Core Cybersecurity Concepts -3.pdf

Full Transcript

Cybersecurity Core
Concepts
Course: CYB105
Instructor –Stacy Nicholson

This Photo by Unknown Author is licensed under CC BY-NC
 Learning Objective(s) and Key Concepts

Learning Objective(s) Key Concepts

▪ Understand cybersecurity concepts ▪ Cyberspace
▪ Cybercrime
▪ Who are the adversaries?
▪ Cybersecurity threats
▪ Cybercrimes Types
▪ Role of risk Analysis in Cybersecurity

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
Cyberspace

▪ The term “Cyberspace” denotes the fusion off all
communication, networks, various databases and different
information channels in large numbers.
▪ It is interconnected global digital infrastructure that
comprises of internet, telecommunications networks,
computer systems, processors and various controllers in
different organizations.
▪ Includes software, networking devices, and data on
computers
▪ Its anonymous and borderless nature make it unique.

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and
Modern Techniques Used by Cybersecurity Professionals
Cybercrime

▪ Refer to the unlawful act that is performed using computers and
internet in interconnected digital environment.
▪ Uses cyberspace for illegal acts and exploits
▪ Cybercrime covers a wide range of offences including:
▪ Crime against data and systems
▪ Crime against individuals, business, countries
▪ Internet enable forgery and frauds
▪ Distributing pirated content
▪ Etc.

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and
Modern Techniques Used by Cybersecurity Professionals
Cybercrime cont.

▪ Complicated and complex in nature
▪ Cybercrime investigations are highly complex and require rich set of
resources and expertise to counter criminals.
▪ Lack of collaboration and coordination among various nations and
their internal agencies also make it difficulty to counter cybercrime.

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
Cybercrime Cont.

▪ Cyberspace features such as :
▪ Speed
▪ Immediacy ( i.e.. Lack of an intervening or mediating agency)
▪ Remote operations
▪ Encryptions and obfuscation

▪ Make if make it difficult to identify the crime
▪ Find its origin ( source)
▪ Criminals

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
Who are the Adversaries ?

▪ Cybercriminals – conduct malicious behavior via
computers, networks, and even the internet
▪ Hackers
▪ black hat, white hat, and gray hat hackers

▪ White hat - look for vulnerabilities and exploit them
for the purpose of reporting them to be fixed.
▪ Also referred to as ethical hackers - employed by an
organization to find their areas of exploit before ben
compromised.
Who are the Adversaries ? Cont.

▪ Black hat – find vulnerabilities for their own gain and exploit them
▪ Companies work hard to protect themselves against these cybercriminals

▪ Grey hat – between white and black hat hackers.
▪ They may hack into networks to find vulnerabilities without permissions
▪ They would report it to the company to help them out in the end, which is a gray
area, hence the name.
Cyberattacks

▪ Cyberattacks refers to actions directed towards computer systems,
networks and digital infrastructure to disrupt equipment operations,
change processing, gaining unauthorized access and corrupting
stored data.

▪ Cyberattacks breaches confidentiality, integrity and availability of
computers and disrupting information passing through them.

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of Cybersecurity, Its Importance and
Modern Techniques Used by Cybersecurity Professionals
Threats / Vulnerability / Malware

▪ A threat refers to a malicious code, agent or activity that has potential
to cause serious harm to software installed on computers, network
and its hardware.

▪ Vulnerability refers to flaws in computers, in networks and in digital
infrastructure as well that leave those in risk.

▪ Malware - is malicious software or programing code that is inserted to
a system to create vulnerability, damages, disrupt services, deny
access to legitimate users, corrupt stored data , etc.

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
Cybersecurity Threats
▪ Data breach – information is stolen from a system without knowledge
or authorized

▪ Insider threat - someone within the company or organization that
share private information both willingly and unwillingly with threat
actors. Includes any persons who causes intentional or unintentional
damage to an organization.
▪ Example : Florida woman ‘damaged computers, deleted crucial business data’
after she was fired

▪ Others:
▪ Malware
▪ Identity-based Attacks
▪ IoT-based Attacks
▪ Much more threats exist.
copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
Cybercrimes

▪ Cybercrimes denotes criminal activity, including Internet, computers
or any other inter-connected infrastructure.
▪ Types:
▪ Cyber stalking
▪ DOS/ DDOS
▪ Phishing
▪ Identity theft
▪ Worms, Trojans Horses, Virus
▪ Etc.

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
Cyber Stalking

▪ Technology-aided stalking in which assailants harass the people with
internet technologies such as emails, social media accounts, instant
messaging , chat room and much more.

This Photo by Unknown Author is licensed under CC BY-NC

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
Phishing

▪ Fraudulent attempt to steal sensitive data and useful information such
as banking details , login credentials, financial data and corporate
information through emails.

Example : PayPal Scam

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
DOS/ DDOS Attack

▪ Denial of service (DoS) attack refers to an attempt that leads to shut
down a computer or network and making it inaccessible to its
legitimate users.

▪ Distributed denial –of service attack –(DDoS) – uses large number of
compromised computers to target a single system, server and whole
network to cripple their services with flood of requests.
▪ Example:
▪ The AWS attack of February 2020.
▪ Google Cloud DDOS Attack

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
Information Security to Cybersecurity

▪ Both terms are frequently used interchangeably however there is a different
between them.

▪ Cybersecurity definition goes beyond the boundaries of information security
to include not just information but communication technologies with
cyberspace utilities.
▪ Information Security, network security , IoT devices, critical national infrastructure.
Etc.

▪ Information security deals with the preservation of the confidentiality,
integrity and availability of information

▪ Information security converts into cybersecurity in presence network devices
and World Wide Web
copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
Information Security to Cybersecurity Cont.

▪ Cybersecurity – incorporates a set of tools ,technologies, risk
management techniques, training and best practices that help to
protect networks, communication devices, operating systems and data
from malicious attacks and unauthorized access.

▪ Information residing on computers without having intent connections
▪ Is considered more secure and having less chances to breach

▪ Note: As soon as information passes through different communication
channels and devices it requires more security measures and
safeguards.

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
Role of Risk Analysis in Cybersecurity

▪ Identify potential issues that can negatively impact security initiatives
in an interconnected digital environment before their occurrences.
▪ Help mitigate adverse impacts of threats and vulnerabilities in network
and web environment.
▪ A cybersecurity risk assessment process initially determines the
assets that can be affected
▪ Risks that leave adverse impact are also identified

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
Role of Risk Analysis in Cybersecurity Cont.

▪ Risk assessment is a continuous process, multidimensional and
forward-looking process that helps to predict the possible security
threats and estimate related cost.

▪ Security measures cannot protect against all threats and
vulnerabilities; hence risk evaluations are important to reduce the
effects and suggest effective countermeasures.

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
Role of risk analysis in cybersecurity Cont.

copyright@2023 -Textbook: Cybersecurity Fundamentals: Understand the Role of
Cybersecurity, Its Importance and Modern Techniques Used by Cybersecurity Professionals
Reading Assignment

The Internet of Things Changes Our World
o Chapter 1 & 11 - Cybersecurity Bible Textbook
o Chapter 10 - Security + Textbook

New Article of Interest
o List of Data Breaches and Cyber Attacks in 2023
o Cybersecurity trends for 2023 and what to expect
o Cyber Crime Statistics
o Software developer charged with sabotaging employer’s systems
through denial-of-service attack
o Data breach at New York university potentially affects 47,000 citizens