UNIT I PLANNING FOR CYBER SECURITY

Best Practices-Standards and a plan of Action-Security Governance Principles,

components and Approach-Information Risk Management-Asset Identification-Threat
Identification-Vulnerability Identification-Risk Assessment Approaches-Likelihood and
Impact Assessment-Risk Determination, Evaluation and Treatment-Security Management
Function-Security Policy-Acceptable Use Policy-Security Management Best Practices -
Security Models: Bell La Padula model, Biba Integrity Model - Chinese Wall mode
UNIT I
PLANNING FOR CYBER SECURITY
Cybersecurity is the practice of defending computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks. It's also known as
information technology security or electronic information security.
Cyber security is the application of technologies, processes, and controls to protect
systems, networks, programs, devices and data from cyber attacks.
It aims to reduce the risk of cyber attacks and protect against the unauthorised
exploitation of systems, networks, and technologies.

The term "cybersecurity" applies in a variety of contexts, from business to mobile

computing, and can be divided into a few common categories.

 Network security is the practice of securing a computer network from intruders,

whether targeted attackers or opportunistic malware.
 Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data its designed to protect.
Successful security begins in the design stage, well before a program or device is
deployed.
 Information security protects the integrity and privacy of data, both in storage and
in transit.
 Operational security includes the processes and decisions for handling and
protecting data assets. The permissions users have when accessing a network and
the procedures that determine how and where data may be stored or shared all fall
under this umbrella.
 Disaster recovery and business continuity define how an organization responds to
a cyber-security incident or any other event that causes the loss of operations or data.
Disaster recovery policies dictate how the organization restores its operations and
information to return to the same operating capacity as before the event. Business
continuity is the plan the organization falls back on while trying to operate without
certain resources.
 End-user education addresses the most unpredictable cyber-security factor: people.
Anyone can accidentally introduce a virus to an otherwise secure system by failing
 to follow good security practices. Teaching users to delete suspicious email
attachments, not plug in unidentified USB drives, and various other important
lessons is vital for the security of any organization.

The Different Types of Cybersecurity

Cyber security is a wide field covering several disciplines. It can be divided into seven
main pillars:
1. Network Security
Most attacks occur over the network, and network security solutions are designed to
identify and block these attacks. These solutions include data and access controls such as
Data Loss Prevention (DLP), IAM (Identity Access Management), NAC (Network Access
Control), and NGFW (Next-Generation Firewall) application controls to enforce safe web
use policies.
Advanced and multi-layered network threat prevention technologies include IPS
(Intrusion Prevention System), NGAV (Next-Gen Antivirus), Sandboxing, and CDR
(Content Disarm and Reconstruction). Also important are network analytics, threat
hunting, and automated SOAR (Security Orchestration and Response) technologies.
2. Cloud Security
As organizations increasingly adopt cloud computing, securing the cloud becomes a
major priority. A cloud security strategy includes cyber security solutions, controls,
policies, and services that help to protect an organization’s entire cloud deployment
(applications, data, infrastructure, etc.) against attack.
While many cloud providers offer security solutions, these are often inadequate to
the task of achieving enterprise-grade security in the cloud. Supplementary third-party
solutions are necessary to protect against data breaches and targeted attacks in cloud
environments.
3. Endpoint Security
The zero-trust security model prescribes creating micro-segments around data
wherever it may be. One way to do that with a mobile workforce is using endpoint security.
With endpoint security, companies can secure end-user devices such as desktops and
laptops with data and network security controls, advanced threat prevention such as anti-
phishing and anti-ransomware, and technologies that provide forensics such as endpoint
detection and response (EDR) solutions.
4. Mobile Security
Often overlooked, mobile devices such as tablets and smartphones have access to
corporate data, exposing businesses to threats from malicious apps, zero-day, phishing, and
IM (Instant Messaging) attacks. Mobile security prevents these attacks and secures the
operating systems and devices from rooting and jailbreaking. When included with an MDM
(Mobile Device Management) solution, this enables enterprises to ensure only compliant
mobile devices have access to corporate assets.
5. IoT Security
 While using Internet of Things (IoT) devices certainly delivers productivity benefits,
it also exposes organizations to new cyber threats. Threat actors seek out vulnerable
devices inadvertently connected to the Internet for nefarious uses such as a pathway into a
corporate network or for another bot in a global bot network.
IoT security protects these devices with discovery and classification of the connected
devices, auto-segmentation to control network activities, and using IPS as a virtual patch
to prevent exploits against vulnerable IoT devices. In some cases, the firmware of the
device can also be augmented with small agents to prevent exploits and runtime attacks.
6. Application Security
Web applications, like anything else directly connected to the Internet, are targets
for threat actors. Since 2007, OWASP has tracked the top 10 threats to critical web
application security flaws such as injection, broken authentication, misconfiguration, and
cross-site scripting to name a few.
With application security, the OWASP Top 10 attacks can be stopped. Application security
also prevents bot attacks and stops any malicious interaction with applications and APIs.
With continuous learning, apps will remain protected even as DevOps releases new
content.
7. Zero Trust
The traditional security model is perimeter-focused, building walls around an
organization’s valuable assets like a castle. However, this approach has several issues, such
as the potential for insider threats and the rapid dissolution of the network perimeter.
As corporate assets move off-premises as part of cloud adoption and remote work, a new
approach to security is needed. Zero trust takes a more granular approach to security,
protecting individual resources through a combination of micro-segmentation, monitoring,
and enforcement of role-based access controls.

Types of cyber threats

The threats countered by cyber-security are three-fold:
1. Cybercrime includes single actors or groups targeting systems for financial gain or to
cause disruption.
2. Cyber-attack often involves politically motivated information gathering.
3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.

So, how do malicious actors gain control of computer systems? Here are some common
methods used to threaten cyber-security:
Malware
Malware means malicious software. One of the most common cyber threats,
malware is software that a cybercriminal or hacker has created to disrupt or damage a
legitimate user’s computer. Often spread via an unsolicited email attachment or legitimate-
looking download, malware may be used by cybercriminals to make money or in politically
motivated cyber-attacks.
There are a number of different types of malware, including:
 Virus: A self-replicating program that attaches itself to clean file and spreads
throughout a computer system, infecting files with malicious code.
 Trojans: A type of malware that is disguised as legitimate software. Cybercriminals
trick users into uploading Trojans onto their computer where they cause damage or
collect data.
 Spyware: A program that secretly records what a user does, so that cybercriminals
can make use of this information. For example, spyware could capture credit card
details.
 Ransomware: Malware which locks down a user’s files and data, with the threat of
erasing it unless a ransom is paid.
 Adware: Advertising software which can be used to spread malware.
 Botnets: Networks of malware infected computers which cybercriminals use to
perform tasks online without the user’s permission.
SQL injection
An SQL (structured language query) injection is a type of cyber-attack used to take
control of and steal data from a database. Cybercriminals exploit vulnerabilities in data-
driven applications to insert malicious code into a databased via a malicious SQL
statement. This gives them access to the sensitive information contained in the database.
Phishing
Phishing is when cybercriminals target victims with emails that appear to be from a
legitimate company asking for sensitive information. Phishing attacks are often used to
dupe people into handing over credit card data and other personal information.
Man-in-the-middle attack
A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts
communication between two individuals in order to steal data. For example, on an unsecure
WiFi network, an attacker could intercept data being passed from the victim’s device and
the network.
Denial-of-service attack
A denial-of-service attack is where cybercriminals prevent a computer system from
fulfilling legitimate requests by overwhelming the networks and servers with traffic. This
renders the system unusable, preventing an organization from carrying out vital functions.
Latest cyber threats
What are the latest cyber threats that individuals and organizations need to guard
against? Here are some of the most recent cyber threats that the U.K., U.S., and Australian
governments have reported on.
Dridex malware
In December 2019, the U.S. Department of Justice (DoJ) charged the leader of an
organized cyber-criminal group for their part in a global Dridex malware attack. This
malicious campaign affected the public, government, infrastructure and business
worldwide.
 Dridex is a financial trojan with a range of capabilities. Affecting victims since 2014,
it infects computers though phishing emails or existing malware. Capable of stealing
passwords, banking details and personal data which can be used in fraudulent transactions,
it has caused massive financial losses amounting to hundreds of millions.
In response to the Dridex attacks, the U.K.’s National Cyber Security Centre advises
the public to “ensure devices are patched, anti-virus is turned on and up to date and files
are backed up”.
Romance scams
In February 2020, the FBI warned U.S. citizens to be aware of confidence fraud that
cybercriminals commit using dating sites, chat rooms and apps. Perpetrators take advantage
of people seeking new partners, duping victims into giving away personal data.
The FBI reports that romance cyber threats affected 114 victims in New Mexico in
2019, with financial losses amounting to $1.6 million.
Emotet malware
In late 2019, The Australian Cyber Security Centre warned national organizations
about a widespread global cyber threat from Emotet malware.
Emotet is a sophisticated trojan that can steal data and also load other malware.
Emotet thrives on unsophisticated password: a reminder of the importance of creating a
secure password to guard against cyber threats.
End-user protection
End-user protection or endpoint security is a crucial aspect of cyber security. After
all, it is often an individual (the end-user) who accidentally uploads malware or another
form of cyber threat to their desktop, laptop or mobile device.
Cyber safety tips - protect yourself against cyberattacks
How can businesses and individuals guard against cyber threats? Here are our top cyber
safety tips:
1. Update your software and operating system: This means you benefit from the latest
security patches.
2. Use anti-virus software: Security solutions like Kaspersky Premium will detect and
removes threats. Keep your software updated for the best level of protection.
3. Use strong passwords: Ensure your passwords are not easily guessable.
4. Do not open email attachments from unknown senders: These could be infected with
malware.
5. Do not click on links in emails from unknown senders or unfamiliar websites:This is
a common way that malware is spread.
6. Avoid using unsecure WiFi networks in public places: Unsecure networks leave you
vulnerable to man-in-the-middle attacks.
Best practices:
Here, we’ve compiled a list of the top cybersecurity tips and best practices for you
to implement and share with others. We’ll continue to update this list to help keep your
business secure.
1. Keep software up-to-date
Software companies typically provide software updates for 3 reasons: to add new
features, fix known bugs, and upgrade security.
Always update to the latest version of your software to protect yourself from new or
existing security vulnerabilities.

