cyber attacks and cyber security part one learning objectives why are computer incidents so prevalent and

what are
their effects what can be done to implement a strong security program to prevent cyber attacks and what actions
must be taken in the event of a successful security intrusion the threat landscape the security of data and
information systems use in business is of utmost importance confidential business data and private customer and
employee information must be safeguarded and systems must be protected against malicious acts of theft or
disruption business managers i.t professionals and it users all face a number of complex trade-offs when making
decisions regarding i.t security such as the following how much effort and money should be spent to safeguard
against computer crime what should be done if recommended i.t security safeguards make conducting business
more difficult resulting in lost sales and increased cost if a firm is a victim of a cyber crime should it pursue
prosecution of the criminals maintain a low profile to avoid negative publicity inform affected customers or take
some other action why computer incidents are so prevalent part 1 increasing complexity increases vulnerability as
more devices are added the number of network entry points grows increasing security risk expanding and changing
systems introduce new risk it organizations must keep up with technological change perform ongoing security
assessments implement approaches for dealing with new risk increasing prevalence of byod policies bring your
own device is a business policy that permits employees to use their own mobile devices to access company
computing resources why computer incidents are so prevalent part two growing reliance on commercial software
with known vulnerabilities in computing an exploit is an attack on an information system that takes advantage of a
particular system vulnerability often this attack is due to poor design of a system or implementation zero day attack
takes place before the security community or software developer becomes aware of and repairs a vulnerability
increasing sophistication of those who would do harm today's computer manage is much better organized it may
be part of an organized group with greater depth of knowledge and expertise in getting around computer and
network security safeguards the table provides the classification of perpetrators of computer crime black hat
hacker someone who violates computer or internet security maliciously or for illegal personal gain cracker an
individual who causes problems steals data and corrupts systems malicious insider an employee or contractor who
attempts to gain financially and or disrupt a company's information systems industrial spy an individual who
captures trade secrets to gain an unfair competitive advantage cyber criminal someone who attacks a computer
system for financial gain activist an individual whose goal is to promote a political ideology cyber terrorist someone
who attempts to destroy government infrastructure financial institutions and other corporations utilities and
emergency response units types of exploits part 1 ransomware malware that stops you from using your computer
or accessing your data until you meet certain demands such as playing a ransom virus a piece of programming
code disguised as something else that causes a computer to behave in an unexpected and usually undesirable
manner warm a harmful program that resides in the active memory of the computer and duplicates itself trojan
horse a program in which malicious code is hidden inside a seemingly harmless program logic bomb executes
when triggered by a specific event types of exploits part two blended threat an attack that combines the features of
a virus worm trojan horse and other malicious code into a single payload spam the use of email systems to send
unsolicited email to large numbers of people controlling the assault of non-solicited pornography and marketing or
can spam act make spam legal with certain restrictions the email must include a real return address a label
specifying that it is an ad or solicitation and a way for recipients to opt out of future emails captcha or the
completely automated public touring tests to tell computers and humans apart software that generates and grades
tests that humans can pass but computer programs cannot types of exploits part 3 distributed denial of service or
ddos attack an attack that takes over computers via the internet causing them to flood a target site with demands
for data and other small tasks rootkit a set of programs that enables its user to gain administrator level access to a
computer without the end user's consent or knowledge advanced persistent threat or apt an attack in which an
intruder gets access to a network and stays there undetected with the intention of stealing data over a period of
weeks or months types of exploits part 4 phishing the act of fraudulently using email to try to get the recipient to
reveal personal data fishing a variation of fishing in which the fisher sends fraudulent emails to an organization's
employees smishing a variation of fishing in which the victims receive a legitimate looking text message telling
them to call a specific phone number or log onto a website wishing a variation of phishing in which the victims
receive a voicemail message telling them to call a phone number or access a website types of exploits part 5 cyber
espionage the deployment of malware that steals data from government agencies military contractors political
organizations or manufacturing firms cyber terrorism the intimidation of a government or ac billion population by
