WELCOME TO

THE ‘DIGICYBER’ RENAISSANCE

USHERING A NOVEL AGE OF TECHNOLOGICAL ADVANCES & BREAKTHROUGHS IN
COMPUTING SCIENCE, DIGITAL TECHNOLOGY
 "DIGICYBER RENAISSANCE"
THE REAL-LIFE APPLICATION OF CYBERSECURITY SKILLS
TO PROTECT ONE'S COMPUTER NETWORK, DEVICES, ASSETS, INCOME, REPUTATION & LEGACY
 CYBERSECURITY

Cybersecurity Real-
Life Applicable Skills
Cybersecurity
Awareness &
Mindset

Information Security
 PART 1: CYBER RENAISSANCE-
CURRICULUM

Cybersecurity Computer &

Social Media Best
Awareness Mobile Device
Practices
Training Hardening

Phishing Handling Sensitive

Common Threats
Awareness Information

CIA Security Triads:

Physical Security As Adopting The Zero-
Confidentiality –
A Component Of Trust Security
Integrity –
Cybersecurity Principle
Availability

Interactive Q&A Free Resources

 WHY SHOULD WE HAVE AWARENESS OF CYBERSECURITY?

Cybersecurity awareness helps you understand how

to:
• Secure Your Devices, Networks, Servers, Applications, Physical Locations
• Protect Your Personal Information
• Detect and Respond To Cyber Threats
• Leverage Phishing Counter-Measure Training For Organizational Leadership &
End-users
 CYBERSECURITY AWARENESS PART 1
Educate yourself on cybersecurity terms, threats,
trends, techniques, policies, industry certifications, get
familiar with OSINT (open-source intelligence:
resources will be provided:
https://www.comparitech.com/net-admin/osint-tools/)
Verify the message (investigate the message
source/rational/content/consequences/implications),
Report the message, Follow policies, Practice Zero-Trust
Policy, and know Cybersecurity Frameworks from the
National Institute of Standards & Technology (NIST)
Be suspicious of ALLmessages (question everything and
scrutinizing the sources of every knowledge and
information presented to you)
NIST SP 800-53: Access Control-Audit and Accountability-
Awareness and Training-Configuration Management-
Contingency Planning-Identification and Authentication-
Incident Response-Maintenance-Media Protection-
Personnel Security-Physical and Environmental
Protection-Planning-Program Management-Risk
Assessment-Security Assessment-Authorization-System
and Communications Protection-System and Information
Integrity-System and Services Aquisition
CYBERSECURITY AWARENESS PART 2

Be Perspicacious (in every

Stay up-to-date on world
situation: determine and analyze
events, hacking related media
the details), Go slow (don't rush
coverage (YouTube Channels, TV
to conclusions or blindly accept
shows, movies, documentaries,
status-quo or assumption of
news outlet)
others),

Study and abide by specific

standards and regulations such as
HIPAA, PCI DSS, FERPA, GDPR and
know the Cybersecurity
Frameworks from the National
Institute of Standards &
Technology (NIST CSF :- )
 WHAT IS COMPUTER AND MOBILE DEVICE HARDENING?

Installing and Installing and updating anti-virus and anti-malware software

updating

Enabling Enabling a firewall and configuring it to block incoming traffic

Installing Installing updates and patches for the operating system and other software
Computer and mobile device hardening is the
process of securing a device by reducing its attack Disabling Disabling unnecessary services and protocols
surface and making it more resistant to tampering
and unauthorized access. Encrypting Encrypting sensitive data

Creating Creating strong, unique passwords and enabling two-factor authentication

Restricting Restricting user access and permissions

Backing Backing up important data

 SOCIAL MEDIA BEST CYBERSECURITY PRACTICES
EXAMPLES: SHORTURL.AT/TXIK9

Use strong, unique passwords for all of Be cautious of clicking on links or Avoid sharing sensitive personal
your social media accounts and enable downloading attachments from information, such as your home address
two-factor authentication. unknown sources. or phone number.

Limit the amount of personal

Be mindful of what you post online, as Be careful of phishing scams and
information you include in your social
it can be used against you in the future. impersonation attempts.
media profiles.

Be aware of the privacy settings on Keep your computer and mobile device
Avoid using public Wi-Fi networks when
each platform you use and adjust them updated with the latest security
accessing your social media accounts.
accordingly. patches.

