Cybersecurity Unti I2
Cybersecurity Unti I2
Cybersecurity Unti I2
UNIT - 1
PLANNING FOR CYBER SECURITY
Cybersecurity
It includes:
Objectives
Confidentiality
Integrity
Availability
Non-repudiation
Assurance that the sender of information is provided with proof of
delivery and the recipient is provided with proof of the senders, identity. So
neither/nor can later deny having processed the information.
Authenticity
Verifying that users are who they say they are and that each input arriving
at the system come from a trusted source.
Accountability
Definitions
Risk
Asset
1) Processing power
Threat
Violation of security that exits when there is a circumstances, capability,
an action or an event that breach security and cause harm
Vulnerability
External Requirements:
Internal Requirements:
IT Strategic planning
3) Current-state assessment
6) Regular reviews:
Monthly reviews to ensure that plan and decisions are followed.
Organizational structure
C-Level executives
NIST SP 800-53
Tasks
1) Appoint a single executive to be responsible for security governance.
Duties
asset valuation
Security and privacy control selection.
Implementation and assessment
system and Control authorization.
Continuous monitoring
Iterative process
Steps
ISO 27005
Context establishment.
Risk assessment treatment, acceptance, Communication & consultation,
monitoring & review.
ASSET IDENTIFICATION
Asset is anything value to the business that requires protection, including hardware, software,
information and business assets.
Hardware Assets include servers, workstations, laptops, mobile devices, removable media,
networking and telecommunication equipment and peripheral equipment.
Key Concerns:
Software Assets include Applications, operating systems, other system software, Data base
Management software, File System and client – server software.
Information Assets comprise the information stored in data base and file
systems both on premises and remotely in the cloud.
Types of Information
Communication data
Routing information
Subscriber information
Blacklist information
Registered service information
Operational information
Trouble information
Configuration information
Customer information
Billing information
Customer calling patterns
Customer geographic information
Traffic statistical information
Contracts and agreements
System documentation
Research information
User manuals
Business Assets includes
Human resources
Business Processes
Physical plant