2. Avoid opening suspicious emails

If an email looks suspicious, don’t open it because it might be a phishing scam.
Someone might be impersonating another individual or company to gain access to your
personal information. Sometimes the emails may also include attachments or links that can
infect your devices.

3. Keep hardware up-to-date

Outdated computer hardware may not support the most recent software security
upgrades. Additionally, old hardware makes it slower to respond to cyber-attacks if they
happen. Make sure to use computer hardware that’s more up-to-date.

4. Use a secure file-sharing solution to encrypt data

If you regularly share confidential information, you absolutely need to start using a
secure file-sharing solution. Regular email is not meant for exchanging sensitive
documents, because if the emails are intercepted, unauthorized users will have access to
your precious data.
On the other hand, using a secure file-sharing solution like TitanFile will automatically
encrypt sensitive files so that you don’t have to worry about a data breach. Remember,
your files are only as secure as the tools you chose to share them with.

5. Use anti-virus and anti-malware

As long as you’re connected to the web, it’s impossible to have complete and total
protection from malware. However, you can significantly reduce your vulnerability by
ensuring you have an anti-virus and at least one anti-malware installed on your computers.

6. Use a VPN to privatize your connections

For a more secure and privatized network, use a virtual private network (VPN). It’ll
encrypt your connection and protect your private information, even from your internet
service provider.
Links can easily be disguised as something they’re not so it’s best to double check
before you click on a hyperlink. On most browsers, you can see the target URL by hovering
over the link. Do this to check links before you click on them.

8. Don’t be lazy with your passwords!

Put more effort into creating your passwords. You can use a tool
like howsecureismypassword.net to find out how secure your passwords are.

9. Disable Bluetooth when you don’t need it

Devices can be hacked via Bluetooth and subsequently your private information can
be stolen. If there’s no reason to have your Bluetooth on, turn it off!

10. Enable 2-Factor Authentication

Many platforms now allow you to enable 2-factor authentication to keep your
accounts more secure. It’s another layer of protection that helps verify that it’s actually you
who is accessing your account and not someone who’s unauthorized. Enable this security
feature when you can.

11. Remove adware from your machines

Adware collects information about you to serve you more targeted ads. It’s best to
rid your computer of all forms of adware to maintain your privacy. Use AdwCleaner to
clean adware and unwanted programs from your computer.

12. Double-check for HTTPS on websites

When you’re on a website that isn’t using HTTPS, there’s no guarantee that the
transfer of information between you and the site’s server is secure. Double-check that a
site’s using HTTPS before you give away personal or private information.

13. Don’t store important information in non-secure places

When storing information online, you want to keep it in a location that can’t be
accessed by unauthorized users.

14. Scan external storage devices for viruses

External storage devices are just as prone to malware as internal storage devices. If
you connect an infected external device to your computer, the malware can spread. Always
scan external devices for malware before accessing them.

15. Avoid using public networks

When you connect to a public network, you’re sharing the network with everyone
who is also connected. Any information you send or retrieve on the network is vulnerable.
Stay away from public networks or use a VPN when you’re connected to one.

16. Avoid the “secure enough” mentality

Unless you’re completely isolated from the rest of the world, there’s no such thing
as being “secure enough.” Big companies like Facebook invest a fortune into security every
year but are still affected by cyber attacks.
17. Invest in security upgrades
Following the previous tip, try to invest in security upgrades when they’re available.
It’s better to eat the costs of security than pay for the consequences of a security breach!

18. Back up important data

Important data can be lost as a result of a security breach. To make sure you’re
prepared to restore data once it’s lost, you should ensure your important information is
backed up frequently on the cloud or a local storage device.

19. Train employees

The key to making cybersecurity work is to make sure your employees well trained,
in sync, and consistently exercising security practices. Sometimes, one mistake from an
improperly trained employee can cause an entire security system to crumble.

20. Use HTTPS on your website

Having an SSL certificate installed and HTTPS enabled on your website will help
encrypt all information that travels between a visitor’s browser and your web server.

21. Employ a “White Hat” hacker

Not all hackers are bad. Some hackers expose security risks for the sake of helping
others improve their cybersecurity by keeping them aware of security flaws and patching
them. These hackers are known as “white hat” hackers. It might benefit you to hire one to
help you find risks you never knew you had.

CYBERSECURITY STANDARD
A cybersecurity standard is a set of guidelines or best practices that organizations
can use to improve their cybersecurity posture.
Organizations can use cybersecurity standards to help them identify and implement
appropriate measures to protect their systems and data from cyber threats. Standards can
also provide guidance on how to respond to and recover from cybersecurity incidents.
Cybersecurity frameworks are generally applicable to all organizations, regardless
of their size, industry, or sector. This page details the common cybersecurity compliance
standards that form a strong basis for any cybersecurity strategy.

FISMA (Federal Information Security Management Act)

The FISMA (Federal Information Security Management Act) is a US federal law
enacted as Title III of the E-Government Act of 2002. The law establishes a comprehensive
framework for ensuring the security of information and information systems for all
executive branch agencies.
The FISMA was put in place to strengthen information security within federal
agencies, NIST, and the OMB (Office of Management and Budget). It requires federal
agencies to implement information security programs to ensure their information and IT
systems’ confidentiality, integrity, and availability, including those provided or managed
by other agencies or contractors.

HIPAA (Health Insurance Portability and Accountability Act)

The HIPAA (Health Insurance Portability and Accountability Act) is a set of federal
regulations that protect the privacy of patients’ health information. The HIPAA applies to
all forms of health information, including paper records, electronic records, and oral
communications.
It aims to make it easier for people to keep their health insurance when they change
jobs, protect the confidentiality and security of health care information, and help the health
care industry control its administrative costs.

ISO 22301
ISO 22301 is an international standard that outlines how organizations can ensure
business continuity and protect themselves from disaster. The Standard provides a
framework for a comprehensive BCMS (business continuity management system). It can
be used by any organization, regardless of size, industry, or location.

ISO/IEC 27001
ISO 27001 is an international standard for information security that provides a
framework for managing sensitive company information. The Standard includes
requirements for developing an ISMS (information security management system),
implementing security controls, and conducting risk assessments.
The Standard’s framework is designed to help organizations manage their security
practices in one place, consistently and cost-effectively.

ISO/IEC 27002
ISO 27002 is the code of practice for information security management. It provides
guidance and recommendations on how to implement security controls within an
organization. ISO 27002 supports the ISO 27001 standard, which provides the
requirements for an ISMS.

ISO/IEC 27031
ISO 27031 is a standard for ICT (information and communications technology)
preparedness for business continuity. It provides guidance on how organizations can use
ICT to protect their business operations and ensure continuity in the event of an incident
or a disaster.
Achieving compliance with ISO 27031 helps organizations understand the threats to ICT
services, ensuring their safety in the event of an unplanned incident.
ISO/IEC 27032
ISO 27032 is an internationally recognized standard that provides guidance on
cybersecurity for organizations. The Standard is designed to help organizations protect
themselves against cyber attacks and manage the risks associated with the use of
technology. It is based on a risk management approach and provides guidance on how to
identify, assess, and manage cyber risks. The Standard also includes guidance on incident
response and recovery.

ISO/IEC 27701
ISO 27701 specifies the requirements for a PIMS (privacy information management
system) based on the requirements of ISO 27001. It is extended by a set of privacy-specific
requirements, control objectives, and controls.
Organizations that have implemented ISO 27001 can use ISO 27701 to extend their
security efforts to cover privacy management. This can help demonstrate compliance with
data protection laws such as the California Privacy Rights Act (CPRA) and the EU General
Data Protection Regulation (GDPR).

NIST CSF (Cybersecurity Framework)

The NIST CSF (National Institute of Standards and Technology Cybersecurity
Framework) is a voluntary framework that provides a set of standards, guidelines, and best
practices for managing cybersecurity risks.
The framework helps organizations to identify, assess, and manage their
cybersecurity risks in a structured and repeatable manner. The framework is not mandatory,
but it is increasingly being adopted by organizations as a voluntary measure to improve
their cybersecurity posture.

