Cybersecurity

Diploma
Cybersecurity
Diplom
Edited By: Om r Z yed

➢ Introduce myself

➢ Diploma Road Map

➢ Background

➢ Methodology
Edited By: Om r Z yed

Introduction to
Cybersecurity
The Need for Cybersecurity
 Chpter 1 - Sections E Objectives
▪ 1.1Personal Data

• Explain the characteristics and value of personal data.

• Define personal data.
• Explain why personal data is profitable to hackers.
▪ 1.2 Organization Data

• Explain the characteristics and value of data within an organization.

• Describe types of data used by governments and organizations.
• Describe the impact of a security breach.
▪ 1.3 Attackers and Cybersecurity Professionals

• Explain the characteristics and motives of cyber attackers and the legal and ethical issues for cybersecurity
professionals.
• Describe the characteristics and motives of an attacker.
▪ 1.4 Cyberwarfare

• Explain the characteristics and purpose of cyberwarfare.

• Describe cyberwarfare.
 What is Cybersecurity?
Cybersecurity is the ongoing effort to protect these networked systems and all of the data from
unauthorized use or harm. On a personal level, you need to safeguard your identity, your data, and
your computing devices.
Personal Data
 Your Online and Offline Identity
➢ As more time is spent online, your identity, both online and offline, can affect your life. Your offline
identity is the person who your friends and family interact with on a daily basis at home, at school, or
work. They know your personal information, such as your name, age, or where you live. Your online
identity is who you are in cyberspace. Your online identity is how you present yourself to others online.
This online identity should only reveal a limited amount of information about you.
➢ You should take care when choosing a username or alias for your online identity.
➢ The username should not include any personal information. It should be something appropriate and
respectful.
 Financial
Data
Data on
your Education
Computing Data
Devices

Your Data
Medical Your
Data Identity

Employment Information
Online
Financial
Data
➢ When you are at the doctor’s office, the conversation you have with the doctor is recorded
Financial
in your medical chart. For billing purposes, this information may be shared with the insurance
company to ensure appropriate billing and Data
quality. Now, a part of your medical record for the
visit is also at the insurance company.

➢ When you share your pictures online with your friends, do you know who may have a copy of
the pictures? Copies of the pictures are on your own devices. Your friends may have copies
of those pictures downloaded onto their devices. If the pictures are shared publicly,
strangers may have copies of them, too. They could download those pictures or take
screenshots of those pictures. Because the pictures were posted online, they are also saved
on servers located in different parts of the world. Now the pictures are no longer only found
on your computing devices.
➢ The store loyalty cards maybe a convenient way to save money for your
purchases. However, the store Financial
isData
compiling a profile of your purchases and
using that information for its own use. The profile shows a buyer purchases a
certain brand and flavor of toothpaste regularly. The store uses this
information to target the buyer with special offers from the marketing
partner. By using the loyalty card, the store and the marketing partner have a
profile for the purchasing behavior of a customer.
What does hackers want from YOU ?
Financial
Data
They Want Your Money They Want Your Identity
Your online credentials are
valuable. These credentials give Besides stealing your money for
the thieves access to your short-term monetary gain, the criminals
accounts. You may think the want long-term profits by stealing your
frequent flyer miles you have identity.
earned are not valuable to
cybercriminals.
 Financial
Data

Organization Data
 Introduction to Organization Data
Financial
Traditional Data Data
Internet of Things and Big Data
Corporate data includes personnel information,
intellectual property, and financial data. Personnel
information includes application materials, payroll,
offer letters, employee agreements, and any
information used in making employment decisions.
With the emergence of the Internet of Things
(IoT), there is much more data to manage and
secure. IoT is a large network of physical
objects, such as sensors and equipment, that
extends beyond the traditional computer
network.
Confidentiality, Integrity, and Availability
Financial
Data
 Confidentiality

CIA
Triad

Integrity Availability
 Confidentiality

CIA
Triad

Integrity Availability
 Financial
Another term for confidentiality would be privacy. Company
Data
policies should restrict access to the information to
authorized personnel and ensure that only those authorized
individuals view this data. The data may be
compartmentalized according to the security or sensitivity
level of the information. For example, a Java program
developer should not have to access to the personal
information of all employees. Furthermore, employees
should receive training to understand the best practices in
safeguarding sensitive information to protect themselves and
the company from attacks. Methods to ensure confidentiality
include data encryption, username ID and password, two
factor authentication, and minimizing exposure of sensitive
information.
 Confidentiality

CIA
Triad

Integrity Availability
 Financial
Data
Integrity is accuracy, consistency, and trustworthiness
of the data during its entire life cycle. Data must be
unaltered during transit and not changed by
unauthorized entities. File permissions and user access
control can prevent unauthorized access. Version
control can be used to prevent accidental changes by
authorized users. Backups must be available to restore
any corrupted data, and checksum hashing can be
used to verify integrity of the data during transfer.

Integrity
➢ A checksum is used to verify the integrity of files, or strings
of characters, after they have been transferred from one
Financial
Checksum
device to another across your local network or the Internet.
Data Some of the
Checksums are calculated with hash functions.
common checksums are MD5, SHA-1, SHA-256, and SHA-512.
File to be transferred
A hash function uses a mathematical algorithm to transform
the data into fixed-length value that represents the data, as
shown in Figure. The hashed value is simply there for
comparison. From the hashed value, the original data cannot
be retrieved directly. For example, if you forgot your
password, your password cannot be recovered from the hashed
Hash Function
value. The password must be reset.

