SlideShare a Scribd company logo

The Seven Kinds of Security

Veracode
Veracode

The document discusses the 7 layers of security in a computer security ecosystem according to the OSI model: physical, data link, network, transport, session, presentation, and application. It describes attacks that can occur at each layer and how lower layer security measures like firewalls and intrusion detection systems are not sufficient to prevent application layer attacks. The growth of applications and their vulnerabilities has increased risks to the entire security ecosystem. Implementing application security is necessary to proactively reduce vulnerabilities and better protect the ecosystem.

Software
1 of 21
Download to read offline
the 7 KINDS OF SECURITY VERACODE GBOOK
If you were to look at a map that showed computer security as a whole, from a high enough vantage point it might look like art. The blend of arrows, symbols and colors bunched up against serious-looking acronyms would take on an abstract quality. But get close enough, and the overwhelming detail and scope of this map would seem like an endless and incomprehensible maze of information. How to sort out this truckload of information? How to even begin? Categorizing the information by the OSI model is a good place to start. INTRODUCTION THE 7 KINDS OF SECURITY 2
THE 7 KINDS OF SECURITY 3 Imagine an ecosystem: one of trees, birds, bugs, grass, etc. The security ecosystem, if you will, is just like the ecosystem in your backyard. It is a study of interdependence, limited resources and finding just the right balance among all the players in the game to make everything work optimally. Before delving into the categorizing of seven kinds of security, it will probably help to have an image in your head to picture the world of security.
0101010101 10101010101 0101010101 10101010101 THE 7 KINDS OF SECURITY 4 And like an environmentalist studying a complex ecosystem, it requires specific knowledge, expertise, tools and dedicated effort to find that perfect balance. As you can imagine, this is a tall order.
The Open Systems Interconnection model (OSI model) is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to their underlying internal structure and technology. Its goal is the interoperability of diverse communication systems with standard protocols. The model partitions a communication system into abstraction layers. The original version of the model defined seven layers. According to the OSI model (Open Systems Interconnection), a conceptual model of the structure, technology and interactions of systems, we can define layers, or kinds, of security. What does this security ecosystem include? 5THE 7 KINDS OF SECURITY
Think of the post office getting mail from point A to point B reliably and without anyone tampering with the contents, but instead of bills and postcards, you’re dealing with data, and instead of houses and apartments, you’re dealing with computers and networks. Denial-of-service attacks also occur here, as well as man-in-the-middle attacks (bad guys trying to intercept the data between point A and point B). This is the lowest layer where the hardware shares the same physical, real-world space as the user. This is where we put locks on doors to keep systems safe. At this layer, the data is just one level above the bare metal and silicon of the hardware. Here, the data moves from software to hardware and back. Security at this layer keeps the traffic going and the data where it’s supposed to be. Think traffic control, speed limits, detours and stop signs. This is where network addressing, routing and other traffic control take place. Security at this layer protects against flooding attacks and sniffing or snooping attacks to keep criminals from accessing logins and passwords sent over the network. PHYSICAL1. 2. 3. 4. DATA LINK NETWORK TRANSPORT 7 KINDS OF SECURITY 6THE 7 KINDS OF SECURITY What are the 7 layers in this security ecosystem?
7 KINDS OF SECURITY 7THE 7 KINDS OF SECURITY This represents the continuous exchange of information in the form of multiple back-and-forth transmissions. The session layer controls the dialogues (connections) between computers. Examples of attacks are denial-of-service and spoofing. The presentation layer is just below the application layer and transforms data into the form that the application accepts.  For instance, feed HTML code to a web browser, and you’ll get a webpage. Give it to your phone’s texting application, and you’ll get a lot of computer text that makes no sense to your friend. This is the layer closest to the end user and the most troublesome these days. Commonly, web browsers and email clients are attacked at this layer. It’s how people interact with computers and devices. SESSION5. 6. 7. PRESENTATION APPLICATION What are the 7 layers in this security ecosystem? (continued)
HUMAN DATA LINK APPLICATION PRESENTATION NETWORK PHYSICAL SESSION TRANSPORT What does this security ecosystem look like? 8THE 7 KINDS OF SECURITY
THE 7 KINDS OF SECURITY 9 Each layer is vulnerable to direct and indirect attacks. The layers must be continually adjusted so the ecosystem is protected and the attack surface is minimized, without blocking the normal flow of business. These layers represent how systems, software and networks interact and contribute to the attack surface (attack surface — the areas where attacks can occur). 1PHYSICAL 2DATA LINK 3NETWORK LAYER 4TRANSPORT 5SESSION 6PRESENTATION 7APPLICATION ATTACKS ATTACKS
THE 7 KINDS OF SECURITY 10 As it turns out, seven is an important number. The seventh layer, the application layer, is the growing risk in this layer cake of potential insecurity. Addressing this risk is not an easy task as application security requires protecting all applications through design, development, upgrade and maintenance. The prevalence of applications means security ecosystems are stressed. 0101010101 10101010101 0101010101 10101010101 APPLICATION LAYER 1 2 3 4 5 6 7
