Introduction to Cyber Security Lecture 2 PDF

Summary

This lecture introduces fundamental concepts in cybersecurity, including the information security triad (confidentiality, integrity, and availability), authentication, authorization, and related concepts.

Full Transcript

Introduction to Cyber Security Lecture 2 Agenda Information Security Triad Additional goals of cyber security Authorization and Authentication Types of Authentication Why Cyber Security is Important? Types of Cyber Security Threats Key Concep...

Introduction to Cyber Security Lecture 2 Agenda Information Security Triad Additional goals of cyber security Authorization and Authentication Types of Authentication Why Cyber Security is Important? Types of Cyber Security Threats Key Concepts in Cybersecurity Cyber Security Principles Cyber Security Frameworks and Standards Key Roles in Cybersecurity The Cyber Security Lifecycle Emerging Trends in Cyber Security Information Security Triad Availability: Ensuring that systems and data are available for use when needed. Additional goals in cyber Security Authentication and Authorization Authentication is the process of verifying the identity of a user, device, or system to ensure that the entity requesting access is who they claim to be. Purpose: Authentication ensures that only legitimate users or systems are able to gain access to services, data, or resources by proving their identity through various methods. Types of Authentication Single-Factor Authentication (SFA): Verifying identity with just one method, typically a password. Two-Factor Authentication (2FA): Requires two methods of verification, such as a password and a one-time code sent to a phone. Multi-Factor Authentication (MFA): Involves three or more methods of verification, such as something the user knows (password), something the user has (smartphone), and something the user is (fingerprint). Examples of Authentication: Logging into an account using a username and password. Biometric authentication such as fingerprint or facial recognition. Using a hardware token or a mobile app for 2FA. Authorization Authorization is the process of determining whether a user, device, or system has the right to access certain resources or perform specific actions after they have been authenticated. Purpose: Once a user is authenticated, authorization controls what resources or actions the user is allowed to access. It typically involves assigning roles and permissions based on user identity. Authorization Key Concepts: Access Control Lists (ACLs): Lists that define which users or systems are authorized to access specific resources. Role-Based Access Control (RBAC): Assigning permissions based on the user’s role within an organization (e.g., admin, user, guest). Least Privilege: The principle that users should only have access to the resources and permissions necessary for their tasks. Examples of Authorization: A regular user can read a document, while an admin can edit or delete it. An employee may be authorized to access specific files within a company's database, but not the entire system. Additional Concepts Related to Authentication 1- Non-repudiation: ensures that a party in a communication cannot deny the authenticity of their signature or the sending of a message. In digital communications, it provides evidence of the integrity and origin of data. Purpose: Non-repudiation is important for accountability. It ensures that once an action has been performed (e.g., sending an email, signing a contract), the party who performed it cannot later deny having done so. Methods: o Digital Signatures: Cryptographic techniques that confirm the sender's identity and that the message has not been altered. o Audit Logs: Recorded evidence showing the actions a user took, which is particularly useful for forensic analysis. Examples of Non-repudiation: A digital contract signed with a private key that proves the identity of the signer and can’t be denied later. Email services that provide delivery receipts and read receipts. Additional Concepts Related to Authentication 2- Auditability refers to the ability to track, log, and review actions and events that occur within a system. It provides transparency and the means to detect, analyze, and review activities for compliance, investigation, and security purposes. Purpose: Auditability is crucial for ensuring that activities within a system can be monitored and traced back to their origin. It allows organizations to detect anomalies, investigate security incidents, and maintain compliance with regulations. Key Elements: Audit Logs: Detailed logs that record events such as login attempts, data access, system changes, and network traffic. Audit Trails: Chronological records that trace the sequence of actions taken within a system. Examples of Auditability: A system administrator reviewing access logs to detect unauthorized login attempts. A financial institution maintaining audit trails for every transaction to meet requirements. Additional Concepts Related to Authentication 3- Third-party protection refers to security measures and controls in place to protect the interactions between organizations and third-party vendors or service providers. Purpose: As organizations increasingly rely on third-party