Purpose of policies

Policy life cycle

Guidelines

Communicate require
Policies is
Prohibited activities and behaviours

Policies in specific situations Standards is

Detail on how to comply with (policy and standards) Procedure is

General guidance Guidelines is Compliance Documents and Policy Frameworks

Business impact analysis (BIA)

Risk
Business contingency plans with trusted recovery
Threat
Recovery requirements for critical systems
Input Business Continuity and Disaster Recovery
Asset
Defined thresholds and triggers for contingencies and escalation
Key term and definition
Vulnerability
Disaster recovery plan (DRP)
Inherent Risk
Training and Testing
Resiual Risk
Data classification and ownership
ISO 31000:2009 [ Risk Management -- Principle and Guidelines]
System classification and ownership
COBIT 5 for Risk
Input Resource utilization and prioritization Asset Mangement
IEC 31010:2009 [Risk Management--Risk Assessment Techniques]
Asset life cycle management
ISO/IEC 27001:2013 [ Information Technology--Security Techniques--
Asset protection
Information Security Mangement]
Risk Identification and Classification standards and frameworks
At-work acceptable use and behavior, including privacy, Internet/
ISO/IEC 27005:2011 [Information Technology--Security Techniques--
email, mobile devices, BYOD, etc
Input Rules of Behaviour
Information Security Risk Management]
Offsite acceptable use and behavior, including social media, blogs
NIST Special Publications
General Information Security policy
Information security within the life cycle, requirements definition Types of information security policies NIST Special Publications 800-30 Revision `: Guide for Conducting
and procurement/acquisition processes
Risk Risk Assessment
Input Secure coding practices Policies
Acquisition/Develop[ment/Maintanance Risk Identification
Integration of information security with change and configuration Top-Down Approach
management
Buttom-up Approach
Contract management Vendor Management
Likelihood and Impact Influence Risk Factors
IT information security architecture and application design
Risk Tolerance Considering how to measure risk.
Input Communication and Operation
Service level agreements
Size and scope of the environtment
Approach to Risk
IT information security compliance assessment process
Amount of data available
Input Development of metrics Compliance
Ad-hoc
Assessment repositories
Compliance-Based
Approach to cybersecurity Risk
Organizational risk management plan
Risk-Based
Input Risk Management
Information risk profile
Third Party Risk
Number of access violations that exceed the amount allowed

Amount of work disruption due to insufficient access rights Metric

Coorporation
Number of segregation of duties incidents or audit findings
Cybercriminals
provide proper access to internal and external stakeholder
Ensure Cyberterrorist
that emergency access is appropriately permitted and revoked Access Control Policy
Section 2 : Cybersecurity Cyberwarriors
Physical and logical access provisionaing life cycle

Least privilege/need to know

Concept Threat Agent Employees
Cover following topics: Hacktivist
Segregation of duties
Nation states
Emergency access
Online social hackers
Personnel Information Security Policy
Script Kiddies
Policy frameworks
Attack Vector
Acceptable data loss RPO
Security Incident Response Policy Exploit
RTO
Attack Attributes Payload Attack Attribute (Figure 2.6)
Vulnerability
Identity Management
Target (Assets)
Provisioning and Deprovisioning
Perform Reconnaisance
Read-Only
Create attack tools
Write,Create, update only
Deliver malicious capabilities
Delete Only Authorization
Exploit and compromise
Execute Only Threat Process
Conduct an Atack
A combination of the above
Cybersecurity Controls Achive results
Access Control List Common Attack Type and Vectors
Maintain a presence or set of capabilities
Access List
Coordinate a campaign
Privileged User Management
Nonadversarial Threat Events
Change Management
Virus
Configuration Management
Network Worm
Patch Management
Trojan horses

Botnets

Type of Malware Adware

GhostCrypt
Ransomware
SNSLocker

Keylogger

Rootkit

Worm

Component Stuxnet Link file

Rootkit

Advanced persistent threats (APTs)

Malware, Ransomware and Attack Types
Backdoor

Brute force attack

Buffer overflow

Cross-site scripting (XSS)

DoS attack

Man-in-the-middle attack

Social engineering
Other Atack type
Phishing

Spear phishing

Spoofing

Structure Query Language (SQL) injection

Zero-day exploit