CYBER SECURITY

INTRODUCTION TO CYBER
SECURITY
Cyber security is the practice of defending computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks. It's also known as information technology
security or electronic information security. The term applies in a variety of contexts, from
business to mobile computing, and can be divided into a few common categories
 BRANCHES OF CYBER
SECURITY
 Network security
 Endpoint Security
 Application Security
 Mobile Security
 Malware/Spyware Analysis
 Risk Audit/Management

 Cyber Forensics
 Penetration Tester
 Network security analyst
 Security analyst
 OS security
 System security (user level)

 System security (kernel level)

 Decryption explicitly
 INFORMATION SECURITY
OVERVIEW 
Information security refers to a set of processes and activities performed in order to protect
information. The main objective of information security is to prevent unauthorized users from
stealing and misusing information or services.

At the core of information security is information assurance, the act of maintaining the
confidentiality, integrity and availability (CIA) of information and it’s the Goals of Security

 Confidentiality
 Integrity
 Availability
 INFORMATION SECURITY
SERVICES 
 Identity and Access Management 

Identity and access management (IAM) in enterprise IT is about defining and managing the
roles and access privileges of individual network users and the circumstances in which users are
granted (or denied) those privileges. Those users might be customers (customer identity
management) or employees (employee identity management.
The core objective of IAM systems is one digital identity per individual. Once that digital
identity has been established, it must be maintained, modified and monitored throughout each
user’s “access lifecycle.” 
 Data Security

Data security refers to the process of protecting data from unauthorized access and data
corruption throughout its lifecycle. Data security includes data encryption, tokenization, and key
management practices that protect data across all applications and platforms.
 CYBER SECURITY SERVICE
OFFERINGS
 Symantec
 McAfee
 HP
 Sophos
 CheckPoint
 Trend Micro
 Forcepoint
CYBER SECURITY GOALS -CIA
Confidentiality
 Confidentiality is roughly equivalent to privacy it’s a measures undertaken to ensure confidentiality are designed to
prevent sensitive information from reaching the wrong people, while making sure that authorized people can
access it. Protecting sensitive, private information from unauthorized access.
 Integrity

Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Data
must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people
(for example, in a breach of confidentiality)
Availability
 Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately
when needed and maintaining a correctly functioning operating system environment
 High availability systems are the computing resources that have architectures that are specifically designed to
improve availability. Providing adequate communication bandwidth and preventing the occurrence of bottlenecks
are equally important. Redundancy, failover, RAID even high-availability clusters
 MANAGED DETECTION AND
RESPONSE (MDR) SERVICES
 Constantly collecting data to identify potential threats and provide an insight of any attack risk
or vulnerability
 Utilizing specialized threat hunting expertise to discover security flaws in end points, user
behaviour, network and application
 Triaging alerts with a data-driven approach and countering threat incidents right in time based
on priority
 Investigating and managing breaches, eliminating the root cause of the attack and allowing
users to quickly get back to business-as-usual
 COMPUTER FORENSICS

 Computer forensics a process of investigation and analysis techniques to gather and preserve
evidence from a particular computing
 The goal of computer forensics is to perform a structured investigation while maintaining a
documented chain of evidence to find out exactly what happened on a computing device and
who was responsible for it.

 Cross-drive Analysis
 Encryption
 Deleted Files
 Steganography
 MALWARE & THREATS

 Malware or “malicious software,” is an umbrella term that describes any malicious program or code that is harmful to
systems
Types of Malware
Virus
 A virus is a self-replicating malware that infects the computer through an executable file. It is attached to a file that the user
must run first for the virus to spread.
 Note that it cannot activate itself without a human help

Worm
 A worm is the opposite of virus. If a virus needs a human action to self-replicate, a worm can spread independently. Once
installed / Inserted worm can replicates fast and consumes the computer memory that leads in low disk space and reduced
computer performance.
Trojan
 Is a type of malware that is used to gain control over the computer. Trojan installs other types of malware used to manipulate
the computer without the user’s knowledge. This allows hackers to use the computer for delivering cybercrimes.
 Spyware

Spyware is used to monitor computer activities to gather personal information. Spyware allows
hackers to view emails, listen to phone calls, and watch the victim through the webcam.
 Keylogger

Keylogger exposes the passwords by recording each key pressed on the keyboard. It is used to
steal account information.
 Rootkit

