What is cyber security (1).pdf
Document Details
Uploaded by Deleted User
Tags
Full Transcript
Intro to Cybersecurity Prepared by: KM Dioquino WHAT IS CYBERSECURITY? The term cyber security is used to refer to the security offered through on-line services to protect your online information. Cyber security encompasses all aspects of security viz., Physical, Tec...
Intro to Cybersecurity Prepared by: KM Dioquino WHAT IS CYBERSECURITY? The term cyber security is used to refer to the security offered through on-line services to protect your online information. Cyber security encompasses all aspects of security viz., Physical, Technical, Environmental, Regulations and Compliance including Third Parties involved in delivering an objective. WHY CYBERSECURITY IS IMPORTANT ? Cyber security is necessary since it helps in securing data from threats such as data theft or misuse, also safeguards your system from viruses. WHY CYBERSECURITY IS IMPORTANT? Cyber security becomes important as Business are being carried now on Network of Networks. CYBER SECURITY OBJECTIVES CONFIDENTIALITY the property that information is not made available or disclosed to unauthorized individuals, entities, or processes. CONFIDENTIALITY Confidentiality refers to protecting information from being accessed by unauthorized parties. A failure to maintain confidentiality means that someone who shouldn't have access has managed to get it, through intentional behavior or by accident. Such a failure of confidentiality, commonly known as a breach INTEGRITY the property of safeguarding the accuracy and completeness of assets INTEGRITY Integrity refers to ensuring the authenticity of information—that information is not altered, and that the source of the information is genuine. AVAILABILITY the property of being accessible and usable upon demand by an authorized entity AVAILABILITY Availability means that information is accessible by authorized users. Information and other critical assets are accessible to customers and the business when needed. CYBER ATTACK A malicious attack, using digital technologies, to cause personal or property loss or damage, and/or steal or alter confidential personal or organizational data MAJOR SECURITY PROBLEMS Virus Hacker Malware Trojan horses Password cracking HACKERS In common a hacker is a person who breaks into computers, usually by gaining access to administrative controls. TYPES OF HACKERS White Hat Hacker Grey Hat Hacker Black Hat Hacker WHITE HAT HACKERS The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. GREY HAT HACKERS The term "grey hat", "greyhat" or "gray hat" refers to a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker. BLACK HAT HACKERS A black hat hacker (or black-hat hacker) is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain". HOW TO PREVENT HACKING It may be impossible to prevent computer hacking, however effective security controls including strong passwords, and the use of firewalls can help. LATEST TRENDS – INFORMATION SECURITY THREATS Hacktivism - Hack + Activism = Hacktivism - the use of legal and/or illegal digital tools in pursuit of a political / personal objective LATEST TRENDS – INFORMATION SECURITY THREATS Tools and Attacks are used for: - Web-site defacements - Redirects - Denial Of Service Attacks - Identity Theft - E-mail Bombing - Web-Site Mirroring - Doxing MOST COMMON SECURITY MISTAKES Poor password management Not locking the computer while unattended Opening email attachments from unknown addressees Not running anti-virus programs Sharing information (and machines) Not reporting security violations Unattended Paper Documents Unprotected Electronic Data (while at rest and in motion).E.g: Emails, USB’s, CD’s, etc.. Improper Information Handling Passing of information over Phone. INFORMATION SECURITY RESPONSIBILITIES Engage Information Security teams to support the line of business, enabling secure solutions for new processes and technology Work with Information Security teams RISO, RISI to drive line of business-specific information security metrics reporting Support Regional Information Security teams in mitigating security risks from Internal Audit report findings Follow business continuity plans given by bank, in case of any disaster/ emergency. Report Security Violations and security incidents Adhere to Company’s Information Security Policy and guidelines Maintain and update Asset register of your office/dept Extend support to RISO during Risk Assessment and Business Impact Analysis of your office/dept Implement and act in accordance with the organization’s information security policies and procedures Protect assets from unauthorized access, disclosure, modification, destruction, or interference Execute defined security processes or activities Report security events, potential events, or other security risks by following approved processes Do not use systems or access information without authorization Adheres to controls put in place to protect assets CYBER CRIME IN THE WORLD CYBER SECURITY IS EVERYONE’S RESPONSIBILITY Robert Statica – Cybersecurity END