WEBVTT

1
00:00:00.000 --> 00:00:03.120
In this lesson, we will learn about Modeling

2
00:00:03.120 --> 00:00:05.970
with an Existing System.

3
00:00:05.970 --> 00:00:10.140
Modeling with an existing IT system evaluates

4
00:00:10.140 --> 00:00:12.690
potential threats and vulnerabilities

5
00:00:12.690 --> 00:00:16.560
specific to the current organizational environment

6
00:00:16.560 --> 00:00:19.110
to determine what can be exploited

7
00:00:19.110 --> 00:00:21.930
and what security controls are necessary

8
00:00:21.930 --> 00:00:24.330
to mitigate vulnerabilities.

9
00:00:24.330 --> 00:00:27.840
This process starts with identifying threats

10
00:00:27.840 --> 00:00:31.650
that are particularly relevant to the existing system's

11
00:00:31.650 --> 00:00:34.050
architecture and operations.

12
00:00:34.050 --> 00:00:36.660
Then, based on this assessment,

13
00:00:36.660 --> 00:00:41.660
an organization can select appropriate mitigating controls.

14
00:00:41.730 --> 00:00:46.170
Mitigating controls may include multifactor authentication,

15
00:00:46.170 --> 00:00:50.610
or MFA, to protect against unauthorized access,

16
00:00:50.610 --> 00:00:54.000
deploying encryption to safeguard sensitive data,

17
00:00:54.000 --> 00:00:57.600
or setting up intrusion detection systems to monitor

18
00:00:57.600 --> 00:00:59.670
for suspicious activity.

19
00:00:59.670 --> 00:01:02.010
Let's learn more about modeling threats

20
00:01:02.010 --> 00:01:05.760
with an existing IT system in place.

21
00:01:05.760 --> 00:01:08.880
When evaluating threats to an organization

22
00:01:08.880 --> 00:01:12.330
with an existing IT system, it's essential

23
00:01:12.330 --> 00:01:15.780
to first understand how the current architecture

24
00:01:15.780 --> 00:01:17.880
and operations function.

25
00:01:17.880 --> 00:01:22.080
Every system has unique characteristics, from the software

26
00:01:22.080 --> 00:01:25.380
it uses to the way its hardware is configured.

27
00:01:25.380 --> 00:01:29.760
For instance, a company running a web-based platform

28
00:01:29.760 --> 00:01:32.490
might have a different risk profile

29
00:01:32.490 --> 00:01:35.940
than one relying on internal applications.

30
00:01:35.940 --> 00:01:40.140
So, by mapping out architecture and operations,

31
00:01:40.140 --> 00:01:44.220
as well as how components interact, organizations

32
00:01:44.220 --> 00:01:47.580
can identify potential vulnerabilities.

33
00:01:47.580 --> 00:01:51.570
This process reveals where a system might be weak

34
00:01:51.570 --> 00:01:55.530
and allows one to focus on security efforts

35
00:01:55.530 --> 00:01:57.750
in the right places.

36
00:01:57.750 --> 00:02:02.550
One key step in this process is identifying which threats

37
00:02:02.550 --> 00:02:07.140
are particularly relevant to the existing IT system.

38
00:02:07.140 --> 00:02:11.550
For example, if the system relies heavily on databases,

39
00:02:11.550 --> 00:02:13.980
then threats like structured query language

40
00:02:13.980 --> 00:02:18.540
or SQL injection attacks are a significant concern.

41
00:02:18.540 --> 00:02:21.930
In contrast, a system that interacts frequently

42
00:02:21.930 --> 00:02:26.130
with external users, such as an e-commerce website,

43
00:02:26.130 --> 00:02:29.460
might be more susceptible to cross site scripting

44
00:02:29.460 --> 00:02:32.730
or a distributed denial of service attacks.

45
00:02:32.730 --> 00:02:37.500
So understanding the architecture helps an organization

46
00:02:37.500 --> 00:02:39.960
pinpoint the types of attacks

47
00:02:39.960 --> 00:02:42.990
that could target the most vulnerable areas

48
00:02:42.990 --> 00:02:45.390
of the IT system.

49
00:02:45.390 --> 00:02:47.970
Next, with threats identified,

50
00:02:47.970 --> 00:02:51.900
the organization can begin thinking about the most effective

51
00:02:51.900 --> 00:02:55.410
controls to mitigate those threats.

52
00:02:55.410 --> 00:02:57.720
Mitigating controls are actions

53
00:02:57.720 --> 00:03:01.170
or technologies designed to reduce the risk

54
00:03:01.170 --> 00:03:03.180
of a security breach.

55
00:03:03.180 --> 00:03:08.070
For example, multifactor authentication protects against

56
00:03:08.070 --> 00:03:12.240
unauthorized access by requiring users to provide

57
00:03:12.240 --> 00:03:15.060
two or more forms of authentication

58
00:03:15.060 --> 00:03:18.720
before being granted access to the system.

59
00:03:18.720 --> 00:03:23.160
So, MFA can help secure sensitive systems,

60
00:03:23.160 --> 00:03:28.110
especially if employees are accessing the network remotely.

61
00:03:28.110 --> 00:03:32.280
Another effective mitigating control is encryption,

62
00:03:32.280 --> 00:03:35.520
which protects sensitive data from being accessed

63
00:03:35.520 --> 00:03:38.700
or read by unauthorized individuals.

