| What is ARBIL?Asset and Risk Based
| |
| | help your organization carry out its
|
| INFOSEC lifecycle.To implement a
| |
| | mission.Organizations should look at
|
| comprehensive security plan in I.T. and
| |
| | threats, vulnerabilities, assets and
|
| strategies for risk management.What is
| |
| | safeguards.Risk AssessmentThe goal is to
|
| CIA?Confidentiality, Integrity, and
| |
| | have a list of your critical assets.
|
| AvailabilityConfidentiality- making sure
| |
| | Critical in understanding mission,
|
| your data is available to only those
| |
| | objectives and operations and what if
|
| allowed.Integrity- making sure your data
| |
| | scenarios.Then to implement safeguards to
|
| has not been altered in any way. Think
| |
| | protect those assets.Vulnerability
|
| bank transactions or chemical
| |
| | AssessmentThis is when you look for
|
| formulas.Availability- making sure your
| |
| | vulnerabilities in existing applications
|
| data is available. Hackers often use
| |
| | and determine there severity. The
|
| denial of services attacks to bring down
| |
| | vulnerabilities will be rated. This
|
| your servers or networks by overloading
| |
| | includes physical security, web
|
| them with packets.Hackers use attack
| |
| | application reviews, policy and procedure
|
| trees to determine every possible
| |
| | reviews, host assessments and OS reviews,
|
| entrance into your networks. This can be
| |
| | and vulnerability scans.Threat
|
| through modems connected to your network,
| |
| | AssessmentThis is the process, of
|
| routers, switches, and application
| |
| | identifying existing and potential
|
| vulnerabilities, almost anything
| |
| | threats to assets and environments. This
|
| connected to your internet.Make it
| |
| | will also be based on severity.Where can
|
| difficult to determine your OS, which
| |
| | threats come from? Disgruntled employees,
|
| hackers use for Banner Grabbing. This is
| |
| | script kiddies, hackers, crackers,
|
| a simple fix that many systems
| |
| | foreign governments, and your
|
| administrators leave.Change your banner
| |
| | competition. You can look for threat
|
| to display a security warning.Many people
| |
| | indicators in your server, logs, CCTV,
|
| have difficulty understanding security
| |
| | intrusion detection systems like SNORT.
|
| processes alone implementing
| |
| | can threats cause?Loss of business
|
| solutions.What is SMIRA? Simple
| |
| | Death
|
| methodology for INFOSEC based risk
| |
| | Financial loss
|
| assessment.Risk management is the
| |
| | Corruption of data.
|
| practice and process of identifying
| |
| | Inability to work, servers down or
|
| threats and vulnerabilities to assets.
| |
| | running slowly.
|
| This helps making the correct decisions
| |
| | Confidentiality issues.What are assets?
|
| to implement the necessary safeguards to
| |
| |
|
