Learning Outcome1: Assess security risks and vulnerabilities.

IC1.1: Introduction to Cyber Security

IC1.1.1: Cyber Security Overview
Today, around 66% of the world’s population, are using the internet. This makes it even more
important for electronic devices to be safe and secure.
Cyber security is the set of practices used to protect computers and computer networks and data
from malicious attacks and threats.

a) Overview of cyber threats and attacks

In general, Cyber threats and attacks are acts performed by individuals with harmful intent,
whose goal is to steal data, cause damage to or disrupt computing systems.

Keep in mind that the main difference between a cyber threat and a cyber attack is that a cyber
threat refers to the possibility of a cyber attack happening, whereas the term cyber attack refers
to the actual attack that happens.

b) Importance of cyber security in the digital age

In today’s digital world, one cannot ignore cybersecurity. One single security breach can lead to
exposing the personal information of millions of people. These breaches have a strong financial
impact on the companies and also loss of the trust of customers. Hence, cyber security is very
essential to protect businesses and individuals from spammers and cyber criminals.

A data breach is any security incident in which unauthorized parties access sensitive or
confidential information, including personal data (Social Security numbers, bank account
numbers, healthcare data) and corporate data (customer records, intellectual property, financial
information).

c) The evolving landscape of cyber threats

In the last year the cybersecurity landscape has seen a dramatic transformation. The growing
demand for effective, worldwide threat intelligence continues to intensify as geopolitical and
economic developments create an increasingly complicated and uncertain world for both
businesses and consumers.

1|Page
 With the development of new technology, malicious actors continue to adapt and new players
and threats emerging across the globe – coupled with innovative methods of exploiting or
deploying existing tactics and strategies.

IC1.1.2: Cyber security Fundamentals

 Key terminology and concepts
Some key terminology and concepts in Cyber security include:
Cloud Security

Cloud security refers to the strategies and technology designed to protect data and infrastructure
in cloud computing environments.

Disaster Recovery / Business Continuity Plan

Disaster recovery and business continuity planning are the processes through which
organizations plan for and recover from potential disruptions to their operations from cyber
attacks.

Black hat
A black hat is an individual who conducts illicit activities in cyberspace, such as hacking, for
personal or financial gain.

Antivirus software
Software designed to detect, neutralize or eradicate malware, including viruses, trojans and
worms.

Cyber criminals
These are individuals or groups that leverage technology to carry out illegal activities, such as
stealing sensitive data, disrupting digital life or manipulating systems for financial gain
Cyber espionage
Digital methods to access, steal, or destroy an entity’s sensitive data or intellectual property.

Threat Vector: A path or tool that a threat actor uses to attack the target.

Hacker
A term used to identify a cybercriminal who uses his cyber security skills to perform malicious
and unauthorized activities.

Malware
Malicious software that does harmful things or performs malicious actions on computers.

Social Engineering
It is the art of deceiving people to gain sensitive and valuable information about them.

2|Page
Encryption

The process of re-representing data in other forms using a key known as an encryption key.

Hacker, Black Hat

Any hacker who attempts to gain unauthorized access to a system with the intent to cause
mischief, damage, or theft. They can be motivated by greed, a political agenda, or simply
boredom.
Hacker, White Hat
A hacker who is invited to test out computer systems and servers, looking for vulnerabilities, for
the purposes of informing the host of where security needs to be buffed up.

Data breach
A data breach is any security incident in which unauthorized parties access sensitive or
confidential information, including personal data (Social Security numbers, bank account
numbers, healthcare data) and corporate data (customer records, intellectual property, financial
information).

 Principles of confidentiality, integrity, and availability (CIA triad)

CIA Triad

The security of any organization starts with three principles: Confidentiality, Integrity,
Availability. CIA Triad is a model that is designed to guide policies for information
security in cyber security field. It is one of the most models used by organization.

Fig: CIA triad

 Confidentiality: The principles of confidentiality assert that only authorized parties can
access sensitive information and functions.

3|Page
 This means that the information should be accessible and readable only to authorized
personnel.

Example: military secrets.

 Integrity: The principles of integrity assert that only authorized people can alter, add, or
remove sensitive information and functions.

This means making sure that the data has not been modified by an unauthorized
entity.

Example: a user entering incorrect data into the database.

