Introduction to Cybersecurity

Cybersecurity Fundamentals
 Learning Objectives

By the end of lessons you will be able to:

Explain the fundamentals of cybersecurity

Identify threat actors, attacks, and mitigation

Describe security policies, procedures, standards, and

baseline

Elaborate the cybersecurity mitigation methods

Fundamentals of Cybersecurity
 What Is Cybersecurity?

A set of technologies used for protecting systems, networks, and programs from digital
attacks, damage, and unauthorized access.

Unauthorized
Attack Access

Address Damage
Threats
 Why Cybersecurity?

Presence of crime
syndicates
Presence of cyber
Increased demand armies
to protect data

Presence of
Increased rate financial frauds
of cyber crime

The world relies on technology more

than ever before, and as a result digital
data creation has surged.
 Information Security and Cybersecurity

Information Security Cybersecurity

Refers to processes and tools designed to Is a set of techniques used to protect the integrity
protect sensitive information of networks, programs, and data

Encompasses paper documents and digital

Is a component of information security
and intellectual property
 Cyber Crime Statistics

25+ million records 300 billion passwords

exposed everyday in exist worldwide in 2020
2018

Cyber Crime to cost 24,000 malicious

$6 trillion in 2021 mobile apps blocked
daily

Healthcare: 60% of fraud

Ransomware attacks originates from
will quadruple mobile devices
 Factors Affecting Cybersecurity

Technology Business Plans

Platforms and tools 1 Nature of business

Network connectivity 2 Risk tolerance

Level of IT complexity 3 Industry trends

New or emerging security tools 4 Mergers and acquisitions and partnerships

Operational support for security 5 Outsourcing service providers

CIA Triad

Information must be available

on demand
CIA Triad

Authorized parties can

access the information
 CIA Triad

Authorized people can add,

remove, or alter information
Governance, Risk Management, and Compliance (GRC)
 Scope of GRC

Governance, Risk Management, and Compliance of every organization is different and varies based on the
type of organization.

It depends on organization mission, size, industry, culture, and legal regulations.

Regulations Size
Mission

Culture Industry
 Responsibility of GRC

The ultimate responsibility of the GRC program is to protect their assets and operations IT, including their
infrastructure and information.
 GRC

The board of directors and senior management of an organization are

responsible for Governance.

Governance
Provides strategic direction

Risk Management
Ensures that the objectives are achieved

Compliance Ascertains whether risk is being managed

appropriately

Verifies that the organization's resources are being

used responsibly
 GRC

It is the process by which the organization manages risks to acceptable

levels. These risks may include investment risk, physical risk, and cyber risk.
Governance

Risk Management

Compliance
 GRC

It is the act of adhering to mandated requirements defined by laws and

regulations.
Governance

Risk Management

Compliance
Roles of Cybersecurity
 Cybersecurity Roles

The success of a cybersecurity role is ultimately the responsibility of the board of directors.

Security
Board of Directors Management

Executive Cybersecurity
Committee Practitioners
 Approaches to Cybersecurity

Compliance-based security Risk-based security Ad-hoc approach

Cybersecurity: Key Terms
Cybersecurity: Key Terms

Inherent risk

Residual risk
Illustration: Basics of Cybersecurity
Threat Actors, Attacks, and Mitigation
 Threat Actor

A threat actor or malicious actor is a person or entity that is responsible for an event or incident that
impacts or has the potential to impact the safety or security of another entity.
 Threat Actor Categories

Script kiddies Nation states APT

Hactivist Insiders
Threat Actor
categories are:

Organized crime Competitors

 Threats to a System

Main threats to an organization should be considered.

Natural
Supply system Man-made Sociopolitical
environmental
threats threats threats
threats
 Malware

Malware is any software that is intentionally designed to cause damage to a computer,

server, client, or computer network.
 Types of Malware

Worms Rootkit

Viruses Backdoor

Trojans Logic bombs

Spyware Ransomware

Adware
 Worms

Worms are self-replicating codes designed to penetrate computer systems.

 Virus

Virus is a malicious code that replicates by attaching to an executable code.

