Scribd
Upload
218 views2 pages

Cybersecurity Risk Management Guide

This document discusses cybersecurity concepts including risk-based approaches, key terms, and common attack types and vectors. A risk-based approach allows for informed decision making and better protection using budgets and resources. Key terms are defined such as asset, threat event, vulnerability, inherent risk, and residual risk. Common attack vectors include ingress focusing on intrusion and egress designed to remove data. Policies and procedures are important to specify requirements, define roles, and outline guidelines. The policy lifecycle includes creating, approving, reviewing, and updating policies.

Uploaded by

fadhil
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
218 views2 pages

Cybersecurity Risk Management Guide

This document discusses cybersecurity concepts including risk-based approaches, key terms, and common attack types and vectors. A risk-based approach allows for informed decision making and better protection using budgets and resources. Key terms are defined such as asset, threat event, vulnerability, inherent risk, and residual risk. Common attack vectors include ingress focusing on intrusion and egress designed to remove data. Policies and procedures are important to specify requirements, define roles, and outline guidelines. The policy lifecycle includes creating, approving, reviewing, and updating policies.

Uploaded by

fadhil
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Section 2 Cybersecurity Concept

Topic 1 Risk
Why a risk oriented approach?
Using risk based approach to cybersecurity allows informed decision -making, better
protection, and effective application of bdgets and resources.

Approaches To Cybersecurity Risk


-Ad hoc : this approach simply implements security with no particular
-Compliance Based : relies on regulations or standards to determine security
implementations.
-RIsk Based

Key Terms and Definition


-Asset
-Treat Event
-Threat Event
-Vulnerability
-Inherent risk
-Residual Risk

Understanding likelihood
-Measures of frequency of event occurrence

Framing Risk Management (PPT)


Risk Scenario (PPT)
- Description of a possible event whose occurrence will have an uncertain impact on
the achievement of the enterprise objectives, which may be positive or negative

Influencing Risk Factors (PPT)


Third Party Risk
-Dapat memunculkan risiko juga, because have different security cultures and risk
tolerances
-Outsourcing and mergers and acquisitions can introduce securiy challenges
-These arrangements can present risk that may be difficult to quantify pottentially
difficult to mitigate
-Security strategy should consider all third party arrangmenets with care to ensure
alignment with internal cybersecurity standards

Topic 2 Common Attack Types & Vectors


-Common Threat Agents (PPT)
-Attack Attributes : Activity by a threat agent (pr adversary) against an asset.
-Attack vector -> Payload -> Exploit -> Vulnerability -> Target (Asset)
-Attack vectors ada dua
-ingress : focus on intrusion or hacking into systems
-egress : designed to remove data from systems and network

-Threat process (PPT)


-Adversial Attack : result of adversial activity
-NonAdversial Threat Event : not result of adversial activity (Natural hazard,
mishandling,disk errors)

Topic 3
Poicies and procedures
-Specify requirements
-Define the rolse and responsibilities within the organization
-Outline

Policy lifecycle
Create
Approved
Review
Update

Compliace document
-Policies : Communicate required and prohibted acitvities and behaviors
-Standards : Interpret policies in specific situatuins
-Procedures : Provide details on how to comply with policies and standards
-Guidelines : Proovide general guidance on issues such as "what to do in particular
circumstances" There are not requierements to be met, but are strongly recomended.

Cobit 5 information security policy set (PPT)


Type of security poliiy
-Access control policy : provides proper access to internal and external
stakeholders to accomplish business goals.
-Pesonnel information security policy
-Security incident response policy

You might also like