Foundation in Cybersecurity 1.pdf
Document Details
Tags
Full Transcript
Foundations in Cybersecurity Introduction to Cybersecurity Discussions Wh t do you think cybersecurity is ll bout? Why do you think it's import nt to keep our inform tion s fe online? C n you n me some common online thre ts or d ngers?...
Foundations in Cybersecurity Introduction to Cybersecurity Discussions Wh t do you think cybersecurity is ll bout? Why do you think it's import nt to keep our inform tion s fe online? C n you n me some common online thre ts or d ngers? H ve you ever he rd of "encryption"? Wh t do you think it does? Wh t comes to mind when you he r the term "cyber tt ck"? C n you give n ex mple? Do you know the di erence between virus, worm, nd Troj n horse in the context of computer thre ts? Why do you think using strong p sswords nd two-step veri ic tion is import nt? H ve you ever received suspicious em il or mess ge? Wh t did it sk you to do? Wh t do you think irew lls nd ntivirus progr ms do to protect our computers? Wh t re some simple things you c n do to protect yourself from online thre ts? a a a a a a a a a a f ff a a a a a a a a a a a a a a a a a a a a a a a a a f a a a a a a a a a a Lecture: Introduction to Cybersecurity and Its Signi icance Wh t is Cybersecurity? Cybersecurity is the pr ctice of s fegu rding systems, networks, nd progr ms from digit l tt cks imed t ccessing, ltering, or destroying sensitive inform tion, extorting money, or disrupting oper tions. Signi ic nce; Prevents un uthorized ccess, theft, nd d m ge to inform tion. Ensures business continuity nd protects n tion l security. Essenti l for compli nce with leg l nd regul tory requirements. a a f a a a a a a a a a a a a a a a a a a a a a a a a a a a a f Importance of Cybersecurity in Protecting Data, Systems, and Networks Protection of Sensitive D t : Person l, in nci l, nd business inform tion need s fegu rding. Prevents identity theft nd priv cy viol tions. System Integrity: Ensures systems oper te correctly nd d t is not t mpered with. M int ins trustworthiness of inform tion. Network Security: Protects g inst un uthorized ccess nd cyber tt cks. Ensures reli ble nd uninterrupted network services. a a a a f a a a a a a a a a a a a a a a a a a a a a a a a a Overview of the Cybersecurity Landscape Thre t Actors: N tion-st te ctors: Conduct cyber espion ge nd s bot ge. Cybercrimin ls: Eng ge in illeg l ctivities for in nci l g in. H cktivists: Use cyber tt cks for politic l gend s. Insider thre ts: Misuse ccess to systems nd d t. a a a a a a a a a a a a f a a a a a a a a a a a a a a Common Cyber tt cks: M lw re: Viruses, worms, r nsomw re, etc. Phishing: Fr udulent ttempts to obt in sensitive inform tion. DDoS Att cks: Overlo ding networks to disrupt services. M n-in-the-Middle (MitM) Att cks: Intercepting communic tions. SQL Injection: Exploiting d t b se vulner bilities. Zero-D y Exploits: Att cking unknown softw re vulner bilities. Credenti l Stu ing: Using stolen login credenti ls. a a a a a a a a a a a ff a a a a a a a a a a a a a a Real-World Impacts of Cybersecurity Breaches Fin nci l Losses: Costs ssoci ted with recovery nd fr ud. Loss of revenue nd potenti l ines. Reput tion D m ge: Loss of customer trust nd br nd v lue. Neg tive publicity nd long-term business imp ct. Oper tion l Disruptions: Downtime nd service interruptions. Imp ct on productivity nd business oper tions. Leg l Consequences: Regul tory ines nd pen lties. Leg l ctions from ected p rties. a a a a a a a a a a a a a f a a a a a a a ff a a a a a a f a a a a a Case Studies Equif x D t Bre ch (2017): Overview: Equif x, m jor credit reporting gency, su ered m ssive d t bre ch ecting 147 million customers. Imp ct: Exposed person l inform tion including Soci l Security numbers, birth d tes, nd ddresses. Consequences: Fin nci l losses, d m ge to reput tion, nd leg l pen lties. Highlighted the need for robust d t protection nd timely p tching of vulner bilities. W nn Cry R nsomw re Att ck (2017): Overview: A glob l r nsomw re tt ck using worm to spre d through networks, encrypting d t nd dem nding r nsom p yments. Imp ct: A ected over 200,000 computers cross 150 countries, disrupting businesses, hospit ls, nd government services. Consequences: Emph sized the import nce of regul r upd tes, b ckups, nd cybersecurity w reness tr ining. T rget D t Bre ch (2013): Overview: H ckers g ined ccess to T rget’s network through third-p rty vendor, compromising the credit nd debit c rd inform tion of 40 million customers. Imp ct: Signi ic nt in nci l loss, reput tion d m ge, nd loss of customer trust. Consequences: Led to incre sed focus on supply ch in security nd vendor m n gement. Sol rWinds Att ck (2020): Overview: A sophistic ted supply ch in tt ck where m licious code w s injected into Sol rWinds’ Orion softw re, ecting numerous government nd priv te org niz tions. Imp ct: Extensive d t bre ches nd potenti l espion ge, with wide-re ching implic tions for n tion l security. Consequences: Highlighted vulner bilities in softw re