際際滷

際際滷Share a Scribd company logo

Information Security Audit (Course)

亠仍舒于 从仆仂于

舒从舒 仗亠亰亠仆舒亳 仂弍仆仂于仍亠仆仆仂亞仂 舒于仂从仂亞仂 从舒 "亟亳 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳" https://edu.softline.by/courses/isa.html

1 of 15
Download to read offline
束丕丐 个丶 弌弌丐損 STRIDE DREAD Cyber Kill Chain MITRE ATT&CK 亠仍舒于 从仆仂于 https://edu.softline.by/courses/isa.html
FAIR (FACTOR ANALYSIS OF INFORMATION RISK) 个舒从仂仆亶 舒仆舒仍亳亰 亳仆仂仄舒亳仂仆仆 亳从仂于 FAIR (FACTOR ANALYSIS OF INFORMATION RISK)
个亠亶仄于仂从 仄仂亟亠仍亳仂于舒仆亳 亞仂亰 STRIDE FAIR (舒从仂仆亶 舒仆舒仍亳亰 亳仆仂仄舒亳仂仆仆仂亞仂 亳从舒) 丕亞仂亰舒 舒亠仆仆仂亠 于仂亶于仂 亳仄亠 S Spoofing (弌仗亳仆亞) 仂亟仍亳仆仆仂 仆亠亰舒从仂仆仆仂亠 仗仂仍亠仆亳亠 亟仂仗舒 亳 亳仗仂仍亰仂于舒仆亳亠 亟舒仆仆 舒亠仆亳亳从舒亳亳 亟亞仂亞仂 仗仂仍亰仂于舒亠仍, 仆舒仗亳仄亠 亳仄亠仆亳 仗仂仍亰仂于舒亠仍 亳 仗舒仂仍 T Tampering (仄亠舒亠仍于仂 于 亟舒仆仆亠) 丶亠仍仂仆仂 仆亠亰舒从仂仆仆仂亠 于仆亠亠仆亳亠 亳亰仄亠仆亠仆亳亶 于 亟舒仆仆亠, 从仂仂亠, 仗亠亟仗仂仍仂亢亳仄, 仆舒仂亟 于 弍舒亰亠 亟舒仆仆. 亳亰仄亠仆亠仆亳亠 亟舒仆仆 于仂 于亠仄 亳 仗亠亠亟舒亳 仂亟仆亳仄 从仂仄仗ム亠仂仄 亟亞仂仄 仗仂 亠亳. R Repudiation (亳舒仆亳亠) 亠仂从舒亰亠仄仂 亞仂亰 仂亳舒仆亳 亳仂亟 仂 仗仂仍亰仂于舒亠仍亠亶, 从仂仂亠 仂亳舒ム 于仗仂仍仆亠仆亳亠 亟亠亶于亳, 仗仂从舒 亟亞舒 仂仂仆舒 仆亠 亟仂从舒亢亠 仂弍舒仆仂亠 I Information disclosure (舒从亳亠 亳仆仂仄舒亳亳) 仂仆亳亟亠仆- 亳舒仍仆仂 仗亠亟仂舒于仍亠仆亳亠 亳仆仂仄舒亳亳 亠仄, 从仂 仆亠 亟仂仍亢亠仆 弍仍 仗仂仍亳 从 仆亠亶 亟仂仗, 仆舒仗亳仄亠 亠仆亳亠 仗仂仍亰仂于舒亠仍亠仄 舒亶仍舒, 从 从仂仂仂仄 仂仆 仆亠 亟仂仍亢亠仆 亳仄亠 亟仂仗舒, 亳仍亳 于仂亰仄仂亢仆仂 亠仆亳 舒舒从ム亳仄 亟舒仆仆, 仗亠亠亟舒ム亳 仄亠亢亟 亟于仄 从仂仄仗ム亠舒仄亳 D Denial of Service (从舒亰 于 仂弍仍亢亳于舒仆亳亳) 仂仗仆仂 DoS-舒舒从亳 亟亠仍舒ム 亠于亳 仆亠亟仂仗仆仄亳 亟仍 亟亠亶于亳亠仍仆 仗仂仍亰仂于舒亠仍亠亶, 仆舒仗亳仄亠, 仗亳 于亠仄亠仆仆仂仄 仂于亳亳 亟仂仗舒 亳仍亳 仆亠于仂亰仄仂亢仆仂亳 亳仗仂仍亰仂于舒仆亳. E Elevation of Privilege (舒亳亠仆亳亠 仗舒于 亟仂仗舒) 于仂亳亰舒亳 仗仂仍亠仆亳亠 仆亠仗亳于亳仍亠亞亳仂于舒仆仆仄 仗仂仍亰仂于舒亠仍亠仄 舒亳亠仆仆 仗舒于 亟仂仗舒 亳 于仂亰仄仂亢仆仂亠亶 亟仍 于仂亢亠仆亳 亳仍亳 舒亰亠仆亳 于亠亶 亳亠仄
个亠亶仄于仂从 仄仂亟亠仍亳仂于舒仆亳 亞仂亰 DREAD
Cyber Kill Chain
MITRE ATT&CK
Rapid Risk Assessment
8/31 Common Vulnerabilities and Exposures (CVE) 弌仗亳仂从 舒仆亟舒仆 仆舒亰于舒仆亳亶 亟仍 仂弍亠亳亰于亠仆 磶于亳仄仂亠亶. 仆仂于仆仂亠 仆舒亰仆舒亠仆亳亠 CVE - 仂 仂亞仍舒仂于舒仆亳亠 舒亰仍亳仆 弍舒亰 亟舒仆仆 磶于亳仄仂亠亶 亳 亳仆仄亠仆仂于, 亳仗仂仍亰ム亳 舒从亳亠 弍舒亰 亟舒仆仆. 仂亟亟亠亢从 CVE 仂亠于仍磳 MITRE Corporation (www.mitre.org). Heartbleed (CVE-2014- 0160) 仂亳弍从舒 于 从亳仗仂亞舒亳亠从仂仄 仗仂亞舒仄仄仆仂仄 仂弍亠仗亠亠仆亳亳 OpenSSL, 仗仂亰于仂仍ム舒 仆亠舒仆从亳仂仆亳仂于舒仆仆仂 亳舒 仗舒仄 仆舒 亠于亠亠 亳仍亳 仆舒 从仍亳亠仆亠, 于 仂仄 亳仍亠 亟仍 亳亰于仍亠亠仆亳 亰舒从仂亞仂 从仍ム舒 亠于亠舒.
9/31 Common Vulnerability Scoring System (CVSS)
10/31 Institute for Security and Open Methodologies
11/31 4.1 Pre-Engagement 4.1.1 Scoping 4.1.2 Documentation 4.1.3 Rules of Engagement 4.1.4 Third-Party-Hosted / Cloud Environments 4.1.5 Success Criteria 4.1.6 Review of Past Threats and Vulnerabilities 4.1.7 Avoid scan interference on security appliances 4.2 Engagement: Penetration Testing 4.2.1 Application Layer 4.2.2 Network Layer 4.2.3 Segmentation 4.2.4 What to do when cardholder data is encountered 4.2.5 Post-Exploitation 4.3 Post-Engagement 4.3.1 Remediation Best Practices 4.3.2 Retesting Identified Vulnerabilities 4.3.3 Cleaning up the Environment Methodology
12/31 弌丐丕丐乘:
13/31 Cyber Security Evaluation Tool 亳仍仂亢亠仆亳亠, 亟仍 仗仂于亠亟亠仆亳 亳亠仄舒亳亠从仂亞仂 舒亟亳舒 亳 仂亠仆从亳 ICT.
丐丼弌 亊
仂仗仂仍仆亳亠仍仆亠 仄舒亠亳舒仍

