Beruflich Dokumente
Kultur Dokumente
GDPR Regulación de protección datos europea. Los fuerza a cumplir con los reglamentos que ellos Commented [A1]: FORENSICS
establecen.
1.2 CRITICAL
1. Administrativos.
2. Técnicos.
3. Físicos.
Realizan:
1. Preventivos
2. Desanimen – Disuasiva.
3. Detecten.
4. Corrijan.
5. Compensen.
Perimetro – FW
USRS – AV, AM
Nist cs framework
ISO 27001
Cobit
SABSa
Itil
+postura de seguridad: cuan preparados estamos para protegernos de una incidencia de seguridad
informática.
+ SP800 115
Prevention
Detection
Recovery
Risk/Riesgo
=A concept that indicates exposure to the chance of damage or loss, and signifies the likelihood of
a hazard or dangerous threat.
Vulnerabilities
Threats/Amenazas
Changes to information
Interruption of Services
Interruption of Access
Attacks
Controls
Countermeasures that you need to put in place to avoid, mitigate, or counteract security risk due
to threats and attack.
Type of control
Monitoring Identification
Implementation
The three principles of security control and management: Confidentiality, Integrity, Availability.
Integrity
Confidentiality Availability
Integrity: Keeping organizational info accurate, free of errors, and free from unauthorized
modifications.
NR: Ensuring that the party that sent a transmission of created data remains associated with the
data and cannot deny sending or creating the data.
Accountability
Identification
The process by which a claim is made about the nature of a particular entity.
Authentication
Authentication Factors
Authorization
The process that determine what rights and privilege a particular entity has.
Access Control
Process that determining and assigning privileges to resources, objects and data.
Accounting: The process of tracking and recording system activities and resources access.
Auditing: The portion of accounting that entails security professionals examining logs of what was
recorded.
The principle that establishes that users and software should have the minimal level of access that
is necessary for them to perform the duties required of them.
Privilege Management
PrivManag: The use of authentication and authorization mechanism to provide centralized and
decentralized administration of user and group of users.
SSO: An aspect of privilege management that provides users with one-time authentication to
multiple resources, servers, or sites.
Passwords
Tokens
Physical or virtual objects that store authentication information. Common examples: smart cards,
ID Badgers, data packets.
Biometrics
Fingerprint scanners
Retinal Scanners
Hand geometry scanners
Voice-recognition software
Facial-Recognition software.
Geolocation
Keystrokes Authentication
An auth process that relies on detailed information describing exactly when a key is pressed and
released as someone types information into a computer or other electronic device.
Multi-factor Authentication
An authentication scheme that requires validation of two or more distinct authentication factors.
Mutual Authentication
A security mechanism that requires that each party in communication verifies the identity of every
other party in the communication.
Cryptography
The science of hiding information, mostly commonly by encoding and decoding a secret code used
to send messages.
Encryption and decryption
Encryption: A security technique that converts data from plaintext form into coded (or ciphertext)
form so that only authorized parties with the necessary decryption information can decode and
read the data.
Plaintext: Unencrypted data that is meant to be encrypted before transmission, or the result of
decrypting encrypted data.
Confidentiality
Integrity
Non-repudiation
Authentication
Ciphers
A specific piece of information that is used in conjunction with an algorithm to perform encryption
and decryption.
Symmetric Encryption
A two-way encryption scheme in which encryption and decryption are both performed by the
same key (shared key encryption).
Hacker and Attackers: Individuals who have the skills to gain access to computer systems through
unauthorized or unapproved means.
Cracker: An individual who breaks encryption codes, defeats software copies protections, or
specializes in breaking into systems.
White Hat: A hacker who discovers and exposes security flaws in applications and operating
systems with an organizations consent so that they can be fixed before they become widespread
problems.
Black hat: a hacker who discovers and exposes security vulnerabilities without…
Threat actors: An entity that is partially or wholly responsible for an incident that affects or
potentially affects an organizations security. Also referred to as malicious actor.
23/8/2019
1. Availability
2. Confidentiality
3. Integrity