Professional Documents
Culture Documents
i. https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
ii. https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
iii. https://cisomag.eccouncil.org/uk-cops-becoming-ethical-hackers/
iv. https://www.itjobswatch.co.uk/jobs/uk/cyber%20security.do#job_vacancy_trend
Page 1 of 9
This relates to why some of the assets like (public relation, private information) are important to
you.
e.g: you may wish your emails to remain private.
wishing your identity to remain unknown.
SECURITY, VULNERABILITIES AND THREATS
Page 2 of 9
10. Understanding the information that needs to be protected.
Determining security measures best suited for type of information.
Explaining security measures taken to employers using non-technical language.
11. Protecting sensitive or personal information from unauthorized access/use.
Identifying potential security risks.
Designing strategies and defensive systems against intruders.
Monitoring systems for unusual activities e.g (unauthorized access, modification,
duplication or information destruction)
Running counteractive protocols.
Reporting incidents.
12. Testing security strategies and defenses.
Attempting to break or uncover potential weaknesses.
Acting like a hacker to test defensive systems.
Trying to access information without proper credentials.
Trying to break through firewalls and security applications.
Writing reports based on test results
13. Developing new defensive systems and protocols.
Creating new layers of protection.
Updating security systems.
Developing new counteractive protocols.
14. Granting permission and privileged to authorized users.
15. Running diagnostics of information changes to check for undetected breaches that may
have occurred.
16. Analyzing new methods pf intrusion by cyber criminals.
Keeping up to date on trends and new procedures in the industry.
Taking necessary precautions, updating and fortifying defenses accordingly.
Page 3 of 9
1. CYBER SECURITY
This is the practice of protecting information and data from outside sources on the internet.
Cyber Security professions provide protection for networks, servers, intranets and computer
systems.
Ensures only authorized people have access to that information.
2. INFORMATION SECURITY
This is all about protecting information and information systems from unauthorized use, assess,
modification or removal to provide confidentiality, integrity, availability (CIA) of the
information.
Its similar to data security which has to do with protecting data from being hacked or stolen.
Page 4 of 9
INFORMATION SECURITY (IS) WITHIN LIFE CYCLE MANAGEMENT
1. Plan and Organize
a. Establish management commitment.
b. Establish oversight committee.
c. Assess business drivers.
d. Carry out threat profile on the organization.
e. Carry out a risk assessment.
f. Develop security architecture at an organization, application, network and
component level.
g. Identify solutions per architecture level.
h. Obtain management approval to move forward.
2. Implement
a. Assign roles and responsibilities.
b. Develop and implement security policies, procedures, standards, baselines and
guidelines.
c. Identify sensitive data at rest and in transit.
d. Implement programs.
i. Asset identification and management.
ii. Risk management.
iii. Vulnerability management.
iv. Compliance.
v. Identity management and access control.
vi. Charge control.
vii. Software development life cycle.
viii. Business continuity planning.
ix. Awareness and training.
x. Physical security.
xi. Incident response.
e. Implement solutions per program.
f. Develop auditing and monitoring solutions per program.
g. Establish programs and metrics per programs.
Page 5 of 9
b. Assess goal accomplishments per program.
c. Carry out quarterly meetings with steering committee.
d. Develop improvement steps and integrate into plan and organize phase.
OPERATE AND
MAINTAIN
Page 6 of 9
TOP THREE THINGS TO DO TO STAY SAFE ONLINE
We will compare Cyber Security zone and non-cyber security practices.
To stay safe online:
1. Update system.
2. Use unique system.
3. Strong passcodes.
4. Password managers.
5. Check if HTPS is working.
6. Don’t share information.
7. Use antivirus.
8. Linux use.
9. Verified softwares.
10. Be suspicious of everything.
11. Visit only known websites.
12. Delete cookies.
13. Change passwords.
Cyber Security is an arm race between offensive and defensive capabilities.
However, most of the organizations are losing the battle as we want better technologies but less
security.
Majority of threats come from hackers, crackers and cyber criminals.
Hackers originally was a positive term to describe someone who kept hacking a problem until it
was done. But now, its someone who is out to cause mischief of the internet or a computer.
Type of Hackers:
1. White hacker- hacks for good e.g ethical hacker, penetration tester.
2. Black hat acker- a cyber-criminal.
3. Grey hat hacker-
Page 7 of 9
TYPES OF MALWARES
MALWARES
8. Phishing
a) Spear phishing – sends customized emails to a specific person.
b) Vishing – use of voice communication technology.
c) Firming – impersonation of a legitimate website in an effort to deceive users.
d) Whaling – Phishing attack that targets high profile in an organization E.g, CEO.
Page 8 of 9
9.Plug-ins- The flash and short-wave plug-ins and others enable development of interesting
graphics and cartoons hence the hackers will use the plug-ins to display or attack comps while
displaying images.
10. Search Engine Optimization (SEO) poisoning – A technique used to improve web tracking
by search engine while many legitimate companies specialize in optimizing websites, SEO
poisoning is used to make a malicious website appear higher in search results.
11. Browser Hijacker – A malware that alters a computer browser setting to redirect the users to
websites played for by cyber criminals.
12. Social engineering – A complete non-technical means of a criminal to gather information of a
target.
13. Pretexting – When an attacker calls an individual and lies to them in attempt to gain access to
privileged data.
14. Something for something – Attacker request personal information from a target in exchange
of a gift.
15. Shoulder surfing and dumpster diving – Refers to picking of pins, access codes and credit
cards where an attacker is in close proximity with his victim.
16. Impersonation & Hoaxes – Imitation.
17. Piggybacaiging
18. Online trickery.
Page 9 of 9