cybersecurity fundamentals course - isaca...
TRANSCRIPT
![Page 1: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/1.jpg)
Instructor-Led Course
Cybersecurity Fundamentals
![Page 2: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/2.jpg)
Name
Background
Contact Information
Facilitator Introduction
2
![Page 3: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/3.jpg)
What is your involvement in cybersecurity?
A. Personal interest
B. Consulting
C. Full-time position
D. Dual role
Audience Poll Question
3
![Page 4: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/4.jpg)
How many years of experience do you have
performing cybersecurity?
A. No experience
B. Less than 2 years
C. 2 – 5 years
D. 5+ years
Audience Poll Question
4
![Page 5: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/5.jpg)
Have you ever been personally involved in a
cybersecurity incident?
A. Yes
B. No
Audience Poll Question
5
![Page 6: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/6.jpg)
After completing this course you will be able to:
• Identify key concepts and terminology in
cybersecurity.
• Define the key concepts, roles and domains of
cybersecurity.
• Identify the various types of cybersecurity
architecture.
• Identify the key components of securing networks,
systems and applications and data.
• Identify and incident and outline the phases of
incident response.
• Identify the implications for adaption of evolving
technology.
Course Objectives
6
![Page 7: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/7.jpg)
Topics Covered in This Course
7
Cybersecurity introduction and overview
Cybersecurity concepts
Security architecture principles
Security of networks, systems, applications and data
Incident response
Security implications of the adoption of emerging technologies
![Page 8: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/8.jpg)
Section 1:Cybersecurity Introduction and Overview
![Page 9: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/9.jpg)
1. Introduction and definition of cybersecurity
2. Comparison of cybersecurity and information
security
3. The objectives of cybersecurity
4. Cybersecurity roles and governance
5. Domains of cybersecurity
Topics Covered in This Section
9
![Page 10: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/10.jpg)
Upon completing this section you will be able to:
• Define the key concepts, roles and domains
of cybersecurity.
Section Objectives
10
![Page 11: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/11.jpg)
Topic 1:Introduction to Cybersecurity
![Page 12: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/12.jpg)
“The protection of information assets by addressing threats to information
processed, stored and transported by internetworked information systems.”
What Is Cybersecurity?
12Source: ISACA, Cybersecurity Fundamentals Glossary, ISACA, USA, 2016
![Page 13: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/13.jpg)
Cybersecurity and Other Security Domains
1313
Cyber Crime Cyber Safety
![Page 14: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/14.jpg)
Situational Awareness
14
Knowledge of
information
threats
Understanding
of organizational
environment
Cybersecurity professionals
![Page 15: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/15.jpg)
Level of IT complexity
Network connectivity (internal, third party, public)
Specialist industry devices/instrumentation
Platforms, applications and tools used
On-premise, cloud or hybrid systems
Operational support for security
User community and capabilities
New or emerging security tools
Technological Factors Impacting Security
15
![Page 16: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/16.jpg)
Nature of the business
Risk tolerance and appetite
Security mission, vision and strategy
Industry alignment and security trends
Compliance requirements and regulations
Mergers, acquisitions and partnerships
Outsourcing of services or providers
Business-related Factors Impacting Security
16
![Page 17: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/17.jpg)
Topic 2:Difference Between Information Security and Cybersecurity
![Page 18: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/18.jpg)
Information Security
Focus: Protection of information,
regardless of format, including:
• Paper documents
• Digital and intellectual property
• Verbal or visual communications
Cybersecurity
Focus: Protection of digital assets,
including:
• Network hardware
• Software
• Information processed and stored in
isolated or networked systems
Information Security vs. Cybersecurity
18
![Page 19: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/19.jpg)
RecoverPlan for resilience and the timely repair of compromised capabilities and services.
RespondTake appropriate action after learning of a security event.
DetectImplement activities to identify the occurrence of a cybersecurity event.
ProtectDesign safeguards to limit the impact of potential events on critical services and infrastructure.
IdentifyUse organizational understanding to minimize risk to systems, assets, data and capabilities.
Protecting Digital Assets
19
![Page 20: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/20.jpg)
Topic 3:Cybersecurity Objectives
![Page 21: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/21.jpg)
CONFIDENTIALITYThe protection of information
from unauthorized disclosure
INTEGRITYThe accuracy and completeness of
information in accordance with
business values and expectations
AVAILABILITYThe ability to access information
and resources required by the
business process
Key Information Security Concepts
21
![Page 22: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/22.jpg)
CONFIDENTIALITYThe protection of information from
unauthorized disclosure
Loss Consequences and Preservation Methods
22
LOSS CONSEQUENCES INCLUDE:
• Disclosure of information protected
by privacy laws
• Loss of public confidence
• Loss of competitive advantage
• Legal action against the enterprise
• Interference with national security
• Loss of compliance
PRESERVATION METHODS INCLUDE:
• Access controls
• File permissions
• Encryption
![Page 23: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/23.jpg)
INTEGRITYThe accuracy and completeness of
information in accordance with business
values and expectations
Loss Consequences and Preservation Methods
23
LOSS CONSEQUENCES INCLUDE:
• Inaccuracy
• Erroneous decisions
• Fraud
• Failure of hardware
• Loss of compliance
PRESERVATION METHODS INCLUDE:
• Access controls
• Logging
• Digital signatures
• Hashes
• Backups
• Encryption
![Page 24: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/24.jpg)
Loss Consequences and Preservation Methods
24
AVAILABILITYThe ability to access information and
resources required by the business process
LOSS CONSEQUENCES INCLUDE:
• Loss of functionality and operational
effectiveness
• Loss of productive time
• Fines from regulators or a lawsuit
• Interference with enterprise’s
objectives
• Loss of compliance
PRESERVATION METHODS INCLUDE:
• Redundancy of network, system, data
• Highly available system architectures
• Data replication
• Backups
• Access controls
• A well-designed disaster recovery
plan or business continuity plan
![Page 25: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/25.jpg)
Non-repudiation refers to the concept of ensuring that a message or other
information is genuine.
In cybersecurity, information received must be verified as coming from the actual
sending source indicated.
It is also important that neither sender nor receiver can later deny that they sent or
received the information.
Non-repudiation is implemented through digital signatures and transactional logs.
Non-repudiation
25
![Page 26: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/26.jpg)
Topic 4:Cybersecurity Roles
![Page 27: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/27.jpg)
BOARD OF DIRECTORS
Identifies key assets and verifies that protection levels
and priorities are appropriate
EXECUTIVE COMMITTEE
Sets the tone for cybersecurity management and ensure that
necessary functions, resources and infrastructure are available
and properly utilized
SECURITY MANAGEMENT
Develops security and risk mitigation strategies,
implements security programs and manages incidents
and remediation
CYBERSECURITY PRACTITIONERS
Design, implement and manage processes
and technical controls and respond to
events and incidents
Cybersecurity Roles
27
![Page 28: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/28.jpg)
Topic 5:Cybersecurity Domains
![Page 29: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/29.jpg)
Cybersecurity Concepts
Security Architecture Principles
Security of Networks, Systems,
Applications and Data
Incident ResponseSecurity Implications
and Adoption of Evolving Technology
Cybersecurity Domains
29
![Page 30: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/30.jpg)
Section 1: Cybersecurity Introduction and OverviewReview Question
![Page 31: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/31.jpg)
?
Who is responsible to design, implement and
manage processes and technical controls and
respond to events and incidents?
A. Board of Directors
B. Security Management
C. Executive Committee
D. Cybersecurity Practitioners
Review Question
31
![Page 32: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/32.jpg)
?
Which of the following are the parts of the NIST
framework?
A. Identify, Control, Respond, Recover, Report
B. Identify, Mitigate, Protect, Respond, Recover
C. Control, Mitigate, Deter, Respond, Report
D. Identify, Protect, Detect, Respond, Recover
Review Question
32
![Page 33: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/33.jpg)
?
Which of the following best defines
cybersecurity?
A. The protection of information assets by
addressing threats to information processed,
stored and transported by internetworked
information systems.
B. A device, such as a firewall, used to protect
organization for cyber attacks.
Review Question
33
![Page 34: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/34.jpg)
?
Which of the following statements about
confidentiality is true?
A. Confidentiality is the protection of information
from unauthorized access or disclosure.
B. Confidentiality is the protection of information
from unauthorized modification.
C. Confidentiality ensures the timely and reliable
access to and use of information and systems.
Review Question
34
![Page 35: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/35.jpg)
?
Which of the following is (are) skill(s) that
cybersecurity professionals should have?
A. Critical electronic data processes
B. Signal processing
C. Risk analytics
D. Information system security
E. All the above
Review Question
35
![Page 36: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/36.jpg)
You should now be able to:
• Define the key concepts, roles and domains
of cybersecurity.
Section Summary
36
![Page 37: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/37.jpg)
Section 2:Cybersecurity Concepts
![Page 38: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/38.jpg)
1. Risk management terms, concepts and
frameworks
2. Common attack types and vectors
3. General process and attributes of
cyberattacks
4. Malware
5. Framework and guidance for policies and
procedures
6. Cybersecurity control processes
Topics Covered in this Section
38
![Page 39: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/39.jpg)
Upon completing this section you will be able to:
• Define risk management terms, concepts and
frameworks.
• Identify common attack types and vectors.
• Define the framework and guidance for
policies and procedures.
• Identify cybersecurity control processes.
Section Objectives
39
![Page 40: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/40.jpg)
Topic 1:Risk
![Page 41: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/41.jpg)
Assessing risk is one of the most critical functions of a cybersecurity organization.
Using a risk-based approach to cybersecurity allows informed decision-making,
better protection, and effective application of budgets and resources.
Why a Risk-oriented Approach?
41
![Page 42: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/42.jpg)
This approach simply implements security with no particular rationale or criteria.
It may be driven by vendor marketing, or reflect insufficient subject matter expertise, knowledge or training when designing and implementing safeguards.
Ad hoc
Also known as standards-based security, this approach relies on regulations or standards to determine security implementations.
Controls are implemented regardless of their applicability or necessity, which often leads to a “checklist” attitude toward security.
Compliance-based
This approach relies on identifying the unique risk a particular organization faces and designing and implementing security controls to address that risk above and beyond the entity’s risk tolerance and business needs.
The risk-based approach is usually scenario-based.
Risk-based
Approaches to Cybersecurity Risk
42
![Page 43: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/43.jpg)
To understand risk and a risk-oriented approach, these key concepts are
important:
• Asset
• Threat Event
• Threat Source
• Vulnerability
• Inherent Risk
• Residual Risk
Key Terms and Definitions
43
![Page 44: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/44.jpg)
Likelihood (or “probability”) measures of frequency of an event’s occurrence.
Calculations of likelihood:
• Depend on whether there is a potential threat and the extent to which the particular
type of event can affect its target (vulnerability).
• Take into account any controls or countermeasures that the organization has put in
place to reduce its vulnerability.
• Are used to calculate the risk that an organization faces based on the number of
events that may occur within a given time period.
Understanding Likelihood
44
![Page 45: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/45.jpg)
Source: “Generic Risk Model with Key Risk Factors,” National Institute of Standards and Technology (NIST), Special Publication 800-30, Revision 1, Guide for
Conducting Risk Assessments, USA, September 2012
Framing Risk Management
45
![Page 46: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/46.jpg)
A risk scenario is a description of a possible event whose occurrence will have an
uncertain impact on the achievement of the enterprise’s objectives, which may be
positive or negative.
Risk Scenario
46
![Page 47: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/47.jpg)
Influencing Risk Factors
47
![Page 48: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/48.jpg)
Cybersecurity can be more difficult to control when third parties are involved,
because different entities have different security cultures and risk tolerances.
Outsourcing and mergers and acquisitions can introduce security challenges
These arrangements can present risk that may be difficult to quantify and
potentially difficult to mitigate
Security strategy should consider all third-party arrangements with care to ensure
alignment with internal cybersecurity standards.
Third-party Risk
48
![Page 49: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/49.jpg)
Topic 2:Common Attack Types and Vectors
![Page 50: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/50.jpg)
Source: Marinos, Louis, A. Belmonte, E. Rekleitis, “ENISA Threat Landscape 2015,” ENISA, January 2016, Greece
Common Threat Agents
50
![Page 51: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/51.jpg)
An attack is an activity by a threat agent (or adversary) against an asset.
There are two attack vectors: ingress and egress.
• Ingress attacks focus on intrusion or hacking into systems.
• Egress attacks are designed to remove data from systems and networks.
It is important to consider both attack vectors.
