Select Page
  

Discussion Forum 1Topic: Computerized Operating Systems (OS) are almost everywhere. We encounter them when we use out laptop or desktop computer. We use them when we use our phone or tablet. Find articles that describes the different types of operating systems (Linux, Unix, Android, ROS, z/OS, z/VM, z/VSE, etc). Do not select MS WINDOWS. Write a scholarly review of comparing any two or more OS; attach a copy of the article to your postings. Remember, this assignment is to be scholarly; it is not enough for you to simply post your article and add cursory reviews. Cited references are required.
9781111138059_ppt_ch01.pptx

Unformatted Attachment Preview

Don't use plagiarized sources. Get Your Custom Essay on
Current and Emerging Technologies
Just from $10/Page
Order Essay

About the Presentations
• The presentations cover the objectives found in the
opening of each chapter.
• All chapter objectives are listed in the beginning of
each presentation.
• You may customize the presentations to fit your
class needs.
• Some figures from the chapters are included. A
complete set of images from the book can be found
on the Instructor Resources disc.
Principles of Incident Response
and Disaster Recovery, 2nd Edition
Chapter 01
An Overview of Information
Security and Risk Management
Objectives
• Define and explain information security
• Identify and explain the basic concepts of risk
management
• List and discuss the components of contingency
planning
• Describe the role of information security policy in the
development of contingency plans
Principles of Incident Response and Disaster Recovery, 2nd Edition
3
Introduction
• Contingency planning
– Being ready for incidents and disasters
• Example: 1/10 of one percent of online users
– Allows for two and a half million potential attackers
• Example: World Trade Center (WTC) organizations
– Had contingency plans due to February 1993 attack
• Example: 2008 Gartner report
– 2/3 of organizations invoked plans in prior two years
• Information security includes contingency planning
– Ensures confidentiality, integrity, availability of data
Principles of Incident Response and Disaster Recovery, 2nd Edition
4
Information Security
• Committee on National Security Systems (CNSS)
information security definition
– Protection of information and its critical elements
• Includes systems and hardware storing, transmitting
information
– Part of the CNSS model (evolved from C.I.A. triangle)
• Conceptual framework for understanding security
• Information security (InfoSec)
– Protection of confidentiality, integrity, and availability
of information
• In storage, during processing, and during transmission
Principles of Incident Response and Disaster Recovery, 2nd Edition
5
Key Information Security Concepts
• Threat: object, person, other entity posing potential
risk of loss to an asset
• Asset: organizational resource being protected
– Logical or physical
• Attack: attempt to cause damage to or compromise
information of supporting systems
– Arises from a threat; intentional or unintentional
• Threat-agent: threat instance
– Specific and identifiable; exploits asset vulnerabilities
Principles of Incident Response and Disaster Recovery, 2nd Edition
6
Key Information Security Concepts
(cont’d.)
• Vulnerability
– Flaw or weakness in system security procedures,
design, implementation, internal controls
• Results in security breach or security policy violation
– Well-known or latent
– Exercised accidently or intentionally
• Exploit: caused by threat-agent
– Can exploit system or information through illegal use
– Can create an exploit to target a specific vulnerability
• Control/safeguard/countermeasure: prevent attack
Principles of Incident Response and Disaster Recovery, 2nd Edition
7
Key Information Security Concepts
(cont’d.)
Principles of Incident Response and Disaster Recovery, 2nd Edition
8
Key Information Security Concepts
(cont’d.)
• Trespass
– Broad category of electronic and human activities
• Can breach information confidentiality
• Leads to unauthorized real or virtual actions
• Results in unauthorized access to premises or system
• Software attacks
– Malicious code, malicious software, malware
– Designed to damage, destroy, deny service to the
target systems
– Example: hackers
Principles of Incident Response and Disaster Recovery, 2nd Edition
9
Key Information Security Concepts
(cont’d.)
– Common malicious code instances
• Viruses and worms, Trojan horses, logic bombs, bots,
rootkits, back doors, denial-of-service (DoS) attack,
distributed DoS (DDoS) attack
– Malicious code threats: sources of confusion
• Method of propagation, payload, vector of infection
– Viruses
• Segments of code that perform malicious actions
• Macro virus: embedded automatically in macrocode
• Boot virus: infects key operating systems files
Principles of Incident Response and Disaster Recovery, 2nd Edition
10
Key Information Security Concepts
(cont’d.)
– Worms
• Replicate themselves constantly
• No other program needed
• Can replicate until available resources filled
– Back doors and trap doors
• Installed by virus or worm payload
• Provides at will special privilege system access
– Polymorphism
• Threat changes apparent shape over time
• Elude antivirus software detection
Principles of Incident Response and Disaster Recovery, 2nd Edition
11
Key Information Security Concepts
(cont’d.)
– Propagation vectors
• Manner by which malicious code spreads can vary
• May use social engineering: Trojan horse looks
desirable, but is not