using i.t to disable critical national infrastructure republic act number 10175 or the cyber crime prevention act of
2012 is an act defining cyber crime providing for the prevention investigation suppression and the imposition of
penalties for other and other purposes next loss for prosecuting computer attacks general risk assessment
process and regulatory standards compliance
cyber attacks and cyber security part three regulatory standards compliance philippine setting an
organization may be required to comply with external standards examples include ra145 or the bank
secrecy law an act prohibiting disclosure of or inquiry into deposits with any banking institution and
providing penalty september 9 1955 ra-8792 e-commerce act provides for the legal recognition of
electronic documents messages and signatures for commerce transactions in government and
evidence in legal proceedings health insurance portability and accountability act that regulates the
use and disclosure of an individual's health information according to ra10173 data privacy act in the
philippines security dashboards these are software that provides a comprehensive display of all key
performance indicators related to an organization security defenses which includes threats exposures
policy compliance and incident alerts it also reduces the effort required to monitor identify and
respond to threats some examples of free softwares predictive analytics includes google data studio
scifi data box click view personal edition clubio qubit business intelligence bilbao in arcadia data
instant while for those proprietary softwares sisense i dashboards microsoft power bi pro sap lumina
or lumira sub crystal dashboard design tableau ibm cognos analytics thoughtspot and good data and
many others implementing cia at the network level organizations must carefully manage the security
of their network and implement strong measures to ensure that sensitive data are not accessible to
anyone who is not authorized to see it an organization must authenticate users attempting to access it
networks through username and password smart card and appian fingerprint voice pattern sample
retina scan also multi-factor authentication schemes can be included or used like biometrics one-time
passwords hardware tokens that plug into a usb port and generate a password firewalls and routers
installation of a corporate firewall is the most common security precaution taken by businesses
firewall is a system of software indoor hardware that stands guard between an organization's internal
network and the internet next generation firework or ngfw is a hardware or software-based network
security system that blocks attacks by filtering network traffic based on pocket contents while router is
a networking device that connects multiple networks and transmits data packets between networks
routers allows you to create a secure network by assigning it a passphrase and specify unique media
access controller mac address for each legitimate device connected to the network and prevent access
by any other device encryption it is the process of scrambling messages or data in such a way that
only authorized parties can read a key is a value that is applied to unencrypted text to produce
encrypted text that is unreadable by those without the encryption key two types of encryption
algorithms can be symmetric and asymmetric the transport layer security or tls is a communications
protocol that ensures privacy between communicating applications and their users on the internet
that the ls enables a client to initiate a temporary private conversation with the server proxy servers
and virtual private networks the process server acts as an intermediary between a web browser and
another server on the internet you enter the url for a website into your browser the request is
forwarded to the proxy server which relates the request to the server where the website is hosted the
web page is returned to the process server which then passes it on to you the result the website sees
the proxy server as the actual visitor and not you the virtual private network or vpn enables remote
users to securely access an organization's computing resources and share data by transmitting and
receiving encrypted data over public networks such as the internet intrusion detection system is a
software and or hardware that monitors system resources and activities and issues an alert when it
detects network traffic attempting to circumvent security measures two approaches to inclusion
detection knowledge based contains information about specific attacks and system vulnerabilities and
watches for attempts to exploit this vulnerabilities behavior-based models normal behavior of a
system and its users based on reference information compares current activity to this model and
looking for deviations authentication methods user roles and accounts and data encryption are key
elements of the application security layer single factor requires only one credential like password
while two-factor requires two types of credentials like bank card and a pin user roles and accounts
used to give users authority to perform their responsibilities within an application and nothing more
while data encryption protects data being used within application from unauthorized access
implementing cia at the end user level include security education educate end users about the
importance of security so they are motivated to understand and follow security policies authentication
methods require end users to implement a security passcode that must be entered before their device
accepts further input anti-virus software the virus is a specific sequence of bytes that indicates the
presence of a previously identified virus data encryption full disk encryption protects storage devices
