Foundation in Cybersecurity 1.pdf

Transcript

Foundations in Cybersecurity
Introduction to Cybersecurity
 Discussions
Wh t do you think cybersecurity is ll bout?

Why do you think it's import nt to keep our inform tion s fe online?

C n you n me some common online thre ts or d ngers?

H ve you ever he rd of "encryption"? Wh t do you think it does?

Wh t comes to mind when you he r the term "cyber tt ck"? C n you give n ex mple?

Do you know the di erence between virus, worm, nd Troj n horse in the context of computer thre ts?

Why do you think using strong p sswords nd two-step veri ic tion is import nt?

H ve you ever received suspicious em il or mess ge? Wh t did it sk you to do?

Wh t do you think irew lls nd ntivirus progr ms do to protect our computers?

Wh t re some simple things you c n do to protect yourself from online thre ts?
a
a
a
a
a
a
a
a
a
a
f
ff
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
f
a
a
a
a
a
a
a
a
a
a
 Lecture: Introduction to Cybersecurity and Its Signi icance

Wh t is Cybersecurity?

Cybersecurity is the pr ctice of s fegu rding systems,
networks, nd progr ms from digit l tt cks imed t
ccessing, ltering, or destroying sensitive inform tion,
extorting money, or disrupting oper tions.

Signi ic nce;

Prevents un uthorized ccess, theft, nd d m ge to
inform tion.

Ensures business continuity nd protects n tion l security.

Essenti l for compli nce with leg l nd regul tory
requirements.
a
a
f
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
f
 Importance of Cybersecurity in Protecting Data, Systems, and Networks

Protection of Sensitive D t :

Person l, in nci l, nd business inform tion need s fegu rding.

Prevents identity theft nd priv cy viol tions.

System Integrity:

Ensures systems oper te correctly nd d t is not t mpered with.

M int ins trustworthiness of inform tion.

Network Security:

Protects g inst un uthorized ccess nd cyber tt cks.

Ensures reli ble nd uninterrupted network services.
a
a
a
a
f
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
 Overview of the Cybersecurity Landscape
Thre t Actors:

N tion-st te ctors: Conduct cyber
espion ge nd s bot ge.

Cybercrimin ls: Eng ge in illeg l
ctivities for in nci l g in.

H cktivists: Use cyber tt cks for
politic l gend s.

Insider thre ts: Misuse ccess to
systems nd d t.
a
a
a
a
a
a
a
a
a
a
a
a
f
a
a
a
a
a
a
a
a
a
a
a
a
a
a
 Common Cyber tt cks:

M lw re: Viruses, worms, r nsomw re, etc.

Phishing: Fr udulent ttempts to obt in sensitive
inform tion.

DDoS Att cks: Overlo ding networks to disrupt
services.

M n-in-the-Middle (MitM) Att cks: Intercepting
communic tions.

SQL Injection: Exploiting d t b se vulner bilities.

Zero-D y Exploits: Att cking unknown softw re
vulner bilities.

Credenti l Stu ing: Using stolen login
credenti ls.
a
a
a
a
a
a
a
a
a
a
a
ff
a
a
a
a
a
a
a
a
a
a
a
a
a
a
 Real-World Impacts of Cybersecurity Breaches
Fin nci l Losses:

Costs ssoci ted with recovery nd fr ud.

Loss of revenue nd potenti l ines.

Reput tion D m ge:

Loss of customer trust nd br nd v lue.

Neg tive publicity nd long-term business imp ct.

Oper tion l Disruptions:

Downtime nd service interruptions.

Imp ct on productivity nd business oper tions.

Leg l Consequences:

Regul tory ines nd pen lties.

Leg l ctions from ected p rties.
a
a
a
a
a
a
a
a
a
a
a
a
a
f
a
a
a
a
a
a
a
ff
a
a
a
a
a
a
f
a
a
a
a
a
 Case Studies
Equif x D t Bre ch (2017):

Overview: Equif x, m jor credit reporting gency, su ered m ssive d t bre ch ecting 147 million customers.

Imp ct: Exposed person l inform tion including Soci l Security numbers, birth d tes, nd ddresses.

Consequences: Fin nci l losses, d m ge to reput tion, nd leg l pen lties. Highlighted the need for robust d t protection nd timely p tching of vulner bilities.

W nn Cry R nsomw re Att ck (2017):

Overview: A glob l r nsomw re tt ck using worm to spre d through networks, encrypting d t nd dem nding r nsom p yments.

Imp ct: A ected over 200,000 computers cross 150 countries, disrupting businesses, hospit ls, nd government services.

Consequences: Emph sized the import nce of regul r upd tes, b ckups, nd cybersecurity w reness tr ining.

T rget D t Bre ch (2013):

Overview: H ckers g ined ccess to T rget’s network through third-p rty vendor, compromising the credit nd debit c rd inform tion of 40 million customers.

Imp ct: Signi ic nt in nci l loss, reput tion d m ge, nd loss of customer trust.

Consequences: Led to incre sed focus on supply ch in security nd vendor m n gement.

Sol rWinds Att ck (2020):

Overview: A sophistic ted supply ch in tt ck where m licious code w s injected into Sol rWinds’ Orion softw re, ecting numerous government nd priv te org niz tions.

