Cybersecurity Engineering CSE210: Course Introduction

Questions and Answers

What is the primary focus of early cybersecurity efforts?

• Addressing process gaps in system operations.
• Managing unexpected user actions that lead to system outages.
• Handling rouge insider activities within organizations.
• Protecting against malicious and intentional threats to technology. (correct)

The rate of technological change is slowing down.

False (B)

What is a digital device?

Any electronic appliance that can create modify, archive, retrieve, or transmit information in an electronic format.

The transformation that gave rise to cybersecurity threats was mostly driven by one key factor: Internet connection speeds became ______, cheaper and more widely adopted, even in less economically developed countries.

faster

Match the following data states with their descriptions:

Data in Transit = Data being transferred from one location to another. Data in Storage = Data at rest, such as on a hard drive or in a database. Data in Process = Data being actively used or modified by a system.

Which of the following best describes cyberwarfare?

The use of technology to launch attacks on nations, governments, and citizens. (B)

The ability to hack or break into a computer system is the same as the ability to perform cybersecurity.

False (B)

What steps can a system administrator take to reduce vulnerability to cyber attack?

install anti-malware software, implement remote login procedures and make regular password changes.

Most of the major cybersecurity incidents are due to criminal, state or ______-led activities.

terrorist

Match the following hacker descriptions with the corresponding 'hat' color:

White hat = Breaks into systems with permission to discover weaknessess and improve security Gray hat = Compromises systems without permission and has no malicious intent Black hat = Takes advantage of any vulnerability for illegal personal, financial or political gain

According to an Ofcom report in 2014, how long do average UK adults spend using a digital device per day?

8 hours and 41 minutes (D)

A system outage can create costs similar to those of a malicious attack but usually at a higher scale.

False (B)

Give three examples of personal data.

Medical records, education records, employment and financial records.

The three main dimensions of cybersecurity are confidentiality, integrity, and ______.

availability

Match the description with appropriate description of data:

Cybersecurity = The protection of digital devices and their communication channels to keep them stable, dependable and reasonably safe from the danger or threat Personal data = Data that interacts on a regular basis at home, school or work Online Identity = Your identity while you are in cyberspace

Why do organizations collect personal information?

All of the above (D)

Protecting personal data online requires revealing as much information as possible to ensure transparency.

False (B)

What are the two types of security threats?

Internal and external

The consequences of a security breach can include ruined reputation, vandalism, theft, revenue lost, and damaged ______.

intellectual property

Match the following roles with the type of cybersecurity function:

Audit manager = Cyber Audit and Assessment Attack and penetration testers = Environment testing Chief Information Security Officer = Management

What is the role of the Chief Information Security Officer?

To manage and lead information security. (B)

Proactive security measures are generally more expensive than reactive ones.

False (B)

Name two actions you could take to have cyber security for individuals.

Always maintaining strong passwords and always keeping device up to date or restrict access to install software.

Cybersecurity is the protection of networked systems and data from unauthorized use or ______

harm

Match the threat with the appropriate description of internal or external.:

External Threat = Exploit vulnerabilities in network or computing devices or Using social engineering to gain access Internal Threat = An employee or contract partner that Facilitate outside attacks by connecting infected USB media into the corporate computer system

What well-known malware damaged Ukrainian accounting softwares?

NotPetya (D)

In large companies before the cloud, smaller companies would ask the technology department to build software from a clean page

False (B)

What are the six groups of cybersecurity?

Management; Cyber Audit and Assessment; Event Monitoring and Alerts; Proactive operations; Environment testing; Specialists.

The lure of cost and higher earnings encourage us to adopt new ______ quickly.

technologies

Match the following security measures with their respective categories:

Biometric Fingerprint Scanner = Technological Remote Login Procedures = Administrative Security Awareness Training = Educational

What is a key factor driving the rise of cybersecurity threats?

Faster, cheaper, and more widely adopted internet connection speeds (C)

Activities like banking, shopping, watching movies and listening to broadcasts became less convenient online.

False (B)

Name three types of organizational data.

Personnel, Intellectual and Financial.

