What is Cybersecurity? - Welcome to IOBSE...
Transcript of What is Cybersecurity? - Welcome to IOBSE...
![Page 1: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/1.jpg)
Dr. Stephanie CarterCISM, CISSP, CISA
![Page 2: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/2.jpg)
• LO1– Will learn the theological and practitioner definition of
cybersecurity
• LO2– Will learn the dependency between physical and cyber
security domains
• LO3– Will learn the constraints to physical and cyber security
convergence
• LO4– Will learn pros and cons of physical and cyber security
convergence
Learning Objectives (LO)
![Page 3: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/3.jpg)
What is Cybersecurity?
![Page 4: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/4.jpg)
Cybersecurity
• Cybersecurity – The ability to protect or defend the use of cyberspace from cyber attacks (CNSSI 4009)– Cyberspace
• A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. (CNSSI 4009)
– Cyber Attack• An attack, via cyberspace, targeting an enterprise’s use of
cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information. (CNSSI 4009)
![Page 5: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/5.jpg)
AuditorAnalyst (Security, Forensic)Engineers (Network, Security)Architects (Enterprise, Network, Security)Forensics (Analysts)Intelligence (Analyst, Officers)Information Security OfficerSecurity Officer/Security Guard
LegalHuman ResourceIT AccountingAcquisitionFinancialMarketingSales & ServicesResearch & DevelopmentOperations
CYBERSECURITY
DEFENDERS
ENFORCERS
![Page 6: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/6.jpg)
When you think of cybersecurity, is physical security a part of that
thought?
![Page 7: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/7.jpg)
Security Objectives
Confidentiality
– Ensuring no unauthorized access to data
Integrity
– Ensuring no unauthorized modification of data
Availability
– Ensuring data is always available to authorized subjects
![Page 8: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/8.jpg)
Security Safeguards
Operating Procedures
Physical Security
Management Procedures
Hardware and Software
Security measures used to meet security objectives (i.e., confidentiality, integrity, andavailability) to protect the organization’s most valuable asset – data/information. Thesemeasures are translated in the form of security controls and countermeasures created foreach area.
![Page 9: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/9.jpg)
Administrative
-Preventive
-Detective
-Corrective
Logical (Technical)
-Preventive
-Detective
-Corrective
Physical
-Preventive
-Detective
-Corrective
Controls
![Page 10: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/10.jpg)
Cybersecurity• Deter Potential
Threat• Detect Threats• Monitor/Record
Threats
• Trigger Incident Response
• Assess Threat• Contain Threat• Report Threat• Remediate Threat• Assess Controls• Update polices,
procedures, security documentation
Physical Security• Deter Potential
Threat• Detect Threats• Monitor/Record
Threats
• Trigger Incident Response
• Assess Threat• Contain Threat• Report Threat• Remediate Threat• Assess Controls• Update policies,
procedures, security documentation
![Page 11: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/11.jpg)
![Page 12: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/12.jpg)
![Page 13: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/13.jpg)
![Page 14: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/14.jpg)
Security Interdependencies
• Physical threats have an impact on cyber operations
– Stealing, leaking, compromising information
• Cyber threats have an impact on physical operations
– Automated systems controlling physical access
![Page 15: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/15.jpg)
• Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. (NIST SP 800-53; SP 800-53A; SP 800-27; SP 800-60; SP 800-37; CNSSI-4009)
• The potential source of an adverse event. (NIST SP 800-61)
• Threat – Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability. (FIPS 200)
Threats
![Page 16: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/16.jpg)
![Page 17: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/17.jpg)
CONS• Inhibits identity of
vulnerabilities• Hinders proper risk
management• Increases useless investments
in IT, security controls & countermeasures
• Difficult to identify physical intruders
• Poor detecting of cyber infiltration efforts
• Impedes information sharing• Prevents transparency across
the organization
Bridging the Gap
PROS• Effective risk management• Increased security• Alignment of security
processes/goals with business processes/goals
• Increased organization-wide information sharing
• Tips the scale of importance• More thorough investigations• Creates an organizational
culture of diversity and appreciation
![Page 18: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/18.jpg)
Where do we go from here?
![Page 19: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/19.jpg)
Security Safeguards
Operating Procedures
Physical Security
Management Procedures
Hardware and Software
Security measures used to meet security objectives (i.e., confidentiality, integrity, andavailability) to protect the organization’s most valuable asset – data/information. Thesemeasures are translated in the form of security controls and countermeasures created foreach area.
![Page 20: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/20.jpg)
AuditorAnalyst (Security, Forensic)Engineers (Network, Security)Architects (Enterprise, Network, Security)Forensics (Analysts)Intelligence (Analyst, Officers)Information Security OfficerSecurity Officer/Security Guard
LegalHuman ResourceIT AccountingAcquisitionFinancialMarketingSales & ServicesResearch & DevelopmentOperations
CYBERSECURITY
DEFENDERS
ENFORCERS
![Page 21: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/21.jpg)
How is cybersecurity the real threat?
![Page 22: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/22.jpg)
Cybersecurity
• Cybersecurity – The ability to protect or defend the use of cyberspace from cyber attacks (CNSSI 4009)– Cyberspace
• A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. (CNSSI 4009)
– Cyber Attack• An attack, via cyberspace, targeting an enterprise’s use of
cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information. (CNSSI 4009)
![Page 23: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/23.jpg)
Security Safeguards
Operating Procedures
Physical Security
Management Procedures
Hardware and Software
Security measures used to meet security objectives (i.e., confidentiality, integrity, andavailability) to protect the organization’s most valuable asset – data/information. Thesemeasures are translated in the form of security controls and countermeasures created foreach area.
![Page 24: What is Cybersecurity? - Welcome to IOBSE Online!iobse.org/pdfs/Cybersecurity_The-Real-Threat.pdf · •LO1 –Will learn the theological and practitioner definition of cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022070717/5eddb8b7ad6a402d6668e4c3/html5/thumbnails/24.jpg)
Questions?