Dem Class

Chapter -Zero

Why should you learn a Cyber Security

Course?
Elements of Cyber Security
▪ Application Security ▪ Disaster Recovery
Planning
▪ Network Security
▪ Cryptography
▪ Information Security ▪ Identity and Access
management
▪ Operational Security
▪ Penetration Testing &
Ethical Hacking
 Opportunities?

Cyber Security Careers List

▪ Cyber Security Trainer/Educator
▪ Application Security Engineer
▪ Malware Analyst
▪ Network Security Engineer
▪ Chief Information Security Officer
▪ Penetration Tester
▪ Incident Response Specialist
▪ Cyber Security Analyst
▪ Cyber Security Consultant
Course Objective

∙ Describe what cybersecurity means why it is important.

∙ Understand the most common threats, attacks and vulnerabilities

∙ Gain insights for how to protect operations from attacks.

Motivation
• Recently security is big issue for world

• Practically unlimited growth

• Plenty of variety

• The job has real impact

Cont..
• Modern societies are highly dependent on ICT.
▪ Computation is embedded in a rapidly increasing
and variety of products.
▪ Global computer usage continues to grow rapidly,
especially in developing countries.
▪ With every passing day computers administer and
control more and more aspects of human life.
o Banks
o Medical (Biological Devices)
o Transportation etc.
• Conclusion:
▪ We are more and more dependent on ICT!
o Implies security and privacy are critical issues.
Outline
✔ What is cyber security
✔ History of cybersecurity
✔ Need of cyber security
✔ Security goals
✔ Access management, incident response
✔ Common terms
What is cyber security

“The most secure computers are those not

connected to the Internet and shielded from
any interference”- Introduction to computers by
Rajmohan Joshi page 264
What is cyber security…
 Cont…
• Cyber : it’s a combining form relating to IT, computing ,
internet and virtual reality
• Security?
▪ “the quality or state of being secure or be free from
danger.”
▪ protection against adversaries:-from those who would do
harm, intentionally with a certain objective.
• Privacy means that our data, such as personal files and e-mail
messages, is not accessible by anyone without our permission.
• Privacy deals with the measures that you can take to restrict
access to your data.
What Is Cyber-security?

✔ Cyber-security is the practice of protecting systems, networks,

and programs from digital attacks.
✔ These cyber-attacks are usually aimed at accessing, changing,
or destroying sensitive information; extorting money from
users; or interrupting normal business processes.
✔ Implementing effective cyber-security measures is particularly
challenging today because there are more devices than people,
and attackers are becoming more innovative.
What is cyber-security all about?
What is cyber-security all about?...
• Cyber Security is about
▪ Threats (bad things that may happen)

▪ Vulnerabilities (weaknesses in your defenses)

▪ Attacks (ways in which the threats may be actualized)
▪ and mechanisms to tackle attacks

✔ A successful cyber-security approach has multiple layers of protection spread

across the computers, networks, programs, or data that one intends to keep safe.
✔ In an organization, the people, processes, and technology must all complement
one another to create an effective defence from cyber-attacks.
History of cyber security
✔ The true birth of cybersecurity occurred in the 1970s.

✔ This began with a project called The Advanced Research Projects

Agency
Network (ARPANET).
✔ This was the connectivity network developed prior to the internet
itself.
History of cyber security…
History of cyber security…
 Why cyber-security?

✔ In today’s connected world, everyone benefits from

advanced cyber-defence programs.
✔ The growing number of attacks on our cyber networks has
become serious on:
▪ Economy
▪ Transportation
▪ Medical
▪ Government
▪ Telecommunications
✔ Securing these and other organizations is essential to keeping our
society well functioning.
Why Cyber Security?

• Protect organizations and companies data and asset

from insider and outsider attack
• Everyone relies on critical infrastructure like
power plants, hospitals, and financial service
companies.
Why Cyber Security?...
Why Cyber Security?...
▪ At an individual level, a cyber-security attack can result in
everything from identity theft, to extortion attempts, to the loss of
important data like family photos.

▪ Prevent unauthorized people from accessing our valued

information’s, to manipulate with it or steal it.

▪ Protect your sensitive data from natural disaster and accidental

risks by using business continuity and disaster recovery
management.
Security goals(Services )
▪ Are intended to counter security attacks, and they make
use of one or more security mechanisms to provide the
service.
▪ The main objectives of cyber security is preserving the
CIA triad:
Cont..