➢ After a file is downloaded, you can verify its integrity by

verifying the hash values from the source with the one you
Fixed-length
Integrity
generated using any hash calculator. By comparing the hash e88ws334
Hash Value
values, you can ensure that the file has not been tampered
with or corrupted during the transfer.
 Confidentiality

CIA
Triad

Integrity Availability
 Financial
Data

Maintaining equipment, performing hardware repairs,

keeping operating systems and software up to date, and
creating backups ensure the availability of the network and
data to the authorized users. Plans should be in place to
recover quickly from natural or man-made disasters. Security
equipment or software, such as firewalls, guard against
downtime due to attacks such as denial of service (DoS).
Denial of service occurs when an attacker attempts to
overwhelm resources so the services are not available to
the users.

Integrity
➢ In this lab, you will generate a hash for a file and use the
Financial
hash value to compare theData integrity of a file.

Integrity
➢ In this lab, you will generate a hash for a file and use the hash value to
Financial
compare the integrity of a file. Data

Integrity
 The Impact of Security Breach
Financial
Data

Ruined Revenue Damaged

Theft Intellectual
Reputation Vandalism Lost Property

Loss of Loss of effort, and

Damage of data Financial Impact Loss of copyright
customer trust material

Integrity
 Financial
Security Breach Example - LastPass
Data
➢ An online password manager
➢ Stolen email addresses, password reminders,
and authentication hashes
➢ Requires email verification or multi-factor
authentication when logging in from an unknown device
➢ Users should use complex master password,
change master password periodically, and beware of
phishing attacks
Integrity
 Financial
Security Breach Example - Vtech
Data
➢ Vtech is a high tech toy maker for children
➢ Exposed sensitive information including customer
names, email addresses, passwords, pictures, and
chat logs.
➢ Vtech did not safeguard information properly
➢ Hackers can create email accounts, apply for credits,
and commit crimes using the children’s information
➢ Hackers can also take over the parents’ online
accounts Integrity
 Financial
Security Breach Example - Data
Equifax
➢ Equifax is a consumer credit reporting agency.
➢ Attackers exploited a vulnerability in web
application software.
➢ Equifax established a dedicated web site with a
new domain name that allowed nefarious parties
to create unauthorized websites for phishing
scheme

Integrity
 Financial
Data

Attackers and Cybersecurity Professionals

Integrity
 Financial
Data
Hackers

White Hat Hackers Grey H

Gray Hatt H ckers
Hackers BlBlack
ck H Hat
t H Hackers
ckers

White hats – break into Gray hats – compromise Black hats - take advantage
Integrity
system with permission to systems without permission of any vulnerability for
discover weaknesses so illegal personal, financial or
that the security of these political gain
systems can be improved
 Financial
Data

Integrity
 Financial
Data

cyberwarfare
Integrity
 Financial
Data
➢ Conflict using cyberspace
➢ Stuxnet malware
➢ Designed to damage
Iran’s nuclear enrichment
plant
➢ Used modular coding
➢ Used stolen digital certificates

Integrity ➢ https://video.cisco.com/video/20937055170
01
 Financial
Data

Integrity
 Financial
Data

Chapter Summary
Integrity
➢ Define personal data.
Financial
➢ Explain the characteristics and Dataof personal
value data.
➢ Explain the characteristics and value of data within an
organization.
➢ Describe the impact of security breach.

➢ Describe the characteristics and motives of an attacker.

➢ Describe the legal and ethical issues facing a cybersecurity

professional.
Integrity
➢ Explain the characteristics and purpose of cyberwarfare.
What three items are components of the CIA triad? (Choose
Financial
three.) Data
➢ intervention
➢ availability
➢ scalability
➢ confidentiality
➢ integrity
➢ access

Integrity
 Financial
What is another name for confidentiality of
Data
information?
➢ trustworthiness
➢ privacy
➢ accuracy
➢ consistency

Integrity
Which statement describes cyberwarfare?
Financial
Data
➢ Cyberwarfare is an attack carried out by a group of script kiddies.
➢ It is simulation software for Air Force pilots that allows them to
practice under a simulated war scenario.
➢ It is a series of personal protective equipment developed for soldiers
involved in nuclear war.
➢ It is Internet-based conflict that involves the penetration of information
systems of other nations.

Integrity
What is an example of “hacktivism”?
Financial
➢ A group of environmentalists launch
Data adenial of service attack against an
oil company that is responsible for a large oil spill.
➢ A teenager breaks into the web server of a local newspaper and posts a
picture of a favorite cartoon character.
➢ A country tries to steal defense secrets from another country by infiltrating
government networks.
➢ Criminals use the Internet to attempt to steal money from a banking
company.

Integrity
What is the motivation of a white hat attacker?
Financial
➢ discovering weaknesses of networks
Data and systems to improve the security
level of these systems
➢ studying operating systems of various platforms to develop a new system
➢ taking advantage of any vulnerability for illegal personal gain
➢ fine tuning network devices to improve their performance and efficiency

Integrity
Which method is used to check the integrity of
Financial
data? Data
➢ checksum
➢ backup
➢ authentication
➢ encryption

Integrity
What are three methods that can be used to ensure confidentiality of
information? (Choose three.)Financial
Data
➢ data encryption
➢ backup
➢ file permission settings
➢ username ID and password
➢ two factor authentication
➢ version control

Integrity
 Financial
What is a reason that internal security threats might cause greater
Data
damage to an organization than external security threats?
➢ Internal users can access the infrastructure devices through the Internet.
➢ Internal users can access the corporate data without authentication.
➢ Internal users have direct access to the infrastructure devices.
➢ Internal users have better hacking skills.

Integrity
Cybersecurity
Diplom