• May leverage open network connection, file shares or
software vulnerability
– Malware hoaxes
• Well-meaning people send random e-mails warning of
fictitious dangerous malware
• Wastes a lot of time and energy
Principles of Incident Response and Disaster Recovery, 2nd Edition
12
Key Information Security Concepts
(cont’d.)
• Human error or failure
– Introduces acts performed by an authorized user
• No malicious intent or purpose
– Human error
• Small mistakes produce extensive damage with
catastrophic results
– Human failure
• Intentional refusal or unintentional inability to comply
with policies, guidelines, and procedures, with a
potential loss of information
Principles of Incident Response and Disaster Recovery, 2nd Edition
13
Key Information Security Concepts
(cont’d.)
• Theft
– Illegal taking of another’s property
• Property: physical, electronic, intellectual
• Includes acts of espionage and breach of
confidentiality
– Methods
• Competitive intelligence or industrial espionage
– Theft or loss of mobile devices
• Phones, tablets, and computers
• Stored information more important than devices
Principles of Incident Response and Disaster Recovery, 2nd Edition
14
Key Information Security Concepts
(cont’d.)
• Compromises to intellectual property
– FOLDOC intellectual property (IP) definition
• The ownership of ideas and control over the tangible
or virtual representation of those ideas. Use of another
person’s intellectual property may or may not involve
royalty payments or permission but should always
include proper credit to the source
– Includes
• Trade secrets, copyrights, trademarks, patents
• Exfiltration, or unauthorized removal of information
• Software piracy
Principles of Incident Response and Disaster Recovery, 2nd Edition
15
Key Information Security Concepts
(cont’d.)
• Sabotage or vandalism
– Destroys asset or damages an organization’s image
• Assault on an organization’s Web site
• Cyberterrorism (more sinister hacking)
• Technical software failures or errors
– Software with unknown hidden faults
• Code sold before security-related bugs detected
• Trap doors
– Helpful Web sites
• Bugtraq and National Vulnerability Database
Principles of Incident Response and Disaster Recovery, 2nd Edition
16
Key Information Security Concepts
(cont’d.)
• Technical hardware failures or errors
– Equipment distributed with known or unknown flaw
– System performs outside expected parameters
– Errors can be terminal or intermittent
• Forces of nature
– Known as force majeure, or acts of God
– Pose most dangerous threats imaginable
• Occur with very little warning
Principles of Incident Response and Disaster Recovery, 2nd Edition
17
Key Information Security Concepts
(cont’d.)
• Deviations in quality of service by service providers
– Product or service not delivered as expected
• Support systems interrupted by storms, employee
illnesses, unforeseen events
• Technological obsolescence
– Antiquated or outdated infrastructure
• Leads to unreliable and untrustworthy systems
• Risk loss of data integrity from attacks
Principles of Incident Response and Disaster Recovery, 2nd Edition
18
Key Information Security Concepts
(cont’d.)
• Information extortion
– Attacker or trusted insider steals information from a
computer system
• Demands compensation for its return or for an
agreement to not disclose the information
– Common in credit card number theft
• Other threats
– See Table 1-2
Principles of Incident Response and Disaster Recovery, 2nd Edition
19
Principles of Incident Response and Disaster Recovery, 2nd Edition
20
Overview of Risk Management
• Risk management process
– Identifying and controlling information asset risks
– Security managers play the largest roles
– Includes contingency planning
• Risk identification process
– Examining, documenting, and assessing the security
posture of an organization’s IT and the risks it faces
• Risk control process
– Applying controls to reduce the risks
Principles of Incident Response and Disaster Recovery, 2nd Edition
21
Overview of Risk Management (cont’d.)
Principles of Incident Response and Disaster Recovery, 2nd Edition
22
Overview of Risk Management (cont’d.)
• Risk management redefined
– Process of identifying vulnerabilities and taking
carefully reasoned steps to ensure the confidentiality,
integrity, and availability of the information system
“If you know the enemy and know yourself, you need
not fear the result of a hundred battles. If you know
yourself but not the enemy, for every victory gained you
will also suffer a defeat. If you know neither the enemy
nor yourself, you will succumb in every battle.”
– Chinese General Sun Tzu
Source: Oxford University Press
Principles of Incident Response and Disaster Recovery, 2nd Edition
23
Overview of Risk Management (cont’d.)
• Know yourself
– Identify, examine, and understand the information and
systems currently in place
– Asset: information and systems that use, store, and
transmit information
– Question to ask when protecting assets
• What are they?
• How do they add value to the organization?
• To which vulnerabilities are they susceptible?
– Have periodic review, revision, and maintenance of
control mechanisms
Principles of Incident Response and Disaster Recovery, 2nd Edition
24
Overview of Risk Management (cont’d.)
• Know the enemy
– Identify, examine, and understand threats
– Determine threat aspects affecting the organization
and the security of the assets
• List threats prioritized by importance
– Conduct periodic management reviews





