CYBER SECURITY

Lesson 3
 LAWS AND REGULATIONS

• General Data Protection Regulation (EU) (GDPR)

• The EU general data protection regulation (GDPR) is the strongest
privacy and security law in the world. This regulation updated and
modernized the principles of the 1995 data protection directive. It was
adopted in 2016 and entered into application on 25 May 2018.
• It is the toughest privacy and security law in the world.
 LAWS AND REGULATIONS

• Information Commissioner's Office (ICO) Purpose and Responsibilities

• The ICO regulates data protection in the UK. They offer advice
and guidance, promote good practice, monitor breach reports,
conduct audits and advisory visits, consider complaints,
monitor compliance and take enforcement action where
appropriate.
• They cooperate with data protection authorities in other
countries, including the European Data Protection Board
(EDPB), which includes representatives from data protection
authorities in each EU member state.
 LAWS AND REGULATIONS

• Information Security Act

• It aims to enhance the level of protection from online crimes
committed through the use of information technology, networks
and platforms.
• The act recognized the importance of information security to the
economic and national security.
 LAWS AND REGULATIONS

• Telecommunications Security Act

• The Communications Act 2003 (as amended by the Telecommunications
(Security) Act 2021) includes new national security powers for the
government to impose, monitor and enforce controls on public
communications providers' use of designated vendors' goods, services
and facilities within UK public telecoms networks.
 DESCRIBE NETWORK SECURITY
PROTECTION METHODS.

• Network security protection methods

1. Firewalls
2. VPN
3. Access logs
4. Firmware updates
 FIREWALLS

• A Firewall is a network security device that monitors and filters

incoming and outgoing network traffic based on an organization's
previously established security policies. At its most basic, a firewall
is essentially the barrier that sits between a private internal network and
the public Internet.
 VPN

• VPN stands for "virtual private network" — a service that helps you

stay private online. A VPN establishes a secure, encrypted connection
between your computer and the internet, providing a private tunnel for
your data and communications while you use public networks.
 ACCESS LOGS

• An access log is a log file that records all events related to client
applications and user access to a resource on a computer.
Examples can be web server access logs, FTP command logs, or
database query logs. Managing access logs is an important task for
system administrators.
 FIRMWARE

• A firmware update will upgrade your device with advanced

operational instructions without needing any upgradation in the
hardware. By updating the firmware, you will be able to explore new
features that are added to the device and also have an enhanced user
experience while interacting with the device.
• Firmware is installed directly onto a piece of hardware during
manufacturing. It is used to run user programs on the device and can
be thought of as the software that enables hardware to run. Firmware is
the foundation of the software stack that computer hardware uses for
basic operations and to run applications.
 EVALUAT E THE IMPACT OF PE NETRATION AND
VULNER AB ILITY TE ST ING HAS TO AN
ORGANIZ ATION.

1. Baselines
2. Identifies areas of weakness or focus
3. Ethical hacking
4. Externally vs internally completed tests
 EVALUAT E THE IMPACT OF PE NETRATION AND
VULNER AB ILITY TE ST ING HAS TO AN
ORGANIZ ATION.

• Baseline: the minimum security controls required for safeguarding

an IT system based on its identified needs for confidentiality,
integrity and/or availability protection. 
• Identifies areas of weakness or focus
• Ethical hacking involves an authorized attempt to gain
unauthorized access to a computer system, application, or data.
Carrying out an ethical hack involves duplicating strategies and actions
of malicious attackers.
 EVALUAT E THE IMPACT OF PE NETRATION AND
VULNER AB ILITY TE ST ING HAS TO AN
ORGANIZ ATION.

• An external network pen test is designed to discover and exploit

vulnerabilities in hosts accessible via the Internet.
• An internal pen test is performed within an organization's network,
looking for vulnerabilities from the inside.
 END USER DEVICE PROTECTION
METHODS.

1. Anti-virus protection
2. Patch management
3. Malware protection
4. End-point protection
5. Mobile Device Management
 MALWARE PROTECTION

• Malware protection is a robust cyber security solution that adds an

extra layer of security to your computer to protect against
cyberattacks.
• Once downloaded to your device, malware protection periodically scans
your computer to identify, quarantine, and eliminate any malware to
keep your systems secure.
 PATCH MANAGEMENT

• Patch management is the process of systematically deploying

software patches (updates) to computers. The patch management
process includes scanning the computers for missing patches, deploying
them manually or via patch management solutions and generating
reports to ensure high patch compliance in the network.
• Patches are nothing but pieces of code tailored to fix a bug or to add
new features to an application
 END-POINT PROTECTION

• Endpoint protection involves monitoring and protecting endpoints

against cyber threats. Protected endpoints include desktops, laptops,
smartphones, tablet computers, and other devices.
 MOBILE DEVICE MANAGEMENT

• Mobile Device Management is any software that allows IT to automate,

control, and secure administrative policies on laptops,
smartphones, tablets, or any other device connected to an
organization's network.
• Performance and device health, secure network access, restrictions on
how data can be transmitted, employee app updates, geolocation, and
monitoring for abnormal or unsanctioned usage.