Handout - Nitcs501 - Cyber Securitye
Handout - Nitcs501 - Cyber Securitye
Keep in mind that the main difference between a cyber threat and a cyber attack is that a cyber
threat refers to the possibility of a cyber attack happening, whereas the term cyber attack refers
to the actual attack that happens.
In today’s digital world, one cannot ignore cybersecurity. One single security breach can lead to
exposing the personal information of millions of people. These breaches have a strong financial
impact on the companies and also loss of the trust of customers. Hence, cyber security is very
essential to protect businesses and individuals from spammers and cyber criminals.
A data breach is any security incident in which unauthorized parties access sensitive or
confidential information, including personal data (Social Security numbers, bank account
numbers, healthcare data) and corporate data (customer records, intellectual property, financial
information).
1|Page
With the development of new technology, malicious actors continue to adapt and new players
and threats emerging across the globe – coupled with innovative methods of exploiting or
deploying existing tactics and strategies.
Cloud security refers to the strategies and technology designed to protect data and infrastructure
in cloud computing environments.
Black hat
A black hat is an individual who conducts illicit activities in cyberspace, such as hacking, for
personal or financial gain.
Antivirus software
Software designed to detect, neutralize or eradicate malware, including viruses, trojans and
worms.
Cyber criminals
These are individuals or groups that leverage technology to carry out illegal activities, such as
stealing sensitive data, disrupting digital life or manipulating systems for financial gain
Cyber espionage
Digital methods to access, steal, or destroy an entity’s sensitive data or intellectual property.
Threat Vector: A path or tool that a threat actor uses to attack the target.
Hacker
A term used to identify a cybercriminal who uses his cyber security skills to perform malicious
and unauthorized activities.
Malware
Malicious software that does harmful things or performs malicious actions on computers.
Social Engineering
It is the art of deceiving people to gain sensitive and valuable information about them.
2|Page
Encryption
The process of re-representing data in other forms using a key known as an encryption key.
Data breach
A data breach is any security incident in which unauthorized parties access sensitive or
confidential information, including personal data (Social Security numbers, bank account
numbers, healthcare data) and corporate data (customer records, intellectual property, financial
information).
The security of any organization starts with three principles: Confidentiality, Integrity,
Availability. CIA Triad is a model that is designed to guide policies for information
security in cyber security field. It is one of the most models used by organization.
Confidentiality: The principles of confidentiality assert that only authorized parties can
access sensitive information and functions.
3|Page
This means that the information should be accessible and readable only to authorized
personnel.
Integrity: The principles of integrity assert that only authorized people can alter, add, or
remove sensitive information and functions.
This means making sure that the data has not been modified by an unauthorized
entity.
4|Page
Some of the essential duties and responsibilities a cybersecurity Technician do are given
below:
Prevent data breaches
Ethical hacking to create a secure system and avoid any potential attacks
Identify the breach's cause and create a recovery plan
Address the security threat and prevent potential security breaches
In addition to the responsibilities mentioned above of a cybersecurity , some of the additional
duties of a cybersecurity analyst are given below:
Set and implement user access controls and management systems.
Monitor application and network performance to identify unnatural activities.
Perform regular audits to ensure that the security practices are compliant.
Deploy detection and prevention tools to block malicious attacks.
Set up management systems that can update applications automatically.
Work along with HR to educate employees on detecting suspicious activities in the
system.
Thus, the core roles and responsibilities in Cyber security is to identify, mitigate and manage
cyber risk to a digital asset.
IC 1.2: Describe Cyber Threats
IC1.2.1: Introduction to Cyber Threats
Definition of Cyber Threats
A cyber threat is anything that can exploit a vulnerability, intentionally or accidentally and
obtain, damage or destroy an asset.
Cyber threats can originate from a variety of sources, from hostile nation states and terrorist
groups, to individual hackers, to trusted individuals like employees or contractors, who abuse
their privileges to perform malicious acts.
5|Page
Cyber threat awareness helps educate your employees about malicious methods used by
cybercriminals, how they can be easy targets, how to spot potential threats and what they can do
to avoid falling victim to these insidious threats.
The threat landscape in Cyber Security is constantly changing, with new threats emerging on a
regular basis. In our interconnected digital world, threat landscape is constantly evolving,
presenting new challenges and risks to organizations of all sizes.
