Introduction to Cyber Security Lecture Notes PDF

Summary

These lecture notes provide an introduction to cyber security. Key topics covered include authentication, authorization, and various security concepts and principles. The document is intended for an educational setting, such as an undergraduate level.

Full Transcript

Introduction to
Cyber Security
Lecture 2-3
 Agenda
Information Security Triad
Additional goals of cyber security
Authorization and Authentication
Types of Authentication
Why Cyber Security is Important?
Types of Cyber Security Threats
Key Concepts in Cybersecurity
Cyber Security Principles
Cyber Security Frameworks and Standards
Key Roles in Cybersecurity
The Cyber Security Lifecycle
Emerging Trends in Cyber Security
Information Security Triad

Availability: Ensuring that systems and data
are available for use when needed.
 Additional goals in cyber Security

Authentication and Authorization
Authentication is the process of verifying the identity of a user,
device, or system to ensure that the entity requesting access is
who they claim to be.

Purpose: Authentication ensures that only legitimate users or
systems are able to gain access to services, data, or resources by
proving their identity through various methods.
 Types of Authentication
Single-Factor Authentication (SFA): Verifying identity with just
one method, typically a password.
Two-Factor Authentication (2FA): Requires two methods of
verification, such as a password and a one-time code sent to a
phone.
Multi-Factor Authentication (MFA): Involves three or more
methods of verification, such as something the user knows
(password), something the user has (smartphone), and something
the user is (fingerprint).

Examples of Authentication:
Logging into an account using a username and password.
Biometric authentication such as fingerprint or facial recognition.
Using a hardware token or a mobile app for 2FA.
 Authorization

Authorization is the process of determining whether a user,
device, or system has the right to access certain resources or
perform specific actions after they have been authenticated.

Purpose: Once a user is authenticated, authorization controls
what resources or actions the user is allowed to access. It
typically involves assigning roles and permissions based on
user identity.
 Authorization

Key Concepts:
Access Control Lists (ACLs): Lists that define which users or
systems are authorized to access specific resources.
Role-Based Access Control (RBAC): Assigning permissions based
on the user’s role within an organization (e.g., admin, user, guest).
Least Privilege: The principle that users should only have access to
the resources and permissions necessary for their tasks.

Examples of Authorization:
A regular user can read a document, while an admin can edit or delete it.
An employee may be authorized to access specific files within a company's database, but not the
entire system.
Additional Concepts Related to Authentication
1- Non-repudiation: ensures that a party in a communication cannot deny the
authenticity of their signature or the sending of a message. In digital
communications, it provides evidence of the integrity and origin of data.

Purpose: Non-repudiation is important for accountability. It ensures that once
an action has been performed (e.g., sending an email, signing a contract), the
party who performed it cannot later deny having done so.

Methods:
o Digital Signatures: Cryptographic techniques that confirm the sender's
identity and that the message has not been altered.
o Audit Logs: Recorded evidence showing the actions a user took, which is
particularly useful for forensic analysis.

Examples of Non-repudiation:
A digital contract signed with a private key that proves the identity of the signer and can’t be
denied later.
Email services that provide delivery receipts and read receipts.
Additional Concepts Related to Authentication
2- Auditability refers to the ability to track, log, and review actions and events
that occur within a system. It provides transparency and the means to detect,
analyze, and review activities for compliance, investigation, and security
purposes.
Purpose: Auditability is crucial for ensuring that activities within a system
can be monitored and traced back to their origin. It allows organizations to
detect anomalies, investigate security incidents, and maintain compliance
with regulations.

Key Elements:
Audit Logs: Detailed logs that record events such as login attempts, data
access, system changes, and network traffic.
Audit Trails: Chronological records that trace the sequence of actions
taken within a system.

Examples of Auditability:
A system administrator reviewing access logs to detect unauthorized login attempts.
A financial institution maintaining audit trails for every transaction to meet requirements.
Additional Concepts Related to Authentication
3- Third-party protection refers to security measures and controls in place to
protect the interactions between organizations and third-party vendors or service
providers.
Purpose: As organizations increasingly rely on third-party providers (e.g.,
cloud services, software vendors), third-party protection ensures that these
partnerships don’t expose sensitive data to undue risks. It involves contractual
agreements, regular audits, and compliance checks.

