Topic: Introduction to Cyber Security

Presented By:

Rakib Hossen
Lecturer and Chairman (Acting)
Dept. of Cyber Security Engineering (CySE), BDU
 What is security?
• In general, security is “the quality or state of being secure—to
be free from danger.”
• A successful organization should have the following multiple
layers of security:-
❑ Physical security
❑ Personnel security
❑ Operations security
❑ Communications security
❑ Network security
❑ Information security
 What is Cyber security
• We can divide cybersecurity into two parts:
❑ Cyber: refers to the technology that includes systems,
networks, programs, and data.
❑ Security: means the protection of systems, networks,
applications, and information.

• Also called electronic information security or information

technology security.
 What is Cyber security
• Cyber security is the protection of internet-connected systems such
as hardware, software and data from cyber threats

• Cyber security is the practice of protecting systems, networks, and

programs from cyber attacks and unauthorized access

• The technique of protecting internet-connected systems such as

computers, servers, mobile devices, electronic systems,
networks, and data from malicious attacks is known as cyber
security
 What is Cyber security
• "Cyber Security is the body of technologies, processes, and practices
designed to protect networks, devices, programs, and data from
attack, theft, damage, modification or unauthorized access.“

• "Cyber Security is the set of principles and practices designed to

protect our computing resources and online information against
threats."
 History of Cyber security
• 1968, Maurice Wilkes discusses password security in Time-Sharing
Computer Systems.

• 1975, The Federal Information Processing Standards (FIPS) examines

Digital Encryption Standard (DES) in the Federal Register.

• 1979, Dennis Ritchie publishes “On the Security of UNIX” and “Protection
of Data File Contents,” discussing secure user IDs and secure group IDs,
and the problems inherent in the systems.

• Today, the Internet brings millions of unsecured computer networks into

continuous communication with each other.
Three Pillars of Cyber security
The Cyber security Process
Five major Elements of Cyber Security
 Cyber Security Goals
The objective of Cyber Security is to protect information from being
stolen, compromised or attacked. Cyber Security can be measured by
at least one of three goals-

❑ Protect the confidentiality of data.

❑ Preserve the integrity of data.

❑ Promote the availability of data

for authorized users.

 Why Does Cyber security Matter?
❑ Protecting sensitive information

❑ Defending against cyber threats

❑ Maintaining the security of critical infrastructure

❑ Ensuring business continuity

❑ Enhancing network security

❑ Collaborating with security analysts

❑ Adhering to regulatory compliance

❑ Addressing insider threats

❑ Evaluating and implementing Cyber Security solutions

 Principles of Cyber Security (CIA Triad)
▪ Cyber Security's main objective is to ensure data protection.
▪ The security community provides a triangle of three related principles
to protect the data from cyber-attacks. This principle is called the CIA
triad.

Figure 1.1 Taxonomy of security goals

What are the key goals of Cyber security?
CIA Triad(Con..)
 Confidentiality
❑ Confidentiality is probably the most common aspect of information security.
❑ It also equivalent to privacy and avoids the unauthorized disclosure of
information
❑ We need to protect our confidential information.
❑ It involves the protection of data, providing access for those who are
allowed to see it while disallowing others from learning anything about
its content.
❑ It prevents essential information from reaching the wrong people while
making sure that the right people can get it.
❑ Data encryption is a good example to ensure confidentiality.
Tools for Confidentiality
 Integrity
❑ Information needs to be changed constantly. Integrity means that

changes need to be done only by authorized entities and through

authorized mechanisms.

❑ Integrity refers to the methods for ensuring that data is real, accurate and

safeguarded from unauthorized user modification.

❑ It is the property that information has not be altered in an unauthorized way, and

that source of the information is genuine.