Attack Attributes
51
![Page 52: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/52.jpg)
Threat Process
52
![Page 53: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/53.jpg)
Some threat events are not the result of adversarial activity.
Common non-adversarial threat events include:
• Mishandling of critical or sensitive information by authorized users
• Incorrect privilege settings
• Fire, flood, hurricane, windstorm or earthquake at primary or backup facilities
• Introduction of vulnerabilities into software products
• Pervasive disk errors or other problems caused by aging equipment
Non-adversarial Threat Events
53
![Page 54: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/54.jpg)
Virus
Worm
Trojan horse
Botnet
Spyware
Adware
Ransomware
Keylogger
Rootkit
APT
Backdoor
Brute force
XSS
DoS
Man-in-the-middle
Phishing
Spoofing
SQL injection
Zero-day exploit
Malware and Attack Types
54
Buffer overflow
Social engineering
![Page 55: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/55.jpg)
?
Kaptoxa it was an example of what type of
attack?
A. SQL Injection
B. APT
C. Malware
D. Buffer overflow
E. DoS
Cyber Question
55
![Page 56: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/56.jpg)
Topic 3:Policies and Procedures
![Page 57: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/57.jpg)
Information security policies are a primary element of cybersecurity and overall
security governance. These policies:
• Specify requirements
• Define the roles and responsibilities within the organization
• Outline expected behaviors in various situations
Because of their importance, these policies must be properly created, accepted
and validated by the board and senior management before being communicated
throughout the organization.
Information Security Policies
57
![Page 58: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/58.jpg)
Create
Review
Update
Approve
Each information security policy should be part of a formal policy life cycle
process.
Policy Life Cycle
58
Annual cycle
![Page 59: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/59.jpg)
Compliance Document Types
59
Type Description
PoliciesCommunicate required and prohibited activities and
behaviors
Standards Interpret policies in specific situations
ProceduresProvide details on how to comply with policies and
standards
Guidelines
Provide general guidance on issues such as “what to do in
particular circumstances.” These are not requirements to
be met, but are strongly recommended.
![Page 60: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/60.jpg)
COBIT 5 Information Security Policy Set
60
![Page 61: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/61.jpg)
Access Control Policy
Personnel Information
Security Policy
Security Incident Response Policy
Types of Security Policies
61
![Page 62: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/62.jpg)
The access control policy provides proper access to internal and external
stakeholders to accomplish business goals.
It should ensure that emergency access is appropriately permitted and revoked in
a timely manner.
The policy is meant for all business units, vendors and third parties, and should
cover at least the following topics:
• Physical and logical access provisioning life cycle
• Least privilege/need to know
• Segregation of duties
• Emergency access
Access Control Policy
62
![Page 63: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/63.jpg)
The personnel information security policy objective incorporates, but is not limited
to, the following actions:
• Regular background checks of all employees and people at key positions
• Acquisition of information about key personnel in information security positions
• Development of a succession plan for all key information security positions
• Definition and implementation of appropriate procedures for termination, including
procedures for revoking account privileges and access
Personnel Information Security Policy
63
![Page 64: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/64.jpg)
This policy addresses the need to respond to cybersecurity incidents in a timely
manner in order to recover business activities. The policy should include:
• Information security incident definitions
• Statement of how incidents will be handled
• Requirements for the establishment of the incident response team, with organizational
roles and responsibilities
• Requirements for the creation of a tested incident response plan
Security Incident Response Policy
64
![Page 65: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/65.jpg)
?
MyDoom is an example of what type of attack?
A. Virus
B. Trojan horse
C. APT
D. Phishing
E. Social engineering
Cyber Question
65
![Page 66: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/66.jpg)
Topic 4:Cybersecurity Controls
![Page 67: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/67.jpg)
Identity Management
Provisioning and Deprovisioning
Authorization and Access Restrictions
Access Control Lists
Access Lists
Change Management
Privileged User Management
Configuration Management
Patch Management
Controls
67
![Page 68: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/68.jpg)
Identity management includes many components, such as:
• Directory services
• Authentication services
• Authorization services
• User-management capabilities
Identity Management
68
![Page 69: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/69.jpg)
User-management requires the provisioning and deprovisioning of passwords and
access control rights.
Provisioning occurs when a new user is created either through hiring or based on
shifting job requirements.
Deprovisioning occurs when a user leaves the organization.
This can be complicated, as users may need access to a variety of resources,
each of which has its own unique access controls.
Provisioning and Deprovisioning
69
![Page 70: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/70.jpg)
The authorization process used for access control requires that the system be
able to identify and differentiate among users.
Access should be granted on a least privilege basis and can be set at various
levels, including:
• Read, inquire or copy only
• Write, create, update or delete only
• Execute only
• A combination of the above
Authorization and Access Restrictions
70
![Page 71: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/71.jpg)
To provide security authorizations for files and facilities, logical access control
mechanisms use access authorization tables, referred to as access control lists
(ACL) or access control tables.
ACLs refer to a register of:
• Users (including groups, machines, processes) who have permission to use a
particular system resource
• The types of access permitted
• ACLs vary in their capability and flexibility, and care is required to ensure that user
access is appropriate for their current role.
Access Control Lists
71
![Page 72: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/72.jpg)
Access lists filter traffic at network interfaces based on specified criteria, providing
basic network security.
When access lists are not present, network devices pass all packets.
After an access list is created and applied to an interface, it passes only traffic
permitted by rules.
Understanding the placement and impact of an access list is essential for the
cybersecurity practitioner as errors may stop network traffic.
Access Lists
72
![Page 73: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/73.jpg)
Change Management
73
People
ProcessesTools
Assess
Design
Implement
Manage Change
Evaluate
![Page 74: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/74.jpg)
Common controls for privileged user management include:
Privileged User Management
74
Background checks for
elevated access
Additional activity logging
Use of stronger passwords
Regular review and/or removal
of privileges
![Page 75: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/75.jpg)
Configuration management focuses on maintaining the security of IT resources.
The security benefits of implementing a configuration management process
include:
• Verification of the impact on related items
• Assessment of risk related to a proposed change
• Ability to inspect different lines of defense for potential weaknesses
• Tracking of configuration items against approved secure baselines
• Insights into investigations after a security breach or operations disruption
• Version control and production authorization of hardware and software components
Configuration Management
75
![Page 76: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/76.jpg)
Software patches are solutions to programming errors, some of which may introduce security
vulnerabilities.
Software vendors release regular software updates and patches as vulnerabilities are identified
and repaired.
As such, patching is an important part of vulnerability management.
Organizations must set up processes to identify patches that are relevant to their IT infrastructure.
Once a necessary patch is identified, it should be tested to ensure it does not negatively impact
operations.
After this verification, patching can be scheduled and the update installed where appropriate.
Patch Management
76
![Page 77: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/77.jpg)
Section 2:Cybersecurity ConceptsReview Question
![Page 78: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/78.jpg)
?
Which is a description of a possible event
whose occurrence will have an uncertain impact
on the achievement of the enterprise’s
objectives, which may be positive or negative.
A. Malicious
B. Risk Scenario
C. Advanced persistent threat
D. Brute force attack
Review Question
78
![Page 79: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/79.jpg)
?
Patches are solutions to software programming
and coding errors.
A. True
B. False
Review Question
79
![Page 80: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/80.jpg)
?
Access should be granted on a least privilege
basis and can be set at various levels, including
which of the following?
A. Read, inquire or copy only
B. Write, create, update or delete only
C. Execute only
D. A combination of the above
E. All the above
Review Question
80
![Page 81: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/81.jpg)
?
Background checks for elevated access.
Additional activity login, the use of stronger
passwords, and regular review and/or removal
of privileges, best describes which of the
following.
A. Patch Management
B. Privileged User Management
C. Access Controls
D. Configuration Management
Review Question
81
![Page 82: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/82.jpg)
You should now be able to:
• Define risk management terms, concepts and
frameworks.
• Identify common attack types and vectors.
• Define the framework and guidance for
policies and procedures.
• Identify cybersecurity control processes.
Section Summary
82
![Page 83: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/83.jpg)
83
Section 3:Security Architecture
![Page 84: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/84.jpg)
1. Overview of security architecture
2. The OSI model
3. Defense in depth
4. Information flow control
5. Isolation and segmentation
6. Logging, monitoring and detection
7. Encryption fundamentals, techniques and
applications
Topics Covered in This Section
84
![Page 85: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/85.jpg)
Upon completing this section you will be able to:
• Identify the various types of cybersecurity
architecture.
• Define the OSI Model.
• Explain how various defense strategies work
to control flow, segment the network and log,
monitor and detect attacks.
• Outline encryption fundamentals, techniques
and applications.
Section Objectives
85
![Page 86: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/86.jpg)
Topic 1:Overview of Security Architecture
![Page 87: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/87.jpg)
Security architecture describes the structure, components, connections and layout
of security controls within an organization’s IT infrastructure.
An organization’s security architectures determine the particulars of various
subsystems, products and applications.
These particulars will, in turn, influence an organization’s approach to defense in
depth, or the practice of layering defenses to provide added protection.
Security architecture shows:
• How defense in depth is implemented
• How layers of control are linked
Security Architecture
87
![Page 88: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/88.jpg)
• Focus on placing controls at the network and system levels
• Protect information stored within the perimeter of the network or system
System- or network-centric models
• Focuses on protecting data regardless of where it is stored
• Allows for application of controls without a clearly defined border
Data-centric model
Models of Cybersecurity
88
![Page 89: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/89.jpg)
Many current security controls and architectures were developed with the concept
of a perimeter.
This perimeter is a well-defined, mostly virtual boundary between the organization
and the outside world.
With the advent of the Internet, outsourcing, mobile devices, cloud and other
hosted services, the security perimeter has expanded.
This means significant new risk and vulnerabilities are present in the environment.
The Security Perimeter
89
![Page 90: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/90.jpg)
The Internet perimeter is an important component of the security perimeter.
This ensures secure access to the Internet for enterprise employees and guest
users, both in face-to-face and remote locations.
The Internet Perimeter
90
![Page 91: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/91.jpg)
To provide security of email, front-end mobile and web apps, and domain name
system (DNS), the Internet perimeter should:
• Route traffic between the enterprise and the Internet
• Prevent executable files from being transferred through email attachments or web
browsing
• Monitor internal and external network ports for rogue activity
• Detect and block traffic from infected internal end point
• Control user traffic bound toward the Internet
• Identify and block anomalous traffic and malicious packets recognized as potential
attacks
• Eliminate threats such as email spam, viruses and worms
• Enforce filtering policies to block access to web sites containing malware or
questionable content
Internet Perimeter Functions
91
![Page 92: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/92.jpg)
The perimeter should also provide protection for virtual private networks (VPNs),
wide area networks (WANs) and wireless local area networks (WLANs).
For VPNs, the protection must:
• Terminate encrypted VPN traffic initiated by remote users
• Provide a hub for terminating encrypted VPN traffic from remote sites, organizations
• Provide a hub for terminating traditional dial-in users
Network Security
92
![Page 93: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/93.jpg)
Modern IT architectures are usually decentralized and deperimeterized,
increasing security risk across several fronts, including:
• Cloud-based platforms and services
• Smart and mobile devices
• Third-party products and services
• Weak and unsecured parts of the IT architecture
This interdependent environment means control has been reduced—a change
with important impacts on security architecture.
Interdependencies
93
![Page 94: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/94.jpg)
Models of security architecture typically fall into two categories, as follows:
Models of Security Architecture
94
Process Model
• More directive in its approach
• Describes elements in terms of the processes used for them
Framework Model
• Allows flexibility in how each element of the architecture is developed
• Describes these elements, and how they relate to one another
![Page 95: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/95.jpg)
The Zachman framework, shared by the Sherwood Applied Business Security
Architecture (SABSA), is one approach to security architecture.
This framework develops a who, what, where, when and how matrix that:
• Shows aspects of the enterprise that can be described or modeled
• Analyzes these from various viewpoints
Zachman and SABSA Framework
95
![Page 96: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/96.jpg)
?
Stuxnet is a computer worm used to target?