11THE 7 KINDS OF SECURITY If you remove one piece or restrict resources, or if a piece fails, the entire ecosystem can become unstable or insecure. This adjustment requires a good understanding of the interaction between the layers, the resources needed and the balance required to maintain security and protect the whole. HUMAN DATA LINK PRESENTATION NETWORK PHYSICAL SESSION TRANSPORT ?
12THE 7 KINDS OF SECURITY The newness and very nature of how Internet- enabled applications work, making it possible for companies to interact effectively and efficiently with the outside world, also mean they are at greater risk of cyberattacks. Which is why web and mobile applications currently account for more than a third of data breaches. Source: 2014 Verizon Data Breach Investigations Report ****** WEB + M OBILEAPPS DAT A BREACH 35%
THE 7 KINDS OF SECURITY 13 According to Akamai’s “State of Internet Security” report, “application-layer attacks are growing much more rapidly than infrastructure attacks.” Unfortunately, with companies in all industries relying more and more on applications as a source of innovation and business efficiencies, attacks against the application layer will only continue to grow. We can already see it in the growth of application-based vulnerabilities on the web. Consider that in 2014… RESULTING IN MORE THAN personal or financial records stolen 450 Million THERE WERE 8 MAJOR BREACHES THROUGH THE APPLICATION LAYER
According to Risk Based Security’s VulnDB for 2015, there have been… WERE CONSIDERED HIGH SEVERITY BY THEIR CVSSv2 SCORE Common Vulnerability Scoring System 291 595 198 18 reported new web application vulnerabilities HAD NO KNOWN SOLUTION OR PATCH THE VENDOR DIDN’T EVEN BOTHER TO RESPOND THE 7 KINDS OF SECURITY 14 OF THE 595 REPORTED
Four real-world breaches… 1 2 3 4 THE 7 KINDS OF SECURITY 15 TalkTalk was breached through a common SQL injection vulnerability. The breach resulted in the theft of names, addresses, birthdays and financial information for potentially all of the company’s 4 million customers. Target was breached through a sophisticated attack-kill chain, which included exploiting a vulnerability in a web application used to interface with vendors. The breach resulted in the theft of data, including names, email addresses, credit card information, mailing addresses and phone numbers, for 70 million customers. JPMorgan Chase was breached through a web application built and hosted by a third- party developer. The web application was deemed non-business critical because it promoted a charitable road race and was not related to business activities. The breach resulted in the records of 76 million households and 7 million businesses being stolen. Community Health was breached through a software component with a well-publicized vulnerability. The insurance company was unable to find all instances of the com- ponent in its application ecosystem and, as a result, could not patch the vulnerability. The breach resulted in more than 4 million patient records lost.
THE 7 KINDS OF SECURITY 16 This is old-world thinking. The idea that lower layer security measures protect higher layers simply isn’t true. Many organizations assume that their existing security measures, such as network security, firewalls, intrusion detection systems or data leakage prevention tools, protect them from application-layer attacks. NETWORK SECURITY, FIREWALLS OR INTRUSION DETECTION DO NOT STOP APPLICATION-LAYER ATTACKS ATTACKS ATTACKS ORGANIZATION THE REALITY
THE 7 KINDS OF SECURITY 17 According to research by Picus Security, which tests live exploits against various infrastructure protection devices for security effectiveness… of the last 24 months of exploits WITHOUT SPECIFIC APPLICATION DEFENSES IN PLACE of the last 24 months of exploits WITH SPECIFIC APPLICATION DEFENSES IN PLACE 18–43% 72–96% An organization will only stop vs
THE 7 KINDS OF SECURITY 18 … are the stuff of which ulcers are made. If it wasn’t already apparent, applications may be the invading species in the world’s backyard. They’re growing faster than kudzu too. If you’re like most people, phrases like: “major breaches” “high severity” “no known solution” “didn’t have a vendor response” “only stop 18% to 43%”
E! FRAGILE! FRAGILE! FRAGIL AGILE! FRAGILE! FRAGILE! FRAGILE! FRAG THE 7 KINDS OF SECURITY 19 Since applications tend to tie together multiple systems across the network and across many types of users, application security requires more focus and attention than it has received in the past as it impacts every layer of the security ecosystem. A security ecosystem is fragile by default. Its optimal functioning depends on a delicate balance of controls, interactions and vulnerabilities.
THE 7 KINDS OF SECURITY 20 While both perspectives are important, applications present a more alarming reality because they often face attacks that have no patch. This necessitates thoroughly researching applications that will be purchased from third parties, or addressing application design and security at the software development phase. The introduction of application security shifts the focus from general vulnerability management to proactively reducing specific vulnerabilities in applications. Proactive Reduction of Specific Vulnerabilities General Vulnerability Management
When a major shift is introduced to an ecosystem, like dropping a python in a mouse cage, or like adding Internet-facing applications, it will be difficult to find harmony again. It’s encumbent on a business to assess how to adjust the seven types of security in the environment to reduce risk. Every interaction matters to the attack surface, and applications bring many more and new types of interactions on all layers. Introducing application security addresses these interactions and benefits the entire security ecosystem, on every layer. CONCLUSION THE 7 KINDS OF SECURITY 21 LEARN MORE How Application Security Fits into the Security Ecosystem LOVE TO LEARN ABOUT APPLICATION SECURITY? Get all the latest news, tips and articles delivered right to your inbox.