IC1.2.2: Types of Cyber Threats
Malware Threats Viruses, Worms and Trojans
Malware ( stands for malicious software) is software that’s designed with malicious intent, such
as computer viruses, worms, trojans and other malicious programs.
a) Viruses: A Computer virus is a type of malicious software that spreads between
computers and causes damage to data and software.
b) Worm: A computer worm is a standalone malware computer program that replicates
itself in order to spread to other computers.
c) Trojan: Trojan horse (or simply Trojan) is any malware that deceives users of its true
intent by masking itself as a standard program.
Self-replicates without
Replicates by attaching Does not replicate
Replication attaching to other
to other programs. itself.
programs.
Spreading
Moderate Fast Slow
Rate
Consume system
Modify or delete Steal sensitive
Objective resources and slow
information. information.
down systems.
System Can corrupt or delete Can cause significant This can lead to data
Impact files. slowdowns and breaches and
6|Page
Feature Virus Worm Trojan Horse
Phishing Attacks: Phishing is a type of threat that uses fraudulent emails, text
messages, phone calls or websites to trick people into sharing sensitive data.
Zero-Day Exploits
IC 1.3: Describe Cyber Vulnerabilities
IC 1.3.1: Introduction to Vulnerabilities
Definition of Vulnerabilities
Vulnerability is a weakness in a computer system that can be exploited by cybercriminals to
gain unauthorized access that asset.
7|Page
Vulnerabilities can be happened because of hardware or Software.
A. Hardware Vulnerability: It is a weakness which can be used to attack the system hardware
through physically or remotely.
For examples:
Old version of systems or devices
Unprotected storage
Unencrypted devices, etc.
B. Software Vulnerability:
A software error happen in development or configuration such as the execution of it can violate
the security policy. For examples:
Lack of input validation (refers to the failure to properly check and sanitize user inputs
before processing them)
Unverified uploads: It refer to the practice of allowing users to upload files to a system
or server without thoroughly validating the file content, type, size, or source. This
presents a serious security risk because attackers can exploit this vulnerability by
uploading malicious files, which can be used to compromise systems or perform
unauthorized actions
Unencrypted data: It refers to information that is stored or transmitted in its original,
readable form without any form of encryption
, etc.
Common Vulnerabilities
Misconfigured Security Settings
These misconfigurations refer to improper or inadequate configurations of security
controls, which can lead systems, applications, or networks vulnerable to attacks.
Unpatched Software
It refers to software that have not been updated with the latest security patches or
updates released by the software vendor.
Weak Passwords and Authentication
In cybersecurity a weak Passwords and Authentication refer to the use of insecure,
easily guessable passwords and ineffective authentication mechanisms, both of which
can significantly increase the risk of unauthorized access to systems and data.
Lack of Encryption.
It refers to the absence or improper use of encryption techniques to protect sensitive
data during storage, processing, or transmission.
Inadequate Access Controls.
Inadequate Access Controls refer to insufficient mechanisms and policies that govern
who can access systems, applications, or data, and what actions they can perform.
Software and Hardware Flaws.
They refer to vulnerabilities or weaknesses in software applications, operating
systems, or hardware components that can be exploited by attackers to compromise
the security of systems or data. These flaws can arise from design errors, coding
mistakes, misconfigurations, or manufacturing defects,
8|Page
IC 1.4: Cyber Attacks and Techniques
IC 1.4.1: Introduction to Cyber Attacks.
Definition of Cyber Attacks
A cyberattack – also known as a cybersecurity attack – is any form of malicious activity targeting
IT systems. It is any intentional effort to steal, expose, alter, disable, or destroy data, applications, or
other assets through unauthorized access to a network, computer system or digital device.
Goals and Objectives of Cyber Attacks
The goals and objectives of cyber-attacks are to gain unauthorized access to a computer system or
network to steal, alter, or destroy data:
Steal sensitive information
Cybercriminals can target individuals, organizations, and governments to steal sensitive information like
customer data, payment details, or intellectual property.
Disrupt services
Cyber-attacks can disrupt services, causing financial or reputational harm.