Copyright Act
The Copyright Act 1957 amended by the Copyright Amendment Act 2012 governs
the subject of copyright law in India. This Act is applicable from 21 January 1958.
Copyright is a legal term which describes the ownership of control of the rights to the
authors of "original works of authorship" that are fixed in a tangible form of expression.
An original work of authorship is a distribution of certain works of creative expression
including books, video, movies, music, and computer programs. The copyright law has
been enacted to balance the use and reuse of creative works against the desire of the creators
of art, literature, music and monetize their work by controlling who can make and sell
copies of the work.
The copyright act covers the following-
o Rights of copyright owners
o Works eligible for protection
o Duration of copyright
o Who can claim copyright
The copyright act does not covers the following-
o Ideas, procedures, methods, processes, concepts, systems, principles, or discoveries
o Works that are not fixed in a tangible form (such as a choreographic work that has
not been notated or recorded or an improvisational speech that has not been written
down)
o Familiar symbols or designs
o Titles, names, short phrases, and slogans
o Mere variations of typographic ornamentation, lettering, or coloring
IPR
Intellectual property rights is a right that allow creators, or owners of patents,
trademarks or copyrighted works to benefit from their own plans, ideas, or other intangible
assets or investment in a creation. These IPR rights are outlined in the Article 27 of the
Universal Declaration of Human Rights. It provides for the right to benefit from the
protection of moral and material interests resulting from authorship of scientific, literary
or artistic productions. These property rights allow the holder to exercise a monopoly on
the use of the item for a specified period.

PLAN OF ACTION:

Cybersecurity is the most important factor to safeguard the data of an organization.

Even if it is a small scale or large scale company, everyone has to ensure that the company's
data is safe and secure. Cybersecurity is a practice of Safeguarding the computers, servers,
networks, electronic systems, mobile phones, and especially the data from malicious
attacks.
To keep an eye on confidential data, Companies are investing more in cybersecurity
to eliminate the risk of the data breach. A cyber attack can from any means from inside
your company or from an external source

Plan implementation required support from senior management, system

users, maintenance, personnel, support staff, and system and equipment venders. 4
Phases of Security Program are:

Phase1 – security plan awareness, establishment of a security team and risk

assessment funding.
Phase2- Risk assessment and security plan funding
Phase3-Security plan development and security countermeasures
Phase4-Implementation of security plan measures and maintenance plan.

Phase1 – security plan awareness, establishment of a security team and risk assessment
funding Security program. The leadership establishes and maintains the organizational
 “attention span” for cybersecurity. Technical Personnel must explain to senior
management the various impacts of a breach on life safety, equipment safety, revenue
service, customer service and satisfaction.

Key activities based on best practices for this phase include:

• Ensuring active executive sponsorship for each stage of planning, deploying and
monitoring cybersecurity efforts which is critical to success of the efforts.
• Assigning responsibility for cybersecurity risk management to a senior manager
so that risk mitigation, resource allocation decisions and policy enforcement all roll up
to a clearly defined executive with the requisite authority.
• Defining the systems and critical cyber assets that need to be secured along with
their classification (Ex: Operational Systems, Payment Systems, Confidential
information) to assist in making informed decisions about risk.
Phase2:
Phase 2 focuses on Risk Assessment of both physical and cyber elements to identify
vulnerabilities and the likelihood of loss of functionality due to system or component
failure.
 Generate management support and empowerment for the risk-assessment
process.
 Form the risk assessment team from technical experts and stakeholders.
 Identify assets and loss impacts.
 Identify threats to assets.
 Identify and analyze vulnerabilities.
 Assess risk and determine priorities for the protection of critical assets.
 Identify Countermeasures, their costs and
trade-offs.
Phase 3:
Phase 3 is the development of security plan and cybr and physical security
countermeasures for enw and existing systems and equipment.Control and
communications systems boundaries:
Identify the systems Identify the equipment Identify the locations Identify the
stakeholders
Phase4:
Phase4 is the implementation of the security plan through the establishment of
a security plan management system and a maintenance plan.

CYBER SECURITY ACTION PLAN:

The six steps in developing your cybersecurity action plan:

1. Conduct an inventory of all data you have.
2. Once you've identified your data, keep a record of its location and move it to
 more appropriate locations as needed.
3. Develop a privacy policy.
4. Protect data collected on the Internet.
5. Create layers of security.
6. Plan for data loss or theft.

STEP 1 – CONDUCT AN INVENTORY OF ALL DATA

 What kind of data do you have in your business

 Customer data • Employee information • Proprietary and
sensitive business information
 How is that data handled and protected
 Where is this data stored • What happens when the data is used or
moved to a different location
 Who has access to that data • Who has rights to access that data• How
will the access privileges be managed

STEP 2 - KEEP A RECORD OFWHERE DATA IS LOCATED

Record the location of data. Keep in mind that the same data could be located in
more than one location.
Location could include:
 Local or desktop computer • Central file server • Cloud • Mobile devices
such as USB memory stick • Smartphones
 Consider moving it to a more appropriate
location.

STEP 3 – DEVELOP A PRIVACY POLICY

Privacy policy is a pledge to your customers that you will use and protect their
information in ways that they expect and that adhere to your legal obligations.

 Create your privacy policy with care.

 Growing number of regulations protecting customer and employee privacy.
There are costly penalties if you do not comply • You will be held
accountable for what you claim and offer in your policy
 Share your policy, rules and expectations with all employees. • There
is a growing trend to post privacy policies on company websites
 Policy should address the following types of data: • Personally Identifiable
information •Personal Health Information • Customer Information
 STEP 4 – PROTECT DATA COLLECTED ON THE INTERNET
Your website can be a great place to collect information, but that comes with a
responsibility to protect that data.
 Data collected can include:
Transactions and payment information • Newsletter sign-ups • Online inquiries
• Customer requests or orders
 Data collected from your website can be stored in different places. • When you
host your own website, it may be stored on your own servers • When hosted by
a third party be sure that party protects that data fully
 That protection includes protection from: • Hackers and outsiders •
Employees of the hosting company Page

STEP 5 – CREATE LAYERS OF SECURITY

The idea of layering security is simple: You cannot and should not rely on just one
security mechanism – such as a password – to protect something sensitive. If that
security mechanism fails, you have nothing left to protect you.
 Classify your data: • HIGHLY CONFIDENTIAL • SENSITIVE • INTERNAL
USE ONLY
 Control access to your data.
 Secure your data: • Passwords – Random, complex and long • Encryption
 Back up your data. • Put a policy in place that specify what data is backed up,
how often, who is responsible, how and where backups are stored and who has
access. • Physical media used to store data is vulnerable, so make sure it is
encrypted.

STEP 6 – PLAN FOR DATA RECOVERY AFTER A LOSS OR THEFT

Plan for the unexpected, including the loss or theft of data.
 Be prepared for a rapid and coordinated response to any loss or theft of data.
 Employees and contractors should understand that they should report any loss or
theft to the appropriate company official.
 Test your data recovery from backup systems on a regular basis.

SECURITY GOVERNANCE PRINCIPLES:

According to the National Institute of Standards and Technology (NIST),
Information Security Governance involves establishing and maintaining a framework
to provide assurance that information security strategies are aligned with and support
business objectives, are consistent with applicable laws and regulations through
adherence to policies and internal controls, and provide assignment of responsibility,
all in an effort to manage risk.

A good Information Security Governance process can transform an organization and

 bring one or more of the following cybersecurity dividends –
 Structured, focused, and prioritized allocation of time, money, and efforts. Better
compliance with the organization’s information security policies.
 Better predictability and lesser uncertainty.
 Better decision-making that is structure-based than opinion-based.
 More ammunition in terms of due diligence performed by the organization leads to
a better stand when faced with legal consequences.
 Clear accountability and better information protection.

A cybersecurity framework arms organizations with the ability to protect

themselves from evolving cyber threats. A good cybersecurity framework’s primary
focus includes:
 Familiarize and harmonize cybersecurity approaches and provide a common
language. Establish the optimum level of cybersecurity tailored to the
organization’s specific environment and needs.
 Allocate a sufficient cybersecurity budget towards the implementation of the
framework. Effectively impart knowledge of cyber risks to top management.
Purpose of the cyber security principles
The purpose of the cyber security principles is to provide strategic guidance on how an
organisation can protect their information technology and operational technology
systems, applications and data from cyber threats. These cyber security principles are
grouped into five functions:
 GOVERN: Develop a strong cyber security culture.
 IDENTIFY: Identify assets and associated security risks.
 PROTECT: Implement controls to manage security risks.
 DETECT: Detect and analyse cyber security events to identify cyber security
incidents.
 RESPOND: Respond to and recover from cyber security incidents.
CYBER SECURITY PRINCIPLES:
1. Economy of mechanism
This principle states that Security m small as possible. The Economy of
mechanism principle simplifies the design and implementation of security
mechanisms. If the design and implementation are simple and small, fewer possibilities
exist for errors. The checking and testing process is less complicated so that fewer
components need to be tested. Simple security framework facilitates its understanding
by developers and users and enables the efficient development and verification of
enforcement methods for it.

2. Fail-safe defaults
The Fail-safe defaults principle states that the default configuration of a system
should have a conservative protection scheme. This principle also restricts how
privileges are initialized when a subject or object is created.

Example: If we will add a new user to an operating system, the default group of the user
should have fewer access rights to files and services.

3. Least Privilege
This principle states that a user should only have those privileges that need to
complete his task. Its primary function is to control the assignment of rights granted to
the user, not the identity of the user. This means that if the boss demands root access to
a UNIX system that you administer, he/she should not be given that right unless he/she
has a task that requires such level of access. If possible, the elevated rights of a user
identity should be removed as soon as those rights are no longer needed.

4. Open Design
This principle states that the security of a mechanism should not depend on the
secrecy of its design or implementation. It suggests that complexity does not add
security. This principle is the opposite of the approach known as "security through
obscurity." This principle not only applies to information such as passwords or
cryptographic systems but also to other computer security related operations.

Example: DVD player & Content Scrambling System (CSS) protection. The CSS is a
cryptographic algorithm that protects the DVD movie disks from unauthorized
copying.

