Professional Documents
Culture Documents
A lot of data breaches and cyberattacks have had a great impact, and organizations are
working towards pruning security breaches.
Conventional IT security leaders have scaled up becoming digital security leaders and
have widened their support to address risks for technology-savvy engineering and
physical environments.
Cybersecurity - Significance
With growing technological changes, organizations are currently grappling with
increasing security concerns. Any cybersecurity event could vandalize the hard-earned
reputation and loss of large asset values ($).
A lot of data breaches and cyberattacks have had a great impact, and organizations are
working towards pruning security breaches.
Conventional IT security leaders have scaled up becoming digital security leaders and
have widened their support to address risks for technology-savvy engineering and
physical environments.
What is Cybersecurity?
Cybersecurity by itself is an ocean, and it becomes necessary for everyone to know more
about the different aspects to protect both personal/organization information.
Let's embark on the course to start exploring cybersecurity, which would give you an
overall view and understanding of the above questions.
What is a cyberattack?
Cybersecurity:
Focus of Cybersecurity
The focus of cybersecurity is on
preventing
mitigating
detecting
investigating and
responding to cyber attacks.
The complexity of cyberspace implies that there are potentially endless lists of attack
scenarios and malicious programs.
You will learn about the different malicious programs in the next section!
Malwares include
Viruses
Worms
Trojans
Spyware
Adware
Ransomware
Scareware
Virus
Virus is a type of malicious software that can self-replicate and spread to other systems
or hosts, eventually corrupting the systems.
requires an active operating system /active host program or an already-infected system
to run and cause damage.
Virus spreads easily to other hosts through some means, one of the frequent means
being email attachment.
Worm
Unlike virus, worm is a standalone software that does not need human help/host
program to spread.
Worms can advance and self-replicate within a system using up resources such as
processing and memory.
Enters the system through a vulnerability and attacks information-transport
features/file-transport of the system.
Spyware
Spyware is designed to extract data from its host computer, for marketing purposes and
then transmits that data to a remote system without the user's knowledge.
Adware
Adware is similar to spyware, but it has been designed for advertising. Such as in a pop-
up screen.
Adware and Spyware are commonly known
asPotentially Unwanted Program - PUP.
A potentially unwanted program (PUP) is a software
that can be considered as nonessential, whose
implementation can compromise privacy or weaken
the computer's security.
Scareware
Scareware tricks users by making them believe that their computer has been infected
with a virus and then suggests to download and pay for fake antivirus software.
Usually, the virus is fictional, and the software is non-functional or malware itself.
Did you know - The number of scareware packages in circulation rose from 2,850 to 9,287
in the second half of 2008 alone to bring more awareness to users.
Trojan
Trojan is named after the wooden horse that the Greeks used to infiltrate Troy.
Trojan is commonly known for providing backdoor access to the system for malicious users.
While Botnets are largely used to distribute spam and malware to other users, Malnet is
used to draw users in and infect them.
Botnets are often controlled by a single or small number of command servers, whereas
Malnets use fast-changing infrastructures.
The malnet infrastructures allow cybercriminals to open dynamic attacks that can remain
unnoticed for days or months, by conventional anti-virus vendors.
Malvertising
New concept for spreading malware is even harder to combat because it can work its
way into a webpage and spread through a system unknowingly.
Antivirus software
Antivirus software tracks all files coming into the system from various sources such
as USB, mail, or websites, and checks if they match any of its virus or PUP signatures.
If they match, it typically removes or quarantines them.
Approximately 95% effective in detecting viruses and PUP's, since new viruses and PUP's
are being created frequently.
Antivirus software needs to be updated regularly so that new signatures can be added.
Myths!
There are some common myths related to computer viruses:
Any error message on the system, indicates virus infection - False, can indicate
hardware/software issues.
Viruses and Worms always require user interaction - False, malicious code is run.
Email attachments from known senders are safe - False, they can be used to spread
infection.
Antivirus programs will stop all threats - there is no such protection as 100%.
Viruses can inflict physical damage on your computer - such damages are not simply
possible.
