Add to collection(s) Add to saved
  1. Engineering & Technology
Uploaded by centralsaggy

TVA Model Matrix (2)

advertisement 
IOD Cyber Security
Module 8
8.1
TVA Model Matrix
THREAT TYPES
ASSETS
Onsite
Banking
Terminals
Data Breach
Malware/Ransomware
- Unpatched software
- Physical security
weaknesses
- Insider Threats
- No Encryption
- Weak authentication
- Unpatched software
- Lack of endpoint protection
- Unauthorised software
installs
- Social engineering
- Lack of user
awareness/Training
- Poor Encryption
- Weak access
Client/Partn controls
er PII
- Insider threat
- Third-party risk
- Social engineering
- Phishing Attacks
- Malicious
attachments/download
- Unsecured communication
channels
- Weak endpoint security
- Insider threats
Insider Threats
DoS Attacks
Unauthorised Access
- Weak access controls
- Misuse of privilege
- Lack of monitoring/Auditing
- Insider collusion
- Insufficient employee
awareness
- Lack of traffic filtering
- Inadequate network
security
- Software vulnerabilities
- Insufficient system
resources
- Lack of DDoS mitigation
measures
- Insider threats
- Lack of access controls
- Software vulnerabilities
- Default/Weak passwords
- Poor physical security
- Unauthorised access
- Weak access controls
- Insider collusion
- Lack of monitoring
- Lack of awareness
- Lack if
redundancy/failover
systems
- Insufficient network
security
- Single points of failure
- Lack of load balancing
- Resource exhaustion
- Weak/Compromised user
credentials
- Insufficient access controls
- Insecure data
transmission/Storage
- Insider threats
- Third-party vulnerabilities
Payment
System
Data
- Insider threats
- Poor transmission
protocols
- Poorly secured
payment interfaces
(Web portals etc)
- Weak Authentication
- Ransomware attacks
- Unpatched software
- Insider threats
- Third-party risks
- Lack of network
segmentation
- Social engineering
- Unauthorised access
- Weak access control
- Insider collusion
- Lack of monitoring
- Insufficient employee
awareness
- Lack if
redundancy/failover
systems
- Insufficient network
security
- Single points of failure
- Lack of load balancing
- Resource exhaustion
- Weak authentication
mechanisms
- Insider threats
- Insufficient access controls
- Insecure
transmission/storage of data
- Third-party vulnerabilities
ATM
- Skimming devices
- Poor physical
security
- Malware attack
- Patch management
- Network
vulnerabilities
(Encryption)
- Unpatched software/OS
- Physical tampering
- Poor authentication
mechanisms
- No endpoint protection
- Insecure network
connections
- Unauthorised access
- Weak access control
- Insider collusion
- Lack of monitoring / Auditing
- Insider knowledge of
vulnerabilities
- Network connectivity
- Software vulnerabilities
- Physical attacks
- insufficient hardware
resources
- No intrusion
detection/monitoring
- Physical attacks
- Weak/Compromised user
credentials
- Software vulnerabilities
- Insufficient access controls
- Insider threats
Employees
- Weak password
management
- Insider threats
- Poor security
awareness/Training
- Improper handling of
sensitive data
- Insider collusion
- Phishing attacks
- Weak passwords
- Lack of security
awareness/training
- Unauthorised software
installs
- Insider threats
- Phishing / social
engineering
- Privileged access and misuse - Compromised
- Weak or shared credentials
credentials
- Lack of security awareness
- Insider threats
- Unauthorised data handling
- Lack of security
- Insider collusion
awareness
- Unauthorised physical
access
- Weak/Compromised
credentials
- Insider threats
- Lack of security awareness
- Unauthorised physical
access
- Insufficient access controls
8.2
Risk Analysis Matrix
IMPACT >
LIKELIHOOD
v
ASSETS
ATM
THREAT TYPES
Insider Threats
- Unauthorised access
- Weak access control
- Insider collusion
- Lack of monitoring /
Auditing
- Insider knowledge of
vulnerabilities
VA - (3)
R - (12)
- Unauthorised access
- Weak access control
- Insider collusion
Payment
- Lack of monitoring
System Data - Insufficient employee
awareness
VA - (4)
R - (16)
DoS Attacks
Unauthorised Access
Data Breach
Malware/Ransomware
- Network connectivity
- Software vulnerabilities
- Physical attacks
- insufficient hardware
resources
- No intrusion
detection/monitoring
VA - (3)
R - (15)
- Physical attacks
- Weak/Compromised user
credentials
- Software vulnerabilities
- Insufficient access controls
- Insider threats
VA - (4)
R - (16)
- Skimming devices
- Poor physical security
- Malware attack
- Patch management
- Network vulnerabilities
(Encryption)
VA - (4)
R - (20)
- Unpatched software/OS
- Physical tampering
- Poor authentication
mechanisms
- No endpoint protection
- Insecure network
connections
VA - (4)
R - (20)
- Lack if
redundancy/failover
systems
- Insufficient network
security
- Single points of failure
- Lack of load balancing
