![Page 1: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/1.jpg)
What does secure mean?What does secure mean?You have been assigned a task of
finding a cloud provider who can provide a secure environment for the launch of a new web application.
What does secure imply?
![Page 2: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/2.jpg)
What is a vulnerability?What is a threat?What is a control?
Vulnerabilities, Threats & Vulnerabilities, Threats & ControlsControls
![Page 3: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/3.jpg)
Vulnerabilities, Threats & Vulnerabilities, Threats & ControlsControls
A vulnerability is a weakness in a system◦Allows a threat to cause harm.
A threat is a potential negative harmful occurrence◦Earthquake, worm, virus, hackers.
A control/Safeguard is a protective measure◦Reduce risk to protect an asset.
![Page 4: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/4.jpg)
Vulnerabilities, Threats & Vulnerabilities, Threats & ControlsControls
Vulnerability = a weakness in a system◦Allows a threat to cause harm
Threat = a potential negative harmful occurrence◦Earthquake, worm, virus, hackers.
Control/Safeguard = a protective measure◦Reduce risk to protect an asset.
![Page 5: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/5.jpg)
Figure 1-1 Threats, Controls, and Vulnerabilities.
![Page 6: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/6.jpg)
Goals of SecurityGoals of SecurityWhat are the 3 goals of security?
![Page 7: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/7.jpg)
CIA TriadCIA Triad
7
Con
fiden
tialit
y Integrity
Availability
Information Security
Note: From “Information Security Illuminated”(p.3), by Solomon and Chapple, 2005, Sudbury, MA: Jones and Bartlett.
Information kept must be available only to authorized individuals
Unauthorized changes must be prevented
Authorized users must have access to their information for legitimate purposes
![Page 8: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/8.jpg)
ThreatsThreats
04/21/23 8
Con
fiden
tialit
y Integrity
Availability
Information Security
Note: From “Information Security Illuminated”(p.5), by Solomon and Chapple, 2005, Sudbury, MA: Jones and Bartlett.
Disclosure A
lteration
Denial
Live Chat 4
![Page 9: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/9.jpg)
Goals of SecurityGoals of SecurityWhat are the 3 goals of security?
![Page 10: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/10.jpg)
Figure 1-3 Relationship Between Confidentiality, Integrity, and Availability.
Confidentiality
AvailabilityIntegrity Sec
ure
![Page 11: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/11.jpg)
CIA TriadCIA Triad
![Page 12: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/12.jpg)
ThreatsThreatsWhat types of threats were
discussed by the book?◦Hint: defined by their impact.
![Page 13: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/13.jpg)
ThreatsThreatsInterception: gained access to an
asset. Wireless network, hacked system, etc. Impacts confidentiality.
Interruption◦Unavailability, reduced availability.
Modification◦Tamper with data, impacts integrity.
Fabrication◦Spurious transactions, impacts integrity.
![Page 14: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/14.jpg)
Figure 1-2 System Security Threats.
![Page 15: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/15.jpg)
Figure 1-4 Vulnerabilities of Computing Systems.
![Page 16: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/16.jpg)
Figure 1-5 Security of Data.
![Page 17: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/17.jpg)
Attacker NeedsAttacker NeedsWhat 3 things must an attacker
have?
![Page 18: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/18.jpg)
An Attacker Must Have:An Attacker Must Have:Method: skills, knowledge, tools.
◦Capability to conduct an attackOpportunity: time and access to
accomplish attackMotive: a reason to want to
attack
![Page 19: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/19.jpg)
Software VulnerabilitiesSoftware VulnerabilitiesDefine some different types.
◦There are many to chose from….
![Page 20: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/20.jpg)
Software VulnerabilitiesSoftware Vulnerabilities
Logic Bomb: employee modification.Trojan Horse: Overtly does one thing
and another covertly.Virus: malware which requires a
carrierTrapdoor: secret entry points.Information Leak: makes information
accessible to unauthorized people.Worm: malware that self-propagates.
![Page 21: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/21.jpg)
CriminalsCriminalsDefine different types of
computer criminals and their motive or motives?
![Page 22: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/22.jpg)
Computer CriminalsComputer CriminalsScript Kiddies: AmateursCrackers/Malicious Hackers:
Black HatsCareer Criminals: botnets, bank
thefts.Terrorists: local and remote.Hacktivists: politically motivatedInsiders: employeesPhishers/Spear Phishers
![Page 23: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/23.jpg)
MotivesMotivesFinancial gain: make money.Competitive advantage: steal
information.Curiosity: test skills.Political: achieve a political goal.Cause Harm/damage: reputation
or financialVendetta/Disgruntled: fired
employees.
![Page 24: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/24.jpg)
Risk Risk What are the different ways a
company can deal with risk?
![Page 25: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/25.jpg)
How to deal with RiskHow to deal with RiskAccept it: cheaper to leave it
unprotected.Mitigate it: lowering the risk to an
acceptable level e.g. (laptop encryption).
Transfer it: insurance model.Avoid it: sometimes it is better not
to do something that creates a great risk.
Book lists alternatives.
![Page 26: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/26.jpg)
ControlsControlsEncryption: confidentiality, integrity
◦VPN, SSH, Hashes, data at rest, laptops.Software: operating system,
development.Hardware: Firewall, locks, IDS, 2-factor.Policies and Procedures: password
changesPhysical: gates, guards, site planning.
![Page 27: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/27.jpg)
Types of ControlsTypes of ControlsPreventive: prevent actions.Detective: notice & alert.Corrective: correcting a damaged
system.Recovery: restore functionality after
incident.Deterrent: deter users from
performing actions.Compensating: compensate for
weakness in another control.
![Page 28: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/28.jpg)
Figure 1-6 Multiple Controls.
![Page 29: What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application](https://reader034.vdocuments.us/reader034/viewer/2022051820/56649ebd5503460f94bc7144/html5/thumbnails/29.jpg)
PrinciplesPrinciples
Easiest Penetration: attackers use any means available to attack.
Adequate Protection: protect computers/data until they lose their value.
Effectiveness: controls must be used properly to be effective. Efficiency key.
Weakest Link: only as strong as weakest link.