CYBER SECURITY

FUNDAMENTALS FOR
BUSINESS LEADERS
RICHA DWIVEDI
AGENDA
Topic 3.
Topic 1. Topic 2.
Risk Management
Cyber Security –Why, What, Threat, Threat Actors, Attack Framework
Who, Where , How ? Vectors
BIA, BCP, DRP, IMR

Topic 4. Topic 5 Story Time!

Measurements that Matter Critical aspects of the Cloud &
RPO, RTO, MTD, Security Surpriseeeee!
100% Secure System is a Myth
WHY?
Top 5 Targets
1. Finance
2. Energy/Utilities
3. Telecom/Internet
4. HealthCare
5. IT

Source: Sophos

• According to National Cyber Security Alliance 60% of small and medium businesses once hacked are out of business in less
than 6 months
• Cyber Crime to cost $6 Trillion in 2021
• Healthcare ransomware attacks will quadruple
WHAT?

Integrity is the protection of information,

Information must be accessible
from intentional or accidental unauthorized
only to authorized personal
Confidentiality
modification
Integrity

Availability

Information must be available on demand

must be available on demand
What is Cyber Security?
Cybersecurity is the convergence of people, processes and technology that practiced for protecting
Information , systems, networks, and programs from digital attacks, damage, and unauthorized
access/theft.
Source: Checkpoint
WHO?
Human Human

Deliberate
Non
Deliberate

Environmental Socio
Political

Threat Actors
A threat actor or malicious actor is a person or entity that is responsible for an event or incident that impacts or
has the potential to impact the safety or security of another entity.
Example: Script Kiddies, Hacktivists, Organized Crimes, Insiders, Competitors, Nation States APT
WHERE?

Physical
Data
Data
Network

Application

Host Perimeter
HOW?

Cyber Security Framework Defence in Depth

HOW?
Admin Tech Physical

Preventive Detective Corrective Deterrent

Compensa
ting

Security Control Types & Functionalities

• Preventive: Avoids an incident from occurring Examples: Fences, locks, biometrics, man traps, separation of duties,
job rotation, antivirus software, firewall, Encryption, etc.
• Detective: Identifies an incident’s activities and potentially an intruder Examples: Security guards, CCTV, job
rotation, mandatory vacation, audit trails, etc.
• Corrective: Fixes components or systems after an incident has occurred Examples: backups and restore plans
• Deterrent: Discourages a potential attacker Examples: Policies, NDA, CCTV, etc.
• Recovery: Reverts the environment back to regular operations Examples: Backups, restores, fault tolerant systems,
server clustering, and database and virtual machine shadowing
• Compensating: Provides an alternative measure of control Examples: CCTV
DIFFERENT KINDS OF CYBER SECUIRTY
THREATS
DIFFERENT KINDS OF CYBER SECUIRTY
THREATS
MALWARE
• Worms are self-replicating codes designed to penetrate
computer systems
• Virus is a malicious code that replicates by attaching to an Ransomware
Worms executable code
• Trojans are programs that claim to perform one function but
does another, typically malicious. Rootkit
Virus
• Spyware is a software aimed to steal personal or
organizational information
Trojan • Adware is a software that displays endless ads and pop-up Backdoor
windows
• Rootkits are designed to modify the operating systems’
Spyware/ Adware operations to facilitate non-standard functionality Logic Bomb
• Backdoor provides the attacker with unauthorized remote
access to a system by exploiting security vulnerabilities
• Logic bombs infect a system and lie dormant until they are
triggered by a specific condition
• Ransomware attempts to extort money from the user by
infecting and taking control of a victim's machine.
RISK MANAGEMENT FFRAMEWORK
Assess

Identify

Action
1. Identify: Assets and risk associated with it
2. Analyse: Assess risk. Qualitative , Quantitative
3. Action: Develop a risk management plan, Implement Control
4. Monitor: Review effectiveness of Controls
Control 5. Control: Re-evaluate the risk

Monitor
RISK RESPONSE

Avoid

• Risk Mitigation: Implement measures to eliminate

Mitigate Transfer vulnerabilities
• Risk Transfer: Transfer the risks to another entity
• Risk avoidance: Eliminate activities that involve risks
• Risk acceptance: Make decisions to live with the risks

Accept
 INHERENT RISK AND RESIDUAL RISK

Asset
As is without Controls : Inherent Risk
s

Endangered by
Threat Agent

exploit Vulnera Countered Controls

Gives Threat bilities Leads to Risk damage Asset Leads to by
rise Exposure

With Controls : Residual Risk

RISK
ASSESSMENT
I. Inherent Risk : Without Controls
SLE= AV*EF
ALE= ARO*SLE

II. Residual Risk : With Control

SLE’= AV*EF’
ALE’= ARO*SLE’
Business Continuity Management

BIA

BCP !=DRP
• BIA is a systematic process to determine and evaluate the
BCP potential effects of an interruption to critical business
operations.
• BCP is having a plan to deal with major disruptions
• While
DRP • DRP is an organization’s ability to recover from a disaster
RP

Incidence Response Management : is capability of an organization to effectively prepare for and

respond to unanticipated events to control and limit damage and maintain or restore normal
operation. Example: Service Outage, Privacy Breach, Data Loss,
MEASUREMENTS THAT MATTER
• RTO: Recovery time objective is the
maximum desired length of time
allowed between an unexpected
MTD failure and the resumption of
normal operations.
A B C D
RPO RTO WRT • RPO: Recovery point objective. It is
the maximum data loss from the
onset of a disaster
• WRT: Work Recovery Time required
to configure a recovered system
after validating integrity
• MTD: maximum tolerable
downtime This is when the process
is unavailable and if exceeded
creates irreversible consequences
RECOVERY COST VS TIME

• Mirrored Site
• Hot Site
• Warm Site
• Cold Site
 STORIE
S
In August 2018, Russian hackers made millions selling credit
card details stolen from almost 245,000 British Airways
customers.
HISTORY OF CYBER ATTACKS
RECENT RANSOMEWARE ATTACKS

Source: MicroSoft
IaaS

PaaS Cloud Computing Characteristics

Multi Tenancy Privacy
SaaS • Broad Access Network
• Measured Service
Challenges
• Resource Pooling

Multiple • Rapid Elasticity

Virtualization
Jurisdiction • On Demand Self Service
Complexity
Critical Aspects of Cloud Contract
Due diligence
Carrier • Security
• Privacy
Provide • Regulatory Compliance
Consum r • Business continuity, Recovery
er • Portability
Broker • Security
• Interoperability
• Performance Commitments-SLAs
• Exit
Auditor
https://cloudsecurityalliance.org/
10 Steps to Cyber Security
Personal Cyber Security checklist
• Install anti-malware protection
• Stay up to date on Device Updates
• Always Change default credentials
• Use Stronger passwords- Use Phrases – Longer the better !
• Use password Manager
• Avoid freeware
• Do not open emails/click on links from unknown sources
• Never divulge any information on phone whatsoever
• Use search engines to find websites – Misspellings can lead you to
malicious sites
THANK YOU!
RICHAS.DWIVEDI@GMAIL.COM