Key Elements:
Vendor Risk Management: Assessing and managing the risk posed by third-
party service providers.
Third-Party Audits: Independent reviews of third-party security measures to
ensure they meet required standards.
Service-Level Agreements (SLAs): Contracts that define the level of service
and security obligations between an organization and a third party.
Examples of Third-Party Protection:
Ensuring that a cloud service provider complies with data security standards like ISO 27001.
Regularly auditing third-party suppliers to ensure they are following agreed-upon security protocols.
Implementing encryption when data is shared between a company and its third-party partners.
 Goals of Cyber Security

Summary Table

Task 1
 Take home task
1- https://mockapi.io/
2- https://github.com/mockapi-io/docs/wiki/Quick-start-guide#projects
3-
o a. Identifying roles within an organization (Admin, Manager, Employee, Guest)
o b. Defining permissions for each role (which parts of a website or system can
each role access)
Authentication: Logging in using different roles (use pre-configured usernames and
passwords for different roles).
Authorization: Testing what each role can do (e.g., Admins can delete users,
Managers can approve reports, etc.).
4-
Step 1: Each group receives login credentials for different user roles (e.g.,
admin:admin123, employee:emp123).
Step 2: They log in with different roles and attempt to access various parts of the
app.
Step 3: They document which sections were accessible for each role and discuss
why (authentication vs authorization).
5-
o Present findings: What could each role access? How was authentication
handled?
o Discuss what happens if authentication fails (incorrect password) and what
happens if authorization fails (trying to access something they shouldn't).
 Why is Cyber Security Important?

Cyber Security is essential because of the following reasons:
Data Protection: Safeguarding personal, financial, and
confidential business information.
Business Continuity: Protecting businesses from attacks that
could disrupt operations.
Preventing Financial Loss: Cyberattacks can result in
significant financial losses.
Preserving Reputation: A cyberattack can damage an
organization’s reputation.
Legal Requirements: Many industries are regulated and
required to meet certain cybersecurity standards.
 Types of Cyber Security Threats
There are several types of cyber threats, including:
Malware: Malicious software such as viruses, worms,
Trojans, and ransomware that harm systems or steal data.
Phishing: Fraudulent attempts to obtain sensitive information
by pretending to be a legitimate entity.
Man-in-the-Middle (MitM) Attacks: Where attackers
intercept communications between two parties.
Denial-of-Service (DoS) and Distributed Denial-of-Service
(DDoS) Attacks: Where attackers overwhelm a system to
make it unavailable.
SQL Injection: A method used to exploit vulnerabilities in
databases to gain unauthorized access.
Zero-Day Exploits: Attacks targeting previously unknown
vulnerabilities before a patch is available.
 Key Concepts in Cyber Security
Attack Surface: The total points of entry that an attacker can
use to enter a system.
Vulnerability: A weakness in a system or network that can be
exploited by attackers.
Threat: Any potential danger that could exploit a vulnerability
to breach security.
Risk: The potential for loss or damage when a threat exploits a
vulnerability.
Exploit: A method or tool used to take advantage of a
vulnerability in a system.
Defense-in-Depth: A strategy that uses multiple layers of
security to protect systems from threats.
 Cyber Security Principles
Least Privilege: Users should have the minimum level of
access necessary to perform their duties.
Separation of Duties: Dividing tasks and privileges so that no
single individual has control over all aspects of a critical
function.
Defense in Depth: Using multiple security controls to protect
against threats.
Zero Trust: No one, whether inside or outside the network,
should be trusted by default.
Security by Design: Security measures should be
incorporated into systems from the ground up.
Cyber Security Frameworks and Standards

There are several frameworks and standards organizations follow
to ensure their cybersecurity is robust. These include:

NIST Cybersecurity Framework (National Institute of
Standards and Technology): A widely used framework that
provides best practices for managing cybersecurity risk.
ISO/IEC 27001: A standard for managing information
security.
CIS Controls: A set of prioritized actions to protect
organizations from cyberattacks.
 Key Roles in Cyber Security
Security Analyst: Monitors and investigates security incidents and
threats.

Security Engineer: Designs and implements security solutions.

Penetration Tester (Ethical Hacker): Simulates attacks to find
weaknesses before malicious actors do.

Chief Information Security Officer (CISO): Oversees an
organization’s entire cybersecurity strategy.