 Availability: The principles of availability assert that systems, functions, and data must
be available on-demand according to agreed-upon parameters based on levels of service.
This means that the data should be available to the user when He/she requires it.

come 1: In addition to CIA, another set of protections must be

implemented to secure information. These are authentication,
authorization, and accounting—or AAA:
 Authentication: Authentication ensures that the individual is
who she claims to be (the authentic or genuine person) and not
an imposter.
 Authorization: Authorization is providing permission or
approval to specific technology resources. After a person has
provided authentication she may have the authority to access the
credit card number or enter a room that contains the web server,
provided she has been given prior authorization.
 Accounting: Accounting provides tracking of events. This may
include a record of who accessed the web server, from what
location, and at what specific time.
A threat agent is a person or element that has the power to carry out a threat. A risk is a situation
that involves exposure to some type of danger.
Assess security risks and vulnerabilities
 in Cyber security roles and responsibilities

A cybersecurity professional uses various techniques, technologies, and resources to protect

sensitive data and track vulnerabilities. Therefore, they need to stay updated with the
latest trends and tactics to outsmart malicious hackers.

4|Page
 Some of the essential duties and responsibilities a cybersecurity Technician do are given
below:
 Prevent data breaches
 Ethical hacking to create a secure system and avoid any potential attacks
 Identify the breach's cause and create a recovery plan
 Address the security threat and prevent potential security breaches
In addition to the responsibilities mentioned above of a cybersecurity , some of the additional
duties of a cybersecurity analyst are given below:
 Set and implement user access controls and management systems.
 Monitor application and network performance to identify unnatural activities.
 Perform regular audits to ensure that the security practices are compliant.
 Deploy detection and prevention tools to block malicious attacks.
 Set up management systems that can update applications automatically.
 Work along with HR to educate employees on detecting suspicious activities in the
system.
Thus, the core roles and responsibilities in Cyber security is to identify, mitigate and manage
cyber risk to a digital asset.
IC 1.2: Describe Cyber Threats
IC1.2.1: Introduction to Cyber Threats
 Definition of Cyber Threats
A cyber threat is anything that can exploit a vulnerability, intentionally or accidentally and
obtain, damage or destroy an asset.
Cyber threats can originate from a variety of sources, from hostile nation states and terrorist
groups, to individual hackers, to trusted individuals like employees or contractors, who abuse
their privileges to perform malicious acts.

 Importance of Cyber Threat Awareness

The awareness of cyber threat is the process of educating people to understand, identify, and
avoid cyber threats. The ultimate goal is to prevent or mitigate harm—to both the organization
and its stakeholders—and reduce human cyber risk.

It is done with regard to the safety and security of digital assets.

5|Page
 Cyber threat awareness helps educate your employees about malicious methods used by
cybercriminals, how they can be easy targets, how to spot potential threats and what they can do
to avoid falling victim to these insidious threats.

 The Evolving Landscape of Cyber Threats

The threat landscape in Cyber Security is constantly changing, with new threats emerging on a
regular basis. In our interconnected digital world, threat landscape is constantly evolving,
presenting new challenges and risks to organizations of all sizes.
IC1.2.2: Types of Cyber Threats
 Malware Threats Viruses, Worms and Trojans
Malware ( stands for malicious software) is software that’s designed with malicious intent, such
as computer viruses, worms, trojans and other malicious programs.
a) Viruses: A Computer virus is a type of malicious software that spreads between
computers and causes damage to data and software.
b) Worm: A computer worm is a standalone malware computer program that replicates
itself in order to spread to other computers.
c) Trojan: Trojan horse (or simply Trojan) is any malware that deceives users of its true
intent by masking itself as a standard program.

Some differences between Virus, Worm, and Trojan Horse

Feature Virus Worm Trojan Horse

A software that A standalone software

A disguised software
Definition attaches itself to other that replicates to spread
that steals information.
programs to harm. across systems.

Self-replicates without
Replicates by attaching Does not replicate
Replication attaching to other
to other programs. itself.
programs.

Spreading
Moderate Fast Slow
Rate

Consume system
Modify or delete Steal sensitive
Objective resources and slow
information. information.
down systems.

System Can corrupt or delete Can cause significant This can lead to data
Impact files. slowdowns and breaches and

6|Page
Feature Virus Worm Trojan Horse

network congestion. unauthorized access.

