Cybersecurity Threat Matrix Janica Edmonds Cybersecurity First Principles

Cybersecurity: Threat Matrix Janica Edmonds

Cybersecurity First Principles Domain separation Process Isolation Resource encapsulation Layering Modularization Least Privilege Information hiding Abstraction Simplicity Minimization 2

Cyber Realm Card game • Created by Gen. Cyber Duo at California State University, San Bernardino • Played in pairs 3

Security Needs Confidentiality Integrity Availability 4

Security Threats A potential occurrence, malicious or otherwise, that might damage or compromise assets. • Interception – asset is diverted. • Interruption – asset is delayed • Modification – asset is altered. • Fabrication – asset is manufactured. 5

Security Assets Components of the system or network. • Hardware • Software • People • Data 6

Example: Mom & Pop Shop • • • Running a touristy type business selling handmade crafts Keep accounts and business transactions records on a computer Running a website to advertise their business • Security • • • What are the assets? How does CIA apply? What are ways that CIA could be threatened? 7

Threat Matrix Threat/Asset HW SW People Data Interception Interruption Modification Fabrication 8

Example: Threat Matrix Mom & Pop Shop Threat/Asset HW SW People Data Interception Interruption Modification Fabrication 9

Example: Principles Applied • Domain separation • Layering • Least privilege • Information hiding • Simplicity • Minimization • Modularization 10