SlideShare a Scribd company logo

CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)

WAJAHAT IQBAL
WAJAHAT IQBAL

This post contains detailed Mindmap related to Complex subject of Cyber security and address critical components summarized as below: - Cyber Security standards - SOC (Security Operation Center) - Cybersecurity Lifecycle - Hacker Kill Chain - Malware (Types,Protection Mechanism) - Cyber Architecture - CSC (Critical Security Standards) - Incident Management - Network Perimeter best security practices - Final Case Study I hope the Technical post is appreciated and liked by Security Consultants and Subject Matter experts on Cybersecurity.Your criticals Inputs are appreciated.Thank you - Wajahat Iqbal (Wajahat_Iqbal@Yahoo.com)

Technology
1 of 18
Download to read offline
1 | P a g e A) Definition: Cybersecurity Domain is a collection of best practices,Technologies,Frameworks & Standards to protect an enterprise,organization ,Govt entities,Military establishment,Individual user from global cyber threats(Theft Identity,Cybertheft,Cyber-ransom,Infrastructure damage) resulting in either Financial,Economical,Copyright Information,Personal identity,Infrastructure loss. B)Well known Cybersecurity Risk Standards & Frameworks:  NIST Cybersecurity Framework  ISO 27001 (Information Security Management Framework)  ISACA COBIT5  NIST SP800-53  NIST SP800-30  ISA 62443  ISO 27005 C) Establishment and acceptance of the Cybersecurity Standards: The Cybersecurity standards were first adopted in the Seoul (South Korea) Conference on Global Cybersecurity in 2013 D) Cybersecurity Tactics (Holistic View):  Manage physical access to IT Infrastructure  Manage sensitive documents and output Devices  Monitor the Infrastructure for security related Events  Protect against Malware (*** Most challenging and difficult aspect of Cybersecurity)  Manage Network and Connectivity security  Manage User Identity and logical access E) Cybersecurity Lifecycle: The Cybersecurity Lifecycle can be described aptly by the below (Figure-1) which decomposes the various stages CyberSecurity – Concepts & Best practices (MIND MAP)
2 | P a g e Risk Actions: The most generally accepted Actions on Risk Management are - (1) Risk Acceptance (2) Risk Transfer (3) Risk Avoidance (4) Risk Mitigation) – Depending on Risk Appetite/Risk Tolerance threshold of an Organisation (1) Identify Business outcomes (2)Understand Vulnerabilities Threats (3)Create current profile (4)Conduct Risk assesments (5)Apply Controls (6)Create Target profile (7)Determine,analyze & prioritize gaps (8)Implement plan (9)Report to stakeholders (10)Continuous monitoring Cyber security Lifecycle
3 | P a g e F) Threat to Cyberdefense: The damage caused by threats to Cyberdefense can be characterized by loss of “Confidentiality, Integrity or availability (CIA)”, the basic model of Data Security as practiced in ISO27001/27002 and other globally accepted standards G) Lockheed Martin - Hacker Kill Chain: The USA Aeronautics Major Lockheed Martin – Kill Chain methodology describes seven steps from reconnaissance through actions on the objectives and recommends defenses be designed to align with each of the seven steps in the process:
4 | P a g e 1. Reconnaissance: Finding the Host,Internet Website,Domain Do IP Address Scan of the Business Domain Do Port Scan of the Active hosts Automated scanning by Botnets (Compromised Systems) Locate Network Topology and identify potential access control Devices Tools: Traceroute,Visualroute,Netscan Tools,pinger,fping,Superscan,Nmap,Languard etc 2. Weaponization: Identify the Vulnerability Initiate the Attack Coupling a remote access Trojan(RAT) with an Exploit into a deliverable payload,typically by means of an automated tool (The commonly used weaponizer are Adobe PDF and Microsoft Office documents) Tools: Nmap,Nessus,WebInspect,ISS Internet Scanner,Retina etc 3. Delivery: Transmission of Weapon to the targeted environment Three most prevalent delivery vectors for weaponzied payloads are – Emails,Compromised Web Sites & USB removal media 4. Exploitation: Email,Website &USB explore a Vulnerability on launch and Hacket gets remote access to admin Shell Exploitation targets Operating System or Application vulnerability 5. Installation: Install Malware(Malicious Code) into Memory,Disk or Operating System Kernel,modify windows registry,modify Unix Kernel Allow installation of remote access Trojan or backdoor on the victim system 6. Command & Control (C2): Compromised system/hosts beacon back to the Master Controller to establish C2 Channel
