Cybersecurity World PDF
Document Details
Tags
Summary
This document provides information on cybersecurity, including different types of cybersecurity criminals (like hackers), websites and the power of data, and cybersecurity domains and their importance. It also describes various technologies and concepts in cybersecurity.
Full Transcript
- This growing collection of data can help The Cybersecurity World - Cybersecurity people save energy, improve Domains efficiencies, and reduce safety risks. WEBSITES AND POWER OF DATA 1.2 CYBERSECURITY CRIMINALS VS - G...
- This growing collection of data can help The Cybersecurity World - Cybersecurity people save energy, improve Domains efficiencies, and reduce safety risks. WEBSITES AND POWER OF DATA 1.2 CYBERSECURITY CRIMINALS VS - GREAT BUSINESSES HAVE BEEN CYBERSECURITY SPECIALISTS CREATED BY COLLECTING AND CYBERSECURITY CRIMINALS HARNESSING THE POWER OF DATA - Hackers – This group of criminals AND DATA ANALYTICS breaks into computers or networks to - THESE BUSINESSES HAVE THE gain access for various reasons. RESPONSIBILITY TO PROTECT THIS - White hat attackers break into DATA FROM MISUSE AND networks or computer systems UNAUTHORIZED ACCESS THE to discover weaknesses in GROWTH OF DATA HAS CREATED order to improve the security GREAT OPPORTUNITIES FOR of these systems. CYBERSECURITY SPECIALISTS - Gray hat attackers are somewhere between white and DOMAINS black hat attackers. The gray - BUSINESS LARGE AND SMALL HAVE hat attackers may find a RECOGNIZED THE POWER OF BIG vulnerability and report it to the DATA AND DATA ANALYTICS owners of the system if that - ORGANIZATIONS LIKE GOOGLE, action coincides with their LINKEDIN, AMAZON PROVIDE agenda. IMPORTANT SERVICES AND - Black hat attackers are OPPORTUNITY FOR THEIR unethical criminals who violate CUSTOMERS computer and network - THE GROWTH IN DATA COLLECTION security for personal gain, or AND ANALYTICS POSES GREAT for malicious reasons, such as RISKS TO INDIVIDUALS AND attacking networks. MODERN LIFE - IF PRECAUTIONS ARE NOT TAKEN Criminals come in many different forms. Each TO PROTECT SENSITIVE DATA FROM have their own motives: CRIMINALS OR OTHERS WHO HAVE - Script Kiddies - Teenagers or INTENT TO HARM hobbyists mostly limited to pranks and vandalism, have CYBERSECURITY DOMAINS little or no skill, often using - Cyber experts now have the technology existing tools or instructions to track worldwide weather trends, found on the Internet to launch monitor the oceans, and track the attacks. movement and behavior of people, - Vulnerability Brokers - Grey hat animals and objects in real time. hackers who attempt to - New technologies, such as Geospatial discover exploits and report Information Systems (GIS) and the them to vendors, sometimes for Internet of Everything (IoE), have prizes or rewards. emerged. Each depends on collecting - Hacktivists - Grey hat hackers and analyzing tremendous amounts of who rally and protest against data. different political and social ideas. Hacktivists publicly protest against organizations or governments by posting real-time visualization of articles, videos, leaking attacks. sensitive information, and https://www.honeynet.org/node/ performing distributed denial 960 of service (DDoS) attacks. - Share Cyber Intelligence: - Cyber Criminals -These are InfraGard is an example of wide black hat hackers who are spread sharing of cyber either self-employed or intelligence. The InfraGard working for large cybercrime program is a partnership organizations. Each year, between the public and the cyber criminals are responsible private sector. The participants for stealing billions of dollars are dedicated to sharing from consumers and information and intelligence businesses. to prevent hostile - State Sponsored Hackers - cyberattacks. Depending on a person’s https://www.infragard.org/ perspective, these are either - ISM Standards: The ISO 27000 white hat or black hat hackers standards are an example of who steal government Information Security secrets, gather intelligence, Management Standards. The and sabotage networks. Their standards provide a targets are foreign framework for implementing governments, terrorist groups, cybersecurity measures and corporations. Most within an organization. countries in the world participate http://www.27000.org/ to some degree in - New Laws: The ISACA group state-sponsored hacking. track law enacted related to cyber security. These laws can Thwarting the cyber criminals is a difficult task, address individual privacy to company, government and international protection of intellectual organizations have begun to take coordinated property. Examples of these actions to limit or fend off cyber criminals. The laws include: Cybersecurity coordinated actions include: Act, Federal Exchange Data - Vulnerability Database: The Breach Notification Act and Nation Common Vulnerabilities the Data Accountability and and Exposures (CVE) database Trust Act. is an example of the http://www.isaca.org/cyber/page development of a national s/cybersecuritylegislation.aspx database. The CVE National Database was developed to 1.3 COMMON THREATS provide a publicly available COMMON THREATS THREAT ARENAS database of all known - Cybersecurity specialists possess the vulnerabilities. insight to recognize the influence of http://www.cvedetails.com/ data and harness that power to