Unlock the full potential of your projects.
显示完整思维导图
复制和编辑思维导图 复制

Comp TIA security Section 2 : the CIA of security

其他
ES
Emtenan saad
马上开始. 它是免费的哦
注册 使用您的电邮地址
类似的思维导图 思维导图概述
Comp TIA security Section 2 : the CIA of security 作者: Mind Map: Comp TIA security Section 2 : the CIA of security

1. Managing risk

1.1. * risk Identification/ Assessment

1.2. * Nessus program:The popular vulnerability assessment tools

1.3. Threat assessment:define the threats that are applicable to your particular infrastructure

1.3.1. 1- Adversarial 2-Accidental 3-Structural 4-Environmental

1.4. * Risk response * Mitigation is effort to reduce impact of risk * Risk transference * Risk acceptance * Risk Avoidance

1.5. * NIST Risk management Framework Special Publications

1.6. * ISACA Risk IT Framework

2. The CIA of security

2.1. The goal of security is protect CIA :

2.2. • Confidentiality. A system’s ability to ensure that only the correct, authorized user/system/resource can view, access, change, or otherwise use data.

2.3. • Integrity. A system’s ability to ensure that the system and information is accurate and correct.

2.4. • Availability. A system’s ability to ensure that systems, information, and service

3. What is Risk ?

3.1. * Assets : are any part of our infrastructure that we are worried about getting harmed

3.2. * Vulnerabilities:weaknesses that allows an asset to be explained

3.3. * * Threats : discovered action that exploits a vulnerability potential to do harm to an asset

3.4. Threat agent initiated a threat

3.5. Likelihood:defines the level of security that something will happen

3.6. * Quantitative likelihood - * Impact : is the harm caused by threat * Threat -> vulnerability = Risk

4. * Security Control Functions

4.1. * 1 - Deterrent :deters the actor from attempting the threat * 2-Preventative :deters the actor from performing the threat * 3-Detective :recognizes an actor's threat * 4-Corrective :mitigates the impact of a manifested * 5-Compensating :provides alternative fixes to any of the above functions

5. security Controls :

5.1. * Administrative Control control actions towards IT security

5.1.1. * 1-Laws * 2-Policies * 3-Guidelines * 4-Best practices

5.2. * Technical Control control actions IT systems towards IT security

5.2.1. * 1-Computer stuff * 2- Firewas * 3-Password links * 4-Authentication

6. Threat Actors

6.1. * threat actors : people and organizations that actually do the types of attacks

6.2. Attributes of threat actors : internal-external

6.3. * The types of threat actors:

6.3.1. 1- skript kiddies: trivial attack knowledge 2- Hacktivist : intent is motivation 3-Organized Crime :motivation is money 4-Nation states/advanced persistent threat (APT) :Motivation is intelligence

6.4. * insiders: not always an employee - Within the infrastructure- Has access to information

7. * Physical Control control actions in the real world

7.1. * 1-Gates * 2-Guards * 3- kays * 4-Man traps

8. Using Guides for Risk Assessment

8.1. Use threshold value to verification excepted throughput or action

8.2. * Secure configuration * Network infrastructure devices

8.3. * General purpose guides are more like a list of security controls