| What is ARBIL?Asset and Risk Based INFOSEC | | | | organization carry out its mission.Organizations should |
| lifecycle.To implement a comprehensive security plan in | | | | look at threats, vulnerabilities, assets and |
| I.T. and strategies for risk management.What is | | | | safeguards.Risk AssessmentThe goal is to have a list |
| CIA?Confidentiality, Integrity, and | | | | of your critical assets. Critical in understanding mission, |
| AvailabilityConfidentiality- making sure your data is | | | | objectives and operations and what if scenarios.Then |
| available to only those allowed.Integrity- making sure | | | | to implement safeguards to protect those |
| your data has not been altered in any way. Think bank | | | | assets.Vulnerability AssessmentThis is when you look |
| transactions or chemical formulas.Availability- making | | | | for vulnerabilities in existing applications and determine |
| sure your data is available. Hackers often use denial of | | | | there severity. The vulnerabilities will be rated. This |
| services attacks to bring down your servers or | | | | includes physical security, web application reviews, |
| networks by overloading them with packets.Hackers | | | | policy and procedure reviews, host assessments and |
| use attack trees to determine every possible entrance | | | | OS reviews, and vulnerability scans.Threat |
| into your networks. This can be through modems | | | | AssessmentThis is the process, of identifying existing |
| connected to your network, routers, switches, and | | | | and potential threats to assets and environments. This |
| application vulnerabilities, almost anything connected to | | | | will also be based on severity.Where can threats |
| your internet.Make it difficult to determine your OS, | | | | come from? Disgruntled employees, script kiddies, |
| which hackers use for Banner Grabbing. This is a | | | | hackers, crackers, foreign governments, and your |
| simple fix that many systems administrators | | | | competition. You can look for threat indicators in your |
| leave.Change your banner to display a security | | | | server, logs, CCTV, intrusion detection systems like |
| warning.Many people have difficulty understanding | | | | SNORT. can threats cause?Loss of business |
| security processes alone implementing solutions.What | | | | Death |
| is SMIRA? Simple methodology for INFOSEC based | | | | Financial loss |
| risk assessment.Risk management is the practice and | | | | Corruption of data. |
| process of identifying threats and vulnerabilities to | | | | Inability to work, servers down or running slowly. |
| assets. This helps making the correct decisions to | | | | Confidentiality issues.What are assets? |
| implement the necessary safeguards to help your | | | | |