build - Early Warning Systems: The great organizations, provide services Honeynet project is an example and protect people from cyberattacks of creating Early Warning - Cyber Security specialists recognize Systems. The project provides a the threat that data poses if used HoneyMap which displays against people - A cybersecurity threat is the possibility that a harmful event, such as an attack, - On a personal level, everyone needs to will occur safeguard his or her identity, data, and - Cyber vulnerability is a weakness that computing devices. makes a target susceptible to an attack - At the corporate level, it is the - Cyber threats are particularly dangerous employees’ responsibility to protect the to certain industries and the type of organization’s reputation, data, and information they collect and protect customers. - At the state level, national security and The following examples are just a few the citizens’ safety and well-being are at SOURCES OF DATA that can come from stake. established organizations: - In the U.S., the National Security - Personal Information Agency (NSA) is responsible for - Medical Records intelligence collection and - Education Records surveillance activities. - Employment and Financial Records - The efforts to protect people’s way of life often conflicts with their right to privacy. Network services like DNS, HTTP and Online Databases are prime targets for cyber criminals. 1.4 SPREADING CYBERSECURITY THREATS - Criminals use packet-sniffing tools to HOW THREATS SPREAD capture data streams over a network. Attacks can originate from within an organization Packet sniffers work by monitoring or from outside of the organization, as shown in and recording all information coming the figure. across a network. - Criminals can also use rogue devices, Internal Security Threats such as unsecured Wi-Fi access - An internal user, such as an employee points. or contract partner, can accidentally or - Packet forgery (or packet injection) intentionally interferes with an established network - Internal threats have the potential to communication by constructing cause greater damage than external packets to appear as if they are part threats because internal users have of a communication. direct access to the building and its Domains include: infrastructure devices. Internal attackers - Manufacturing typically have knowledge of the - Industry Controls corporate network, its resources, and its - Automation confidential data. They may also have - SCADA knowledge of security countermeasures, - Energy Production and Distribution policies and higher levels of - Electrical Distribution and Smart administrative privileges. Grid - Oil and Gas External Security Threats - Communication - External threats from amateurs or skilled - Phone attackers can exploit vulnerabilities in - Email networked devices, or can use social - Messaging engineering, such as trickery, to gain - Transportation systems access. - Air Travel - External attacks exploit weaknesses or - Rail vulnerabilities to gain access to internal - Over the Road resources. Vulnerabilities of Mobile Devices - In the past, - The variety or range of data types and employees typically used company issued sources computers connected to a corporate LAN. There are numerous examples of big corporate - Today, mobile devices such as iPhones, hacks in the news. As a result, enterprise smartphones, tablets, and thousands of systems require dramatic changes in security other devices, are becoming powerful product designs and substantial upgrades to substitutes for, or additions to, the technologies and practices. Additionally, traditional PC. governments and industries are introducing - More and more people are using these more regulations and mandates that require devices to access enterprise better data protection and security controls to information. Bring Your Own Device help guard big data. (BYOD) is a growing trend. - The inability to centrally manage and SPREADING CYBERSECURITY THREATS update mobile devices poses a growing THREAT COMPLEXITY threat to organizations that allow Advanced Weapons employee mobile devices on their - Advanced persistent threat (APT) is a networks. continuous computer hack that occurs - under the radar against a specific Emergence Internet-of-Things - The Internet object. Criminals usually choose an APT of Things (IoT) is the collection of for business or political motives. technologies that enable the connection of - Algorithm attacks can track system various devices to the Internet. self-reporting data, like how much - IoT technologies enable people to energy a computer is using, and use connect billions of devices to the that information to select targets or Internet. These devices include trigger false alerts. Algorithmic attacks appliances, locks, motors, and are more devious because they entertainment devices, to name just a exploit designs used to improve few. energy savings, decrease system - This technology affects the amount of failures, and improve efficiencies. data that needs protection. Users - Intelligent selection of victims. In the access these devices remotely, which past, attacks would select the low increases the number of networks hanging fruit or most vulnerable victims. requiring protection. Many of the most sophisticated attacks - With the emergence of IoT, there is will only launch