CYB 201: Introduction to Cybersecurity and Strategy Notes PDF

**CYB 201:** **Introduction to Cybersecurity and Strategy** **2 Units C:** **Learning Objectives** At the end of this course, students should be able to understand: 1. Basic cybersecurity concepts, its methods, elements, and terminologies of cybersecurity, security, threat, attack, defence, and operations; 2. Describe common cyber-attacks and threats, cybersecurity issues, challenges and proffered solutions, and build an enhanced view of main actors of cyberspace and cyber operations; 3. The techniques for identifying, detecting, and defending against cybersecurity threats, attacks and protecting information assets; 4. Impact of cybersecurity on civil and military institutions, privacy, business and government applications; 5. Identify the methods and motives of cybersecurity incident perpetrators, and the countermeasures employed by organisations and agencies to prevent and detect those incidences and software application vulnerabilities; and 6. State the ethical obligations of security professionals, evaluate cybersecurity and national security strategies to the typologies of cyber-attacks that require policy tools and domestic response, and define the cybersecurity requirements and strategies evolving in the face of big risk. **Course Contents** - *Basic concepts: cyber, security, confidentiality, integrity, availability, authentication, access control, non-repudiation and fault-tolerant methodologies for implementing security.* - *Security policies, best current practices, testing security, and incident response.* - *Risk management, disaster recovery and access control.* - *Basic cryptography and software application vulnerabilities.* - *Evolution of cyber-attacks.* - *Operating system protection mechanisms, intrusion detection systems, basic formal models of security, cryptography, steganography, network and distributed system security, denial of service (and other) attack strategies, worms, viruses, transfer of funds/value across networks, electronic voting, secure applications.* - *Cybersecurity policy and guidelines.* - *Government regulation of information technology.* - *Main actors of cyberspace and cyber operations.* - *Impact of cybersecurity on civil and military institutions, privacy, business and government applications; examination of the dimensions of networks, protocols, operating systems, and associated applications.* - *Methods and motives of cybersecurity incident perpetrators, and the countermeasures employed by organisations and agencies to prevent and detect those incidences.* - *Ethical obligations of security professionals.* - *Trends and development in cybersecurity.* - *Software application vulnerabilities.* - *Evolution of cybersecurity and national security strategies, requirements to the typologies of cyber-attacks that require policy tools and domestic response.* - *Cybersecurity strategies evolving in the face of big risk.Role of standards and frameworks.* ***LESSON ONE*** **BASIC CONCEPT OF CYBERSECURITY** Cyber security is the most concerned matter as cyber threats and attacks are overgrowing. Attackers are now using more sophisticated techniques to target the systems. Individuals, small-scale businesses or large organization, are all being impacted. So, all these firms whether IT or non-IT firms have understood the importance of Cyber Security and focusing on adopting all possible measures to deal with cyber threats. **What is cyber security?** \"Cyber security is primarily about people, processes, and technologies working together to encompass the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, etc.\" OR Cyber security is the body of technologies, processes, and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. - The term cyber security refers to techniques and practices designed to protect digital data. - The data that is stored, transmitted or used on an information system. OR Cyber security is the protection of Internet-connected systems, including hardware, software, and data from cyber attacks. It is made up of two words one is cyber and other is security. - Cyber is related to the technology which contains systems, network and programs or data. - Whereas security related to the protection which includes systems security, network security and application and information security. **Why is cyber security important?** Listed below are the reasons why cyber security is so important in what's become a predominant digital world: - Cyber attacks can be extremely expensive for businesses to endure. - In addition to financial damage suffered by the business, a data breach can also inflict untold reputational damage. - Cyber-attacks these days are becoming progressively destructive. Cybercriminals are using more sophisticated ways to initiate cyber attacks. - Regulations such as GDPR are forcing organizations into taking better care of the personal data they hold. Because of the above reasons, cyber security has become an important part of the business and the focus now is on developing appropriate response plans that minimize the damage in the event of a cyber attack. But, an organization or an individual can develop a proper response plan only when he has a good grip on cyber security fundamentals. **1.1 Cyber security Fundamentals** **Confidentiality:** Confidentiality is about preventing the disclosure of data to unauthorized parties. It also means trying to keep the identity of authorized parties involved in sharing and holding data private and anonymous. Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle (MITM) attacks, disclosing sensitive data. Standard measures to establish confidentiality include: - Data encryption - Two-factor authentication - Biometric verification - Security tokens - Cryptographic checksums - Using file permissions - Uninterrupted power supplies - Data backups - Backing up data to external drives - Implementing firewalls - Having backup power supplies - Data redundancy **Authentication**: is an inevitable requirement of each establishment because it enables organizations to have their networks secured by permitting only authenticated users to access its secure resources. These resources may include networks, computer systems, websites, databases and other network-based applications or services **Authenticity:** An authentication may be a process that certifies and confirms a user\'s identity or applicable role that somebody has. Authentication is often accomplished in a number of ways, but it\'s usually reinforced by a mix of something the user -- has (e.g. a smart card or a radio key for keeping secret keys), - knows (e.g. a password), is (e.g. a human biometric, fingerprint). **Non-repudiation:** is important to ensure that a party cannot deny having sent or received a message or transaction. This includes protecting against message tampering and replay attacks. Common techniques used to establish non-repudiation include digital signatures, message authentication codes and timestamps. Non-repudiation is a security concept that proves a person or entity took a specific action at a specific time. Non-repudiation is often achieved through cryptography, such as digital signatures, which ensure that a party cannot deny sending information or the authenticity of their signature. **1.2 Fault-Tolerant Methodologies for Implementing Security.** Fault-tolerant security methodologies are crucial for ensuring the reliability and resilience of security systems in the face of various failures, attacks, or disruptions. Here are some key methodologies to consider: **Redundancy and Failover:** \* Multiple Security Layers: Employing multiple security layers, such as firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS), provides redundancy and increases the difficulty for attackers to bypass defenses. \* Load Balancing: Distributing traffic across multiple security devices or servers can improve performance and fault tolerance. If one component fails, others can take over the load. \* Failover Mechanisms: Implementing failover mechanisms, such as redundant servers or network devices, allows for automatic switching to backup systems in case of failures. Continuous Monitoring and Error Detection: \* Real-time Monitoring: Continuously monitor security logs, system performance metrics, and network traffic to detect anomalies and potential threats. \* Automated Alerts: Configure automated alerts to notify security teams of critical events or security breaches. \* Intrusion Detection Systems (IDS): Utilize IDS to identify and log suspicious activity within networks or systems. **Security Information and Event Management (SIEM):** \* Centralized Logging: Collect and analyze security logs from various sources to gain a comprehensive view of security events. \* Correlation and Analysis: Correlate events to identify patterns and potential threats. \* Incident Response Automation: Automate certain incident response tasks, such as blocking IP addresses or isolating compromised systems. **Regular Security Assessments and Penetration Testing:** \* Vulnerability Scanning: Identify and assess vulnerabilities in systems and applications. \* Penetration Testing: Simulate attacks to uncover weaknesses and improve security posture. \* Regular Security Audits: Conduct regular security audits to evaluate compliance with security policies and standards. **Security Awareness and Training:** \* Employee Training: Educate employees about security best practices, such as strong password policies, phishing awareness, and social engineering tactics. \* Regular Security Awareness Campaigns: Conduct regular campaigns to reinforce security awareness and promote a culture of security. **Incident Response Planning:** \* Incident Response Plan: Develop a comprehensive incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents. \* Regular Testing and Updates: Regularly test and update the incident response plan to ensure its effectiveness. **Additional Considerations:** \* Diversity of Security Controls: Utilize a diverse set of security controls to reduce the risk of a single point of failure. \* Regular Updates and Patching: Keep security software and systems up-to-date with the latest patches and updates to address vulnerabilities. \* Third-Party Risk Management: Assess and manage the security risks associated with third-party vendors and partners. \* Data Backup and Recovery: Implement robust data backup and recovery procedures to minimize data loss in case of a security breach or system failure. By combining these fault-tolerant security methodologies, organizations can significantly enhance their security posture, reduce the risk of breaches, and minimize downtime in the event of security incidents. **The Seven Layers of Cybersecurity** The 7 layers of cyber security should center on the mission critical assets you are seeking to protect. *1: Mission Critical Assets* -- This is the data you \`need to protect 2*: Data Security* -- Data security controls protect the storage and transfer of data. 3: *Application Security* -- Applications security controls protect access to an application, an application's access to your mission critical assets, and the internal security of the application. 4: *Endpoint Security* -- Endpoint security controls protect the connection between devices and the network. 5: *Network Security* -- Network security controls protect an organization's network and prevent unauthorized access of the network. 6: *Perimeter Security* -- Perimeter security controls include both the physical and digital security methodologies that protect the business overall. 7: *The Human Layer* -- Humans are the weakest link in any cyber security posture. Human security controls include phishing simulations and access management controls that protect mission critical assets from a wide variety of human threats, including cyber criminals, malicious insiders, and negligent users.

CYB 201: Introduction to Cybersecurity and Strategy Notes PDF

Document Details

Tags

Related

Summary

Full Transcript