Imp ct: Extensive d t bre ches nd potenti l espion ge, with wide-re ching implic tions for n tion l security.

Consequences: Highlighted vulner bilities in softw re supply ch ins nd the need for enh nced security me sures.
a
a
a
a
a
a
a
a
a
a
ff
a
a
a
a
f
a
a
a
a
a
a
a
a
a
f
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
ff
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
ff
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
ff
a
a
a
a
a
a
a
a
a
a
 Lecture: Essential Cybersecurity Concepts
CIA Tri d

Con identi lity: Ensures th t inform tion is ccessible only to those uthorized to ccess it. Ex mple: Encrypting sensitive em ils to ensure only the
intended recipient c n re d them.

Integrity: Ensures th t d t is ccur te nd h s not been t mpered with. Ex mple: Using digit l sign tures to verify th t document h s not been
ltered.

Av il bility: Ensures th t inform tion nd resources re ccessible to uthorized users when needed. Ex mple: Implementing redund ncy nd f ilover
systems to m int in website uptime during server f ilures.

Risk:

The potenti l for loss or d m ge when thre t exploits vulner bility. Ex mple: The risk of d t theft if n org niz tion’s network is not protected by
strong irew lls nd encryption.

Thre t:

Any potenti l d nger or m licious ctivity th t could exploit vulner bility. Ex mple: A h cker ttempting to g in un uthorized ccess to comp ny’s
d t b se.

Vulner bility:

A we kness in system th t c n be exploited by thre ts to g in un uthorized ccess or c use d m ge. Ex mple: Outd ted softw re th t h s known
security l ws, which c n be exploited by m lw re.
a
a
a
a
f
a
a
a
a
f
a
a
f
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
 Understanding Risk Management and Threat Landscapes
Risk M n gement: The process of identifying, ssessing, nd mitig ting risks to
reduce their imp ct on n org niz tion.

Risk Identi ic tion: Determine potenti l thre ts nd vulner bilities.

Risk Assessment: Ev lu te the likelihood nd imp ct of identi ied risks.

Risk Mitig tion: Implement str tegies to reduce or elimin te risks (e.g., pplying
p tches, improving security protocols).

Monitoring nd Review: Continuously monitor the risk environment nd djust
str tegies s needed.

Thre t L ndsc pes: The evolving environment of potenti l thre ts nd
vulner bilities ecting systems nd d t.

Components:

Thre t Actors: Individu ls or groups posing risks (e.g., cybercrimin ls, h ckers,
insider thre ts).

Thre t Vectors: Methods used by thre t ctors to exploit vulner bilities (e.g.,
phishing em ils, m lw re).

Emerging Thre ts: New nd evolving thre ts th t require vigil nce nd
d pt tion.
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
f
a
a
a
a
a
ff
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
f
a
a
a
a
a
a
a
a
a
a
a
 Data Protection and Privacy
Underst nding Person l D t

Wh t is Person l D t ?

Person l d t includes ny inform tion th t c n identify n individu l, either on its own or when combined with other inform tion.

Ex mples include:

Direct Identi iers:

N me, ddress, em il, phone number, Soci l Security number.

Indirect Identi iers:

IP ddress, cookies, browsing history, loc tion d t.

Risks of Exposed D t : When person l d t is exposed, it c n be used for identity theft, in nci l fr ud, or even h r ssment. For ex mple,
if h cker obt ins your credit c rd inform tion, they could m ke un uthorized purch ses, d m ging your in nci l st nding.

Ex mple of D t Exposure:

Equif x D t Bre ch (2017): Exposed the person l inform tion of over 147 million people, including Soci l Security numbers nd credit
c rd det ils, le ding to widespre d identity theft.
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
f
a
a
f
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
f
a
a
a
a
a
a
f
a
a
a
a
a
a
a
a
 Data Protection and Privacy
D t Encryption

Encryption converts d t into code to prevent un uthorized ccess. Only those with the correct
decryption key c n re d the d t.

How It Works:

When you send n encrypted mess ge, it is scr mbled into unre d ble text. The recipient’s device
then uses decryption key to turn it b ck into the origin l mess ge.

Using Encryption Tools: Here re some b sic tools nd methods for encrypting your d t :

Encrypted Mess ging Apps: Use pps like Sign l or Wh tsApp for end-to-end encrypted
communic tion, me ning only you nd the recipient c n re d the mess ges.

Encrypting Files: Use softw re like Ver Crypt to encrypt sensitive iles on your computer,
protecting them from un uthorized ccess.
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
f
a
a
a
a
 Privacy Laws
Gener l D t Protection Regul tion (GDPR) - Europe n Union

Purpose: The GDPR is comprehensive d t protection l w th t regul tes how person l d t
is collected, processed, nd stored by org niz tions oper ting within the EU or de ling with EU
citizens.

C liforni Consumer Priv cy Act (CCPA) - United St tes (C liforni )

Purpose: The CCPA gr nts C liforni residents rights reg rding the collection nd s le of their
person l inform tion by businesses.

Person l Inform tion Protection nd Electronic Documents Act (PIPEDA) - C n d

Purpose: PIPEDA sets rules for how businesses in C n d must h ndle person l inform tion in
the course of commerci l ctivities.
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a