if the attacker can match much more data to be managed and the signatures of the targeted victim. secured. All of these connections, plus Broader Scope and Cascade Effect the expanded storage capacity and - Federated identity management refers storage services offered through the to multiple enterprises that let their Cloud and virtualization, has led to the users use the same identification exponential growth of data. credentials gaining access to the networks of all enterprises in the Impact of Big Data – Big data is the result of group. The goal of federated identity data sets that are large and complex, making management is to share identity traditional data processing applications information automatically across inadequate. Big data poses both challenges and castle boundaries. opportunities based on three dimensions: - The most common way to protect - The volume or amount of data federated identity is to tie login ability to - The velocity or speed of data an authorized device. Safety Implications maintenance required to ensure IT - There are many safety implications system performance and security associated with the dark forces of - Protect and Defend includes the cyber security including emergency identification, analysis, and call centers in the U.S. are vulnerable to mitigation of threats to internal cyberattacks that could shut down 911 systems and networks networks, jeopardizing public safety. - Investigate includes the investigation - A telephone denial of service (TDoS) of cyber events and/or cyber crimes attack uses phone calls against a involving IT resources target telephone network tying up the - Collect and Operate includes system and preventing legitimate calls specialized denial and deception from getting through. operations and the collection of - The next generation 911 call centers are cybersecurity information vulnerable because they use - Analyze includes highly specialized Voice-over-IP (VoIP) systems rather review and evaluation of incoming than traditional landlines. cybersecurity information to determine if it is useful for intelligence Heightened Recognition of Cybersecurity - Oversight and Development provides Threats for leadership, management, and - The defenses against cyberattacks at direction to conduct cybersecurity the start of the cyber era were low. A work effectively smart high school student or script - Securely Provision includes kiddie could gain access to systems. conceptualizing, designing, and - Now, countries across the world have building secure IT systems become more aware of the threat of cyberattacks. The threat posed by Within each category, there are several specialty cyberattacks now heads the list of areas. The specialty areas then define common greatest threats to national and types of cybersecurity work. economic security in most countries. ONLINE CYBERSECURITY COMMUNITIES 1.5 CREATING MORE EXPERTS ] Professional Organizations CREATING MORE EXPERTS A WORKFORCE - Cybersecurity specialists must FRAMEWORK FOR CYBERSECURITY collaborate with professional Addressing the Shortage of Cybersecurity colleagues frequently. International Specialists technology organizations often sponsor - In the U.S., the National Institute of workshops and conferences. Visit each Standards and Technologies (NIST) site with your class and explore the created a framework for companies and resources available. organizations in need of cybersecurity professionals. The framework enables Cybersecurity Student Organizations and companies to identify the major types Competitions of responsibilities, job titles, and - Cybersecurity specialists must have workforce skills needed. the same skills as hackers, especially black hat hackers, in order to protect The Seven Categories of Cybersecurity Work against attacks. The Workforce Framework categorizes - How can an individual build and practice cybersecurity work into seven categories. the skills necessary to become a - Operate and Maintain includes providing cybersecurity specialist? the support, administration, and - Student skills competitions are a great is a globally recognized industry way to build cybersecurity knowledge certification in the security field. skills and abilities. - ISACA Certified Information Security - There are many national cybersecurity Manager (CISM) – Cybersecurity skills competitions available to specialists responsible for managing, cybersecurity students. developing and overseeing information security systems at the CYBERSECURITY CERTIFICATIONS enterprise level or for those developing Industry Certifications best security practices can qualify for In a world of cybersecurity threats, there CISM. is a great need for skilled and knowledgeable - Company Sponsored Certifications - information security professionals. The IT Another important credential for industry established standards for cybersecurity specialists are cybersecurity specialists to obtain company-sponsored certifications. professional certifications that provide proof These certifications measure of skills, and knowledge level. knowledge and competency in installing, configuring, and maintaining - CompTIA Security+ - Security+ is a vendor products. Cisco and Microsoft CompTIA-sponsored testing program are examples of companies with that certifies the competency of IT certifications that test knowledge of their administrators