Recommended

What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ckNarinrit Prem-apiwathanokul
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorFarook Al-Jibouri
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking SectorSamvel Gevorgyan
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNowSecure
 

Recommended

What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ckNarinrit Prem-apiwathanokul
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorFarook Al-Jibouri
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking SectorSamvel Gevorgyan
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNowSecure
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial InstitutionsKhawar Nehal khawar.nehal@atrc.net.pk
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat ResponseVivek Jindaniya
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security RisksHeimdal Security
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in HealthcareQuick Heal Technologies Ltd.
 
Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesSlideTeam
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 
Research Paper
Research PaperResearch Paper
Research PaperDavid Chaponniere
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
IT Security - Guidelines
IT Security - GuidelinesIT Security - Guidelines
IT Security - GuidelinesPedro Espinosa
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
Security Incidents
Security IncidentsSecurity Incidents
Security Incidentsbelsis
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk MitigationMukalele Rogers
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsIBM Security
 
Top Risks of Enterprise Mobility
Top Risks of Enterprise MobilityTop Risks of Enterprise Mobility
Top Risks of Enterprise MobilitySymantec
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docx®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docxLynellBull52
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIOSR Journals
 

More Related Content

What's hot

Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat ResponseVivek Jindaniya
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security RisksHeimdal Security
 
Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesSlideTeam
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
IT Security - Guidelines
IT Security - GuidelinesIT Security - Guidelines
IT Security - GuidelinesPedro Espinosa
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
Security Incidents
Security IncidentsSecurity Incidents
Security Incidentsbelsis
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk MitigationMukalele Rogers
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsIBM Security
 
Top Risks of Enterprise Mobility
Top Risks of Enterprise MobilityTop Risks of Enterprise Mobility
Top Risks of Enterprise MobilitySymantec
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 

What's hot (20)

Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security Teams
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat Response
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
 
Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation Slides
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
IT Security - Guidelines
IT Security - GuidelinesIT Security - Guidelines
IT Security - Guidelines
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
 
Security Incidents
Security IncidentsSecurity Incidents
Security Incidents
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk Mitigation
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threats
 
Top Risks of Enterprise Mobility
Top Risks of Enterprise MobilityTop Risks of Enterprise Mobility
Top Risks of Enterprise Mobility
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
 