Verify completeness and accuracy of asset inventory
Review and verify identified threats and vulnerabilities
Review current controls and mitigation strategies
Review cost effectiveness and deployment issues
Verify ongoing effectiveness of every control
Principles of Incident Response and Disaster Recovery, 2nd Edition
25
Risk Identification
• Identify, classify, and prioritize information assets
• Threat identification process begins afterwards
– Asset examined to identify vulnerabilities
– Controls identified
– Controls assessed
• Regarding capability to limit possible losses should
attack occur
Principles of Incident Response and Disaster Recovery, 2nd Edition
26
Principles of Incident Response and Disaster Recovery, 2nd Edition
27
Asset Identification and Value
Assessment
• Iterative process of identifying assets and assessing
their value
• Information asset classification
– Classify with respect to security needs
– Components must be specific for the creation of
various priority levels
– Components ranked according to criteria established
by the categorization
– Use comprehensive and mutually exclusive
categories
– Establish clear and comprehensive category sets
Principles of Incident Response and Disaster Recovery, 2nd Edition
28
Asset Identification and Value
Assessment (cont’d.)
• Information asset valuation
– Is this asset the most critical to the organizations’
success?
– Does it generate the most revenue?
– Does it generate the most profit?
– Would it be the most expensive to replace?
– Will it be the most expensive to protect?
– If revealed, would it cause the most embarrassment
or greatest damage?
– Does the law or other regulation require us to protect
this asset?
Principles of Incident Response and Disaster Recovery, 2nd Edition
29
Asset Identification and Value
Assessment (cont’d.)
• Answers determine weighting criteria
– Used for asset valuation and impact evaluation
• Must decide criteria best suited to establish the
information asset value
• Perform weighted factor analysis
– Calculates relative importance of each asset
– Assign score from 0.1 to 1.0 for each critical factor
– Assign each critical factor a weight from 1 to 100
• Identify, document and add company-specific
criteria
Principles of Incident Response and Disaster Recovery, 2nd Edition
30
Asset Identification and Value
Assessment (cont’d.)
Principles of Incident Response and Disaster Recovery, 2nd Edition
31
Data Classification and Management
(cont’d.)
• Data classification schemes
– Procedures requiring organizational data to be
classified into mutually exclusive categories
– Based on need to protect data category confidentiality
• Military specialized classification ratings
– “Public” to “For Official Use Only” to “Confidential“ to
“Secret” to “Top Secret”
Principles of Incident Response and Disaster Recovery, 2nd Edition
32
Data Classification and Management
(cont’d.)
• Alternative information classification scheme
– Public: for general public dissemination
– For official use: Not particularly sensitive but not for
public release
– Sensitive: important to the business and could cause
embarrassment or loss of market share if revealed
– Classified: requires utmost security; disclosure could
severely impact the organization
• Personnel information security clearances
– On a need-to-know basis
Principles of Incident Response and Disaster Recovery, 2nd Edition
33
Threat Identification
• Conduct a threat assessment
– Which threats present a danger to the organization’s
assets in the given environment?
– Which threats represent the most danger to the
organization’s information?
– Which threats would cost the most to recover from if
there was an attack?
– Which threats require the greatest expenditure to
prevent?
Principles of Incident Response and Disaster Recovery, 2nd Edition
34
Vulnerability Identification
• Review each asset and each threat it faces
– Create list of vulnerabilities
• Examine how each threat could be perpetrated
• List organization’s assets and its vulnerabilities
• Notes
– Threat may yield multiple vulnerabilities
– People with diverse backgrounds should participate
Principles of Incident Response and Disaster Recovery, 2nd Edition
35
Risk Assessment
• Process of assigning a risk rating or score to each
information asset
• Goal
– Determine relative risk of each vulnerability using
various factors
• Likelihood
– Probability that a specific vulnerability will be
successfully attacked
– Many asset/vulnerability combinations have external
references for likelihood values
Principles of Incident Response and Disaster Recovery, 2nd Edition
36
Valuation of Information Assets
• Assign weighted scores for the value to the
organization of each information asset
• Re-ask questions described in the “Threat
Identification” section
– Which of these questions is most important to the
protection of the organization’s information?
• Examine how current controls can reduce risk faced
by specific vulnerabilities
• Impossible to know everything about each
vulnerability
Principles of Incident Response and Disaster Recovery, 2nd Edition
37
Risk Determination
• Risk = (likelihood of vulnerability x value) – percent
of risk currently controlled + uncertainty of
assumptions
• Qualitative Risk Management
– General categories and ranking used to evaluate risk
– Factor Analysis of Information Risk (FAIR) strategy
• Promoted by CXOWARE
– Residual risk
• Remaining risk after control applied
Principles of Incident Response and Disaster Recovery, 2nd Edition
38
Identify Possible Controls
• Controls, safeguards, and countermeasures
– Represent security mechanisms, policies, and
procedures that reduce risk
• Three types of security policies
– Enterprise information security policy
– Issue-specific policies
– Systems-specific policies
• Programs
– Activities performed within the organization to
improve security
Principles of Incident Response and Disaster Recovery, 2nd Edition
39
Risk Control Strategies
• Defense approach (preferred approach)
• Attempts to prevent vulnerability exploitation
• Risk defense methods
– Defense through application of policy
– Defense through training and education programs
– Defense through technology application
• Usually requires technical solutions
• Eliminate asset exposure
– Attempt to reduce risk to an acceptable level
Principles of Incident Response and Disaster Recovery, 2nd Edition
40
Risk Control Strategies (cont’d.)
• Implement security controls and safeguards
– Deflect attacks to minimize the successful probability
• Transference
– Attempts to shift risk to other assets, processes,
organizations