5. Complete mediation
The principle of complete mediation restricts the caching of information, which
often leads to simpler implementations of mechanisms. The idea of this principle is
that access to every object must be checked for compliance with a protection scheme
to ensure that they are allowed. Whenever someone tries to access an object, the system
should authenticate the access rights associated with that subject. The operating system
should mediate all and every access to an object.
Example: An online banking website should require users to sign-in again after a
certain period like we can say, twenty minutes has elapsed.

6. Separation of Privilege
This principle states that a system should grant access permission based on more
than one condition being satisfied. This principle may also be restrictive because it
limits access to system entities. Thus before privilege is granted more than two
verification should be performed.

Example: To (change) to root, two conditions must be met-

o The user must know the root password.

o The user must be in the right group (wheel).

7. Least Common Mechanism

This principle states that in systems with multiple users, the mechanisms
allowing resources shared by more than one user should be minimized as much as
possible. This principle may also be restrictive because it limits the sharing of
resources.

Example: If there is a need to be accessed a file or application by more than one

user, then these users should use separate channels to access these resources, which
helps to prevent from unforeseen consequences that could cause security problems.

8. Psychological acceptability

This principle states that a security mechanism should not make the resource more
complicated to access if the security mechanisms were not present. The psychological
acceptability principle recognizes the human element in computer security. If
security-related software or computer systems are too complicated to configure,
maintain, or operate, the user will not employ the necessary security mechanisms.

Example: When we enter a wrong password, the system should only tell us that the user
id or password was incorrect. It should not tell us that only the password was wrong as
this gives the attacker information.
 9. Work Factor

This principle states that the cost of circumventing a security mechanism should be
compared with the resources of a potential attacker when designing a security scheme. In
some cases, the cost of circumventing ("known as work factor") can be easily calculated.
In other words, the work factor is a common cryptographic measure which is used to
determine the strength of a given cipher. It does not map directly to cybersecurity,
but the overall concept does apply.

Example: Suppose the number of experiments needed to try all possible four character
passwords is 244 = 331776. If the potential attacker must try each experimental password
at a terminal, one might consider a four-character password to be satisfactory. On the
other hand, if the potential attacker could use an astronomical computer capable of trying
a million passwords per second, a four-letter password would be a minor barrier for a
potential intruder.

10. Compromise Recording

The Compromise Recording principle states that sometimes it is more desirable to

record the details of intrusion that to adopt a more sophisticated measure to prevent it.

Example: The servers in an office network may keep logs for all accesses to files, all
emails sent and received, and all browsing sessions on the web. Another example is that
Internet- connected surveillance cameras are a typical example of a compromise
recording system that can be placed to protect a building.

COMPONENTS OF CYBERSECURITY
Six essential key elements of cybersecurity such as application security,
information security, network security, disaster recovery plan, operational and
end user security which are as follows:

a. Application security
b. Information Security
c. Network Security
d. Disaster Recovery Planning
e. Operational Security
f. End User Education
APPLICATION SECURITY

Application security is the first key elements of cybersecurity which

adding security features within applications during development period to
prevent from cyber attacks.
It protect websites and web based application from different types of cyber
security threats which exploit vulnerabilities in an source code.

APPLICATION VULNERABILITIES:
The application threats or vulnerabilities can be SQL injection, Denial of
service attacks (DoS), data encryption, data breaches or other types of
threats.
a.i) CATEGORIES OF APPLICATION THREATS
The most common categories of application threats related to software or
application are as follows:
 Input validation
 Authorization
 Session management
 Parameter tampering
 Encryption

a.ii) APPLICATION SECURITY TOOLS

There are different types of application security tools such as firewalls,
antivirus software, encryption technique and web application firewall
(WAF) can help your application to prevent from cyber-attacks and
unauthorized access.
INFORMATION SECURITY
Information security (IS) or Info Sec refers to the process and methodology
to preventing unauthorized access, use, disclosure, disruption, modification, or
destruction of information.The information can be can be anything like your
personal details, login credentials, network details or your profile on social media,
mobile phone etc.

MAIN PRINCIPLE OF INFORMATION SECURITY

There are three main principle of Information Security commonly known
as CIA – Confidentiality, Integrity, and Availability

 CONFIDENTIALITY
Confidentiality is the protection of information which allows authorized users to
access sensitive data. It involves any information that is sensitive and should only be
shared with a limited number of people.
Following types of information that is considered as confidential:
Name, date of birth, age and
address Contact information
Bank account details
Professional
information Email
account details
Social Media Profile
Medial record and
Family information

 INTEGRITY
Integrity means maintaining the consistency, accuracy, and completeness of
information. It involves keeping the information from being altered or changed and
ensures that data cannot be altered by unauthorized people.

 AVAILABILITY
Availability ensures that information and resources are accessible for authorized
users. If an attacker is not able to compromise the first two principles then they may try
to execute denial of service (DoS) attack

C. NETWORK SECURITY
Network security is another elements of IT security which process of preventing
and protecting against unauthorized access into computer networks. It is a set of rules
and configurations to prevent and monitor unauthorized access, misuse, modification
 of a computer network and resources. It includes both hardware and software
technologies.
INETWORK SECURITY METHODS
There are many methods to improve network security and the most common network
security components are as follows:

 Antivirus Software Email Security Firewalls

 Virtual Private Network (VPN) Web Security
 Wireless Security Endpoint Security
 Network Access Control (NAC)

ii) NETWORK SECURITY SOFTWARE

 Network firewalls
 Cyber roam firewalls
 Web application firewalls
 Unified threat management Cloud firewalls

D. DISASTER RECOVERY PLANNING

A Disaster Recovery Plan (DRP) is a business continuity plan and managed
procedures that describe how work can be resumed quickly and effectively after a
disaster.
b. i) STEPS OF DISASTER RECOVERY PLANNING
There are 12 steps to help you to prepare a disaster recovery plan which are as follows:

1. Define scope of the organization assets

2. Identifying the possible threats and vulnerabilities
3. Ensure Data Protection
4. Create a Disaster Recovery Team
5. Provide training to team members
6. Establish team members accountability
7. Create a data recovery plan
8. Test your data recovery plan
9. Review regularly
10. Take back up regularly
11. Update and Revise Your Plan and
12. Possible to implement Cloud Backup

E. OPERATIONAL SECURITY

Operational security (OPSEC) is an analytical and risk management process that

identifies the organization’s critical information and developing a protection
 mechanism to ensure the security of sensitive information.
STEPS OF OPERATIONAL SECURITY
To develop an effective operations security program, the organization’s OPSEC
officers first find out and define the possible threats and then they will take
necessary action.

There are five steps to process the operational security program, which are as follows:
1. Define the organization sensitive information
2. Identify the categories of threats
3. Analyze security holes and vulnerabilities
4. Assessment of Risks
5. Implementation of appropriate countermeasures

F. END USER EDUCATION

End user education is most important element of Computer security. End users are
becoming the largest security risk in any organization because it can happen anytime.
However, end user has no fault of their own, and mostly due to a lack of awareness and
business security policies, procedures and protocols.
END USER THREATS
There are many reasons, that a threat can be created. The end user threats can be
created according to following ways:
 Using of Social Media Text Messaging
 Apps Download Use of Email
 Password creation and usages

f.ii) END USER SECURITY PROGRAM

It is better to arrange a cyber security awareness training program on regular basis and
should cover the following topics:
 Cyber Security and its importance Different types of Cyber Threats How to use
Internet
 Email Phishing and Social Engineering attack Device Security
 Physical Security
 Password creation and usages

CYBERSECURITY RISK MANAGEMENT

Cyber risk management is the process of identifying, analyzing, evaluating,
addressing, and monitoring cyber security threats to networked systems, data, and users.
The goal is to minimize potential risks and help organizations protect their assets and
business.

The primary goal of cybersecurity risk management is to safeguard an organization's

 assets, reputation, and operations against cyber threats. By systematically managing and
mitigating risks, organizations aim to ensure the continuity of their business processes
while protecting sensitive data and maintaining customer trust. This proactive approach
helps organizations minimize the likelihood and impact of cyber incidents and improve
cyber resilience.
There are many definitions of cybersecurity risk. Hence, before going further into the
details of conducting a risk assessment, it is important to establish a common definition
of cybersecurity risk.
For the purpose of this guidance document, risk is defined as the function1 of:
• The likelihood of a given threat event exercising on a vulnerability of an asset; and
• The resulting impact of the occurrence of the threat event

Each of the risk factors mentioned in the definition is explained below.

Threat Event
Threat event refers to any event during which a threat actor2 , by means of threat
vector3 , acts against an asset in a manner that has the potential to cause harm. In the
context of cybersecurity, threat events can be characterised by the tactics, techniques and
procedures (TTP) employed by threat actors.
Vulnerability
Vulnerability refers to a weakness in the design, implementation and operation of
an asset, or the internal control of a process.
Likelihood
Likelihood refers to the probability that a given threat event is capable of
exploiting a given vulnerability (or set of vulnerabilities). The probability can be derived
based on factors namely, discoverability, exploitability and reproducibility.
Impact
Impact refers to the magnitude of harm resulting from a threat event exploiting a
vulnerability (or set of vulnerabilities). The magnitude of harm can be estimated from the
perspective of a nation, organisation, or individual.