Use a VPN service when accessing your

social media accounts from public or
untrusted networks. We rec ommend
getting a
yearly BitDefender subscription(family
plan can vover up to 10 devices)
 COMMON CYBERSECURITY THREATS
Phishing attacks, where an
attacker poses as a trustworthy
entity in order to trick individuals
into providing sensitive
information.
Distributed Denial of Service
(DDoS) attacks, where an
attacker floods a website or
network with traffic in order
to make it unavailable to users.
Insider threats, where an
individual with authorized access
to a network uses that access to
steal or damage data.
Ransomware attacks, where an
attacker encrypts a victim's data
and demands a ransom payment
in exchange for the decryption
key.
Advanced Persistent Threats
(APTs), where an attacker gains
unauthorized access to a network
and remains undetected for an
extended period of time.
IoT Device vulnerabilities, many
devices are connected to the
internet, these devices can often
have vulnerabilities that can be
exploited to gain access to a
network.
Malware, including viruses,
worms, and Trojan horses, which
are malicious software designed
to damage or disrupt computer
systems.
Social engineering, where an
attacker manipulates individuals
into revealing sensitive
information or performing
actions that compromise
security.
Internet of Things (I.O.T) Devices
Examples: Ring Doorbell, Google
Home Voice Controller, Amazon
Echo Plus Voice Controller,
Amazon Dash Button, August
Doorbell Cam, August Smart
Lock, Kuri Mobile Robot
 PHISHING AWARENESS IN CYBERSECURITY

Definition:
Phishing is a type of cyber-attack where the attacker
poses as a legitimate entity to trick individuals into
providing sensitive information, such as login
credentials or financial data.
PHISHING AWARENESS IN CYBERSECURITY

Ways to Mitigate The Effects of Phishing:

• Keep your computer systems software up to date

• Don't click on suspicious links, this means you must train your mind to identify
suspicious links (hovering your mouse/cursor over any link usually reveals its
destination URL (Uniform Resource Locator). Practice with this example
below: https://preciouschannel.clickfunnels.com/provenframework

• Verify the URL before entering login information

• Use anti-virus software
• Use multi-factor authentication when possible.
 HANDLING SENSITIVE INFORMATION
GUIDE: SHORTURL.AT/ACDRO
NATIONAL SHORTURL.AT/CFNW2

Beware of labeling everything as

Identifying Sensitive Information: Protect any Handling Protected Data: Know the legal
sensitive. While security should be a top
information your company has that others requirements for handling sensitive
priority, it's also important to create a
should not have, and safeguard this data information. Know what legal statutes that
company culture where your employees have
against threats like data theft or leakage might affect how your company needs to treat
access to only the information they need to do
by enforcing cybersecurity! sensitive data.
their jobs.(Least Privilege Policy)

Communicate your business' expectations

Company offering financial services like
cashing checks or making loans, the Gramm-
Leach-Bliley Act requires them to protect all
nonpublic personal information, including
consumers' names, addresses, payment
history, or information obtained from
consumer reports.
clearly to employees: Make security an
integral part of your company culture. Give all
employees a handbook or brochure covering
your privacy expectations and their role in
information security during cybersecurity
training: Every member of any organization has
an important role in cybersecurity not just the
IT/Security department.
Train your employees to spot and avoid
phishing: Make sure all employees know not
to ever give out sensitive information over the
phone or through email. In addition, conduct
end-users counter-phishing
training.Mock phishing exercises & penetration
testing

Phishing calls and emails often claim to be

Treat all incoming emails or unknown callers
as suspicious, and recipients should carefully
check the domain that the email was sent
from and go the extra mile to verify the
authenticity of every correspondence
requesting information or any access to IT
resources.
from the IT Department, so make it clear that
your tech team will never ask for an
employees' username or password over the
phone or via email. Employees/Individuals who
receive calls from customers should have a
process for verifying a clients' info before
discussing any account information over the
phone or via email.
CIA SECURITY TRIADS:
CONFIDENTIALITY – INTEGRITY – AVAILABILITY

Foster • Foster a culture of security: Training individuals/employees in security

awareness. Leverage participation and accountability training to
motivate members to protect the organization.

Secure • Secure entry points: Invest in security gates and doors or require
access cards and deploy “smart locks”.

