Introduction to Cyber Security

[CYU 07104]

Introduction

By Paul E. Lutonja
Cyber security introduction
• Cyber Security is the protection of Computer systems against harm
• Any system is most vulnerable at its weakest point
• Attackers exploit vulnerabilities to gain unauthorized access to
valuable resources e.g., data/information
• For an attack to be successfully undertaken, attacker(s) must have the
three things: Method, Opportunity, and Motive (MOM)
 • Hardware e.g., Laptops, Servers, Desktop
Computers, Phones, etc.
• Software e.g., Microsoft Windows,

INFORMATION Ubuntu, Fedora, MacOS, Microsoft Word,

etc.
• Network e.g., Internet, LAN etc.
SYSTEMS’ ASSETS • Data/Information e.g., personal
information, trade secrets, formulas, etc.
• People e.g., system administrators, end-
users, etc.
 Cyber security GOALS

• There are 3 main security goals

• Confidentiality
• Integrity
• Availability
• For a cybersecurity system to be
effective, it must offer three things:
Confidentiality, Integrity, and
Availability. Together these are
known as the CIA Triad

C.I.A Triad
Confidentiality
• Confidentiality ensures that computer assets are accessed only by
authorized parties. That is, only those who should have access to
something will, in a need-to-know basis
• By Access, it means not only reading but also even viewing, printing,
or simply knowing that a particular asset exists.
• Confidentiality can also be called secrecy or privacy.
Integrity

• Integrity means that assets can be modified only by authorized

parties and/or only in authorized ways.
• In this context, modification includes writing, changing, changing
status, deleting, and fabricating.
• Integrity also means precise, accurate, unmodified, modified only in
acceptable ways, modified only by authorized people, modified only
in authorized processes, consistent, internally consistent, meaningful
and usable
Availability
• Availability means that assets can be accessed by authorized parties
when needed.
• In other words, if some person or system has legitimate access to a
particular set of objects, that access should not be prevented.
• For this reason, availability is sometimes known by its opposite,
denial of service.
• Availability also means asset is present in a usable form, has capacity
enough to meet the service’s needs, timely response to request, a fair
allocation of resources, so that some requesters are not favoured
over others, also support for simultaneous access, deadlock
management, and exclusive access, as required
TERMINOLOGIES
• Asset; any valuable computers resources which constitute the
computer systems
• Risk; is a likelihood of something harmful to happen
• Vulnerability; is the state of being exposed to attacks
• Threat; is anything that is likely to cause harm
• Cyber attack; is an offensive act which targets computer or computer
is used as a tool
• Cyber Security Control; is a practice or process implemented to
countermeasure cyber attacks e.g., antivirus
EXAMPLES OF ANTI-VIRUSES
Physical security
Physical security; describes protection of information systems' assets,
needed outside the computer system. Many physical security controls
can be implemented simply by good common sense
• Fence/Electric fence e.g., surrounding the data center compound
• Security guards
• Locked doors e.g., Electronic doors,
• Padlocks
• Humidity sensor
• Temperature sensor
Thank You