Cybersecurity Essentials Course

Dr. Eng. Eman Zahran

 Course Outline
By the end of this course you will be able to:

❑understand the basics Concepts of the cybersecurity

field.
❑ Explore the characteristics of and tactics used by
cybercriminals
❑explore the technologies, products, and procedures
cybersecurity professionals use to combat
cybercrime.
❑ Explain the purpose of laws related to cybersecurity
Overview on the Basic concepts of
Cybersecurity
• Why Do we need Cybersecurirty?
• The foundational principles for protecting
information systems.
• Types of Cyber criminals.
• Categories of Cyber crime.
Overview on Cybersecurity Cont.
Definition of Cybersecurity

Cybersecurity is the ongoing effort to protect individuals, organizations and

governments from digital attacks by protecting networked systems and data from
unauthorized use or harm.
Overview on Cybersecurity Cont.
Types of Data include:

• Personal
On a personal level, you need to safeguard your identity, your
data, and your computing devices.
• Organizational
At an organizational level, it is everyone’s responsibility to
protect the organization’s reputation, data and customers.

• Government
As more digital information is being gathered and shared, its
protection becomes even more vital at the government level,
where national security, economic stability and the safety and
wellbeing of citizens are at stake.
Protection of Personal Data
• Offline identity
Your offline identity is the real-life persona that you present
on a daily basis at home, at school or at work. As a result,
family and friends know details about your personal life,
including your full name, age and address
• Online identity
Your online identity is not just a name. It’s who you are and
how you present yourself to others online. It includes the
username you use for your online accounts, as well as the
social identity you establish and portray on online
communities and websites.
Protection of Personal Data Cont.

Tips to help you generate your username:

• Don’t use your full name or parts of your address
or phone number.
• Don’t use your email username.
• Don’t use the same username and password
combination, especially on financial accounts.
• Don’t choose a username that gives clues to your
passwords work, such as IT.
• Choose a username that’s appropriate for the type
of account, i.e., business, social or personal.
 Your Data

• Personal Information
• Medical Records
• Education Records
• Employment and
Financial Records
What Do Hackers Want?

• Of course, they want user’s money.

A cybercriminal can take advantage of your relationships,
accessing your online accounts and impersonating family
members and sending messages stating that they need
money wired in order to get home from abroad after losing
their wallets.
What Do Hackers Want?
Banking
• Stealing private data can help cybercriminals access bank
accounts, credit cards, social profiles and other online
accounts. They could even take out loans in your name
Medical Theft
• cybercriminals stealing medical insurance to use the benefits
for themselves.
Who Else Wants Your Data?

• Internet service provider (ISP)

ISP tracks your online activity and, in some countries, they can
sell this data to advertisers for a profit.

In certain circumstances, ISPs may be legally required to share

your information with government surveillance agencies or
authorities.
• Advertisers
Advertisers monitor and track your online activities such as
shopping habits and personal preferences and send targeted ads
your way.
Who Else Wants Your Data?

• Search engines and social media platforms

These platforms gather information about your gender, geo-

location, phone number and political and religious ideologies
based on your search histories and online identity. This
information is then sold to advertisers for a profit.
• Websites you visit
Websites use cookies to track your activities in order to provide a
more personalized experience. But this leaves a data trail that is
linked to your online identity that can often end up in the hands
of advertisers
 The Cube

It’s a security model framework created by John McCumber in

1991 to help organizations consider all of the related factors that
impact them. This model has three dimensions:

• The foundational principles for protecting information

systems.
• The protection of information in each of its possible states.