Can cause loss of data Can overload system

Can steal personal and
Damage and corruption of resources and network
financial information.
programs. bandwidth.

 Phishing Attacks: Phishing is a type of threat that uses fraudulent emails, text
messages, phone calls or websites to trick people into sharing sensitive data.

 Ransomware Threats: It is a type attck that threatens to publish or blocks

access to data or a computer system, usually by encrypting it, until the victim
pays a ransom fee to the attacker.

 DDoS (Distributed Denial of Service) Attack: It is an attack designed to

force a website, computer, or online service offline. This is accomplished by
flooding the target with many requests, consuming its capacity and rendering it
unable to respond to legitimate requests.

 Insider Threats: Insider threats originate from authorized users within an

organization who intentionally or unintentionally misuse their legitimate
access.

 Social engineering: It is a type of threat through it the attacker uses

psychological manipulation to trick users into making security mistakes or
giving away sensitive information.

 Zero-Day Exploits
IC 1.3: Describe Cyber Vulnerabilities
IC 1.3.1: Introduction to Vulnerabilities
 Definition of Vulnerabilities
Vulnerability is a weakness in a computer system that can be exploited by cybercriminals to
gain unauthorized access that asset.

 Significance of Identifying Vulnerabilities

Identifying vulnerabilities help cyber security Technicians to improve the security of their system
by understanding the current risk environment in information security. This means that, the
verification of vulnerabilities shows how bad things can get if there are available exploits.

 Vulnerabilities in Software and Hardware

7|Page
Vulnerabilities can be happened because of hardware or Software.

A. Hardware Vulnerability: It is a weakness which can be used to attack the system hardware
through physically or remotely.
For examples:
 Old version of systems or devices
 Unprotected storage
 Unencrypted devices, etc.
B. Software Vulnerability:
A software error happen in development or configuration such as the execution of it can violate
the security policy. For examples:
 Lack of input validation (refers to the failure to properly check and sanitize user inputs
before processing them)
 Unverified uploads: It refer to the practice of allowing users to upload files to a system
or server without thoroughly validating the file content, type, size, or source. This
presents a serious security risk because attackers can exploit this vulnerability by
uploading malicious files, which can be used to compromise systems or perform
unauthorized actions
 Unencrypted data: It refers to information that is stored or transmitted in its original,
readable form without any form of encryption
 , etc.

 Common Vulnerabilities
 Misconfigured Security Settings
These misconfigurations refer to improper or inadequate configurations of security
controls, which can lead systems, applications, or networks vulnerable to attacks.
 Unpatched Software
It refers to software that have not been updated with the latest security patches or
updates released by the software vendor.
 Weak Passwords and Authentication
In cybersecurity a weak Passwords and Authentication refer to the use of insecure,
easily guessable passwords and ineffective authentication mechanisms, both of which
can significantly increase the risk of unauthorized access to systems and data.
 Lack of Encryption.
It refers to the absence or improper use of encryption techniques to protect sensitive
data during storage, processing, or transmission.
 Inadequate Access Controls.
Inadequate Access Controls refer to insufficient mechanisms and policies that govern
who can access systems, applications, or data, and what actions they can perform.
 Software and Hardware Flaws.
They refer to vulnerabilities or weaknesses in software applications, operating
systems, or hardware components that can be exploited by attackers to compromise
the security of systems or data. These flaws can arise from design errors, coding
mistakes, misconfigurations, or manufacturing defects,

