Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity ATD Scenario conclusion

Published byBetty Ashlyn Webster Modified over 5 years ago

Similar presentations

Presentation on theme: "Cybersecurity ATD Scenario conclusion"— Presentation transcript:

1 Cybersecurity ATD Scenario conclusion

2 ATD objectives Apply 5-step cybersecurity framework throughout the system's lifecycle Analyze via representative system Apply cybersecurity risk management process Recognize role of team approach to cybersecurity success Analyze risk; consequences and likelihood via risk cube Develop alternatives to material/non-material solution(s) via tradeoff analyzes Students should be able to understand: the difference between threat, risk, attack and vulnerability how threats materialize into attacks where to find information about threats, vulnerabilities and attacks typical threats, attacks and exploits and the motivations behind them high-level understanding of how example attacks work (e.g. DDOS, phishing and buffer overflow) how users are targeted in an attack and why this must be considered in defending against such attacks the concept of a threat landscape, its dynamic nature and how to create a landscape for an organization how to classify threats and example categories that there are different attacks, which have different patterns and different steps – for example be able to compare a DDOS to an attack designed to copy information how to classify threats and example categories that there are different types of malware – for example viruses, Trojans and spyware – their distribution mechanism and a detailed understanding of how they compromise information and systems that attacks can be combined for greater effect (e.g. phishing , followed by social engineering phone call)

3 CYBERSECURITY ACQUISITION STRATEGY
Adjust your plans to execute the acquisition strategy: NEAR MID LONG TERM TERM TERM Implement Contingency Plans Implement CONOPS Material/Non-Material Solutions Training Policies/Procedures Develop Acquisition and Strategic Plans Students should be able to understand: the difference between threat, risk, attack and vulnerability how threats materialize into attacks where to find information about threats, vulnerabilities and attacks typical threats, attacks and exploits and the motivations behind them high-level understanding of how example attacks work (e.g. DDOS, phishing and buffer overflow) how users are targeted in an attack and why this must be considered in defending against such attacks the concept of a threat landscape, its dynamic nature and how to create a landscape for an organization how to classify threats and example categories that there are different attacks, which have different patterns and different steps – for example be able to compare a DDOS to an attack designed to copy information how to classify threats and example categories that there are different types of malware – for example viruses, Trojans and spyware – their distribution mechanism and a detailed understanding of how they compromise information and systems that attacks can be combined for greater effect (e.g. phishing , followed by social engineering phone call)

4 Acquisition & operations
Threat Mgmt. Implementation Cyber Operations Test and Development Security Architecture and Engineering

5 Atd outcomes Smart Planning Early Trade-Space and Trade-Offs
People/Process Team Sport Acquisition and Operation linkage

Download ppt "Cybersecurity ATD Scenario conclusion"

Similar presentations

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.
Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz

Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz
SC2 meeting 24 November 2014 Security Measures and Resources Toolbox

SC2 meeting 24 November 2014 Security Measures and Resources Toolbox
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Malware and Spyware Attacking Cell Phones Chris Gooch, Jessica Russell, Destiny Logan.

Malware and Spyware Attacking Cell Phones Chris Gooch, Jessica Russell, Destiny Logan.
Copyright © 2011 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Software Assurance Session 15 INFM 603. Bug hunting vs. vulnerability spotting Bugs are your code not behaving as you designed it. Many can be found by.

Software Assurance Session 15 INFM 603. Bug hunting vs. vulnerability spotting Bugs are your code not behaving as you designed it. Many can be found by.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
Copyright © 2011 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
7 Information Security.

7 Information Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
 Introduction to Computing  Computer Programming  Terrorisom.

 Introduction to Computing  Computer Programming  Terrorisom.
Computer Concepts 2014 Chapter 10 Information Systems Analysis and Design.

Computer Concepts 2014 Chapter 10 Information Systems Analysis and Design.
Copyright © 2011 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

Similar presentations

Ads by Google