Module 1 :Introduction to Cyber Security

what is cybersecurity?
• Cybersecurity is the ability to protect or
defend
Cyberspace from an attacks – (National
Institutes of Standards Technology –NIST)
• Cyber attack – an attack for disrupting,
disabling, destroying or maliciously controlling
a computer environment/infrastructure; or
destroying the integrity of the data or stealing
controlled information
What is cyberspace?
▪ Cyberspace is where online
communication happens. If
you've spent time chatting
with friends on the Internet,
you've been in cyberspace.
▪ Cyberspace is a world of
information through the
internet.
▪ It can be said that anything
that is done via the use of
internet,
occurs within the confines of
the cyberspace
Why does cybersecuritymatter?

• Cybersecurity is involved every

time we touch a computer or a computing device
• Your cyber hygiene affects others
• Cyber security is a shared responsibility
 Why CybersecurityTraining?
• Status of the office
• We already have:
• Management Controls
• Technical Controls
• Operational Controls
• We need:
• Human Controls
Who are the victims of cyber attacks?
• Businesses
• Government
• Financial Institutions
• Energy Companies
• Educational Institutions
• Media outlets
• You
What do we stand to lose?

• Money
• Reputation
• Personal information
Who are theattackers?

• Hackers
• Cyber criminals
• Cyber spies
▪ 76 Chinese Hackers Arrested in Runda
• Nation-States
• Malicious Insiders
• Hacktivists – hackers with political motives
• Script Kiddies
 How are theyattacking?
• Network attack (Denial of service; man-in-the middle
attack; Brute force attack etc)
• Malware Distribution – malicious software: (through
emails; infected documents; websites; QR codes;
Crypto-locker)
• Social Engineering -psychological manipulation of
people to divulge confidential information
• Data theft
 Who are ourdefenders?
• ICT Team
• Security Vendors – firewalls, antivirus, Intrusion monitors and
detections
• ICT Hardware/Software manufacturers
• The Government – laws, policies, prosecutions etc
• You, the User
What are weprotecting?
 What is informationsystems

• A computer information system is

a system composed of people and
computers that processes or
interprets information.
• The software used to run a
computerized database or to refer
to only a computer system.
Computer-Based Information Systems
Quality information needs to possess the following attributes:

❖Without data and the ability to process it, an

organization could not successfully complete most
business activities
 The Value ofInformation
• Value of information is directly linked to how it helps
decision makers achieve their organization’s goals
• For example, value of information might be measured
in:
• Time required to make a decision
• Increased profits to the company
security VS Safety
Security: We must protect our
computers and data in the same way
that we secure the doors to our homes.
Safety: We must behave in ways that
protect us against risks and threats that
come with technology.
• Virus - A virus attaches itself to a program, file, or disk
• Worm - Worms are more sophisticated viruses that can replicate
automatically and send themselves to other computers by first taking
control of certain software programs on your PC, such as email.
• Trojan Horse / Logic Bomb
• Phishing –acquire sensitive information such as usernames,
passwords, and credit card details often for malicious reasons, by
masquerading as a trustworthy entity
• Social Engineering
LOOMING THREATS
• Cloud services
• Ransomware
• Spear phishing - is an email that appears to be from
an individual or business that you know.
• The Internet of Things