A. SCADA systems
B. Government and financial institutions
C. Cloud data centers
D. Mobile devices
Cyber Question
96
![Page 97: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/97.jpg)
Topic 2:The OSI Model
![Page 98: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/98.jpg)
The OSI model defines groups of functionality required for network computers into
layers, described as follows:
1. Physical layer—Manages signals among network systems
2. Data link layer—Divides data into frames that can be transmitted by the physical layer
3. Network layer—Translates network addresses and routes data from sender to
receiver
4. Transport layer—Ensures that data are transferred reliably in the correct sequence
5. Session layer—Coordinates and manages user connections
6. Presentation layer—Formats, encrypts and compresses data
7. Application layer—Mediates between software applications and other layers of
network services
The Open Systems Interconnection (OSI) Model
98
![Page 99: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/99.jpg)
The TCP/IP suite is used as the de facto standard for the Internet. This protocol:
• Includes both network-oriented protocols and application support protocols
• Operates at Layer 3 and Layer 4 of the OSI model
• Currently, there are two versions of IP that operate at Layer 3:o IPv4—The fourth revision of IP and the most commonly used to connect devices to the Internet
o IPv6—The newest version of IP, designed to allow for Internet growth
TCP/IP Protocol Suite
99
![Page 100: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/100.jpg)
Topic 3:Defense in Depth
![Page 101: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/101.jpg)
The layering of defenses is known as defense in depth, protection in depth or
security in depth.
Multiple control layers provide:
• Multiple opportunities for monitoring to detect the attack
• Additional controls the attacker must overcome, which creates a delay that may be
interrupt or prevent the attack
• It is often important to use several controls to protect an asset and the number and
types of layers needed is a function of such things as:
• Asset value and criticality
• The reliability of each control
• The degree of exposure
Defense in Depth
101
![Page 102: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/102.jpg)
Defense in depth may also be viewed in terms of architecture:
• HORIZONTAL DEFENSE IN DEPTHo Controls are placed in various places in the path of access for an asset
• VERTICAL DEFENSE IN DEPTHo Controls are placed at different system layers
o These layers include hardware, operating system, application, database or user levels
An Architectural Perspective
102
![Page 103: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/103.jpg)
When developing defense-in-depth implementations, consider the following
questions:
• What vulnerabilities are addressed by each layer or control?
• How does each layer mitigate the vulnerability?
• How does each control interact with or depend on the other controls?
Defense in Depth Implementations
103
![Page 104: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/104.jpg)
Topic 4:Information Flow Control
![Page 105: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/105.jpg)
A firewall is a system or combination of systems that enforces a boundary
between two or more networks.
Typically forms a barrier between a secure and an open environment such as the
Internet, apply rules to control the type of networking traffic flowing in and out.
Most commercial firewalls are built to handle commonly used Internet protocols.
Firewalls
105
![Page 106: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/106.jpg)
• Packet Filters
• Stateful Inspection
• Application Proxy
• Next Generation Firewall
Firewall Technologies
106
![Page 107: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/107.jpg)
A web application firewall (WAF) is a server plug-in, appliance or additional filter
that can be used to apply rules to a specific web application (usually to an HTTP
conversation).
The WAF operates at higher levels in the OSI model, generally at level 7.
In contrast, network firewalls operate at level 3 or level 4.
A WAF may be customized to identify and block many types of attacks, but
customization requires effort.
When changes to the application are made, the WAF rules need changes as well.
Web Application Firewalls (WAF)
107
![Page 108: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/108.jpg)
Topic 5:Isolation and Segmentation
![Page 109: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/109.jpg)
A common technique for implementing network security is to segment an
organization’s network.
Each segment may then be separately controlled, monitored and protected.
Virtual local area networks (VLANs) are groups of devices on one or more
logically segmented LAN. VLAN configuration usually has these features:
• No additional encryption
• Set up by configuring ports on a switch
• Set up based on logical rather than physical connections
Isolation and Segmentation
109
![Page 110: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/110.jpg)
Separate zones allows the application of controls at a more granular level,
supporting defense in depth.
Isolation and Segmentation
110
![Page 111: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/111.jpg)
Topic 6:Logging, Monitoring and Detection
![Page 112: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/112.jpg)
Monitoring, detection and logging are integral parts of cybersecurity.
Attacks and data loss represent potential issues on both sides, so it is necessary
to monitor data and information flowing into and out of an organization.
A number of methods and tools can be used to detect and log potential problems.
Most of these methods revolve around the central concepts of ingress, egress
and data loss prevention.
Integral Components of Cybersecurity
112
![Page 113: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/113.jpg)
A log is a record of events that occur within the systems and networks of an organization.
• One of the most valuable tools to monitor controls and detect risk, but often underutilized.
A log should contain a record of all important events that occur on a system, such as:
• Time of the event
• Changes to permissions
• System startup or shutdown
• Login or logout
• Changes to data
• Errors or violations
• Job failures
A failure to review the logs can result in the organization not being aware of an ongoing attack.
Logging
113
![Page 114: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/114.jpg)
The use of a variety of security tools and platforms can create a high volume of
incoming security-related data, which must be analyzed and interpreted in order
to be useful.
Security event management (SEM) systems aid in reducing the resulting
overload.
The SEM automatically aggregates and correlates security event log data across
multiple security devices.
Security information and event management (SIEM) systems combine SEM
capabilities with the historical analysis and reporting features of security
information management (SIM) systems.
SEM and SIEM Systems
114
![Page 115: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/115.jpg)
There are two types of attack vectors: ingress and egress.
Ingress and Egress
115
Internet
Traffic Flow
EgressIngress
![Page 116: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/116.jpg)
Strong Data Loss Prevention (DLP) solutions cover three primary states of
information:
• Data at rest refers to stored data. DLP solutions must be able to log where various file
types are stored.
• Data in transit refers to data traveling through the network. Deep packet inspection
(DPI) is used to analyze the data for sensitive content.
• Data in use refers to data movement at the user workstation level. This includes
information sent to printers, thumb drives and the copy-and-paste clipboard.
Data Loss Prevention Software
116
![Page 117: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/117.jpg)
?
NASA was hacked in 1999 using what method?
A. SQL Injection
B. APT
C. Back door
D. Buffer overflow
E. DoS
Cyber Question
117
![Page 118: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/118.jpg)
Malicious software is one of the most common attack vectors used by adversaries
to compromise systems.
Controls are required for its detection and prevention.
Virus and malware intrusions can be controlled through a variety of mechanisms.
These include:
• Restriction of outbound traffic
• Policies and awareness training
• Multiple layers of anti-malware software
Antivirus and Anti-malware
118
![Page 119: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/119.jpg)
An intrusion detection system (IDS) complements a firewall implementation by
working in conjunction with routers and firewalls to monitor anomalies in network
usage.
An IDS operates continuously on the system.
It runs in the background and notifies administrators when a perceived threat is
detected.
Intrusion Detection Systems
119
![Page 120: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/120.jpg)
• Identifies attacks within the monitored network and issues a warning to the operator
• Detects attack attempts
• Not a substitute for a firewall, but rather a complement
Network-based IDS
• Configured for a specific environment
• Monitors internal operating system resources to warn of attacks
• Can detect the modification of executable programs and deletion of files
• Issues a warning if a privileged command is attempted
Host-based IDS
IDS Categories
120
![Page 121: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/121.jpg)
An intrusion prevention system (IPS) is similar to IDS, but detects attacks and
prevents damage to the intended victim/host.
An IPS is active; in contrast, an IDS is passive.
The presence of an IPS:
• Limits damage or disruption to systems that are attacked
• Must be properly configured to be effective
Intrusion Prevention Systems
121
![Page 122: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/122.jpg)
Topic 7:Encryption Fundamentals, Techniques and Applications
![Page 123: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/123.jpg)
Encryption is the process of converting a plaintext message into a secure-coded
form of text called ciphertext.
A ciphertext cannot be understood without being converted back to plaintext.
The decryption process is the reverse of encryption.
It is done via a mathematical function and a special encryption/decryption
password called the key.
Encryption
123
![Page 124: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/124.jpg)
Key elements of cryptographic systems include:
• Encryption algorithm – A mathematically-based function or calculation that encrypts or
decrypts data
• Encryption key – A piece of information similar to a password that makes the
encryption or decryption process unique
Key length – A predetermined length for the key
• The longer the key, the more difficult it is to compromise
Key Elements of Cryptographic Systems
124
![Page 125: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/125.jpg)
• Use single, secret bidirectional keys that encrypt and decrypt
• Include DES, AES and Triple DES/DES3
Symmetric Key Systems
• Use pairs of unidirectional, complementary keys that only encrypt or decrypt
• One key is secret; the other is publicly known
• Include RSA, ECC
Asymmetric Key Systems
Types of Cryptographic Systems
125
![Page 126: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/126.jpg)
Symmetric Cryptography
126
![Page 127: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/127.jpg)
Symmetric Cryptography Advantages and Disadvantages
127
Advantages
• One key is used for both encryption and decryption
• Less complicated and use less processing power than asymmetric techniques
• Ideally suited for bulk data encryption
Disadvantages
• Difficult to distribute keys, particularly in e-commerce environments where customers are unknown, untrusted entities
• Carry the limitations of shared secret; for example, a symmetric key cannot be used to sign electronic documents
![Page 128: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/128.jpg)
In asymmetric encryption process, two keys work together as a pair.
One key is used to encrypt data; the other is used to decrypt data.
Either key can be used to encrypt or decrypt, but once the key has been used to
encrypt data, only its partner can be used to decrypt the data.
This process solves the problem of delivering single symmetric keys to two people
who do not know each other but who want to exchange information securely.
Asymmetric Key Encryption
128
![Page 129: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/129.jpg)
With asymmetric encryption, one key—the secret or private key—is known only to
one person.
The other key—the public key—is known by many people.
A message that has been sent encrypted by the secret (private) key of the sender
can be deciphered by anyone with the corresponding public key.
This forms the basis of authentication and non-repudiation because the sender
cannot later claim that he or she did not generate the message.
If the public key deciphers the message satisfactorily, one can be sure of the
origin of the message because only the sender (owner of the correspondent
private key) could have encrypted the message.
Authentication and Non-repudiation
129
![Page 130: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/130.jpg)
A message that has been sent encrypted using the public key of the receiver may
be generated by anyone, but it can only be read by the receiver.
This is one basis of confidentiality.
In theory, a message that has been encrypted twice, first by the sender’s secret
key, and second by the receiver’s public key, achieves both authentication and
confidentiality objectives.
This is not commonly used because it could generate performance issues due to
being computationally-intensive and slower than symmetric algorithm solutions.
Authentication and Confidentiality
130
![Page 131: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/131.jpg)
Asymmetric Algorithms for Symmetric Cryptography
131
![Page 132: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/132.jpg)
A digital signature is an electronic identification of a person or entity created by using a public key
algorithm. This cryptographic method ensures:
• Data integrity—Any change to the plaintext message would result in the recipient failing to
compute the same message hash.
• Authentication—The recipient can ensure that the message has been sent by the claimed
sender since only the claimed sender has the secret key.
• Non-repudiation—The claimed sender cannot later deny generating and sending the message.
• A cryptographic hashing algorithm, called a checksum, is computed against the entire message
or electronic document, generating a small fixed-string message.
• This process creates a message digest, which is a smaller extrapolated version of the original
message.
• Common types of message digest algorithms are SHA-256 and SHA-512.
• These are one-way functions, and the process of creating message digests cannot be reversed.
Digital Signature
132
![Page 133: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/133.jpg)
The next step verifies the identity of the sender by encrypting the message digest
using the sender’s private key.
The document is then “signed” with the sender’s digital signature for message
authenticity.
To decipher, the receiver would use the sender’s public key, proving that the
message could only have come from the sender.
The sender cannot later claim that they did not generate the message.
Once decrypted, the receiver will compute the hash again, using the same
hashing algorithm on the electronic document.
Comparing the results with what was sent ensures the integrity of the message.
Message Integrity
133
![Page 134: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/134.jpg)
?
Password cracking it was an example of what
type of attack?
A. SQL Injection
B. Worm
C. Malware
D. Brute force attack
E. DoS
Cyber Question
134
![Page 135: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/135.jpg)
The use of cryptosystems by applications, for example in email and Internet
transactions, generally involves a combination of private/public key pairs, secret
keys, hash functions and digital certificates.
The purpose of applying these combinations is to achieve confidentiality,
message integrity or non-repudiation by either the sender or recipient.
The process generally involves the sender hashing the message into a message
digest or pre-hash code for message integrity, which is encrypted using the
sender’s private key for authenticity, integrity and non-repudiation.
Applications of Cryptographic Systems
135
![Page 136: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/136.jpg)
Digital Certificates
Registration Authority (RA)
Certificate Authority (CA)
ELEMENTS OF PKI
Public key infrastructure (PKI) allows a trusted third party to issue, maintain and
revoke public key certificates.
Public Key Infrastructure
136
A digital certificate is composed
of a public key and identifying
information about the owner of
the public key.
An RA is an authority in a
network that verifies user
requests for a digital
certificate and tells the CA to
issue it.
