Cyber Security

Week 04

By: Tahir Sabtain Syed

 Developing Security policy
• It is a fundamental step in establishing an
organization's information security framework.
• A security policy is a documented set of rules,
guidelines, and procedures that define how an
organization will protect its information assets.

2
 Developing Security policy
• key elements of developing a security policy
• Scope and Objectives:
– Clearly define the scope of the policy and its
objectives. What are you trying to protect, and what
are the goals of your security measures?
• Risk Assessment:
– Conduct a thorough risk assessment to identify
potential security threats and vulnerabilities. This will
help in tailoring your policy to address specific risks.

3
 Developing Security policy
• Roles and Responsibilities:
– Define roles and responsibilities for individuals or
teams responsible for implementing and enforcing
security measures.
• Access Control:
– Specify who has access to what resources and
under what conditions. Implement strong access
control mechanisms to limit unauthorized access.
• Incident Response Plan:
– Develop a clear incident response plan to address
security breaches and mitigate their impact.
4
 Developing Security policy
• Education and Training:
– Include provisions for educating and training
employees about security best practices and their
role in maintaining security.
• Regular Review and Updates:
– Security policies should be reviewed and updated
regularly to adapt to changing threats and
technologies.

5
 Deploy and Manage Security
Settings
• Deploying and managing security settings involves
the implementation of security controls and
measures to protect an organization's IT
infrastructure, applications, and data.
• This includes:
• Firewalls and Intrusion Detection/Prevention
Systems (IDS/IPS):
– Implement and configure firewalls and IDS/IPS to
monitor and filter network traffic, detecting and
preventing unauthorized access and attacks.

6
 Deploy and Manage Security
Settings
• Anti-Malware Software:
– Deploy anti-malware solutions to protect against viruses,
worms, Trojans, and other malicious software.
• Encryption:
– Use encryption techniques to protect data in transit (e.g.,
SSL/TLS for web traffic) and data at rest (e.g., full-disk
encryption).
• Access Control Systems:
– Implement access control mechanisms, such as role-based
access control (RBAC) and two-factor authentication (2FA), to
manage user permissions.

7
 Deploy and Manage Security
Settings
• Patch Management:
– Regularly update and patch software and systems to address
known vulnerabilities.
• Security Information and Event Management
– Use SIEM solutions to monitor and analyze security events and
incidents in real-time.
• Data Backup and Recovery:
– Establish backup and recovery procedures to ensure data can
be restored in case of data loss or a security incident.
• Security Auditing and Monitoring:
– Continuously monitor systems and networks to detect and
respond to suspicious activities.
8
 Security Through Design
• Security through design is a proactive approach to
integrating security measures into the development
and design of software, systems, and applications
from the outset.
• This helps in building secure systems from the
ground up.
• Key principles include:

9
 Security Through Design
• Threat Modeling:
– Identify potential threats and vulnerabilities in the design
phase and plan for mitigation.
• Secure Coding Practices:
– Promote secure coding practices, such as input
validation, output encoding, and avoiding common
vulnerabilities like SQL injection and cross-site scripting
(XSS).
• Least Privilege Principle:
– Implement the principle of least privilege, ensuring that
users, processes, and systems have only the minimum
necessary permissions.
10
 Security Through Design
• Secure Architecture:
– Choose secure architectural patterns and frameworks,
and ensure data flows are protected throughout the
system.
• Security Testing:
– Perform security testing, such as penetration testing and
code review, to identify and address vulnerabilities
during development.
• Continuous Security:
– Maintain security through the product's lifecycle,
applying updates and patches as necessary and
conducting regular security assessments.
11
 Security Through Design
• Security Awareness Training:
– Train development teams in security best practices
to ensure they understand and implement security
throughout the design and development process.
– Implementing these principles and practices
in the design and development phase can
significantly reduce security risks and make
it more challenging for attackers to exploit
vulnerabilities in your systems

12
 Security Through Anti Malware
• Anti-malware plays a critical role in information security
by protecting computer systems and networks from
various types of malicious software, commonly referred
to as malware.
• Malware Detection: Anti-malware tools are designed to
detect the presence of malware, including viruses,
worms, Trojans, spyware, and ransomware, which can
compromise data and system integrity.
• Prevention: Anti-malware software aims to prevent
malware from infecting systems in the first place by
identifying and blocking malicious files or code.

13
 Security Through Anti Malware
• Quarantine and Remediation: When malware is detected, anti-
malware software can isolate and quarantine the infected files or
processes to prevent further harm. It may also offer remediation
options to remove or repair the malware.
• Real-Time Protection: Many anti-malware tools provide real-time
protection, monitoring system activities and network traffic to
identify and block threats as they occur.
• Regular Updates: Anti-malware solutions update their databases
of known malware signatures and behaviors to stay current with
emerging threats.
• Enhancing Overall Security: Anti-malware is a foundational
component of a multi-layered security strategy, working in
conjunction with firewalls, intrusion detection systems, and user
education to provide comprehensive protection.
14
 Security Through Anti Malware
• How Anti-Malware Works:
• Anti-malware operates using several techniques:
• Signature-Based Detection: This approach involves comparing
files and processes to a database of known malware signatures. If
a match is found, the software identifies and quarantines the
malware.
• Behavior-Based Detection: Anti-malware tools monitor the
behavior of files and processes. If an application exhibits
suspicious or malicious behavior, it is flagged as a potential threat.
• Heuristic Analysis: This method involves using heuristics (rules
or algorithms) to identify potentially malicious code patterns, even
if no specific signature exists. Heuristics can detect previously
unknown threats.

15
 Security Through Anti Malware
• Anti-Malware Features:
• Anti-malware software includes various features, such as:
• Firewall Integration: Some anti-malware solutions integrate with
firewalls to provide enhanced network security.
• Email and Web Filtering: They filter email attachments and block
access to malicious websites.
• Automatic Updates: Regular updates to malware definition
databases to ensure protection against new threats.
• Scheduled Scans: Users can schedule periodic system scans for
convenience.
• Vulnerability Assessment: Some tools check for vulnerabilities in
the operating system and installed applications.
• Threat Intelligence Integration: Integration with threat intelligence
feeds for proactive threat prevention.
16
 Security Through Anti Malware
• Anti-Malware Deployment:
• Selecting the Right Anti-Malware Solution: Choose anti-
malware software that fits your needs and network environment.
• Installation and Configuration: Properly install and configure the
software to ensure optimal protection.
• Centralized Management: For enterprise-level security, use
solutions that offer centralized management for multiple endpoints.
• Endpoint and Network Deployment: Deploy anti-malware
solutions at both individual endpoints and network gateways for
comprehensive protection.
• Mobile Devices and BYOD: Extend protection to mobile devices
and bring-your-own-device (BYOD) scenarios.

17
 Security Through Anti Malware
• Cloud-Based Anti-Malware:
• Cloud-based anti-malware solutions leverage the
power of cloud computing to provide real-time threat
detection and response.
• They are scalable and cost-effective, as much of the
processing is offloaded to cloud servers.
• Cloud-based anti-malware can analyze vast
amounts of data and patterns, allowing for more
accurate threat detection.
• It is particularly useful for businesses with distributed
networks and remote users.
18
 Security Through Anti Malware
• Anti-Malware in Email Security:
• Anti-malware in email security scans email
attachments and content for malware and phishing
threats.
• It helps prevent malicious attachments from
reaching users' inboxes and blocks access to
phishing websites.
• Email gateways may have built-in anti-malware
features, or standalone anti-malware tools can be
integrated.

19