SlideShare a Scribd company logo

06. security concept

Download as PPTX, PDF
Muhammad Ahad, profile picture
Muhammad Ahad

This document outlines a security concept and risk management process. It discusses identifying risks and assets, assessing impact and probability, and determining appropriate risk responses such as acceptance, avoidance, mitigation, and transfer. It also describes common security controls around availability, confidentiality and integrity. Attack vectors like malware, denial of service attacks, social engineering and phishing are examined. Finally, it discusses security patterns for identity and access management, segregation of duties, layered security and cryptography.

Technology
Related topics:
Data Center Overview
1 of 20
Downloaded 84 times
1
2
3
4
5
6
7
8
9
Most read
10
11
12
13
Most read
14
15
16
Most read
17
18
19
20
Security concept 1
Outline • Security concept 1. Introduction 2. Risk management i. risk response ii. Exploits iii. Security controls iv. Attack vectors 3. Security patterns i. Identity and access mgt. ii. Segregation of duties and least privilege iii. Layered security iv. cryptography 2
Security (Availability, confidentiality, integrity) 3
Reason for Crimes 1. Personal exposure and prestige 2. Creating damage 3. Financial gain 4. Terrorism 5. Warfare 4
Risk management 5
definition Process of determining an acceptable level of risk, accessing the current level, taking steps to reduce risk to the acceptable level and maintaining that level. 6
Risk list 1. Asset name 2. Vulnerability 3. Exploit 4. Probability 5. Impact 6. Risk 7
Risk list 8
Risk response • Decided by senior mgt. 1. Acceptance 2. Avoidance 3. Transfer 4. Mitigation (steps to mitigate) a) Design for minimum risk b) Incorporate safety devices c) Provide warning devices d) Implement training and procedures 9
Exploits • Key logger installation. • Use of network sniffers • Backup data • Disposed of PCs and disks • Corrupt staff can copy the information • Phishing 10
Security Controls • Confidentiality • Integrity • Availability 11
Attack vector Attacks on infrastructure can be executed using: 1. Malicious code 2. Denial of services 3. Social engineering 4. phishing 12
1. Malicious code These are the application that can cause: 1. network and server overload 2. steal data and passwords 3. Erase data Forms 1. Viruses 2. Trojan horses 3. worms 13
DoS Attack This is an attempt to overload an infrastructure to cause downtime of a system. How to perform DoS attack? Why we use DDoS attack? What is botnets? 14
Prevention of DDoS 1. Split business and public resources 2. Use external cloud provider 3. Setup automatic scalability 4. Limit bandwidth for certain traffic 5. Lower the TTL 6. Monitor traffic volume & source and number of request. 15
Prevention of DDoS Some other actions 1. Immediately inform your internet provider and ask for help. 2. Run connection termination script 3. Change the server 4. Reroute or drop suspected traffic 16
Attack vector 1. Social engineering 2. Phishing 3. Baiting 17
Security Patterns 1. Identity and access management 2. Segregation of duties and least privilege 3. Layered security 4. cryptography 18
1. Identity and access management It’s a process of managing the identity of people and systems, and their permissions. Steps: 1. Identification 2. Authentication 3. Authorization 19
1. Segregation of duties and least privilege 2. Layered security 3. Cryptography 1. Symmetric key encryption 2. Asymmetric key encryption 3. Hash function and digital signature 4. Cryptographic attacks 20

More Related Content

PPTX
08. networking-part-2
Muhammad Ahad
 
PPTX
07. datacenters
Muhammad Ahad
 
PPTX
04. availability-concepts
Muhammad Ahad
 
PPTX
09. storage-part-1
Muhammad Ahad
 
PPTX
01. 03.-introduction-to-infrastructure
Muhammad Ahad
 
PPTX
05. performance-concepts
Muhammad Ahad
 
PPTX
05. performance-concepts-26-slides
Muhammad Ahad
 
PPTX
08. networking
Muhammad Ahad
 
08. networking-part-2
Muhammad Ahad
 
07. datacenters
Muhammad Ahad
 
04. availability-concepts
Muhammad Ahad
 
09. storage-part-1
Muhammad Ahad
 
01. 03.-introduction-to-infrastructure
Muhammad Ahad
 
05. performance-concepts
Muhammad Ahad
 
05. performance-concepts-26-slides
Muhammad Ahad
 
08. networking
Muhammad Ahad
 

What's hot (20)

PPTX
IP tables and Filtering
Aisha Talat
 
PPTX
11. operating-systems-part-2
Muhammad Ahad
 
PPT
Chapter03 Creating And Managing User Accounts
Raja Waseem Akhtar
 
PPTX
User and groups administrator
Aisha Talat
 
PPT
System Administration: Introduction to system administration
Khang-Ling Loh
 
PPTX
12. End user devices.pptx
Sibghatullah585075
 
PPT
Server configuration
Aisha Talat
 
PPT
Distributed Systems
Rupsee
 
PPTX
03. non-functional-attributes-introduction-4-slides
Muhammad Ahad
 
PPT
Distributed Systems
vampugani
 
PPT
Protection and Security in Operating Systems
vampugani
 
PPTX
System Administration DCU
Khalid Rehan
 
PPTX
Understanding the Windows Server Administration Fundamentals (Part-1)
Tuan Yang
 
