Cyber Security

Essentials
Learning Outcomes:

1 Know about cybercrime.

2 Know about protective methods to maintain cybersecurity.

3 Know about legislation and codes of conduct related to

cybersecurity.
Common forms of cybercrime and motives:
●
Phishing: using fake email messages to get personal information
●
Stealing/misusing personal information (identity theft)
●
Hacking: accessing, shutting down or misusing websites, networks and IT systems
●
Advocating terrorism-related acts
●
Email and internet fraud
●
Theft of financial or card payment data
●
Theft and sale of corporate data
●
Cyberextortion (demanding money to prevent a threatened attack)
●
Ransomware attacks
●
Denial-of-Service (DoS) attack
●
Cryptojacking (where hackers mine cryptocurrency using resources they do not own)
●
Cyberespionage (where hackers access government or company data)
Cyber crime may threaten a person or a nation’s security and their

financial health. Cyber crimes that are committed against individuals

include, identity theft, cyber stalking, cyber bullying, harassment through

emails, and email spoofing.

How do you think this would make someone feel?

Social engineering: relies on human instinct of trust, carefully worded email, voicemail, or

text message from a cybercriminal can convince people to transfer money, provide

confidential information, or download a file that installs malware.

Tactics to defraud:
Phishing: tactics include deceptive emails, websites, and text messages to steal
information.
●
Spear phishing: email is used to carry out targeted attacks against individuals or
businesses.
●
Baiting: an online and physical social engineering attack that promises the victim a
reward.
●
Malware: victims are tricked into believing that malware is installed on their computer
and that if they pay, the malware will be removed.
●
Pretexting: uses false identity to trick victims into giving up information.
●
Vishing: urgent voice mails convince victims they need to act quickly to protect
themselves from arrest or other risk.

For example, by looking at each other’s social media accounts to identify information that
could potentially be used to defraud their peers.
Routine importance of cybersecurity testing.

Protective methods: practicing diligence, installing appropriate anti-

virus software, installing other appropriate security software, turning
on firewall, protecting personal information, browser safety, client
software, frequent and regular updating, care with email
attachments, not opening pop ups, avoiding emails from unknown
sources, not visiting suspect sites, anti-malware software, use and
protection of passwords, data protection (personal/financial
information), restricting access, regular backups.
The importance of cybersecurity testing.

Cyber security testing: measures the effectiveness of security

measures against a potential attack, can be manual or automated,

vulnerability testing to reduce the possibility for intruders (hackers) to

get unauthorised access, penetration testing (ethical hacking).

Purpose: to test an IT system, network or web application to find

security vulnerabilities that a cybercriminal could exploit.
Responsibilities of individuals and organisations as set out in key
legislation.

●
Current UK legislation that applies to different IT systems and data.
●
The principles and requirements of the data protection legislation (The
Data Protection Act, 2018, GDPR) and its impact on organisations, IT
systems and data.
●
Computer Misuse Act 1990, its definitions of illegal practices and the
impact it has on organisations, IT systems and data.
●
Other legislation could include: Official Secrets Act 1989, The Privacy
and Electronic Communications Regulations 2003.