null
US
Iniciar Sesión
Regístrate Gratis
Registro
Hemos detectado que no tienes habilitado Javascript en tu navegador. La naturaleza dinámica de nuestro sitio requiere que Javascript esté habilitado para un funcionamiento adecuado. Por favor lee nuestros
términos y condiciones
para más información.
Siguiente
Copiar y Editar
¡Debes iniciar sesión para completar esta acción!
Regístrate gratis
18263961
Security + - Risk Management
Descripción
Primeiro modulo do curso Udemy
Sin etiquetas
security
cia
cybersecurity
confidentiality
accountability
integrity
técnico
Mapa Mental por
Maicon Alencar
, actualizado hace más de 1 año
Más
Menos
Creado por
Maicon Alencar
hace alrededor de 5 años
13
0
0
Resumen del Recurso
Security + - Risk Management
Aula 2 - The CIA - Confidentiality, integrity, Availability
Objetivos da Segurança da Informação
THE CIA // O CID
Confidencialidade
Visualização / manuseio de dados
Manter os dados secretos de quem não precisa acessá-los
Integridade
Enviar / Transmitir / Receber / Guardar
Nenhuma alteração/deleção sem autorização pode ocorrer
Disponibilidade
Garantir que informaçao esteja disponivel
Acesso de um usuário autorizado
Complementar o CID
Accountability & Audition
Logging
Quem acessou esse arquivo?
Quem fez esta alteração?
Non Repudiation
Usuario
Não pode negar que fez tal ação. Ele não pode apagar rastros
Quick Review
The goal of security is Defined as CIA
CIA stands for confidentiality, integrity, and availability
Dont forget auditing, accountability and non-repudiation
Aula 3 - Threat Actors
Attributes
Internal? / External?
What is the intention? What's the goal?
How Sophisticated is? More sophisticated = more dangerous
Using open user inteligence? It means, facebook, twitter, shodan, etc etc
Types of Threat Actors
Script kiddies
easily blocked
Dont have sophistication
Use Pre-made tools
Trivial attack knowledge
Hacktivist
Motivation/intent/ ideology
Organized crime
Group of people working togetter
money
Nation States / Advanced Persistent Threat (APT)
probably the biggest issue
Big resources
Big sophistication
between governments
Insiders
somebody who is in the structure of company
not always an employee
has access to information
who can access asset
Competitors
between organizations
Its like coca cola vs pepsi
less common today
Aula 4 - What is Risk?
Assets
Computers
equipments
plants
people
intangible things
Vulnerabilities
weakness to an asset
leaves it open to bad things happening to it
example
default user name in a server
server room unlocked
garbage in street with confidential data
Threats
Action
Negative event that exploits a vulnerability
Example
someone reads the garbage
someone unauthorized running into your server room
someone unauthorized get access to your server
method to Protect our stuff from bad things
Likelihood
The level of certainty (certeza) that something will happen
two ways to measure
Quantitative likelihood
numbers, statistics, historic
your power supply have a MTBF of 100 000 hours
Qualitative likelihood
things that its so hard put numbers to measure
customer loyalty (lealdade de cliente)
Impact
The harm caused by a threat
measurements
quantitative
cost
labor (trabalho)
people work hours lost
time
how is the ETR?
qualitative
corporate reputation
Guide for risk management
N1ST SP 800-300
quick review
Threats exploit vulnerabilities to harm assets
assets can have vulnerabilities
use SP 800-30 as part of risk assessment
Recursos multimedia adjuntos
Image (binary/octet-stream)
Image (binary/octet-stream)
Image (binary/octet-stream)
Mostrar resumen completo
Ocultar resumen completo
¿Quieres crear tus propios
Mapas Mentales
gratis
con GoConqr?
Más información
.
Similar
CET_TARDE - Security Fundamentals 2017 - Part 2
Hawerth Castro
CET_TARDE - Security Fundamentals 2017 - Preparing for the certified
Hawerth Castro
ARKAN SYSTEM
rafael.harada
CET_TARDE - Security Fundamentals 2017 - Part 1
Hawerth Castro
Princípios Básicoda Segurança daInformação (DICA)
Shark costa
Categorias
Alisson Campelo
Security Plus
celoramires
ATI - Accountability and Talent Improvement
Leandro de Oliveira
ACCOUNTABILITY
Bruno Feitosa
GOVERNABILIDADE E ACCOUNTABILITY
Tyson Gonçalves Silva
(1) Obtenção de Informações
Rafael Silva
Explorar la Librería