0% found this document useful (0 votes)
18 views

W02D2 - Risk and Vulnerability Assessment

Uploaded by

pinar12596
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
18 views

W02D2 - Risk and Vulnerability Assessment

Uploaded by

pinar12596
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

Week 02 Day 2

Cyber Security Bootcamp


Risk & Vulnerability Assessment

We are making time to answer


questions! Please don’t worry!
Yesterday - Questions ?

To start . . .

Does anyone have any questions they have not had answered yet?
Today . . .

Questions (from yesterday, from . . . ?)

What to expect

1. Overview of Attacks, Threats & Vulnerabilities

2. Research Discussion – More Attacks

3. Exercise: Vulnerability Assessment

4. Demo: Risk Assessment & Mitigation

5. 5. Next Steps
Denial of
Service
Distributed
Denial of
Service (DDoS)
Man-in-the-
Middle Attacks
(MITM)
Phishing
Spear
Phishing
Ransomware
Let’s reflect
What parts of the CIA Triad are
affected by an attack that tries
to put a backdoor into a
system?
Break Time
Any questions or thoughts
before we stop?
Threat Landscape
• The threat landscape is the big
picture of potential risks and
dangers people may face
online

https://youtu.be/lIFEOvOf2D4
Attack
• From TechTarget: “A cyber attack is any attempt to gain unauthorized
access to a computer, computing system or computer network with the
intent to cause damage. Cyber attacks aim to disable, disrupt, destroy or
control computer systems or to alter, block, delete, manipulate or steal the
data held within these systems.”
Vulnerability
• A weakness in a system's design, security procedures, internal controls, or
software that can be exploited by attackers

** How Vulnerable you are to the threat landscape?**


Threat
• A Cyber Threat then is the POSSIBILITY or LIKELIHOOD of an
Attack, and is a way to categorize attacks.

*** How do we know how dangerous the threat is? ***


Common Vulnerability Scoring
System Version 3.1 Calculator
(first.org)

NVD - CVSS v3 Calculator


(nist.gov)

CVE - CVE (mitre.org)


Cyber Security Mitigations

Patch and Patch and


Encrypt Use Train Follow Have
update Update
Patch and Patch and Encrypt both Use strong Train Follow a Zero Have a Backup
update Update static (stored) passwords , employees on Trust Model, or and Retention
automatically hardware BIOS and moving (on MFA (Multi best practices at least a Plan and
both Operating and other the network) Factor with frequent model of Least Disaster
systems and firmware data Authentication reviews, “fire Privilege. Recovery (DR)
Applications ) and drills” plan.
Passphrases
How do
you treat
the risk?
Bringing it all together!

Step 1 – Identify the Risk


Step 2 – Assess its Likelihood vs Impact
Step 3 – Define Risk Treatment (Mitigations)
Thoughts, Comments . . .

?
Today’s To Do . . .

Case Study Analysis

You might also like