 Trojans

Trojans are programs that claim to perform one function but does another, typically
malicious.
 Spyware

Spyware is a software aimed to steal personal or organizational information.

 Adware

Adware is a software that displays endless ads and pop-up windows.

 Rootkit

Rootkits are designed to modify the operating systems’ operations to facilitate non-standard functionality.
 Backdoor

Backdoor provides the attacker with unauthorized remote access to a system by

exploiting security vulnerabilities.
 Logic Bombs

Logic bombs infect a system and lie dormant until they are triggered by a specific condition.
 Ransomware

Ransomware attempts to extort money from the user by infecting and taking control of a victim's machine.
 Malware Attacks

Kovter WannaCry Zeus or Zbot

Ghost Mirai
 Denial-of-Service Attack

The purpose of DoS is to prevent access to the target system.

 Distributed Denial-of-Service

It is a denial-of-service attack employing multiple attacking systems.

 Distributed Denial-of-Service

The goal of DDoS is to prevent access to a specific system.

DoS/DDoS Attacks

GitHub: 1.35 Tbps

GitHub was hit with 1.35 terabits per

second of traffic.
 DoS/DDoS Attacks

Cloudflare: 400 Gbps

The attack was directed at a single computer with vulnerability.

 Application Layer Attacks

They target computers by causing a fault in the operating system or applications.

 Application Layer Attacks

They refer to a type of malicious behavior designed to target the top layer in the OSI model.
 Application Layer Attacks

Cross-site scripting Buffer overflow Domain hijacking

DNS spoofing SQL injection DoS/DDoS

 Software Codes and Security

Programmers are responsible to write safe and high quality codes.

 Software Codes and Security

Source codes are statements written using a computer programming language.

 Software Codes and Security

Code review is a systematic examination or peer review of source code.

Find mistakes Improve software quality

 Software Testing Methods

Evaluates the security of

software in a runtime
environment

Static Testing

Dynamic Testing

Evaluates the security of

software without running it
 Software Testing Methods

In March 2018, hackers hit Saks Fifth Avenue and Lord & Taylor, stealing debit and credit cards.

5 million records breached

 Software Testing Methods

In May 2018, the concert and sporting event ticketing website, ticketfly was vandalized,
taken down, and disrupted for a week.
 Security Attacks

In August 2018, Russian hackers made millions selling credit card details stolen from almost
245,000 British Airways customers.
 Social Engineering

It is the art of manipulating people, so they give up their confidential information violating
the security principle.
 Social Engineering Attack Categories

There are several attack categories of social engineering.

Spear Phishing

Phishing Whaling Phishing

 Social Engineering Attack Categories

Phishing Spear Phishing Whaling Phishing

It is a fraudulent attempt to It is targeted to a specific It targets wealthy and

obtain sensitive information. group or an individual. prominent individuals.
 Social Engineering Attack: Ethereum Classic

In 2017, Ethereum Classic website was hacked resulting in the loss of thousands of dollars in
cryptocurrency.
 Social Engineering Attack: Ethereum Classic

Impersonated Redirected the domain

Ethereum owner to their server

Gained access to Extracted cryptocurrency

domain registry from the victims
Security Policies and Procedures
 Security Management Plan

Initiates and defines Senior Management

policies
Releases standards and
Middle Management policy guidelines

Operations Management/IT Team

Implements the controls
and policies

End Users

Must comply with the

organization’s functions
 Types of Security Management Plan

Strategic Plan Tactical Plan Operational Plan

 Types of Security Management Plan

Strategic Plan Tactical Plan Operational Plan

● Is a long-term plan
● Defines security posture
● Is valid for five years and is
renewed annually
● Helps understand security
functions
● Helps in risk assessment
 Types of Security Management Plan

Strategic Plan Tactical Plan Operational Plan

● Is a mid-term plan
● Provides detailed goals
● Is updated every year or two
● Is technology oriented
 Types of Security Management Plan

Strategic Plan Tactical Plan Operational Plan

● Is a short-term plan
● Is highly detailed
● Is updated monthly or
quarterly
● Spells out how to accomplish
goals
Security Policy

