Cyber Security Definitions and Cyber Attacks

Summary

This document provides an overview of cyber security definitions, including network security, application security, and information security. It also examines various types of cyber attacks such as malware, phishing, SQL injection, and denial-of-service attacks. The document further discusses cybersecurity engineering and its key areas of focus.

Full Transcript

Cyber Security Definitions
Cyber security is the practice of
defending computers, servers, mobile
devices, electronic systems, networks,
and data from malicious attacks. It is
divided into common categories.
1. Network security
2. Application security
3. Information security
4. Operational security
5. Disaster recovery
and business continuity
6. End-user education
 Network security is the practice of securing a computer network from
intruders, whether targeted attackers or opportunistic malware.
Application security focuses on keeping software and devices free of threats.
A compromised application could provide access to the data its designed to
protect. Successful security begins in the design stage, well before a program or
device is deployed.
Information security protects the integrity and privacy of data, both in
storage and in transit.
Operational security includes the processes and decisions for handling and
protecting data assets. The permissions users have when accessing a network
and the procedures that determine how and where data may be stored or
shared all fall under this umbrella.
Disaster recovery and business continuity define how an organization
responds to a cyber-security incident or any other event that causes the loss of
operations or data. Disaster recovery policies dictate how the organization
restores its operations and information to return to the same operating capacity
as before the event. Business continuity is the plan the organization falls back
on while trying to operate without certain resources.
End-user education addresses the most unpredictable cyber-security factor:
people. Anyone can accidentally introduce a virus to an otherwise secure
system by failing to follow good security practices. Teaching users to delete
suspicious email attachments, not plug in unidentified USB drives, and various
other important lessons is vital for the security of any organization.
 Cyber Security Terms

CIA (Confidentiality, integrity and availability)
Policy
Threat
Vulnerability
Exploit
Patch
Asset
Breach
Malware
Attacker\Bad Guy
 Cyber Security Terms

Confidentiality: Prevent confidential data and
sensitive information from reaching to Wrong
People. (Encryption)

Integrity: maintain accuracy and
trustworthiness when Moving from point to
another (Hashing).

Availability: ensure The Availability of the
Data and Services.
 Cyber Security Terms
The Policy in Cyber security is guidelines for transferring
company data, accessing private systems, etc.
the main goal of the policy is to Achieve the Cyber Security
goals CIA (Confidentiality, Integrity, and Availability).
Vulnerability is a Flaw or weakness in a System,
Application, or Configuration which can be exploited by
malicious actors to gain unauthorized access to or perform
unauthorized actions on a computer system.
Exploit : An exploit is a code or Command that takes
advantage of software or a System vulnerability to
remotely access a system, gain privileges on the System,
or run a malicious code on the system.
Patch : A patch is a set of changes to a system program, or
its supporting data designed to update, fix, or improve it.
This includes fixing security vulnerabilities
 Cyber Security Terms

Asset : any data, device, people, or another
component of the environment that
supports information-related activities.
Threat : Malicious Actors that seek to Abuse
assets, damage or steal data, steal
Credentials, or disrupt digital life in
general.
Breach : Malicious Actor Succeeded to gain
unauthorized access to organization-
protected Systems or Data which lead to
system damage, data loss, etc..
 Cyber Security Terms
Malware : software that is
specifically designed to disrupt,
damage, or gain unauthorized
access to a computer system
Attacker\Bad Guy : The adversary
that seeks to gain unauthorized
access to your environment in
order to damage systems or data
or steal sensitive info.
Cyber Security Attacks
Types
 Cyber Security Attacks
Types
A malware attack : It is a common cyberattack where malware
(normally malicious software) executes unauthorized actions on the
victim's system.
Phishing : It is a type of attack that attempts to steal sensitive information
like user login credentials and credit card numbers. It occurs when an
attacker is masquerading as a trustworthy entity in electronic
communication.
Man in the middle attacks : It is a type of attack that allows an attacker to
intercept the connection between the client and server and acts as a bridge
between them. Due to this, an attacker will be able to read, insert and
modify the data in the intercepted connection.
A DoS :It is attack is a denial of service attack where a computer is used
to flood a server with TCP and UDP packets. A DDoS attack is where
multiple systems target a single system with a DoS attack.
 Cyber Security Attacks
Types
SQL Injection : It is an attack in which some data will be
injected into a web application to manipulate the application and
fetch the required information.
Zero-day exploit : A vulnerability in a system or
device that has been disclosed but is not yet patched.
Cross-Site Scripting (XSS): A code injection attack
that allows an attacker to execute malicious JavaScript
in another user’s browser.
business email compromise: is a form of phishing
attack where a criminal attempts to trick a senior
executive (or budget holder) into transferring funds,
or revealing sensitive information.
Buffer Overflow: An exploit that takes advantage of
the program that is waiting for a user’s input
 Cybersecurity Engineering
Cybersecurity engineering :is about
building systems to remain
dependable in the face of malice,
error, or mischance. As a discipline,
it focuses on the tools, processes,
and methods needed to design,
implement, and test complete
systems, and to adapt existing
systems as their environment
evolves.
 Why do we need Cybersecurity
? Engineering
Operational security alone is insufficient
in complex and highly interconnected
technology environments.
System and software security
engineering requires more than security
compliance checklists and tools.
Cybersecurity Engineering applies
threat-informed security risk analyses
to reduce the systems and software
attack surface
 Key Areas of Focus for
Cybersecurity Engineering