The CA is an authority in a
network that issues and
manages security
credentials and public keys
for message signature
verification or encryption.
![Page 137: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/137.jpg)
PROTOCOL LAYER FUNCTION
HTTPS Application layer • Transmits messages securely by establishing an TLS-type
connection
• Directs messages to secure port numbers instead of default
web port address
IPSec Network layer • Establishes VPNs via transport and tunnel mode encryption
methods
• Establishes security associations to define security
parameters between communicating parties
SSH Application layer • A client-server program that opens a secure, encrypted
command-line shell session for remote logon
• Validates both parties’ credentials via digital certificates
S/MIME • A standard secure email protocol
• Authenticates identity of sender and receiver to ensure
privacy of message contents (including attachments)
SET Application layer • Secures payment transactions using third parties and digital
signatures
• As an open system specification, requires a PKI infrastructure
Other Protocols
137
![Page 138: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/138.jpg)
Encryption is an effective and increasingly practical way to restrict access to
confidential information while in storage.
Encryption can protect data from hackers who, by means of malicious software,
obtain systems administration rights.
It also helps to protect data when a computer or a disk falls into the wrong hands.
Many email encryption programs can also be applied to stored data.
Encryption of Stored Data
138
![Page 139: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/139.jpg)
The security of encryption methods relies mainly on the secrecy of keys.
In general, the more a key is used, the more vulnerable it will be to compromise.
The randomness of key generation is also a significant factor in the ability to
compromise a key.
When passwords are tied into key generation, the strength of the encryption
algorithm is diminished, particularly when common words are used.
It is essential that effective password syntax rules are applied and easily guessed
passwords are prohibited.
Encryption Risk and Key Protection
139
![Page 140: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/140.jpg)
Section 3: Security ArchitectureReview Question
![Page 141: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/141.jpg)
?
A web-server building block where it is exactly
specified how a web server should be deployed
and what process is and is not allowed within
that block is an example of which of the
following?
A. Process Model
B. Framework Model
Review Question
141
![Page 142: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/142.jpg)
?
This layer of the OSI model manages signals
among network systems.
A. Physical layer
B. Data link layer
C. Network layer
D. Transport layer
E. Session layer
F. Presentation layer
G. Application layer
Review Question
142
![Page 143: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/143.jpg)
?
The number of layers needed for defense in
depth are a function of which of the following?
A. Asset value, criticality, reliability of each control,
and degree of exposure.
B. Threat agents, governance, compliance and
mobile defense policy.
C. Network configuration, navigation controls, user
interface and VPN traffic.
D. Isolation, segmentation, internal controls and
external controls.
Review Question
143
![Page 144: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/144.jpg)
?
Which of the following is (are) true about
VLANs?
A. Made up of groups of devices on one or more
logically segmented LAN.
B. No additional encryption
C. Set up by configuring ports on a switch
D. Set up based on logical rather than physical
connections
E. All the above
Review Question
144
![Page 145: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/145.jpg)
?
Which of the following is (are) true about
encryption?
A. The more a key is used, the more vulnerable it will be
to compromise.
B. The randomness of key generation is also a
significant factor in the ability to compromise a key.
C. When passwords are tied into key generation, the
strength of the encryption algorithm is diminished,
particularly when common words are used.
D. It is essential that effective password syntax rules are
applied and easily guessed passwords are prohibited.
E. All the above
Review Question
145
![Page 146: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/146.jpg)
You should now be able to:
• Identify the various types of cybersecurity
architecture.
• Define the OSI Model.
• Explain how various defense strategies work
to control flow, segment the network and log,
monitor and detect attacks.
• Outline encryption fundamentals, techniques
and applications.
Section Summary
146
![Page 147: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/147.jpg)
Email ScenarioGroup Activity
![Page 148: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/148.jpg)
Tricia who works for ACME Corp is
checking her email at work. While
checking her email she opens this from
a known sender.
She opens the attachment from the
cloud because it is a known and trusted
sender. Soon others in her department
are receiving an email from her
containing the same information.
Scenario
148
Eva
Eva
Eva
![Page 149: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/149.jpg)
What type of attack did Tricia encounter?
Why doesn’t the email get marked as spam?
How can this type of attack be controlled?
Discussion
149
![Page 150: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/150.jpg)
Section 4:Security of Networks, Systems, Applications and Data
![Page 151: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/151.jpg)
1. Process controls, including:
• Risk assessments
• Vulnerability management
• Penetration testing
2. Network security
3. Operating system security
4. Application security
5. Data security
Topics Covered in this Section
151
![Page 152: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/152.jpg)
Upon completing this section you will be able to:
• Determine, assess and respond to risk and
vulnerabilities on the network through
penetration testing.
• Identify key aspects and associated risks to
securing data, applications, operation
systems and the network.
Section Objectives
152
![Page 153: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/153.jpg)
Topic 1:Process Controls – Risk Assessment
![Page 154: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/154.jpg)
Risk assessment is a process used
to identify and evaluate risk and its
potential effects. It involves three
inputs:
• Asset assessment
• Threat assessment
• Vulnerability assessment
Risk Assessment
154Source: Encurve, LLC, Risk Management Concepts Presentation, 2013
Risk
Assets
Criticality
Value
Threats
Adversary
Characteristics
Likelihood
ImpactAttacks &
Exploits
Existing
Controls
Access
Vulnerability
![Page 155: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/155.jpg)
Source: ISACA, COBIT 5 for Risk, 2013
Risk Management
155
![Page 156: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/156.jpg)
ORIENTATION DESCRIPTION
Asset Important assets are defined first, and then potential threats
to those assets are analyzed. Vulnerabilities are identified
that may be exploited to access the asset.
Threat Potential threats are determined first, and then threat
scenarios are developed. Based on the scenarios,
vulnerabilities and assets of interest to the adversary are
determined in relation to the threat.
Vulnerability Vulnerabilities and deficiencies are identified first, then the
exposed assets and potential threat events are determined.
Risk Assessment Orientations
156
![Page 157: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/157.jpg)
Choosing the exact method of analysis, including qualitative or quantitative
approaches, and determining the analysis orientation, takes considerable
planning and knowledge of specific risk assessment methodologies.
To be successful, the risk assessment process should:
• Fit the goals of the organization
• Adequately address the environment being assessed
• Use assessment methodologies that fit collected data
• It is important to remember that risk assessment is an ongoing process.
Risk Assessment Success Criteria
157
![Page 158: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/158.jpg)
• Implementation of controls or countermeasures to reduce likelihood or impact of risk to acceptable levels
Risk Reduction
• Avoid risk by not participating in an activity or business
Risk Avoidance
• Transfer risk to third party (e.g., insurance) or share with a third party via contractual agreement
Risk Transfer or Sharing
• Assume the risk and absorb losses if risk is within tolerance or the cost of mitigation exceeds potential loss
Risk Acceptance
Risk Response Strategies
158
![Page 159: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/159.jpg)
Risk assessment results are used for a variety of security management functions.
They should be evaluated in terms of the organization’s mission, risk tolerance,
budgets and other resources, and cost of mitigation.
• Based on this evaluation, a mitigation strategy can be chosen for each risk and
appropriate controls and countermeasures can be designed and implemented.
Results can be used to communicate the risk decisions and expectations of
management throughout the organization through policies and procedures.
They can also be used to identify areas in which incident response capabilities
need to be developed.
Using the Results of the Risk Assessment
159
![Page 160: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/160.jpg)
Topic 2:Process Controls—Vulnerability Management
![Page 161: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/161.jpg)
Organizations must identify and assess vulnerabilities to determine the threat and
potential impact they present.
Vulnerability assessment aids in determining the best course of action in
addressing each vulnerability.
Vulnerabilities may be identified by information provided by software vendors
(e.g., through the release of patches and updates) and by utilizing tools that
identify vulnerabilities in the organization’s specific environment.
Vulnerability management starts by understanding the IT assets and where they
reside—both physically and logically.
Vulnerability management also includes tracking vulnerabilities and the
remediation efforts to mitigate them.
Vulnerability Management
161
![Page 162: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/162.jpg)
Vulnerability scans should be conducted regularly.
Vulnerability scanning is the process of using proprietary or open source tools to
search for known vulnerabilities.
Often the same tools used by adversaries to identify vulnerabilities are used
proactively by organizations to locate vulnerabilities.
There are many forms of vulnerability assessment tools.
Tools should be researched and selected based on corporate needs and return
on investment.
Note that combinations of tools often provide greater insight to your networks
security posture.
Vulnerability Scans
162
![Page 163: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/163.jpg)
TYPE CAUSE CYBERSECURITY EXAMPLES
Technical Errors in design,
implementation,
placement or
configuration
• Coding errors
• Inadequate passwords
• Open network ports
• Lack of monitoring
Process Errors in operation • Failure to monitor logs
• Failure to patch software
Organizational Errors in management,
decision-making, planning
or ignorance
• Lack of policies
• Lack of awareness
• Failure to implement controls
Emergent Interactions between, or
changes in, environments
• Cross-organizational failures
• Interoperability errors
• Implementing new technology
The simplest definition of a vulnerability is “an exploitable weakness that results in
a loss.”
Common Types of Vulnerabilities
163
![Page 164: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/164.jpg)
Vulnerabilities must be analyzed in the context of how they are exploited.
The method used to take advantage of a vulnerability is called an exploit.
Both vulnerabilities and exploits need to be considered in vulnerability
assessments.
Once vulnerabilities are identified and assessed, appropriate remediation can
take place to mitigate or eliminate the vulnerability.
Remediation may be through a patch management process or require
reconfiguration of existing controls or addition of new controls.
Vulnerability Assessment
164
![Page 165: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/165.jpg)
?
Password cracking it was an example of what
type of attack?
A. SQL Injection
B. Worm
C. Malware
D. Brute force attack
E. DoS
Cyber Question
165
![Page 166: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/166.jpg)
Topic 3:Process Controls – Penetration Testing
![Page 167: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/167.jpg)
Penetration testing uses common exploit methods to:
• Confirm exposures
• Ensure compliance
• Assess the effectiveness and quality of existing security controls
• Identify how specific vulnerabilities expose IT resources and assets
Penetration Testing
167
![Page 168: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/168.jpg)
Before conducting a penetration test:
• Clearly define the scope of the test.
• Provide explicit, written permission authorizing testing.
• Implement “do no harm” procedures to ensure no assets are harmed (e.g., deletions,
denial-of-service).
• Have communication and escalation plans.
Testing Guidelines
168
![Page 169: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/169.jpg)
Penetration testing should use a framework to deliver repeatability, consistency
and high quality in various kinds of security tests. These frameworks include:
• PCI Penetration Testing Guide—Provides a good introduction to testing tools
• Penetration Testing Execution Standard—Provides hands-on technical guidance on
penetration testing
• Penetration Testing Framework—Provides a comprehensive guide to penetration
testing and testing tools
• Information Systems Security Assessment Framework (ISSAF) —Provides
comprehensive penetration technical guidance
• Open Source Security Testing Methodology Manual (OSSTMM) —Provides a
methodology for testing operational security and can support ISO 27001
Penetration Testing Frameworks
169
![Page 170: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/170.jpg)
Phases of a Penetration Test
170
![Page 171: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/171.jpg)
Attack Phase
171
![Page 172: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/172.jpg)
Topic 4:Network Security
![Page 173: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/173.jpg)
Network management is the process of assessing, monitoring and maintaining
network devices and connections.
The recommended functions of network management include:
• Fault management—Detection, isolation, notification and correction of faults
encountered in the network
• Configuration management—Configuration file management, inventory management
and software management
• Accounting management—Usage information regarding network resources
• Performance management—Monitoring and measurement pf various aspects of
performance metrics so that acceptable performance can be maintained
• Security management—Provision of access to network devices and corporate
resources to authorized individuals
Network Management
173
![Page 174: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/174.jpg)
A local area network (LAN) covers a small, local area—from a few devices in a
single room to a network across a few buildings.
As LANs get larger and traffic increases, the requirement to carefully plan the
logical configuration of the network becomes more important.
Tracking traffic volumes, error rates and response times is as important on larger
LANs as it is on distributed servers and mainframes.
Local Area Networks
174
![Page 175: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/175.jpg)
Components commonly associated with LANs include:
• Repeaters—Physical layer devices that extend the range of a network or connect two
separate network segments together.
• Hubs—Physical layer devices that serve as the center of a star-topology network or a
network concentrator.
• Layer 2 switches—Layer 2 switches are data link-level devices that can divide and
interconnect network segments and help to reduce collision domains in Ethernet-based
networks.
