Cybersecurity Foundations Lecture 1

Questions and Answers

Which topic is included in the course outline for IT 601?

Software engineering principles

Attacker techniques (correct)

Database management

Web development techniques

What mode of delivery is emphasized for the concepts in the IT 601 course?

Interactive learning (correct)

Passive learning

Lecture-based only

Online self-paced

What format is specified for communication during the course?

WhatsApp messages

University e-mails only (correct)

Personal phone calls

Text messages

Which subject is covered towards the end of the course outline?

Information Theft

What is the maximum allowed excuses for not attending exams in the IT 601 course?

Excuses as per regulations only

What percentage of the overall assessment is attributed to the final exam?

40%

Which component of the course has the highest weight in terms of assessment percentage?

Final Exam

What is the combined percentage for the report and presentation components?

15%

What is the consequence of not delivering the lab work on time?

1% deduction from overall score

Whose publication is titled 'Essentials of Cyber Security'?

Dr Gurpreet S Dhillon

Which publisher produced 'Cyber Crimes, Computer Forensics and Legal Perspectives'?

Wiley

What is the ISBN number for 'Cyber Security Essentials'?

978-1439851234

In which year was 'Cyber Security Understanding' published?

2011

What is one of the primary purposes of the Cybersecurity and Digital Forensics course?

Familiarity with Cybersecurity Fundamentals

Which chapter covers the topic of Cyber Stalking, Fraud, and Abuse?

Chapter 2

How many exams are scheduled in the Cybersecurity and Digital Forensics course?

Three

What chapter focuses on Cryptography?

Chapter 5

Which of the following topics is not included in the tentative course topics?

Network Security Protocols

What is the purpose of the Intrusion Detection Systems in cybersecurity?

To monitor network traffic for suspicious activities

The first exam in the course is scheduled for which week?

Week 5

What chapter discusses Security Policies?

Chapter 6

What is one reason hackers prefer automated attacks?

They can be conducted quickly against many targets.

What is SQL injection primarily used for in cyber attacks?

To allow SQL statements to query the database directly.

Which of the following is a characteristic of Remote File Inclusion (RFI) attacks?

They allow attackers to upload files via a service.

Which sector reported the highest number of infrastructure-related cyber attacks in 2012?

Energy sector

What type of cyber attacks are most frequently targeted at critical infrastructure in 2023?

Ransomware attacks

What is a common motive behind cyber attacks on infrastructure?

Political reasons

How can hackers benefit from tools like Sqlmap and Havji?

They require minimal technological skills to operate.

What implication does a poor validation check have in the context of cyber attacks?

It can enable code execution on a website or server.

What is one primary aim of computer security?

To ensure availability of data

Which of the following is NOT a core concept of computer security?

Privacy

What does data integrity ensure in the context of computer security?

Data remains accurate and consistent

What is a consequence of inadequate computer security?

Inability to access data

Which term describes the assurance that information is not altered as it moves between locations?

Integrity

What is meant by the term 'availability' in the CIA triad?

Data must be accessible when needed

What can lead to the non-availability of information?

Denial of Service (DoS) attacks

Which of the following best describes the term 'confidentiality' in computer security?

Information is kept private from unauthorized individuals

What trend was noted in the number of targeted attacks per day from 2011 to 2012?

A significant increase of 81%

What role do vulnerabilities play in cybersecurity?

They create opportunities for cyber threats

Study Notes

General Course Information

• Course Title: IT 601 – Cybersecurity Foundation
• Credit Hours: 3 (2 lecture, 2 lab)
• Prerequisites: Desire to learn and commitment
• Course Mode: Interactive participation is encouraged

Course Structure

• Comprehensive final exam covering all material
• No make-up exams unless under specific regulations
• Communication limited to university emails; no WhatsApp or calls

Course Description

• Provides a fundamental overview of cybersecurity principles
• Topics include: Cybersecurity fundamentals, attacker techniques, exploit tools, information theft, analysis techniques, events forensics, and intrusion detection systems

Course Purpose

• Understand key cybersecurity fundamentals and attacks
• Gain knowledge on attacker techniques and malicious code
• Familiarize with various exploit tools and intrusion detection systems

Tentative Weekly Topics

• Week 1: Introduction to Cybersecurity
• Week 2: Cyber Stalking, Fraud, and Abuse
• Week 3-4: Denial of Service Attacks
• Week 5: Exam 1
• Week 7-8: Cryptography
• Week 9: Security Policies
• Week 11: Cyber Terrorism
• Week 12: Firewalls and Intrusion Detection Systems
• Weeks 14-15: Term Presentations
• Week 16-17: Final Exams

Assessment Breakdown

• Exams 1, 2, and 3: 15% each
• Presentation: 15% total (5% report, 10% presentation, with penalties for late submissions)
• Lab Work: Weekly assessments
• Final Exam: 40%

Core Concepts of Computer Security

• Focuses on three key elements: Confidentiality, Integrity, and Availability (CIA)
• Confidentiality ensures data is kept private from unauthorized access
• Integrity ensures data accuracy and completeness over time
• Availability guarantees that information is accessible when needed

Computer Security Threats

• Increasing complexity and frequency of cyber threats noted:
  • 82 targeted attacks per day reported in 2011
  • 232 million identity thefts reported in 2012
  • Expected rise in cyber espionage attacks by 2024

Automated Attacks

• Originated by humans and can remain undetected for long
• Preferred by hackers due to ease of use and rapid deployment capabilities
• Examples include SQL injection and Remote File Inclusion techniques

SQL Injection

• Technique allowing malicious SQL statements through user input fields
• Enables direct querying of databases

Remote File Inclusion (RFI)

• Attack method involving the upload of malicious files to a server
• Often results from poor validation and security checks

Cyber Attack Targets and Motivations

• Critical infrastructure sectors most targeted by ransomware—
  • Energy, water, chemical, and nuclear industries reported attacks
• Political motives and theft are primary reasons behind cyber attacks

Contact Information

• Dr. Ahmed Abo-Bakr is the course instructor and point of contact for inquiries.

Description

This quiz covers the fundamental concepts of cybersecurity as introduced in the first lecture by Dr. Ahmed Abo-Bakr. It aims to provide a foundational overview of the subject, including key principles and practices in the field of cybersecurity. Ideal for students looking to grasp essential cybersecurity concepts.