in information products. assurance. - Cisco Certified Network Associate - EC-Council Certified Ethical Hacker Security (CCNA Security) - The CCNA (CEH) – CEH is an intermediate-level Security certification validates that a certification that asserts that cybersecurity specialist has the cybersecurity specialists holding this knowledge and skills required to credential possess the skills and secure Cisco networks knowledge for various hacking practices. How to Become a Cybersecurity Specialist - SANS GIAC Security Essentials (GSEC) - The GSEC certification is a good Cybersecurity specialists must be able choice for an entry-level credential for to respond to threats as soon as they occur. This cybersecurity specialists who can means that the working hours can be somewhat demonstrate that they understand unconventional. Cybersecurity specialists also security terminology and concepts analyze policy, trends, and intelligence to and have the skills and expertise understand how cyber criminals think. Many required for “hands-on” security times, this may involve a large amount of roles. The SANS GIAC program offers a detective work. Here is good advice for number of additional certifications in the becoming a cybersecurity specialist: fields of security administration, - Study: Learn the basics by completing forensics, and auditing. courses in IT. Be a life-long learner. - (ISC)^2 Certified Information Systems Cybersecurity is an ever-changing Security Professional (CISSP) - The field, and cybersecurity specialists CISSP certification is a vendor-neutral must keep up. certification for those cybersecurity - Pursue Certifications: Industry and specialists with a great deal of company sponsored certifications technical and managerial experience. from organizations such as Microsoft It is also formally approved by the and Cisco prove that one possesses the U.S. Department of Defense (DoD) and knowledge needed to seek employment - Availability means data are as a cybersecurity specialist. accessible when you need - Pursue Internships: Seeking out a them. security internship as a student can lead to opportunities down the road. SECURITY GOVERNANCE PRINCIPLES - Join Professional Organizations: Join Security governance principles play a computer security organizations, crucial role in maintaining an attend meetings and conferences, organization’s cybersecurity posture. and join forums and blogs to gain There are six key principles: knowledge from the experts. - Responsibility - Strategy - Acquisition - Performance What is security and risk Management? - Conformance - Human Behavior - Security and risk management involve identifying, assessing, and - Responsibility- Clearly define roles and controlling risks to an organization’s responsibilities for security across the capital, earnings, and critical assets. organization. These risks can arise from various - Strategy- Align security efforts with the sources, including financial uncertainty, overall business strategy legal liabilities, strategic management - Acquisition- When acquiring new errors, accidents, and natural disasters. technologies or services, evaluate their Specifically, cyber risk management security implications. focuses on information systems, aiming - Performance- Continuously monitor to reduce the impact and likelihood of and assess security performance. threats such as cyberattacks, employee - Conformance- Ensure compliance with mistakes, and natural disasters. It’s an relevant regulations, standards, and essential part of broader enterprise risk policies. management efforts, allowing - Human Behavior- Promote secure companies to safeguard their profits, behaviors among employees. data, and reputation CYBERATTACK - Is an attempt by WHAT IS CIA TRIAD? cybercriminals, hackers or other digital - The CIA Triad or Confidentiality, adversaries to access a computer network or Integrity, and Availability is a guiding system, usually for the purpose of altering, model in information security. A stealing, destroying or exposing information comprehensive information security Common types cyberattacks strategy includes policies and security - Malware- or malicious software — is controls that minimize threats to these any program or code that is created three crucial components. with the intent to do harm to a - Confidentiality refers to computer, network or server. protecting information from - Ransomware- an adversary encrypts a unauthorized access. victim’s data and offers to provide a - Integrity means data are decryption key in exchange for a trustworthy, complete, and payment. have not been accidentally - Fileless Malware- Fileless malware is a altered or modified by an type of malicious activity that uses unauthorized user. native, legitimate tools built into a C-level executive employees with the system to execute a cyber attack. purpose of stealing money or - Spyware- type of unwanted, malicious information, or gaining access to the software that infects a computer or other person’s computer in order to device and collects information about execute further cyberattacks. a user’s web activity without their - Smishing- is the act of sending knowledge or consent. fraudulent text messages designed to - Adware- type of spyware that trick individuals into sharing watches a user’s online activity in sensitive data such as passwords, order to