Similar to The Seven Kinds of Security

®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docx®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docxLynellBull52
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIOSR Journals
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundohdbundo
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Interested in learningmore about securitySANS Institute.docx
Interested in learningmore about securitySANS Institute.docxInterested in learningmore about securitySANS Institute.docx
Interested in learningmore about securitySANS Institute.docxmariuse18nolet
 
CYBER SECURITY ppt.pptx
CYBER SECURITY ppt.pptxCYBER SECURITY ppt.pptx
CYBER SECURITY ppt.pptxtanyamudgal4
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 
A Systematic Literature Review On The Cyber Security
A Systematic Literature Review On The Cyber SecurityA Systematic Literature Review On The Cyber Security
A Systematic Literature Review On The Cyber SecurityAmy Cernava
 
Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsAlison Hall
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) Eoin Keary
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]AngelGomezRomero
 
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTIONAI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTIONChristopherTHyatt
 

Similar to The Seven Kinds of Security (20)

®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docx®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docx
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile Networks
 
Forensics
ForensicsForensics
Forensics
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundo
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Interested in learningmore about securitySANS Institute.docx
Interested in learningmore about securitySANS Institute.docxInterested in learningmore about securitySANS Institute.docx
Interested in learningmore about securitySANS Institute.docx
 
CYBER SECURITY ppt.pptx
CYBER SECURITY ppt.pptxCYBER SECURITY ppt.pptx
CYBER SECURITY ppt.pptx
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 
A Systematic Literature Review On The Cyber Security
A Systematic Literature Review On The Cyber SecurityA Systematic Literature Review On The Cyber Security
A Systematic Literature Review On The Cyber Security
 
Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention Systems
 
A01450131
A01450131A01450131
A01450131
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019)
 
Security
SecuritySecurity
Security
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
 
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTIONAI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cybersecurity-NSIC.pdf
Cybersecurity-NSIC.pdfCybersecurity-NSIC.pdf
Cybersecurity-NSIC.pdf
 

More from Veracode

A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneyVeracode
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreVeracode
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application SecurityVeracode
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsVeracode
 
Healthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeHealthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeVeracode
 
Why Benchmark Application Security - Veracode
Why Benchmark Application Security - VeracodeWhy Benchmark Application Security - Veracode
Why Benchmark Application Security - VeracodeVeracode
 
Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Veracode
 
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteVeracode
 
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Veracode
 

More from Veracode (9)

A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t Ignore
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey Insights
 
Healthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeHealthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracode
 
Why Benchmark Application Security - Veracode
Why Benchmark Application Security - VeracodeWhy Benchmark Application Security - Veracode
Why Benchmark Application Security - Veracode
 
Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.
 
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
 
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
 

Recently uploaded

why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 

Recently uploaded (20)

