Scribd
Upload
337 views

Security Concepts and Relationships 4

This document provides definitions for 7 key concepts in cyber security: owners, countermeasures, vulnerabilities, threat agents, threats, assets, and risks. Owners are those responsible for systems and data. Countermeasures reduce vulnerabilities. Vulnerabilities are weaknesses that can be exploited. Threat agents carry out threats, which represent potential dangers. Assets are items of value. And risks involve exposure to dangers that can be accepted, transferred, avoided, or mitigated.

Uploaded by

Ifra Iqbal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
337 views

Security Concepts and Relationships 4

This document provides definitions for 7 key concepts in cyber security: owners, countermeasures, vulnerabilities, threat agents, threats, assets, and risks. Owners are those responsible for systems and data. Countermeasures reduce vulnerabilities. Vulnerabilities are weaknesses that can be exploited. Threat agents carry out threats, which represent potential dangers. Assets are items of value. And risks involve exposure to dangers that can be accepted, transferred, avoided, or mitigated.

Uploaded by

Ifra Iqbal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Cyber Security

Security concepts and


relationships(Lecture -4)
BY: NAVEED HUSAIN
MS INFORMATION SECURITY | NUST
CERTIFIED ETHICAL HACKER (CEH) | EC-COUNCIL (ANSI ACCREDITED)
IT SUPPORT SPECIALIST | GOOGLE
PROJECT MANAGEMENT | GOOGLE
LECTURER
DEPARTMENT OF INFORMATICS & SYSTEMS (SST)
UNIVERSITY OF MANAGEMENT AND TECHNOLOGY
EMAIL: [email protected]
Agenda

 Security concepts and relationships


 Risk and risk response techniques
Security concepts and relationships?

1. Owners
2. Countermeasures
3. Vulnerabilities
4. Threat Agents
5. Threats
6. Assets
7. Risk
1. Owners

 A person/organization who owns something.

 Person or organization having responsibility for the development,


procurement, integration, modification, operation and maintenance,
and/or final disposition of an information system.

 Normally in our business practice we have data owner representing


business who owns the data and approve the access request to data
respective to their module e,g Finance, Commercial etc. Information
System Owner is more a technical person who owns the system and overall
owns the maintenance & operations.
2. Countermeasures

 Actions, devices, procedures, techniques, or other measures that reduce the vulnerability
of an information system. Protective measures prescribed to meet the security
requirements (i.e., confidentiality, integrity, and availability) specified for an information
system.
 Types of Countermeasures:
 Preventative Controls - These controls protect vulnerabilities and make an attack
unsuccessful or reduce its impact.(Separation of duties, Access controls).
 Corrective Controls - These controls reduce the effect of an attack.(patching a system,
System Rebooting).
 Detective Controls - These discover the attack and trigger preventative or corrective
controls( logging of events, Physical inventories (such as a cash or inventory count)).
3. Vulnerabilities

 A vulnerability is a weakness in an IT system that can be exploited by an attacker


to deliver a successful attack. They can occur through flaws, features or user
error, and attackers will look to exploit any of them, often combining one or
more, to achieve their end goal.

 A weakness in a firewall that can lead to malicious hackers getting into a


computer network.

 Lack of security cameras. Unlocked doors at businesses.


4. Threat Agents

 A threat actor/agent is a person or element that has the power to carry


out a threat.

 In security, a threat actor could be a person attempting to break into a


secure computer network.

 It could also be malicious software that attacks the computer network, or


even a force of nature such as a hurricane that could destroy computer
equipment and its information.
5. Threat

 A threat is a person or event that has the potential for impacting a


valuable resource in a negative manner. OR

 A threat is a possible danger that might exploit a vulnerability.

 In Cybersecurity threats are events or actions that represent a danger to


information assets. A threat by itself does not mean that security has been
compromised; rather, it simply means that the potential for creating a loss
is real
6. Assets

 The asset, is defined as an item that has value.

 An asset may be tangible (e.g., a physical item such as hardware,


firmware, computing platform, network device, or other technology
component) or intangible (e.g., humans, data, information, software,
capability, function, service, trademark, copyright, patent, intellectual
property, image, or reputation).

 An information assets can have many different forms: it can be a paper


document, a digital document, a database, a password or encryption key
or any other digital file.
7. Risks

 A risk is a situation that involves exposure to some type of danger.


 There are different options available when dealing with risks, called risk response
techniques:
 Accept: To accept risk simply means that the risk is acknowledged but no steps are
taken to address it.
 Transfer: Risk transfer is a risk management and control strategy that involves the
contractual shifting of a pure risk from one party to another.
 Avoid: To avoid risk involves identifying the risk but making the decision to not engage
in the activity.
 Mitigate: To mitigate risk is the attempt to address risk by making the risk less serious.

You might also like