Data is at rest in ______.

storage

Match the following security roles with their security aspects:

Confidentiality = Privacy Availability = Information is accessible Integrity = Accuracy and trusworthiness

What is not the purpose purpose of a cyber warfare?

Help local society (B)

Personal data is worthless to cybercriminals.

False (B)

What is an online identity?

Your online identity is the one in cyberspace

During my research for security exploits, I stumbled across a security vulnerability on a corporate network that I am ______ to access.

authorized

Match the following breach with the type of impact of consequences of a security breach:

Ruined Reputation = The reputation damaged after a data leak Theft = Important files and resources were taken Revenue Lost = The revenue diminished because systems were not working appropriately

Flashcards

Definition of Cybersecurity

The protection of digital devices and their communication channels to keep them stable and safe from danger or threat.

What is a Digital Device?

Any electronic appliance that can create, modify, archive, retrieve, or transmit information in an electronic format.

What is Ethical Hacking?

The ability to perform hacking or breaking into a computer system

What is Cybersecurity?

Protection of networked systems and data from unauthorized use or harm.

What is Offline Identity?

Your identity that interacts on a regular basis at home, school, or work

What is Online Identity?

Your identity while you are in cyberspace

What is Identity Theft?

Unauthorized acquisition of someone's personal information for illegal use.

What is a Gray hat hacker?

Compromising systems without permission, often revealing security flaws.

What are Organized Hackers?

Organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers.

Define External Security Threats

Attackers exploit vulnerabilities in network or computing devices.

What is Cyberwarfare?

Use of technology to launch attacks on nations, governments and citizens, causing harm

Define the Consequences of a Security Breach

Ruined reputation, vandalism, theft, revenue lost, damaged intellectual property

What is Personnel data?

Application materials, payroll, offer letters, employee agreements

Define Data Integrity

Accuracy and trustworthiness of information.

Define Data Availability

Information is always readily available.

What are the Dimensions of Cybersecurity?

Confidentiality, integrity, and availability.

What is Data in Transit?

Data is being transmitted from one place to another.

What is Data in Storage?

Data is at rest on a storage device

What is Data in Process?

Data which is currently being modified.

Study Notes

• Introduction to Cybersecurity Engineering, CSE210, Chapter 1
• Course assessments include assignments, quizzes, labs, a midterm, project, and a final exam.
• Assignments, quizzes, and labs are each worth 10%.
• The midterm is worth 20%.
• The project is worth 15%.
• The final exam is worth 35%.
• Required textbooks include:
  • "Computer Security: Principles and Practice" (4th ed.) by William Stallings and Lawrie Brown (2018).
  • "Cybersecurity for Beginners" (2nd ed.) by Raef Meeuwisse (2017).
• Week 1 Syllabus: Introduction to Cybersecurity Engineering
• Week 2 Syllabus: Attacks Concepts and Techniques
• Week 3 Syllabus: Introduction to Cryptography
• Week 4 Syllabus: Risk Assessment
• Week 5 Syllabus: Security Controls Plans and Procedure
• Week 6 Syllabus: Intrusion Detection System
• Week 7 Syllabus: Legal and Ethical Aspects
• Week 8 & 9 Syllabus: Physical Infrastructure Security/ Human Resource Security
• Week 10 Syllabus: Database Security
• Week 11 Syllabus: Software Security
• Week 12 Syllabus: Operating System Security
• Enrolment link for LABS: https://www.netacad.com/portal/web/self-enroll/m/course-1840732

Outline of Topics

• Cybersecurity and its origin
• Ethical Hacking and Cybersecurity
• Definition of personal data
• Explanation of why personal data is profitable to hackers
• Types of data used by governments and organizations
• Impact of a security breach
• Characteristics and motives of an attacker
• Cybersecurity roles
• Cyberwarfare

