What is cyber security (1).pdf

Full Transcript

Intro to
Cybersecurity
Prepared by: KM Dioquino
 WHAT IS
CYBERSECURITY?
 The term cyber security is used to refer to
the security offered through on-line
services to protect your online
information.
 Cyber security encompasses all aspects of
security viz., Physical, Technical,
Environmental, Regulations and
Compliance including Third Parties involved
in delivering an objective.
 WHY CYBERSECURITY IS
IMPORTANT ?

Cyber security is necessary
since it helps in securing
data from threats such as
data theft or misuse, also
safeguards your system
from viruses.
WHY CYBERSECURITY IS
IMPORTANT?
Cyber security becomes
important as Business are
being carried now on Network
of Networks.
CYBER SECURITY
OBJECTIVES
CONFIDENTIALITY
 the property that information is not
made available or disclosed to
unauthorized individuals, entities, or
processes.
CONFIDENTIALITY
 Confidentiality refers to protecting
information from being accessed by
unauthorized parties.

 A failure to maintain confidentiality
means that someone who shouldn't
have access has managed to get it,
through intentional behavior or by
accident. Such a failure of
confidentiality, commonly known as a
breach
INTEGRITY
the property of safeguarding the
accuracy and completeness of
assets
INTEGRITY
Integrity refers to ensuring
the authenticity of
information—that
information is not altered,
and that the source of the
information is
genuine.
AVAILABILITY
 the property of being accessible and
usable upon demand by an
authorized entity
AVAILABILITY
 Availability means that
information is accessible by
authorized users.
 Information and other critical
assets are accessible to
customers and the business
when needed.
CYBER ATTACK
A malicious attack, using
digital technologies, to cause
personal or property loss or
damage, and/or steal or
alter confidential personal or
organizational data
MAJOR SECURITY
PROBLEMS
 Virus
 Hacker
 Malware
 Trojan horses
 Password
cracking
HACKERS
 In common a hacker is a person who
breaks into computers, usually by
gaining access to administrative
controls.
TYPES OF HACKERS
 White Hat Hacker
 Grey Hat Hacker
 Black Hat Hacker
 WHITE HAT HACKERS

 The term "white hat" in Internet slang
refers to an ethical computer hacker,
or a computer security expert, who
specializes in penetration testing and
in other testing methodologies to
ensure the security of an
organization's information systems.
GREY HAT HACKERS
 The term "grey hat", "greyhat" or "gray
hat" refers to a computer hacker or
computer security expert who may
sometimes violate laws or typical
ethical standards, but does not have
the malicious intent typical of a black
hat hacker.
BLACK HAT HACKERS

 A black hat hacker (or black-hat hacker)
is a hacker who "violates computer
security for little reason beyond
maliciousness or for personal gain".
HOW TO PREVENT HACKING
 It may be impossible to prevent
computer hacking, however effective
security controls including strong
passwords, and the use of firewalls can
help.
 LATEST TRENDS – INFORMATION
SECURITY THREATS
Hacktivism
- Hack + Activism = Hacktivism
- the use of legal and/or illegal digital
tools in pursuit of a political /
personal objective
 LATEST TRENDS – INFORMATION
SECURITY THREATS
Tools and Attacks are used for:
- Web-site defacements
- Redirects
- Denial Of Service Attacks
- Identity Theft
- E-mail Bombing
- Web-Site Mirroring
- Doxing
MOST COMMON SECURITY
MISTAKES
Poor password management
Not locking the computer while unattended
Opening email attachments from unknown addressees
Not running anti-virus programs
Sharing information (and machines)
Not reporting security violations
Unattended Paper Documents
Unprotected Electronic Data (while at rest and in
motion).E.g: Emails, USB’s, CD’s, etc..
Improper Information Handling
Passing of information over Phone.
INFORMATION SECURITY
RESPONSIBILITIES
Engage Information Security teams to support the line of business,
enabling secure solutions for new processes and technology

Work with Information Security teams RISO, RISI to drive line
of business-specific information security metrics reporting

Support Regional Information Security teams in mitigating
security risks from Internal Audit report findings
Follow business continuity plans given by bank, in case of
any disaster/ emergency.
Report Security Violations and security incidents
Adhere to Company’s Information Security Policy and guidelines
Maintain and update Asset register of your office/dept
Extend support to RISO during Risk Assessment and Business Impact
Analysis of your office/dept
 Implement and act in accordance with the organization’s
information security policies and procedures
Protect assets from unauthorized
access, disclosure, modification, destruction, or
interference
Execute defined security processes or activities
Report security events, potential events, or other security
risks by following approved processes
Do not use systems or access information without
authorization
Adheres to controls put in place to protect assets
CYBER CRIME IN THE
WORLD
CYBER SECURITY IS
EVERYONE’S RESPONSIBILITY

Robert Statica – Cybersecurity
END