Cyber Security
1
Objectives of the Topic
2
What is Kerberos?
Kerberos is a key distribution and user authentication service developed at MIT as part of Project Athena.
The problem that Kerberos addresses:
3
What is Kerberos?
In particular, the following three threats exist:
4
What is Kerberos?
5
What is Kerberos?
Motivation
6
Distributed Architecture
In this environment, there are three approaches to security.
7
8
Conclusion
9
10
Operationally Critical Threat, Asset, and Vulnerability
Evaluation SM (OCTAVE®) Methodology
Characteristics of OCTAVE
Tailoring Process for New Domain
Information Security Risk Framework
Is the OCTAVE Catalog of Practices Relevant?
Is the OCTAVE Catalog of Practices Sufficient?
mandates
OCTAVE Application
Security Practice Survey
Catalog of Practices
Protection Strategy
Mitigation Plan
OCTAVE Analysis Team
Application of Analysis Team
An existing group that addressed safety concerns was selected to be the OCTAVE analysis team. The membership included:
The network specialist was added to the team to broaden
the IT knowledge.
21
22
COBIT
Control Objectives for Information and Related Technology
23
It was designed to be a supportive tool for managers—and allows bridging the crucial gap between technical issues, business risks, and control requirements.
COBIT is a thoroughly recognized guideline that can be applied to any organization in any industry. Overall, COBIT ensures quality, control, and reliability of information systems in an organization, which is also the most important aspect of every modern business.
What is COBIT?
24
Goals of COBIT
25
The COBIT framework provides a common language for IT professionals, compliance auditors, and business executives. They can communicate with each other on the same IT goals, controls, objectives and outcomes.
The absence of a common language demands explanations on when, how, where, and why certain IT controls were created.
Implementing COBIT in any organization from any industry ensures control, quality, and reliability of IT systems.
Why is it Important?
26
The COBIT business orientation includes linking business goals with its IT infrastructure by providing various maturity models and metrics that measure the achievement while identifying associated business responsibilities of IT processes. The main focus of COBIT 4.1 was illustrated with a process-based model subdivided into four specific domains, including:
Planning & Organization
Delivering and Support
Acquiring & Implementation
Monitoring & Evaluating
COBIT Framework
27
Principles of COBIT
28
Framework
IT helps organize the objectives of IT governance, implement best practices in IT processes and domains, and link business requirements.
Process Descriptions
It is a reference model and also acts as a common language for every individual in the organization. The process descriptions include planning, building, running, and monitoring all IT processes.
Various COBIT Components
29
Control Objectives
This provides a complete list of requirements the management has considered for effective IT business control.
Maturity Models
Accesses the maturity and the capability of every process while addressing the gaps.
Management Guidelines
It helps better assign responsibilities, measure performances, agree on common objectives, and illustrate better interrelationships with other process.
Various COBIT Components
30
Advantages of COBIT
31