supply ch ins nd the need for enh nced security me sures. a a a a a a a a a a ff a a a a f a a a a a a a a a f a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a ff a a a a a a a a a a a a a a a a a a a a a a a a a a a a ff a a a a a a a a a a a a a a a a a a a a a a ff a a a a a a a a a a Lecture: Essential Cybersecurity Concepts CIA Tri d Con identi lity: Ensures th t inform tion is ccessible only to those uthorized to ccess it. Ex mple: Encrypting sensitive em ils to ensure only the intended recipient c n re d them. Integrity: Ensures th t d t is ccur te nd h s not been t mpered with. Ex mple: Using digit l sign tures to verify th t document h s not been ltered. Av il bility: Ensures th t inform tion nd resources re ccessible to uthorized users when needed. Ex mple: Implementing redund ncy nd f ilover systems to m int in website uptime during server f ilures. Risk: The potenti l for loss or d m ge when thre t exploits vulner bility. Ex mple: The risk of d t theft if n org niz tion’s network is not protected by strong irew lls nd encryption. Thre t: Any potenti l d nger or m licious ctivity th t could exploit vulner bility. Ex mple: A h cker ttempting to g in un uthorized ccess to comp ny’s d t b se. Vulner bility: A we kness in system th t c n be exploited by thre ts to g in un uthorized ccess or c use d m ge. Ex mple: Outd ted softw re th t h s known security l ws, which c n be exploited by m lw re. a a a a f a a a a f a a f a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a Understanding Risk Management and Threat Landscapes Risk M n gement: The process of identifying, ssessing, nd mitig ting risks to reduce their imp ct on n org niz tion. Risk Identi ic tion: Determine potenti l thre ts nd vulner bilities. Risk Assessment: Ev lu te the likelihood nd imp ct of identi ied risks. Risk Mitig tion: Implement str tegies to reduce or elimin te risks (e.g., pplying p tches, improving security protocols). Monitoring nd Review: Continuously monitor the risk environment nd djust str tegies s needed. Thre t L ndsc pes: The evolving environment of potenti l thre ts nd vulner bilities ecting systems nd d t. Components: Thre t Actors: Individu ls or groups posing risks (e.g., cybercrimin ls, h ckers, insider thre ts). Thre t Vectors: Methods used by thre t ctors to exploit vulner bilities (e.g., phishing em ils, m lw re). Emerging Thre ts: New nd evolving thre ts th t require vigil nce nd d pt tion. a a a a a a a a a a a a a a a f a a a a a ff a a a a a a a a a a a a a a a a a a a a a a a a a a a a a f a a a a a a a a a a a Data Protection and Privacy Underst nding Person l D t Wh t is Person l D t ? Person l d t includes ny inform tion th t c n identify n individu l, either on its own or when combined with other inform tion. Ex mples include: Direct Identi iers: N me, ddress, em il, phone number, Soci l Security number. Indirect Identi iers: IP ddress, cookies, browsing history, loc tion d t. Risks of Exposed D t : When person l d t is exposed, it c n be used for identity theft, in nci l fr ud, or even h r ssment. For ex mple, if h cker obt ins your credit c rd inform tion, they could m ke un uthorized purch ses, d m ging your in nci l st nding. Ex mple of D t Exposure: Equif x D t Bre ch (2017): Exposed the person l inform tion of over 147 million people, including Soci l Security numbers nd credit c rd det ils, le ding to widespre d identity theft. a a a a a a a a a a a a a a a a f a a f a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a f a a a a a a f a a a a a a a a Data Protection and Privacy D t Encryption Encryption converts d t into code to prevent un uthorized ccess. Only those with the correct decryption key c n re d the d t. How It Works: When you send n encrypted mess ge, it is scr mbled into unre d ble text. The recipient’s device then uses decryption key to turn it b ck into the origin l mess ge. Using Encryption Tools: Here re some b sic tools nd methods for encrypting your d t : Encrypted Mess ging Apps: Use pps like Sign l or Wh tsApp for end-to-end encrypted communic tion, me ning only you nd the recipient c n re d the mess ges. Encrypting Files: Use softw re like Ver Crypt to encrypt sensitive iles on your computer, protecting them from un uthorized ccess. a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a f a a a a Privacy Laws Gener l D t Protection Regul tion (GDPR) - Europe n Union Purpose: The GDPR is comprehensive d t protection l w th t regul tes how person l d t is collected, processed, nd stored by org niz tions oper ting within the EU or de ling with EU citizens. C liforni Consumer Priv cy Act (CCPA) - United St tes (C liforni ) Purpose: The CCPA gr nts C liforni residents rights reg rding the collection nd s le of their person l inform tion by businesses. Person l Inform tion Protection nd Electronic Documents Act (PIPEDA) - C n d Purpose: PIPEDA sets rules for how businesses in C n d must h ndle person l inform tion in the course of commerci l ctivities. a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a