Incident Responder: Responds to cybersecurity incidents and
works to contain and mitigate damage.
 The Cyber Security Lifecycle

Restore normal operations Understand risks and establish
after a security incident security policies and controls.

Take action when an Implement security measures
incident occurs to limit to safeguard systems and data.
damage.

Monitor systems for
potential threats or breaches
 Emerging Trends in Cyber Security

Artificial Intelligence (AI) and Machine Learning (ML): Used to
detect anomalies and respond to threats faster than traditional methods.
Cloud Security: Protecting data, applications, and infrastructure in the
cloud.
Internet of Things (IoT) Security: Securing interconnected devices that
exchange data over networks.
Blockchain for Security: Leveraging decentralized and secure data
storage for security.
Quantum Computing: Both a potential risk (due to breaking encryption)
and a future tool for advanced security.
 Best Practices for Cyber Security

Use Strong Passwords: Avoid weak or easily guessed passwords.
Consider using a password manager.
Enable Two-Factor Authentication (2FA): Adds an extra layer of
security beyond just a password.
Regularly Update Software: Keep systems and applications
updated to prevent vulnerabilities.
Backup Data Regularly: Protects against data loss from
ransomware or system failure.
Educate Users: Train employees and individuals about
cybersecurity risks and safe practices.
Implement Firewalls and Intrusion Detection Systems (IDS):
Provides a barrier and detection for potential attacks.
Legal, ethical, and professional issues
1- Legal Issues in Information Security
Data Protection Laws: These laws govern how organizations collect,
store, and process personal information. Notable examples include:

GDPR (General Data Protection Regulation): In the EU, it
provides strict guidelines on data privacy, security, and individuals'
rights over their data.

CCPA (California Consumer Privacy Act): Focuses on data
privacy rights for residents of California.

HIPAA (Health Insurance Portability and Accountability Act): In
the U.S., mandates protections for sensitive patient data in
healthcare.
Legal, ethical, and professional issues
1- Legal Issues in Information Security
Intellectual Property Laws: These laws protect the rights of individuals
and organizations to their digital products, content, and software.
Violations can lead to penalties for theft or unauthorized use of
proprietary information.

Cybercrime Laws: These address illegal activities such as hacking, fraud,
identity theft, and distribution of malware. Examples include the
Computer Fraud and Abuse Act (CFAA) in the U.S.

Compliance Requirements: Industry-specific regulations (e.g., PCI-DSS
for payment card information) dictate how companies secure sensitive
information to prevent breaches and fraud.
Legal, ethical, and professional issues
2. Ethical Issues in Information Security
Privacy vs. Security: Striking a balance between the need to secure
information and the right to privacy is a perennial challenge. For example,
organizations must collect data for security purposes (such as logging)
without infringing on employees’ or customers' personal privacy.

Surveillance: Whether it's for cybersecurity purposes or national security,
surveillance can raise ethical questions about the extent of monitoring
employees, users, or citizens.
Legal, ethical, and professional issues
2. Ethical Issues in Information Security
Ethical Hacking: Security professionals often engage in penetration
testing and vulnerability assessments to identify weaknesses. However,
hacking (even for ethical reasons) without proper consent can lead to legal
and ethical issues.

Whistleblowing: Exposing security lapses or unethical practices often
creates ethical dilemmas. While whistleblowers may seek to protect the
public interest, they may face legal and professional retaliation.
 Legal, ethical, and professional issues
3. Professional Issues in Information Security
Conflicts of Interest: Security professionals may face conflicts between
personal interests and their duty to their employer or clients. For example,
a security consultant should not advise a client in a way that benefits them
financially at the expense of the client’s security.

Liability: Security professionals may be held liable for breaches or
security failures, particularly if these result from negligence or a failure to
follow industry standards.
 Legal, ethical, and professional issues
3. Professional Issues in Information Security
Conflicts of Interest: Security professionals may face conflicts between
personal interests and their duty to their employer or clients. For example,
a security consultant should not advise a client in a way that benefits them
financially at the expense of the client’s security.

Liability: Security professionals may be held liable for breaches or
security failures, particularly if these result from negligence or a failure to
follow industry standards.
 Conclusion

Cybersecurity is an essential part of the modern digital world.
With the increasing frequency and sophistication of cyber threats,
individuals and organizations must take proactive measures to
protect their systems and data. By understanding the
fundamentals of cybersecurity, you can begin to defend against
the vast array of digital threats.