• Is a strategic plan

• Defines the scope of security

• Outlines security objectives

and framework

• Identifies the functional areas

• Outlines security goals and

practices

• Assigns responsibilities and

requirements

• Defines risk levels

 Types of Security Policy

Focuses on issues relevant to every

aspect of the organization

Organizational
policy

Issue-specific System-specific
policy policy

Focuses on individual
Focuses on a specific service,
systems
department, or function
 Security Policy Framework

Standard

Procedure

Guideline ● Defines the minimum level of

security

● Is system specific
Baseline ● Establishes the common
secure state
 Security Policy Framework

Standard

● Offers recommendations on
Procedure
implementation

● Serves as an operating guide

Guideline ● Is customized for each unique
system

Baseline
 Security Policy Framework

Standard

● Is the final element of formalized

security policy structure
Procedure
● Describes actions for implementing
the security mandates

● Is system and software specific

Guideline
● Ensures integrity of the business
process

Baseline
 Security Policy Framework

● Defines the compulsory

requirements
Standard
● Provides a course of action

● Is a tactical document
Procedure

Guideline

Baseline
 Due Care and Due Diligence

Due Care Due Diligence

● Reasonable care is taken in ● Is about practicing the activities

protecting the organization
● Pertains to the legal duty of the
organization
● Lack of due care is considered
negligence
that maintain the due care effort
● Pertains to best practices that a
company should follow
● Might not be legally liable
Cybersecurity Mitigation Methods
 Information Technology Control

An IT control is a procedure or policy that provides a reasonable assurance that:

IT used by an organization is The organization is in

operating as intended compliance with laws
and regulations

Data is reliable
 Countermeasure

It is an action or method that is applied to prevent, avert, or reduce potential threats to:

Computers Networks Servers Operating

Information
systems
systems
 Countermeasure

It helps to mitigate or reduce the potential risk.

 Control Categories

Administrative Technical Physical

controls controls controls
 Administrative Controls

These are procedures and policies used to define employee actions toward sensitive information.
 Technical Controls

These are hardware or software mechanisms used to protect important and

confidential assets.
 Physical Controls

These are security measures designed to deny unauthorized access.

 Physical Controls

Detective
Deterrent Corrective
Preventive Recovery Compensating
 Defense in Depth or Layered Approach

It is the act of using multiple layers of security controls to protect the integrity of information.
 Defense in Depth or Layered Approach

Its intent is to provide increased security through intentional redundancy based

on multi-layered security approach.

Personnel Procedural

Technical Physical
Defense in Depth or Layered Approach
 Identity Management

It is an organizational process for identifying, authenticating, and authorizing individuals or

groups of people.

Identified Authenticated Authorized

 Identity Management

It enables the right users to access the right resources at the right time for the right reasons.
 IAM Components

Authentication Authorization

The components of
IAM are:

User Management Central user repository

 Identification and Authentication

Identification Authentication

Identify a user or an application in Prove that a user or an application

the system is genuine
 Identification and Authentication

Something you know Something you have

Password Token card

Something you are or do Where you are

Biometric Location
 Multi-Factor Authentication

It is an authentication method where a user is granted access after

presenting two or more evidences.
 Two-Factor Authentication

It is a subset of multi-factor authentication, confirming that users are

granted access with a combination of two different factors.
 Multi-Factor Authentication

It is an authentication method where a user is granted access after

presenting two or more evidences.
 Authorization

It is the process of determining what types of activities, resources, or

services a user is permitted.
 Authorization

A user may be authorized for different types of activity once authenticated.

 Accountability

It is the traceability of actions performed on a system to a specific system entity.

 Accountability

User identification and authentication User ID and password destroy

support accountability accountability
 Auditing

It is a manual or a systematic measurable technical assessment of a system or application.

Reviewing
Interviewing staff applications and OS
access controls

Analyzing physical
Performing security
access to the
vulnerability scans
systems
 Monitoring

It is a manual or a systematic measurable technical assessment of a system or application.