PPTX
01. 02. introduction (13 slides)
Muhammad Ahad
 
PPTX
Fundamentals of Servers, server storage and server security.
Aakash Panchal
 
PPTX
Backup and recovery
dhawal mehta
 
PPT
Chapter 6-Consistency and Replication.ppt
sirajmohammed35
 
PPTX
Data backup and disaster recovery
catacutanjcsantos
 
PPTX
10. compute-part-1
Muhammad Ahad
 
PPTX
User authentication
CAS
 
IP tables and Filtering
Aisha Talat
 
11. operating-systems-part-2
Muhammad Ahad
 
Chapter03 Creating And Managing User Accounts
Raja Waseem Akhtar
 
User and groups administrator
Aisha Talat
 
System Administration: Introduction to system administration
Khang-Ling Loh
 
12. End user devices.pptx
Sibghatullah585075
 
Server configuration
Aisha Talat
 
Distributed Systems
Rupsee
 
03. non-functional-attributes-introduction-4-slides
Muhammad Ahad
 
Distributed Systems
vampugani
 
Protection and Security in Operating Systems
vampugani
 
System Administration DCU
Khalid Rehan
 
Understanding the Windows Server Administration Fundamentals (Part-1)
Tuan Yang
 
01. 02. introduction (13 slides)
Muhammad Ahad
 
Fundamentals of Servers, server storage and server security.
Aakash Panchal
 
Backup and recovery
dhawal mehta
 
Chapter 6-Consistency and Replication.ppt
sirajmohammed35
 
Data backup and disaster recovery
catacutanjcsantos
 
10. compute-part-1
Muhammad Ahad
 
User authentication
CAS
 
Ad

Viewers also liked (11)

PPT
Chapter05
Muhammad Ahad
 
PPT
Chapter01
Muhammad Ahad
 
PPT
Chapter06
Muhammad Ahad
 
PPT
Chapter14
Muhammad Ahad
 
PPT
Chapter02
Muhammad Ahad
 
PPTX
Chapter04
Muhammad Ahad
 
PPTX
11. operating-systems-part-1
Muhammad Ahad
 
PPT
Chapter13
Muhammad Ahad
 
PPT
Chapter03
Muhammad Ahad
 
PPTX
10. compute-part-2
Muhammad Ahad
 
PPT
Artificial Intelligence
Muhammad Ahad
 
Chapter05
Muhammad Ahad
 
Chapter01
Muhammad Ahad
 
Chapter06
Muhammad Ahad
 
Chapter14
Muhammad Ahad
 
Chapter02
Muhammad Ahad
 
Chapter04
Muhammad Ahad
 
11. operating-systems-part-1
Muhammad Ahad
 
Chapter13
Muhammad Ahad
 
Chapter03
Muhammad Ahad
 
10. compute-part-2
Muhammad Ahad
 
Artificial Intelligence
Muhammad Ahad
 
Ad

Similar to 06. security concept (20)

PPTX
Threats and vulnerability , a danger to our valuable data and information.pptx
SARVSHRESTH98
 
PPTX
Threat modelling with_sample_application
Umut IŞIK
 
DOCX
cybersecurity 101 conducted by GDG on campus SUIIT
BinithKumar
 
PPTX
Malware analysis final.pptx in cybersecuriey
MillindGaba2
 
PPTX
(046) IS.pptx taxation on withholding statement
SameerAmeen2
 
PPTX
Information Systems.pptx
KnownId
 
PPTX
LIFT OFF 2017: Ransomware and IR Overview
Robert Herjavec
 
PPTX
CIA Triad In Information Security : Cyber
MalkiAman1
 
PDF
Management Information Systems
msd11
 
PPTX
Cyber Security
rahulbhardwaj312501
 
PPTX
Incident-Response-and-Recovery and cloud security.pptx
SHIVASAI508232
 
PDF
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
PDF
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
Kevin Fisher
 
PPTX
Cybersecurity_Essentials (1).pptx|cyber essentials
ameniselmi1925
 
PDF
Network security chapter 1,2
Education
 
PDF
Secure remote work
Allessandra Negri
 
PPTX
Navigating-the-Digital-Frontier-A-Guide-to-Cyber-Security Surojit.pptx.pptx
ayushsarkar975
 
PPTX
Computer Security Essentials.pptx
Guna Dhondwad
 
PDF
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Graeme Wood
 
PPT
Information Technology Security Basics
Mohan Jadhav
 
Threats and vulnerability , a danger to our valuable data and information.pptx
SARVSHRESTH98
 