• Routers—OSI network layer devices that link two or more physically separated and
independent network segments.
LAN Components
175
![Page 176: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/176.jpg)
Layer 3 and 4 switches—These switches act at the network layer.
• A Layer 3 switch looks at an incoming packet’s networking protocol, and compares the
destination IP address to the list of addresses in its tables, actively calculating the best
way to send a packet to its destination. This creates a “virtual circuit.”
• A Layer 4 switch allows for policy-based switching. With this functionality, the switch
can off-load a server by balancing traffic across a cluster of servers, based on
individual session information and status.
Layer 4 – 7 switches—Also known as content-switches, content services
switches, web-switches or application-switches, these are typically used for load
balancing among groups of servers.
LAN Components (Cont’d)
176
![Page 177: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/177.jpg)
Both local area and wide area networks are susceptible to people- and virus-related threats
because of the large number of individuals who have access rights.
Fortunately, newer versions of network software have significantly more control and administration
capabilities as software vendors have recognized the need to provide capabilities to identify the
cause network outages or dysfunction.
Network access control (NAC) aims to control the access to a network using policies describing
how devices can secure access to network nodes when they first try to access a network.
Some NAC features include:
• Integrating an automatic remediation process that fixes noncompliant nodes before access is
allowed
• Enabling network infrastructure to work with back office services and end-user computing to
ensure that the network is secure prior to allowing access
LAN and WAN Security
177
![Page 178: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/178.jpg)
Loss of data through unauthorized
changes
Lack of current data protection through inability to maintain
version control
Exposure to external activity through
limited user verification
Virus and worm infection
Improper disclosure of data because of
general access
Violating software licenses
Illegal access by impersonating
legitimate users
Internal users sniffing
Internal users spoofing
Destruction of logging and auditing
data
Risk associated with the use of LANs includes:
LAN Risk
178
![Page 179: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/179.jpg)
Commonly available network security administrative capabilities include:
• Declaring ownership of programs, files and storage
• Limiting access to a read-only basis
• Implementing record and file locking to prevent simultaneous update
• Enforcing user ID/password sign-on procedures, including rules relating to password
length, format and change frequency
• Using switches to implement port security policies
• Encrypting local traffic using IPSec (IP security) protocol
LAN Security Provisions
179
![Page 180: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/180.jpg)
Wireless technologies use radio frequency transmissions or electromagnetic
signals through free space as the means for transmitting data.
Wireless technologies range from complex systems to simple devices and include
wireless local area networks (WLAN).
WLAN technologies conform to a variety of standards and offer varying levels of
security features.
The principal advantage of these standards is to encourage mass production and
allow products to interoperate across vendors.
The most useful standard used currently is the IEEE 802.11 standard.o 802.11 refers to a family of specifications for WLAN technology, defining an over-the-air interface
between a wireless client and a base station or between two wireless clients.
Wireless Technologies
180
![Page 181: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/181.jpg)
Wireless data transmission is subject to a higher risk of interception than wired traffic.
There is no need to manually tap into the connection, but rather remote tools can be used to
intercept the connection covertly.
As a result, wireless transmission of confidential information should be protected with strong
encryption.
IEEE 802.11’s Wired Equivalent Privacy (WEP) encryption uses symmetric, private keys.
The end user’s radio-based network interface controller (NIC) and access point must have the
same key.
Most often, these keys remain unchanged on networks for extended times.
With static keys, several hacking tools easily break through the relatively weak WEP encryption
mechanisms.
Wireless Network Protections
181
![Page 182: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/182.jpg)
?
Which of the following is good advice to prevent
socially engineered attacks?
A. Do not open any emails from untrusted sources
B. Install anti-virus software
C. Lock your laptop
D. All the above
Cyber Question
182
![Page 183: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/183.jpg)
The most commonly used method for wireless local area networks is 802.11i
(WPA2) and Wi-Fi Protected Access (WPA).
These use dynamic keys and can use an authentication server with credentials to
increase protection against hackers.
WPA and WPA2 (preferred) are applicable to most wireless networks and
commonly used in networks that involve PCs.
Messages transmitted using portable wireless devices should also be protected
with encryption and, where possible, VPN methods can be used to provide
additional security.
Evolving Wireless Security Standards
183
![Page 184: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/184.jpg)
When using the Internet communications protocol, Transmission Control Protocol/Internet Protocol
(TCP/IP), designating a port is the way a client program specifies a particular server program on a
computer in a network.
A port number is a way to identify the specific process to which an Internet or other network
message is to be forwarded when it arrives at a server.
These are assigned by the Internet Assigned Numbers Authority (IANA).
Allowable port numbers range from 0 to 65535. These are divided into three ranges, as follows:
• The well-known ports—0 through 1023: These can be used only by system (or root) processes
or by programs executed by privileged users.
• The registered ports—1024 through 49151: Can be used by ordinary user processes or
programs executed by ordinary users.
• The dynamic and/or private ports—49152 through 65535: Not listed by IANA because of their
dynamic nature.
Ports and Protocols
184
![Page 185: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/185.jpg)
PORT # SERVICE PROTOCOL
110 POP3 (post office
protocol)
TCP
111/
2049
SunRPC (remote
procedure calls)
TCP/UDP
135-139 NBT (Net BIOS over
TCP/IP)
TCP/UDP
161, 162 SNMP (simple network
management protocol)
UDP
512 Exec UDP
513 Login TCP
514 Shell TCP/UDP
6000-xxx X-Windows TCP
8000 HTTP TCP/UDP
8080 HTTP TCP/UDP
31337 Back Orifice UDP
Commonly Exploited Ports and Services
185
PORT # SERVICE PROTOCOL
7 Echo TCP/UDP
19 chargen TCP
20-21 FTP (file transfer
protocol)
TCP
23 Telnet (remote login) TCP
25 SMTP (simple mail
transfer)
TCP
43 Whois TCP/UDP
53 DNS (domain name
system)
TCP
69 TFTP (trivial file transfer
protocol)
UDP
79 Finger TCP
80 HTTP-low TCP
107 Rtelnet TCP/UDP
![Page 186: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/186.jpg)
In tunneling, malicious insiders or outside hackers use the protocol as an
established pathway, or tunnel, directing the exchange of information for malicious
purposes.
Examples of types of tunneling include:
• ICMP tunneling—Used to bypass firewalls rules through obfuscation of the actual
traffic.
• HTTP tunneling—A technique by which communications performed using various
network protocols are encapsulated using the HTTP protocol.
Tunneling
186
![Page 187: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/187.jpg)
Tunneling transports higher-layer data over a VPN by Layer 2 protocols.
Common types of tunneling include:
• Point-to-point tunneling protocol (PPTP)—A Layer 2 protocol developed by Microsoft
that encapsulates point-to-point protocol data. It is simple, but less secure than other
tunneling protocols.
• Layer 2 tunneling protocol (L2TP)—A protocol that encapsulates point-to-point protocol
data and is compatible among different manufacturers’ equipment.
• Secure Sockets Layer VPN—A form of Layer 3 VPN that can be used with a standard
Web browser and uses transport layer security (TLS) protocols to encrypt traffic.
• IPSec VPN—IPSec VPNs protect Layer 2 and 3 IP packets between remote networks
or hosts and an IPSec gateway/node located at the edge of a private network.
VPN Tunneling
187
![Page 188: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/188.jpg)
Users often expect that all voice communications are confidential.
Any Voice Over Internet Protocol (VoIP) device is an IP device; therefore, it is
vulnerable to the same types of attacks.
VoIP networks have a number of characteristics that make for special security
requirements.
There is no scheduled downtime in telephony, and outages may result in massive,
widespread customer panic or outrage.
There can also be disclosure of confidential information, leading to adverse
effects.
Voice Over Internet Protocol
188
![Page 189: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/189.jpg)
Remote access connectivity to their information resources is required for many
organizations for different types of users.
A variety of methods and procedures are available to satisfy an organization’s
need for access, but these can introduce risk.
For example, using VPNs to allow remote access to their systems can create
holes in an organization’s security infrastructure, and encrypted traffic can hide
unauthorized actions or malicious software that can be transmitted through such
channels.
• To reduce VPN access risks, architectural controls can be implemented to restrict
remote access traffic to selected security hardened and virus-protected systems,
remote access portals and non-sensitive network segments.
Remote Access
189
![Page 190: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/190.jpg)
Denial-of-service (DoS)
Malicious third parties
Misconfigured communications
software
Misconfigured devices on computing
infrastructure
Host systems not secured
appropriately
Physical security issues
Remote access risk includes:
Remote Access Risk
190
![Page 191: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/191.jpg)
Remote access controls include:
• Policy and standards
• Proper authorizations
• Identification and authentication mechanisms
• Encryption tools and techniques, such as use of a VPN
• Restriction of access to controlled systems, networks and applications
Remote Access Controls
191
![Page 192: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/192.jpg)
Topic 5:Operating System Security
![Page 193: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/193.jpg)
System hardening is the process of implementing security controls on a computer system.
Most computer vendors to set the default controls to be open, allowing ease of use over security.
Significant vulnerabilities may be present unless the system is hardened.
Common controls for system hardening include:
• Authentication and authorization
• File system permissions
• Access privileges
• Logging and system monitoring
• System services
System Hardening Controls
193
![Page 194: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/194.jpg)
A user’s credentials define who they are and what permissions they have to
access resources within the system.
Passwords are the standard mechanism to authenticate a user to the system.
In another form of access limitation, privileges may be assigned to a particular
user.
To prevent misuse or compromise, these must be carefully chosen and controlled.
User access may be also limited through logon constraints regarding time of day,
logged-in duration, source address and number of unsuccessful logon attempts.
Credentials and Privileges
194
![Page 195: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/195.jpg)
Hardening is a process that reduces vulnerability by limiting the attack vectors
that might be used as points of compromise. A hardened system:
• Does not store sensitive data not immediately needed to support a business operation.
• Has all unnecessary functionality disabled, including ports, services and protocols that
are not required for the intended use.
• Uses only passwords and accounts that have been changed or disabled. No default
passwords or guest accounts are present.
Platform Hardening
195
![Page 196: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/196.jpg)
ADVANTAGES DISADVANTAGES
Server hardware costs may decrease for server builds
and maintenance.
Inadequate configuration of the host could create
vulnerabilities that affect hosts and guests.
Multiple OSs can share processing capacity and
storage space, reducing operating costs.
Exploits of vulnerabilities or a denial of service attack
could affect all of the hosts guests.
The physical footprint of servers may decrease within
the data center.
A compromise of the management console could grant
guests unapproved administrative access.
A single host can have multiple versions of the same
OS, or even different OSs.
Data could leak between guests if memory is not
released and allocated properly by the host.
Creation of duplicate copies of guests in alternate
locations can support business continuity efforts.
Insecure remote access protocols could result in
exposure of administrative credentials.
A single machine can house a multitier network in an
educational lab environment.
Performance issues of the host’s own OS could
impact each of the host’s guests.
Virtualization provides an enterprise with a significant opportunity to increase
efficiency and decrease costs in its IT operations.
Virtualization
196
![Page 197: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/197.jpg)
In a virtualized environment, the host represents a potential single point of failure
within the system.
A successful attack on the host could result in a compromise that is larger in both
scope and impact.
To address this risk, an enterprise can often implement and adapt the same
principles and best practices for a virtualized server environment that it would use
for a server farm. These include:
• Strong physical and logical access controls
• Sound configuration management practices and system hardening for the host
• Appropriate network segregation
• Strong change management practices
Virtualization Risk
197
![Page 198: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/198.jpg)
Some computer systems and applications are very specialized and may have
unique threats and risk and require different types of controls.
Examples of specialized systems include supervisory control and data acquisition
(SCADA) systems or other real-time monitoring or control systems.
These operate in specialized environments controlling critical industrial and
manufacturing processes, power generation, air traffic control systems, and
emergency communications and defense systems.
Security was not considered in many existing deployments of SCADA systems,
and risk and threat assessment and appropriate mitigation is required.
Specialized Systems
198
![Page 199: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/199.jpg)
?
WannaCry is an example of what type of
attack?
A. Trojan horse
B. APT
C. Ransomware
D. Phishing
E. Social engineering
Cyber Question
199
![Page 200: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/200.jpg)
Topic 6: Application Security
![Page 201: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/201.jpg)
The SDLC process guides the phases
of developing or acquiring a software
system. It includes:
• IT processes for managing and
controlling project activity
• An objective for each phase of the life
cycle, typically described with key
deliverables, a description of
recommended tasks and a summary of
related control objectives for effective
management
• Incremental steps or deliverables that lay
the foundation for the next phase
System Development Life Cycle (SDLC)
201
![Page 202: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/202.jpg)
Not considering the security in the design of a system or application is a major
contributing factor to cybersecurity vulnerabilities.