5 | P a g e Hacker gains complete control of the compromised system Intruders have “hands on the keyboard” access to the targeted environment 7. Action: This Activity is data exfiltration that involves collecting,encrypting and extraction information (e,g Deface Website,Steal Credit Card Information,Steal Copyright Information,Steal IE passwords,Modify Banking websites,Steal medical records) etc H) Popular Cyber Attacks: The most popular Cyber Attacks are listed below S.No Attack Type (Code Name) Attack Payload Damage 1 Phising/Spearphising Emails, Phising Websites Gain Control of System by Intruder 2 Driveby/Waterhole/Malvertising Phising Websites Gain Control of System by Intruder 3 Code Injection/Web Shell Vulnerable Website Gain Control of System by Intruder 4 Key Logging/Session hijacking Malware injection Gain Control of System by Intruder 5 Pass-the-hash & Pass-the-Ticket Vulnerable Operating System Network Control by Intruder 6 Malware/Botnet Malware injection Gain Control of System by Intruder 7 Distributed Denial of Service(DDoS) Streams of Data Packet sent to Host Denial of Service by Host 8 Identity Theft Vulnerable Operating System Loss of Personal Data(Credit Card No,Social Security No, Medical Records) 9 Industrial Espionage APT (Advanced Persistent Threat) Malware Loss of Confidential/Copyright Information 10 Ransomware Ransomware Malware No access to File shares/Directories 11 Bank Heist Vulnerable Operating System Gain Control of System by Intruder 12 Sabotage Emails,USB Media,Websites Infrastructure Damage 13 Infestation/Whack-a-Mole Malware injection Breach of Confidentiality,Integrity,Availability to the Network 14 Burndown Vulnerable OS,Application,Database Infrastructure Damage 15 Meltdown Vulnerable OS,Application,Database Enterprise Infrastructure Damage 16 Defamation Social Engineering Personal Data Loss 17 Graffiti Vulnerable Website Defacing of Website
6 | P a g e I) Some Famous Cyber Hacks in History: S.No Hack Code Name Attack Payload Damage Year 1 CD-Universe Hack OS & Application Vulnerability Stolen Credit Card Numbers(Data Breach) 1999 2 DDOS (Distributed Denial of Service) -Yahoo & CNN Packet Stream to Host Web Site (Port 80) Denial of Service (DoS) 2000 3 Nimda Virus Trojan weaponization through IIS exploits,Email,HTTP Browsing,Windows Network neighborhood Denial of Service (DoS) 2001 4 Sony Pictures DDOS BOTNET Network Distributed Denial of Service (DDoS) 5 QAZ Worm Hack – Microsoft (USA) Trojan weaponization through IIS exploits,Email,HTTP Browsing Denial of Service(DoS) 2000 6 Egghead Crack (Popular Ecommerce Site) OS & Application Vulnerability Stolen Credit Card Numbers(Data Breach) 2001 7 Global DDoS(Network Time Protocol Reflection Attack) BOTNET Network – NTP Protocol Distributed Denial of Service (DDoS) 2014 8 Anthem (USA) Data Breach OS & Application Vulnerability Stolen Medical Records 2015 9 State Attack – Political (Cyber Sabotage) APT - Stuxnet Malware Infrastructure Damage to Iran Nuclear Facilities by USA & Israel 2010 10 State Attack – Political ( Cyber Espionage) E-Mail attachments Stolen Confidential Data by China Hackers (Titan Rain) in Pentagon 2007 J) Type of Hackers (Profile): - Individual Hacker, State Sponsored (With Political & Military Agenda) & Cyber Criminals (Organised Mafia)
7 | P a g e K) Types of Malware & Protection best practices:
8 | P a g e L) Security Operation Center (SOC) key components: Lately SOC has become an integral part of any Organisation to protect itself from Cyber attacks and detect/correct/recover from a Cyber Incident in the quickest span of time without further damage to its reputation. The critical components of a SOC are described as follows:  IDS/IPS Infrastructure  Firewall Infrastructure  SIEM (Security Information and Event Monitoring System)  Logging and Alerting mechanism  Security Incident Processes  Forensics capability  User Training & Retention  Managing Evidence
9 | P a g e M) Cybersecurity Architecture: Using Industry best practices and standards the Cyber Security Architecture can be broken down as follows N) Defense in Depth: This is the most common practice employed by Organisation to create and implement a multilayered approach to Cybersecurity.It is described by the following process (Figure -2) and can be implemented at various layers of the Network Infrastructure • Network Security • Identity,Authentication and Access Management • Data Protection and Cryptography • Monitoring Vulnerability & Patch Management • High Availablity,Disaster Recovery & Physical protection • Asset Management & Supply Chain • Policy,Audit,E-Discover & Training • Systems Adminstration • Application Security • Endpoint,Server & Device Security Cybersecurity Architecture