determine which ads to show usernames and credit card numbers. them. While adware is not inherently - Vishing- a voice phishing attack, is malicious, it has an impact on the the fraudulent use of phone calls and performance of a user’s device and voice messages pretending to be from degrades the user experience. a reputable organization to convince - Trojan- malware that appears to be individuals to reveal private information legitimate software disguised as such as bank details and passwords. native operating system programs or - Spoofing- is a technique through which harmless files like free downloads. a cybercriminal disguises themselves Trojans are installed through social as a known or trusted source. engineering techniques such as - Man-in-the-middle attack- is a type of phishing or bait websites. cyberattack in which an attacker - Worm- a self-contained program that eavesdrops on a conversation replicates itself and spreads its copies between two targets with the goal of to other computers. collecting personal data, (passwords - Rootkits- a collection of software or banking details). designed to give malicious actors - Social engineering- is a technique control of a computer network or where attackers use psychological application. Once activated, the tactics to manipulate people into malicious program sets up a backdoor taking a desired action. exploit and may deliver additional - Tailgating/piggybacking- is a type of malware. physical security breach in which an - Keylogger- are tools that record what unauthorized person follows an a person types on a device. authorized individual to enter secured - Denial -of-Service (DoS) attacks- is a premises. malicious, targeted attack that floods a network with false requests in order to disrupt business operations. - Phishing- a type of cyberattack that What is Information classification? uses email, SMS, phone, social media, and social engineering Information classification is a process techniques to entice a victim to share used in information security to categorize sensitive information — such as data based on its level of sensitivity and passwords or account numbers. importance. The purpose of classification is - Spear Phishing- type of phishing attack to protect sensitive information by that targets specific individuals or implementing appropriate security controls organizations typically through based on the level of risk associated with malicious emails. that information. - Whaling- is a type of social engineering Information classification also includes a attack specifically targeting senior or process of labeling the information with the appropriate classification level and asset, according to the risk of loss or implementing access controls to ensure that harm from disclosure. only authorized individuals can access the Confidential Information – information information. This is done through the use of that is protected as confidential by all security technologies such as firewalls, intrusion entities included or impacted by the detection systems, and encryption. information. The highest level of security measures should be applied to such There are several different classification data. schemes that organizations can use, but they Classified Information – information generally include a few common levels of that has restricted access as per law or classification, such as: regulation. - Public- Information that is not sensitive Restricted Information – information and can be shared freely with anyone. that is available to most but not all - Internal- Information that is sensitive employees. but not critical, and should only be Internal Information – information that shared within the organization. is accessible by all employees - Confidential- Information that is Public Information – information that sensitive and requires protection, and everyone within and outside the should only be shared with authorized organization can access individuals or groups. - Secret- Information that is extremely Label each information asset sensitive and requires the highest - After classifying information by its value, level of protection, and should only be the asset owner should implement a shared with a select group of authorized clear and consistent labeling system individuals. for both physical and digital data. - Top Secret- Information that if disclosed This system can use numeric or would cause exceptionally grave alphabetic order, as long as it's easy to damage to the national security and understand and follow. Adding visual access to this information is restricted to labels to document headers and footers a very small number of authorized helps raise security awareness, individuals with a need-to-know. encouraging employees to avoid sharing sensitive information through USB How to classify information? drives, email, or cloud services. Classifying information may seem easy, but when we talk about information in high volume, Method of handling each information asset variety and importance, carrying out this task - Finally, after classifying and labeling becomes a lot more complex. There are three its information assets, the organization steps that make this process easier to follow: should establish rules and a plan to 1. Assigning value to the information protect them according to their assets. classification. For example, public 2. Label