Use • Use surveillance cameras: Surveillance cameras can help

detect potential threats. Cameras also provide solid evidence
for forensic review after incidents.

Install • Install alarms: These devices are crucial security elements for warding
off intruders.

• Guard the server room & hardware locations: Businesses often

Guard maintain their data center in the room. So monitoring and even
securing access with security gates/access doors is especially
important.
 Establish A Solid Security Posture: Leveraging physical security to enhance your cybersecurity.

Know who is on your property or in your building at all times by leveraging surveillance cameras!
(360 Visibility)

Consider when and how the person(s) got in! (Interview the person to Identify Access Points Used
To Enter)

Ensure that the person(s) present in your building with public/private access are authorized to be
PHYSICAL SECURITY AS A there; this leads to safer environment. (Verify identity and access privilege)

COMPONENT OF Lock down all areas of the property or office that house sensitive information or equipment.
CYBERSECURITY
Implement a system auditable via logs for the few designated and trusted individuals. Ex: server
rooms or HR offices with employees’ personal information, financial/medical/educational records

Identify and classify your assets and resources (what to protect): Use a tool like Qualys and other
managements system to establish IT Asset & Vulnerabilities Management.

Identify plausible threats (who to protect our assets from=hackers, competitors, malicious insiders,
egregious strangers, overly curious individuals= Threat Assessment)

Know the plausible vulnerabilities that threats may exploit (The likelihood of holes in the defense
to be exploited = outdated software/hardware/operating systems/anti-virus = attack-surface)

Identify the expected cost if bad things occur (financial losses, reputational damage, existential
threat, compliance hiccups) = the consequences<-->Risk Assessment
 PHYSICAL SECURITY AS A COMPONENT
OF CYBERSECURITY
We understand physical security
risks. For example, an open door
increases the risk of
unauthorized people entering.
Valuable goods that are visible
could be taken easily.
Software can’t do anything if an
attacker physically infiltrate your
facility and removes hardware
from the storage room or
wherever it's plugged in. Thus,
physical security is of primordial
essence.
Human error and accidents may
Most cybersecurity solutions
cause harm to people, property,
concentrate on anti-malware
and devices important for
tools as well as firewall
cybersecurity(ex: Firewalls).
configurations and other data
Physical security is equally
security measures.
important as cybersecurity.
Establish A Solid Security
Physical security and
Posture in Every Environment
cybersecurity are closely
You Frequent & Foster a Culture
interrelated. We must leverage
of Security Amongst Your Peers,
both protect the physical and
Family, Co-workers, Business
digital assets of an organization.
Associates, etc.
 ADOPTING THE ZERO-TRUST SECURITY PRINCIPLE

Zero trust is NOT: Common Misconceptions & Myths

is NOT one product or technology, but a security framework

is NOT something to “buy” or “sell” but an opportunity to position a

solution within the framework.

is NOT a one-and-done project, but an ongoing effort towards

achieving better security.

Please Note:
Despite security innovations, risks have never been more impactful.

Too often, a single cybersecurity incident can represent an existential

threat to an organization’s future.
 ADOPTING THE ZERO-TRUST SECURITY PRINCIPLE
Zero-Trust Security Principle is

• Mild-definition: The strategic approach to security that centers on the

concept of eliminating implicit trust from an organization’s environment.
• Trust is neither binary nor permanent. We can no longer assume that
internal entities are trustworthy, or that they can be directly managed to
reduce security risks, we also cannot assume that checking them one
time is enough.
• The zero-trust model of security prompts you to question your
assumptions of trust at every access attempt, no matter where it comes
from.
• A zero-trust strategy deploys a “Never assume trust, always verify, and
apply least privileged access” policy for every connection request to
every corporate resource.
• Always verifying trust before granting access across your applications,
devices, and networks ensures that only those who should have access to
the information do.
 FREE
RESOURCES
https://preciouschannel.clickfunnels.com
/freeresources

THANK YOU
FOR TUNING IN!
SECREDKNOWLEDGEINC@GMAIL.COM
INTERACTIVE Q&A

THANK YOU
FOR TUNING IN!
SECREDKNOWLEDGEINC@GMAIL.COM
CREATINGHAPPYHUMANS@GMAIL.COM
518-954-4464 / 518-414-4821