10 | P a g e O) Nine Basic Steps of Cybersecurity Program:These are the guidelines to follow while drawing up a comprehensive Cybersecurity program in an Organisation  #1 :Explore the Legislation and other requirements  #2:Define the Business benefits and get top Management support (Very Important)  #3:Setting the Cybersecurity requirements  #4:Choosing the framework for Cybersecurity Implementation  #5:Organizing the Implementation (Setting up Teams,PM Resources,Project Charter,Budget etc)  #6:Risk Assessment & Mitigation (Applying Controls)  #7: Implementation of Controls  #8: Training & Awareness  #9: Continuous Monitoring and Checks And Reporting to Senior Management (C Level Executives) P) Cybersecurity Enterprise Operational Processes:To maintain an effective Cybersecurity posture,the CISO should maintain a number of enterprise operational processes to include the following: 1. Policies and Policies Exception Management 2. Project and Change Security Reviews 3. Risk Management 4. Control Management 5. Auditing and Deficiency Tracking 6. Asset Inventory and audit 7. Change Control 8. Configuration Management Database Re-Certification 9. Supplier reviews and Risk assessments 10. CyberIntrusion Response 11. All-Hazards Emergency preparedness Exercises 12. Vulnerability Scanning,Tracking & Management
11 | P a g e 13. Patch Management & Deployment 14. Security Monitoring 15. Password and Key Management 16. Account and Access periodic Re-Certification 17. Privileged Account activity Audit Q) SANS – Top 20 Critical Security Controls: These are widely established critical controls to maintain a healthy Network security posture S.No Critical Security Controls Code No National Security Agency Rank 1 Inventory of H/W Assets,Criticality & Location CSC1 Very High 2 Inventory of S/W Assets,Criticality & Location CSC2 Very High 3 Secure Configuration Servers CSC3 Very High 4 Vulnerability Assessment & Remediation CSC4 Very High 5 Malware Protection CSC5 High/Medium 6 Application Security CSC6 High 7 Wireless Device Control CSC7 High 8 Data Recovery CSC8 Medium 9 Security Skills Assessment CSC9 Medium 10 Secure Config Network CSC10 High/Medium 11 Limit and Control Network Ports,Protocols & Services CSC11 High/Medium 12 Control Admin privileges CSC12 High/Medium 13 Boundary/Network Perimeter Defense CSC13 High/Medium 14 Maintain,Monitor and Analyze Audit Logs CSC14 Medium 15 “Need to know” Access CSC15 Medium 16 Account Monitoring & Control CSC16 Medium 17 Data Loss Prevention (DLP) CSC17 Medium/Low 18 Incident Response Plan CSC18 Medium 19 Secure Network Engineering (Secure Coding) CSC19 Low 20 Penetration Testing & Red Team Exercises CSC20 Low
12 | P a g e R) Incident Security Process: The critical Incident process/Types/Management is described by the following Mind map
13 | P a g e S) Automated Network Discovery Mechanism for Cyberattack: These days professional Hackers,Malware developers,Cyber Criminals work in tandem to develop automated Tools to initiate a Cyber Attack against the intended victim/host.The mechanism is to install remote access Trojan(RAT) on compromised system(BOTNETS) which could number in thousands and then initiate the attack in phases.Below is the (Figure-3) showing the concept Key Components of a BOTNET Attack (Example BOTNET Attacks : ZEUS,CITADEL,GO ZEUS)  BOTNET Construction Kit  Command & Control Capability  Remote Access Trojan(RAT)  Custom developed Malware(Malicious Code) for the intended Victim/Host
14 | P a g e T) Network Perimeter best Security practices:The below are the Network Perimeter Best Security practices which have matured through cycles of Iterations subjective to critical Testing by Security Gurus & Consultants globally  Restrict use of administrative utilities(e,g Microsoft Management Console)  Use secure File permission system i.e NTFS & UFS File System  Manage Users properly especially the Admin Accounts on Unix & Windows machines  Perform Effective Group Management for – Admin,Print,Power,Server operator & Normal Users in Windows 2000 O.S  Enforce strong password policy,password aging for Users  Enable Windows O.S and Unix O.S logging facility  Eliminate unnecessary Accounts (especially the Employee’s who have left the Organisation)  Disable Resource sharing service and remove hidden administrative shares – C$,ADMIN$,WIN NT$ in older version of Windows O.S  Disable unneeded Service in Unix – Telnet,Finger ,tftp,NTP(Network Time protocol)  Applications should use the latest Security patches in Production Environment  Enforce using NAT(Network Address Translation) & PAT(Port Address Translation) in internal Network (Firewalls & Routers)  Enable DNS Spoofing,DOS Attacks (Smurf & Direct Broadcast Attacks) mitigation policies on Gateway Routers via ACL and Cisco IOS  Enforce Best Industry practice of secure Application Coding to mitigate “Buffer Overflow” Vulnerability in the Memory  Enforce strong password policy,password aging,lockout policy for Application Databases (Oracle,Sybase)  Install latest O.S and Application patches as soon they are available from Vendors  Install latest Security patches for Browsers,Flash Players,Microsoft Applications  Update the Anti-Virus & IDS/IPS /HIDS Signatures on frequent basis  Update the Business Continuity/DR Plan and keep latest backup of all critical Servers  Update and Install latest Security patches for Application Gateways(Proxies),Web Filltering Devices,Firewalls  Check the Logs daily on Firewalls,IPS/IDS,HIDS for any Security Incident triggered by any malicious Activity  Implement Industry Best practices to secure the Network (NIST Guidelines,SANS 20 Critical Security Controls,NSA Guidelines etc)  Place the Mission Critical Web Servers (User Interface) on a Screened Subnet,DMZ and the backend Application Server & Oracle Database Server in the internal Network  Change the Default Password of SNMP Community string on Network Devices