Threat modelling with_sample_application
Umut IŞIK
 
cybersecurity 101 conducted by GDG on campus SUIIT
BinithKumar
 
Malware analysis final.pptx in cybersecuriey
MillindGaba2
 
(046) IS.pptx taxation on withholding statement
SameerAmeen2
 
Information Systems.pptx
KnownId
 
LIFT OFF 2017: Ransomware and IR Overview
Robert Herjavec
 
CIA Triad In Information Security : Cyber
MalkiAman1
 
Management Information Systems
msd11
 
Cyber Security
rahulbhardwaj312501
 
Incident-Response-and-Recovery and cloud security.pptx
SHIVASAI508232
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
Kevin Fisher
 
Cybersecurity_Essentials (1).pptx|cyber essentials
ameniselmi1925
 
Network security chapter 1,2
Education
 
Secure remote work
Allessandra Negri
 
Navigating-the-Digital-Frontier-A-Guide-to-Cyber-Security Surojit.pptx.pptx
ayushsarkar975
 
Computer Security Essentials.pptx
Guna Dhondwad
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Graeme Wood
 
Information Technology Security Basics
Mohan Jadhav
 

More from Muhammad Ahad (7)

PPT
Chapter12
Muhammad Ahad
 
PPT
Chapter11
Muhammad Ahad
 
PPT
Chapter10
Muhammad Ahad
 
PPT
Chapter09
Muhammad Ahad
 
PPT
Chapter08
Muhammad Ahad
 
PPT
Chapter07
Muhammad Ahad
 
PPT
Artificial Intelligence
Muhammad Ahad
 
Chapter12
Muhammad Ahad
 
Chapter11
Muhammad Ahad
 
Chapter10
Muhammad Ahad
 
Chapter09
Muhammad Ahad
 
Chapter08
Muhammad Ahad
 
Chapter07
Muhammad Ahad
 
Artificial Intelligence
Muhammad Ahad
 

Recently uploaded (20)

PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
August Patch Tuesday
Ivanti
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 

06. security concept

  • 2. Outline • Security concept 1. Introduction 2. Risk management i. risk response ii. Exploits iii. Security controls iv. Attack vectors 3. Security patterns i. Identity and access mgt. ii. Segregation of duties and least privilege iii. Layered security iv. cryptography 2
  • 4. Reason for Crimes 1. Personal exposure and prestige 2. Creating damage 3. Financial gain 4. Terrorism 5. Warfare 4
  • 6. definition Process of determining an acceptable level of risk, accessing the current level, taking steps to reduce risk to the acceptable level and maintaining that level. 6
  • 7. Risk list 1. Asset name 2. Vulnerability 3. Exploit 4. Probability 5. Impact 6. Risk 7
  • 9. Risk response • Decided by senior mgt. 1. Acceptance 2. Avoidance 3. Transfer 4. Mitigation (steps to mitigate) a) Design for minimum risk b) Incorporate safety devices c) Provide warning devices d) Implement training and procedures 9
  • 10. Exploits • Key logger installation. • Use of network sniffers • Backup data • Disposed of PCs and disks • Corrupt staff can copy the information • Phishing 10
  • 11. Security Controls • Confidentiality • Integrity • Availability 11
  • 12. Attack vector Attacks on infrastructure can be executed using: 1. Malicious code 2. Denial of services 3. Social engineering 4. phishing 12
  • 13. 1. Malicious code These are the application that can cause: 1. network and server overload 2. steal data and passwords 3. Erase data Forms 1. Viruses 2. Trojan horses 3. worms 13
  • 14. DoS Attack This is an attempt to overload an infrastructure to cause downtime of a system. How to perform DoS attack? Why we use DDoS attack? What is botnets? 14
  • 15. Prevention of DDoS 1. Split business and public resources 2. Use external cloud provider 3. Setup automatic scalability 4. Limit bandwidth for certain traffic 5. Lower the TTL 6. Monitor traffic volume & source and number of request. 15
  • 16. Prevention of DDoS Some other actions 1. Immediately inform your internet provider and ask for help. 2. Run connection termination script 3. Change the server 4. Reroute or drop suspected traffic 16
  • 17. Attack vector 1. Social engineering 2. Phishing 3. Baiting 17
  • 18. Security Patterns 1. Identity and access management 2. Segregation of duties and least privilege 3. Layered security 4. cryptography 18
  • 19. 1. Identity and access management It’s a process of managing the identity of people and systems, and their permissions. Steps: 1. Identification 2. Authentication 3. Authorization 19
  • 20. 1. Segregation of duties and least privilege 2. Layered security 3. Cryptography 1. Symmetric key encryption 2. Asymmetric key encryption 3. Hash function and digital signature 4. Cryptographic attacks 20