1 / 14

Cybersecurity Threats and Countermeasures

Cybersecurity Threats and Countermeasures. Unit 1: Basic security concepts. Learning Objectives. Upon the conclusion of this module, the student will be able to: Identify the effect that cyber warfare and cybercrime can have on society and an organization.

abarnhart
Download Presentation

Cybersecurity Threats and Countermeasures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cybersecurity Threats and Countermeasures Unit 1: Basic security concepts

  2. Learning Objectives • Upon the conclusion of this module, the student will be able to: • Identify the effect that cyber warfare and cybercrime can have on society and an organization. • Explain the trade-off between key security properties and usability. • Identify the basic concepts of threats, vulnerabilities, attack vectors, and risk. • Identify threat actors, their capabilities/techniques, motivations, risk aversion, and potential attack targets

  3. Cyber Warfare • “Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks through, for example, computer viruses or denial-of-service attacks” (Source: Rand Corporation. Retrieved from http://www.rand.org/topics/cyber-warfare.htm)

  4. Cyber Warfare Targets • Cyber war targets systems that are critical to maintaining a nation’s way of life, what the Department of Homeland Security identifies as “critical infrastructure” and cause widespread panic and uncertainty. • These systems include financial systems, healthcare, energy (electrical grids and power plants), water (including water treatment facilities and dams), communications systems, food and agriculture, and transportation systems, all of which are now connected to the Internet.

  5. Cybercrime • Unlike cyber warfare activities, cybercrimes are malicious activities that are often financial in nature. They involve credit card theft (most often large-scale), cyber extortion (ransomware attacks), theft of intellectual property (often with the intent to take stolen products to market before the developing company can do so). • These crimes are often perpetrated by individuals in economically-disadvantaged countries, or hostile nation states.

  6. Challenges • Defending against these threats can be challenging, given many factors: • “Zero day” vulnerabilities • Sophistication of attack tools, requiring little knowledge or skill on the part of the attacker • System complexity • Smaller devices associated with growth of “Internet of Things” • Lack of vulnerability/patch management processes

  7. Security Trade-Off • In addition to the security challenges previously addressed, there is always a trade-off between security and usability. As security services, such as those providing for confidentiality, integrity, and availability, are implemented, system performance and accessibility suffer.

  8. Security Threats • A security threat is the potential for an event to occur that would negatively impact security. • There are three types of threats: • Natural events (also called “Acts of God”) • Human error (accidents) • Attacks – attacks require malicious intent, so must be caused by people who would circumvent or violate security.

  9. Vulnerabilities • Vulnerabilities are weaknesses, such as with insecure (buggy) software code, or misconfigurations (e.g. default or weak passwords). • Vulnerabilities provide the opportunity by which threat agents/actors (the entity that would act on the threat) can cause the threat to occur. • A threat action is the realization (actualization) of the threat.

  10. Attack Vectors • Attack vectors are the methods, or path, that the attacker (threat actor) will use to attack. It is the path that they will take to take advantage of a vulnerability. • As an example, attackers will often use social engineering techniques, such as phishing, to attack a network.

  11. Risk • Risk is the degree to which an organization is exposed to the threat, and takes into consideration the likelihood and impact of the threat being realized. • Risk assessments are processes used by an organization to calculate the amount of risk that a threat presents to an organization, often with the goal of serving to better evaluate proposed security controls for cost effectiveness.

  12. Risk Handling Techniques • Risk handling is the process of managing risk so that either the likelihood of the threat occurring is reduced, or the impact is reduced. • Risk handling techniques include: • Risk Avoidance • Risk Mitigation • Risk Transference • Risk Acceptance • The degree to which an organization “accepts” risk (chooses to do nothing) is based on their risk tolerance. A “risk averse” organization will be more likely to implement security controls, even if they are more costly than the event.

  13. Threat Actors • Understanding who the threat actors, or attackers, are and the methods that they will use to attack a target is critical to effective cyber defense. This is categorized, using a military term, as Tactics, Techniques, and Procedures, or TTPs. • Tactics refer to the art or skill in achieving the goal. Techniques are the methods that are employed that are often unique to the attacker (for example, specific “signatures” that might identify the writer of malware), and the procedures are the actions that are taken during an attack (port scans, for instance).

  14. Threat Actor Types

More Related