Security is often an afterthought, with controls retrofitted only after security
weaknesses have been exposed.
Security and risk mitigation should be formal design criteria in any SDLC process,
including:
• Threat and risk assessment of the proposed system
• Identification and implementation of controls
• Vulnerability testing and review
Security Within SDLC
202
![Page 203: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/203.jpg)
Injection
Broken Authentication
Sensitive Data Exposure
XML External Entities (XXE)
Broken Access Control
Security Misconfiguration
Cross-Site Scripting (XSS)
Insecure Deserialization
Using Components with Known
Vulnerabilities
Insufficient Logging & Monitoring
OWASP Top Ten Application Security Risks, 2017
203
![Page 204: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/204.jpg)
The testing phase of SDLC includes:
• Verification and validation that programs, applications and controls perform the
functions for which they have been designed.
• Confirmation that the tested units operate without malfunction or adverse effect on
other components of the system.
• Vulnerability and control testing, taken from a security perspective.
• The review phase of SDLC includes:o Code review processes varying from informal processes to formal walk-throughs
o Team review or code inspections
Note that security should be an integrated part of any review process.
SDLC Testing and Review Phases
204
![Page 205: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/205.jpg)
Separate development, testing and production environments should be used
during SDLC to minimize a compromise or misconfiguration being introduced or
cascading through the process.
Different access controls (credentials) should be used between these different
environments.
Note that if production data are used in the test environment, private or personally
identifiable information should be scrambled so that confidential information is not
inadvertently disclosed.
Development and Testing Environments
205
![Page 206: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/206.jpg)
Agile allows software development projects to be built in a more flexible, iterative
fashion.
This allows a quicker response to changes that occur during a project.
It also facilitates security testing at earlier stages in the development process.
Development and IT Operations (DevOps) combines the concepts of agile
development, agile infrastructure and flexible operations.
DevOps breaks large projects into smaller and more manageable deliverables
and multiple deployments.
These smaller deployments may be more easily debugged during the
development process.
Agile and DevOps Development Approaches
206
![Page 207: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/207.jpg)
Cybersecurity practitioners must be aware of a variety of security threats. In
addition to those already discussed, be aware of the following threats:
• Covert channel—Transfers information between systems illicitly, using existing
infrastructure
• Race condition—Accesses networks on an unauthorized basis, using operations
processing vulnerabilities
• Return-oriented programming attack—Exploits memory corruption vulnerabilities
• Steganography—Conceals messages, images or files within another similar file
Additional Threats
207
![Page 208: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/208.jpg)
WAP protocols bring Internet content to wireless mobile devices.
WAP supports most wireless networks and is supported by all operating systems
specifically engineered for handheld devices and some mobile phones.
These devices use displays and access the Internet through micro-browsers.
Micro-browsers have small file sizes that can accommodate the low-memory
constraints of handheld devices and the low-bandwidth constraints of a wireless
handheld network.
Wireless Application Protocol (WAP)
208
![Page 209: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/209.jpg)
Topic 7:Data Security
![Page 210: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/210.jpg)
Data Classification Process
210
![Page 211: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/211.jpg)
When classifying data, the following requirements should be met:
• Access and authentication
• Privacy
• Availability
• Ownership and distribution
• Integrity
• Data retention
• Auditability
• After data classification has been assigned, security controls can be established,
including encryption, authentication and logging.
• Security measures should increase as the level of data sensitivity or criticality
increases.
Data Classification Requirements
211
![Page 212: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/212.jpg)
It is important for an organization to understand the sensitivity of the information it possesses.
Data should be classified based on its sensitivity and the impact of unintended release or loss.
Data classification should be defined in a policy that provides definition of different classes of
information and their handling and protection.
Keep levels to a minimum.
Keep level descriptions simple.
Define levels in policy.
Reclassify information as needed.
Data Classification
212
![Page 213: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/213.jpg)
Databases can be individually protected with control that is similar to protections
applied at the system level. Specific controls that can be placed at the database
level include:
• Authentication and authorization access
• Access controls limiting or controlling the type of data that can be accessed and what
types of accesses are allowed (read-only, read-and-write or delete)
• Logging and other transactional monitoring
• Encryption and integrity controls
• Backups
Database Controls
213
![Page 214: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/214.jpg)
Databases are vulnerable to many risks, including:
• Unauthorized activity by authorized users
• Malware infections or interactions
• Capacity issues
• Physical damage
• Design flaws
• Data corruption
Database Vulnerabilities
214
![Page 215: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/215.jpg)
Database security may be increased through the following actions:
• Encryption of sensitive data in the database
• Use of database views to restrict information available to a user
• Secure protocols to communicate with the database
• Application of content-based access controls
• Restricting administrator-level access
• Efficient indexing to enhance data retrieval
• Backups of databases (shadowing, mirroring)
• Backups of transaction journals (remote journaling)
• Referential integrity
• Entity integrity
• Validation of input
• Defined data fields (schema)
• Layered network access restrictions or segregation
Database Security
215
![Page 216: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/216.jpg)
Section 4: Security of Networks, Systems, Applications and DataReview Question
![Page 217: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/217.jpg)
?
Any change, error or interruption within an IT
infrastructure is defined as:
A. A threat
B. An incident
C. An event
D. A vulnerability
Review Question
217
![Page 218: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/218.jpg)
?
Which of the following is not a method of
controlling risk for remote access?
A. Denial of Service (DoS)
B. Policy and standards
C. Proper authorizations
D. Identification and authentication mechanisms
E. Encryption tools and techniques, such as use of
a VPN
F. Restriction of access to controlled systems,
networks and applications
Review Question
218
![Page 219: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/219.jpg)
?
Which type of vulnerability is a failure to monitor
logs?
A. Process, related to errors in operation
B. Organizational, related to errors in decision-
making
C. Emergent, relating to interactions between or
changes in environments
D. Technical, related to errors in design,
implementation or configuration
Review Question
219
![Page 220: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/220.jpg)
?
What phase of the SDLC comes after planning?
A. System testing
B. System design
C. System maintenance
D. System analysis
Review Question
220
![Page 221: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/221.jpg)
?
Which following is not true about platform
hardening?
A. Does not store sensitive data not immediately
needed to support a business operation.
B. Has all unnecessary functionality disabled,
including ports, services and protocols that are
not required for the intended use.
C. Uses only passwords and accounts that have
been changed or disabled. No default
passwords or guest accounts are present.
D. Provides an enterprise with a significant
opportunity to increase efficiency and decrease
costs in its IT operations.
Review Question
221
![Page 222: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/222.jpg)
You should now be able to:
• Determine, assess and respond to risk and
vulnerabilities on the network through
penetration testing.
• Identify key aspects and associated risks to
securing data, applications, operation
systems and the network.
Section Summary
222
![Page 223: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/223.jpg)
223
Section 5:Incident Response
![Page 224: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/224.jpg)
1. Distinctions between events and incidents
2. Incident categories and types
3. Security event management
4. Key elements of incident response plans
5. Legal requirements of investigation and
evidence preservation
6. Requirements for forensic investigations
7. Business continuity planning and disaster
recovery
Topics Covered in this Section
224
![Page 225: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/225.jpg)
Upon completing this section you will be able to:
• Define event and incident.
• Define incident response and handling
methodologies.
• Identify the basic concepts, practices, tools,
tactics, techniques and procedures for
processing digital forensic data.
• Define business continuity plan.
Section Objectives
225
![Page 226: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/226.jpg)
Topic 1:Event vs. Incident
![Page 227: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/227.jpg)
A cybersecurity incident is an adverse event that negatively impacts the
confidentiality, integrity and availability of data.
The incident may be unintentional, such as someone forgetting to activate an
access list in a router.
Or it may be intentional, such as a targeted attack by a hacker.
Events may also be classified as technical or physical.
Technical incidents include viruses, malware, denial-of-service (DoS) and system
failure.
Physical incidents include social engineering and lost or stolen laptops or mobile
devices.
Types of Incidents
227
![Page 228: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/228.jpg)
Topic 2: Security Incident Response
![Page 229: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/229.jpg)
Incident response is a formal program that prepares an entity for an incident.
Incident response phases can be depicted as follows:
Incident Response Phases
229
![Page 230: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/230.jpg)
Adequate incident response planning and implementation allows an organization
to respond to an incident in a systematic manner.
Development of an incidence response plan (IRP) aids in:
• Meeting compliance regulations (e.g., PCI, FDIC)
• Allowing the organization to respond to incidents in a systematic manner
• Improving response time and effectiveness
Incident Response Planning
230
![Page 231: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/231.jpg)
The IRP is the first step in incident response. During the preparation phase, the
following should be completed:
• Establish an approach to handling incidents.
• Establish a policy and warning banners to deter intruders and allow information
collection.
• Establish a communication plan with stakeholders.
• Develop incident reporting criteria.
• Develop a process to activate the incident management team.
• Establish a secure location to execute the incident response plan.
• Ensure availability of needed equipment.
Preparing for an Incident
231
![Page 232: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/232.jpg)
The next phase in incident response aims to verify if an incident has happened
and to find out more details about the incident. Steps in this phase include:
• Assign ownership to an incident handler.
• Verify reports or events qualifying as incidents.
• Establish the chain of custody.
• Determine incident severity and escalate as necessary.
Identifying an Incident
232
![Page 233: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/233.jpg)
Actions taken in the containment phase of incident response work to limit
exposure. These include:
• Activate incident management/response team and notify appropriate stakeholders.
• Obtain agreement on actions taken that may affect availability.
• Get IT representative and relevant virtual team members to implement containment
procedures.
• Obtain and preserve evidence.
• Document actions.
• Control and manage communication to the public.
Containing an Incident
233
![Page 234: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/234.jpg)
When containment measures have been deployed, it is time to determine the root
cause of the incident and eradicate it. Actions in this phase include:
• Determine signs and cause of incidents.
• Locate the most recent version of backups or alternative solutions.
• Remove the root cause.
• Improve defenses by implementing protection techniques.
• Perform a vulnerability analysis.
Eradicating the Root Cause
234
![Page 235: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/235.jpg)
This phase of incident response ensures that affected systems or services are
restored to a condition specified in the service delivery objectives (SDO) or BCP.
Activities include:
• Restore operations to normal.
• Verify that actions taken on restored systems were successful.
• Involve system owners in testing the system.
• Aid system owners declare normal operation.
Recovering From an Incident
235
![Page 236: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/236.jpg)
As a final step in the incident response process, a report should be developed to
share what has happened, what measures were taken and the results after the
plan was executed. Activities related to this include:
• Analyze issues encountered during incident response efforts.
• Propose improvements.
• Present report to relevant stakeholders.
Lessons Learned
236
![Page 237: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/237.jpg)
?
CoolWeb Search is an example of what kind of
attack?
A. Trojan horse
B. Spyware
C. Ransomware
D. Phishing
E. Social engineering
Cyber Question
237
![Page 238: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/238.jpg)
Topic 3:Forensics
![Page 239: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/239.jpg)
Digital forensics can be defined as the “process of identifying, preserving,
analyzing and presenting digital evidence in a manner that is legally acceptable in
any legal proceedings (i.e., a court of law).”
Any electronic document or data can be used as digital evidence.
It must provide sufficient proof that the contents of digital evidence are in their
original state and have not been tampered with or modified during the process of
collection and analysis.
It is also important to demonstrate integrity and reliability of evidence for it to be
acceptable to law enforcement authorities.
Digital Forensics
239Source: McKemmish, D. Rodney. Computer and Intrusion Forensics, Artech House, USA, 2003
![Page 240: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/240.jpg)
There are four phases in the chain of events related to evidence in digital
forensics.
Each phase and its primary focus are shown below.
Forensics Chain of Events
240
![Page 241: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/241.jpg)
Consideration should be given to key
elements of forensics during planning
for audits and incidents.
Elements to be considered include:
• Data protection
• Data acquisition
• Imaging
• Extraction
• Ingestion or
normalization
• Interrogation
• Reporting
• Network traffic analysis
• Log file analysis
• Timelines
Forensics Key Elements
241
![Page 242: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/242.jpg)
Forensics tools can be categorized as follows:
• Computer—Examines non-volatile digital media
• Memory—Acquires and analyzes volatile memory
• Mobile device—Observes both software and hardware components
• Network—Monitors and analyzes network traffic
• Other forensics tools include applications designed to automate analysis of large files,
such as those created by auditing software.