- Resource exhaustion
VA - (3)
R - (15)
- Weak authentication
mechanisms
- Insider threats
- Insufficient access controls
- Insecure transmission/storage
of data
- Third-party vulnerabilities
VA - (4)
R - (16)
- Insider threats
- Poor transmission protocols
- Poorly secured payment
interfaces (Web portals etc)
- Weak Authentication
- Ransomware attacks
VA - (4)
R - (20)
- Unpatched software
- Insider threats
- Third-party risks
- Lack of network
segmentation
- Social engineering
VA - (4)
R - (20)
Employees
- Privileged access and
misuse
- Weak or shared
credentials
- Lack of security
awareness
- Unauthorised data
handling
- Insider collusion
VA - (4)
R - (16)
- Unauthorised access
- Weak access controls
- Insider collusion
Client/Partner
- Lack of monitoring
PII
- Lack of awareness
VA - (4)
R - (16)
Onsite
Banking
Terminals
- Weak access controls
- Misuse of privilege
- Lack of
monitoring/Auditing
- Insider collusion
- Insufficient employee
awareness
VA - (4)
R - (16)
- Phishing / social
engineering
- Compromised credentials
- Insider threats
- Lack of security
awareness
- Unauthorised physical
access
VA - (3)
R - (15)
- Weak password
- Weak/Compromised
management
credentials
- Insider threats
- Insider threats
- Poor security
- Lack of security awareness
awareness/Training
- Unauthorised physical access - Improper handling of
- Insufficient access controls
sensitive data
VA - (4)
- Insider collusion
R - (16)
VA - (4)
R - (20)
- Phishing attacks
- Weak passwords
- Lack of security
awareness/training
- Unauthorised software
installs
- Insider threats
VA - (4)
R - (20)
- Lack if
redundancy/failover
systems
- Insufficient network
security
- Single points of failure
- Lack of load balancing
- Resource exhaustion
VA - (3)
R - (15)
- Weak/Compromised user
credentials
- Insufficient access controls
- Insecure data
transmission/Storage
- Insider threats
- Third-party vulnerabilities
VA - (4)
R - (16)
- Poor Encryption
- Weak access controls
- Insider threat
- Third-party risk
- Social engineering
VA - (4)
R - (20)
- Phishing Attacks
- Malicious
attachments/download
- Unsecured communication
channels
- Weak endpoint security
- Insider threats
VA - (5)
R - (25)
- Unpatched software
- Physical security
weaknesses
- Insider Threats
- No Encryption
- Weak authentication
VA - (4)
R - (20)
- Unpatched software
- Lack of endpoint
protection
- Unauthorised software
installs
- Social engineering
- Lack of user
awareness/Training
VA - (5)
R - (25)
- Lack of traffic filtering
- Inadequate network
security
- Software vulnerabilities
- Insufficient system
resources
- Lack of DDoS mitigation
measures
VA - (4)
R - (20)
- Insider threats
- Lack of access controls
- Software vulnerabilities
- Default/Weak passwords
- Poor physical security
VA - (5)
R - (20)
Appropriate Strategies / Controls
Insider Threats
Access Controls: Implement strict access controls to limit employees' access to
sensitive data and systems based on the principle of least privilege. This ensures
that employees only have access to the resources necessary for their job
responsibilities.
DoS Attack
DDoS Mitigation Services: Consider purchasing specialised Distributed Denial
of Service (DDoS) mitigation services offered by third-party vendors. These
services can detect and mitigate volumetric attacks by diverting traffic through
their infrastructure before it reaches the bank's network.
Unauthorised Access
Strong Authentication: Implement strong authentication mechanisms, such as
multi-factor authentication (MFA), to ensure that only authorised individuals can
access sensitive systems and data. This adds an additional layer of security
beyond username and password.
Data Breach
Network Segmentation: Segregate the network and critical systems, using
firewalls and access controls to restrict access to sensitive data. This minimises
the potential impact of a breach by limiting the attacker's lateral movement within
the network.
Malware/Ransomware
Antivirus/Anti-Malware Solutions: Deploy robust antivirus and anti-malware
software on all endpoints, servers, and network gateways. Regularly update the
software and run scheduled scans to detect and remove any malware or
ransomware.
Quantitative Risk
Analysis by Calculating Return on Investment (ROI)
Network Segmentation Cost: $100000
Data Breach Cost: $1,500,000
AV = $1,600,000
EF = 80%
SLE = $1600000 x 80% = $1,280,000
Data lost Incident per year (1 every 5 years) = 0.2
ALE = $1280000 x 0.2 = $256,000
ROI = $156,000
Related documents
ACcounting theory assignment #2
ACcounting theory assignment #2
What makes Pressure Group successful?
What makes Pressure Group successful?
Insider Trading
Insider Trading
Promotional Powerpoint
Promotional Powerpoint
Insider vs. Outsider Perspective, PSYC 245
Insider vs. Outsider Perspective, PSYC 245
Download
advertisement