Cybersec (04 handout 1 and 2 Security systems engineering )

It is the statement of responsible decision makers about the protection mechanism of a company's crucial, physical, and information assets.

Does not specify a technological solution. Instead, it specifies sets of intentions and conditions that will aid in protecting assets along with its proficiency to organize a business.

Security policy development is a joint or collective operation of all entity of an organization that is affected by its rules.

(Find right ans) During policy creating, the following entities should be involved in its development:

Members must render their advice to some form of a review of policies in response to the exceptional or abominable running condition of the business.

Members of this team usually are the biggest consumers of the policy information in any company because they develop standards around the usage of the computer system, especially security controls.

This team ensures the legal points in the document and guides a particular point of appropriateness in the company.

This team typically obtains a certified certificate from each employee, in which they have read and understood the stipulated policy, as it deals with reward- and punishment-related issues of employees to implement discipline.

Security policy applies to all senior management, employees, stockholders, consultants, and service providers who use company assets. erefore, the security policy must be readable, concise, and illustrated to be effectively understandable to its audience so that everyone adheres to the policies and fulfill their role.

(Find wrong ans) Policy Classification, Every organization typically has three (3) policies:

It mandates what protection should be wielded to safeguard the physical asset from both employees and management and applies to the prevail facilities, including doors, entry point, surveillance, and alarm.

They are supposed to tell their employees how to conduct or operate day-to-day business activities in a secure manner. For instance, password management and confidential information security apply to individual employees.

It directs the administrator what type of technology to use and how network control should be configured and applied to the system and network administrators.

Ensures compliance with the principle and practices dictated by the company because policy procedure does not work if they are violated.

Security documents are living documents. It needs to be updated at specific intervals in response to changing business and customer requirements.

Company employees are often perceived as a "soft" target to be compromised because they are the least predictable and easiest to exploit. Trusted employees either "disgruntle" or become framed to provide valuable information about a company.

These should integrate communication and reminders to employees about what they should and shouldn't reveal information to the outsiders.

(Find right ans) Process Management, There are eight (8) security processes to protect and manage data:

This process seeks to protect the most sensitive data. Within a large organization, which has requirements to keep customer or client data secure, there is often a limited number of people who have access to the data.

This checklist aims to list a series of key daily tasks performed by network administrators and provide space for those tasks to be recorded.

Deals with hardware and software, training, and procedures. The risks of a system often down to both human and technical errors and particularly when both errors meet.

This process is thorough and covers a series of precautions. In every step, documenting activities is encouraged.

Is set up on a staff member's laptop, which allows the staff member to connect to the office network remotely.

The most popular server in the world. It caters different methods of setup by walking through alternative commands.

One of the first ways anyone is going to try to get into a company. Fighting off phishing attacks and other malicious attempts to compromise security relies on both strong technical resilience and a high level of professional training.

This involves testing systems security by trying to break into it. It is centered around trying to find vulnerabilities in a system and then attempting to sneak inside.

Enables the identification and correction of trends that could lead to business problems such as network instability and service interruption.

Is the science of secret writing to keep the data secret and an important aspect when dealing with network security.

It involves taking the plain-text and converting it, This process ensures the integrity of the message

Is the study of cipher text, and ciphers to understand how they work as well as find and improve techniques for defeating or weakening threats.

(Find wrong ans) 3 Types of Attacks in Cryptanalysis:

It can be divided into mathematical analysis and brute force attacks. Brute force attacks run the encryption algorithm for all possible cases of the keys until these find a match. The encryption algorithm is treated as a black box.

It is something dependent on the human factor. Tricking someone into revealing their passwords to the attacker or allowing access to the restricted area comes under this attack. People should be cautious when revealing their passwords to any third party that is not trusted.

A side-channel analysis can be used to obtain a secret key for this kind of attack. They are relevant in cases where the attacker can obtain physical access to the cryptosystem.

Are those attacks which focus on breaking the cryptosystem by analyzing the internal structure of the encryption algorithm.

(Find wrong ans) Classical Encryption Techniques

It is one of the earliest known and simplest ciphers. It is a type of substitution cipher in which each letter in the plaintext is shifted to a certain number of places down the alphabet.

To use this method for constructing the ciphertext alphabet, pick a keyword and write it down while ignoring the repeated letters. Follow it with the letters of the alphabet that have not yet been used.

Suggested that one can also pick a keyletter and begin the keyword UNDER that letter of the plaintext.

Is archived by performing some permutation on the plaintext letters. The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows.

Another way to improve on the simple monoalphabetic techniques is to use different monoalphabetic substitutions as on proceeds through the plaintext message. The best-known and the simplest algorithm is referred to as the Vigenere cipher.