Sicheng Liu bio photo

Email

LinkedIn

Github

Week 9 - Security Management

Lecture

CIA

  • Confidentiality
    • Encryption, authorization
  • Integrity
  • Availability

Security Controls

  • Technical controls
  • Physical controls
  • Administrative controls

Best Practices

  • Strong passwords
    • Brute-force attack
    • Dictionary attack
    • Rainbow table attack
    • Social engineering attack
      • Phishing
      • Pretexting
      • Baiting
      • Quid pro quo
  • Multi-factor authentication
    • Something I know
    • Something I have
    • Something I am
  • Keep software updated
  • Beware of phishing
  • Secure web browsing(HTTPS)
  • Encrypt sensitive data
  • Regular data backup
  • Apply least privilege
  • Employee training
  • Incident response plan

Advanced persistent threat (APT)

  • Sustained effort
  • Stealthy operations
  • Customized attacks
  • Multi-stage

STRIDE Threat Modeling

  • Spoofing
  • Tampering
  • Repudiation
  • Information disclosure
  • Denial of service
  • Elevation of privilege

Incident Response

Detection:

  • Log
    • Provides detailed information about an event
  • Alert
    • Signals a potential problem or significant event
  • Metrics
    • Measures the performance or state of a system or component

Incident Response Team

  • Tech incident response
  • Business leader
  • Business backup
  • Tech specialists
  • Legal department
  • Comms department
  • HR department

Incident Response Testing

  • Tabletop exercises
  • Functional exercises
  • Full-scale exercises
  • Red teaming

Evidence Collection Practices

  • Use chain-of-custody protocols
  • Use encryption
  • Use secure access controls
  • Use digital signature and hashes
  • Use forensic specific tools

Cloud Adoption

The cloud platform provide the security management method.

Deployment Model

  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud

Virtualization

Multiple virtual machines run on a single physical machine by partitioning the resources of the physical machine into virtual environments.

  • Bare-metal virtualization
    • Better performance
    • More complex to set up
  • Hosted virtualization
    • More overhead
    • Easier to set up

Cloud Service Models

  • IaaS
    • Application, operation system, virtual machine
  • PaaS
    • Application
  • SaaS
    • Client focus on data
    • e.g. Google Drive