8|Page
 IC 1.4: Cyber Attacks and Techniques
IC 1.4.1: Introduction to Cyber Attacks.
 Definition of Cyber Attacks
A cyberattack – also known as a cybersecurity attack – is any form of malicious activity targeting
IT systems. It is any intentional effort to steal, expose, alter, disable, or destroy data, applications, or
other assets through unauthorized access to a network, computer system or digital device.
 Goals and Objectives of Cyber Attacks
The goals and objectives of cyber-attacks are to gain unauthorized access to a computer system or
network to steal, alter, or destroy data:
 Steal sensitive information
Cybercriminals can target individuals, organizations, and governments to steal sensitive information like
customer data, payment details, or intellectual property.
 Disrupt services
Cyber-attacks can disrupt services, causing financial or reputational harm.
 Control computer systems
Cyber-attacks can disable, disrupt, destroy, or control computer systems.
Cyber-attacks can be launched using a variety of attack vectors, including malware, phishing,
ransomware, and man-in-the-middle attacks.
 Motivations Behind Cyber Attacks
Motivation is what drives someone to act. Cyber-attacks are driven by diverse motivations. Motivations
can range from financial gain to personal grievances, ideological goals, or even pure curiosity.
Cyber attacks are motivated by a variety of factors, including:
 Financial gain
Cybercriminals may target organizations or individuals for their financial details, such as payment
information or customer databases. Ransomware attacks are a common example of this, where the
attacker encrypts the victim's data and demands a ransom payment to decrypt it.
 Espionage
State-sponsored hackers may use cyber attacks to gain classified information or a competitive
edge. Business rivals may also use cyber attacks to steal trade secrets or disrupt a competitor's operations.
 Revenge
Individuals may seek revenge on a person, organization, or entity they perceive as having wronged them.
 Hacktivism
Some hackers are motivated by strong ideological or political beliefs and use cyber attacks to spread
propaganda or recruit members.
 Thrill-seeking
Some individuals are motivated by the excitement of hacking into systems and networks, and may seek
recognition or notoriety within hacker communities.
 Psychological factors
Psychological factors such as antisocial behavior, addiction, or a lack of empathy can drive individuals to
engage in cybercrime.
 And others.

Remember that Cyber-attacks can also be opportunistic, where cybercriminals take advantage of
vulnerabilities in software, hardware, or networks.

9|Page
IC 1.4.2: Common Cyber Attack Techniques
 Malware Attacks: It refers to any intrusive software developed by cybercriminals
(often called hackers) to steal data and damage or destroy computers and computer
systems. Examples of common malware include viruses, worms, Trojan viruses, etc
 Social Engineering Attacks: They are attack which use psychological manipulation
to trick users into making security mistakes or giving away sensitive information.
 Web Application Attacks: Web application attacks target vulnerabilities in online
applications to gain unauthorized access, steal sensitive data, or disrupt services.
These attacks often exploit security flaws in an application’s code, user input
handling, or authentication mechanisms.
 Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks: A
hacker sends a large number of requests to a website or server, causing service
interruptions.
These attacks overwhelm a system, server, or network with excessive requests, causing it to crash
or become inaccessible.
The difference is that DoS there is a single system floods a target with traffic until it’s
unresponsive while DDoS involves multiple systems (often part of a botnet) sending
massive traffic to overwhelm the target.

 Insider Attacks: A cyberattack from an internal or external employee, such as a

contractor or supplier. This can be intentional or unintentional
 SQL Injection Attacks: Here malicious user inserts an SQL statement into an entry
field to gain access to a database, steal sensitive content, or execute malicious code.
 Zero-Day Exploits: It is a cyberattack vector that takes advantage of an unknown or
unaddressed security flaw in computer software, hardware or firmware.
 Phishing attacks: Cybercriminals send emails that appear to be legitimate but are
actually designed to manipulate the recipient.

IC 1.5: Identification of Asset in Cyber security

IC 1.5.1: Introduction to Cyber security Assets
An asset, in the context of computer security, is any data, device, or component that supports
information-related activities and holds value for an organization.
Assets can be tangible, like hardware and software, or intangible, such as personnel, data, and
intellectual property. Protecting assets from unauthorized access and threats is crucial for
maintaining an organization's security posture and reducing potential losses.
In simple word, assets are everything of value that could be threatened by a cyberattack, so
protecting them is essential for an organization’s resilience and security.

Types of Cybersecurity Assets include

1. Data and Information Assets: This includes sensitive or valuable information such as
personal data, intellectual property, financial records, and trade secrets. These are highly
targeted by attackers.
2. Hardware Assets: Physical devices like servers, computers, network devices (routers,
switches), mobile devices, and IoT devices. These can be entry points for attacks and
need to be monitored and secured.