1. Unsolicited commercial email is known as – Spam
2. ________ monitors user activity on internet and transmit that
information in the background to someone else. – spyware
3. Which of these are Personally Identifiable Information – all
4. What is PUP – Potentailly unwanted program
5. A ________ is like a Virus, having the ability to spread without any
medium. – Torjan
6. Internet can impose a number of Risks and hence Cybersecurity is
required. – true
7. Which of these is an anti-virus program -all
8. Which of these are cyber threats? – all
Confidentiality
Integrity
Availability.
In this section, you will understand more about each one of these in detail now!
Confidentiality
Confidentiality is the guarantee of data privacy and protection against
unauthorized disclosure.
Social Security
Credit card information
Account numbers
Business information such as:
o Financial data
o Employee records and Trade secrets
Integrity
Protecting data from unauthorized modification is called Integrity.
Availability
Availability is ensuring that data and services are available to authorized users
whenever required.
Protecting Information
Data leakage is not always noticeable.
Protecting information
Protection Mechanisms
CIA compliant system provides protection mechanisms that offer layered
protection to the data.
Use of layered approach and proper checks to improve confidentiality, integrity,
and availability.
Model
Multiple Layers - Different controls guard the system against various threats coming at
different levels.
Abstraction - Used for efficiency.
Data Hiding - Data hiding entails keeping data undiscoverable by unauthorized
personnel.
Encryption - A technique used for masking the original data so that it can’t be
interpreted right away.
Symmetric
Both encryption and decryption use same key.
Used for encrypting large amounts of data (like an entire disk partition or database) as it
is very fast.
Primarily used for privacy and confidentiality.
Asymmetric
Uses two different set of keys for encryption and decryption. (public and private key)
Although the public key may be freely distributed, the private key is kept in a secret
manner,
Very slow and used to encrypt data smaller than key size (2048 bits or smaller)
Leveraged to encrypt symmetric encryption keys, which are then used to encrypt much
larger blocks of data.
Primarily used for authentication, non-repudiation, and key exchange.
Plaintext
Ciphertext
Ciphertext is a text language or a written document in which the plaintext has changed
its form, a form which cannot be read or we cannot communicate and understand it. It is
also known as encrypted test.
How it works?
1. Assets
2. Threat
The probable danger that in general are difficult to control. Threats can include unhappy
employee, terrorists, or nature.
3. Vulnerability
The risk is something that can happen unexpectedly and is a combination of threats and
vulnerabilities.
threat times and vulnerabilities. Hence, to understand the risk to assets, the possible
threats and vulnerabilities must be analyzed.
The first little pig built a house of straw, but the wolf blows it down and eats the
pig.
The second little pig built a house of sticks, but the wolf also blows it down and
eats the pig.
The third little pig built a house of bricks, which the wolf cannot blow it down.
As you observe in all three scenarios, The threat is 100% as the wolf tries to blow the
house down.
Vulnerability
Inference
Passive attack
Active attack
Here, intruder tries to break into secured systems for stealing or modifying
information or to generate malicious code.
Example: Injecting systems with Malicious programs such as Worms, Viruses or
Trojans.
Attack Types
Phishing - one of the most dangerous cyber threats of all time. The sole purpose
of phishing is to distract/fool the victim and to get all the confidential information
such as address, bank account, password, card number, etc. Phishing spreads
through email or even phone calls.
Password Attack- Hackers don’t need any emails, code or forged links to make
this attack. They can do it by cracking your password. Hackers may use any
password cracking tool to trigger this attack.
Drive-by Download - This could get triggered just by visiting a website. An
unusual download might start automatically even without action by the users,
causing Malware to be installed on the device.
Software
Hardware
Network,
User.
Hardware can also create an avenue for attack, but physical access to the device
is required.
Hardware attacks can be accomplished through a network communication
connectionas well.
Hardware vulnerabilities includes items that users install such as software or plug-in flash
drives.
Exposure to Internet
Growth of wireless technology
Evolution of various smart devices (Internet of Things)
Classification of Threats
Malicious: A Hacker or disgruntled employee who is interested in specific Asset or
information only.
Non-Malicious: Attack that happens due to neglected factors like compromising with
security.
Intrusion Phases
Hacker works towards his objectives by planning/performing a set of activities. Example:
exfiltration. Network intrusion happens in a phased manner.
Threat Modelling
Threat Modelling is a process of securing web/mobile applications or any assets by
determining the effective security controls and measurements.