• The security measures used to protect data

 The foundational principles for protecting
information systems

The CIA triad: it is a

common model that forms
the basis for the
development of security
systems
The foundational principles for protecting
information systems
• Confidentiality
Is a set of rules that prevents sensitive
information from being disclosed to
unauthorized people, resources and
processes.
Methods to ensure confidentiality
include data encryption, identity
proofing and two factor
authentication.
The foundational principles for protecting
information systems
• Integrity
Ensures that system
information or
processes are protected
from intentional or
accidental modification.
One way to ensure
integrity is to use
a hash function.
The foundational principles for protecting
information systems
• Availability
Means that authorized users are
able to access systems and data
when and where needed and
unauthorized are not.
Availability can be achieved
by maintaining
equipment, performing
hardware repairs, keeping
operating systems and software
up to date, and creating backups.
The protection of data in each state:

• Processing refers to data that is being used to perform an

operation (data in process).

• Storage refers to data stored in memory or on a hard drive,

solid-state drive or USB drive (data at rest).

• Transmission refers to data traveling between information

systems (data in transit).
The security measures used to protect data
Awareness, training and education
Are the measures put in place by an organization to ensure
that users are knowledgeable about potential security threats and the
actions they can take to protect information systems.

Technology
Refers to the software- and hardware-based solutions designed to
protect information systems from possible malicious incidents.

Policy and procedure

Refers to the administrative controls that provide a foundation for how
an organization implements information assurance.
Security Breaches
Definition
A security breach means unauthorized access to a
device, facility, program, network, or data. It can
involve the breach of security measures that protect
data, network systems, or physical hardware assets, and
it’s often the precursor to private data being copied,
shared, or stolen in a data breach
How it occurs?
1- Malware: The attacker infects a system with malware that’s
designed to steal sensitive data, system resources, or cause
damage to the system.
Security Breaches Cont.

2- Phishing: by sending a seemingly legitimate email including a

link to a fake website or login page to reveal sensitive data that
help attacker access to an account like an online banking account.

3- Physical: These breaches could involve an attacker stealing or

a piece of your equipment in order to gain access to your system
or steal data.

4- Insider threats: These breaches are carried out by employees

abusing their security clearance to access sensitive data. But they
can also occur unintentionally by employees with weak
passwords.
Consequences of a Security Breach

• Reputational damage:
A security breach can have a negative long-term impact on an
organization’s reputation that has taken years to build.
• Vandalism:
A hacker or hacking group may vandalize an organization’s
website by posting untrue information.
• Theft:
A data breach often involves an incident where sensitive personal
data has been stolen.
• Loss of revenue:
Hackers can take down an organization’s website, preventing it
from doing business online
 Cybersecurity Criminals
Attackers are individuals or groups who attempt
to exploit vulnerability to breaks into computers
or networks for personal or financial gain

Types of Attackers

– White hat attackers break into networks or computer

systems to discover weaknesses in order to improve the
security of these systems.

– Gray hat attackers are somewhere between white and

black hat attackers. The gray hat attackers may find a
vulnerability and report it to the owners of the system
if that action coincides with their agenda.

– Black hat attackers are unethical criminals who

violate computer and network security for
personal gain, or for malicious reasons, such as
attacking networks for political gain.
 Cybersecurity Criminals(Cont.)
• Script Kiddies - Teenagers or hobbyists mostly vandalism, have little or no
skill, often using existing tools or instructions found on the Internet to launch
attacks.

• Vulnerability Brokers - Grey hat hackers who attempt to discover exploits and
report them to vendors, sometimes for prizes or rewards.

• Hacktivists - Grey hat hackers who protest against different political and social
ideas. Hacktivists publicly protest against organizations or governments by
posting articles, videos, leaking sensitive information

• State Sponsored Hackers - steal government secrets, gather intelligence, and

sabotage networks. Their targets are foreign governments, terrorist groups
Threats on organizational data
Internal
Employees, contract staff or trusted partners can accidentally or intentionally:

• mishandle confidential data

• facilitate outside attacks by connecting infected USB media into the
organization’s computer system
• invite malware onto the organization’s network by clicking on malicious
emails or websites
• threaten the operations of internal servers or network infrastructure devices.

