Perspektiv på IT och säkerhet

Three perspectives (information security)

- Society

- Organizations

- Individuals

BCP priorities

1. Safety

2. Continuity of critical business operations

3. Continuity of components

DRP

1. Threat analysis

2. Impact scenarios

3. Recovery requirement documentation

Disaster recovery steps

1. Ensure everyones safety

2. Respond to the disaster before recovery

3. Follow DRP

Validating DRP

- Checklist test

- Structured walk-through

- Simulation test

- Parallel test

- Full interruption test

Risk factors (of attack)

1. Outdated software and systems

2. Human error and lack of training

3. Weak passwords and poor access control

4. Unsecure networks and IoT devices

Best practices (to prevent attacks)

- Regular software updates

- Multi-factor authentication

- Network segmentation

- Secure backups

- Endpoint protections and firewalls

Evidence types (forensics)

- Real evidence (physical)

- Documentary evidance

- Testimonial evidence

- Demonstrative evidance

Types of computer crimes

- Identity theft

- Exfiltrating data

- Cyberstalking/harassment

- Online fraud

- Nonaccess computer crimes

- Cyberterrorism

Forensic methodologies (principles)

- Minimize original data handling

- Enforce the rules of evidence

- Do not exceed your knowledge

- Develop an analysis plan first

- Consider data volatility

DFIM - Digital Forensic Invstigation Model

- Acquiring evidence

- Authenticate evidence

- Analyzing evidence

DFRWS - Digital Forensic Research Workshop

- Identification

- Preservation

- Collection

- Examination

- Analysis

- Presentation

ADFM - Abstract Digital Forensic Model

- Improved DFRWS

- Added Preparation, Approach strategy and Return of Evidence

CERIAS - Center for education and research in information assurance and security model

- The Readiness phase (subphase - Operations Readiness + Infrastructure Readiness)

- The Deployment Phase (subphase - Detection and notification + Confirmation and authorization)

- The Physical crimes scene investigation Phase

- The Digital crime scene investigation Phase

- The Presentation Phase

EU-förordningar

- GDPR

- NIS/NIS2

- Ai-förordningen

- CER-direktivet

- CRA

- CSL - Cybersäkerhetslagen

- DORA-förordningen

Threats

- Humans, Tech, Nature

- Internal + external

- Intentional + unintentional

- Directed + undirected

Aktörer (motiv)

- Stater + statsunderstödda aktörer

- Extremiströrelser

- Hackergrupperingar

- Terroristorganisationer

- Ensamagerande

- Insiders

NIST cybersecurity framework (CSF)

- Govern

- Identity

- Protect

- Detect

- Respond

- Recover

Digital kryptering

- TLS

- HTTPS

- VPN

- DNSSEC

- SIMIME

- WPA2 + WPA3

System Card

1. Cyberkapacitet

2. Biologi och kemi

3. Agentiskt riskbeteende

4. Strategisk manipulation

5. Aggresivt affärsbeteende

Vad gör LLM bra på sårbarhetsforskning?

1. Verifierarens lag

2. Agentisk loop

3. Reasoning + execution

Nya hot

- Patch paradoxen skärps

- Disclosure modellen skärps

- Industriell exploit-produktion

- Sandbox-breakout + spårdöljning

- Vendor Fatigue

God praxis

- Real time vulnerability response

- Defensiv AI i lockstep

- Anta att patchen är advisory

- Cyber essentials först

- Hot modellering för AI-assisterad angripare

- Responsible disclosure under press

Six accepted bases for processing (data protection)

- Consent (strictest basis, allows people to withdraw)

- Performance of a contract

- Compliance with a legal obligation

- Protect the vital interest

- Public interest

- Legitimate interest (greatest latitude)

Recipratory effects

- The individual effects

- The Dyadic effect

- Social Perception (Mutuality, Congruence, Accuracy)

Taxonomy for risk assessment

- Assets (Cyber, Cyber physical, Physical)

- Risk management (Threat, Vulnerabilities, Controls)

- Attacker motivation (Political, Socio-cultural, Economic, Thrill seeking)

7 domains of IT infrastructure

1. User domain

2. Workstation

3. LAN

4. LAN-to-WAN

5. WAN

6. Remote Access

7. System/Application