Defining the behavior types Taking actions on alerts

to trigger alerts as needed
 Patch Management

It involves acquiring, testing, and installing multiple patches to an administered computer system.
 Patch Management Tasks

Maintain knowledge of Decide appropriate patches Ensure that patches are

available patches for particular systems installed properly

Test systems Document all

after installation associated procedures
 Patch Management: Example

The outbreak of WannaCry ransomware became large and intense

because of a missing security patch.
 System Hardening

It is a collection of tools, techniques, and best practices to reduce vulnerability.

Technology
Systems
applications

Infrastructure Firmware
 System Hardening: Purpose

It eliminates security risks and secures a system by reducing its attack surface.
 System Hardening Activities

Use encryption

Update security Remove unnecessary

patches and hotfixes programs and user
on time accounts
Hardening
activities for
Monitor security a computer Create strong
bulletins system passwords
includes:

Install anti-virus and

Close certain ports spyware protection
system

Deny file sharing

 Change Control

It is a systematic approach to manage all changes made to a product or system.

 Change Control: Purpose

All changes are

documented

No unnecessary Services are not disrupted

changes are made

Resources are used

efficiently
 Change Control: Purpose

Possible
Formal RFC Implementation
rollback

Change Change approval Review

request board
 Asset Management

It is the systematic process of developing, operating, maintaining, upgrading,

and disposing of assets cost-effectively.
 Asset Management Lifecycle

Procurement 1 2 Deploy and discover

Retirement and disposal 5 3 Maintain

4 Support
 Data Management

Data is the smallest piece of information in any form.

Text documents Images

Audio clips Software programs

 Data Management

It is an administrative process to ensure the accessibility, reliability, and timeliness of the data for its users.

Storing data

Protecting data
Validating data

Acquiring data Processing

data
 States of Data

They describe the different modes whereby data is used by a computing equipment.
 Three Basic States of Data

Data at rest Data in transit Data in use

 Information Lifecycle

Acquisition: Indexed
system data

Disposal: Stored data for Archival: Backup,

destruction protection, and retention

Use: Challenges in
protection
 Information Lifecycle

It is an ongoing It helps ensure data is

process protected

Metadata must be at the It helps indicate the level of data

right classification level protection

Classification level must be attached

to the information lifecycle
 Encryption

It describes the different modes whereby data is used by a computing equipment.

Encryption
 Encryption

Protects data in transit over Protects information stored

networks on computers

Deters and detects Verifies the authenticity of a

alterations of data transaction
 Cryptography

Cryptography is the science of protecting information by encoding it into an

unreadable format.
Cryptography
 Factors Influencing Effective Encryption

The non-existence of
back doors

Algorithm strength, The inability to decrypt an

secrecy, and difficulty entire cipher text
of compromising a key
 Types of Encryption

Symmetric Encryption Asymmetric Encryption

 Symmetric Encryption

Symmetric encryption is based on the same key or private key to encrypt plain text
and decrypt ciphertext.

• Uses one key to encrypt and • Shares the key with the
decrypt receiver
• Uses less processing power
 Symmetric Encryption

Common private key cryptography systems:

Data Encryption Standard (DES) Advanced Encryption Standard (AES)

64-bit 128-bit to 256-bit

 Asymmetric Encryption

Solves the problem of sharing the key with the receiver

 Asymmetric Encryption

Services of cryptography:

Authentication Non-repudiation Confidentiality

Validates the Prevents denial Controls who reads

sender’s identity of action the data
 Incident Response

It is an organized approach to address and manage the aftermath of a security breach.

 Incident Response: Goals

Reduces damage, recovery Manages potential

time, and costs disruption to IT service

Has normal service Minimizes the adverse

operations within SLAs impact on business
operations
 Security Training

It is an organized approach to addressing and managing the aftermath of a security breach

or cyber attack.
 Security Awareness

It is the process of exposing people to security issues so that they may be able to recognize
them and better respond to them.
 Key Takeaways

Cybersecurity refers to a set of techniques used to protect the integrity

of network programs and data from attack, damage, and unauthorized
access.

Malware is a software that is designed to cause damage to a

computer, server, client, or network. The types of malware
include worm, spyware, virus, trojan, and logic bomb.

Strategic plan, tactical plan, and operational plan are the types of
security management plans.

Change control is a systematic approach for managing all

changes made to a product or system.