External
Amateurs or skilled attackers outside of the organization can:

• exploit vulnerabilities in the network

• gain unauthorized access to computing devices

Cyberwarfare
Cyberwarfare the use of technology to penetrate and attack
another nation’s information systems and computer networks
in an effort to cause damage or disrupt or shutdown services
Cyberwarfare Cont.

Cyberwarfare can destabilize a nation, disrupt its commerce, and

cause its citizens to lose faith and confidence in their government.
Purposes:
to steal defense secrets and gather information about technology
that will help narrow the gaps in its industries and military
capabilities.

To impact another nation’s infrastructure to cause disruption.

Cyber Attacks
A cyber attack is malicious attempt to access or damage a
computer or a network system to steal, alter, disable or
destroy information through an unauthorized access to the
computer system.
 Different kinds of Malware

• Spyware
• Adware
• BACKDOOR
• RANSOMWARE
• Scareware
• Rootkit
• Virus
• Trojan
• worms
spyware
Designed to track and spy on you, spyware monitors your online
activity and can log every key you press on your keyboard.

Capture almost any of your data, including sensitive personal

information such as your online banking details.

Spyware does this by modifying the security settings on your

devices.
Adware

Is often installed with some versions of software .

Designed to automatically deliver advertisements to a user, most

often on a web browser.

You know it when you see it! It’s hard to ignore when you’re
faced with constant pop-up ads on your screen.
BACKDOOR

This type of malware is used to gain

unauthorized access by bypassing the normal
authentication procedures to access a system.
As a result, hackers can gain remote access
to resources within an application and issue
remote system commands.

A backdoor works in the background and is

difficult to detect.
RANSOMWARE

• This malware is designed to hold a computer system or the

data it contains captive until a payment is made. Ransomware
usually works by encrypting your data so that you can’t access
it.
• Some versions of ransomware can take advantage of specific
system vulnerabilities to lock it down.
• Ransomware is often spread through phishing emails that
encourage you to download a malicious attachment or through
a software vulnerability.
Scareware

• This is a type of malware that uses 'scare’ tactics to trick

you into taking a specific action. Scareware mainly
consists of operating system style windows that pop up to
warn you that your system is at risk and needs to run a
specific program for it to return to normal operation.

• If you agree to execute the specific program, your system

will become infected with malware
Rootkit
This malware is designed to modify the operating system.
The rootkit can affect the operating system as follows:
Rootkits can install other types of malware within your
network, making detecting and removing them
difficult.

Cybercriminals use rootkits to gain unauthorized remote

access to a system, so they can steal or modify
information without detection

Hackers can use a rootkit to open a “backdoor” into your

operating system, allowing them to access a network
Virus
A type of computer program that, when executed, replicates and
attaches itself to other executable files, such as a document, by
inserting its own code.
Most viruses require end-user interaction to initiate activation and
can be written to act on a specific date or time.

Viruses can be relatively harmless, such as those that display a

funny image. Or they can be destructive, such as those that
modify or delete data
 Trojan horse

• A very dangerous malware

carries out malicious
operations
• Trojans exploit your user
privileges and are most
often found in image files,
audio files or games.
 Worms

It is a type of malware that replicates itself in order to

spread from one computer to another.
Unlike a virus, which requires a host program to run,
worms can run by themselves.
Other than the initial infection of the host, they do
not require user participation and can spread very
quickly over the network.
Symptoms of Malware
some common symptoms of malware include:
• an increase in central processing unit (CPU) usage, which
slows down your device
• your computer freezing or crashing often
• a decrease in your web browsing speed
• unexplainable problems with your network connections
• modified or deleted files
• the presence of unknown files, programs or desktop icons
• unknown processes running
• programs turning off or reconfiguring themselves
• emails being sent without your knowledge or consent
 outline
You learned:
Basics of cybersecurity
CIA triad
Characteristics of hackers
Types of hackers
Types of malwares