10 | P a g e
 3. Software Assets: Operating systems, applications, and services running on the network,
including databases, email systems, and productivity software. Vulnerabilities in software
can be exploited by cyber threats.
4. Network Assets: This includes network configurations, architecture, and internet
connections that allow communication within the organization and with external entities.
Network assets are often targeted to gain access to other resources.
5. Human Assets: Employees, contractors, and other users with access to the organization's
systems are also assets, as they play a role in maintaining security. However, they can
also introduce risks if they fall victim to phishing or social engineering.
6. Cloud and Virtual Assets: Virtualized environments, cloud storage, and cloud services.
These assets require specific protections and access control, as they are not stored on-
premises.
7. Intellectual Property and Brand: Though intangible, intellectual property (patents,
designs, and trade secrets) and brand reputation are critical assets. A security breach can
lead to IP theft or reputational damage.

Importance of identifying and protecting assets

A) Asset identification
Asset identification in cybersecurity is the process of recognizing and classifying all
assets to understand their value and the risks they face.

Asset identification include:

 Create an Asset Inventory: This includes identifying all hardware (e.g., servers,
computers, mobile devices), software (applications, operating systems), data (sensitive
information, intellectual property), and network components (routers, switches,
firewalls). Each of these assets is cataloged, often with details such as their location,
purpose, …

 Classify Assets by Value and Sensitivity: Not all assets are equally valuable or sensitive.
For example, a company’s financial data, customer records, and trade secrets may be
classified as high-value assets because of their potential impact on the business if
compromised.
 Assess Risk for Each Asset: Understanding the risk level for each asset is essential to
determine which assets need the most protection. Factors like asset criticality,
vulnerability level, and potential impact on the organization are considered.

What is the importance of identifying assets?

Identifying assets is crucial because it allows organizations to focus security efforts, assess risks
correctly, and implement effective protection mechanisms.
By knowing what assets exist and how critical (serious, important, dangerous) they are,
organizations can prioritize protection efforts, allocate resources efficiently, and respond
effectively to security incidents.

11 | P a g e
 B) Assets protection
Once assets are identified, protective measures are implemented to safeguard them against
potential threats.
Assets protection include Access Control, Backup and Recovery, Employee Training and
others which will be discussed later.
Keep in mind that protecting assets in cybersecurity is essential because these assets are the
foundation of an organization’s operations, reputation, and overall success.
Some main reasons why protecting assets is so important in cybersecurity include:
 Safeguarding Confidentiality, Integrity, and Availability (CIA Triad)
 Minimizing Financial Losses
 Maintaining Customer Trust and Reputation
 Enabling Business Continuity and Operational Stability
 Protecting Against Insider Threats
 . Preventing Intellectual Property Theft
 And others

Identifying and protecting assets in cybersecurity involves a systematic approach to classify,

assess, and secure all valuable resources within an organization. By understanding which assets
are critical and implementing appropriate security controls, organizations can better defend
against cyber threats, ensuring the confidentiality, integrity, and availability of their essential data
and resources.

The role of assets in risk assessment and risk management

Assets play a central role in risk assessment and risk management because they are important to
the running of a business and can be a source of risk:

Some comparison of Risk Assessment and Risk Management

Aspect Risk Assessment Risk Management
Control, reduce, or accept risks to
Objective Identify, evaluate, and prioritize risks
protect assets
Focus Understanding risks Addressing and mitigating risks
Key Asset identification, threat and Implementing controls, avoiding,
Activities vulnerability analysis, prioritization continuous monitoring
Ongoing and dynamic, adapts to new
Timing Often an initial or periodic process
risks
Reduced risk, implemented controls, and
Outcome Risk profile and prioritized risk list
an acceptable risk level

In simple word:
 Risk Assessment = “What are the risks, and how severe are they?”
 Risk Management = “How can we address these risks to minimize their impact?

12 | P a g e
IC 1.5.2: Types of Cyber security Assets
Cyber assets can be classified in many ways include:
 Digital assets: They are electronic representations of information stored on digital
devices and accessible via software. These include videos, websites, audio, Cloud
Data, Digital Backups, Database and others

 Physical assets: These are tangible assets that can be seen and touched, such as land,
buildings, Paper Documents, Printed Records, physical Backup Media, etc
 Human assets: responsibilities, or access to systems and data that could impact the
organization's security posture.

 Intellectual property assets Intellectual property (IP) assets in cybersecurity

are the intangible creations of the human intellect that are protected by legal
rights. is a collection of non-physical assets that a business creates, such as
inventions, works of art, designs, publicity, research and development (R&D)
data, Trade Secrets and so on.