▪ Confidentiality
▪ Integrity
▪ Availability
▪ Authentication
▪ Non-repudiation
▪ Accountability etc.
Confidentiality
▪ Protect unauthorized discloser of information
▪ The assurance that information is not disclosed
to unauthorized persons, processes or devices.
• This can cover two aspects:
▪ Protecting information stored in files
▪ Protecting information while in transmission.
• Example:
▪ An employee should not come to know the salary of
his manager
▪ The target coordinates of a missile should not be
improperly disclosed.
Integrity
• Protect unauthorized modification of information.
• The assurance that data/information can not be
created, changed, or deleted without proper
authorization.
▪ System integrity means that there is an external
consistency in the system: everything is as it is
expected to be.
▪ Data integrity means that the data stored on a
computer is the same as the source documents
(changed only in a specified and authorized
manner.)
• Example: an employee should not be able to modify the employee's
own salary
▪ The target coordinates of a missile should not be improperly
modified
Availability

▪ Information need to be available for

authorized parities whenever needed.
▪ Availability is the prevention of unauthorized
with holding of information.
▪ Timely, reliable access to data and
information services for authorized users.
▪ Used to guarantee access to information
▪ Denial of service attacks are a common form
of attack.
Authentication
• Who you are?
• Proving that a user is the person he /she claims to be.
• Factors of authentication:
▪ Something you know (password).
▪ Something you have (Chip).
▪ Something you are- that proves the person’s identity
(biometric: fingerprint).
▪ Somewhere you are: related to you location.
▪ Something you do : identification by observing your
unique physical actions.
▪ Or the combination of those techniques (multi-factor
authentication).
Authorization

▪ What you can do?

▪ Determine access levels or privileges
related to system resources including files,
services, computer programs, data and
application features.
▪ Authentication and Authorization go hand
in hand.
Nonrepudiation

• Prevention of either the sender or the

receiver denying a transmitted message.
(Proof of sender’s identity and message
delivery)
▪ Neither can later deny having processed
the data.
▪ Security is strong when the means of
authentication cannot later be refuted.
▪ The user cannot later deny that he or she
performed the activity.
• Can be guaranteed using digital signature.
What should we protect?
• One of the major goal of cyber security as a discipline and as a
profession is to protect valuable assets.
▪ Assets: items of value
• Determining what to protect requires that we first identify what has
value and to whom.
• Assets include: ▪ Data
▪ Hardware • Files
• Computer components • Databases
• Networks and communications channels
• Mobile devices
▪ Software
• Operating system
• Off-the-shelf Programs and apps
• Customized programs and Apps
Key terms
Cyberspace
• Cyberspace is a global and dynamic domain (subject to constant change) characterized
by the combined use of electrons and the electromagnetic spectrum.
• Whose purpose is to create, store, modify, exchange, share, and extract, use, eliminate
information and disrupt physical resources.

• Cyberspace includes:

✔ Physical infrastructures and telecommunications devices that allow for the

connection of technological and communication system networks, understood in

the broadest sense (SCADA(Supervisory control and data acquisition) devices,

smartphones/tablets, computers, servers, etc.);

✔ computer systems (see point a) and the related (sometimes embedded) software
that guarantee the domain's basic operational functioning and connectivity;
Cont…
Cybercrime: Any crime carried out using IT or which targets IT.

Cyberattack: The unauthorized access of private or confidential

information contained on a computer system or network.

Cyberbullying: Any form of online harassment.

Cyber-forensics: The application of scientifically proven methods

to gather, process, interpret, and use digital evidence to provide

a conclusive description of cybercrime activities.

Cont…
Cybernetics: The science of communications and automatic control
systems in both machines and living things.
Cyberterrorism covers a range of politically motivated hacking
operations intended to cause grave harm that can result in either
loss of life or severe economic loss, or both.

Cyberwarfare is the use of cyber attacks against an enemy state or

nation, causing comparable harm to actual warfare and/or disrupting
vital computer systems

Cyber technology is the study of the hardware, software, services,

and connections that make up the internet, among other things.
Cont…
1. Cyberpiracy - using cyber-technology in unauthorized ways to:
• Reproduce copies of proprietary software and proprietary information, or
• Distribute proprietary information (in digital form) across a computer network.
2. Cybertrespass - using cyber-technology to gain or to exceed unauthorized access
to: an individual's or an organization's computer system, or a password-protected
web site.
3. Cyber-vandalism - using cyber-technology to unleash one or more programs that:

• disrupt the transmission of electronic information across one or more computer

networks, including the Internet, or

• destroy data resident in a computer or damage a computer system's

resources, or both.
Cases
Consider three actual cases:

1. Distributing proprietary MP3 files on the Internet via peer-to peer

(P2P) technology;

