Cyber Security Chapter 1 PDF

Summary

This document provides a general overview of cyber security, including its concepts, history, and various aspects. It covers definitions and key concepts related to information security, cyber security and various forms of cyber threats.

Full Transcript

What is Security? “ A state of being secure and free of danger or harm” The ultimate objective of security is the protection of those who would do harm , intentionally or otherwise A successful organization should have multiple layers of security in place to protect it’s : – Operatio...

What is Security? “ A state of being secure and free of danger or harm” The ultimate objective of security is the protection of those who would do harm , intentionally or otherwise A successful organization should have multiple layers of security in place to protect it’s : – Operations, Physical infrastructure ,People, Functions, Communications, Information What is Information Security? The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information C.I.A. triangle was standard based on confidentiality, integrity, and availability C.I.A. triangle now expanded into list of critical characteristics of information See figures 1-5 and 1-6 , page 11 What is Cyber Security? Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks. Cyber security vs information security Cyber security is often confused with information security. Cyber security focuses on protecting computer systems from unauthorised access or being otherwise damaged or made inaccessible. Information security is a broader category that looks to protect all information assets, whether in hard copy or in digital form. Misinformation vs Disinformation Misinformation is false information that’s given without intention to deceive, and disinformation is false information, such as government propaganda, that’s given with the intention to deceive. Disinformation tool / Troll armies Troll armies can take varying forms, but the concept is simple: a group of people assume false identities in order to participate in internet forums and social media to send — or suppress — a specific message. These armies use the internet to disseminate propaganda — that is, “information, especially of a biased or misleading nature, used to promote or publicize a particular political Disinformation tool / Troll armies They use tactics such as retweeting or commenting on each other’s posts, with the aim of creating the semblance of a dominant and broadly accepted narrative. The people comprising an army can be government employees, but they may also be independent contractors who are paid per post. Disinformation tool / Troll armies Not all troll armies are made up of government employees or paid individuals, however; the term has also been used to refer to people acting independently, or even to unmanned “bot” accounts programmed to spread certain messages. Troll armies Troll Army: A Weapon for Arab authoritarian regimes Troll Army: The preferred Weapon for Israel against Arabs Cyber warfare or cyber war Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks through, for example, computer viruses or denial-of-service attacks Government use of computer attacks Governments have used computer attacks to : – mine and steal information – erase computers – disable bank networks – and—in one extreme case—destroy nuclear centrifuges. cyber weapons Information security experts believe that nation states have also looked into using cyber weapons to: knock out electrical grids disable domestic airline networks jam Internet connectivity erase money from bank accounts confuse radar systems Cyber weapons Large conventional militaries and nuclear forces are ill-suited to this new kind of warfare, which evens the playing field between big and small countries. Cyberattacks are hard to stop and sometimes impossible to trace. Many countries, as a result, has been forced to start reconfiguring its militaries to better meet the threat. Cyber terrorism "The use of cyberspace by terrorists to launch pre-planned attacks to support the motives of terrorists, such attacks target : information systems, computers, computer programs and data to harm others. Cyber terrorism also includes the use of cyberspace to facilitate terrorist activities, including encrypted communications, money laundering, propaganda of ideology and recruitment of terrorists." Cyber terrorism Cyber Information systems Terrorism The use of cyberspace by terrorists to launch pre- Computers, computer programs and data planned attacks to target Encrypted communications The use of cyberspace to Money laundering facilitate terrorist activities Propaganda of ideology Recruitment of terrorists The History of Information Security Began immediately after the first mainframes were developed Groups developing code-breaking computations during World War II created the first modern computers Physical controls to limit access to sensitive military locations to authorized personnel Rudimentary in defending against physical theft, espionage, and sabotage The 1960s Advanced Research Procurement Agency (ARPA) began to examine feasibility of redundant networked communications Larry Roberts developed ARPANET from its inception The 1970s and 80s ARPANET grew in popularity as did its potential for misuse Fundamental problems with ARPANET security were identified – No safety procedures for dial-up connections to ARPANET – Non-existent user identification and authorization to system Late 1970s: microprocessor expanded computing capabilities and security threats R-609 Information security began with Rand Report R- 609 (paper that started the study of computer security) Scope of computer security grew from physical security to include: – Safety of data – Limiting unauthorized access to data – Involvement of personnel from multiple levels of an organization The 1990s Networks of computers became more common; so too did the need to interconnect networks Internet became first manifestation of a global network of networks In early Internet deployments, security was treated as a low priority example The 1990s Many problems with e-mails today result from this early lack of security At that time, when all Internet and e-mail users were apparently trustworthy computer scientists, mail server authentications and e- mail encryptions did not seem necessary The Present The Internet brings millions of computer networks into communication with each other— many of them unsecured Ability to secure a computer’s data influenced by the security of every computer to which it is connected Recently : Growing awareness of the need to improve IS, as well as a realization that IS is important to national defense The Present In addition to cyber attacks, another growing concern is the threat of nation-states engaging in information warfare. ( Personal and business information systems may become causalities ) Key Information Security Concept Access - a subject or object’s ability to use, manipulate, modify, or affect another subject or object. Asset - the organizational resource that is being protected. Attack - an act that is an intentional or unintentional attempt to cause damage or compromise to the information and/or the systems that support it. Control, Safeguard or Countermeasure - security mechanisms, policies or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization. Exploit – to take advantage of weaknesses or vulnerability in a system. Exposure - a single