• Categories of these tools include audit reduction, trend or variance detection and
attack signature detection applications.
Digital Forensics Tools
242
![Page 243: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/243.jpg)
Topic 4:Disaster Recovery and Business Continuity
![Page 244: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/244.jpg)
Disasters are disruptions that cause critical information resources to be
inoperative for a period of time, adversely impacting organizational operations.
The disruption could be a few minutes to several months, depending on the extent
of damage to the information resource.
Disasters require recovery efforts to restore operational status.
What Is a Disaster?
244
![Page 245: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/245.jpg)
The purpose of business continuity planning (BCP)/disaster recovery planning
(DRP) is to enable an enterprise to do the following:
• Continue offering critical services in the event of a disruption.
• Survive a disastrous interruption to activities.
• Rigorous planning and commitment of resources are necessary to adequately plan for
such a disaster event.
• BCP is primarily the responsibility of senior management.
Business Continuity Planning
245
![Page 246: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/246.jpg)
Elements a successful BCP must take into consideration include the following:
• Critical operations necessary to the survival of the organization
• The human/material resources supporting these critical operations
• Pre-disaster readiness covering incident response management to address all relevant
incidents affecting business processes
• Evacuation procedures
• Circumstances under which a disaster should be declared.
• Procedures for declaring a disaster (escalation procedures)
• Identification of the persons responsible for each function in the plan
• Identification of contract information
• Step-by-step explanation of the recovery process
• Identification of the various resources required for recovery and continued operation of
the organization
Key BCP Considerations
246
![Page 247: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/247.jpg)
The first step in preparing a new BCP is to identify the business processes of
strategic importance.
These are the key processes responsible for both the permanent growth of the
business and for the fulfillment of the business goals.
Based on this, a business impact analysis (BIA) process is used to determine the
time frames, priorities, resources and interdependencies that support the key
processes.
The BIA is the core source of data used in business continuity planning.
Business Impact Analysis
247
![Page 248: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/248.jpg)
The BIA should answer three important questions:
• What are the different business processes?
• What are the critical information resources related to an organization’s critical business
processes?
• What is the critical recovery time period for information resources in which business
processing must be resumed before significant or unacceptable losses are suffered?
Key BIA Questions
248
![Page 249: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/249.jpg)
?
Pegasus is the first known spyware on which of
the following?
A. iOS devices
B. Android devices
C. IoT devices
D. Cloud storage
Cyber Question
249Source: https://community.norton.com/en/blogs/security-covered-norton/internet-really-did-break-
today-and-heres-how-it-happened
![Page 250: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/250.jpg)
The BIA also establishes the recovery point objective (RPO) and recovery time
objective (RTO) for each key process.
RPO is determined based on the acceptable data loss in case of a disruption of
operations.
It indicates the earliest point in time that is acceptable to recover the data, and
effectively quantifies the permissible amount of data loss in case of interruption.
RTO is the amount of time allowable for the recovery of a business function or
resource after a disaster occurs.
RPO and RTO
250
![Page 251: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/251.jpg)
NIST defines the information and communications technology (ICT) supply chain
as “a complex, globally distributed and interconnected ecosystem that is long, has
geographically diverse routes, and consists of multiple tiers of outsourcing.”
This environment is interdependent on public and private entities for development,
integration and delivery of ICT products and services.
The complexity of supply chains and impact requires persistent awareness of risk
and consideration.
Factors such as economic, environmental, geopolitical and technological trends
and events must be incorporated into BIA and BCP analyses.
Supply Chain Considerations
251
![Page 252: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/252.jpg)
The approach to IS BCP matches that of BCP for the greater organization, except
that its focus is on the continuity of IS processing.
The IS BCP should be aligned with the strategy of the organization.
If the IS plan is a separate plan, it must be consistent with and support the
corporate BCP.
Note that the criticality of the various application systems deployed in the
organization depends on the nature of the business as well as the value of each
application to the business.
IS BCP
252
![Page 253: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/253.jpg)
In sum, the information system
BCP/DRP is a major component of an
organization’s overall business
continuity and disaster recovery
strategy.
The process of BCP is supported by
considered analysis of business
impacts.
Business Continuity Planning
253
![Page 254: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/254.jpg)
Data recovery is the process of restoring data that has been lost, accidentally
deleted, corrupted or made inaccessible for any reason.
Recovery processes vary depending on the type and amount of data lost, the
backup method employed and the backup media.
Recovery
254
![Page 255: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/255.jpg)
Backup procedures are used to copy files to a second medium such as a disk,
tape or the cloud.
Backup files should be kept at an offsite location.
There are three types of data backups: full, incremental and differential.
Backup
255
Full
• Copies every selected file on the system completely, regardless of recent backup status
• Slowest backup method, but fastest for restoring data
Incremental
• Copies all files that have changed since the last backup was made, regardless of whether the last backup was a full or incremental backup
• Fastest backup method, but slowest for restoring data
Differential
• Copies only the files that have changed since the last full backup
• The file grows until the next full backup is performed
![Page 256: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/256.jpg)
Group Activity
Incident Response
![Page 257: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/257.jpg)
Workmark is a benefits management company
with approximately 1,200 employees in a single
facility. The enterprise is highly dependent on
their internetworked systems to deliver services
to over 3,000 client organisations. Workmark’s
servers are virtualised in two data centres,
providing redundancy and geographic diversity.
Introduction
![Page 258: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/258.jpg)
Benefits company, founded in 1997
Headquartered in Denver, Colorado with data centres in Denver and Texas
All employees work in the Denver facility. The data centre in Texas is operated by
a third party
Company Profile
![Page 259: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/259.jpg)
Workmark primarily used Microsoft Windows for both server and desktop
operating systems. In each data centre, Workmark has 75 virtual Windows
servers. Each data centre also hosts five Linux servers and a small number of
specialised network appliances.
The Denver office has 800 desktop and laptop computers.
Technical Information
![Page 260: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/260.jpg)
The data centres are connected via redundant virtual private network (VPN)
connections.
Each desktop and server runs an anti-malware solution that is managed from a
central server.
Most workstations use hard-wired Ethernet connections, but the laptop computers
and tablets used by the management team connect to a WPA2-secured Wi-Fi
network.
Technical Information
![Page 261: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/261.jpg)
IT Organization
CIO
CISOVP IT
OperationsVP Development
Application
Development
Team
Security
Operations Team
Network
Operations
Server
Operations
Client Operations
Web
Development
Team
![Page 262: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/262.jpg)
The Security Operations Team (SOT) consists of a manager and eight analysts.
This team operates a 24/7 Network Security Operations Centre (NSOC). The
NSOC monitors the alerts from the Security Event Information Management
system (SEIM). The NSOC is also the primary point of contact for any security
related events other teams may encounter.
Security Operations TEAM
![Page 263: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/263.jpg)
You are the manager of the Security Operations Team (SOT). As manager, you
are the escalation point for the SOT. It is your responsibility to determine whether
an event is an incident and what the response should be.
Your Role
![Page 264: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/264.jpg)
At 2:00 a.m., you receive a call from a junior security analyst who is assigned to
the network security operations centre. The network engineers have reported a
sudden increase in network traffic from a virtual machine, including what appears
to be port scans of the internal network and large amounts of egress traffic
blocked at the firewall.
You ask the junior analyst if he has declared an incident. He tells you that he was
not sure if it was an event or an incident and that he needs guidance.
Scenario
![Page 265: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/265.jpg)
Detail the difference between an event and an incident for the junior analyst.
Describe ways to determine if this is, in fact, an incident or just an event.
Tasks
![Page 266: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/266.jpg)
Based on the information from the junior analyst, you declare an incident.
Grudgingly, you drive to the office to begin incident response procedures.
Upon initial analysis, you find that a privileged account on the virtual server is
scanning the internal network and trying to connect to several external sites.
The server appears to be compromised by some sort of malware that was not
detected by your anti-malware system. Monitoring the network traffic reveals that
the system is scanning for hosts using 135 and 445, well-known Windows ports.
Scenario, continued
![Page 267: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/267.jpg)
Scenario, continued
Source: ISACA, CSX Cybersecurity Fundamentals Study Guide, USA, 2014, p. 94
![Page 268: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/268.jpg)
1. Describe the appropriate steps within each of the incident
response phases above. What should have been included in the
preparation phase to prepare for an incident like this?
2. Which information should be gathered in the detection and
analysis phase, and who should be contacted?
3. Describe the importance of the containment, eradication and
recovery steps.
4. What sort of post-incident activity should be conducted and who
should notified.
5. Referencing the iterative nature of incident response, what
information should be fed back into the preparation stage?
Discussion Questions
![Page 269: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/269.jpg)
Section 6:Security Implications and Adoption of Evolving Technology
![Page 270: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/270.jpg)
1. Trends in the current threat landscape
2. Characteristics and targets of advanced
persistent threats (APTs)
3. Mobile device vulnerabilities, threats and risk
4. The consumerization of IT and mobile
devices
5. Risk and benefits of cloud and digital
collaboration
Topics Covered in this Section
270
![Page 271: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/271.jpg)
Upon completing this section you will be able to:
• Identify the possible cybersecurity
implications for adaption of evolving
technology.
Section Objectives
271
![Page 272: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/272.jpg)
Topic 1: Current Threat Landscape
![Page 273: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/273.jpg)
Increasing dependence on digital
technologies makes organizations more
susceptible to cybersecurity risk.
Cybersecurity Risk
273
![Page 274: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/274.jpg)
A threat landscape, also referred to as a threat environment, is a collection of threats.
The cybersecurity threat landscape is constantly changing.
Recent trends in the cyberthreat landscape include:
• Threat agents are more sophisticated in their attacks and use of tools.
• Attack patterns are being applied to mobile devices.
• Nation states have the capabilities to infiltrate government and private targets (cyberwarfare).
• Cloud computing results in large concentrations of data within a small number of facilities,
creating attractive targets for attackers.
• Social networks have become a primary channel for communication, knowledge collection,
marketing and dissemination of information.
• The popularity of big data as an asset allows for the potential for large scale breaches.
Threat Landscape
274
![Page 275: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/275.jpg)
Source: ENISA, ENISA Threat Landscape 2015, Greece, 2016
Information from ENISA (2015) shows the following trends in the threat
landscape:
Recent Trends in Cybersecurity
275
Increasing
• Malware
• Web-based attacks
• Web application attacks
• Denial of service
• Insider threats (malicious or accidental)
• Exploit kits
• Information leakage
• Ransomware
• Cyber espionage
Stable
• Physical damage/theft/ loss
• Phishing
• Data breaches
• Identity theft
Declining
• Botnets
• Spam
![Page 276: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/276.jpg)
Topic 2: Advanced Persistent Threats
![Page 277: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/277.jpg)
Evolution of the Threat Landscape
277
![Page 278: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/278.jpg)
An advanced persistent threat (APT) is a targeted threat that is composed of
various complex attack vectors and can remain undetected for an extended
period of time.
Unlike many other types of criminal acts, it is not easily deflected by a determined,
defensive response.
In addition, APTs have the following characteristics:
• Unprecedented degree of planning, resources employed and techniques used
• Often follow a particular modus operandi
What is an Advanced Persistent Threat?
278
![Page 279: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/279.jpg)
APTs target companies of all sizes across all sectors of industry and all
geographic regions that contain high-value assets.
No industry with valuable secrets or other sources of commercial advantage that
can be copied or undermined through espionage is safe from an APT attack.
APT attacks often encompass third-party organizations delivering services to
targeted enterprises.
APT Targets
279
![Page 280: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/280.jpg)
THREAT WHAT THEY SEEK BUSINESS IMPACT
Intelligence agencies Political, defense or commercial
trade secrets
Loss of trade secrets or
commercial, competitive
advantage
Criminal groups Money transfers, extortion
opportunities, personal identify
information or secrets for potential
onward sale
Financial loss, large-scale
customer data breach or loss of
trade secrets
Terrorist groups Production of widespread terror
through death, destruction and
disruption
Loss of production and services,
stock market irregularities, and
potential risk to human life
Activist groups Confidential information or disruption
of services
Major data breach or loss of
service
Armed forces Intelligence or positioning to support
future attacks on critical national
infrastructure
Serious damage to facilities in the
event of a military conflict
APT Sources of Threat
280
![Page 281: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/281.jpg)
Although no two APT attacks are
exactly alike, they often follow a similar
life cycle beginning with target selection
and research.
