Friday, December 2, 2022

Cyber security Theory

 OSI Layers - Open Systems Interconnection Reference Model

  1. Application  - Provides application connection HTTP, FTP, SMTP, SNMP etc., 
  2. Presentation - Data formatting  and encryption takes place - known as syntax layer - ASCII encoded to EBCDIC Or vice-versa
  3. Session
  4. Transport -  connects low level communication hardware in level 1 through 3 with higher level software in levels 5 through 7 - TCP, UDP - Communicates in segments
  5. Network - Sends and receives in Packets (Chunk of data) 
  6. Datalink

Sends and receives frames (a sequence of 64 to 1518 bytes). Two sub-layers:-  

  1. MAC - Media Access Control

  2. LLC - Logical link Control (Used by network switches)

    7. Physical - Data transmitted in bits. Cable and radio spectrum

Hint:-  Please Do Not Tell Sales People Anything to remember OSI layers


Network topology

1) Bus - No central device - only T connector 

2) Ring - No central device - only T connector 

3) Star - Central device connects each device

4) Mesh - Every device connects to each other

5) Wireless Mesh

Hybrid Topology

2 or more network topology

Point to point communication

Point to multi-point


CIA - Confidentiality Integrity Availability

Risk Identification

Risk Assessment

Quantitative Risk Analysis Vs Qualitative Risk Analysis

Asset Value

Exposure Factor

Single Loss Expectancy = Asset Value (AV) x Exposure Factor (EF)

Annualized Rate Of Occurrence

ALE = SLE x ARO

CVSS (Common Vulnerability Scoring System) Calculator

https://first.org

Risk Response (Take Decision) - Evaluating Counter measures - Provide a proposal - Adjusting the finding 

Risk Treatment - Avoid (You can do but are not doing - Ignore) / Accept (You cannot do anything - Accept the existence of vulnerability and move on) / Mitigate (Fix the vulnerability) / Transfer (Risk to the supplier, eg: Cloud Provider to take care)

Goal of Risk Management - Minimise the risk in the org and maintain the same

Residual Risk - Risk which remains after counter-measures (Never Eliminated but lesser in-nature)

Risk Monitor - Contiuous monitoring of the risk - Qualsys , Nessus

Key Performance Indicator (KPI) - How well a process is progressing towards a intends goal

Key Risk Indicator (KRI) - Metrics , which defines risk threshold of an organisation - how many denial of service (DoS) - How many acceptable and not acceptable - eg:- Quantity of unauthorized software , no-antivirus

KPI and KRI are SMART metrics

KPI - underperforming KRI - Early Warning

SMART - Specific Measurable  Attainable Relevant Time-Bound 

Security Controls: - Policies to protect CIA of the asset - Administrative Controls - no impact to work , security training - Technical Controls - Firewall in-place , Physical Controls - CCTV 

Control Types - Detective (sensor) , Preventive (lock) , Deterrant (violating company policies) , Corrective , Recovery Control (Backup) , Compensating (Alternative - Intent , similar level of defense)

Control Selection - High Security in Jewellery Shop , Bank. College - Normal Security

Risk Management Frameworks: NIST , CIA

NIST - National Institute Of Science and Technology (United States Federal Govt) 

  1. Prepare
  2. Categorize
  3. Select
  4. Implement
  5. Assess
  6. Authorize
  7. Monitor
NICE - National Initiative for Cybersecurity Education
  1. Identify
  2. Protect
  3. Detect Respond 
  4. Recover



    


Posted by at No comments:
Subscribe to: Posts (Atom)