Introduction to Cybersecurity

Cybersecurity Fundamentals
Learning Objectives

By the end of lessons you will be able to:

Explain the fundamentals of cybersecurity

Identify threat actors, attacks, and mitigation

Describe security policies, procedures, standards, and

baseline

Elaborate the cybersecurity mitigation methods

Fundamentals of Cybersecurity
What Is Cybersecurity?
 A set of technologies used for protecting systems, networks, and programs from digital
attacks, damage, and unauthorized access.

Unauthorized
Attack Threats
Access

Address
Damage
Why Cybersecurity? to protect data

Presence of crime
Increased rate
syndicates
of cyber crime
Increased demand
The world relies on technology more
than ever before, and as a result digital Presence of cyber
data creation has surged. armies

Presence of
financial frauds
Information Security and Cybersecurity

Cybersecurity
Information Security

Is a set of techniques used to protect the integrity of

Refers to processes and tools designed to
networks, programs, and data
protect sensitive information

Is a component of information security

Encompasses paper documents and digital and
Cyber Crime Statistics
intellectual property
25+ million records
exposed everyday in
2018

Cyber Crime to cost

$6 trillion in 2021

Healthcare:
Ransomware attacks
24,000 malicious
will quadruple
mobile apps blocked daily

60% of fraud
originates from
mobile devices
300 billion passwords exist worldwide in 2020
Factors Affecting Cybersecurity
 Technology Business Plans

1 for security 5
Platforms and tools
Nature of business
Network connectivity
2 Risk tolerance

Level of IT complexity Industry trends

3
Mergers and acquisitions and partnerships Outsourcing
4
New or emerging security tools Operational support service providers

CIA Triad

Information must be available

 on demand
CIA Triad
 Authorized parties can
access the information
CIA Triad
 Authorized people can
add,
remove, or alter
information

Governance, Risk Management, and Compliance (GRC)

Scope of GRC

Governance, Risk Management, and Compliance of every organization is different and varies based on the

type of organization.
 It depends on organization mission, size, industry, culture, and legal regulations.

Mission Regulations Size

Culture Industry
Responsibility of GRC

The ultimate responsibility of the GRC program is to protect their assets and operations IT, including their infrastructure
and information.
 GRC

The board of directors and senior

management of an organization are

responsible for Governance.

Provides strategic direction

Ensures that the objectives are achieved

Governance
Ascertains whether risk is being managed
appropriately
Risk Management Compliance
Verifies that the organization's resources are being
used responsibly
GRC
 It is the process by which the organization manages risks to acceptable

levels. These risks may include investment risk, physical risk, and cyber risk.

Governance

Risk Management

Compliance

GRC

It is the act of adhering to mandated requirements defined by laws and

regulations.
 Governance

Risk Management

Compliance

Roles of Cybersecurity
Cybersecurity Roles

The success of a cybersecurity role is ultimately the responsibility of the board of directors.
Board of Directors Committee Management

Executive Security Cybersecurity Practitioners

Approaches to Cybersecurity

Compliance-based security Risk-based security Ad-hoc approach

Cybersecurity: Key Terms
Cybersecurity: Key Terms
 Inherent risk

Residual risk
Illustration: Basics of Cybersecurity
 Threat Actors, Attacks, and Mitigation
Threat Actor

A threat actor or malicious actor is a person or entity that is responsible for an event or incident that impacts or has the
potential to impact the safety or security of another entity.
 Threat Actor Categories

Script kiddies Hactivist

 Threat Actor categories
are:
Nation states APT Insiders

Organized crime Competitors

Threats to a System
Main

threats to an organization should be considered.

Natural Supply system threats Man-made threats Sociopolitical threats

environmental threats
 Malware

Malware is any software that is intentionally designed to cause damage to a computer,

server, client, or computer network.
 Adware
Types of Malware

Rootkit

Backdoor

Logic bombs
Worms Viruses Trojans Spyware

Ransomware
Worms
Worms are self-replicating codes designed to penetrate computer systems.
 Virus

Virus is a malicious code that replicates by attaching to an executable code.

Trojans

Trojans are programs that claim to perform one function but does another, typically malicious.
 Spyware

Spyware is a software aimed to steal personal or organizational information.

Adware

Adware is a software that displays endless ads and pop-up windows.

 Rootkit

Rootkits are designed to modify the operating systems’ operations to facilitate non-standard functionality.
Backdoor

Backdoor provides the attacker with unauthorized remote access to a system by exploiting security vulnerabilities.
 Logic Bombs

Logic bombs infect a system and lie dormant until they are triggered by a specific condition.
 Ransomware

Ransomware attempts to extort money from the user by infecting and taking control of a victim's machine.
Malware Attacks

Kovter WannaCry Zeus or

Zbot

Ghost Mirai
Denial-of-Service Attack

The purpose of DoS is to prevent access to the target system.

 Distributed Denial-of-Service

It is a denial-of-service attack employing multiple attacking systems.

 Distributed Denial-of-

Service

The goal of DDoS is to prevent access to a specific system.

