CSC 1029 Week 02 Cyber Security Fundamentals PDF
Document Details
Uploaded by DivineZebra9695
Red Rocks Community College
Tags
Related
- CCF-Session-1-v4-Regular-2023-lec-clsu-1 PDF - Information Security Fundamentals
- Cybersecurity Foundations Lecture 1 PDF
- Lecture 1 - Part I(1) (2) - Cybersecurity Fundamentals PDF
- Introduction to Cyber Security Lecture 2 PDF
- Diamond Model of Intrusion Analysis PDF
- Offensive and Defensive Cyber Security Strategies PDF
Summary
This document covers cybersecurity fundamentals, including objectives, types of attacks, the cost of cybercrime, and vulnerabilities. It provides information about threat models, and threat intelligence, suitable for undergraduate students.
Full Transcript
CSC 1029 CYBERSECURITY FUNDAMENTALS OBJECTIVES AGENDA: WEEK 02 Understand what 1. What is Cybersecurity and Types of cybersecurity is and its Attacks importance. 2. Cybersecurity Objectives Understand what we are 3. W...
CSC 1029 CYBERSECURITY FUNDAMENTALS OBJECTIVES AGENDA: WEEK 02 Understand what 1. What is Cybersecurity and Types of cybersecurity is and its Attacks importance. 2. Cybersecurity Objectives Understand what we are 3. What are we protecting 4. Cost of Cybersecurity protecting from attackers. 5. Your Next Move: Software Developer Understand the lessons 6. Vulnerabilities learned from historical and 7. Threat Model: STRIDE current events, and emerging 8. Threat Intelligence trends. 9. Types of Attacks 10. Importance of Software Security 11. TODO and Resources for Help WHAT IS CYBERSECURITY Read the CompTIA article: What is Cybersecurity? https://www.comptia.org/content/articles/what-is-cybersecurity Watch the YouTube: What is Cybersecurity OBJECTIVES OF CYBERSECURITY Read the CompTIA resource State of Cybersecurity for 2024 Market Overview through to Policy https://www.comptia.org/content/research/cybersecurity-trends- research What do you consider to be the top objectives for Cybersecurity? WHAT ARE WE PROTECTING Review each of the 16 Critical Infrastructure Sectors https://www.cisa.gov/topics/critical-infrastructure-security-and- resilience/critical-infrastructure-sectors WHAT IS THE COST? https://comptiacdn.azureedge.net/webcontent/images/default-source/researchreports/2022-state-of- cybersecurity---us/estimated-global-cost-of-cybercrime-in-2021.png?sfvrsn=2bbc387f_2 VULNERABILITIES Review the National Vulnerability Database visualizations: https://nvd.nist.go v/general/visualiz ations/vulnerabilit y- visualizations/cwe -over-time Vuln Summary Word Frequency Cloud: https://nvd.nist.gov/general/visualizations Threat STRIDE THREAT LIST Security https://owasp.org/www-community/Threat_Modeling_Process#stride-threat-list Control Threat action aimed at accessing and use of another user’s credentials, such as Spoofing username and password. Authentication Threat action intending to maliciously change or modify persistent data, such as Tampering records in a database, and the alteration of data in transit between two computers Integrity over an open network, such as the Internet. Threat action aimed at performing prohibited operations in a system that lacks the Non- Repudiation ability to trace the operations. Repudiation Information Threat action intending to read a file that one was not granted access to, or to read Confidentiality disclosure data in transit. Denial of Threat action attempting to deny access to valid users, such as by making a web Availability service server temporarily unavailable or unusable. Elevation of Threat action intending to gain privileged access to resources in order to gain Authorization privilege unauthorized access to information or to compromise a system. THREAT INTELLIGENCE Read the blog post from CompTIA: Threat Modeling and Cyber Threat Intelligence: Anticipating the Next Hit https://www.comptia.org/blog/threat-modeling-and-cyber- threat-intelligence TYPES OF ATTACKS 1. Social engineering attacks 3. Attacks against the Organization penetration supporting infrastructure IT infrastructure exploration Denial of Service (DoS) Phishing Spam Virus Spoofing Worm Man in the middle Trojans 2. Attacks against the Spyware application’s software Adware Cross-site scripting (XSS) 4. Physical attacks Buffer overflows External drives & Flash Sticks SQL code injection Bringing down the system Time/logic bombs Back door Stealing hardware CYBERSECURITY PRINCIPLES Complete the interactive lesson RECENT CYBER ATTACK MGM Casino Cyber Attack September 2023 https://westoahu.hawaii.edu/cyber/global-weekly-exec- summary/alphv-hackers-reveal-details-of-mgm-cyber-attack/ EARN YOUR PRE-WORK GRADE Post your weekly discussion question and research solution to D2L TODO Complete Week 02 Content Module in D2L to 100% WHAT'S COMING UP NEXT...WEEK 03 QUESTIONS | CLARIFICATIONS | HELP Student Office Hours: Schedule Meeting with Julie o By Appointment (both on-campus and remote via Zoom) o Drop-In Times Available (on-campus) Email: [email protected] RRCC On Campus Tutoring: https://www.rrcc.edu/learning- commons/tutoring 24/7 Online Tutoring: D2L > Content > Resources for Help