Scribd
Upload
58 views

Class Slides - Cyber Security

This document discusses emerging issues in cybersecurity. It explores existing and emerging cybersecurity threats, how cybersecurity is implemented in practice based on frameworks like the CIA triad and AAA models, and how cybersecurity fits into business planning through risk analysis and treatment. Activities are included throughout to apply the concepts.

Uploaded by

Unknown person
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
58 views

Class Slides - Cyber Security

This document discusses emerging issues in cybersecurity. It explores existing and emerging cybersecurity threats, how cybersecurity is implemented in practice based on frameworks like the CIA triad and AAA models, and how cybersecurity fits into business planning through risk analysis and treatment. Activities are included throughout to apply the concepts.

Uploaded by

Unknown person
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 24

Emerging Technology

Cyber Security
Today’s Learning Outcomes

Explore existing and emerging threats in cybersecurity

Critically assess how cybersecurity is implemented in


practice

Analyse how cybersecurity fits with business planning


1. Existing and Emerging Threats - Increasing

Web-based
attacks Botnets

Data
Breaches
1. Existing and Emerging Threats - Stable

Physical Web App


Damage Attacks
1. Existing and Emerging Threats - Decreasing

Insider
Threat Ransomware
1. Existing and Emerging Threats – More Specific

AI IoT Blockchain
• Data • Outdated • 51% Attacks
Poisoning hardware and • Social
• Model software Engineering
Theft • Credentials • Cryptojackin
• Is a device g
affected?
1. Existing and Emerging Threats – AI Uses

Faster threat detection


Better tracking of user actions
Better context response
1. Existing and Emerging Threats – Activity

Based on an organisation of your choice or on research:

(a) Identify what you consider to be the THREE most pressing


cybersecurity threats at this time.

(b) In general terms, what do you consider to be the best means of


addressing each of these threats?
2. Cybersecurity in Practice

UK Government
• National Cybersecurity Strategy (2016)
• Cyber Assessment Framework

EU
• Network and Information Systems (NIS) regulations

ISO
• ISO 27001 / ISO 27002
2. Cybersecurity in Practice – CIA Triad

Source: IBM, 2018. The CIA triad. [image] Available at: <https://www.ibm.com/blogs/cloud-computing/2018/01/16/drive-compliance-cloud/>
2. Cybersecurity in Practice – CIA Triad

Confidentiality
• Cryptography
• Access Control

Integrity
• Hashing Algorithms
• Digital Signatures

Availability

• Maintenance and Patching


• Backup and Redundancy
https://whatis.techtarget.com/definition/Confidentiality-integrity-and-
availability-CIA
2. Cybersecurity in Practice – AAA

Authentication
• Something you KNOW, HAVE, ARE, DO

Authorisation
• Privilege Escalation / Creep
• Shared Accounts
• No Separation of Duties

Accounting
• ICO Data processing requirements
• Forensics, Investigations, Disclosure
2. Cybersecurity in Practice – The Reality

Speed Cost

Time Convenience
2. Cybersecurity in Practice – Activity

Increasingly, the CIA triad is open to criticism. Based on your


professional experience or research:

(a) What do you think might be TWO possible criticisms of this


approach?

(b) The model gives equal weight to each of the three aspects
(Confidentiality, Integrity, Availability). In your opinion, is this
approach accurate?
Break Time

If you have not done it yet, please do your Apply activity


and post it in the forum during the break!
3. Cybersecurity and Business Planning

https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en
3. Cybersecurity and Business Planning – Risk
Rating

Likelihood Consequence

Risk Rating
3. Cybersecurity and Business Planning – Risk
Rating

M. K. Gugerty, D. Karlan, The Goldilocks Challenge: Right Fit Evidence for the Social Sector, New York, Oxford University Press, 2018.
3. Cybersecurity and Business Planning - Treatment

Avoidance Transference Mitigation

Reduce
Acceptance Impact /
Likelihood
3. Cybersecurity and Business Planning - Treatment
3. Cybersecurity and Business Planning

Evolve IP - Europe. 2022. Disaster Recovery Plan Template | Evolve IP. [online] Available at: <https://www.evolveip.uk/lp/disaster-recovery-plan-template>
3. Cybersecurity and Business Planning - Activity

A range of approaches are used to determine risk analysis.


These include quantitative, qualitative and hybrid approaches.

From your professional experience or research:

(a) Outline and describe ONE risk analysis approach that


you are familiar with.

2. What, in your view, is ONE advantage of this approach, and


ONE disadvantage?
Next Steps

1. We have examined a number of existing and emerging cybersecurity


threats in both general terms and in specific sectors, and looked at some of
the operational and contextual issues surrounding cybersecurity

2. We have assessed the existing frameworks for cybersecurity from the top
level down to practical implementation, and set out a number of ways in
which organisations can assure cybersecurity

3. We have examined how cybersecurity is integrated into business,


contingency and disaster recovery planning.
Emerging Technology

Cyber Security

You might also like