1. Determining Risk
2. Defining and Monitoring System and
Component Interactions
3. Evaluating Trusted Dependencies
4. Anticipating and Planning Responses to
Attacks
5. Coordinating Security Throughout the
Lifecycle
6. Measuring to Improve Cybersecurity
 Risk Determination
Cybersecurity engineering incorporates the
effective consideration of threats and mission
risk.
Perceptions of risk drive assurance decisions and
the lack of cybersecurity expertise in risk analysis
can lead to poor assurance choices.
Involving individuals with knowledge about
successful attacks and how threats can impact the
system's operational mission can be critical in the
decision-making steps for appropriate
prioritization.
Defining and monitoring system
and component interactions
Cybersecurity engineering considers the risk
to systems from the interaction among
technology components and external systems.
Highly connected systems require the
alignment of cybersecurity risk across all
stakeholders, system components, and
connected systems; otherwise, critical threats
can remain unaddressed (i.e., missed or
ignored) at different points of interaction.
 Defining and monitoring system
and component interactions
The following risk areas should be considered in design and process
decisions:
Interactions must be designed to be assured, and segments of the design
will be scattered across various interacting components; verification that
the pieces are all effectively working together must be part of the validation
of this integration.
There are costs to addressing assurance, and tradeoffs must be made among
performance, reliability, usability, maintainability, etc. These costs and
tradeoffs must be balanced against the impact of the risks. Then choices
must be consistently applied across the range of participating components.
Interactions occur at many technology levels (e.g., network, security
appliances, architecture, applications, data storage) and are supported by a
wide range of roles. The choices made at each level must be consistently
applied across all levels for effective results.
 Trusted dependencies
Cybersecurity engineering evaluates the dependencies and inherited risk
to ensure that the appropriate level of trust is established.
The following are key dependency considerations where trust is involved:
Each dependency represents a risk that needs to be shared among
interfacing components.
Dependency decisions should be based on a realistic assessment of the
threats, impacts, and opportunities represented by an interaction.
Controls placed on the interaction should reflect this analysis.
Dependencies are not static, and trust relationships should be reviewed
periodically to identify changes that warrant reconsideration.
Using many shared components (e.g., reuse, open source, collaboration
environments) to build technology applications and infrastructure
increases the dependency on others' assurance decisions that may not
meet mission needs.
Anticipating and Planning Responses
to Attacks (Attacker response)
Cybersecurity engineering should oversee
this responsibility to ensure that system
capabilities are included to allow effective
handling of the types of attacks that can be
mission critical. A broad community of
attackers has expanded their technology
capabilities, enabling them to compromise
the confidentiality, integrity, and availability
of any and all of a system's technology
assets. Moreover, this attacker profile is
constantly changing and evolving in
sophistication and lethality.
 Coordination of security
throughout the lifecycle
This area is the responsibility of cybersecurity engineering.
Each step of the lifecycle should include preparing for the
fielded system. Attackers often take advantage of all
possible entry points, so protection must be applied broadly
across people, processes, and technology. This span of
protection includes acquisition decisions about software and
services integrated into the system. The role of
implementing a cybersecurity strategy requires
coordination among systems and software engineering,
architects and designers, developers, testers, verifiers, and
implementers to identify potential gaps and ways of
addressing them to assure the operational mission.
Measurement for cybersecurity
improvement
Cybersecurity engineering should be responsible for
coordinating data--from the various lifecycle steps,
decision-making levels, and system-component
evaluations--to show that the steps designed to
address cybersecurity are delivering the expected
results. Tools can track vulnerabilities in code, testing
can show defects, and architecture analyses can
identify design weaknesses. Until these elements are
integrated, however, the operational risk perspective
is missing. All elements of the socio-technical
environment (e.g., practices, processes, procedures,
products) must tie together and measurements must
be consistent.
Cyber Security Engineering Lifecycle
Challenge