More Related Content

Information Security Audit (Course)

  • 1. 束丕丐 个丶 弌弌丐損 STRIDE DREAD Cyber Kill Chain MITRE ATT&CK 亠仍舒于 从仆仂于 https://edu.softline.by/courses/isa.html
  • 2. FAIR (FACTOR ANALYSIS OF INFORMATION RISK) 个舒从仂仆亶 舒仆舒仍亳亰 亳仆仂仄舒亳仂仆仆 亳从仂于 FAIR (FACTOR ANALYSIS OF INFORMATION RISK)
  • 3. 个亠亶仄于仂从 仄仂亟亠仍亳仂于舒仆亳 亞仂亰 STRIDE FAIR (舒从仂仆亶 舒仆舒仍亳亰 亳仆仂仄舒亳仂仆仆仂亞仂 亳从舒) 丕亞仂亰舒 舒亠仆仆仂亠 于仂亶于仂 亳仄亠 S Spoofing (弌仗亳仆亞) 仂亟仍亳仆仆仂 仆亠亰舒从仂仆仆仂亠 仗仂仍亠仆亳亠 亟仂仗舒 亳 亳仗仂仍亰仂于舒仆亳亠 亟舒仆仆 舒亠仆亳亳从舒亳亳 亟亞仂亞仂 仗仂仍亰仂于舒亠仍, 仆舒仗亳仄亠 亳仄亠仆亳 仗仂仍亰仂于舒亠仍 亳 仗舒仂仍 T Tampering (仄亠舒亠仍于仂 于 亟舒仆仆亠) 丶亠仍仂仆仂 仆亠亰舒从仂仆仆仂亠 于仆亠亠仆亳亠 亳亰仄亠仆亠仆亳亶 于 亟舒仆仆亠, 从仂仂亠, 仗亠亟仗仂仍仂亢亳仄, 仆舒仂亟 于 弍舒亰亠 亟舒仆仆. 亳亰仄亠仆亠仆亳亠 亟舒仆仆 于仂 于亠仄 亳 仗亠亠亟舒亳 仂亟仆亳仄 从仂仄仗ム亠仂仄 亟亞仂仄 仗仂 亠亳. R Repudiation (亳舒仆亳亠) 亠仂从舒亰亠仄仂 亞仂亰 仂亳舒仆亳 亳仂亟 仂 仗仂仍亰仂于舒亠仍亠亶, 从仂仂亠 仂亳舒ム 于仗仂仍仆亠仆亳亠 亟亠亶于亳, 仗仂从舒 亟亞舒 仂仂仆舒 仆亠 亟仂从舒亢亠 仂弍舒仆仂亠 I Information disclosure (舒从亳亠 亳仆仂仄舒亳亳) 仂仆亳亟亠仆- 亳舒仍仆仂 仗亠亟仂舒于仍亠仆亳亠 亳仆仂仄舒亳亳 亠仄, 从仂 仆亠 亟仂仍亢亠仆 弍仍 仗仂仍亳 从 仆亠亶 亟仂仗, 仆舒仗亳仄亠 亠仆亳亠 仗仂仍亰仂于舒亠仍亠仄 舒亶仍舒, 从 从仂仂仂仄 仂仆 仆亠 亟仂仍亢亠仆 亳仄亠 亟仂仗舒, 亳仍亳 于仂亰仄仂亢仆仂 亠仆亳 舒舒从ム亳仄 亟舒仆仆, 仗亠亠亟舒ム亳 仄亠亢亟 亟于仄 从仂仄仗ム亠舒仄亳 D Denial of Service (从舒亰 于 仂弍仍亢亳于舒仆亳亳) 仂仗仆仂 DoS-舒舒从亳 亟亠仍舒ム 亠于亳 仆亠亟仂仗仆仄亳 亟仍 亟亠亶于亳亠仍仆 仗仂仍亰仂于舒亠仍亠亶, 仆舒仗亳仄亠, 仗亳 于亠仄亠仆仆仂仄 仂于亳亳 亟仂仗舒 亳仍亳 仆亠于仂亰仄仂亢仆仂亳 亳仗仂仍亰仂于舒仆亳. E Elevation of Privilege (舒亳亠仆亳亠 仗舒于 亟仂仗舒) 于仂亳亰舒亳 仗仂仍亠仆亳亠 仆亠仗亳于亳仍亠亞亳仂于舒仆仆仄 仗仂仍亰仂于舒亠仍亠仄 舒亳亠仆仆 仗舒于 亟仂仗舒 亳 于仂亰仄仂亢仆仂亠亶 亟仍 于仂亢亠仆亳 亳仍亳 舒亰亠仆亳 于亠亶 亳亠仄
  • 8. 8/31 Common Vulnerabilities and Exposures (CVE) 弌仗亳仂从 舒仆亟舒仆 仆舒亰于舒仆亳亶 亟仍 仂弍亠亳亰于亠仆 磶于亳仄仂亠亶. 仆仂于仆仂亠 仆舒亰仆舒亠仆亳亠 CVE - 仂 仂亞仍舒仂于舒仆亳亠 舒亰仍亳仆 弍舒亰 亟舒仆仆 磶于亳仄仂亠亶 亳 亳仆仄亠仆仂于, 亳仗仂仍亰ム亳 舒从亳亠 弍舒亰 亟舒仆仆. 仂亟亟亠亢从 CVE 仂亠于仍磳 MITRE Corporation (www.mitre.org). Heartbleed (CVE-2014- 0160) 仂亳弍从舒 于 从亳仗仂亞舒亳亠从仂仄 仗仂亞舒仄仄仆仂仄 仂弍亠仗亠亠仆亳亳 OpenSSL, 仗仂亰于仂仍ム舒 仆亠舒仆从亳仂仆亳仂于舒仆仆仂 亳舒 仗舒仄 仆舒 亠于亠亠 亳仍亳 仆舒 从仍亳亠仆亠, 于 仂仄 亳仍亠 亟仍 亳亰于仍亠亠仆亳 亰舒从仂亞仂 从仍ム舒 亠于亠舒.
  • 10. 10/31 Institute for Security and Open Methodologies
  • 11. 11/31 4.1 Pre-Engagement 4.1.1 Scoping 4.1.2 Documentation 4.1.3 Rules of Engagement 4.1.4 Third-Party-Hosted / Cloud Environments 4.1.5 Success Criteria 4.1.6 Review of Past Threats and Vulnerabilities 4.1.7 Avoid scan interference on security appliances 4.2 Engagement: Penetration Testing 4.2.1 Application Layer 4.2.2 Network Layer 4.2.3 Segmentation 4.2.4 What to do when cardholder data is encountered 4.2.5 Post-Exploitation 4.3 Post-Engagement 4.3.1 Remediation Best Practices 4.3.2 Retesting Identified Vulnerabilities 4.3.3 Cleaning up the Environment Methodology
  • 13. 13/31 Cyber Security Evaluation Tool 亳仍仂亢亠仆亳亠, 亟仍 仗仂于亠亟亠仆亳 亳亠仄舒亳亠从仂亞仂 舒亟亳舒 亳 仂亠仆从亳 ICT.