64
00:03:38.700 --> 00:03:42.990
For example, if an organization handles customer payment

65
00:03:42.990 --> 00:03:47.070
information, encrypting that data, both when it's stored

66
00:03:47.070 --> 00:03:49.290
and when it's being transmitted,

67
00:03:49.290 --> 00:03:51.930
can prevent it from being stolen.

68
00:03:51.930 --> 00:03:55.860
Even if a hacker gains access to the system

69
00:03:55.860 --> 00:03:59.760
in this way, encryption ensures that even if the data

70
00:03:59.760 --> 00:04:03.750
is compromised, it is unusable without the correct

71
00:04:03.750 --> 00:04:05.430
decryption keys.

72
00:04:05.430 --> 00:04:09.960
Next, in cases where legacy systems are still in use,

73
00:04:09.960 --> 00:04:13.950
additional mitigating controls may be necessary

74
00:04:13.950 --> 00:04:17.160
due to the older supporting architecture.

75
00:04:17.160 --> 00:04:21.750
For instance, legacy systems often lack modern security

76
00:04:21.750 --> 00:04:25.200
features, making them vulnerable to attacks

77
00:04:25.200 --> 00:04:28.320
such as unpatched software vulnerabilities,

78
00:04:28.320 --> 00:04:31.290
and weak authentication mechanisms.

79
00:04:31.290 --> 00:04:34.980
In this scenario, an organization might deploy

80
00:04:34.980 --> 00:04:39.780
multi-factor authentication to strengthen access control

81
00:04:39.780 --> 00:04:42.540
and implement network segmentation

82
00:04:42.540 --> 00:04:46.020
to mitigate the non-availability of patches

83
00:04:46.020 --> 00:04:48.030
for the legacy system.

84
00:04:48.030 --> 00:04:52.860
Additionally, implementing encryption for both data at rest

85
00:04:52.860 --> 00:04:56.730
and data in transit can protect sensitive information

86
00:04:56.730 --> 00:05:00.330
both on and moving through the network.

87
00:05:00.330 --> 00:05:02.640
These measures provide several layers

88
00:05:02.640 --> 00:05:07.590
of defense against attacks targeting outdated systems.

89
00:05:07.590 --> 00:05:11.790
Next, intrusion prevention systems, or IPS,

90
00:05:11.790 --> 00:05:14.700
are another valuable mitigating control

91
00:05:14.700 --> 00:05:19.560
that can work alongside intrusion detection systems, or IDS.

92
00:05:19.560 --> 00:05:23.520
So while intrusion detection systems are focused on

93
00:05:23.520 --> 00:05:27.120
monitoring and alerting on suspicious activity,

94
00:05:27.120 --> 00:05:31.110
an intrusion prevention system goes a step further

95
00:05:31.110 --> 00:05:34.920
by actively blocking or preventing malicious activity

96
00:05:34.920 --> 00:05:37.140
once it has been detected.

97
00:05:37.140 --> 00:05:40.710
For example, if an attacker attempts to exploit

98
00:05:40.710 --> 00:05:43.740
a vulnerability in a legacy system,

99
00:05:43.740 --> 00:05:47.790
the intrusion prevention system can identify the malicious

100
00:05:47.790 --> 00:05:50.370
traffic and automatically block it

101
00:05:50.370 --> 00:05:53.220
before it reaches the system.

102
00:05:53.220 --> 00:05:58.110
This proactive approach helps stop threats in real time,

103
00:05:58.110 --> 00:06:00.810
preventing potential breaches.

104
00:06:00.810 --> 00:06:05.190
Now, the key to selecting the right mitigating controls

105
00:06:05.190 --> 00:06:10.190
is understanding the organization's unique risk landscape.

106
00:06:10.320 --> 00:06:13.920
Not all systems face the same types of threats

107
00:06:13.920 --> 00:06:16.560
and different controls will have varying levels

108
00:06:16.560 --> 00:06:20.490
of effectiveness depending upon the environment.

109
00:06:20.490 --> 00:06:24.540
Therefore, regular assessments of the system's architecture

110
00:06:24.540 --> 00:06:27.750
and operations are essential for ensuring

111
00:06:27.750 --> 00:06:30.600
that the correct controls are in place

112
00:06:30.600 --> 00:06:33.960
and up to date with emerging threats.

113
00:06:33.960 --> 00:06:37.500
So remember, when modeling threats

114
00:06:37.500 --> 00:06:40.680
to an existing IT system, it's important

115
00:06:40.680 --> 00:06:44.370
to first understand the current system's architecture

116
00:06:44.370 --> 00:06:48.540
and operations to identify vulnerabilities.

117
00:06:48.540 --> 00:06:52.920
Once threats specific to the system are identified,

118
00:06:52.920 --> 00:06:56.790
appropriate mitigating controls can be chosen.

119
00:06:56.790 --> 00:06:59.430
These controls may include actions

120
00:06:59.430 --> 00:07:03.300
like multi-factor authentication, encryption,

121
00:07:03.300 --> 00:07:07.080
and the placement of intrusion detection systems

122
00:07:07.080 --> 00:07:10.140
to protect against potential risks.

123
00:07:10.140 --> 00:07:13.920
Additionally, legacy systems may require additional

124
00:07:13.920 --> 00:07:18.510
protection due to their outdated security features.

125
00:07:18.510 --> 00:07:23.340
Finally, regular assessments of the IT system help ensure

126
00:07:23.340 --> 00:07:27.333
that controls are up to date and still effective.