instance of being open to damage. Key Information Security Concept Hack - Good: to use computers or systems for enjoyment; Bad: to illegally gain access to a computer or system. Object - a passive entity in the information system that receives or contains information. Risk - the probability that something can happen. Security Blueprint - the plan for the implementation of new security measures in the organization. Security Posture or Security Profile - a general label for the combination of all policy, procedures, technology, and programs that make up the total security effort currently in place. Subject - an active entity that interacts with an information system and causes information to move through the system for a specific end purpose Threats - a category of objects, persons, or other entities that represents a potential danger to an asset. Threat Agent - a specific instance or component of a more general threat. Vulnerability - weaknesses or faults in a system or protection mechanism that expose information to attack or damage. Critical Characteristics of Information The value of information comes from the characteristics it possesses: – Availability – Accuracy – Authenticity – Confidentiality – Integrity – Utility – Possession Critical Characteristics of Information The value of information comes from the characteristics it possesses: – Availability - enables users who need to access information to do so without interference or obstruction and in the required format. The information is said to be available to an authorized user when and where needed and in the correct format. Critical Characteristics of Information – Accuracy- free from mistake or error and having the value that the end-user expects. If information contains a value different from the user’s expectations due to the intentional or unintentional modification of its content, it is no longer accurate. Example ( Checking account) Critical Characteristics of Information – Authenticity - the quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is the information that was originally created, placed, stored, or transferred. Example : ( Receiving e-mail ) E-mail spoofing : the act of sending an e-mail message with a modified field. Usually the modified field is the address of the originator Critical Characteristics of Information - Confidentiality : the quality or state of preventing disclosure or exposure to unauthorized individuals or systems. Only users with the rights and privileges to access information are able to do so. - Measures to protect confidentiality : - Information classification - Secure document storage - Application of general security policies - Education of information custodians and end users. - Value of information confidentiality is high for personal information - Sometimes discloser is intentional : - Mistakenly e-mailed - Through a document without shredding it Critical Characteristics of Information Confidentiality : - As a consumer, you give up pieces of personal information in exchange for convenience or value almost daily. - Member cards - Free magazine - The bits and pieces of personal information you disclose are copied, sold and distributed. Critical Characteristics of Information - Integrity - the quality or state of being whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state. Critical Characteristics of Information - Utility : the quality or state of having value for some purpose or end. Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end-user, it is not useful. Critical Characteristics of Information - Possession : the quality or state of having ownership or control of some object or item. Information is said to be in possession if one obtains it, independent of format or other characteristic. While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality. Securing Components Computer can be subject of an attack and/or the object of an attack – When the subject of an attack, computer is used as an active tool to conduct attack – When the object of an attack, computer is the entity being attacked Figure 1-5 – Subject and Object of Attack Components of an Information System Information System (IS) is entire set of software, hardware, data, people, procedures, and networks necessary to use information as a resource in the organization Software The most difficult IS component to secure Errors in software programming accounts for a substantial portion of the attacks on information Software programs are often created under the constraints of project management which limit : – Time – Costs – Manpower Hardware Physical security policies deal with hardware as a physical asset Applying the traditional tools of physical security ( such as locks and keys) restricts access to and interaction with the hardware component of an IS. Securing the physical location of computers and the computers themselves is important because a breach of physical security can result in a loss of information. Unfortunately, most information systems are built on hardware platforms that can’t guarantee any level of information security if unrestricted hardware access is possible. Data Data stored, processed and transmitted by a computer system must be protected The most valuable asset of an organization Systems developed recently are likely to make use of database management systems , unfortunately many system development projects do not make full use of DMS security capabilities The protection of physical information is as important as the protection of electronic, computer-based information. ( paper reports and hand written notes) People People have always been a threat to information security ( the weakest link) Solution : The following should properly employed to prevent people from accidentally or intentionally damaging or loosing information : – Policy – Education and training – Awareness – Technology Example ( Social engineering ) Procedures Written instructions for accomplishing a specific task When an unauthorized user obtains an organization’s procedures, it poses a threat to the integrity of the information Networks Information systems connected to each other ( LANs) LANs connected to other networks such as Internet = new security challenges When computer systems are networked, physical security is no longer enough. Alarms and intrusion systems should be implemented Balancing Information Security and Access Impossible to obtain perfect security—it is a process, not an absolute Security should be considered balance between protection and availability To achieve balance, level of security must allow reasonable access, yet protect against threats Figure 1-6 – Balancing Security and Access Approaches to Information Security Implementation: Bottom-Up Approach Grassroots effort: systems administrators attempt to improve security of their systems Key advantage: technical expertise of individual administrators ( They know and understand the threats to their systems and the mechanisms needed to protect them ) Seldom works, as it lacks a number of critical features: – Participant support – Organizational staying power Approaches to Information Security Implementation: Top-Down Approach Initiated by upper management – Issue policy, procedures and processes – Dictate goals and expected outcomes of project – Determine accountability for each required action The most successful also involve formal development strategy referred to as systems development life cycle

Use Quizgecko on...
Browser
Browser