why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 

The Seven Kinds of Security

  • 2. If you were to look at a map that showed computer security as a whole, from a high enough vantage point it might look like art. The blend of arrows, symbols and colors bunched up against serious-looking acronyms would take on an abstract quality. But get close enough, and the overwhelming detail and scope of this map would seem like an endless and incomprehensible maze of information. How to sort out this truckload of information? How to even begin? Categorizing the information by the OSI model is a good place to start. INTRODUCTION THE 7 KINDS OF SECURITY 2
  • 3. THE 7 KINDS OF SECURITY 3 Imagine an ecosystem: one of trees, birds, bugs, grass, etc. The security ecosystem, if you will, is just like the ecosystem in your backyard. It is a study of interdependence, limited resources and finding just the right balance among all the players in the game to make everything work optimally. Before delving into the categorizing of seven kinds of security, it will probably help to have an image in your head to picture the world of security.
  • 4. 0101010101 10101010101 0101010101 10101010101 THE 7 KINDS OF SECURITY 4 And like an environmentalist studying a complex ecosystem, it requires specific knowledge, expertise, tools and dedicated effort to find that perfect balance. As you can imagine, this is a tall order.
  • 5. The Open Systems Interconnection model (OSI model) is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to their underlying internal structure and technology. Its goal is the interoperability of diverse communication systems with standard protocols. The model partitions a communication system into abstraction layers. The original version of the model defined seven layers. According to the OSI model (Open Systems Interconnection), a conceptual model of the structure, technology and interactions of systems, we can define layers, or kinds, of security. What does this security ecosystem include? 5THE 7 KINDS OF SECURITY
  • 6. Think of the post office getting mail from point A to point B reliably and without anyone tampering with the contents, but instead of bills and postcards, you’re dealing with data, and instead of houses and apartments, you’re dealing with computers and networks. Denial-of-service attacks also occur here, as well as man-in-the-middle attacks (bad guys trying to intercept the data between point A and point B). This is the lowest layer where the hardware shares the same physical, real-world space as the user. This is where we put locks on doors to keep systems safe. At this layer, the data is just one level above the bare metal and silicon of the hardware. Here, the data moves from software to hardware and back. Security at this layer keeps the traffic going and the data where it’s supposed to be. Think traffic control, speed limits, detours and stop signs. This is where network addressing, routing and other traffic control take place. Security at this layer protects against flooding attacks and sniffing or snooping attacks to keep criminals from accessing logins and passwords sent over the network. PHYSICAL1. 2. 3. 4. DATA LINK NETWORK TRANSPORT 7 KINDS OF SECURITY 6THE 7 KINDS OF SECURITY What are the 7 layers in this security ecosystem?
  • 7. 7 KINDS OF SECURITY 7THE 7 KINDS OF SECURITY This represents the continuous exchange of information in the form of multiple back-and-forth transmissions. The session layer controls the dialogues (connections) between computers. Examples of attacks are denial-of-service and spoofing. The presentation layer is just below the application layer and transforms data into the form that the application accepts.  For instance, feed HTML code to a web browser, and you’ll get a webpage. Give it to your phone’s texting application, and you’ll get a lot of computer text that makes no sense to your friend. This is the layer closest to the end user and the most troublesome these days. Commonly, web browsers and email clients are attacked at this layer. It’s how people interact with computers and devices. SESSION5. 6. 7. PRESENTATION APPLICATION What are the 7 layers in this security ecosystem? (continued)
  • 8. HUMAN DATA LINK APPLICATION PRESENTATION NETWORK PHYSICAL SESSION TRANSPORT What does this security ecosystem look like? 8THE 7 KINDS OF SECURITY
  • 9. THE 7 KINDS OF SECURITY 9 Each layer is vulnerable to direct and indirect attacks. The layers must be continually adjusted so the ecosystem is protected and the attack surface is minimized, without blocking the normal flow of business. These layers represent how systems, software and networks interact and contribute to the attack surface (attack surface — the areas where attacks can occur). 1PHYSICAL 2DATA LINK 3NETWORK LAYER 4TRANSPORT 5SESSION 6PRESENTATION 7APPLICATION ATTACKS ATTACKS
  • 10. THE 7 KINDS OF SECURITY 10 As it turns out, seven is an important number. The seventh layer, the application layer, is the growing risk in this layer cake of potential insecurity. Addressing this risk is not an easy task as application security requires protecting all applications through design, development, upgrade and maintenance. The prevalence of applications means security ecosystems are stressed. 0101010101 10101010101 0101010101 10101010101 APPLICATION LAYER 1 2 3 4 5 6 7
  • 11. 11THE 7 KINDS OF SECURITY If you remove one piece or restrict resources, or if a piece fails, the entire ecosystem can become unstable or insecure. This adjustment requires a good understanding of the interaction between the layers, the resources needed and the balance required to maintain security and protect the whole. HUMAN DATA LINK PRESENTATION NETWORK PHYSICAL SESSION TRANSPORT ?
