2. 2 IBM Security
Agenda
• World vision of breaches & statistics
• What is Cybersecurity?
• What is Information Security?
• Protect Digital Assets
• Key Concepts
• Cybersecurity Roles
• Cybersecurity Concepts
• Risk Management
• Essential Terminology
• Threat Agents
5. 5 IBM Security
What is Cybersecurity?
• The protection of information assets by addressing threats to information processed, stored and
transported by internetworked information systems.
Information Security
Cybersecurity
6. 6 IBM Security
What is Information Security (InfoSec)?
• Infosec deals with information, regardless of its format (it encompasses paper documents, digital and
intellectual property in people's minds, and verbal or visual communications.
• Cybersecurity on the other hand, is concerned with protecting digital assets, everything from networks
to hardware and information processed, stored or/and transported by internetworked information
systems.
7. 7 IBM Security
Protecting Digital Assets
• The NIST (National Institute of Standards and Technology) & ENISA (European Union Agency for
Network and Information Security) have identified 5 key functions necessary for the protection of
digital assets
Identify
• Use organizational understanding to minimize risk to systems,
assets, data and capabilities
Protect
• Design safeguards to limit the impact of potential events on
critical services and infrastructure
Detect
• Implement activities to identify the occurrence of a cybersecurity
event
Respond
• Take appropriate action after learning of a security event
Recover
• Plan for resilience and the timely repair of compromised
capabilities and services
8. 8 IBM Security
Key Concepts
• It is important to understand the elements of Information Security
9. 9 IBM Security
Cybersecurity Roles
• Governance
̶ It's the responsibility of the board of directors and senior management of the organization. Provide strategic
direction, ensure that objectives are achieved, ascertain whether risk is being managed appropriately and verify that
the organization's resources are being used responsibly, are goals of the governance program
• Risk Management
̶ It's the process by which an organization manages risk to acceptable levels, it requires the development and
implementation of internal controls to manage mitigate risk throughout the organization, including financial and
investment risk, physical risk and cyberrisk
• Compliance
̶ The act of adhering to mandated requirements defined by laws and regulations, this also includes contractual
obligations with clients, partners and internal policies
10. 10 IBM Security
Cybersecurity Concepts
• Risk:
̶ The combination of the probability of an event and its consequence (ISO/IEC 73:2009). Risk is mitigated through the
use of controls or safeguards.
• Approaches
•Also known as standards-based security, this approach relies on regulations or
standards to determine security implementations. Controls are implemented
regardless of their applicability or necessity, which often leads to a “checklist”
attitude toward security.
Compliance-
based
•Risk-based security relies on identifying the unique risk a particular organization
faces and designing and implementing security controls to address that risk above
and beyond the entity’s risk tolerance and business needs.
Risk-based
•An ad hoc approach simply implements security with no particular rationale or
criteria. Ad hoc implementations may be driven by vendor marketing, or they may
reflect insufficient subject matter expertise, knowledge or training when designing
and implementing safeguards.
Ad-hoc
12. 12 IBM Security
Risk Treatment (Contd)
Risk Reduction/Mitigation
Implement controls and/or
countermeasures
Risk Retention/Acceptance
If the cost of the mitigation controls is higher
than the cost of the impact the risk
represents
Risk Avoidance/Terminate
Terminate the activity giving rise
to risk
Risk Transfer
Purchase insurance to address
the risk, which will be transferred
to the insurance company
13. 13 IBM Security
What is Residual Risk?
• The risk that still remains after countermeasures and controls have been implemented.
• If residual risk is greater than the acceptable risk level, then it should be further treated with the option
of additional mitigation through implementing more stringent controls
14. 14 IBM Security
Essential Terminology
Vulnerability
Existence of a weakness, design,
or implementation error that can
lead to an unexpected event
compromising the security of the
system
Asset
Anything that represents value for
the organization and is worth
protecting
Threat
Anything capable of acting against
an asset in a manner that can
result in harm
Backdoor
A mean of regaining access to a
compromised system by installing
SW or configuring existing SE to
enable remote access
Brute Force Attack
Trying all possible combinations
of passwords or encryption keys
until the correct one is found
Buffer Overflow
When an app tries to store more
data in a buffer (temporary data
storage area) than it was
designed to hold, this corrupts the
app and enables the attacker to
introduce or run commands
DDoS Attack
An assault on a service from
different sources that floods the
target with so many requests that
it becomes unavailable to anyone
MitM Attack
The attacker intercepts the
communication stream between 2
parts, the attacker can sniff or
replace the traffic
Social Engineering
Any attempt to exploit social
vulnerabilities to gain access to
information/systems
15. 15 IBM Security
Essential Terminology (Contd)
Phishing
The attacker attempts by email
to convince a user that the
originator is genuine, but with
malicious intentions to obtaining
information
Exploit
A breach of IT system security
through vulnerabilities
Payload
Is the part of an exploit code
that performs the intended
malicious action, such as
destroying, creating backdoors,
and hijacking computer
SQL Injection
SQL syntax is used without
proper validation as part of SQL
queries, this could harm the DB
or even the OS
Bot
A "bot" is a software application
that can be controlled remotely
to execute or automata
predefined tasks
Zero-Day Attack
An attack that exploits computer
application vulnerabilities before
the software developer releases
a patch for the vulnerability
XSS
Cross-site scripting, malicious
scripts are injected into benign
and trusted websites
<script>alert("PWND")</script>
APT
Advanced Persistent Threats
are complex and coordinated
attacks directed at a specific
target, they require enormous
research and time
Spoofing
Faking the sending address to
gain illegal entry into a system