Lecture 19: 22nd November 2019 Flashcards
Risk and assurance
What is a risk?
Risk = the probability of a threat and the resulting impact should it occur
What is a threat?
Threat = An attack vector: a means by which an attacker may exploit system vulnerabilities.
What is risk management?
The investigation, identification, analysis, evaluation, and mitigation or addressing of cybersecurity risks facing an entity.
What are the 3 main steps of risk assessment according to NIST?
- Risk Assessment
- Risk Mitigation
- Evaluation and Assessment
What are the levels of threat impact under NIST800-30?
high: high cost; high harm to reputation or mission; human death or serious injury possible.
medium: some cost; some harm to reputation or mission; may result in injury.
low: little cost; little harm to reputation or mission
When are risks acceptable under NIST800-30?
If the cost of performing the attack to enact the risk >= the gain for the attacker or the impact of the risk is below some predefined threshold.
What is Failure on Demand?
Different classifications of the frequency of a system failure.
What is a Risk Matrix?
A table showing how risks are composed and allowing users to easily find the risk from the probability and impact of a risk.
How does a Risk Matrix work?
Columns of impact levels (low, medium, high) and rows of probability (low, medium, high). Resultant risks in cells from multiplying column by row: impact by probability.
What is a Threat Tree?
A model used to relate threats in testing and auditing that aims to find the weak points in a system and identify root causes of different threats.
How does a Threat Tree work?
Risks are joined by dependencies that build the graph from a root action. If you can remove the root node (if one) you remove all risks. If you remove the root of a subtree you remove all risks in the subtree. So removing a parent node (root cause) removes all child node risks.
What is SWOT analysis?
An analysis method that aims to find the weakest and strongest points in a system by listing its strengths, weaknesses, opportunities, and threats.
What is a failure?
An issue with a system that prevents it from functioning as required.
What is failure frequency?
The rate at which a given failure is estimated to occur, i.e. the number of times it will happen in a given time.
What is a system boundary?
An artificially defined edge of a set of information resources allocated to a computer system, including but not limited to security services, virtualization components, servers (web, application, database, DNS, etc.), and network components. Complex computer systems may have several sub-systems that are separated, with their own boundaries.
What is an internal boundary?
Boundaries between component sub-systems within a larger single computer system
What is an external boundary?
The boundary at the edge of a computer system, i.e. not any within itself defining subsystems
Where are system boundaries commonly used?
Critical systems such as cockpit systems vs movies and lights in a plane, ATC vs A/C in a tower, life support vs coffee machine in a hospital
What is the advantage of using system boundaries? Why can this, however, be a bad thing?
Allows modularity between systems that makes them more manageable and can prevent the transmission of failures between them.
System boundaries can compartmentalise information and analysts within different boundaries, which can make it more likely that failures that act across multiple boundaries may not be fully identified or understood before they have a damaging effect. It also means minor systems may be prioritised to such a low extent and independent of more important ones that they are not protected.
What is OCTAVE?
Operationally Critical Threat, Asset and Vulnerability Evaluation = a set of tools for building a security plan.
What steps does OCTAVE use to build security plans?
- Identify enterprise knowledge
- Identify operational area knowledge
- Identify staff knowledge
- Establish security requirements
- Map high priority information assets to information - infrastructure
- Perform an infrastructure vulnerability evaluation
- Conduct a multidimensional risk analysis
- Develop a protection strategy
What are some risk assessment methodologies?
- CRAMM
- COBRA
- FBI’s adversarial matrix
- FARES
- SPRINT
- SARA
What is DREAD? What does it stand for?
A threat assessment model used while building systems.
- Damage potential – how bad and costly would an attack be?
- Reproducibility – how easy is it to reproduce the attack?
- Exploitability – how much work is it to launch the attack?
- Affected users – how many people will be impacted?
- Discoverability – how easy is it to discover the threat?
What is STRIDE? What does it stand for?
A threat modeling and analysis framework.
- Spoofing - can an attacker gain access by the use of a false identity?
- Tampering - is data integrity in the system hard to compromise - hard to change in-flight data?
- Repudiation - can you prove who did, or did not do, an attack after it finishes?
- Information disclosure - want info to stay confidential, e.g. PII
- Denial of Service - can DoS attacks easily be carried out or is the system strongly available?
- Elevation of Privilege - Can an attacker raise their access level?