Targets the operating system, making it hard to detect. A rootkit is invisible in Task Manager
since it’s built in the operating system of the computer. It is used to conceal malware activities
on the computer. It’s often bundled with another malware to steal bank account information.
 CYBERCRIME  
 Cybercrime is a crime that involves a computer and a network. The computer may have been
used in the commission of a crime, or it may be the target.
 Cybercrimes can be defined as: "Offences that are committed against individuals or groups of
individuals with a criminal motive to intentionally harm the reputation of the victim or cause
physical or mental harm, or loss, to the victim directly or indirectly, using modern
telecommunication networks such as Internet (networks including chat rooms, emails, notice
boards and groups) and mobile phones (Bluetooth/SMS/MMS)
 Cybercrime may threaten a person or a nation's security and financial health
 CYBER TERRORISM
 Cyberterrorism is the use of the Internet to conduct violent acts that result in threaten, loss of
life or significant harm ,in order to achieve political or ideological gains through threats
 It is also sometimes considered an act of Internet terrorism where terrorist activities, including
acts of deliberate, large-scale disruption of computer networks, especially of personal
computers attached to the Internet by means of tools such as computer viruses, computer
worms, phishing, and other malicious software and hardware methods and programming
scripts.
 INFORMATION WARFARE  
 Information Warfare is a offensive and defensive use of information
 At a conceptual level, IW consists of all efforts to control, exploit, or deny an adversary's
capability to collect, process, store, display, and distribute information, while at the same time
preventing the enemy from doing the same.
 The intent is to control, manipulate, deny information, influence decisions, and degrade or
ultimately destroy adversary systems while guarding friendly systems against such action.
 SOCIAL ENGINEERING
 Social engineering is the term used for a broad range of malicious activities accomplished
through human interactions.
 It uses psychological manipulation to trick users into making security mistakes or giving
away sensitive information.
 Social engineering attacks happen in one or more steps
 A perpetrator first investigates the intended victim to gather necessary background
information, such as potential points of entry and weak security protocols, needed to proceed
with the attack. Then, the attacker moves to gain the victim’s trust and provide stimuli for
subsequent actions that break security practices, such as revealing sensitive information or
granting access to critical resources
SOCIAL ENGINEERING LIFE
CYCLE
 SOCIAL ENGINEERING
COUNTERMEASURES
 Don’t open emails and attachments from suspicious sources – If you don’t know the sender in
question, you don’t need to answer an email. Even if you do know them and are suspicious about
their message, cross-check and confirm the news from other sources
 Remember that email addresses are spoofed all of the time; even an email purportedly coming
from a trusted source may have actually been initiated by an attacker.
 Keep your antivirus/antimalware software updated – Make sure automatic updates are engaged,
 Use multifactor authentication – One of the most valuable pieces of information attackers seek
are user credentials. Using multifactor authentication helps ensure your account’s protection in
the event of system compromise.
• Beware of tempting offers – If an offer sounds too enticing, think twice before accepting it as
fact. Googling the topic can help you quickly determine whether you’re dealing with a
legitimate offer or a trap.
 IDENTIFY THEFT
 Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces
of personally identifiable information (PII)
 Types of identity theft
 Identity theft is categorized in two ways: true name and account takeover. True-name identity
theft means the thief uses personal information to open new accounts. The thief might open a
new credit card account, establish cellular phone service or open a new checking account to
obtain blank checks.
 Account-takeover identity theft is when the imposter uses personal information to gain access
to the person's existing accounts. Typically, the thief will change the mailing address on an
account and run up a huge bill before the victim realizes there is a problem. The internet has
made it easier for identity thieves to use the information they've stolen since transactions can
be made without any personal interaction.
 IDENTITY THEFT
TECHNIQUES
• Mail theft: This is stealing credit card bills and junk mail directly from a victim's mailbox or
from public mailboxes on the street.
• Dumpster diving: Retrieving personal paperwork and discarded mail from trash dumpsters is
an easy way for an identity thief to get information. Recipients of preapproved credit card
applications often discard them without shredding them first, which greatly increases the risk of
credit card theft.
• Shoulder surfing: This happens when the thief gleans information as the victim fills out
personal information on a form, enter a passcode on a keypad or provide a credit card number
over the telephone.
• Phishing : This involves using email to trick people into offering up their personal information.
Phishing emails may contain attachments bearing malware designed to steal personal data or
links to fraudulent websites where people are prompted to enter their information.