Asset Identification Risk Management Process

The asset identification risk management process is a framework for identifying
assets, assessing the risks associated with them, and developing strategies to manage
those risks. This process includes the following steps:
Step 1: Identification of assets
Asset Identification The first step in the risk management process is to identify all
assets owned by the organization. Asset identification includes tangible assets such as
buildings, equipment and inventory, as well as intangible assets such as intellectual
property, customer information and brand reputation.
Step 2: Identification of risks associated with each asset
Once all the assets have been identified, the next step is to identify the risks
associated with each asset. Risks can come from a variety of sources, including natural
disasters, human error, cyber-attacks, theft and fraud.
Step 3: Risk assessment
After identifying risks, the next step is to evaluate them based on their likelihood
and impact.
Step 4: Developing risk management strategies
Once the risks are assessed, the organization must develop strategies to manage
them effectively. This includes measures such as implementing security controls, creating
contingency plans and obtaining insurance coverage. Strategies need to be developed for
each asset and its associated risks.
Step 5: Implement risk management strategies
After developing risk management strategies, the next step is to implement them.
Implementation includes training staff, upgrading technology and ensuring strategies are
implemented effectively.
Step 6: Monitor and review risk management strategies
Asset Identification The final step in the risk management process is to monitor
and review the effectiveness of risk management strategies. This includes regular testing
of security controls, reviewing incident reports and assessing the impact of any new risks.
This step ensures that the organization is ready to respond to new risks and adapt its risk
management strategies accordingly.

INFORMATION RISK MANAGEMENT

Cyber risk
Cyber risk is tied to uncertainty like any form of risk. As such, we should use
decision theory to make rational choices about which risks to minimize and
which risks to accept under uncertainty.
a. General Risk: In general, risk is the product of likelihood times impact
giving us a general risk equation of risk = likelihood X impact.
b. IT risk specifically can be defined as the product of threat, vulnerability
and asset value: Risk = threat X vulnerability X asset value

What is a threat?

A threat is the possible danger an exploited vulnerability can cause, such as

breaches or other reputational harm. Threats can either be intentional (i.e.
hacking) or accidental (e.g. a poorly configured S3 bucket, or possibility of a
natural disaster).
Think of the threat as the likelihood that a cyber attack will occur.
What is a vulnerability?

A vulnerability is a threat that can be exploited by an attacker to perform

unauthorized actions. To exploit a vulnerability, an attacker must have a tool or
technique that can connect to a system's weakness. This is known as the attack
surface.
It's not enough to understand what the vulnerabilities are, and continuously
monitor your business for data exposures, leaked credentials and other cyber
threats.
The more vulnerabilities your organization has, the higher the risk.
What is asset value?

The most important element of managing cyber risk is understanding the

value of the information you are protecting.
The asset value is the value of the information and it can vary tremendously.
Information like your customer's Personally identifying information (PII)
likely has the highest asset value and most extreme consequences.
PII is valuable for attackers and there are legal requirements for protecting this
data. Not to mention the reputational damage that comes from leaking personal
information.
IRM is the management of risks to information:
• Management implies someone proactively, deliberately, explicitly and
systematically identifying, assessing, evaluating and dealing with risks on an
ongoing basis (coping with any changes), along with related governance
aspects such as direction, control, authorization and resourcing of the
process, risk treatments etc.;
• Risk, in this context, is the possibility, the potential occurrence of
events or incidents that might materially harm the organization’s interests;
• Information is the valuable meaning, knowledge and insight deriving from
raw data such as the content of computer files, paperwork, conversations,
expertise, intellectual property, art, concepts and so forth.

 Vulnerabilities are the inherent weaknesses within our

facilities, technologies, processes (including information risk
management itself!), people and relationships, some of which
are not even recognized as such;
 Threats are the actors (insiders and outsiders) and natural
events that might cause incidents if they acted on vulnerabilities
causing impacts;
 Assets are, specifically, information assets, in particular
valuable information content but also, to a lesser extent, the
related storage vessels, computer hardware etc. many of
which are relatively cheap commodities these days;
 Impacts are the harmful effects or consequences of incidents
and calamities affecting assets, damaging the organization and its
business interests, and often third parties;
 Incidents range in scale from minor, trivial or inconsequential events up
to calamities, disasters and outright catastrophes;
  Advisories, standards etc. refers to relevant warnings and advice
put out by myriad organizations such as CERT(computer
emergency response team), the FBI (Federal Bureau of
Investigation), ISO/IEC, journalists, technology vendors plus
information risk and security professionals (our social network).

Information Risk Management:

Information Risk Management (IRM) is a form of risk mitigation through policies,
procedures, and technology that reduces the threat of cyber attacks from vulnerabilities and
poor data security and from third-party vendors. Data breaches have massive, negative
business impact and often arise from insufficiently protected data.
1. Information security risk identification concerns the identification of risks
associated with the loss of:
• integrity;
• confidentiality;
• Information
• availability
2. Risks not identified in risk identification are lacking in:
• risk treatment
• risk evaluation;
• risk analysis;
Information security risk identification Why is it important x The risk
management process Overview Preparing the risk identification process
 Identification Risks associated with the loss of confidentiality, integrity and
availability within the scope of the risk management process may result in
consequences for the business activities of an organization. To ensure:
comparable results, when risk identification is repeated consequences are
described with standardized consequence criteria.
consistent and reproducible results;

Risk assessment approaches:

Two approaches are commonly used to identify risks:
Event Based Approach
Cause Based Approach (assets, threats and vulnerabilities)
An event-based approach
The event-based approach is predominantly effect-oriented Describe possible
events by considering the questions:
o Who i
o what i
o where i
o when i
o why i
Cause Based approach based on the identification of assets, threats and vulnerabilities.

Consequences
 consequences which cannot be matched with the objectives of the
organization do not
contribute to the risks and can therefore be ignored
 however, if such consequences are perceived to actually
contribute to risks, this indicates that there are omissions
 in the list of objectives of the organization that should be
corrected
Both approaches are consistent with the principles and general
guidelines of ISO 31000 for risk assessment.
Event-based approach Advantages and disadvantages
Advantages:
 can be used with comparatively little effort;
 suitable for creating a first, coarse picture of the information security
risks;
 supports focusing on the critical risks.
Disadvantages:
 existing threats and vulnerabilities are not determined;
 targeted selection of controls in the subsequent risk handling
process is more difficult;
 risks can be overlooked
The asset, threat, vulnerability-based approach
Identify risks by determining: is cause-oriented
 vulnerabilities;
 threats;
 assets
 associated consequences;

Steps in information risk management:

Step #1: Identify and Prioritize Assets
Assets include servers, client contact information, sensitive partner documents,
trade secrets and so on. We need to work with business users and management to create a
list of all valuable assets.
For each asset, gather the following information, as applicable:
 Software
 Hardware
 Data
 Interfaces
 Users
 Support personnel
 Mission or purpose
 Criticality
 Functional requirements
 IT security policies
 IT security architecture
 Network topology
  Information storage protection
 Information flow
 Technical security controls
 Physical security environment
 Environmental security

We need to define a standard for determining the importance of each asset.

Common criteria include the asset’s monetary value, legal standing and
importance to the organization. Once the standard has been approved by
management and formally incorporated into the risk assessment security policy,
use it to classify each asset as critical, major or minor

Step #2: Identify Threats

A threat is anything that could cause harm to your organization. While
hackers and malware probably leap to mind, there are many other types of
threats:
• Natural disasters. Floods, hurricanes, earthquakes, fire and other
natural disasters can destroy not just data, but servers and appliances as
well.
• Hardware failure. The likelihood of hardware failure depends on the
quality and age of the server or other machine. For relatively new, high-quality
equipment, the chance of failure is low. But if the equipment is old or from a
“no-name” vendor, the chance of failure is much higher.
• Malicious behavior. There are three types of malicious behavior:
• Interference is when somebody causes damage to your business
by deleting data, engineering a distributed denial of service (DDOS) against
your website, physically stealing a computer or server, and so on.
• Interception is theft of your data.
• Impersonation is misuse of someone else’s credentials, which are often
acquired through social engineering attacks or brute-force attacks, or
purchased on the dark web.

Step #3: Identify Vulnerabilities

A vulnerability is a weakness that could enable a threat to harm your
organization. Vulnerabilities can be identified through analysis, audit reports, the
NIST vulnerability database, vendor data, information security test and evaluation
(ST&E) procedures, penetration testing, and automated vulnerability scanning
tools.

There are physical and human vulnerabilities.

 For example, having your server room in the basement increases your
vulnerability to the threat of flooding, and failure to educate your employees about
the danger of clicking on email links increases your vulnerability to the threat of
malware.

Step #4: Analyze Controls

Analyze the controls that are either in place or in the planning stage to
minimize or eliminate the probability that a threat will exploit a vulnerability.

Technical controls include encryption, intrusion detection mechanisms, and

identification and authentication solutions.

Non-technical controls include security policies, administrative actions, and

physical and environmental mechanisms.

Both technical and nontechnical controls can further be classified as preventive or

detective.

Preventive controls attempt to anticipate and stop attacks; examples include

encryption and authentication devices.

Detective controls are used to discover threats that have occurred or are in
process; they include audit trails and intrusion detection systems.

Step #5: Determine the Likelihood of an Incident

Assess the probability that a vulnerability might actually be exploited, taking

into account the type of vulnerability, the capability and motivation of the threat
source, and the existence and effectiveness of your controls. Rather than a
numerical score, many organizations use the categories high, medium and low to
assess the likelihood of an attack or other adverse event.

