SlideShare una empresa de Scribd logo

Introduction to Cybersecurity Fundamentals

Descargar como PPTX, PDF
T
Toño Herrera

Brief but concise Introduction to Cybersecurity Fundamentals

Tecnología
1 de 17
Cybersecurity Fundamentals Luis Herrera, CRISC, CEH, ITILv3 14-Apr-2017
2 IBM Security Agenda • World vision of breaches & statistics • What is Cybersecurity? • What is Information Security? • Protect Digital Assets • Key Concepts • Cybersecurity Roles • Cybersecurity Concepts • Risk Management • Essential Terminology • Threat Agents
3 IBM Security World’s Biggest Data Breaches
4 IBM Security Data Breach Statistics
5 IBM Security What is Cybersecurity? • The protection of information assets by addressing threats to information processed, stored and transported by internetworked information systems. Information Security Cybersecurity
6 IBM Security What is Information Security (InfoSec)? • Infosec deals with information, regardless of its format (it encompasses paper documents, digital and intellectual property in people's minds, and verbal or visual communications. • Cybersecurity on the other hand, is concerned with protecting digital assets, everything from networks to hardware and information processed, stored or/and transported by internetworked information systems.
7 IBM Security Protecting Digital Assets • The NIST (National Institute of Standards and Technology) & ENISA (European Union Agency for Network and Information Security) have identified 5 key functions necessary for the protection of digital assets Identify • Use organizational understanding to minimize risk to systems, assets, data and capabilities Protect • Design safeguards to limit the impact of potential events on critical services and infrastructure Detect • Implement activities to identify the occurrence of a cybersecurity event Respond • Take appropriate action after learning of a security event Recover • Plan for resilience and the timely repair of compromised capabilities and services
8 IBM Security Key Concepts • It is important to understand the elements of Information Security
9 IBM Security Cybersecurity Roles • Governance ̶ It's the responsibility of the board of directors and senior management of the organization. Provide strategic direction, ensure that objectives are achieved, ascertain whether risk is being managed appropriately and verify that the organization's resources are being used responsibly, are goals of the governance program • Risk Management ̶ It's the process by which an organization manages risk to acceptable levels, it requires the development and implementation of internal controls to manage mitigate risk throughout the organization, including financial and investment risk, physical risk and cyberrisk • Compliance ̶ The act of adhering to mandated requirements defined by laws and regulations, this also includes contractual obligations with clients, partners and internal policies
10 IBM Security Cybersecurity Concepts • Risk: ̶ The combination of the probability of an event and its consequence (ISO/IEC 73:2009). Risk is mitigated through the use of controls or safeguards. • Approaches •Also known as standards-based security, this approach relies on regulations or standards to determine security implementations. Controls are implemented regardless of their applicability or necessity, which often leads to a “checklist” attitude toward security. Compliance- based •Risk-based security relies on identifying the unique risk a particular organization faces and designing and implementing security controls to address that risk above and beyond the entity’s risk tolerance and business needs. Risk-based •An ad hoc approach simply implements security with no particular rationale or criteria. Ad hoc implementations may be driven by vendor marketing, or they may reflect insufficient subject matter expertise, knowledge or training when designing and implementing safeguards. Ad-hoc
11 IBM Security Risk Treatment
12 IBM Security Risk Treatment (Contd) Risk Reduction/Mitigation Implement controls and/or countermeasures Risk Retention/Acceptance If the cost of the mitigation controls is higher than the cost of the impact the risk represents Risk Avoidance/Terminate Terminate the activity giving rise to risk Risk Transfer Purchase insurance to address the risk, which will be transferred to the insurance company
13 IBM Security What is Residual Risk? • The risk that still remains after countermeasures and controls have been implemented. • If residual risk is greater than the acceptable risk level, then it should be further treated with the option of additional mitigation through implementing more stringent controls
14 IBM Security Essential Terminology Vulnerability Existence of a weakness, design, or implementation error that can lead to an unexpected event compromising the security of the system Asset Anything that represents value for the organization and is worth protecting Threat Anything capable of acting against an asset in a manner that can result in harm Backdoor A mean of regaining access to a compromised system by installing SW or configuring existing SE to enable remote access Brute Force Attack Trying all possible combinations of passwords or encryption keys until the correct one is found Buffer Overflow When an app tries to store more data in a buffer (temporary data storage area) than it was designed to hold, this corrupts the app and enables the attacker to introduce or run commands DDoS Attack An assault on a service from different sources that floods the target with so many requests that it becomes unavailable to anyone MitM Attack The attacker intercepts the communication stream between 2 parts, the attacker can sniff or replace the traffic Social Engineering Any attempt to exploit social vulnerabilities to gain access to information/systems
15 IBM Security Essential Terminology (Contd) Phishing The attacker attempts by email to convince a user that the originator is genuine, but with malicious intentions to obtaining information Exploit A breach of IT system security through vulnerabilities Payload Is the part of an exploit code that performs the intended malicious action, such as destroying, creating backdoors, and hijacking computer SQL Injection SQL syntax is used without proper validation as part of SQL queries, this could harm the DB or even the OS Bot A "bot" is a software application that can be controlled remotely to execute or automata predefined tasks Zero-Day Attack An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability XSS Cross-site scripting, malicious scripts are injected into benign and trusted websites <script>alert("PWND")</script> APT Advanced Persistent Threats are complex and coordinated attacks directed at a specific target, they require enormous research and time Spoofing Faking the sending address to gain illegal entry into a system
16 IBM Security Threat Agents
ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU

Recomendados

Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxChandanChandu928137
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEng Hasan Shamroukh CISCO Exams Author
 
Career in cyber security
Career in cyber securityCareer in cyber security
Career in cyber securityManjushree Mashal
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 

Recomendados

Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxChandanChandu928137
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEng Hasan Shamroukh CISCO Exams Author
 
Career in cyber security
Career in cyber securityCareer in cyber security
Career in cyber securityManjushree Mashal
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Cyber security
Cyber securityCyber security
Cyber securityRishav Sadhu
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Cyber security
Cyber securityCyber security
Cyber securityAman Pradhan
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
Information security
Information securityInformation security
Information securitySina Bagherinezhad
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityForam Gosai
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM Security
 
Security in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everSecurity in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everEC-Council
 

Más contenido relacionado

La actualidad más candente

AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 

La actualidad más candente (20)

Cyber security
Cyber securityCyber security
Cyber security
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber security
Cyber securityCyber security
Cyber security
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Mobile security
Mobile securityMobile security
Mobile security
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in Cybersecurity
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Information security
Information securityInformation security
Information security
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 

Similar a Introduction to Cybersecurity Fundamentals

IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM Security
 
Security in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everSecurity in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everEC-Council
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingSPI Conference
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services OverviewCasey Lucas
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM Sverige
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart ThemIBM Security
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Security Principles for CEOs
Security Principles for CEOsSecurity Principles for CEOs
Security Principles for CEOsMorten Bjørklund
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public versionIBM Sverige
 
Ibm q radar_blind_references
Ibm q radar_blind_referencesIbm q radar_blind_references
Ibm q radar_blind_referencesMaarten Werff
 
JavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaJavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaChris Bailey
 
Take your SOC Beyond SIEM
Take your SOC Beyond SIEMTake your SOC Beyond SIEM
Take your SOC Beyond SIEMThomas Springer
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat ManagementKillian Delaney
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...IBM Security
 
Bordless Breaches and Migrating Malware
Bordless Breaches and Migrating MalwareBordless Breaches and Migrating Malware
Bordless Breaches and Migrating MalwareSarah Freemantle
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesJeff Miller
 
An Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to SecurityAn Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to SecurityGerard McNamee
 

Similar a Introduction to Cybersecurity Fundamentals (20)

IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
 
Security in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everSecurity in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than ever
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services Overview
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Security Principles for CEOs
Security Principles for CEOsSecurity Principles for CEOs
Security Principles for CEOs
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public version
 
Ibm q radar_blind_references
Ibm q radar_blind_referencesIbm q radar_blind_references
Ibm q radar_blind_references
 
JavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaJavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for Java
 
Take your SOC Beyond SIEM
Take your SOC Beyond SIEMTake your SOC Beyond SIEM
Take your SOC Beyond SIEM
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat Management
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
 
Bordless Breaches and Migrating Malware
Bordless Breaches and Migrating MalwareBordless Breaches and Migrating Malware
Bordless Breaches and Migrating Malware
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn Series
 
An Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to SecurityAn Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to Security
 

Último

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Último (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Introduction to Cybersecurity Fundamentals