 Reputation assets: In cybersecurity, reputation assets are the valuable elements that
reflect an organization’s truthful Reputation assets are intangible but crucial, as they
impact brand loyalty, customer retention, and overall business success.

Some types of Reputation Assets include: Brand and Customer Trust, Vendor and
Partner Confidence and others, Employee and Insider Trust and others.

IC 1.5.2: Cyber security Asset Valuation

Cybersecurity asset valuation is the process of determining the importance, value, or potential
financial impact of an organization’s assets. It helps organizations identify their most valuable
assets and prioritize protection for them.

 Methods for assigning value to cyber security assets:

Methods for assigning value to cybersecurity assets vary widely and can be adapted

to an organization’s specific needs, resources, and risk tolerance. Generally, there are three primary
approaches to assigning value: qualitative, quantitative, and hybrid methods.
Risk tolerance is the degree of risk or uncertainty that is acceptable to an organization.

a) Qualitative: It uses a ranking system (e.g., high, medium, low) to assess value based on
expert judgment.
b) Quantitative: Assigns a monetary value to each asset, often based on potential financial
loss.
c) Hybrid: Combines both qualitative and quantitative methods, useful when detailed
financial data may be incomplete or hard to estimate.

 Considerations for determining the value of assets in different contexts

13 | P a g e
Determining the value of assets in different contexts requires considering various factors and
perspectives tailored to the specific needs and objectives of the organization. Some key
considerations include:

Financial Impact: Assessing the potential financial impact of asset loss or compromise,
including direct costs such as data loss, system downtime, and regulatory fines, as well as
indirect costs such as reputational damage and legal liabilities.

Strategic Importance: Evaluating the strategic importance of assets to the organization's

mission, objectives, and competitive advantage, including their contribution to revenue
generation, market differentiation, and customer satisfaction.

Regulatory Compliance: Considering regulatory requirements, industry standards, and legal

obligations governing the protection of certain assets, such as personal data, financial
information, or intellectual property, and assessing the potential consequences of non-
compliance.

Risk Exposure: Assessing the organization's exposure to cybersecurity risks, including the
likelihood and impact of threats and vulnerabilities on different assets, and prioritizing protection
efforts based on their risk profile.

Intellectual Property Value: For organizations with valuable intellectual property assets,
evaluating the market demand, competitive landscape, innovation potential, and licensing
opportunities to determine the value of intellectual property assets and prioritize protection
efforts accordingly.

Operational Impact: Considering the operational impact of asset loss or compromise on

business continuity, service delivery, and productivity, including the potential disruption to
critical operations, supply chains, and customer relationships.

Brand Reputation: Assessing the potential impact of asset loss or compromise on the
organization's brand reputation, customer trust, and market perception, and prioritizing
protection efforts to mitigate reputational damage and preserve brand value.

Emerging Threats: Anticipating and addressing emerging cybersecurity threats, trends, and
vulnerabilities that may pose risks to specific assets or sectors, and adapting protection measures
accordingly to stay ahead of evolving risks.

14 | P a g e
By considering these factors and tailoring asset valuation approaches to the specific context and
objectives of the organization, stakeholders can make informed decisions about resource
allocation, risk management, and cybersecurity investments to protect critical assets effectively.

Data Security as the most sensitive asset

Explain Data Security Overview

Data security is the practice of protecting digital information from unauthorized access,
corruption, or theft to ensure its confidentiality, integrity, and availability. It encompasses various
measures, technologies, and processes designed to safeguard data throughout its lifecycle, from
creation and storage to transmission and disposal. Key components of data security include
encryption to render data unreadable without proper authorization, access controls to limit who
can access data and what actions they can perform, authentication mechanisms to verify the
identity of users and devices, and data backup and recovery procedures to ensure data can be
restored in the event of loss or corruption. Data security also involves compliance with
regulatory requirements and industry standards governing the protection of sensitive information,
such as personally identifiable information (PII), financial data, or intellectual property. By
implementing robust data security practices, organizations can mitigate the risk of data breaches,
cyber-attacks, and privacy violations, thereby safeguarding the trust, reputation, and continuity of
their operations.