end or hardware drives so they cannot be removed from a computer and plug into another computing
device response to cyber attack an organization should be prepared for the worst a successful attack
that defeats all or some of his system's defenses and damages data and information systems the
philippines has the national computer emergency response teams that coordinate and report
incidences this includes other government agencies like government computer emergency response
team sectoral computer emergency response team and organizational computer emergency response
team next is the response to cyber attack

cyber attacks and cyber security part 4 incident notification a key element of any response plan is to
define who to notify and who not to notify in the event of a computer security incident from january
to july 2020 according to 882 reported incidents from the insert.gov.ph website there are 39.5 percent
of fake news and fake website protection of evidence and activity logs are very important an
organization should document all details of a security incident as it works to resolve security incident
capture all system events the specific actions taken like what when and who in all external
conversations in a log book eradication and incident follow-up eradication before the iit security
group begins eradication efforts it must collect and lug all possible criminal evidence and then verify
all backups are current complete and free of malware incident follow-up is an essential part of follow-
up to determine how the organization's security was compromised so that it does not happen again a
formal incident report includes a detailed chronology of events and the impact of the incident using
an mssp or the managed security service provider is a company that monitors manages and maintains
computer and network security for other organizations many small and mid-sized organizations use an
mssp because the level of in-house network security expertise needed to protect their business
operations is too costly to acquire and maintain philippine-based companies like cyber security
philippines cert hat fleet executor inc and many others are examples of these companies computer
forensics this combines elements of law and computer science to collect examine and preserve data
from computer devices and networks in a manner that preserves the integrity of the data gathered so
it is admissible as evidence in court proper handling computer forensics investigation is the key to
fighting computer crime successfully in court ec council is the owner and creator of the world class
famous certified ethical hacker or ceh and active learning is an authorized training partner of ec council
in the philippines forensic data analytics is also happening in sgb consulting summary part one why
are computer incidents so prevalent and what are their effects reasons include increasing computing
complexity expanding and changing systems and increasing the prevalence of byod policies a growing
reliance on software with known vulnerabilities and increasing sophistication of those who would do
harm exploit an attack or non-information system that takes advantage of a particular system
vulnerability often a result of poor system design or implementation part 2 perpetrators of computer
crime includes black hat hacker cracker malicious insider industrial spy cyber criminal activist and
cyber terrorism white attacker hired by an organization to test the security of its information systems
allowing the organization to improve its defenses summary part 3 common computer exploits includes
ransomware viruses and worms trojan horses logic bombs blended threats spam ddos attacks and
rootkits advanced persistent threats fishing spear fishing smishing and wishing cyber espionage and
cyber terrorism summary part 4 what can be done to implement a strong security program to prevent
cyber attacks cia security triad confidentiality integrity and availability of i.t resources and data the
dict cyber cybersecurity bureau through the national computer emergence response stem or desert ph
has been monitoring and receiving reports on cyber attacks regarding the academic or academe sector
over the past weeks a new critical vulnerability or cve 2020 1206 affecting microsoft vendors operation
system server message block or smb protocol was recently publicly disclosed too summary part 5 this
also includes the reasonable assurance or the managers must use their judgment to ensure that the
cost of control does not exceed the system's benefit or the risk involved network security layer key
elements are the authentication methods firewall routers encryption proxy servers vpn and on ids
application security layer key elements includes authentication methods user roles and accounts and
data encryption while the end user security layer has the security education authentication methods
anti-virus software and data encryption as key elements summary part 6 what actions must be taken
in the event of a successful security intrusion a response plan must be developed well in advance of
any incident and should address notification protection of evidence and activity logs containment
eradication and follow-up organizations must implement fixes against well-known vulnerabilities and
conduct periodic id security audits summary part 7 many organizations use a managed security service
provider or mssp to monitor manage and maintain their computer and network security experts
trained in computer forensics collect examine and preserve data from computer devices and networks
in a manner that preserves integrity of the data so it is admissible as evidence in a court of law