Cybersecurity and its Origin

• The digital revolution is the most significant period of change in human history.
• Hospitals, transport, shops, electricity, and water rely on technology to function.
• The rate of technological change is accelerating
• Human activities have changed more in the past 10 years compared to any other 10-year period.
• A 2014 Ofcom report found that the average UK adult spends 8 hours and 41 minutes per day using a digital device.
• The lure of cost savings and higher earnings encourages rapid adoption of new technologies.
• Cybersecurity is relevant to everyone, and a lack of understanding poses personal and professional risks.
• Free software applications often come at the cost of access to information on devices.
• Smartphones, tablets and laptops come with pre-installed applications that have permission to access user data.
• Organizations collect information to build their power.
• Organizations use collected information to improve their products and services, better target customers, improve sales, collect competitive data, and sell information to other companies.
• Cybersecurity is defined as the protection of digital devices and their communication channels to keep them stable, dependable, and reasonably safe from danger or threat.
• Digital devices can create, modify, archive, retrieve, or transmit information in an electronic format, such as desktop computers, laptops, tablets, smartphones, and internet-connected home devices.
• Early cybersecurity efforts focused on malicious and intentional threats to technology.
• Systems can be taken out of action because of process gaps, unexpected user actions, and rouge insider activities.
• In February 2017, AWS suffered a partial outage due to a minor typo by an employee debugging the billing system, affecting services like Netflix, Tinder, Airbnb, Reddit, and IMDb.
• Guarding against external and malicious threats is a priority due to the damage and cost they create.
• Most major cybersecurity incidents are due to criminal, state, or terrorist-led activities.
• Insider threats tend to create the most impact when they are intentional.
• Malicious attacks include the unauthorized removal or copying of information, leading to customer, brand, and share damage, as well as high redemption and compensation costs.
• A system outage can also create costs, but usually at a different and lower scale.
• The rise of cybersecurity threats is driven by faster, cheaper, and more widely adopted internet connections.
• Faster computer processing speeds and better web application programming have made providing mainstream services through the internet easier, more effective, and cheaper.
• Activities like banking, shopping, watching movies, and listening to broadcasts became more convenient online.
• Organizations that adopt new technologies experience lower costs, increased earnings, and enhanced socialization
• Organizations using traditional services are less competitive due to higher costs and lower benefits.
• Sensitive information and services are now routinely stored and transacted through networked devices.
• Credit cards and medical information are often stored online.
• The internet is the primary method of correspondence.
• A substantial amount of personal data is stored in connected devices.
• Before cloud computing, IT departments faced challenges, now businesses ask their technology departments to build custom software.
• Smaller companies unable to afford specialty software managed with manual processes or local spreadsheets and databases.
• Cloud computing has opened up the software market by offering a variety of choices and prices.
• Instead of paying large sums for software and waiting long periods for its arrival, users can now pay a lower price to try out software within minutes.
• Cloud opportunities shifted technology choice decisions away from IT departments, but left them responsible for securing externally-administered tools.
• Decision-making power in companies now lies with non-IT personnel, who dictate the software the company will use, requiring the IT department to integrate and support it.
• This shift has significantly changed the roles and skills required of technology departments.
• An information security person who stopped working in 2009 would barely recognize the functions of today's IT or cybersecurity department.

Ethical Hacking and Cybersecurity

• The ability to hack or break into a computer system is not the same as cybersecurity.
• Ethical hacking is a valuable skill, it is not sufficient for securing a system.
• Criminal hackers need to find only one weakness to succeed.
• Effective cybersecurity requires addressing every significant potential point of weakness.

Personal Data

• Cybersecurity involves protecting networked systems and data from unauthorized use or harm.
• Individuals have both online and offline identifies.
• Offline identity refers to interactions at home, school, or work
• Online identity refers to the identity while in cyberspace
• Online identity should only reveal a limited amount of information.
• A username or alias should not include any personal information, should be appropriate and respectful, and should not attract unwanted attention.
• Personal data includes medical records (electronic health records, prescriptions), education records (grades, test scores, awards, attendance, disciplinary reports), and employment/financial records (income, tax records, past employment performance).
• Data is stored in medical records, store loyalty cards, and in online pictures.
• Data storage is performed by computer devices.
• Criminals may obtain money through online credentials that give them access to accounts or through creative schemes such as tricking people into wiring money to friends or family.
• Criminals want an identity for long-term profits, medical benefits, filing fake tax returns, opening credit card accounts, and obtaining loans.