Rethink how services offered
Revise deployment models
Outsource to other organizations
Purchase insurance
Implement service contracts with providers
Principles of Incident Response and Disaster Recovery, 2nd Edition
41
Risk Control Strategies (cont’d.)
• Mitigation
– Attempts to reduce impact caused by the vulnerability
exploitation
• Through planning and preparation
– Includes contingency planning




Business impact analysis
Incident response plan
Disaster recovery plan
Business continuity plan
– Requires quick attack detection and response
– Relies on existence and quality of the other plans
Principles of Incident Response and Disaster Recovery, 2nd Edition
42
Risk Control Strategies (cont’d.)
• Acceptance
– Do nothing to protect an information asset
• Accept the outcome of its potential exploitation
– Only valid when the organization has:






Determined the level of risk
Assessed the probability of attack
Estimated potential damage that could occur
Performed a thorough cost-benefit analysis
Evaluated controls
Decided asset did not justify the cost of protection
Principles of Incident Response and Disaster Recovery, 2nd Edition
43
Risk Control Strategies (cont’d.)
• Termination
– Difference from acceptance
• Remove asset from the environment representing risk
– Two main reasons
• Cost of protecting an asset outweighs its value
• Too difficult or expensive to protect asset compared to
value or advantage asset offers
– Termination must be a conscious business decision
• Not simple asset abandonment
Principles of Incident Response and Disaster Recovery, 2nd Edition
44
Contingency Planning and Its
Components
• Contingency plan
– Used to anticipate, react to, and recover from events
threatening events
– Restores organization to normal modes of business
operations
• Four subordinate functions




Business impact assessment (BIA)
Incident response planning (IRP)
Disaster recovery planning (DRP)
Business continuity planning (BCP)
Principles of Incident Response and Disaster Recovery, 2nd Edition
45
Business Impact Analysis
• Business impact analysis (BIA)
– Investigation and assessment of the impact of attacks
– Adds detail to prioritized threat an …
Purchase answer to see full
attachment

Order your essay today and save 10% with the discount code ESSAYHSELP