15 | P a g e U) Network Perimeter Design for a Secure Network to mitigate Cyber attacks: Example Network (Case Study)
16 | P a g e The above Diagram conceptualizes an ideal Scenario Network of a Corporate Organisation with multiple Entry & Exit points for the Email,Web,Wireless and VPN Traffic.It shows the placement of the Intrusion Detection Devices(IDS) at multiple points to monitor both the Internal and External Traffic for any Malicious Traffic in real Time.The Network is shown for Illustrative purposes only. Design Features:  Border Router:A Gateway Router connects the network to the Internet and provides basic Filtering through ACL(Access Control Lists) on Ingress & Egress Interfaces  Just behind the Gateway Router is Stateful Inspection Firewall that enforces the majority of access control of the network  Public services and private services have been separated by putting them on different network segments (DMZ,Corporate & Screened Subnet)  Split DNS is being used on public DNS Server and it provides Name resolution for public services only  Intrusion Detection Systems(IDS) are located on the public,private,network perimeter end points to watch for unusual activity  The Front end Application Web server is on the Screened Subnet and the backed Oracle DB Server is behind the Internal Firewall  Host based IDS(HIDS) complement the Network by adding additional layer of security and are placed on the individual mission critical servers(Anti-Virus,Email Proxy,Web Proxy,Internal Email Server,Oracle DB Server) to monitor the systems network activity,log files,Files Systems Integrity and User actions.A host based IDS will also detect and generate an alarm when it detects escalation of privileges for a Guest user to Admin Account  Host based IDS can help detect attacks that network IDS evasion techniques  Host based IDS is also useful for correlating attacks picked up by Network sensors  All security log entries are sent to the SIEM(Security Information and Event Monitoring System) for Data Analysis and Forensics.The SIEM generates an Alert when suspicious activity is detected  For the Remote Office users all their Laptops are installed with Personal Firewalls to mitigate/detect Hacker entry through backdoor channels  All configuration of security devices is performed from the management console  Additionally one can install TACACS,RADIUS Servers to monitor Users access on the Gateway Router and other mission critical Servers
17 | P a g e The sample Rule base configured on the Stateful Inspection Firewall can be as follows (Illustrative purpose only): Rule No Incoming Zone Outgoing Zone Source Destination Service Action 1 Internet Screened Subnet Any App Web Server HTTP.HTTPS Allow Internet Screened Subnet Any Web Proxy HTTP,HTTPS Allow 2 Internet DMZ Any E-Commerce Server HTTP,HTTPS Allow 3 Internet Screened Subnet Any Email Proxy SMTP Allow 4 Internet Screened Subnet Any DNS Server DNS Allow 5 Internet DMZ Any E-Commerce Server SSH Allow 6 Internal Screened Subnet Internal Mail Server MailRelay(Email Proxy) SSH Allow 7 Internal DMZ Order Server E-Commerce Server SSH Allow 8 Internal Internet Internal Mail Server Any SMTP Allow 9 Internal Internet Internal DNS Server Any DNS Allow 10 Internal Internet Workstations Any HTTP,HTTPS,FTP Allow 11 Internal Screened Subnet Oracle DB Server Application Web Server HTTP,HTTPS,SSH Allow 12 Internet Screened Subnet Norton.Com Anti-Virus Server FTP Allow 13 All Management All Devices Group SIEM Server Syslog Allow 14 Management Any Management Console Security Devices Group SSH,SRMC Allow,Log 15 Management Internet Management Console Snort.Org HTTP.HTTPS Allow 16 Any Any Any Any Any Deny,Log
18 | P a g e Conclusion Note: The process to securing and making a perfect “Digital World” is a ongoing continuous Journey ,and with ever changing Modus operandi of the Hackers and the Cyber Criminals globally,we always have to be one step forward in the race to protect our Digital Assets,Intellectual property,Identity,Infrastructure.Thank You Disclaimer Note: This is Copyright Material @Wajahat Iqbal (2016) and the Information shown is collected from Internet repositories and any Typo, Error, Omission is regretted on behalf of Author.The Author does not hold any responsibility or Liability for the incorrectness of the Information shared.This Mindmap Document can be shared/Printed/Distributed keeping in view that Credit is given rightly to the Author.

