WE ARE AWESOME AT Cyber-Information Delivery
Identify common network security components and secure transport protocols, harden networks, and apply monitoring, detection, and remediation insights, techniques and best practices. Begin to increase your awareness NOW!
Attacks per second
Global Projects in immediate & Agile effect !
satisfaction rate
Quantitative risk assessment values
- SLE – Single loss expectancy is cost of any single loss
- ARO – Annual rate of occurrence is expected number of times given loss may occur per year
- ALE – Annual loss expectancy is expected cost per year from threat (SLE × ARO)
Threat probability
- MTTF – Mean time to failure
- Used for non-serviceable components
- MTTR – Mean time to repair
- MTBF – Mean time between failures
- Used for serviceable components
- MTBSI – Mean time between service incidents
Qualitative risk assessment values
Probability * Impact
Vulnerability Scanning
- Intrusive vs. non-intrusive
- Credentialed vs. non-credentialed
- Goals
- Missing or misconfigured security controls
- Open ports
- Weak passwords or encryption
- Misconfigured security controls
- Unsecured data
- Compromised systems
- Exploitable vulnerabilities
- Unpatched systems
Vulnerability Assessment (VA): Passive
Purpose of Vulnerability Assessment
- Baseline review
- The existing intended security configuration
- Determining attack surface
- All of the software and services installed which can be subject to attack
- All of the software and services installed which can be subject to attack
- Reviewing code
- Reviewing architecture
- Reviewing design
Risk Management
Ways to manage Cyber-risk
- Avoidance
- Avoiding risky activities
- Transference
- Sharing risk with others
- Mitigation
- Applying security controls to reduce risk
- Deterrence
- Applying visible controls to discourage others
- Acceptance
- Choosing not to act on risk
- Residual risk
- Remaining risk after management strategy
FUN FACT:
As a broad effort to foster awareness and to help Americans remain secure online, in 2004, the Department of Homeland Security and the National Cyber Security Alliance initiated National Cyber Security Awareness Month (NCSAM).
In the beginning, the initiatives included educating the public about day-to-day computer use considerations, such as: spyware, adware, malware as well as the importance of keeping system patches and antivirus programs up to date. From 2009, the month as incorporated "Our Shared Responsibility" as an overall theme. In 2011, the initiative begun to incorporate weekly themes throughout the month..