  • 12. 12THE 7 KINDS OF SECURITY The newness and very nature of how Internet- enabled applications work, making it possible for companies to interact effectively and efficiently with the outside world, also mean they are at greater risk of cyberattacks. Which is why web and mobile applications currently account for more than a third of data breaches. Source: 2014 Verizon Data Breach Investigations Report ****** WEB + M OBILEAPPS DAT A BREACH 35%
  • 13. THE 7 KINDS OF SECURITY 13 According to Akamai’s “State of Internet Security” report, “application-layer attacks are growing much more rapidly than infrastructure attacks.” Unfortunately, with companies in all industries relying more and more on applications as a source of innovation and business efficiencies, attacks against the application layer will only continue to grow. We can already see it in the growth of application-based vulnerabilities on the web. Consider that in 2014… RESULTING IN MORE THAN personal or financial records stolen 450 Million THERE WERE 8 MAJOR BREACHES THROUGH THE APPLICATION LAYER
  • 14. According to Risk Based Security’s VulnDB for 2015, there have been… WERE CONSIDERED HIGH SEVERITY BY THEIR CVSSv2 SCORE Common Vulnerability Scoring System 291 595 198 18 reported new web application vulnerabilities HAD NO KNOWN SOLUTION OR PATCH THE VENDOR DIDN’T EVEN BOTHER TO RESPOND THE 7 KINDS OF SECURITY 14 OF THE 595 REPORTED
  • 15. Four real-world breaches… 1 2 3 4 THE 7 KINDS OF SECURITY 15 TalkTalk was breached through a common SQL injection vulnerability. The breach resulted in the theft of names, addresses, birthdays and financial information for potentially all of the company’s 4 million customers. Target was breached through a sophisticated attack-kill chain, which included exploiting a vulnerability in a web application used to interface with vendors. The breach resulted in the theft of data, including names, email addresses, credit card information, mailing addresses and phone numbers, for 70 million customers. JPMorgan Chase was breached through a web application built and hosted by a third- party developer. The web application was deemed non-business critical because it promoted a charitable road race and was not related to business activities. The breach resulted in the records of 76 million households and 7 million businesses being stolen. Community Health was breached through a software component with a well-publicized vulnerability. The insurance company was unable to find all instances of the com- ponent in its application ecosystem and, as a result, could not patch the vulnerability. The breach resulted in more than 4 million patient records lost.
  • 16. THE 7 KINDS OF SECURITY 16 This is old-world thinking. The idea that lower layer security measures protect higher layers simply isn’t true. Many organizations assume that their existing security measures, such as network security, firewalls, intrusion detection systems or data leakage prevention tools, protect them from application-layer attacks. NETWORK SECURITY, FIREWALLS OR INTRUSION DETECTION DO NOT STOP APPLICATION-LAYER ATTACKS ATTACKS ATTACKS ORGANIZATION THE REALITY
  • 17. THE 7 KINDS OF SECURITY 17 According to research by Picus Security, which tests live exploits against various infrastructure protection devices for security effectiveness… of the last 24 months of exploits WITHOUT SPECIFIC APPLICATION DEFENSES IN PLACE of the last 24 months of exploits WITH SPECIFIC APPLICATION DEFENSES IN PLACE 18–43% 72–96% An organization will only stop vs
  • 18. THE 7 KINDS OF SECURITY 18 … are the stuff of which ulcers are made. If it wasn’t already apparent, applications may be the invading species in the world’s backyard. They’re growing faster than kudzu too. If you’re like most people, phrases like: “major breaches” “high severity” “no known solution” “didn’t have a vendor response” “only stop 18% to 43%”
  • 19. E! FRAGILE! FRAGILE! FRAGIL AGILE! FRAGILE! FRAGILE! FRAGILE! FRAG THE 7 KINDS OF SECURITY 19 Since applications tend to tie together multiple systems across the network and across many types of users, application security requires more focus and attention than it has received in the past as it impacts every layer of the security ecosystem. A security ecosystem is fragile by default. Its optimal functioning depends on a delicate balance of controls, interactions and vulnerabilities.
  • 20. THE 7 KINDS OF SECURITY 20 While both perspectives are important, applications present a more alarming reality because they often face attacks that have no patch. This necessitates thoroughly researching applications that will be purchased from third parties, or addressing application design and security at the software development phase. The introduction of application security shifts the focus from general vulnerability management to proactively reducing specific vulnerabilities in applications. Proactive Reduction of Specific Vulnerabilities General Vulnerability Management
  • 21. When a major shift is introduced to an ecosystem, like dropping a python in a mouse cage, or like adding Internet-facing applications, it will be difficult to find harmony again. It’s encumbent on a business to assess how to adjust the seven types of security in the environment to reduce risk. Every interaction matters to the attack surface, and applications bring many more and new types of interactions on all layers. Introducing application security addresses these interactions and benefits the entire security ecosystem, on every layer. CONCLUSION THE 7 KINDS OF SECURITY 21 LEARN MORE How Application Security Fits into the Security Ecosystem LOVE TO LEARN ABOUT APPLICATION SECURITY? Get all the latest news, tips and articles delivered right to your inbox.