Recommended

Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 

Recommended

Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk AssessmentSmart Assessment
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat ModelingNarudom Roongsiriwong, CISSP
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Industrial Control System Cyber Security and the Employment of Industrial Fir...
Industrial Control System Cyber Security and the Employment of Industrial Fir...Industrial Control System Cyber Security and the Employment of Industrial Fir...
Industrial Control System Cyber Security and the Employment of Industrial Fir...Schneider Electric
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 

More Related Content

What's hot

Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 

What's hot (20)

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 

Viewers also liked

Industrial Control System Cyber Security and the Employment of Industrial Fir...
Industrial Control System Cyber Security and the Employment of Industrial Fir...Industrial Control System Cyber Security and the Employment of Industrial Fir...
Industrial Control System Cyber Security and the Employment of Industrial Fir...Schneider Electric
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 

Viewers also liked (7)

Industrial Control System Cyber Security and the Employment of Industrial Fir...
Industrial Control System Cyber Security and the Employment of Industrial Fir...Industrial Control System Cyber Security and the Employment of Industrial Fir...
Industrial Control System Cyber Security and the Employment of Industrial Fir...
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 

Similar to CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)

Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Emerging Threats to Infrastructure
Emerging Threats to InfrastructureEmerging Threats to Infrastructure
Emerging Threats to InfrastructureJorge Orchilles
 
Ce hv8 module 04 enumeration
Ce hv8 module 04 enumerationCe hv8 module 04 enumeration
Ce hv8 module 04 enumerationMehrdad Jingoism
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security OperationsNapier University
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxSeceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxCompanySeceon
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdfSuleiman55
 
Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture ACMDLearning
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Alan Kan
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...James Anderson
 

Similar to CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap) (20)

Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 
Emerging Threats to Infrastructure
Emerging Threats to InfrastructureEmerging Threats to Infrastructure
Emerging Threats to Infrastructure
 
Ce hv8 module 04 enumeration
Ce hv8 module 04 enumerationCe hv8 module 04 enumeration
Ce hv8 module 04 enumeration
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security Operations
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Network security
Network securityNetwork security
Network security
 
NetworkSecurity
NetworkSecurityNetworkSecurity
NetworkSecurity
 
Cyber security
Cyber securityCyber security
Cyber security
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
 
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxSeceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
 
Information security
Information securityInformation security
Information security
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdf
 
Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture A
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
 

Recently uploaded

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)