DoS/DDoS Attacks

GitHub: 1.35 Tbps

 GitHub was hit with 1.35

terabits per
second of traffic.
DoS/DDoS Attacks

Cloudflare: 400 Gbps

 The attack was directed at a single computer with vulnerability.
Application Layer Attacks

They target computers by causing a fault in the operating system or applications.

Application Layer Attacks

They refer to a type of malicious behavior designed to target the top layer in the OSI model.
Application Layer Attacks

Cross-site scripting Buffer

overflow Domain hijacking

DNS spoofing SQL

injection DoS/DDoS
Software Codes and Security
Progr

ammers are responsible to write safe and high quality codes.

 Software Codes and Security
Source codes are

statements written using a computer programming language.

 Software Codes and Security

Code review is a systematic examination or peer review of source code. Find

mistakes Improve
software quality
Software Testing Methods
 Evaluates the security of
software in a runtime
environment

Static Testing

Dynamic Testing

Evaluates the security of

software without running it
Software Testing Methods

In March 2018, hackers hit Saks Fifth Avenue and Lord & Taylor, stealing debit and credit cards.
 5 million records breached
Software Testing Methods

In May 2018, the concert and sporting event ticketing website, ticketfly was vandalized,
taken down, and disrupted for a week.
 Security Attacks

In August 2018, Russian hackers made millions selling credit card details stolen from almost
245,000 British Airways customers.
 Social Engineering

It is the art of manipulating people, so they give up their confidential information violating
the security principle.

Social Engineering Attack Categories

There are several attack categories of social engineering.

Spear Phishing

Phishing Whaling Phishing

Social Engineering Attack Categories
 Spear Phishing
Phishing Whaling Phishing

It is a fraudulent attempt to It is targeted to a specific It targets wealthy and

obtain sensitive information. group or an individual. prominent individuals.
 Social Engineering Attack: Ethereum Classic

In 2017, Ethereum Classic website was hacked resulting in the loss of thousands of dollars in
cryptocurrency.

Social Engineering Attack: Ethereum Classic

 Redirected the domain to their server

Impersonated Ethereum owner

Gained access to domain registry Extracted cryptocurrency from the victims

Security Policies and Procedures
Initiates and defines Senior Management
policies

policy guidelines

Implements the controls

and policies
Releases standards and Middle Management
Security Management Plan

Operations Management/IT Team

End Users

Must comply with the

organization’s functions
Types of Security Management Plan
 Strategic Plan Tactical

Plan Operational Plan

Types of Security Management Plan
 Strategic Plan Tactical Plan

Operational Plan

● Is a long-term plan
● Defines security posture
● Is valid for five years and is
renewed annually
● Helps understand security
functions
● Helps in risk assessment
Types of Security Management Plan
 Strategic Plan Tactical Plan

Operational Plan

● Is a mid-term plan
● Provides detailed goals
● Is updated every year or two
● Is technology oriented
Types of Security Management Plan
 Strategic Plan Tactical Plan

Operational Plan

● Is a short-term plan
● Is highly detailed
● Is updated monthly or
quarterly
● Spells out how to accomplish
goals
Security Policy
 • Is a strategic plan

• Defines the scope of security

• Outlines security objectives

and framework

• Identifies the functional areas

• Outlines security goals and

practices

• Assigns responsibilities and

requirements

• Defines risk levels

Types of Security Policy
 Focuses on issues relevant to every
aspect of the organization

Organizational
policy

Issue-specific policy Focuses on individual

System-specific
policy

systems Focuses on a specific service, department, or function

Security Policy Framework
 Standard

Procedure

Guideline Baseline

● Defines the minimum level of security

● Is system specific

● Establishes the common secure state

Security Policy Framework
 Standard

Procedure ● Offers recommendations on implementation

● Serves as an operating guide

Guideline Baseline ● Is customized for each unique system
Security Policy Framework

Standard

● Is the final element of formalized

security policy structure
Procedure Guideline Baseline

● Describes actions for implementing the security

mandates

● Is system and software specific

● Ensures integrity of the business process

Security Policy Framework
● Defines

the compulsory
requirements

● Provides a course of action ● Is a tactical

document
● Reasonable care is taken in protecting the ● Is about practicing the activities that maintain
organization the due care effort

● Pertains to the legal duty of the organization ● Pertains to best practices that a company
should follow
● Lack of due care is considered negligence
● Might not be legally liable
Cybersecurity Mitigation Methods
Information Technology Control
An IT control is

a procedure or policy that provides a reasonable assurance that:

IT used by an organization is operating as intended The

organization is
in
compliance with
laws
and regulations
Data is reliable
Countermeasure

It is an action or method that is applied to prevent, avert, or reduce potential threats to:

Computers Networks Operating

Servers
Information
systems systems
Countermeasure
 It helps to mitigate or
reduce the potential risk.
Control Categories
 controls
Technical controls
Physical controls

Administrative
Administrative Controls

These are procedures and policies used to define employee actions toward sensitive information.
Technical Controls

These are procedures and policies used to define employee actions toward sensitive information.