Control computer systems
Cyber-attacks can disable, disrupt, destroy, or control computer systems.
Cyber-attacks can be launched using a variety of attack vectors, including malware, phishing,
ransomware, and man-in-the-middle attacks.
Motivations Behind Cyber Attacks
Motivation is what drives someone to act. Cyber-attacks are driven by diverse motivations. Motivations
can range from financial gain to personal grievances, ideological goals, or even pure curiosity.
Cyber attacks are motivated by a variety of factors, including:
Financial gain
Cybercriminals may target organizations or individuals for their financial details, such as payment
information or customer databases. Ransomware attacks are a common example of this, where the
attacker encrypts the victim's data and demands a ransom payment to decrypt it.
Espionage
State-sponsored hackers may use cyber attacks to gain classified information or a competitive
edge. Business rivals may also use cyber attacks to steal trade secrets or disrupt a competitor's operations.
Revenge
Individuals may seek revenge on a person, organization, or entity they perceive as having wronged them.
Hacktivism
Some hackers are motivated by strong ideological or political beliefs and use cyber attacks to spread
propaganda or recruit members.
Thrill-seeking
Some individuals are motivated by the excitement of hacking into systems and networks, and may seek
recognition or notoriety within hacker communities.
Psychological factors
Psychological factors such as antisocial behavior, addiction, or a lack of empathy can drive individuals to
engage in cybercrime.
And others.
Remember that Cyber-attacks can also be opportunistic, where cybercriminals take advantage of
vulnerabilities in software, hardware, or networks.
9|Page
IC 1.4.2: Common Cyber Attack Techniques
Malware Attacks: It refers to any intrusive software developed by cybercriminals
(often called hackers) to steal data and damage or destroy computers and computer
systems. Examples of common malware include viruses, worms, Trojan viruses, etc
Social Engineering Attacks: They are attack which use psychological manipulation
to trick users into making security mistakes or giving away sensitive information.
Web Application Attacks: Web application attacks target vulnerabilities in online
applications to gain unauthorized access, steal sensitive data, or disrupt services.
These attacks often exploit security flaws in an application’s code, user input
handling, or authentication mechanisms.
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks: A
hacker sends a large number of requests to a website or server, causing service
interruptions.
These attacks overwhelm a system, server, or network with excessive requests, causing it to crash
or become inaccessible.
The difference is that DoS there is a single system floods a target with traffic until it’s
unresponsive while DDoS involves multiple systems (often part of a botnet) sending
massive traffic to overwhelm the target.
10 | P a g e
3. Software Assets: Operating systems, applications, and services running on the network,
including databases, email systems, and productivity software. Vulnerabilities in software
can be exploited by cyber threats.
4. Network Assets: This includes network configurations, architecture, and internet
connections that allow communication within the organization and with external entities.
Network assets are often targeted to gain access to other resources.
5. Human Assets: Employees, contractors, and other users with access to the organization's
systems are also assets, as they play a role in maintaining security. However, they can
also introduce risks if they fall victim to phishing or social engineering.
6. Cloud and Virtual Assets: Virtualized environments, cloud storage, and cloud services.
These assets require specific protections and access control, as they are not stored on-
premises.
7. Intellectual Property and Brand: Though intangible, intellectual property (patents,
designs, and trade secrets) and brand reputation are critical assets. A security breach can
lead to IP theft or reputational damage.
Classify Assets by Value and Sensitivity: Not all assets are equally valuable or sensitive.
For example, a company’s financial data, customer records, and trade secrets may be
classified as high-value assets because of their potential impact on the business if
compromised.
Assess Risk for Each Asset: Understanding the risk level for each asset is essential to
determine which assets need the most protection. Factors like asset criticality,
vulnerability level, and potential impact on the organization are considered.
11 | P a g e
B) Assets protection
Once assets are identified, protective measures are implemented to safeguard them against
potential threats.
Assets protection include Access Control, Backup and Recovery, Employee Training and
others which will be discussed later.
Keep in mind that protecting assets in cybersecurity is essential because these assets are the
foundation of an organization’s operations, reputation, and overall success.