  • 1. 1 | P a g e A) Definition: Cybersecurity Domain is a collection of best practices,Technologies,Frameworks & Standards to protect an enterprise,organization ,Govt entities,Military establishment,Individual user from global cyber threats(Theft Identity,Cybertheft,Cyber-ransom,Infrastructure damage) resulting in either Financial,Economical,Copyright Information,Personal identity,Infrastructure loss. B)Well known Cybersecurity Risk Standards & Frameworks:  NIST Cybersecurity Framework  ISO 27001 (Information Security Management Framework)  ISACA COBIT5  NIST SP800-53  NIST SP800-30  ISA 62443  ISO 27005 C) Establishment and acceptance of the Cybersecurity Standards: The Cybersecurity standards were first adopted in the Seoul (South Korea) Conference on Global Cybersecurity in 2013 D) Cybersecurity Tactics (Holistic View):  Manage physical access to IT Infrastructure  Manage sensitive documents and output Devices  Monitor the Infrastructure for security related Events  Protect against Malware (*** Most challenging and difficult aspect of Cybersecurity)  Manage Network and Connectivity security  Manage User Identity and logical access E) Cybersecurity Lifecycle: The Cybersecurity Lifecycle can be described aptly by the below (Figure-1) which decomposes the various stages CyberSecurity – Concepts & Best practices (MIND MAP)
  • 2. 2 | P a g e Risk Actions: The most generally accepted Actions on Risk Management are - (1) Risk Acceptance (2) Risk Transfer (3) Risk Avoidance (4) Risk Mitigation) – Depending on Risk Appetite/Risk Tolerance threshold of an Organisation (1) Identify Business outcomes (2)Understand Vulnerabilities Threats (3)Create current profile (4)Conduct Risk assesments (5)Apply Controls (6)Create Target profile (7)Determine,analyze & prioritize gaps (8)Implement plan (9)Report to stakeholders (10)Continuous monitoring Cyber security Lifecycle
  • 3. 3 | P a g e F) Threat to Cyberdefense: The damage caused by threats to Cyberdefense can be characterized by loss of “Confidentiality, Integrity or availability (CIA)”, the basic model of Data Security as practiced in ISO27001/27002 and other globally accepted standards G) Lockheed Martin - Hacker Kill Chain: The USA Aeronautics Major Lockheed Martin – Kill Chain methodology describes seven steps from reconnaissance through actions on the objectives and recommends defenses be designed to align with each of the seven steps in the process:
  • 4. 4 | P a g e 1. Reconnaissance: Finding the Host,Internet Website,Domain Do IP Address Scan of the Business Domain Do Port Scan of the Active hosts Automated scanning by Botnets (Compromised Systems) Locate Network Topology and identify potential access control Devices Tools: Traceroute,Visualroute,Netscan Tools,pinger,fping,Superscan,Nmap,Languard etc 2. Weaponization: Identify the Vulnerability Initiate the Attack Coupling a remote access Trojan(RAT) with an Exploit into a deliverable payload,typically by means of an automated tool (The commonly used weaponizer are Adobe PDF and Microsoft Office documents) Tools: Nmap,Nessus,WebInspect,ISS Internet Scanner,Retina etc 3. Delivery: Transmission of Weapon to the targeted environment Three most prevalent delivery vectors for weaponzied payloads are – Emails,Compromised Web Sites & USB removal media 4. Exploitation: Email,Website &USB explore a Vulnerability on launch and Hacket gets remote access to admin Shell Exploitation targets Operating System or Application vulnerability 5. Installation: Install Malware(Malicious Code) into Memory,Disk or Operating System Kernel,modify windows registry,modify Unix Kernel Allow installation of remote access Trojan or backdoor on the victim system 6. Command & Control (C2): Compromised system/hosts beacon back to the Master Controller to establish C2 Channel
  • 5. 5 | P a g e Hacker gains complete control of the compromised system Intruders have “hands on the keyboard” access to the targeted environment 7. Action: This Activity is data exfiltration that involves collecting,encrypting and extraction information (e,g Deface Website,Steal Credit Card Information,Steal Copyright Information,Steal IE passwords,Modify Banking websites,Steal medical records) etc H) Popular Cyber Attacks: The most popular Cyber Attacks are listed below S.No Attack Type (Code Name) Attack Payload Damage 1 Phising/Spearphising Emails, Phising Websites Gain Control of System by Intruder 2 Driveby/Waterhole/Malvertising Phising Websites Gain Control of System by Intruder 3 Code Injection/Web Shell Vulnerable Website Gain Control of System by Intruder 4 Key Logging/Session hijacking Malware injection Gain Control of System by Intruder 5 Pass-the-hash & Pass-the-Ticket Vulnerable Operating System Network Control by Intruder 6 Malware/Botnet Malware injection Gain Control of System by Intruder 7 Distributed Denial of Service(DDoS) Streams of Data Packet sent to Host Denial of Service by Host 8 Identity Theft Vulnerable Operating System Loss of Personal Data(Credit Card No,Social Security No, Medical Records) 9 Industrial Espionage APT (Advanced Persistent Threat) Malware Loss of Confidential/Copyright Information 10 Ransomware Ransomware Malware No access to File shares/Directories 11 Bank Heist Vulnerable Operating System Gain Control of System by Intruder 12 Sabotage Emails,USB Media,Websites Infrastructure Damage 13 Infestation/Whack-a-Mole Malware injection Breach of Confidentiality,Integrity,Availability to the Network 14 Burndown Vulnerable OS,Application,Database Infrastructure Damage 15 Meltdown Vulnerable OS,Application,Database Enterprise Infrastructure Damage 16 Defamation Social Engineering Personal Data Loss 17 Graffiti Vulnerable Website Defacing of Website
