Is to employ multiple layers of controls in order to avoid having a single point of failure. For example, many organizations use not only firewalls but also multiple authentication methods to restrict access.
Time-based model of
Is to emply a combination of detective and corrective controls that identify an information security incident early enough to prevent the loss or compromise of information.
= time it takes the attackers to break through preventive controls.
= the time it takes to detect that an attack is in progress.
= the time it takes to respond to the attack.
P > D + C then organizations security is effective.
study the targets and its layout.
Attempt Social engineering
This is when attackers try to use information obtained during their initial reconnaissance to “trick” an unsuspecting employee into granting them access.
Scan and map the target
if they cant attempt social engineering, then conduct further reconnaissance.
once the attacker has identified specific targets and knows what versions of software are running on them, the next step is to conduct research to find vulnerabilities for those programs.
Execute the attack
obtain unauthorized access to the system.
after you attack the system, most attacks then try to cover their tracks.
Is the process of verifying the identity of the person or device attempting to access the system. PIN’s, ID badges, or biometric identifiers.
Physical characteristics such as a fingerprint.
Using two or all three types of authentication together.
Using multiple credentials of the same type together.
Is the process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform.
Access control matrix·
A matrix to show the authorization controls (whohas authentication to what).
Matches the user’s authentication credentialsagainst the access control matrix to determine whether that employee should beallowed to access that resource and perform the requested action.
A device that connects an organizationsinformation system to the internet.
Is either a special-purpose hardware device or software running on a general-purpose computer.
Demilitarized zone DMZ·
Is a separate network that permits controlledaccess from the internet to selected resources, such as the organization’se-commerce Web server.
COBIT's framework ensures that information provided to management satisfies seven key criteria:
1. plan and organize
2. acquire and implement
3. deliver and support
4. monitor and evaluate
The Trust Services Framework classifies information systems controls into five categories:
4. processing integrity
Managements role in information security
1. create and foster a pro-active "security aware" culture
2. inventory and value the organization's information resources
3. assess risks and select a risk response
4. develope and communicate security plans, policies, and procedures.
5. acquire and deploy information security technologies and products.
6. monitor and evaluate the effectiveness of the organizations information security program
training, user access controls, physical access controls, network access controls, device and software hardening controls.