Professional Documents
Culture Documents
Cyber Security Cca
Cyber Security Cca
security
TA N AYA K E T K A R
F Y B C O M B AT C H 2
RO L L N O 2 6 5
What is cyber security???
Cyber Security involves the practice of implementing multiple layers of
security and protection against digital attacks across computers, devices,
systems, and networks. Usually, organizations have a system and a
framework in place for how they tackle attempted or successful cyberattacks.
A good framework can help detect and identify threats, protect networks and
systems, and recover in case any attack was successful.
Why is cyber security important???
Cyber security is important because government, military, corporate, financial, and medical
organizations collect, process, and store unprecedented amounts of data on computers and
other devices. A significant portion of that data can be sensitive information, whether that
be intellectual property, financial data, personal information, or other types of data for
which unauthorized access or exposure could have negative consequences. Organizations
transmit sensitive data across networks and to other devices in the course of doing
business, and cyber security describes the discipline dedicated to protecting that
information and the systems used to process or store it. As the volume and sophistication of
cyber attacks grow, companies and organizations, especially those that are tasked with
safeguarding information relating to national security, health, or financial records, need to
take steps to protect their sensitive business and personnel information. As early as March
2013, the nation’s top intelligence officials cautioned that cyber attacks and digital spying
are the top threat to national security, eclipsing even terrorism.
What are different Types of Cyber Threats
Cyber threats are malicious activities that seek to disrupt digital life in general by stealing data and
misusing it. These activities may include the unauthorized accessing, changing, or destroying of
sensitive information, money extortion, or process interruptions.
Let’s discuss the different types of cyber threats that exist:
SQL Injection-SQL injection involves inserting a malicious code into a server that uses SQL and
allows the attacker to intervene with queries. This web security vulnerability can be as simple
as entering the code into an unprotected website search box. The infection causes the server to
release sensitive information.
Scale of Cyber Security Threats
Both cyber-defense tactics and cyber security threats are evolving in an attempt to outdo one another.
As a result, there is a growth of malicious software and threats in new forms that constantly need
protection against. Any individual or organization that uses any form of network is equally vulnerable
to such attacks and is a potential target.
There are three different types of cyber security threats that one needs to be aware of:
1.Cybercrime: Committed by one or more individuals who target systems for financial gain or to cause
havoc
3.Cyberattacks: Often carried out for political reasons and aimed at collecting and/or distributing
sensitive data
Types of cybersecurity
1. Database and
3. Application 4. Information
Infrastructure 2. Network Security
Security Security
Security
8. Identity
6. Data Loss 7. End-user
5. Cloud Security Management and
Prevention Education
Access Control
10. Disaster
Recovery or
9. Mobile Security
Business Continuity
Planning
Types of cybersecurity (continued)
1. Database and Infrastructure Security-Considering the fact that everything in a network includes physical
equipment and databases, securing these devices is vital. Database and infrastructure security is for
these cyber-physical systems, which may include even water purification systems and electricity grids.
2.Network Security-Network security covers numerous technologies, devices, and processes. It involves a
designed set of rules and configurations implemented for the protection of the confidentiality, integrity, and
accessibility of networks and data.Network security is intended to protect internal networks from attackers
by securing the infrastructure. The implementation of new, strong passwords and two-factor authentication
(2FA) are perfect examples of network security.
3. Application Security-Application security uses software and hardware for the protection and security
against threats that may crop up during the development stage of an application. For example, firewalls,
antivirus programs, encryption, etc. are kinds of application security.
4. Information Security-Information security or InfoSec helps in preventing unauthorized access, disruption,
disclosure, misuse, modification, inspection, destruction, recording, or any other kind of malintent involving
sensitive data or information.Information security is typically built around three objectives—CIA
(confidentiality, integrity, and availability)—and aims to protect both physical and digital information in any
form.
5. Cloud Security-Cloud security refers to the technologies, services, controls, and policies that aim to
provide protection for cloud data, infrastructure, and applications from cyber threats and attacks. It helps to
do away with any risks that are associated with on-premises attacks by constantly protecting and
monitoring the data in the cloud.
6. Data Loss Prevention-Data loss prevention focuses on coming up with processes and policies designed to
prevent and handle data loss, as well as recovery policies as a countermeasure for successful Cyber Security
breaches. Data loss prevention involves having network permissions and policies in place for data storage.
Types of cybersecurity (continued)
7.End-user Education-End-user education is the process of educating and training users about the best
security practices and safety measures (e.g., not to click on unknown links, not to download
suspicious attachments received in emails, etc.) to avoid letting in malware or other malicious
software. A good end-user security training program can help enhance the security in an organization
when done properly. The training should be in a language and at a technical level that can be
understood and followed by everyone.
8.Identity Management and Access Control-Identity management and access control can be crucial
components in a security architecture, and it basically involves the management of access to
enterprise resources. This is a good measure that can ensure the security of systems and data. This
type of security helps in the verification of users’ identities before granting them access to the
systems and sharing information with them.
9.Mobile Security-Mobile security, also known as wireless security, is the protection that is in place for
smartphones, laptops, tablets, and other portable devices and the networks they are connected to
from the threats and risks that are involved in wireless computing.
10. Disaster Recovery or Business Continuity Planning-Disaster recovery is the process of resuming
business after a disruptive event. Business continuity planning, on the other hand, ensures that
enterprises can keep running the business and capitalize not only after small disruptions but also in
the event of bigger disasters. Because of their many common considerations, the two terms are often
mentioned under the acronym BC/DR.All BC/DR plans are mapped out to help employees
communicate and go about doing their jobs in the event of an attack. The details of a BC/DR plan may
vary depending on the size, scope, and workings of the company. Also, it is crucial to understand that
physical, HR, and IT plans cannot be developed independently of each other in this case.
Challenges of Cyber Security
The biggest challenge faced by companies in Cyber Security is
the implementation of effective cybersecurity measures due to
the ever-evolving nature of risks. It is as if there are more
devices than people in this world today, and attackers are
becoming more and more creative.
Organizations and the government’s security endeavors taken
for only the most crucial system components have proved to be
insufficient with more advanced and evolved threats on the
loose. Thus, there is a necessity for organizations to adopt more
proactive and adaptive approaches to Cyber Security.
Unlike the traditional approach, the National Institute of
Standards and Technology (NIST) recommends a shift toward
real-time assessments and continuous monitoring, thus making
security more data-oriented.
Cyber Safety Tips and Best Practices and Cyber Security Tools
Cyber defense technology is not the only component that makes up a strong Cyber Security system. It
also relies heavily on people making smart choices. The following cyber security tips will help
increase your cyber safety knowledge:
Cyber Security tools consist of various apps and solutions that are used to mitigate risks and
safeguard sensitive information from cyber threats. Examples of some of the widely used tools are:
•Wireshark ,Web security,Nmap,Metasploit,Ncat,Entersoft Insights.Aircrack-ng,Nikto
Conclusion
Sound Cyber Security measures when implemented
in conjunction with an educated and informed
user base make up the best defense against cyber
threats. One can always start small, focusing on
the most valuable assets, and eventually scale the
efforts as the Cyber Security program matures.
The only way to battle malicious threats and
attacks is to let the security programs evolve so
that they can fight the advancing and newest
threats head-on or, at the best, prevent these types
of attacks from being a success in the first place.