What is Cyber Security?

Cyber or Computer Security is the

protection of computing systems and
the data that these systems store or access.

These systems include:

PC’s
Laptops
SmartPhones
Mobile Devices
Printers
 Why is Computer Security
Important?
Computer Security allows the City of Albuquerque to carry out
its mission by:

• Enabling staff to carry out their jobs,

• Decreases the threat of current and future vulnerabilities
• Supporting critical business processes
• Protecting personal and sensitive information
Why do I need to know about Cyber
Security?
It is estimated that 10% of security safeguards are technical in nature.
Firewalls and Intrusion Detection devices are a few devices that can
help prevent approximately 10% of security threats.

The additional 90% of safeguards rely on each of us. By understanding

Click to add text
and adhering to these safeguards, we can reduce or eliminate most
cyber security threats.

Example: Locking your car doors is the 10%. Making sure nothing of
value is left on the seat, windows are rolled up and parking in a safe
area account for the remaining 90%.
The CIA of Cyber Security
There are many reasons why you should protect the
information you use on your computer.

Confidential: Ensuring that your information remains confidential and

only those who should access that information, can
Integrity: Knowing that no one has been able to change your
information, so you can depend on its accuracy
(information integrity)
Availability: Making sure that your information is available when
you need it (by making back-up copies and, if
appropriate, storing the back-up copies off-site)
What does this mean to me?

This means that everyone who uses a computer or

mobile device needs to understand how to keep
their computer, device and data secure.

Information Technology Security is Everyone’s responsibility

Questions Module 1:
Introduction to Cyber Security
Question #1: Computer Security allows us to:

A. Enable staff to carry out their jobs,

B. Decrease the threat of current and future vulnerabilities
C. Support critical business processes
D. Protect personal and sensitive information
E. All of the above
Questions Module 1:
Introduction to Cyber Security
Question #1: Computer Security allows us to:
The Answer is E, All of the above

Computer Security allow us to:

A. Enable staff to carry out their jobs,

B. Decrease the threat of current and future vulnerabilities
C. Support critical business processes
D. Protect personal and sensitive information
E. All of the above
 Questions Module 1:
Introduction to Cyber Security
Question #2: The Integrity of information means:

A. Ensuring that your information remains confidential and only those who
should access that information, can
B. Knowing that no one has been able to change your information, so you
can depend on its accuracy.
C. Making sure that your information is available when you need it (by
making back-up copies and, if appropriate, storing the back-up copies
off-site)
 Questions Module 1:
Introduction to Cyber Security
The answer is B. Knowing that your information has not been
changed.

Confidential: Ensuring that your information remains confidential

and only those who should access that information, can
Integrity: Knowing that no one has been able to change your
information, so you can depend on its accuracy.
Availability: Making sure that your information is available when you
need it (by making back-up copies and, if appropriate, storing the
back-up copies off-site)
This concludes Module 1: Introduction to Cyber Security

Continue on to module 2: Sensitive Data

Module 2 will provide information on Personal Identifiable
Information or PII and best practices in protecting this data
from theft.
 Cyber security

• It is the practice of defending computers, servers, mobile devices, electronic

systems, networks, and data from malicious attacks.

• It's also known as information technology security or electronic information

security.

• The term applies in a variety of contexts, from business to mobile computing,

and can be divided into a few common categories.

• Network security is the practice of securing a computer

network from intruders, whether targeted attackers or
opportunistic malware.
• Application security focuses on keeping software and
devices free of threats. A compromised application could
provide access to the data its designed to protect. Successful
security begins in the design stage, well before a program or
device is deployed.
• Information security protects the integrity and privacy of data,
both in storage and in transit

• Operational security includes the processes and decisions for

handling and protecting data assets. The permissions users have
when accessing a network and the procedures that determine how
and where data may be stored or shared.

• Disaster recovery and business continuity define how an

organization responds to a cyber-security incident or any other
event that causes the loss of operations or data. Disaster recovery
policies dictate how the organization restores its operations and
information to return to the same operating capacity as before the
event. Business continuity is the plan the organization falls back on
while trying to operate without certain resources

• End-user education addresses the most unpredictable cyber-

security factor: people. Anyone can accidentally introduce a virus to
an otherwise secure system by failing to follow good security
practices. Teaching users to delete suspicious email attachments,
not plug in unidentified USB drives, and various other important
lessons is vital for the security of any organization.
 The scale of the cyber threat

• The global cyber threat continues to evolve at a rapid pace, with a rising
number of data breaches each year. A report by RiskBased
Security revealed that a shocking 7.9 billion records have been exposed by
data breaches in the first nine months of 2019 alone. This figure is more
than double (112%) the number of records exposed in the same period in
2018.

• Medical services, retailers and public entities experienced the most

breaches, with malicious criminals responsible for most incidents.

• Some of these sectors are more appealing to cybercriminals because they

collect financial and medical data, but all businesses that use networks can
be targeted for customer data, corporate espionage, or customer attacks.

• Governments across the globe have responded to the rising cyber threat
with guidance to help organizations implement effective cyber-security
practices.
 Types of cyber threats
• The threats countered by cyber-security are three-
fold:
1.Cybercrime includes single actors or groups
targeting systems for financial gain or to cause
disruption.
2.Cyber-attack often involves politically motivated
information gathering.
3.Cyberterrorism is intended to undermine electronic
systems to cause panic or fear.
So, how do malicious actors gain control of computer systems?

Here are some common methods used to threaten cyber-security:

Malware:

• Malware means malicious software. One of the most common cyber

threats, malware is software that a cybercriminal or hacker has created
to disrupt or damage a legitimate user’s computer.

• Often spread via an unsolicited email attachment or legitimate-looking

download, malware may be used by cybercriminals to make money or
in politically motivated cyber-attacks.

There are a number of different types of malware, including:

Virus: A self-replicating program that attaches itself to clean

file and spreads throughout a computer system, infecting files
with malicious code.
Trojans: A type of malware that is disguised as legitimate
software. Cybercriminals trick users into uploading Trojans
onto their computer where they cause damage or collect
data.
Spyware: A program that secretly records what a user
does, so that cybercriminals can make use of this
information. For example, spyware could capture credit card
details.
Ransomware: Malware which locks down a user’s files and
data, with the threat of erasing it unless a ransom is paid.
Adware: Advertising software which can be used to spread
malware.
Botnets: Networks of malware infected computers which
cybercriminals use to perform tasks online without the
user’s permission.
• Encryption is the process of converting normal message (plaintext)
into meaningless message (Ciphertext). Whereas Decryption is the
process of converting meaningless message (Ciphertext) into its
original form (Plaintext).
• Encryption is a security method in which information is encoded in
such a way that only authorized user can read it. It uses encryption
algorithm to generate ciphertext that can only be read if decrypted.

There are two types of encryptions schemes as listed below:

• Symmetric Key encryption
• Public Key encryption
Symmetric key encryption algorithm uses same cryptographic keys for
both encryption and decryption of cipher text.
Public key encryption algorithm uses pair of keys, one of which is a
secret key and one of which is public. These two keys are
mathematically linked with each other.