2. unleashing the ILOVEYOU computer virus;

3. Launching the denial-of-service attacks on commercial Web sites.

Risk Management
• Risk is the possibility that a particular threat will adversely
impact an information system by exploiting a particular
vulnerability.
▪ The assessment of risk must take into account the
consequences of an exploit.
• Risk analysis is the study of the cost of a particular system
against the benefits of the system.
• Risk management is a process for an organization to
identify and address the risks in their environment.
Risk Management Framework
▪ There are several risk management frameworks, and each
defines a procedure for an organization to follow.
▪ One particular risk management procedure (from Viega and
McGraw) consists of six steps:
1. Assess assets
2. Assess threats
3. Assess vulnerabilities
4. Assess risks
5. Prioritize countermeasure options
6. Make risk management decisions
Incident Response
✔ Incident response is a set of cyber security policies and procedures that you can use

to identify, contain, and eliminate cyberattacks.

✔ An organization’s processes and technologies for detecting and responding to

cyber-threats, security breaches or cyberattacks.

✔ The ability to detect and resolve problems that threaten people, process, technology

and facilities.

✔ The goal of incident response is to prevent cyberattacks before they happen, and to

minimize the cost and business disruption resulting from any cyberattacks that

occur..
Goals of Incident response
✔ The primary goal of incident response is to effectively remove a threat
from the organization’s computing environment, while minimizing
damages and restoring normal operations as quickly as possible.
✔ Specifically:
✔ Confirms whether an incident occurred or not.

✔ Minimizes disruption of business and network operation.

What are security incidents?
✔ A security incident, or security event, is any digital or physical

breach that threatens the confidentiality, integrity or availability

or an organization’s information systems or sensitive data.

✔ Security incidents can range from intentional cyberattacks by

hackers or unauthorized users, to unintentional violations of

security policy by legitimate authorized users.

Incident Response Plan
An incident response plan is a document that details the security
processes to be carried out in case of an incident, and those responsible
for incident response.
▪ Typically these are created and executed by a cyber security incident
response team (CSIRT).
▪ CSIRT is formed to better address the dynamic threats against
company systems and to handle security incidents by centralizing
this activity in one functional unit.
Incident response methodology /Frameworks
▪ Organizations must implement a clear incident response plan.

▪ Some large organizations with significant security expertise have

developed incident response frameworks to help organizations create
standardized response plans.
▪ Different known organization has their own framework for create
incident response plan.
Incident response methodology /Frameworks
Preparation
• To make sure that the CSIRT always in place to respond to identify,
contain and recover from an incident as quickly as possible and within
minimal business disruption.
• Through regular risk assessment the CSIRT various types of security
incidents that pose a risk to the network, and prioritizes each type
according to its potential impact on the organization.

• Preparation of CSIRT
• The hardware ,software and documentation needed to investigate
cybersecurity incidents.
Detection and Analysis
• Security team members monitor the network for suspicious
activity and potential threats.
• They analyse data, notifications and alerts gathered from
device logs and from various security tools (antivirus
software, firewalls) installed on the network, filtering out
the false positives and triage the actual alerts in order of
severity.
• Detection of Incident
• Detection of remote attack
• System Crash
• Child Pornography
Containment
• The incident response team takes steps to stop the breach from
doing further damage to the network.
• Containment activities can be split into two categories:
• Short-term containment measures focus on preventing the
current threat from spreading by isolating the affected systems

• Long-term containment measures focus on protecting

unaffected systems by placing stronger security controls
around them.
• At this stage, the CSIRT may also create backups of affected
and unaffected systems to prevent additional data loss.
Eradication
• Once the threat has been contained, the team moves on to
full remediation and complete removal of the threat from
the system.
• This involves actively eradicating the threat itself—e.g.,
destroying malware, booting an unauthorized or rogue
user from the network—and reviewing both affected and
unaffected systems to ensure no traces of the breach are
left behind.
Recovery
• When the incident response team is confident the threat has been

entirely eradicated, they restore affected systems to normal

operations.

• This may involve deploying patches, rebuilding systems from

backups, and bringing remediated systems and devices back online.

Post-incident review
• Throughout each phase of the incident response process, the
CSIRT collects evidence of the breach and documents the steps it
takes to contain and eradicate the threat.
• At this stage, the CSIRT reviews this information to better
understand the incident.

• The CSIRT seeks to determine the root cause of the attack, identify
how it successfully breached the network, and resolve
vulnerabilities so that future incidents of this type don't occur.
Data Breach Incidents by Industries
END!!