Considerations
Threat Management is the best practice for managing cyber threats that enables early
identification of vulnerabilities using data-driven situational analysis.
STRIDE - a threat classification model that helps to limit the potential false positives
threat. This model is used to help reason and find threats to a system.
Mitigation Steps
i) Classify Assets - Classify information assets with regard to their business significance.
ii) Stay Informed - IT and security teams need to stay updated on the latest threat
attacks.
Big data analytics can be used to detect long and slow Advanced Persistent
Threats.
Machine-learning and UEBA - User entity and Behavior Analytics.
Intelligence feeds - Threat intelligence feeds, malware analysis and
vulnerability scans.
Threat Intelligence
Threat intelligence is required at:
Cybersecurity Architecture
Cybersecurity architecture is all about understanding one's Business Scope,
requirements`and then design and develop a security architecture to implement and
support it.
To capture complete business security architecture picture you have to find answers for
What
Why
How
Who
Where
When
Security Architecture should identify and protect against Risks, for effective
management, it should be a continuous operational activity.
Example: For maintaining minimum 98% agreed SLA, you can define the security control
parameter SLA at 98.5% for taking appropriate actions when needed to avoid penalty
risk.
Controls
In Security Architecture Control definition, you are not advised to set one
parameter, so we have to define controls at the different stages to detect and
avoid possible threats.
Example: For better control, you can define five levels of SLA security controls each from
98.9 to 98.5 respectively along with action points.
SABSA Framework
Sherwood Applied Business Security Architecture (SABSA) framework is an open
source framework used to create Enterprise Security Architecture.
A risk-driven method based on the analysis of the business requirements
The primary objective is to protect business with the required level of security.
Commonly represented as 6X6 SABSA matrix.
X6 SABSA matrix are divided into four 3X3 matrices for better representation.
In the Architecture framework part, a Business considers its
Security policies
Risk
Process
Control
Attributes
Information
Strategies
Before designing security architecture, you should identify and define role-based
privileges for associates working in different locations as per the required
timeline.
Incident Management
Incident is an event that may lead to business operational disruption.
Prepare
Identify
Analyze
Solve issues to prevent future incidents.
Many incidents require further investigations to find the source and reasons of attack
along with containment and eradication of affected and vulnerable systems for recovery
activities.
1. Preparation - Involve the team and define the required procedures for guidance.
2. Detection and Analysis - Work on incidents that require further investigations to find
the source and reasons of attack.
3. Containment, Eradication and Recovery - Take control of the incident before it gets
worse, then remove and recover the affected system securely.
4. Post-Incident activities - Document the learning outcome along with the required
measures and controls.
Prepare
Response and
Follow-up
Incident Response
Preparation
Conduct a critical assessment of your organization.
Carry-out a security threat analysis from practical incidents.
Consider the implication of people, process, technology and information.
Create appropriate control framework
Review your state of readiness.
Response
Identify cybersecurity incident.
Define Objectives and investigate the situation.
Take appropriate pre-approved or required actions.
Recover systems data and connectivity.
Post-Incident Activities
The below are the recommended Incident response activities:
Follow-up
Investigate incidents more thoroughly.
Report Incident to relevant stakeholders.
Carry out a Post-Incident review.
Update key information, controls and processes.
Perform trend analysis.
Communicate and share the lessons learned.
Incident Category
Incident Category can be defined according to business priorities ranging from their
testing incidents to any unauthorized attack.
Precursor shows us the incident may occur. Example: Flight cabin crew alarm would be a
precursor to any Airline Incident.
It is primarily used to collect various device logs from several different machines in a
central location for monitoring and review. The protocol is enabled on most network
equipment such as routers, switches, firewalls, and even some printers and
scanners.
https://resume.mcalglobal.com/socialresume/user/take-quiz.htm?catid=tech&nameid=sec_sit2
http://www.mcqslearn.com/cs/computer-networks/cryptography.php
https://www.amu.ac.in/newdata/depttmom/10625.pdf
https://www.yeahhub.com/40-cyber-security-mcq-answers-explanations/
https://www.yeahhub.com/cyber-security-mcq-35-questions-with-answers/
http://www.mcqslearn.com/cs/computer-networks/mcq/cryptography-mcqs-test.php?page=6