Tools for Integrity
 Availability
❑ The information created and stored by an organization needs to be
available to authorized entities.
❑ Information needs to be constantly changed, which means it must be
accessible to authorized entities.
Tools for Availability
❑ Physical Protections
❑ Computational Redundancies
 Authentication
Verifying the identity of users or systems to ensure they are who
they claim to be.
 Authorization
Granting or denying access to resources based on a user’s permissions
or privileges limits what actions they can perform.
 Non Repudiation
Providing proof that a specific action or transaction occurred, makes it
difficult for individuals to deny their involvement.
Why is cyber security important?
 Cyber Security for business:
Here are the 11 key advantages of Cyber Security for business:

❑ Protects personal data

❑ Helps preserves reputation
❑ Enhances productivity
❑ Assists the remote workspace
❑ Regulation compliance
❑ Improves cyber posture
❑ Better data management
❑ Helps educate and train the workforce
❑ Helps maintain trust and credibility
❑ Streamline access control
❑ Supports the IT team
 What are the benefits of cyber security?
The benefits of implementing and maintaining cyber security practices include:

❑ Business protection against cyber-attacks and data breaches.

❑ Protection for data and networks.

❑ Prevention of unauthorized user access.

❑ Improved recovery time after a breach.

❑ Protection for end users and endpoint devices.

❑ Business continuity.

❑ Regulatory Compliance.

❑ Improved confidence in the company’s reputation and trust for developers,

 Cyber security vendors and tools
Vendors in the cyber security field typically offer a variety of security products and
services. Common security tools and systems include:
❑ Identity and access management (IAM)
❑ Firewalls
❑ Endpoint protection
❑ Antimalware/Antivirus
❑ Intrusion prevention/detection systems (IPS/IDS)
❑ Data loss prevention (DLP)
❑ Endpoint detection and response
❑ Security information and event management (SIEM)
❑ Encryption tools
❑ Vulnerability scanners
❑ Virtual private networks (VPNs)
❑ Cloud workload protection platform (CWPP)
❑ Cloud access security broker (CASB)
What are the career opportunities in cyber security?
 Types of Cyber Security
❑ Network Security: secure a computer network from unauthorized access, intruders, attacks,
disruption, and misuse.
❑ Application Security: Protecting the software and devices from unwanted threats.
❑ Information or Data Security: maintain the integrity and privacy of data, both in storage and
in transit.
❑ Identity management: It deals with the procedure for determining the level of access that each
individual has within an organization.
❑ Operational Security: It involves processing and making decisions on handling and securing
data assets.
❑ Mobile Security: securing the organizational and personal data stored on mobile devices such as
cell phones, computers, tablets, and other similar devices against various malicious threats.
❑ Cloud Security: protecting the information stored in the digital environment or cloud
architectures for the organization.
 What is Cyber Crime?
• Cybercrime means the use of a computer as an instrument to further
illegal ends, such as committing fraud, trafficking in child
pornography and intellectual property, stealing identities, or
violating privacy.
It Includes:
✓Illegal access
✓Illegal Interception
✓System Interference
✓Data Interference
✓Misuse of devices
✓Fraud
Types of Cyber Crime?
 What is Cyber Attack?
•A threat in cybersecurity is a malicious activity by an
individual or organization to corrupt or steal data, gain
access to a network, or disrupt digital life.

• Common Cyber attacks are:

 Hacker
• A hacker is a person who breaks into a computer system.
• The reasons for hacking can be many: installing malware, stealing or
destroying data, disrupting service, and more.
• Hacking can also be done for ethical reasons, such as trying to find
software vulnerabilities. so they can be fixed. Some common types of
hacker are:
Why Cyber Security?
 How to ensure Cyber Security
1. User education: Human error is the leading cause of data breaches. Therefore,
you must equip staff with the knowledge to deal with the threats they face.
2. Application security: Web application vulnerabilities are a common point of
intrusion for cybercriminals.
3. Network security: Network security is the process of protecting the usability and
integrity of your network and data. This is achieved by conducting a network
penetration test, which assesses your network for vulnerabilities and security issues.
4. Leadership commitment: Leadership commitment is key to cyber resilience.
Without it, it is tough to establish or enforce effective processes.
5. Password management: Almost half of the UK population uses ‘password’,
‘123456’ or ‘qwerty’ as their password. You should implement a password
management policy to guide staff to create strong passwords and keep them secure.
Thank You