Some main reasons why protecting assets is so important in cybersecurity include:
Safeguarding Confidentiality, Integrity, and Availability (CIA Triad)
Minimizing Financial Losses
Maintaining Customer Trust and Reputation
Enabling Business Continuity and Operational Stability
Protecting Against Insider Threats
. Preventing Intellectual Property Theft
And others
In simple word:
Risk Assessment = “What are the risks, and how severe are they?”
Risk Management = “How can we address these risks to minimize their impact?
12 | P a g e
IC 1.5.2: Types of Cyber security Assets
Cyber assets can be classified in many ways include:
Digital assets: They are electronic representations of information stored on digital
devices and accessible via software. These include videos, websites, audio, Cloud
Data, Digital Backups, Database and others
Physical assets: These are tangible assets that can be seen and touched, such as land,
buildings, Paper Documents, Printed Records, physical Backup Media, etc
Human assets: responsibilities, or access to systems and data that could impact the
organization's security posture.
Reputation assets: In cybersecurity, reputation assets are the valuable elements that
reflect an organization’s truthful Reputation assets are intangible but crucial, as they
impact brand loyalty, customer retention, and overall business success.
Some types of Reputation Assets include: Brand and Customer Trust, Vendor and
Partner Confidence and others, Employee and Insider Trust and others.
Methods for assigning value to cybersecurity assets vary widely and can be adapted
to an organization’s specific needs, resources, and risk tolerance. Generally, there are three primary
approaches to assigning value: qualitative, quantitative, and hybrid methods.
Risk tolerance is the degree of risk or uncertainty that is acceptable to an organization.
a) Qualitative: It uses a ranking system (e.g., high, medium, low) to assess value based on
expert judgment.
b) Quantitative: Assigns a monetary value to each asset, often based on potential financial
loss.
c) Hybrid: Combines both qualitative and quantitative methods, useful when detailed
financial data may be incomplete or hard to estimate.
13 | P a g e
Determining the value of assets in different contexts requires considering various factors and
perspectives tailored to the specific needs and objectives of the organization. Some key
considerations include:
Financial Impact: Assessing the potential financial impact of asset loss or compromise,
including direct costs such as data loss, system downtime, and regulatory fines, as well as
indirect costs such as reputational damage and legal liabilities.
Risk Exposure: Assessing the organization's exposure to cybersecurity risks, including the
likelihood and impact of threats and vulnerabilities on different assets, and prioritizing protection
efforts based on their risk profile.
Intellectual Property Value: For organizations with valuable intellectual property assets,
evaluating the market demand, competitive landscape, innovation potential, and licensing
opportunities to determine the value of intellectual property assets and prioritize protection
efforts accordingly.
Brand Reputation: Assessing the potential impact of asset loss or compromise on the
organization's brand reputation, customer trust, and market perception, and prioritizing
protection efforts to mitigate reputational damage and preserve brand value.
Emerging Threats: Anticipating and addressing emerging cybersecurity threats, trends, and
vulnerabilities that may pose risks to specific assets or sectors, and adapting protection measures
accordingly to stay ahead of evolving risks.
14 | P a g e
By considering these factors and tailoring asset valuation approaches to the specific context and
objectives of the organization, stakeholders can make informed decisions about resource
allocation, risk management, and cybersecurity investments to protect critical assets effectively.
Data security is the practice of protecting digital information from unauthorized access,
corruption, or theft to ensure its confidentiality, integrity, and availability. It encompasses various
measures, technologies, and processes designed to safeguard data throughout its lifecycle, from
creation and storage to transmission and disposal. Key components of data security include
encryption to render data unreadable without proper authorization, access controls to limit who
can access data and what actions they can perform, authentication mechanisms to verify the
identity of users and devices, and data backup and recovery procedures to ensure data can be
restored in the event of loss or corruption. Data security also involves compliance with
regulatory requirements and industry standards governing the protection of sensitive information,
such as personally identifiable information (PII), financial data, or intellectual property. By
implementing robust data security practices, organizations can mitigate the risk of data breaches,
cyber-attacks, and privacy violations, thereby safeguarding the trust, reputation, and continuity of
their operations.