Stages of an APT Attack
281
![Page 282: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/282.jpg)
Topic 3: Mobile Technology - Vulnerabilities, Threats and Risk
![Page 283: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/283.jpg)
Security for mobile technology is a
function of the risk associated with its
use.
Threats related to mobile technology
include those listed here.
1. Improper platform usage
2. Insecure data storage
3. Insecure communication
4. Insecure authentication
5. Insufficient cryptography
6. Insecure authorization
7. Client code quality
8. Code tampering
9. Reverse engineering
10. Extraneous functionality
Security for Mobile Technology
283
![Page 284: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/284.jpg)
Activity Monitoring and Data Retrieval
Unauthorized Network Connectivity
Web View/User Interface (UI) Impersonation
Sensitive Data Leakage
Unsafe Sensitive Data Storage
Unsafe Sensitive Data Transmission
Drive-by Vulnerabilities
Mobile devices present a number technical risks, in addition to physical and
organizational risks.
Technical Risk
284
![Page 285: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/285.jpg)
TARGET RISK
Messaging •Generic attacks on SMS text, MMS-enriched transmission of text and contents
•Retrieval of online and offline email contents
•Insertion of service commands by SMS cell broadcast texts
•Arbitrary code execution via SMS/MMS
•Redirect or phishing attacks by HTML-enabled SMS text or email
Audio •Covert call initiation or call recording
•Open microphone recording
Pictures/Video •Retrieval of pictures and videos by piggybacking the usual “share” functionality
in most apps
•Covert capture of video or pictures, including traceless wiping of such material
Geolocation Monitoring and retrieval of GPS positioning data, including date and time stamps
Static data Intelligence or positioning to support future attacks on critical national
infrastructure
History Monitoring and retrieval of all history files in the device or on SIM cards (calls,
SMS, browsing, input, stored passwords, etc.)
Storage Generic attacks on data and device storage (hard disk or solid state disk [SSD])
Activity Monitoring and Data Retrieval Risk
285
![Page 286: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/286.jpg)
VECTOR RISK
Email Simple to complex data transmission (including large files)
SMS Simple data transmission, limited command and control (service
command) facility
HTTP get/post Generic attack vector for browser-based connectivity, command and
control
TCP/UDP
socket
Lower-level attack vector for simple to complex data transmission
DNS
exfiltration
Lower-level attack vector for simple to complex data transmission,
slow but difficult to detect
Bluetooth Simple to complex data transmission, profile-based command and
control facility, generic attack vector for close proximity
WLAN/WiMAX Generic attack vector for full command and control of target,
equivalent to wired network
Unauthorized Network Connectivity Risk
286
![Page 287: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/287.jpg)
The amount of storage space found on many devices is growing and, on average,
almost any device will soon be capable of storing several gigabytes of data.
This increases the risk of data leakage, particularly when mobile devices store
replicated information from enterprise networks.
Sensitive data leakage can be inadvertent or can occur through side channel
attacks.
Side channel attacks over prolonged periods of time allow the building of a
detailed user profile in terms of movements, behavior and private/business habits.
Users who may be considered at risk may require additional physical protection.
Sensitive Data Leakage
287
![Page 288: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/288.jpg)
The use of mobile devices often increases the risk associated with unsafe storage
and transmission.
Risk Associated With Mobile Data Storage and Transmission
288
Unsafe Sensitive Data Storage
• Applications may store sensitive data such as credentials or tokens as plaintext.
• Data stored by the user is often replicated without encryption.
• Standardized files such as presentations and spreadsheets are stored unencrypted for quick access and convenience.
• Mobile devices are often associated with cloud storage, which itself adds risk.
Unsafe Sensitive Data Transmission
• Mobile devices predominantly rely on wireless data transmission, creating a risk of unauthorized network connectivity, particularly when using a wireless LAN.
• Users are likely to use unsecured public networks for data transmission.
• Automatic network recognition, a common feature in mobile OSs, may link to WLANs available in the vicinity, memorizing Service Set Identifiers (SSIDs) and channels and paving the way for evil twin attacks.
![Page 289: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/289.jpg)
Mobile device size restricts display and edit capabilities.
Word processing, spreadsheet and presentation software is optimized for opening and reading only, but the documents may contain active
hyperlinks, macros and embedded documents.
This is known as an attack vector for malware and other exploits. Mobile apps may not recognize malformed links or provide adequate warnings to users.
Users can be harmed by insertion of illegal material, inadvertent use of “premium” services via SMS/MMs or bypass of authentication mechanisms.
The restricted nature of mobile device applications leads to an increased risk of
drive-by attack.
Drive-by Vulnerabilities
289
![Page 290: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/290.jpg)
?
In 2016, the Mirai botnet malware using a
Distributed Denial of Service (DDoS) attack
flooded a DNS server. It is the first known attack
on this type of device?
A. iOS devices
B. Android devices
C. IoT devices
D. Cloud storage
Cyber Question
290Source: https://community.norton.com/en/blogs/security-covered-norton/internet-really-did-break-
today-and-heres-how-it-happened
![Page 291: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/291.jpg)
Topic 4:Consumerization of IT and Mobile Devices
![Page 292: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/292.jpg)
Consumerization of IT is the reorientation of technologies and services designed
around the individual end user. Examples include:
• Smart devices such as smartphones and tablets
• BYOD strategies
• New, freely available applications and services
• Consumerization is not limited to devices.
• New, freely available applications and services provide better user experiences for
things like note-taking, video conferencing, email and cloud storage than their
respective corporate-approved counterparts.
• Instead of being provided with company-issued devices and software, employees are
increasingly using their own solutions that fit with their lifestyle, user needs and
preferences.
Consumerization of IT
292292
![Page 293: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/293.jpg)
The use of privately owned mobile devices for work purposes has quickly taken
hold.
This trend is both positive and negative.
The downside is a proliferation of devices with known (or unknown) security risk,
and the formidable challenge of managing device security against several
unknowns.
In contrast, BYOD is becoming an important job motivation factor, because
employees are no longer willing to accept technology restrictions.
Bring Your Own Device
293
![Page 294: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/294.jpg)
PROS
• Shifts costs to user
• Worker satisfaction
• More frequent hardware upgrades
• Cutting-edge technology with the latest features and capabilities
CONS
• IT loss of control
• Known or unknown security risk
• Acceptable Use Policy is more difficult to implement
• Unclear compliance and ownership of data
294
Pros and Cons of BYOD
294
![Page 295: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/295.jpg)
The Internet of Things (IoT) refers to physical objects that possess embedded
network and computing elements and communicate with other objects over a
network.
Although specific risk depends on usage, IoT creates several types of risk.
Internet of Things
295
Business Risk
• Health and safety
• Regulatory compliance
• User privacy
• Unexpected costs
Operational Risk
• Inappropriate access to functionality
• Shadow usage
• Performance
Technical Risk
• Device vulnerabilities
• Device updates
• Device management
![Page 296: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/296.jpg)
Big data is both a marketing and a technical term referring to a valuable
enterprise asset—information.
Big data relies on data sets that are too large or too fast-changing to be analyzed
using traditional database techniques or commonly used software tools.
The change in analytics capabilities dealing with big data can introduce technical
and operational risk, including:
• Amplified technical impact—Larger data sets are in jeopardy if attacked
• Privacy in data collection—Individuals may feel that revealed information is overly
intrusive
• Re-identification—During aggregation, semi-anonymous information may be converted
to identifiable information, compromising individual privacy
Big Data
296
![Page 297: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/297.jpg)
Topic 5:Cloud and Digital Collaboration
![Page 298: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/298.jpg)
NIST defines “cloud computing” as a “model for enabling convenient, on-demand
access to a shared pool of configurable computing resources (e.g., networks,
servers, storage, applications and services) that can be rapidly provisioned and
released with minimal management effort or service provider interaction.”
Cloud computing offers enterprises a way to save on the capital expenditure
associated with traditional methods of managing IT.
Common platforms offered in the cloud include:
• Software as a Service (SaaS)
• Platform as a Service (PaaS)
• Infrastructure as a Service (IaaS)
Cloud Computing
298
![Page 299: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/299.jpg)
Cloud computing-related risk can lead to a number of different threat events. The
Cloud Security Alliance lists the following as top cloud computing threats:
• Data breaches
• Data loss
• Account hijacking
• Insecure application programming interfaces (APIs)
• Denial-of-service (DoS)
• Malicious insiders
• Abuse of cloud services
• Insufficient due diligence
• Shared technology issues
Top Cloud Computing Threats
299
![Page 300: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/300.jpg)
Enterprises often use SaaS offerings, sometimes extending this use to critical
business processes and related applications.
These service offerings bring business advantages, but they also generate data-
in-flow vulnerabilities that may be exploited by cybercrime and cyberwarfare.
SaaS increases risk at the application layer, including these attack vectors:
• Zero-day exploits
• Primary malware
• Secondary malware
Web Applications
300
![Page 301: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/301.jpg)
Social media technology involves the creation and dissemination of content
through social networks using the Internet.
The differences between traditional and social media are defined by the level of
interaction and interactivity available to the consumer.
Use of social media has created highly effective communication platforms where
any user, virtually anywhere in the world, can freely create content and
disseminate this information in real time to a global audience.
Enterprises are using social media to increase brand recognition, sales, revenue
and customer satisfaction; however, there is risk associated with its usage.
Social Media
301
![Page 302: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/302.jpg)
Risks associated with a corporate social media presence include:
• Introduction of viruses/malware to the organizational network
• Misinformation or misleading information posted through a fraudulent or hijacked
corporate presence
• Unclear or undefined content rights to information posted to social media sites
• Customer dissatisfaction due an expected increase in customer service response
quality/timeliness
• Mismanagement of electronic communications that may be impacted by retention
regulations or e-discovery
Risks of Enterprise Use of Social Media
302
![Page 303: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/303.jpg)
Risks associated with employee personal use of social media include:
• Use of personal accounts to communicate work-related information
• Employee posting of pictures or information that link them to the enterprise
• Excessive employee use of social media in the workplace
• Employee access to social media via enterprise-supplied mobile devices
(smartphones, tablets)
Risks of Employee Use of Social Media
303
![Page 304: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/304.jpg)
Section 6: Security Implications and Adoption of Evolving TechnologyReview Question
![Page 305: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/305.jpg)
?
Which of the following are cloud related threats?
A. Data breaches
B. Data loss
C. Account hijacking
D. Insecure application programming interfaces
(APIs)
E. Denial-of-service (DoS)
F. All the above
Review Question
305
![Page 306: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/306.jpg)
?
All of the following are business risks for IoT
devices except for which of the following?
A. Health and safety
B. Performance
C. Regulatory compliance
D. User privacy
E. Unexpected costs
Review Question
306
![Page 307: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/307.jpg)
?
Which of the following is an advantage for
BYOD?
A. Shifts costs to user
B. IT loss of control
C. Known or unknown security risk
D. Acceptable Use Policy is more difficult to
implement
E. Unclear compliance and ownership of data
Review Question
307
![Page 308: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/308.jpg)
?
Which of the following are risks associated with
corporate social media?
A. Introduction of viruses/malware to the
organizational network
B. Misinformation or misleading information posted
through a fraudulent or hijacked corporate
presence
C. Unclear or undefined content rights to
information posted to social media sites
D. Customer dissatisfaction due an expected
increase in customer service response
quality/timeliness
E. All the above
Review Question
308
![Page 309: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/309.jpg)
?
What is the APT threat type if the business
impact is the loss of trade secrets or
commercial, competitive advantage?
A. Intelligence agencies
B. Criminal groups
C. Terrorist groups
D. Activist groups
E. Armed forces
Review Question
309
![Page 310: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/310.jpg)
You should now be able to:
• Identify the possible cybersecurity
implications for adaption of evolving
technology.
Section Summary
310
![Page 311: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/311.jpg)
Now that you have completed this course you
should be able to:
• Identify key concepts and terminology in
cybersecurity.
• Define the key concepts, roles and domains of
cybersecurity.
• Identify the various types of cybersecurity
architecture.
• Identify the key components of securing networks,
systems and applications and data.
• Identify and incident and outline the phases of
incident response.
• Identify the possible cybersecurity implications for
adaption of evolving technology.
Course Summary
311
![Page 312: Cybersecurity Fundamentals Course - ISACA Curacaoisacacuracao.com/wp-content/uploads/2019/01/CSX... · Understanding Likelihood 44. Source: “Generic Risk Model with Key Risk Factors,”](https://reader033.vdocuments.site/reader033/viewer/2022042307/5ed3c6d2cef4dd68db683011/html5/thumbnails/312.jpg)
THANK YOU