  • 6. 6 | P a g e I) Some Famous Cyber Hacks in History: S.No Hack Code Name Attack Payload Damage Year 1 CD-Universe Hack OS & Application Vulnerability Stolen Credit Card Numbers(Data Breach) 1999 2 DDOS (Distributed Denial of Service) -Yahoo & CNN Packet Stream to Host Web Site (Port 80) Denial of Service (DoS) 2000 3 Nimda Virus Trojan weaponization through IIS exploits,Email,HTTP Browsing,Windows Network neighborhood Denial of Service (DoS) 2001 4 Sony Pictures DDOS BOTNET Network Distributed Denial of Service (DDoS) 5 QAZ Worm Hack – Microsoft (USA) Trojan weaponization through IIS exploits,Email,HTTP Browsing Denial of Service(DoS) 2000 6 Egghead Crack (Popular Ecommerce Site) OS & Application Vulnerability Stolen Credit Card Numbers(Data Breach) 2001 7 Global DDoS(Network Time Protocol Reflection Attack) BOTNET Network – NTP Protocol Distributed Denial of Service (DDoS) 2014 8 Anthem (USA) Data Breach OS & Application Vulnerability Stolen Medical Records 2015 9 State Attack – Political (Cyber Sabotage) APT - Stuxnet Malware Infrastructure Damage to Iran Nuclear Facilities by USA & Israel 2010 10 State Attack – Political ( Cyber Espionage) E-Mail attachments Stolen Confidential Data by China Hackers (Titan Rain) in Pentagon 2007 J) Type of Hackers (Profile): - Individual Hacker, State Sponsored (With Political & Military Agenda) & Cyber Criminals (Organised Mafia)
  • 7. 7 | P a g e K) Types of Malware & Protection best practices:
  • 8. 8 | P a g e L) Security Operation Center (SOC) key components: Lately SOC has become an integral part of any Organisation to protect itself from Cyber attacks and detect/correct/recover from a Cyber Incident in the quickest span of time without further damage to its reputation. The critical components of a SOC are described as follows:  IDS/IPS Infrastructure  Firewall Infrastructure  SIEM (Security Information and Event Monitoring System)  Logging and Alerting mechanism  Security Incident Processes  Forensics capability  User Training & Retention  Managing Evidence
  • 9. 9 | P a g e M) Cybersecurity Architecture: Using Industry best practices and standards the Cyber Security Architecture can be broken down as follows N) Defense in Depth: This is the most common practice employed by Organisation to create and implement a multilayered approach to Cybersecurity.It is described by the following process (Figure -2) and can be implemented at various layers of the Network Infrastructure • Network Security • Identity,Authentication and Access Management • Data Protection and Cryptography • Monitoring Vulnerability & Patch Management • High Availablity,Disaster Recovery & Physical protection • Asset Management & Supply Chain • Policy,Audit,E-Discover & Training • Systems Adminstration • Application Security • Endpoint,Server & Device Security Cybersecurity Architecture
  • 10. 10 | P a g e O) Nine Basic Steps of Cybersecurity Program:These are the guidelines to follow while drawing up a comprehensive Cybersecurity program in an Organisation  #1 :Explore the Legislation and other requirements  #2:Define the Business benefits and get top Management support (Very Important)  #3:Setting the Cybersecurity requirements  #4:Choosing the framework for Cybersecurity Implementation  #5:Organizing the Implementation (Setting up Teams,PM Resources,Project Charter,Budget etc)  #6:Risk Assessment & Mitigation (Applying Controls)  #7: Implementation of Controls  #8: Training & Awareness  #9: Continuous Monitoring and Checks And Reporting to Senior Management (C Level Executives) P) Cybersecurity Enterprise Operational Processes:To maintain an effective Cybersecurity posture,the CISO should maintain a number of enterprise operational processes to include the following: 1. Policies and Policies Exception Management 2. Project and Change Security Reviews 3. Risk Management 4. Control Management 5. Auditing and Deficiency Tracking 6. Asset Inventory and audit 7. Change Control 8. Configuration Management Database Re-Certification 9. Supplier reviews and Risk assessments 10. CyberIntrusion Response 11. All-Hazards Emergency preparedness Exercises 12. Vulnerability Scanning,Tracking & Management
  • 11. 11 | P a g e 13. Patch Management & Deployment 14. Security Monitoring 15. Password and Key Management 16. Account and Access periodic Re-Certification 17. Privileged Account activity Audit Q) SANS – Top 20 Critical Security Controls: These are widely established critical controls to maintain a healthy Network security posture S.No Critical Security Controls Code No National Security Agency Rank 1 Inventory of H/W Assets,Criticality & Location CSC1 Very High 2 Inventory of S/W Assets,Criticality & Location CSC2 Very High 3 Secure Configuration Servers CSC3 Very High 4 Vulnerability Assessment & Remediation CSC4 Very High 5 Malware Protection CSC5 High/Medium 6 Application Security CSC6 High 7 Wireless Device Control CSC7 High 8 Data Recovery CSC8 Medium 9 Security Skills Assessment CSC9 Medium 10 Secure Config Network CSC10 High/Medium 11 Limit and Control Network Ports,Protocols & Services CSC11 High/Medium 12 Control Admin privileges CSC12 High/Medium 13 Boundary/Network Perimeter Defense CSC13 High/Medium 14 Maintain,Monitor and Analyze Audit Logs CSC14 Medium 15 “Need to know” Access CSC15 Medium 16 Account Monitoring & Control CSC16 Medium 17 Data Loss Prevention (DLP) CSC17 Medium/Low 18 Incident Response Plan CSC18 Medium 19 Secure Network Engineering (Secure Coding) CSC19 Low 20 Penetration Testing & Red Team Exercises CSC20 Low
  • 12. 12 | P a g e R) Incident Security Process: The critical Incident process/Types/Management is described by the following Mind map
  • 13. 13 | P a g e S) Automated Network Discovery Mechanism for Cyberattack: These days professional Hackers,Malware developers,Cyber Criminals work in tandem to develop automated Tools to initiate a Cyber Attack against the intended victim/host.The mechanism is to install remote access Trojan(RAT) on compromised system(BOTNETS) which could number in thousands and then initiate the attack in phases.Below is the (Figure-3) showing the concept Key Components of a BOTNET Attack (Example BOTNET Attacks : ZEUS,CITADEL,GO ZEUS)  BOTNET Construction Kit  Command & Control Capability  Remote Access Trojan(RAT)  Custom developed Malware(Malicious Code) for the intended Victim/Host