each information asset. information can be stored in accessible 3. Method of handling each information locations or shared on the company’s asset. social media, while classified information should be securely locked Assigning value to the information assets away, either on a safe server or - To have an efficient classification of physically monitored by security information, the organization should personnel assign a value to each information Data and System ownership responsibility for maintaining data accuracy, completeness, and consistency. They are Data Ownership motivated to implement data quality measures, - a fundamental concept within data establish data validation processes, and enforce governance that plays a crucial role in data governance policies to safeguard data ensuring the effective management, integrity. accountability, and utilization of data assets. Data ownership refers to the Compliance and Regulatory Requirements- designation of authority over specific Data ownership is closely linked to compliance sets of data. It defines who has the with regulatory requirements. Designating data legal right to control, utilize, and manage owners ensures that individuals are that data. accountable for understanding and adhering System Ownership to data protection and privacy regulations. - on the other hand, involves Data owners can monitor data usage, responsibility for the maintenance, implement necessary security measures, and operation, and security of a specific IT ensure compliance with legal obligations, system. The system owner ensures the mitigating risks associated with data breaches system runs smoothly, is updated and non-compliance. regularly, and is protected against security threats. How can i Protect my privacy? Importance of Data Ownership Privacy concerns have become increasingly Accountability and Decision-Making - Data significant as more personal and sensitive data ownership provides a clear line of is collected and shared online. Here are some accountability for the management and key aspects to consider: integrity of data. When a designated owner is - Privacy Concerns responsible for a specific data set, they take - Privacy Laws ownership of its quality, accuracy, and - Measures to Protect Personal Data compliance with regulatory requirements. This accountability ensures that data-related Privacy Concerns decisions can be made promptly, - Data Breaches: Unauthorized access leading to faster and more effective to personal data can lead to identity decision-making processes theft, financial loss, and privacy violations. Data Governance Framework- Data ownership - Surveillance: Governments and serves as a foundational element of a robust organizations may monitor individuals’ data governance framework. It establishes activities, raising concerns about roles, responsibilities, and decision-making privacy and civil liberties. authority, enabling organizations to define and - Data Misuse: Companies may use enforce data-related policies, standards, and personal data for purposes beyond processes. Without clear data ownership, data what users consented to, such as governance initiatives can become fragmented, targeted advertising or selling data to leading to inconsistent practices and hindered third parties. data management efforts Privacy Laws Data Quality and Integrity- Data ownership - General Data Protection Regulation plays a pivotal role in ensuring data quality and (GDPR): This EU regulation provides integrity. When data ownership is clearly comprehensive data protection and assigned, the designated owner takes privacy for individuals within the European Union. It mandates strict rights, allowing Americans to have consent requirements and gives more control over who can access their individuals the right to access and personal data. delete their data. - Health Insurance Portability and Accountability Act (HIPAA): In the U.S., HIPAA protects sensitive health information from being disclosed without the patient’s consent or knowledge. - California Consumer Privacy Act (CCPA): This law gives California residents the right to know what personal data is being collected about them, to whom it is being sold, and the ability to access and delete their data. Measures to Protect Personal Data - Encryption: Encrypting data ensures that it is unreadable to unauthorized users. - Access Controls: Implementing strict access controls helps ensure that only authorized individuals can access sensitive data. - Regular Audits: Conducting regular audits and assessments can help identify and mitigate potential vulnerabilities. - User Education: Educating users about privacy risks and safe practices can empower them to protect their own data. Recent Development In 2024, President Biden issued an executive order to protect Americans’ sensitive personal data from exploitation by countries of concern. This order includes regulations to safeguard genomic data, biometric data, personal health data, geolocation data, financial data, and other personal identifiers. Key Aspects: - Regulation of Sensitive Data: The order imposes new restrictions on sharing and processing sensitive personal data, particularly when it could be accessed by foreign governments. - Stronger Consumer Protections: The executive order strengthens consumer MINDMAP FOR MODULE 1 MINDMAP FOR MODULE 2 MINDMAP FOR MODULE 3