Step #6: Assess the Impact a Threat Could Have

Analyze the impact that an incident would have on the asset that is lost or damaged,
including the following factors:

• The mission of the asset and any processes that depend upon it
• The value of the asset to the organization
• The sensitivity of the asset
•
 To get this information, start with a business impact analysis (BIA) or mission
impact analysis report. This document uses either quantitative or qualitative means
to determine the impact of harm to the organization’s information assets, such as
loss of confidentiality, integrity and availability.
The impact on the system can be qualitatively assessed as high, medium or low.

Step #7: Prioritize the Information Security Risks

For each threat/vulnerability pair, determine the level of risk to the IT

system, based on the following:

• The likelihood that the threat will exploit the vulnerability

• The approximate cost of each of these occurrences
• The adequacy of the existing or planned information system
security controls for eliminating or reducing the risk

A useful tool for estimating risk in this manner is the risk-level matrix. A high
likelihood that the threat will occur is given a value of 1.0; a medium likelihood is
assigned a value of 0.5; and a low likelihood of occurrence is given a rating of 0.1.
Similarly, a high impact level is assigned a value of 100, a medium impact level 50, and a
low impact level 10. Risk is calculated by multiplying the threat likelihood value by the
impact value, and the risks are categorized as high, medium or low based on the result.

Step #8: Recommend Controls

Using the risk level as a basis, determine the actions needed to mitigate the risk.
General guidelines for each level of risk:
 High — A plan for corrective measures should be developed as soon as possible.
 Medium — A plan for corrective measures should be developed within a
reasonable period of time.
 Low — The team must decide whether to accept the risk or implement
corrective actions.

As you evaluate controls to mitigate each risk, be sure to consider:

 Organizational policies
 Cost-benefit analysis
 Operational impact
 Feasibility
 Applicable regulations
  The overall effectiveness of the recommended controls
 Safety and reliability

Step #9: Document the Results

The final step in the risk assessment process is to develop a risk assessment
report to support management in making appropriate decisions on budget,
policies, procedures and so on.
For each threat, the report should describe the corresponding vulnerabilities,
the assets at risk, the impact to your IT infrastructure, the likelihood of
occurrence and the control recommendations.

Risk = Threat x Vulnerability x Asset

Although risk is represented here as a mathematical formula, it is not about
numbers; it is a logical construct. For example, suppose you want to assess the
risk associated with the threat of hackers compromising a particular system. If
your network is very vulnerable (perhaps because you have no firewall and no
antivirus solution), and the asset is critical, your risk is high.
However, if you have good perimeter defenses and your vulnerability is low, and
even though the asset is still critical, your risk will be medium.

This isn’t strictly a mathematical formula; it’s a model for understanding the
relationships among the components that feed into determining risk:

 Threat is short for “threat frequency,” or how often an adverse event is

 expected to occur. For example, the threat of being struck by lightning in a
given year is about 1 in 1,000,000.
 Vulnerability is shorthand for “the likelihood that a vulnerability will be
exploited and a threat will succeed against an organization’s defenses.” What
is the security environment in the organization? How quickly can disaster be
mitigated if a breach does occur. How many employees are in the
organization and what is the probability of any given one becoming an
internal threat to security control
 Cost is a measure of the total financial impact of a security incident. It
includes hard costs, like damage to hardware, and soft costs, such as lost
business and consumer confidence. Other costs can include:
o Data loss — Theft of trade secrets could cause you to lose business to your
competitors. Theft of customer information could result in loss of trust and
customer attrition.
o System or application downtime — If a system fails to perform its primary
function, customers may be unable to place orders, employees may be
unable to do their jobs or communicate, and so on.
o Legal consequences — If somebody steals data from one of your databases,
even if that data is not particularly valuable, you can incur fines and other
legal costs because you failed to comply with the data protection security
requirements of HIPAA, PCI DSS or other compliance

Likelihood x Impact
The Risk Assessment Formula: Likelihood x Impact
The standard described in NIST SP 800-53 implies that a realistic
assessment of risk requires an understanding of these areas:
 Threats to an organization.
 Potential vulnerabilities within the organization.
 Likelihood and impacts of successfully exploiting the vulnerabilities with
those threats.
A simple but effective risk equation to use in assessing risk is:
Risk = (Threat x Vulnerabilities) x Impact
1. Threat:
A potential event that could cause harm—a phishing attack for example.
2. Vulnerability
A weakness that makes you susceptible to the threat—e.g. unpatched
software or lack of employee security training.
3. Likelihood
How probable is it that the threat will exploit the vulnerability?
4. Impact
The extent of the damage or disruption if the threat successfully exploits
 the vulnerability.
Combining likelihood and impact produces a residual risk rating of Low,
Medium or High. Each organization’s residual risk rating may differ based on
the likelihood and impact that each control deficiency introduces.
You could also represent this concept with a simple chart like this one:

For example, let’s consider the risk of a hacker getting access to a folder containing
all of your public-facing marketing materials. That event may have a medium likelihood,
but it has a very low impact. Those materials are already publicly available on your website,
etc., so unauthorized access to them does no harm. That risk gets a Low rating.
But the formula changes if the risk is an employee in the Accounts Payable
department clicking a phishing link. There’s at least a medium likelihood of one of those
employees making this mistake. And the impact would be very high if a hacker got access
to a user account that controls financial transactions. That risk gets a High rating.
Keep in mind that a very High impact rating could make a risk a top priority,
even if it has a low likelihood. If a breach could shut down a hospital’s life-support
equipment, for example, that risk obviously deserves serious consideration on your priority
list. If you’d like to read detailed guidelines on how to rate risks by various factors,consult
NIST SP 800-30.
Defining Key Risk Concepts
Inherent Risk
This is the level of risk your organization faces before any security measures are
applied. For example, if you don't have email filtering or employee security training, your
system is highly vulnerable to phishing attacks. Cybersecurity inherent risk reflects the
raw risk in your environment when no controls are in place.
Residual Risk
After implementing security controls—firewalls, multi-factor authentication,
security patches, etc.—you are left with residual risk. This is the risk that remains after
mitigating measures have been applied.
Applying Mitigating Measures
Once you've identified the risks, you need to take action. Common risk mitigation
techniques include:
 Avoidance: Elimination of the cause of the risk—blocking access to risky websites
for example.
 Mitigation: Reducing the likelihood or impact of the risk—e.g. adding MFA to
protect user accounts.
 Transfer: Sharing risk with third parties, such as a cyber insurance company.
 Acceptance: Acknowledging the risk and monitoring closely.

Risk Management Process

The risk management process is a framework for the actions that need to be taken.
There are five basic steps that are taken to manage risk; these steps are referred to as the
risk management process. It begins with identifying risks, goes on to analyze risks, then
the risk is prioritized, a solution is implemented, and finally, the risk is monitored. In
manual systems, each step involves a lot of documentation and administration.

The Risk Management Process is a clearly defined method of understanding what

risks and opportunities are present, how they could affect a project or organization, and
how to respond to them. Formalizing this process within your organization along with
communicating the tools and methods used will strengthen your Project Risk
Management overall, paving the way for much greater project success.
The 4 essential steps of the Risk Management Process are:
 Identify the risk.
 Assess the risk.
 Treat the risk.
 Monitor and Report on the risk
Step 1: Risk Identification
The first step in the risk management process is to identify all the events that can
negatively (risk) or positively (opportunity) affect the objectives of the project:
 Project milestones
 Financial trajectory of the project
 Project scope
These events can be listed in the risk matrix and later captured in the risk register.
A risk (or opportunity) is characterized by its description, causes and consequences,
qualitative assessment, quantitative assessment, and mitigation plan. It can also be
characterized by who is responsible for its action. Each of these characteristics are
necessary for a risk (or opportunity) to be valid.
To be managed effectively, the Risks and Opportunities (R&O) identified must be
as precise and specific as possible. The title of the risk or opportunity must be succinct,
self-explanatory, and clearly defined.
All members of the project can and should identify R&O, and once they’ve been
identified, the content of them is the responsibility of the Risk Owners. Risk Managers are
responsible for ensuring that a formal process for identifying risks and developing response
plans are conducted through exchanges with Risk Owners.
Below are examples of tools to help identify R&O:
 Analysis of existing documentation
 Interviews with experts
 Conducting brainstorming meetings
 Using the approaches of standard methodologies – such as Failure Modes, Effects
and Criticality Analysis (FMECA), Cause Trees, etc.
 Considering the lessons learned from R&Os encountered in previous projects
 Using pre-established checklists or questionnaires covering the different areas of
the project (Risk Breakdown Structure or RBS)
Step 2: Risk Assessment
There are two types of risk and opportunity assessments: qualitative and quantitative.
A qualitative assessment analyzes the level of criticality based on the event’s probability
and impact. A quantitative assessment analyzes the financial impact or benefit of the event.
Both are necessary for a comprehensive evaluation of risks and opportunities.

Qualitative Assessment
The Risk Owner and the Risk Manager will rank and prioritize each identified risk
and opportunity by occurrence probability and impact severity, according to the
project’s criticality scales.

Evaluating Probability of Occurrence (P):

This is usually on a scale of 1 to 99% and is determined based on experience, the
progress of the project, or by speaking to a risk expert.
For example, suppose the risk that: “the inability of supplier X to conduct studies on
a modification Y by the end of 2025” is 50% probable. This could be determined from
feedback and analysis of the supplier’s workload.

Evaluating Impact Severity (I):

To assess the overall impact, it is necessary to estimate the severity of each of the
impacts defined at the project level. A scale is used to classify the different impacts and
their severities. This ensures that the assessment of each risk or opportunity is standardized
and reliable.
The criticality level of a risk or opportunity is obtained by the equation:
Criticality = P x I
The purpose of the qualitative assessment is to ensure that the risk management team
prioritizes the response on critical items first. Keep in mind, the assessment of each risk’s
probability or impact severity is what makes this “qualitative”; however, assigning a
numerical value to this evaluation allows us to objectively prioritize them.
Quantitative Assessment
In most projects, the objective of the quantitative assessment is to establish a
financial evaluation of a risk’s impact or an opportunity’s benefit, should it occur. This
step is carried out by the Risk Owner, the Risk Manager (with support of those responsible
for estimates and figures), or the management controller depending on the company’s
organizational set up. These amounts represent a potential additional cost (or a potential
profit if we are talking about an opportunity) that was not anticipated in the project budget.
For this, it is therefore necessary to evaluate any additional costs incurred by the risk
(or undesired event). Then, the cost of the risk’s consequences is calculated by adding these
values.
Evaluating any potential costs incurred means to financially review:
 Hours of internal engineering
 Hours of subcontracting
 Additional work to do
 Amendments and/or claims made to contracts
 Etc.
This step allows us to estimate the need for additional budget for risks and opportunities
of the project.

Step 3: Risk Treatment

In order to treat risks, an organization must first identify their strategies for doing so
by developing a treatment plan. The objective of the risk treatment plan is to reduce the
probability of the risk occurring (preventive action) and/or to reduce the impact of the risk
(mitigation action).
For an opportunity, the objective of the treatment plan is to increase the likelihood
of the opportunity occurring and/or to increase its benefits. Depending on the nature of
the risk or opportunity, a response strategy is defined for the project. The following 7
strategies are possible:

7 Risk Response Strategies

 Accept: Do not initiate any action but continue to monitor.
 Mitigate/Enhance: Reduce (for a risk) or increase (for an opportunity) the
probability of occurrence and/or the severity of impact.
 Transfer/Share: Transfer responsibility of a risk to a third party who would bear
the consequences of the problem (share the benefits of a realized opportunity).
 Avoid/Exploit: Eliminate the risk entirely / take advantage of the opportunity.
Monitoring the progress of the treatment plan is the responsibility of the Risk Owner.
They must report regularly to the Risk Manager, who must keep the Risk Register up to
date.
When defining a treatment plan:
 Each action begins with an action verb and has a clear purpose.
 Each action has an actionee (who is responsible) and a deadline.
 Actions that could generate costs must be tracked and considered in the project.
 For example: to reduce the risk of your car breaking down, a treatment plan could
be to have it checked annually by a repair shop.
When does risk become an issue?

It is possible that, despite the actions put in place to mitigate or prevent it, a risk
probability could increase and reach 100%. Once the event confirmed (or certain), we no
longer refer to it as a risk but as an issue. The Risk Manager must then inform the various
project stakeholders who will relay that a risk has become an issue and transfer it to the
issues log.

Step 4: Risk Monitoring and Reporting

Risks and opportunities and their treatment plans need to be monitored and
reported on. The frequency of this will depend on the risk criticality. Developing a
monitoring and reporting structure will ensure there are appropriate forums for escalation
and that appropriate risk responses are being actioned on.
Recall that the Risk and Opportunity Management Plan, or ROMP, is one of
the five essential elements of Project Risk Management. It should include not only the
project stakeholders and steering members, but the governance cadence for monitoring
and reporting on risks and opportunities. How this is organized and governed is defined
by the Risk Manager in conjunction with the Project Manager.

CYBERSECURITY APPROACHES:
To assist in implementing an approach i.e. focused on standard, the National
Institutes of Standards and Technology (NIST), working with industry groups and the
private sector, has developed a framework of baseline standards for cyber security.
The NIST Cybersecurity Framework called as Executive Order 13636, in February
2014 to assist organizations in managing their cybersecurity risk. NIST Cybersecurity
Framework
The NIST Cybersecurity Framework is an internationally recognized policy
framework that provides a strong foundation atop which good Information Security
 Governance can be built. It helps organizations improve their ability to prevent, detect,
and respond to cyberattacks.
The framework is designed to provide a common taxonomy and mechanism for
organizations to:
• Describe their current cybersecurity posture;
• Describe their target state for cybersecurity;
• Identify and prioritize opportunities or improvement within the context of a
continuous and repeatable process;
• Assess progress toward the target state;
• Communicate among internal and external stakeholders about cybersecurity risk.

The NIST Cybersecurity Framework’s core structure includes:

 Identify
 Protect
 Detect
 Respond
 Recover
Identify
As part of the Identify Function, an organization should aim to understand the
business context that it operates in. What are the most critical functions of the
organizationi What are the resources that are absolutely critical for the proper
functioning of each of these areasi What are the cybersecurity risks that pose threats
to these critical functions and their seamless operationi With these questions asked, an
organization develops an understanding of how it can effectively manage the specific
cybersecurity risks that it faces.

Protect
As part of the Protect Function, an organization should aim to contain the impacts
of threats that can materialize and harm the operation of its most critical functions. An
organization can do this effectively by employing cybersecurity safeguards and
protections to ensure that its critical functions can continue to deliver.

Detect
As part of the Detect Function, an organization should aim to detect adverse
cybersecurity incidents in a timely manner. In order to achieve this, an organization
should employ detective and monitoring controls that take into consideration threat
inputs from well-known and reputable sources as well as the organization’s own
custom alerts and inputs.

Respond
As part of the Respond Function, an organization should aim to contain the
 impacts of adverse cybersecurity incidents that have been detected by the organization.
An organization should look at strengthening its cybersecurity incident response
strategies and capabilities in order to achieve this.

Recover
As part of the Recover Function, an organization should aim to recover and restore
the organization to normal operations after an adverse cybersecurity incident has
occurred and its threat has been dealt with. An organization can achieve this by
investing in its resilience capabilities and recovery planning.

SECURITY MANAGEMENT FUNCTION

Security Function:
Security function is a major requirement for every organization and must knowledge
for those preparing for CISSP Certification exam. Anyone looking forward towards
attaining a CISSP certification needs to realize the best practices on managing the
security function. Let’s discuss the same in this post.
 Budget and Resources for Information Security Activities: The security officer
must work with the application development managers to ensure that security is
considered in the project cost during each phase of development.
 Evaluate Security Incidents and Response: Periodic compliance, whether through
internal or external inspection, ensures that the procedures, checklists, and baselines
are documented and practiced. Compliance reviews are also necessary to ensure that
end users and technical staff are trained and have read the security policies.
 Establish Security Metrics: Various decisions need to be made when collecting
metrics, such as who will collect the metrics, what statistics will be collected, when
they will be collected, and what are the thresholds where variations are out of bounds
and should be acted upon.
 Participate in Management Meetings: Security officers must be involved in the
management teams and planning meetings of the organization to be fully effective.
 Ensure Compliance with Government and Industry Regulations: Governments
pass new laws, rules, and regulations that establish requirements to protect nonpublic
information or improve controls over critical processes with which the enterprise
must be in compliance.
 Develop and implement information security strategies: Information security
consultants, both technology and process oriented, play pivotal roles in developing
and implementing the organizational security and practices.
 Assist Internal and External Auditors: Assist Internal and External Auditors for
assessing the completeness and effectiveness of the security program.
 Stay Abreast of Emerging Technologies: The security officer must stay abreast of
emerging technologies to ensure that the appropriate solutions are in place for the
company based upon its risk profile, corporate culture, resources available, and
 desire to be an innovator.
 Maintain Awareness of Emerging Threats and Vulnerabilities: The threat
environment is constantly changing and the security office needs to be aware of each
and every change.
 Understand Business Objectives: This understanding increases the chances of
success, allowing security to be introduced at the correct times during the project life
cycle.
 Security Awareness Program: The security officer provides the leadership for the
information security awareness program by ensuring that the program is delivered in
a meaningful, understandable way to the intended audience.

Information security Management Function:

ISO 27001
ISO-27001 is part of a set of standards developed to handle information security:
ISO 27001 was developed to help organizations, of any size or any industry, to protect
their information in a systematic and cost-effective way, through the adoption of an
Information Security Management System (ISMS).

Importance of ISO 27001:

The standard provide companies with the necessary know-how for protecting their
most valuable information in this way, prove to its customers and partners that it
safeguards their data.
What are the 3 ISMS security objectives?
The basic goal of ISO 27001 is to protect three aspects of information:
• Confidentiality: only the authorized persons have the right to access
information.
• Integrity: only the authorized persons can change the information.
• Availability: the information must be accessible to authorized persons
• whenever it is needed

What is an ISMS?
An Information Security Management System (ISMS) is a set of rules that a
company needs to establish in order to:
1. identify stakeholders and their expectations of the company in terms of
information security
2. identify which risks exist for the information
3. define controls (safeguards) and other mitigation methods to meet the
identified expectations and handle risks
4. set clear objectives on what needs to be achieved with information security
5. implement all the controls and other risk treatment methods
6. continuously measure if the implemented controls perform as expected
 7. make continuous improvement to make the whole ISMS work better
8. There are four essential business benefits that a company can achieve
with the implementation of this information security standard:
9. Comply with legal requirements – there is an ever-increasing number of
laws, regulations, and contractual requirements related to information
security, and the good news is that most of them can be resolved by
implementing ISO 27001 – this standard gives you the perfect methodology
to comply with them all.
10. Achieve competitive advantage – if your company gets certified and your
competitors do not, you may have an advantage over them in the eyes of those
customers who are sensitive about keeping their information safe.
11. Lower costs – the main philosophy of ISO 27001 is to prevent security
incidents from happening – and every incident, large or small, costs money.
Therefore, by preventing them, your company will save quite a lot of money.
And the best thing of all – investment in ISO 27001 is far smaller than the cost
savings you’ll achieve.
12. Better organization – typically, fast-growing companies don’t have the
time to stop and define their processes and procedures – as a consequence, very
often the employees do not know what needs to be done, when, and by whom.
Implementation of ISO 27001 helps resolve such situations, because it
encourages companies to write down their main processes (even those that are
not security-related), enabling them to reduce lost time by their employees.