  • 14. 14 | P a g e T) Network Perimeter best Security practices:The below are the Network Perimeter Best Security practices which have matured through cycles of Iterations subjective to critical Testing by Security Gurus & Consultants globally  Restrict use of administrative utilities(e,g Microsoft Management Console)  Use secure File permission system i.e NTFS & UFS File System  Manage Users properly especially the Admin Accounts on Unix & Windows machines  Perform Effective Group Management for – Admin,Print,Power,Server operator & Normal Users in Windows 2000 O.S  Enforce strong password policy,password aging for Users  Enable Windows O.S and Unix O.S logging facility  Eliminate unnecessary Accounts (especially the Employee’s who have left the Organisation)  Disable Resource sharing service and remove hidden administrative shares – C$,ADMIN$,WIN NT$ in older version of Windows O.S  Disable unneeded Service in Unix – Telnet,Finger ,tftp,NTP(Network Time protocol)  Applications should use the latest Security patches in Production Environment  Enforce using NAT(Network Address Translation) & PAT(Port Address Translation) in internal Network (Firewalls & Routers)  Enable DNS Spoofing,DOS Attacks (Smurf & Direct Broadcast Attacks) mitigation policies on Gateway Routers via ACL and Cisco IOS  Enforce Best Industry practice of secure Application Coding to mitigate “Buffer Overflow” Vulnerability in the Memory  Enforce strong password policy,password aging,lockout policy for Application Databases (Oracle,Sybase)  Install latest O.S and Application patches as soon they are available from Vendors  Install latest Security patches for Browsers,Flash Players,Microsoft Applications  Update the Anti-Virus & IDS/IPS /HIDS Signatures on frequent basis  Update the Business Continuity/DR Plan and keep latest backup of all critical Servers  Update and Install latest Security patches for Application Gateways(Proxies),Web Filltering Devices,Firewalls  Check the Logs daily on Firewalls,IPS/IDS,HIDS for any Security Incident triggered by any malicious Activity  Implement Industry Best practices to secure the Network (NIST Guidelines,SANS 20 Critical Security Controls,NSA Guidelines etc)  Place the Mission Critical Web Servers (User Interface) on a Screened Subnet,DMZ and the backend Application Server & Oracle Database Server in the internal Network  Change the Default Password of SNMP Community string on Network Devices
  • 15. 15 | P a g e U) Network Perimeter Design for a Secure Network to mitigate Cyber attacks: Example Network (Case Study)
  • 16. 16 | P a g e The above Diagram conceptualizes an ideal Scenario Network of a Corporate Organisation with multiple Entry & Exit points for the Email,Web,Wireless and VPN Traffic.It shows the placement of the Intrusion Detection Devices(IDS) at multiple points to monitor both the Internal and External Traffic for any Malicious Traffic in real Time.The Network is shown for Illustrative purposes only. Design Features:  Border Router:A Gateway Router connects the network to the Internet and provides basic Filtering through ACL(Access Control Lists) on Ingress & Egress Interfaces  Just behind the Gateway Router is Stateful Inspection Firewall that enforces the majority of access control of the network  Public services and private services have been separated by putting them on different network segments (DMZ,Corporate & Screened Subnet)  Split DNS is being used on public DNS Server and it provides Name resolution for public services only  Intrusion Detection Systems(IDS) are located on the public,private,network perimeter end points to watch for unusual activity  The Front end Application Web server is on the Screened Subnet and the backed Oracle DB Server is behind the Internal Firewall  Host based IDS(HIDS) complement the Network by adding additional layer of security and are placed on the individual mission critical servers(Anti-Virus,Email Proxy,Web Proxy,Internal Email Server,Oracle DB Server) to monitor the systems network activity,log files,Files Systems Integrity and User actions.A host based IDS will also detect and generate an alarm when it detects escalation of privileges for a Guest user to Admin Account  Host based IDS can help detect attacks that network IDS evasion techniques  Host based IDS is also useful for correlating attacks picked up by Network sensors  All security log entries are sent to the SIEM(Security Information and Event Monitoring System) for Data Analysis and Forensics.The SIEM generates an Alert when suspicious activity is detected  For the Remote Office users all their Laptops are installed with Personal Firewalls to mitigate/detect Hacker entry through backdoor channels  All configuration of security devices is performed from the management console  Additionally one can install TACACS,RADIUS Servers to monitor Users access on the Gateway Router and other mission critical Servers
  • 17. 17 | P a g e The sample Rule base configured on the Stateful Inspection Firewall can be as follows (Illustrative purpose only): Rule No Incoming Zone Outgoing Zone Source Destination Service Action 1 Internet Screened Subnet Any App Web Server HTTP.HTTPS Allow Internet Screened Subnet Any Web Proxy HTTP,HTTPS Allow 2 Internet DMZ Any E-Commerce Server HTTP,HTTPS Allow 3 Internet Screened Subnet Any Email Proxy SMTP Allow 4 Internet Screened Subnet Any DNS Server DNS Allow 5 Internet DMZ Any E-Commerce Server SSH Allow 6 Internal Screened Subnet Internal Mail Server MailRelay(Email Proxy) SSH Allow 7 Internal DMZ Order Server E-Commerce Server SSH Allow 8 Internal Internet Internal Mail Server Any SMTP Allow 9 Internal Internet Internal DNS Server Any DNS Allow 10 Internal Internet Workstations Any HTTP,HTTPS,FTP Allow 11 Internal Screened Subnet Oracle DB Server Application Web Server HTTP,HTTPS,SSH Allow 12 Internet Screened Subnet Norton.Com Anti-Virus Server FTP Allow 13 All Management All Devices Group SIEM Server Syslog Allow 14 Management Any Management Console Security Devices Group SSH,SRMC Allow,Log 15 Management Internet Management Console Snort.Org HTTP.HTTPS Allow 16 Any Any Any Any Any Deny,Log
  • 18. 18 | P a g e Conclusion Note: The process to securing and making a perfect “Digital World” is a ongoing continuous Journey ,and with ever changing Modus operandi of the Hackers and the Cyber Criminals globally,we always have to be one step forward in the race to protect our Digital Assets,Intellectual property,Identity,Infrastructure.Thank You Disclaimer Note: This is Copyright Material @Wajahat Iqbal (2016) and the Information shown is collected from Internet repositories and any Typo, Error, Omission is regretted on behalf of Author.The Author does not hold any responsibility or Liability for the incorrectness of the Information shared.This Mindmap Document can be shared/Printed/Distributed keeping in view that Credit is given rightly to the Author.