Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threat and Risk Assessments in a Network Environment Ted Reinhardt Course 94.470

Similar presentations


Presentation on theme: "Threat and Risk Assessments in a Network Environment Ted Reinhardt Course 94.470"— Presentation transcript:

1 Threat and Risk Assessments in a Network Environment Ted Reinhardt Course

2 Threat and Risk Assessment Overview an Evaluation of the Three Little Pigs Performance

3 Asset Value Dwelling Confidentiality, Integrity, Availability and Value

4 Threat Threat agent Destruction Threat Class Blows House Down Wolf f 25 km/h Threat Event

5 Threat Classes Destruction - Blows House Down Removal - Steals house by moving it off foundation Disclosure - Listens in to conversations in the house Interruption - Keeps knocking on the door preventing owner from doing work Modification - Redecorates house (like Trading Spaces) DR DIM

6 Little Pig #1 - Straw House Threat and Risk Assessment

7 Pig #1 Straw House Performance Evaluation  One night the big bad wolf, who dearly loved to eat fat little piggies, came along and saw the first little pig in his house of straw. He said "Let me in, Let me in, little pig or I'll huff and I'll puff and I'll blow your house in!” "Not by the hair of my chinny chin chin", said the little pig.  But of course the wolf did blow the house in and ate the first little pig. Threat Assessment was wrong. Likelihood was incorrectly assessed.

8 Little Pig #3 - Post Straw House Attack Threat Assessment

9 Safeguard Administrative, Procedural or Technical mechanisms used to mitigate a threat. Safeguards Cost to Implement House made of Sticks (wind loading 10 mph) $2.00/bundle House made of Bricks (wind loading 70 mph) $1000/pallet

10 Management Risk Decision accept the risk mitigate the risk Risk Cost Balance is important

11 Re-evaluate Safeguards Periodically

12 Identity Threats Events  Destruction  Removal  Disclosure  Interruption  Modification NETSEC Threat Classes

13 Typical Threat Events  Eavesdropping  Traffic Flow Analysis  Masquerading  Denial of service attacks  Repudiation  Replay Covert Channel

14 Select Safeguards  Authentication  Access Control  Confidentiality  Integrity  Non-repudiation  Availability -- redundancy,recovery,disaster

15 Layer Safeguards Filtering Routers & 2 feeds IPSEC VPN Gateway Firewall Web Server TLS Server Network Filter Detection Hardened Server


Download ppt "Threat and Risk Assessments in a Network Environment Ted Reinhardt Course 94.470"

Similar presentations


Ads by Google