  • 1. Cybersecurity Fundamentals Luis Herrera, CRISC, CEH, ITILv3 14-Apr-2017
  • 2. 2 IBM Security Agenda • World vision of breaches & statistics • What is Cybersecurity? • What is Information Security? • Protect Digital Assets • Key Concepts • Cybersecurity Roles • Cybersecurity Concepts • Risk Management • Essential Terminology • Threat Agents
  • 3. 3 IBM Security World’s Biggest Data Breaches
  • 4. 4 IBM Security Data Breach Statistics
  • 5. 5 IBM Security What is Cybersecurity? • The protection of information assets by addressing threats to information processed, stored and transported by internetworked information systems. Information Security Cybersecurity
  • 6. 6 IBM Security What is Information Security (InfoSec)? • Infosec deals with information, regardless of its format (it encompasses paper documents, digital and intellectual property in people's minds, and verbal or visual communications. • Cybersecurity on the other hand, is concerned with protecting digital assets, everything from networks to hardware and information processed, stored or/and transported by internetworked information systems.
  • 7. 7 IBM Security Protecting Digital Assets • The NIST (National Institute of Standards and Technology) & ENISA (European Union Agency for Network and Information Security) have identified 5 key functions necessary for the protection of digital assets Identify • Use organizational understanding to minimize risk to systems, assets, data and capabilities Protect • Design safeguards to limit the impact of potential events on critical services and infrastructure Detect • Implement activities to identify the occurrence of a cybersecurity event Respond • Take appropriate action after learning of a security event Recover • Plan for resilience and the timely repair of compromised capabilities and services
  • 8. 8 IBM Security Key Concepts • It is important to understand the elements of Information Security
  • 9. 9 IBM Security Cybersecurity Roles • Governance ̶ It's the responsibility of the board of directors and senior management of the organization. Provide strategic direction, ensure that objectives are achieved, ascertain whether risk is being managed appropriately and verify that the organization's resources are being used responsibly, are goals of the governance program • Risk Management ̶ It's the process by which an organization manages risk to acceptable levels, it requires the development and implementation of internal controls to manage mitigate risk throughout the organization, including financial and investment risk, physical risk and cyberrisk • Compliance ̶ The act of adhering to mandated requirements defined by laws and regulations, this also includes contractual obligations with clients, partners and internal policies
  • 10. 10 IBM Security Cybersecurity Concepts • Risk: ̶ The combination of the probability of an event and its consequence (ISO/IEC 73:2009). Risk is mitigated through the use of controls or safeguards. • Approaches •Also known as standards-based security, this approach relies on regulations or standards to determine security implementations. Controls are implemented regardless of their applicability or necessity, which often leads to a “checklist” attitude toward security. Compliance- based •Risk-based security relies on identifying the unique risk a particular organization faces and designing and implementing security controls to address that risk above and beyond the entity’s risk tolerance and business needs. Risk-based •An ad hoc approach simply implements security with no particular rationale or criteria. Ad hoc implementations may be driven by vendor marketing, or they may reflect insufficient subject matter expertise, knowledge or training when designing and implementing safeguards. Ad-hoc
  • 11. 11 IBM Security Risk Treatment
  • 12. 12 IBM Security Risk Treatment (Contd) Risk Reduction/Mitigation Implement controls and/or countermeasures Risk Retention/Acceptance If the cost of the mitigation controls is higher than the cost of the impact the risk represents Risk Avoidance/Terminate Terminate the activity giving rise to risk Risk Transfer Purchase insurance to address the risk, which will be transferred to the insurance company
  • 13. 13 IBM Security What is Residual Risk? • The risk that still remains after countermeasures and controls have been implemented. • If residual risk is greater than the acceptable risk level, then it should be further treated with the option of additional mitigation through implementing more stringent controls
  • 14. 14 IBM Security Essential Terminology Vulnerability Existence of a weakness, design, or implementation error that can lead to an unexpected event compromising the security of the system Asset Anything that represents value for the organization and is worth protecting Threat Anything capable of acting against an asset in a manner that can result in harm Backdoor A mean of regaining access to a compromised system by installing SW or configuring existing SE to enable remote access Brute Force Attack Trying all possible combinations of passwords or encryption keys until the correct one is found Buffer Overflow When an app tries to store more data in a buffer (temporary data storage area) than it was designed to hold, this corrupts the app and enables the attacker to introduce or run commands DDoS Attack An assault on a service from different sources that floods the target with so many requests that it becomes unavailable to anyone MitM Attack The attacker intercepts the communication stream between 2 parts, the attacker can sniff or replace the traffic Social Engineering Any attempt to exploit social vulnerabilities to gain access to information/systems
  • 15. 15 IBM Security Essential Terminology (Contd) Phishing The attacker attempts by email to convince a user that the originator is genuine, but with malicious intentions to obtaining information Exploit A breach of IT system security through vulnerabilities Payload Is the part of an exploit code that performs the intended malicious action, such as destroying, creating backdoors, and hijacking computer SQL Injection SQL syntax is used without proper validation as part of SQL queries, this could harm the DB or even the OS Bot A "bot" is a software application that can be controlled remotely to execute or automata predefined tasks Zero-Day Attack An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability XSS Cross-site scripting, malicious scripts are injected into benign and trusted websites <script>alert("PWND")</script> APT Advanced Persistent Threats are complex and coordinated attacks directed at a specific target, they require enormous research and time Spoofing Faking the sending address to gain illegal entry into a system
  • 17. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU