BIE-UKB Lecture 02 Recall: Risc Management

• Cyber Threat
  • Any event with the potential to adversely impact organizational operations (process) assets, or individuals through
  • Act aimed to steal or damage data, get (financial) gain or other advantage, or disrupt digital life in general
  • Examples:
    • Cyber attacks with the goal of getting access to sensitive data
    • Cyber attacks with the goal of destructing data
    • All kinds of malware
    • Denial of Services
    • Phishing
    • Ransomware
  • Risk Management
    • process of identifying, assessing, and controlling threats (and vulnerabilities)
  • Risk Analysis
    • (internal) methodology used for risk valuation, and prioritization
  • DDOS discussion
    • M. Kuka, K. Vojanec, J. Kučera and P. Benáček, “Accelerated DDoS Attacks Mitigation using Programmable Data Plane,” 2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), Cambridge, UK, 2019, pp. 1-3, doi: 10.1109/ANCS.2019.8901882.

BIE-UKB Lecture 03 Notes: Security development lifecycle, introduction to concepts of applications security

• Bug - any defect in a product
  • behavior violating specification
• Exploit - sequence of commands that takes advantage of a bug or vulnerability
• from implicit to explicit rights
• FMEA - Failure Mode and Effects Analysis
• Software Release Life Cycle (SRL)
  • Linear release model
  • Experimental/Stable releases
  • Extended support (LTS/ERS)