it.  
 
What is of value: data 
What is the threat: criminals (they can monetize it and profit from it) 
 
Smart Grids­ computer controlled electrical grid. 
 
Security Impact Quiz 
There are two kinds of companies ­­ those that have been hacked and know it, and those that 
have been hacked and don’t know it.  
 
You have most likely patronized a company that has been hacked.  
 
Cyber Assets at Risk 
 
We need to develop a security mindset ­­  
Threat Source: 
Cyber criminals 
Hacktivists 
Nation States 
 
Vulnerabilities and Attacks: 
Compromises  
Security Breach 
 
Vulnerabilities are in software, networks, humans 
 
Real World Example: Target Store Breach  
What is of value ­ credit card data 
What is threat source ­ criminals 
What was vulnerability ­ phishing was used to obtain credentials of the network 
 
 
Sony Pictures Quiz 
 
Threat ­ Nation states 
Goal of attack ­ stop release of a movie 
Attack accomplishment ­ disclosed sensitive data 
 
Revisiting Threats 
 
Relationship of Threats, Vulnerabilities, Attacks, and Risk 
 

 
 
What Should We Do in Cyber Security 
 
Make threats go away ­ not really practical 
Reduce vulnerabilities ­ will never go away 
Strive to meet security requirements of sensitive info: 
C​
­​ onfidentiality ­ try to achieve this 
­I​
ntegrity  ­ try to maintain 
A​
­​ vailability ­ try to always try to keep services available (stop Denial of Services 
Attacks) 
 
These three are called : CIA 
 
Cyber attacks can have physical consequences ­ computer systems can be damaged 
 
We need to protect data and systems 
 
 
Security Requirements Quiz Solution 
Data breaches violate CONFIDENTIALITY 
 
What should the good guys do? 
Prevention ­ keep bad guys out. We will never have 100% 
Detection ­ detect the bad guys are in the system 
Response ­ respond to the intrusion 
Recovery and remediation ­ restore corrupted data and stop similar future attacks 
Policy vs Mechanism ­ what vs how will attacks be handled 
 
How do We Address Cyber Security 
 
Reduce vulnerabilities: follow basic design principle for secure systems. 
Economy of mechanism ­ keep systems simple and small 
Fail­safe defaults ­ means default access is denial 
Complete mediation ­ no one should be able to bypass security measures 
Open Design ­ is good because not counting on secrecy 
Least privilege ­ only give users the minimum level of access that they need 
Psychological acceptability ­ don’t expect people to do what is inconvenient 
 
 
 
 

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy