Презентация на тему Global picture of modern threats in Cyber Security

to provide an understanding of the variety and complexity

of threats in the current enterprise IT environment.

After completing this module, you should be able to understand:
A high-level overview of recent major incidents and the worldwide modern threat landscape, based on data and figures from IBM’s X-Force Threat Research.
Additional use cases of related concepts such as organized cyber crime, cyber crime on demand, Advanced Persistent Threat attacks, and the Cyber Kill Chain approach.
The tools and techniques used by attacks, reviewing such concepts as Vulnerability, Exploit, and Remediation; DDOS, SQL Injection, Watering Hole attacks, Insider threat, and Zero Day attack.

representing single organization’s security monitoring results. Every organization

is constantly under attack.

12/12/2016

Security event: An event on a system or network detected by a security monitoring device or security application.

Attack: A security event that has been identified by monitoring tools as malicious activity that is attempting to collect, disrupt, deny, degrade or destroy systems or information.

Security incident: An attack or security event that has been reviewed by security analysts and deemed worthy of deeper investigation.

in 2015 were the result of unauthorized access

12/12/2016

attackers are “insiders” - and this number is increasing

12/12/2016
Security

measures must be able to address the insider threat – as well as protecting against malicious outsiders

from a cybersecurity incident?
A recent survey of over 100

corporate disclosure documents shows us the risks:

reputational harm (83%)

civil litigation (60%)

regulatory enforcement (51%)

remediation costs (50%)

privacy law compliance (43%)

12/12/2016

Each of these factors can result in significant costs to an organization.

be using throughout this course



12/12/2016
Vulnerability
Any feature of a system

which can be used to perform unauthorized actions, or allows bad things to occur

Exploit

A tool, program or action which is used to take advantage of a vulnerability

Remediation

The work that needs to be done to correct a vulnerability or reduce the likelihood of a threat occurring

Asset

Anything we are trying to protect: information,
people, infrastructure, or systems

Threat

What we are trying to protect against -- the possibility that a certain type of negative event may occur

Risk

The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability

used to refer to standard types of attacks:

12/12/2016

is a phase model of how attackers operate:

12/12/2016