Data states
In cybersecurity, data states refer to the various forms and states that data can exist in throughout
its lifecycle, each carrying different risks and requiring specific security measures. These states
typically include data at rest, data in transit, and data in use. Data at rest refers to information
stored in databases, file systems, or storage devices, where it is relatively stationary and not
actively being processed. Protecting data at rest involves encryption, access controls, and secure
storage to prevent unauthorized access or theft. Data in transit refers to information being
transmitted over networks or communication channels, such as emails, file transfers, or online
15 | P a g e
transactions. Securing data in transit involves encryption, secure protocols, and network
segmentation to protect against interception or tampering. Finally, data in use refers to
information being actively processed or manipulated by applications, databases, or users.
Protecting data in use requires access controls, authentication mechanisms, and application-level
security to prevent unauthorized access or misuse. By understanding and addressing the security
requirements of data in different states, organizations can effectively protect sensitive
information from cyber threats and ensure its confidentiality, integrity, and availability.
Data security controls are essential components of cybersecurity frameworks designed to protect
sensitive data from unauthorized access, disclosure, or manipulation. These controls encompass a
range of technical, administrative, and physical measures implemented to safeguard data
throughout its lifecycle. Common data security controls include encryption to protect data from
unauthorized access, access controls to restrict user privileges, data loss prevention (DLP) to
monitor and prevent data leakage, and regular audits and logging to track access and usage.
Additionally, measures such as data classification, backup and recovery procedures, and security
awareness training for employees play crucial roles in ensuring the confidentiality, integrity, and
availability of data assets. By implementing robust data security controls, organizations can
mitigate the risk of data breaches, comply with regulatory requirements, and maintain trust with
customers and stakeholders.
Securing big data presents unique challenges due to the volume, variety, velocity, and veracity of
data generated and processed within big data environments. Special security considerations for
big data in cybersecurity include:
Data Governance and Compliance: Establishing robust data governance frameworks and
ensuring compliance with regulations such as General Data Protection Regulation (GDPR),
California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act
16 | P a g e
(HIPAA), or industry-specific standards is crucial for managing privacy, confidentiality, and
legal risks associated with big data.
Data Encryption and Access Controls: Implementing strong encryption mechanisms and
access controls to protect data both at rest and in transit within big data platforms, ensuring that
only authorized users and applications can access and manipulate sensitive information.
Secure Data Ingestion and Processing: Securing data ingestion pipelines and processing
frameworks to prevent unauthorized access, tampering, or injection of malicious code into big
data systems, ensuring the integrity and reliability of data processing operations.
Anonymization and Pseudonymization: Employing techniques such as data anonymization
and pseudonymization to de-identify sensitive information and protect individual privacy while
maintaining data utility for analytics and insights generation.
Data Resilience and Disaster Recovery: Implementing robust backup, replication, and disaster
recovery strategies to ensure data resilience and availability in the event of hardware failures,
data corruption, or cyber-attacks targeting big data platforms.
Threat Detection and Monitoring: Deploying advanced threat detection and monitoring
solutions, including intrusion detection systems (IDS), security information and event
management (SIEM) platforms, and behavior analytics, to detect and respond to security
incidents and anomalous activities within big data environments.
Secure Data Sharing and Collaboration: Implementing secure data sharing mechanisms and
collaboration platforms to facilitate controlled access and sharing of data between different
stakeholders, ensuring data confidentiality, integrity, and compliance with data sharing
agreements.
Scalability and Performance: Ensuring that security solutions and controls are designed to
scale effectively with the growing volume and complexity of data within big data environments,
without compromising performance or scalability.
By addressing these special security considerations, organizations can effectively mitigate the
risks associated with big data and leverage its potential for innovation, insights generation, and
business transformation while maintaining data security, privacy, and compliance.
17 | P a g e
The impact of asset valuation on risk assessment and resource allocation
Data Security as the most sensitive asset
Data Security Overview
Data States
Data Security Controls
Special Security consideration for Big Data
18 | P a g e
https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-cyber-
security#:~:text=CourseExplore%20Program-,Why%20is%20Cybersecurity%20Important
%3F,of%20the%20trust%20of%20customers.
https://www.edoxi.com/studyhub-detail/key-roles-and-responsibilities-of-cyber-security-
professionals
https://medium.com/@ensargnsdogdu/the-evolving-landscape-of-cybersecurity-threats-what-
you-need-to-know-666cb3b35366
19 | P a g e