Cybersecurity and Privacy Laws

Common Internet Vulnerabilities

• Hacking: unauthorised access to systems or data
• Denial of Service (DoS) attack: flooding a system with traffic to make it unavailable
• Phishing: tricking users into revealing sensitive information
• Malware infection: installing harmful software on IT systems
• Identity theft: stealing personal information to impersonate victims

Internet and Privacy Laws

• Cybersecurity Act Laws 2018 (CSA): regulates cybersecurity in Singapore
• Computer Misuse Act (CMA): criminalises unauthorised access to computer systems
• Personal Data Protection Act 2012 (PDPA): protects personal data in Singapore
• Corporate Governance: ensures accountability in organisations
• Protection from Online Falsehoods and Manipulation Act (POFMA): combats online falsehoods

Principles of Information Security

Confidentiality

• Ensures only authorised users have access to information

Integrity

• Protects information from unauthorised access, ensuring trustworthiness and accuracy

Availability

• Ensures information is accessible to authorised users when needed

Authentication

• Verifies the identity of individuals

Non-Repudiation

• Ensures individuals cannot deny involvement in a transaction or communication

Goals of Information Security

• Prevent data theft
• Prevent identity theft
• Maintain productivity
• Counter cyber terrorism

Difficulties in Defending Against Attacks

• Universally connected devices make attacks easier
• Increased speed of attacks
• Greater sophistication of attacks
• Availability and simplicity of attack tools
• Faster detection of vulnerabilities
• Delays and weak patching
• Distributed attacks
• User confusion

Types of Hackers

• White Hat: ethical hackers
• Black Hat: malicious hackers
• Gray Hat: hackers with mixed intentions
• Elite Hackers: highly skilled hackers
• Script Kiddies: amateur hackers using existing tools
• Hacktivist: hackers with a political or social agenda
• Cyber-Terrorist: hackers with malicious intent

Goals of Cyber Terror Attacks

• Deface websites and spread misinformation
• Deny services to legitimate users
• Commit unauthorised intrusions and corruption of data

5 Key Features of the Internet

• A network of networks
• Controlled by no one
• Allows efficient communication between organisations
• Robust architecture
• Geographically distributed with universal access

Differences Between Computer Worms and Viruses

Computer Viruses

• Can replicate themselves
• Need a carrier to infect computers
• Infect files (programs or data)
• Require human action to spread
• Cannot be remotely controlled

Computer Worms

• Can spread and replicate on their own
• Do not require a carrier to infect computers
• Can spread without human action
• Can be remotely controlled

Trojan Horse

• Creates a backdoor for remote control
• Does not replicate itself
• Must be installed by an unwitting user

Botnet Herder

• Controls a botnet (group of infected computers)
• Can command zombies to participate in a coordinated attack

Logic Bomb

• Malicious code that activates at a specific point
• Can be used to destroy data or disrupt systems