providers (e.g., cloud services, software vendors), third-party protection ensures that these partnerships don’t expose sensitive data to undue risks. It involves contractual agreements, regular audits, and compliance checks. Key Elements: Vendor Risk Management: Assessing and managing the risk posed by third- party service providers. Third-Party Audits: Independent reviews of third-party security measures to ensure they meet required standards. Service-Level Agreements (SLAs): Contracts that define the level of service and security obligations between an organization and a third party. Examples of Third-Party Protection: Ensuring that a cloud service provider complies with data security standards like ISO 27001. Regularly auditing third-party suppliers to ensure they are following agreed-upon security protocols. Implementing encryption when data is shared between a company and its third-party partners. Goals of Cyber Security Summary Table Task 1 Take home task 1- https://mockapi.io/ 2- https://github.com/mockapi-io/docs/wiki/Quick-start-guide#projects 3- o a. Identifying roles within an organization (Admin, Manager, Employee, Guest) o b. Defining permissions for each role (which parts of a website or system can each role access) Authentication: Logging in using different roles (use pre-configured usernames and passwords for different roles). Authorization: Testing what each role can do (e.g., Admins can delete users, Managers can approve reports, etc.). 4- Step 1: Each group receives login credentials for different user roles (e.g., admin:admin123, employee:emp123). Step 2: They log in with different roles and attempt to access various parts of the app. Step 3: They document which sections were accessible for each role and discuss why (authentication vs authorization). 5- o Present findings: What could each role access? How was authentication handled? o Discuss what happens if authentication fails (incorrect password) and what happens if authorization fails (trying to access something they shouldn't). Why is Cyber Security Important? Cyber Security is essential because of the following reasons: Data Protection: Safeguarding personal, financial, and confidential business information. Business Continuity: Protecting businesses from attacks that could disrupt operations. Preventing Financial Loss: Cyberattacks can result in significant financial losses. Preserving Reputation: A cyberattack can damage an organization’s reputation. Legal Requirements: Many industries are regulated and required to meet certain cybersecurity standards. Types of Cyber Security Threats There are several types of cyber threats, including: Malware: Malicious software such as viruses, worms, Trojans, and ransomware that harm systems or steal data. Phishing: Fraudulent attempts to obtain sensitive information by pretending to be a legitimate entity. Man-in-the-Middle (MitM) Attacks: Where attackers intercept communications between two parties. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks: Where attackers overwhelm a system to make it unavailable. SQL Injection: A method used to exploit vulnerabilities in databases to gain unauthorized access. Zero-Day Exploits: Attacks targeting previously unknown vulnerabilities before a patch is available. Key Concepts in Cyber Security Attack Surface: The total points of entry that an attacker can use to enter a system. Vulnerability: A weakness in a system or network that can be exploited by attackers. Threat: Any potential danger that could exploit a vulnerability to breach security. Risk: The potential for loss or damage when a threat exploits a vulnerability. Exploit: A method or tool used to take advantage of a vulnerability in a system. Defense-in-Depth: A strategy that uses multiple layers of security to protect systems from threats. Cyber Security Principles Least Privilege: Users should have the minimum level of access necessary to perform their duties. Separation of Duties: Dividing tasks and privileges so that no single individual has control over all aspects of a critical function. Defense in Depth: Using multiple security controls to protect against threats. Zero Trust: No one, whether inside or outside the network, should be trusted by default. Security by Design: Security measures should be incorporated into systems from the ground up. Cyber Security Frameworks and Standards There are several frameworks and standards organizations follow to ensure their cybersecurity is robust. These include: NIST Cybersecurity Framework (National Institute of Standards and Technology): A widely used framework that provides best practices for managing cybersecurity risk. ISO/IEC 27001: A standard for managing information security. CIS Controls: A set of prioritized actions to protect organizations from cyberattacks. Key Roles in Cyber Security Security Analyst: Monitors and investigates security incidents and threats. Security Engineer: Designs and implements security solutions. Penetration Tester (Ethical Hacker): Simulates attacks to find weaknesses before malicious actors do. Chief Information Security Officer (CISO): Oversees an organization’s entire cybersecurity strategy. Incident Responder: Responds to cybersecurity incidents and works to contain and mitigate damage. The