Topic: Introduction to Cyber Security

Presented By:

Rakib Hossen
Lecturer and Chairman (Acting)
Dept. of Cyber Security Engineering (CySE), BDU
 What is security?
• In general, security is “the quality or state of being
secure—to be free from danger.”
• A successful organization should have the following
multiple layers of security:-
 Physical security
 Personnel security
 Operations security
 Communications security
 Network security
 Information security
 What is Cyber security
 We can divide cybersecurity into two parts:
 Cyber: refers to the technology that includes systems,
networks, programs, and data.
Security: means the protection of systems,
networks, applications, and information.

• Also called electronic information security or information

technology security.
 What is Cyber security
 Cyber security is the protection of internet-connected
systems such as hardware, software and data from cyber
threats

 Cyber security is the practice of protecting systems,

networks, and programs from cyber attacks and
unauthorized access

 The technique of protecting internet-connected systems

such as computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks is
known as cyber security
 What is Cyber security
 "Cyber Security is the body of technologies, processes, and
practices designed to protect networks, devices,
programs, and data from attack, theft, damage,
modification or unauthorized access.“

 "Cyber Security is the set of principles and practices

designed to protect our computing resources and online
information against threats."
 History of Cyber security
• 1968, Maurice Wilkes discusses password security in Time-
Sharing Computer Systems.

• 1975, The Federal Information Processing Standards (FIPS)

examines Digital Encryption Standard (DES) in the Federal
Register.

• 1979, Dennis Ritchie publishes “On the Security of UNIX” and

“Protection of Data File Contents,” discussing secure user IDs
and secure group IDs, and the problems inherent in the systems.

• Today, the Internet brings millions of unsecured computer

networks into continuous communication with each other.
Three Pillars of Cyber security
The Cyber security Process
Five major Elements of Cyber Security
 Cyber Security Goals
The objective of Cyber Security is to protect information from
being stolen, compromised or attacked. Cyber Security can
be measured by at least one of three goals-

 Protect the confidentiality of data.

 Preserve the integrity of data.
 Promote the availability of data
for authorized users.
 Why Does Cyber security Matter?
 Protecting sensitive information
 Defending against cyber threats
 Maintaining the security of critical infrastructure
 Ensuring business continuity
 Enhancing network security
 Collaborating with security analysts
 Adhering to regulatory compliance
 Addressing insider threats
 Evaluating and implementing Cyber Security solutions
 Principles of Cyber Security (CIA Triad)
 Cyber Security's main objective is to ensure data protection.
 The security community provides a triangle of three related
principles to protect the data from cyber-attacks. This
principle is called the CIA triad.

Figure 1.1 Taxonomy of security goals

What are the key goals of Cyber security?
CIA Triad(Con..)
 Confidentiality
 Confidentiality is probably the most common aspect of information
security.
 It also equivalent to privacy and avoids the unauthorized
disclosure of information
 We need to protect our confidential information.
 It involves the protection of data, providing access for those who
are allowed to see it while disallowing others from learning
anything about its content.
 It prevents essential information from reaching the wrong people
while making sure that the right people can get it.
Tools for Confidentiality
 Integrity
 Information needs to be changed constantly. Integrity means

that changes need to be done only by authorized entities and

through authorized mechanisms.

 Integrity refers to the methods for ensuring that data is real,

accurate and safeguarded from unauthorized user modification.

 It is the property that information has not be altered in an

unauthorized way, and that source of the information is genuine.

Tools for Integrity
 Availability
 The information created and stored by an organization needs
to be available to authorized entities.
 Information needs to be constantly changed, which means it
must be accessible to authorized entities.
Tools for Availability
 Physical Protections
 Computational Redundancies
 Authentication
Verifying the identity of users or systems to ensure they are
who they claim to be.
 Authorization
Granting or denying access to resources based on a user’s
permissions or privileges limits what actions they can perform.
 Non Repudiation
Providing proof that a specific action or transaction occurred,
makes it difficult for individuals to deny their involvement.
Why is cyber security important?
 Cyber Security for business:
Here are the 11 key advantages of Cyber Security for business:

 Protects personal data

 Helps preserves reputation
 Enhances productivity
 Assists the remote workspace
 Regulation compliance
 Improves cyber posture
 Better data management
 Helps educate and train the workforce
 Helps maintain trust and credibility
 Streamline access control
 Supports the IT team
 What are the benefits of cyber security?
The benefits of implementing and maintaining cyber security practices include:

 Business protection against cyber-attacks and data breaches.

 Protection for data and networks.

 Prevention of unauthorized user access.

 Improved recovery time after a breach.

 Protection for end users and endpoint devices.

 Business continuity.

 Regulatory Compliance.

 Improved confidence in the company’s reputation and trust for developers,

partners, customers, stakeholders, and employees.

 Cyber security vendors and tools
Vendors in the cyber security field typically offer a variety of security
products and services. Common security tools and systems include:
 Identity and access management (IAM)
 Firewalls
 Endpoint protection
 Antimalware/Antivirus
 Intrusion prevention/detection systems (IPS/IDS)
 Data loss prevention (DLP)
 Endpoint detection and response
 Security information and event management (SIEM)
 Encryption tools
 Vulnerability scanners
 Virtual private networks (VPNs)
 Cloud workload protection platform (CWPP)
 Cloud access security broker (CASB)
What are the career opportunities in cyber security?
 Types of Cyber Security
 Network Security: secure a computer network from unauthorized access, intruders,
attacks, disruption, and misuse.
 Application Security: Protecting the software and devices from unwanted threats.
 Information or Data Security: maintain the integrity and privacy of data, both in
storage and in transit.
 Identity management: It deals with the procedure for determining the level of
access that each individual has within an organization.
 Operational Security: It involves processing and making decisions on handling and
securing data assets.
 Mobile Security: securing the organizational and personal data stored on mobile
devices such as cell phones, computers, tablets, and other similar devices against
various malicious threats.
 Cloud Security: protecting the information stored in the digital environment or
cloud architectures for the organization.
 What is Cyber Crime?
• Cybercrime means the use of a computer as an instrument to
further illegal ends, such as committing fraud, trafficking in
child pornography and intellectual property, stealing
identities, or violating privacy.
It Includes:
Illegal access
Illegal Interception
System Interference
Data Interference
Misuse of devices
Fraud
Types of Cyber Crime?
 What is Cyber Attack?
• A threat in cybersecurity is a malicious activity by an
individual or organization to corrupt or steal data,
gain access to a network, or disrupt digital life.

• Common Cyber attacks are:

 Hacker
• A hacker is a person who breaks into a computer system.
• The reasons for hacking can be many: installing malware,
stealing or destroying data, disrupting service, and more.
• Hacking can also be done for ethical reasons, such as trying to
find software vulnerabilities. so they can be fixed. Some
common types of hacker are:
Why Cyber Security?
 How to ensure Cyber Security
1. User education: Human error is the leading cause of data breaches.
Therefore, you must equip staff with the knowledge to deal with the
threats they face.
2. Application security: Web application vulnerabilities are a common
point of intrusion for cybercriminals.
3. Network security: Network security is the process of protecting the
usability and integrity of your network and data. This is achieved by
conducting a network penetration test, which assesses your network for
vulnerabilities and security issues.
4. Leadership commitment: Leadership commitment is key to cyber
resilience. Without it, it is tough to establish or enforce effective
processes.
5. Password management: Almost half of the UK population uses
‘password’, ‘123456’ or ‘qwerty’ as their password. You should implement
Thank You