Information Security – Cybersecurity Notes
UoPX Advanced Cybersecurity Certification
Access Control Attacks
Risk Elements
Risk is the possibility or likelihood that a threat will exploit a vulnerability resulting in a
loss
Threat is the potential occurrence that can result in an undesirable outcome
Vulnerability is any type of weakness
Risk Management attempts to reduce or eliminate vulnerabilities or reduce the impact of
potential threats by implementing controls or countermeasures
Identify Assets
o Asset valuation refers to identifying the actual value of assets with the goal of
prioritizing them
Identify Threats
o Threat modeling refers to the process of identifying, understanding, and
categorizing potential threats with the goal is to identify a potential list of threats
to these systems and analyze the threats
o Advanced Persistent Threats is as group of attackers who are working together
and are highly motivated, skilled, and patient - they go after specific targets
o Threat modeling approaches
Focused on Assets - uses asset valuation results and attempts to identify
threats to valuable assets
Focused on Attackers - identify potential attackers and identify the threats
they represent based on the attacker's goals
Focused on Software - if an org develops software, it can consider
potential threats against the software
Identify Vulnerabilities
o Vulnerability analysis attempts to discover weaknesses in systems against
potential threats
In context of access control, vulnerability analysis attempts to identify the
strengths and weaknesses of the different access control mechanisms and
the potential of a threat to exploit a weakness
1
UoPX Advanced Cybersecurity Certification
Access Control Attacks
Risk Elements
Risk is the possibility or likelihood that a threat will exploit a vulnerability resulting in a
loss
Threat is the potential occurrence that can result in an undesirable outcome
Vulnerability is any type of weakness
Risk Management attempts to reduce or eliminate vulnerabilities or reduce the impact of
potential threats by implementing controls or countermeasures
Identify Assets
o Asset valuation refers to identifying the actual value of assets with the goal of
prioritizing them
Identify Threats
o Threat modeling refers to the process of identifying, understanding, and
categorizing potential threats with the goal is to identify a potential list of threats
to these systems and analyze the threats
o Advanced Persistent Threats is as group of attackers who are working together
and are highly motivated, skilled, and patient - they go after specific targets
o Threat modeling approaches
Focused on Assets - uses asset valuation results and attempts to identify
threats to valuable assets
Focused on Attackers - identify potential attackers and identify the threats
they represent based on the attacker's goals
Focused on Software - if an org develops software, it can consider
potential threats against the software
Identify Vulnerabilities
o Vulnerability analysis attempts to discover weaknesses in systems against
potential threats
In context of access control, vulnerability analysis attempts to identify the
strengths and weaknesses of the different access control mechanisms and
the potential of a threat to exploit a weakness
1
