CYBER - SECURITY

SESSION ONE
What is cyber - security
• Cyber Security is a set of processes, technologies, and methods to
protect servers, computers, networks, electronic systems, data, and
mobile devices from unauthorized access through malicious attacks.
• Securing the availability, confidentiality, and integrity of an
organization’s digital assets and software against internal or
external threats is the primary objective of cyber security.
• Cyber security sometimes has been referred to as information
technology security or information security (infosec for short).
What is cyber - security
Let us see some differences between cybersecurity and information
security.
• Information security (commonly known as InfoSec) refers to the
procedures and practices used by corporations to protect their data.
• This contains policy settings that prevent unauthorized people from
accessing company or personal data.
• Information security is a broader category that protects all information
assets, whether in hard copy or digital form.
• Information security is a fast-evolving and dynamic discipline that includes
everything, from network and security design to testing and auditing.
Types/categories of security
Network security is the practice of securing a computer network from intruders,
whether targeted attackers or opportunistic malware.
Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data its designed to
protect.
Information security protects the integrity and privacy of data, both in storage
and in transit.
Operational security includes the processes and decisions for handling and
protecting data assets. The permissions users have when accessing a network
and the procedures that determine how and where data may be stored or shared
all fall under this umbrella.
Types/categories of security
Disaster recovery and business continuity define how an organization responds to a
cyber-security incident or any other event that causes the loss of operations or data.
Disaster recovery policies dictate how the organization restores its operations and
information to return to the same operating capacity as before the event. Business
continuity is the plan the organization falls back on while trying to operate without
certain resources.
End-user education addresses the most unpredictable cyber-security factor: people.
Anyone can accidentally introduce a virus to an otherwise secure system by failing to
follow good security practices. Teaching users to delete suspicious email attachments,
not plug in unidentified USB drives, and various other important lessons is vital for the
security of any organization.
Threats and types of cyber threats

Cyber threats also refer to the possibility of a

successful cyber attack that aims to gain
unauthorized access, damage, disrupt, or steal
an information technology asset, computer
network, intellectual property or any other form
of sensitive data.
A threat can be anywhere between a minor bug
in a code to a complex cloud hijacking liability.
Threats and types of cyber threats

Malware simply put, malicious software,malware is software that a

cybercriminal or hacker has created to disrupt or damage a legitimate
user’s computer.
Virus A self-replicating program that attaches itself to clean file and
spreads throughout a computer system, infecting files with malicious
code.
Trojans A type of malware that is disguised as legitimate software.
Threats and types of cyber threats

Spyware A program that secretly records what a user does, so that

cybercriminals can make use of this information. For example, spyware
could capture credit card details.
Ransomware Malware which locks down a user’s files and data, with the
threat of erasing it unless a ransom is paid.
Adware Advertising software which can be used to spread malware.
Botnets Networks of malware infected computers which cybercriminals
use to perform tasks online without the user’s permission.
Threats and types of cyber threats

SQL injection An SQL (structured query language) injection is a type of cyber-attack

used to take control of and steal data from a database.
Phishing Phishing is when cybercriminals target victims with emails that appear to be
from a legitimate company asking for sensitive information.
Man-in-the-middle attack A man-in-the-middle attack is a type of cyber threat where
a cybercriminal intercepts communication between two individuals in order to steal
data. For example, on an unsecure WiFi network, an attacker could intercept data being
passed from the victim’s device and the network.
Denial-of-service attack A denial-of-service attack is where cybercriminals prevent a
computer system from fulfilling legitimate requests by overwhelming the networks
and servers with traffic. This renders the system unusable, preventing an organization
from carrying out vital functions.
What are these attacks/threats
Let us first categorize this attacks/threats into 3 main
categories.
Cybercrime includes single actors or groups targeting
systems for financial gain or to cause disruption.
Cyber-attack often involves politically motivated information
gathering.
Cyberterrorism is intended to undermine electronic systems
to cause panic or fear.
So who are these cybercriminals?
Black-Hat Hackers Black-hat hackers use fake identities to conduct
malicious activities for a profit.
Gray-Hat Hackers They work both with malicious intent and as legitimate
security analysts
White-Hat Hackers work as security analysts to detect and fix flaws and
protect against malicious hackers
Suicide Hackers They aim to openly bring down the critical infrastructure
for a social cause
Script Kiddies They are unskilled hackers who run scripts and software
created by more experienced hackers
So who are these cybercriminals?
Cyber Terrorists They create fear by disrupting large-scale computer
networks; motivated by religious or political beliefs
State-Sponsored Hackers They penetrate government networks, gain
top-secret information, and damage information systems; paid by a
hostile government
Hacktivists Promote political agendas by secretly defacing and disabling
websites
Aims and objectives of cyber
security
1. Protecting the Confidentiality of data

2. Preserving the Integrity of data

3. Restricting the Availability of data only to

authorized users
How to archieve these objectives
• Classifying the assets based on their importance and priority. The most
important ones are kept secure at all times.
• Pinning down potential threats.
• Determining the method of security guards for each threat
• Monitoring any breaching activities and managing data at rest and data in
motion.
• Iterative maintenance and responding to any issues involved.
• Updating policies to handle risk, based on the previous assessments.

All of the above aspects can be fit into 3 significant goals known
as the “CIA Triad”
What is the CIA Triad?

Confidentiality
Integrity
Availability
What is the CIA Triad?
The CIA Triad is a security model developed to ensure the 3 goals of
cybersecurity, which are Confidentiality, Integrity, and Availability of data
and the network.
The CIA Triad is a well-known, venerable model for the development of
security policies used in identifying problem areas, along with necessary
solutions in the arena of information security.
It guides an organization’s efforts towards ensuring data security.
We will now understand the CIA Triad in detials :
Confidentiality
The central idea behind the term confidentiality
in the CIA Triad. The CIA Triad ensures that the
data is only accessible by genuine authorized
users. It helps in preventing disclosure to
unintended parties who might exploit the privacy
of the user.
Methods to ensure Confidentiality
• Encryption of raw data
• Using biometrics for authentication
• Using Security Tokens
• Two way or multifactor authentication
Integrity
Integrity is making sure the data is unaltered
during the time of transmission and ensuring it
reaches the end-user in the correct form. It
maintains the consistency and reliability of data.
Methods to ensure Integrity
1. Making use of user access control to restrict
unauthorized modification of files.
2. Setting up backups to restore data during any
system failure.
3. Version control systems help to identify any
modification by tracing the logs.
Availability
Availability helps in delivering resources as and
when requested by the user without any
intervention like Denial of Service warnings.

Authorized persons or users should be capable

to access data whenever they require to do so. It
is a guarantee of trustworthy access to the
information or data by any authorized users.
Methods to ensure Availability
1. Installing firewalls, proxy servers during downtime.
2. Locating backups at geographically isolated
locations.
3. Upgrading all the necessary hardware system
4. Providing adequate communication bandwidth.
5. Fast and adaptive disaster recovery is essential
6. Existence of DRP( Disaster Recovery Plans)