Professional Documents
Culture Documents
Cybersec
Cybersec
Malware:
1) Virus - computer program that resides inside another program which seems to be
harmless
2) Worms - self sustaining computer program which replicates itself
3) Trojan Horse - computer program resides in any downloadable content
4) Ransomware - malicious code which encrypts the victim's data and threaten to pay
ransom
5) Spyware - software to gather information about a target person / org and send it
back to the attacker
Attacks:
6) Phishing - mail with malicious hyperlinks
7) DDoS - affects the availability of the systems to the legitimate users. achieved
by bombarding the host machine with false request which overload the host machine
resulting in denial of service to genuine users
8) Botnet - automated software which performs repetitive tasks, botnet is a
collection of devices which is controlled by the hacker (zombies)
9) Backdoor - way of accessing a s/w or h/w of the system w/o being detected
10) AO and IOT based attacks - hacking IOT devices ( camera etc)
Human
Application Software
Hosts
Network
Information
Information:
Who/What makes this layer
->Electronic information
-> Information in physical form
-> Data in transit
Risk:
-> Leak
-> Tampering
-> Delete
Security Controls
-> Device Encryption (eg: Bitlocker)
-> Communication Encryption (eg: SSL/TLS)
Network
Who/What makes this layer
Domain Network
Network Devices
Risk
-> Intruison
-> denial of SErvice
Security Controls
-> Firewall
-> IDS/IPS
-> DDos scrubbing service
Hosts
Who/What makes this layer
-> Desktop/Laptops/DEvices
-> OS,VM
-> System software, container
Risk
-> Social Engineering
-> Phishing
-> Unnecessary Access
Security Controls
-> Training Awareness
-> Background verification
Human
Who/What makes this layer
-> Employee
-> Customer
-> Contractors
Risk
-> Social Engineering
-> Phishing
-> Unnecessary access
Security Control
-> Training and Awareness
-> Background Verification