How does ISO 27001 work?

 SECURITY MODELS: BELL LA PADULA MODEL, BIBA INTEGRITY
MODEL - CHINESE WALL MODEL
What are security models?
A model describes the system e.g., high level specification or an abstract
machine description of what the system does Security policy defines the security
requirements for a given system . Verification techniques used to show that policy is
satisfied by a system
System Model + Security Policy = Security Model
Information security models are systems that specify which people should have
access to data, and the operation of the operating system, which enables management
to organize access control. The models offer a mathematical mapping of theoretical
goals, strengthening the chosen implementation.
A security model may have no theoretical underpinnings, or it can be based on a
formal computing model, a distributed computation model, an access rights model, or
even a model of distributed computation.

What is the objective of a security model?

The core aim of any security model is to maintain the goals of Confidentiality,
Integrity, and Availability of data. It can achieve these goals by:
Allowing admins to choose the resources to that users are allowed access. Verifying user
identities with authentication mechanisms that incorporate password strength and other
variables. Allowing users who have been permitted to access resources provisioned
and defined by authorization systems. Regulating which functions and rights are given to
accounts and users. Giving admins access to a user’s list of activities on a request or
assignment basis. Safeguarding private data, such as account characteristics or user lists.
Types of security model For the designer: please add a representative image for each of
these types. Since network and cyber security are continuously evolving domains, there
have been numerous security models proposed in the history of time. However, there are
three classic security models which serve as the foundation of many other models. Let’s
have a look at them in detail:
There are 3 main types of Classic Security Models.
 Bell-LaPadula
 Biba
 Clarke Wilson Security Model

1. BELL-LAPADULA

This Model was invented by Scientists David Elliot Bell and Leonard .J.
LaPadula.Thus this model is called the Bell-LaPadula Model. This is used to maintain
the Confidentiality of Security. Here, the classification of Subjects(Users) and
Objects(Files) are organized in a non-discretionary fashion, with respect to different
 layers of secrecy.

It has mainly 3 Rules:

 SIMPLE CONFIDENTIALITY RULE: Simple Confidentiality Rule
states that the Subject can only Read the files on the Same Layer of Secrecy and
the Lower Layer of Secrecy but not the Upper Layer of Secrecy, due to which we
call this rule as NO READ-UP
 STAR CONFIDENTIALITY RULE: Star Confidentiality Rule states that the
Subject can only Write the files on the Same Layer of Secrecy and the Upper Layer
of Secrecy but not the Lower Layer of Secrecy, due to which we call this rule as
NO WRITE-DOWN
 STRONG STAR CONFIDENTIALITY RULE: Strong Star Confidentiality
Rule is highly secured and strongest which states that the Subject can Read and
Write the files on the Same Layer of Secrecy only and not the Upper Layer of
Secrecy or the Lower Layer of Secrecy, due to which we call this rule as NO READ
WRITE UP DOWN
 2. BIBA
This Model was invented by Scientist Kenneth .J. Biba. Thus this model is called Biba
Model. This is used to maintain the Integrity of Security. Here, the classification of
Subjects(Users) and Objects(Files) are organized in a non-discretionary fashion, with
respect to different layers of secrecy. This works the exact reverse of the Bell-LaPadula
Model.

It has mainly 3 Rules:

 SIMPLE INTEGRITY RULE: Simple Integrity Rule states that the Subject can
only Read the files on the Same Layer of Secrecy and the Upper Layer of Secrecy
but not the Lower Layer of Secrecy, due to which we call this rule as NO READ
DOWN
 STAR INTEGRITY RULE: Star Integrity Rule states that the Subject can only
Write the files on the Same Layer of Secrecy and the Lower Layer of Secrecy but
not the Upper Layer of Secrecy, due to which we call this rule as NO WRITE-UP
 STRONG STAR INTEGRITY RULE
3. CLARKE WILSON SECURITY MODEL
This Model is a highly secured model. It has the following entities.
 SUBJECT: It is any user who is requesting for Data Items.
 CONSTRAINED DATA ITEMS: It cannot be accessed directly by the Subject.
These need to be accessed via Clarke Wilson Security Model
 UNCONSTRAINED DATA ITEMS: It can be accessed directly by
the Subject. The Components of Clarke Wilson Security Model
 TRANSFORMATION PROCESS: Here, the Subject’s request to access the
Constrained Data Items is handled by the Transformation process which then
converts it into permissions and then forwards it to Integration Verification Process
 INTEGRATION VERIFICATION PROCESS: The Integration Verification
Process will perform Authentication and Authorization. If that is successful, then
the Subject is given access to Constrained Data Items.

CHINESE WALL MODEL

The Chinese Wall model takes dynamically changing access rights into
consideration and behaves accordingly. This adaptive property makes it more
subtle a model than static security models, such as the Bell La Padula
Confidentiality model. The model also finds itself implemented in data mining
applications.

Chinese Wall Policies

Consider an investment bank. It employs consultants who both advise and
analyze companies. When advising, such consultants learn secret information about
a company's finances that should not be shared with the public. The consultant could
exploit this insider information while performing analysis, to profit either himself or
other clients. Such abuse is prohibited by law.
Brewer and Nash (1989) developed a MAC policy for this scenario, calling it
Chinese Wall by analogy to the Great Wall of China. The intuition is that an
unbreachable wall is erected between different parts of the same company; no
information may pass over or through the wall.
In the Chinese Wall policy, we (as usual) have have objects, subjects, and users.
However, objects are now grouped into company datasets (CDs). For example, an
object might be a file, and a company dataset would then be all of the files related to
a single company.
Company datasets are themselves grouped into conflict of interest classes (COIs).
For example, one COI might be the set of all companies in the banking industry, and
another COI might be all the companies in the oil industry.
 The original security conditions for Chinese Wall given by Brewer and Nash
were overly restrictive, and we omit them here. Sandhu (1992) later gave the
following (less restrictive) conditions. Note that these conditions require the
tracking the set of read objects for each user and subject.
1. A user U may read object O only if U has never read any object O' such that:
a. COI(O) = COI(O'), and
b. CD(O) ≠ CD(O').
2. A subject S associated with user U may read object O only if U may read O.
3. A subject S may write object O only if:
a. S may read O, and
b. S has never read an object O' such that CD(O) ≠ CD(O').
The first two conditions guarantee that a single user never breaches the wall by
reading information from two different CDs within the same COI. The third
condition guarantees that two or more users never cooperatively breach the wall by
performing a series of read and write operations. Suppose that S1 has previously
read from CD1, and S2 has previously read from CD2. Consider the following
sequence of operations, based on the figure above.
 S1 reads information from an object in CD1.
 S1 writes that information to object O6 in CD3.
 S2 reads that information from O6.
At the end of this sequence, S2 would have read information pertaining to both CD1
and CD2, which would violate the Chinese Wall policy since both CDs are in the same
COI. But Condition 3b prevents the write operation by restricting when a subject may
write: once a subject reads two objects from different CDs, that subject may never
write any object. So for read--write access, a user must create a distinct subject for
each CD. For read-only access, a user can create a single subject to read from several
COIs.
SECURITY POLICIES
•Security policies are a formal set of rules issued by organization to ensure that the
user who are authorized to access company technology and information assets comply
with rules and guidelines related to the security of information.
•It is a written document in the organization which is responsible for how to
protect the organizations from threats and how to handles them when they will occur.
• A security policy also considered to be a "living document" which means that the
document is never finished, but it is continuously updated as requirements of the
technology and employee changes.
Need of Security policies
1 )It increases efficiency.
•The best thing to increase the level of consistency which saves time, money and
resources.
•The policy inform the employees about their individual duties, and what they can do
and cannot do with the organization.
2) It upholds discipline and accountability
•When human mistake occurs, system security is compromised, then security policy of
the organization will back up any disciplinary action and also supporting a case in a
court of law created during the installation.
• We can also customize policies to suit our specific environment.

There are some important cybersecurity policies recommendations describe below-

1. Virus and Spyware Protection policy
This policy provides the following protection:
•It helps to detect, removes, and repairs the side effects of viruses and security risks by
using signatures.
•It helps to detect the threats in the files which the users try to download by using
reputation data from Download Insight.
•It helps to detect the applications that exhibit suspicious behaviour by using
SONAR(Symantec Online Network for Advanced Response) heuristics Proactively
detects new threats based on their behaviors and reputation data.

2. Firewall Policy
This policy provides the following protection:
 It blocks the unauthorized users from accessing the systems and networks that
connect
 to the Internet.
 It detects the attacks by cybercriminals.
 It removes the unwanted sources of network traffic.
3. Intrusion Prevention policy
4. This policy automatically detects and blocks the network attacks and browser attacks.
5. It also protects applications from vulnerabilities.
6. It checks the contents of one or more data packages and detects malware which is
coming through legal ways.
3. LiveUpdate policy