Core Cybersecurity Concepts PDF
Document Details
Tags
Summary
This document provides an overview of core cybersecurity concepts, including cyberspace, cybercrime, cyberattacks and threats/vulnerabilities/malware. It also discusses the role of risk analysis in cybersecurity.
Full Transcript
Cybersecurity Core Concepts Course: CYB105 Instructor –Stacy Nicholson This Photo by Unknown Author is licensed under CC BY-NC Learning Objective(s) and Key Concepts Learning Objective(s) Key Concepts ▪ Understand cybers...
Cybersecurity Core Concepts Course: CYB105 Instructor –Stacy Nicholson This Photo by Unknown Author is licensed under CC BY-NC Learning Objective(s) and Key Concepts Learning Objective(s) Key Concepts ▪ Understand cybersecurity concepts ▪ Cyberspace ▪ Cybercrime ▪ Who are the adversaries? ▪ Cybersecurity threats ▪ Cybercrimes Types ▪ Role of risk Analysis in Cybersecurity copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Cyberspace ▪ The term “Cyberspace” denotes the fusion off all communication, networks, various databases and different information channels in large numbers. ▪ It is interconnected global digital infrastructure that comprises of internet, telecommunications networks, computer systems, processors and various controllers in different organizations. ▪ Includes software, networking devices, and data on computers ▪ Its anonymous and borderless nature make it unique. copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Cybercrime ▪ Refer to the unlawful act that is performed using computers and internet in interconnected digital environment. ▪ Uses cyberspace for illegal acts and exploits ▪ Cybercrime covers a wide range of offences including: ▪ Crime against data and systems ▪ Crime against individuals, business, countries ▪ Internet enable forgery and frauds ▪ Distributing pirated content ▪ Etc. copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Cybercrime cont. ▪ Complicated and complex in nature ▪ Cybercrime investigations are highly complex and require rich set of resources and expertise to counter criminals. ▪ Lack of collaboration and coordination among various nations and their internal agencies also make it difficulty to counter cybercrime. copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Cybercrime Cont. ▪ Cyberspace features such as : ▪ Speed ▪ Immediacy ( i.e.. Lack of an intervening or mediating agency) ▪ Remote operations ▪ Encryptions and obfuscation ▪ Make if make it difficult to identify the crime ▪ Find its origin ( source) ▪ Criminals copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Who are the Adversaries ? ▪ Cybercriminals – conduct malicious behavior via computers, networks, and even the internet ▪ Hackers ▪ black hat, white hat, and gray hat hackers ▪ White hat - look for vulnerabilities and exploit them for the purpose of reporting them to be fixed. ▪ Also referred to as ethical hackers - employed by an organization to find their areas of exploit before ben compromised. Who are the Adversaries ? Cont. ▪ Black hat – find vulnerabilities for their own gain and exploit them ▪ Companies work hard to protect themselves against these cybercriminals ▪ Grey hat – between white and black hat hackers. ▪ They may hack into networks to find vulnerabilities without permissions ▪ They would report it to the company to help them out in the end, which is a gray area, hence the name. Cyberattacks ▪ Cyberattacks refers to actions directed towards computer systems, networks and digital infrastructure to disrupt equipment operations, change processing, gaining unauthorized access and corrupting stored data. ▪ Cyberattacks breaches confidentiality, integrity and availability of computers and disrupting information passing through them. copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Threats / Vulnerability / Malware ▪ A threat refers to a malicious code, agent or activity that has potential to cause serious harm to software installed on computers, network and its hardware. ▪ Vulnerability refers to flaws in computers, in networks and in digital infrastructure as well that leave those in risk. ▪ Malware - is malicious software or programing code that is inserted to a system to create vulnerability, damages, disrupt services, deny access to legitimate users, corrupt stored data , etc. copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Cybersecurity Threats ▪ Data breach – information is stolen from a system without knowledge or authorized ▪ Insider threat - someone within the company or organization that share private information both willingly and unwillingly with threat actors. Includes any persons who causes intentional or unintentional damage to an organization. ▪ Example : Florida woman ‘damaged computers, deleted crucial business data’ after she was fired ▪ Others: ▪ Malware ▪ Identity-based Attacks ▪ IoT-based Attacks ▪ Much more threats exist. copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Cybercrimes ▪ Cybercrimes denotes criminal activity, including Internet, computers or any other inter-connected infrastructure. ▪ Types: ▪ Cyber stalking ▪ DOS/ DDOS ▪ Phishing ▪ Identity theft ▪ Worms, Trojans Horses, Virus ▪ Etc. copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Cyber Stalking ▪ Technology-aided stalking in which assailants harass the people with internet technologies such as emails, social media accounts, instant messaging , chat room and much more. This Photo by Unknown Author is licensed under CC BY-NC copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Phishing ▪ Fraudulent attempt to steal sensitive data and useful information such as banking details , login credentials, financial data and corporate information through emails. Example : PayPal Scam copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals DOS/ DDOS Attack ▪ Denial of service (DoS) attack refers to an attempt that leads to shut down a computer or network and making it inaccessible to its legitimate users. ▪ Distributed denial –of service attack –(DDoS) – uses large number of compromised computers to target a single system, server and whole network to cripple their services with flood of requests. ▪ Example: ▪ The AWS attack of February 2020. ▪ Google Cloud DDOS Attack copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Information Security to Cybersecurity ▪ Both terms are frequently used interchangeably however there is a different between them. ▪ Cybersecurity definition goes beyond the boundaries of information security to include not just information but communication technologies with cyberspace utilities. ▪ Information Security, network security , IoT devices, critical national infrastructure. Etc. ▪ Information security deals with the preservation of the confidentiality, integrity and availability of information ▪ Information security converts into cybersecurity in presence network devices and World Wide Web copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Information Security to Cybersecurity Cont. ▪ Cybersecurity – incorporates a set of tools ,technologies, risk management techniques, training and best practices that help to protect networks, communication devices, operating systems and data from malicious attacks and unauthorized access. ▪ Information residing on computers without having intent connections ▪ Is considered more secure and having less chances to breach ▪ Note: As soon as information passes through different communication channels and devices it requires more security measures and safeguards. copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Role of Risk Analysis in Cybersecurity ▪ Identify potential issues that can negatively impact security initiatives in an interconnected digital environment before their occurrences. ▪ Help mitigate adverse impacts of threats and vulnerabilities in network and web environment. ▪ A cybersecurity risk assessment process initially determines the assets that can be affected ▪ Risks that leave adverse impact are also identified copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Role of Risk Analysis in Cybersecurity Cont. ▪ Risk assessment is a continuous process, multidimensional and forward-looking process that helps to predict the possible security threats and estimate related cost. ▪ Security measures cannot protect against all threats and vulnerabilities; hence risk evaluations are important to reduce the effects and suggest effective countermeasures. copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Role of risk analysis in cybersecurity Cont. copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals Reading Assignment The Internet of Things Changes Our World o Chapter 1 & 11 - Cybersecurity Bible Textbook o Chapter 10 - Security + Textbook New Article of Interest o List of Data Breaches and Cyber Attacks in 2023 o Cybersecurity trends for 2023 and what to expect o Cyber Crime Statistics o Software developer charged with sabotaging employer’s systems through denial-of-service attack o Data breach at New York university potentially affects 47,000 citizens