Introduction to Cybersecurity CCY2001

Course Introduction to Cybersecurity

• The course is CCY2001, offered by the College of Computing and Information Technology
• The course is taught by Prof. Dr. Hatem Abdelkader and Dr. Mohamed Samir

Cybersecurity Course Evaluation

• 7th Grade Exam - Practical work (30%)
• 12th Grade Exam - Practical work (20%)
• Year Work Project (10%)
• Final Exam (40%)

Reference Textbook

• "Cybersecurity Fundamentals: A Real-World Perspective" by Kutub Thakur and Al-Sakib Khan Pathan

Course Outline

• 14 topics, including:
  • Cybersecurity Basics
  • Cyberattacks and Vulnerabilities
  • Cryptography basics
  • Countermeasures for Cyberattacks
  • Network Security basics
  • E-commerce Security basics
  • Cybersecurity Risk Management basics
  • Cybersecurity Standards
  • Cybersecurity for the Future

E-commerce Security Basics

• Total global sales through e-commerce reached US2.84trillionin2018andareexpectedtocrossUS2.84 trillion in 2018 and are expected to cross US2.84trillionin2018andareexpectedtocrossUS4.48 trillion by 2021
• Over 1.66 billion people made online purchases in 2017
• The FBI Internet Crime Complaint Center received over 300,000 complaints in 2017, with losses totaling over US$1.4 billion

HTTP and HTTPS Websites

• HTTP websites are insecure due to plain text communication between client and server
• HTTPS websites use digital certificates signed by a Certificate Authority (CA) for encrypted communication
• Two types of certificates: Secure Socket Layer (SSL) and Transport Layer Security (TLS)
• TLS is a more secure and advanced encryption method than SSL

Secure Electronic Transactions (SET)

• SET protocol is used for secure online financial transactions
• SET uses both symmetric (Data Encryption Standard or DES) and asymmetric (Public Key Infrastructure or PKI) cryptography
• SET uses 56-bit session keys transmitted asymmetrically
• Participants in SET include cardholders, issuers, merchants, acquirers, and certificate authorities

Web Fraud Detection Systems

• WFDS uses artificial intelligence and scoring methodologies to detect fraudulent transactions
• WFDS collects data on web transactions and compares it with data attributes using algorithms
• Scoring algorithms used by WFDS include predictive behavioral scoring, rule-based scoring, and hybrid scoring models

Browser Cache Clearing

• Clearing browser cache improves online privacy and security
• Frequent password changes are an essential component of effective password management

Risk Management Basics

• Risk management involves identifying, evaluating, and mitigating risks to IT systems
• Risk management is a critical component of IT system development and operation
• Risk management involves three processes: risk assessment, risk mitigation, and evaluation and assessment

Risk Assessment

• Risk assessment identifies, evaluates, and prioritizes risks to IT systems
• Risk assessment involves nine primary steps: system characterization, threat identification, vulnerability identification, control analysis, likelihood determination, impact analysis, risk determination, control recommendations, and results documentation