Cyber Security Lifecycle Restore normal operations Understand risks and establish after a security incident security policies and controls. Take action when an Implement security measures incident occurs to limit to safeguard systems and data. damage. Monitor systems for potential threats or breaches Emerging Trends in Cyber Security Artificial Intelligence (AI) and Machine Learning (ML): Used to detect anomalies and respond to threats faster than traditional methods. Cloud Security: Protecting data, applications, and infrastructure in the cloud. Internet of Things (IoT) Security: Securing interconnected devices that exchange data over networks. Blockchain for Security: Leveraging decentralized and secure data storage for security. Quantum Computing: Both a potential risk (due to breaking encryption) and a future tool for advanced security. Best Practices for Cyber Security Use Strong Passwords: Avoid weak or easily guessed passwords. Consider using a password manager. Enable Two-Factor Authentication (2FA): Adds an extra layer of security beyond just a password. Regularly Update Software: Keep systems and applications updated to prevent vulnerabilities. Backup Data Regularly: Protects against data loss from ransomware or system failure. Educate Users: Train employees and individuals about cybersecurity risks and safe practices. Implement Firewalls and Intrusion Detection Systems (IDS): Provides a barrier and detection for potential attacks. Legal, ethical, and professional issues 1- Legal Issues in Information Security Data Protection Laws: These laws govern how organizations collect, store, and process personal information. Notable examples include: GDPR (General Data Protection Regulation): In the EU, it provides strict guidelines on data privacy, security, and individuals' rights over their data. CCPA (California Consumer Privacy Act): Focuses on data privacy rights for residents of California. HIPAA (Health Insurance Portability and Accountability Act): In the U.S., mandates protections for sensitive patient data in healthcare. Legal, ethical, and professional issues 1- Legal Issues in Information Security Intellectual Property Laws: These laws protect the rights of individuals and organizations to their digital products, content, and software. Violations can lead to penalties for theft or unauthorized use of proprietary information. Cybercrime Laws: These address illegal activities such as hacking, fraud, identity theft, and distribution of malware. Examples include the Computer Fraud and Abuse Act (CFAA) in the U.S. Compliance Requirements: Industry-specific regulations (e.g., PCI-DSS for payment card information) dictate how companies secure sensitive information to prevent breaches and fraud. Legal, ethical, and professional issues 2. Ethical Issues in Information Security Privacy vs. Security: Striking a balance between the need to secure information and the right to privacy is a perennial challenge. For example, organizations must collect data for security purposes (such as logging) without infringing on employees’ or customers' personal privacy. Surveillance: Whether it's for cybersecurity purposes or national security, surveillance can raise ethical questions about the extent of monitoring employees, users, or citizens. Legal, ethical, and professional issues 2. Ethical Issues in Information Security Ethical Hacking: Security professionals often engage in penetration testing and vulnerability assessments to identify weaknesses. However, hacking (even for ethical reasons) without proper consent can lead to legal and ethical issues. Whistleblowing: Exposing security lapses or unethical practices often creates ethical dilemmas. While whistleblowers may seek to protect the public interest, they may face legal and professional retaliation. Legal, ethical, and professional issues 3. Professional Issues in Information Security Conflicts of Interest: Security professionals may face conflicts between personal interests and their duty to their employer or clients. For example, a security consultant should not advise a client in a way that benefits them financially at the expense of the client’s security. Liability: Security professionals may be held liable for breaches or security failures, particularly if these result from negligence or a failure to follow industry standards. Legal, ethical, and professional issues 3. Professional Issues in Information Security Conflicts of Interest: Security professionals may face conflicts between personal interests and their duty to their employer or clients. For example, a security consultant should not advise a client in a way that benefits them financially at the expense of the client’s security. Liability: Security professionals may be held liable for breaches or security failures, particularly if these result from negligence or a failure to follow industry standards. Conclusion Cybersecurity is an essential part of the modern digital world. With the increasing frequency and sophistication of cyber threats, individuals and organizations must take proactive measures to protect their systems and data. By understanding the fundamentals of cybersecurity, you can begin to defend against the vast array of digital threats.

Use Quizgecko on...
Browser
Browser