Organizational Data

• Types of organizational data include traditional data, internet of things and big data, and confidentiality, integrity, and availability.
• Traditional data includes personnel information (application materials, payroll, employee agreements), intellectual property (patents, trademarks, product plans, trade secrets), and financial statements (income statements, balance sheets, cash flow statements).
• The Internet of Things (IoT) involves a large network of physical objects, such as sensors, and the big data generated from the IoT.
• Confidentiality means privacy.
• Integrity refers to the accuracy and trustworthiness of information.
• Availability means that information is accessible.
• Security breaches can result in ruined reputation, vandalism, theft, revenue loss, and damaged intellectual property.
• LastPass is an example of an online password manager.
• LastPass suffered a security breach where email addresses, password reminder questions, and authentication hashes were stolen.
• The data states are in transit, in storage, or in process.
• The thee dimensions of cybersecurity are confidentiality, integrity, and availability.

Profile of an Attacker

• Amateurs: Script kiddies with little or no skill use existing tools or instructions found online for attacks.
• Hackers: Break into computers or networks to gain access.
• White hats: Break into systems with permission to discover weaknesses for security improvement.
• Gray hats: Compromise systems without permission but have no malicious intent.
• Black hats: Take advantage of vulnerabilities for illegal personal, financial, or political gain.
• Organized hackers: Organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers.
• Internal security threats can come from employees or contract partners, who may mis-handle confidential data, threaten internal servers or network devices, facilitate outside attacks via infected USB media, accidentally introduce malware, or cause great damage due to direct access.
• External security threats exploit vulnerabilities in networks/computing devices or use social engineering to gain access.

Cyber Security for Individuals

• Digital systems need tailored cybersecurity measures.
• Securing private accounts and devices involves using complex passwords with over 12 characters, keeping devices updated with software patches, installing anti-malware software, restricting software installation to a separate account, and avoiding unknown websites/links.

Cyber Security for Organizations

• As protection needs grow, so do asset diversity/scale.
• Protecting diverse assets needs specialists with diverse skills.
• Securing complex environments needs a longer list of skills.
• Protecting digital environments needs cybersecurity experts.
• Cybersecurity roles and 6 main groups include:
  • Management: Cheif Information Security Officer, Cyber Risk Manager, Cyber Security Architect
  • Cyber Audit and Assessment: Audit manger, Auditor, Assessment specialist
  • Event Monitoring and Alerts (reactive operations): Security incident and event manager, Security incident responder, Network intrusion analysts
  • Proactive operations: Access administrators, Security device, administrators (firewall and more), Cryptography consultant, Cybersecurity analysts
  • Environment testing: Attack ad penetration testers, Vulnerability Assessors
  • Specialists: Security control designers, external security specialist, Digital forensics specialists, Cryptologist, Cryptanalyst, Antimalware specialist

Cyberwarfare

• Cyberwarfare = technology use to attack nations, governments, and citizens, causing harm like actual warfare.
• Stuxnet malware was designed to damage Iran's nuclear enrichment plant.
• Stuxnet was delivered via an infected USB stick.
• The software controlling centrifuges was reprogrammed to spin dangerously fast and then slow.
• Wiper Attack is a notorious NotPetya malware designed to damage Ukrainian accounting software.
• The purpose of cyber warfare is to gain advantage over adversaries or competitors.
• Cyber warfare can sabotage infrastructure, blackmail governmental personnel, cause citizens to lose confidence in their government, and affect citizens' faith without physical invasion.
• Countermeasures and Safeguards:
  • Technological: Biometric Fingerprint Scanner, IDS/IPS Appliance, Electronic Badge System
  • Administrative: Acceptable Use Policy, Passwords Changed Every 30 Days, Remote Login Procedures
  • Educational: Security Awareness Training, Awareness Posters in the Office, "Securing Your Desktop" Video
• Reasons for becoming a Cybersecurity Specialist: High Earning Potential, Challenging Career, Service to the Public