Data states

In cybersecurity, data states refer to the various forms and states that data can exist in throughout
its lifecycle, each carrying different risks and requiring specific security measures. These states
typically include data at rest, data in transit, and data in use. Data at rest refers to information
stored in databases, file systems, or storage devices, where it is relatively stationary and not
actively being processed. Protecting data at rest involves encryption, access controls, and secure
storage to prevent unauthorized access or theft. Data in transit refers to information being
transmitted over networks or communication channels, such as emails, file transfers, or online

15 | P a g e
transactions. Securing data in transit involves encryption, secure protocols, and network
segmentation to protect against interception or tampering. Finally, data in use refers to
information being actively processed or manipulated by applications, databases, or users.
Protecting data in use requires access controls, authentication mechanisms, and application-level
security to prevent unauthorized access or misuse. By understanding and addressing the security
requirements of data in different states, organizations can effectively protect sensitive
information from cyber threats and ensure its confidentiality, integrity, and availability.

Data Security Controls

Data security controls are essential components of cybersecurity frameworks designed to protect
sensitive data from unauthorized access, disclosure, or manipulation. These controls encompass a
range of technical, administrative, and physical measures implemented to safeguard data
throughout its lifecycle. Common data security controls include encryption to protect data from
unauthorized access, access controls to restrict user privileges, data loss prevention (DLP) to
monitor and prevent data leakage, and regular audits and logging to track access and usage.
Additionally, measures such as data classification, backup and recovery procedures, and security
awareness training for employees play crucial roles in ensuring the confidentiality, integrity, and
availability of data assets. By implementing robust data security controls, organizations can
mitigate the risk of data breaches, comply with regulatory requirements, and maintain trust with
customers and stakeholders.

Special Security consideration for Big Data

Securing big data presents unique challenges due to the volume, variety, velocity, and veracity of
data generated and processed within big data environments. Special security considerations for
big data in cybersecurity include:

Data Governance and Compliance: Establishing robust data governance frameworks and
ensuring compliance with regulations such as General Data Protection Regulation (GDPR),
California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act

16 | P a g e
(HIPAA), or industry-specific standards is crucial for managing privacy, confidentiality, and
legal risks associated with big data.
Data Encryption and Access Controls: Implementing strong encryption mechanisms and
access controls to protect data both at rest and in transit within big data platforms, ensuring that
only authorized users and applications can access and manipulate sensitive information.
Secure Data Ingestion and Processing: Securing data ingestion pipelines and processing
frameworks to prevent unauthorized access, tampering, or injection of malicious code into big
data systems, ensuring the integrity and reliability of data processing operations.
Anonymization and Pseudonymization: Employing techniques such as data anonymization
and pseudonymization to de-identify sensitive information and protect individual privacy while
maintaining data utility for analytics and insights generation.
Data Resilience and Disaster Recovery: Implementing robust backup, replication, and disaster
recovery strategies to ensure data resilience and availability in the event of hardware failures,
data corruption, or cyber-attacks targeting big data platforms.
Threat Detection and Monitoring: Deploying advanced threat detection and monitoring
solutions, including intrusion detection systems (IDS), security information and event
management (SIEM) platforms, and behavior analytics, to detect and respond to security
incidents and anomalous activities within big data environments.
Secure Data Sharing and Collaboration: Implementing secure data sharing mechanisms and
collaboration platforms to facilitate controlled access and sharing of data between different
stakeholders, ensuring data confidentiality, integrity, and compliance with data sharing
agreements.

Scalability and Performance: Ensuring that security solutions and controls are designed to
scale effectively with the growing volume and complexity of data within big data environments,
without compromising performance or scalability.

By addressing these special security considerations, organizations can effectively mitigate the
risks associated with big data and leverage its potential for innovation, insights generation, and
business transformation while maintaining data security, privacy, and compliance.

17 | P a g e
  The impact of asset valuation on risk assessment and resource allocation
 Data Security as the most sensitive asset
 Data Security Overview
 Data States
 Data Security Controls
 Special Security consideration for Big Data

18 | P a g e
https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-cyber-
security#:~:text=CourseExplore%20Program-,Why%20is%20Cybersecurity%20Important
%3F,of%20the%20trust%20of%20customers.

https://www.edoxi.com/studyhub-detail/key-roles-and-responsibilities-of-cyber-security-
professionals

https://medium.com/@ensargnsdogdu/the-evolving-landscape-of-cybersecurity-threats-what-
you-need-to-know-666cb3b35366

19 | P a g e