Professional Documents
Culture Documents
com, 07/26/2023
1
“ Ifcanyousolve
think technology
your security
problems, then you don’t
understand the problems
and you don’t understand “
the technology.
Bruce Schneier
2
ALL RIGHTS RESERVED.
Disclaimer
All the information in this book is to be used for informational and educational purposes
only. The author will not, in any way, account for any results that stem from the use of the
contents herein. While conscious and creative attempts have been made to ensure that all
information provided herein is as accurate and useful as possible, the author is not legally
bound to be responsible for any damage caused by the accuracy as well as the use/
misuse of this information.
5
The security of these server farms(and other IT infrastructure)
is paramount due to their importance to the overall operation.
The information they contain is extremely sensitive, which
makes them a prime target for cyberattacks. No matter what
measures are taken, there is always an inherent risk that
something might go wrong in today’s world.
6
In addition, the industry-wide adoption of new technologies
is increasing the difficulty in maintaining continuity across
various platforms.
7
TYPES OF CYBER ATTACKS
AND THREATS
8
Phishing: Phishing is an attack method in which the target
is duped into disclosing sensitive information (such as
passwords or bank details) by sending a message that
appears to have come from a trusted source.
9
Social engineering: The term “social engineering” refers
to psychological manipulation to fool others into providing
confidential information or taking other activities that could
harm security.
10
UNDERSTANDING MALWARE
AND VIRUS PROTECTION
11
There is a wide variety of antivirus programs to choose
from, some of which are free and others needing payment
for access to more advanced capabilities. A third party can
deliver and administer your antivirus software if you choose
to purchase it as a service.
12
Using strong, unique passwords: Passwords should be
complex and changed regularly to increase security and
reduce the risk of illegal access. An effective password is hard
to crack using a combination of guesswork and automated
software. It must be 8 characters long and contain letters,
numbers, and symbols. The chance of a security breach is
increased if the same password is used for many accounts;
thus, it’s crucial to use different passwords for each.
13
PROTECTING YOUR COMPUTER
AND NETWORK
14
Educate users: Users can be protected from malware
infestations if they are aware of their dangers and taught
proper precautions to take. Training on spotting and avoiding
phishing attempts, selecting secure passwords, and reporting
suspicious behavior are all examples of what this entails.
Computers and networks can be protected from cyber
attacks by following these measures.
15
SECURING YOUR
ONLINE ACCOUNTS
There are many important reasons why you should take steps
to protect your internet accounts:
16
Another instance is when a third party, such as a hacker,
gains access to your social media account and starts acting
in your name. Your reputation could be harmed, and you
can experience issues on a personal or professional level.
Passwords and two-factor authentication are two ways you
can help keep your accounts safe from hackers.
17
MANAGING PASSWORDS AND
OTHER SECURITY MEASURES
18
Invest in password management software: these programs
allow you to generate, save, and organize complex passwords.
Not only that, but it can also fill in login forms with random
information it generates.
19
SAFEGUARDING YOUR
PERSONAL INFORMATION
20
Protect your devices: Use strong passwords, lock them
while not using them, and install security software to prevent
malware from gaining access to your gadgets.
21
RESPONDING TO
CYBER ATTACKS
22
Review your security measures: After an attack has been
contained, it’s important to examine and bolster security
measures to stop similar attacks in the future. Some examples
of this are the use of security software, the implementation
of two-factor authentication, and the provision of employee
education on appropriate cybersecurity procedures.
23
KEEPING YOUR
SYSTEMS UP-TO-DATE
24
It is important to only get software from reliable sources and
to fully comprehend the license agreement before
installing it.
25
UNDERSTANDING FIREWALLS
AND NETWORK SECURITY
26
Knowing the different types of firewalls and how they
function is crucial. The simplest form of firewall is a packet
filter. Each data packet entering and leaving the network is
analyzed, and only those packets that meet predetermined
criteria are allowed via the firewall. Packet filters can be
configured to permit or disallow a specific category of data
transfer, and they can also be used to monitor data transfer
for malicious activities.
27
The term “network security” is used to describe the
precautions taken to safeguard a data network and its
constituent parts from intrusion, attack, and other forms of
malicious activity. Firewalls, antivirus software, and other
secure network protocols are only some of the security
measures that must be put in place.
28
SECURING YOUR
MOBILE DEVICES
29
Finally, exercise caution whenever downloading software.
Always check the app’s permission settings before installing
it, and stick to downloading from reputable sources only. If
an app needs access to a lot of your information or features,
it can be dangerous, and you should avoid it. In addition, you
should uninstall any programs that you aren’t using or that
raise red flags.
Following these simple steps, you may protect your mobile
device as much as possible. Keep in mind that there is no
such thing as perfect security and that you must be vigilant in
guarding your device against any threats.
30
PROTECTING YOURSELF FROM
SOCIAL ENGINEERING ATTACKS
31
Tailgating, in which attackers gain unauthorized entry to a
building or office, is another prevalent strategy. Tailgaters are
known to stalk employees inside a building and then utilize
their access to break into the network or steal confidential
information. To prevent tailgating attacks, it is important to
keep an eye on who is coming and going to the building and
secure all doors while no one is present.
32
Be cautious when clicking links or downloading
attachments: It’s important to exercise caution when
opening attachments or clicking on links in messages, as they
could contain malware.
Last but not least, make sure you’re keeping up with your
online hygiene. Protect yourself from malware and other
online threats by keeping your devices up-to-date with
the latest security patches and using antivirus software. In
addition, you should never hand out personal information
over the phone or online without first checking the source,
use strong passwords, and steer clear of dubious links.
If you follow these steps, you will be able to safeguard your
information and prevent social engineering attacks.
33
UNDERSTANDING
ENCRYPTION AND ITS
ROLE IN CYBERSECURITY
34
The use of encryption is crucial in today’s world of
cyberspace. Personal information, usernames and passwords,
and financial details are all vulnerable to theft and misuse if
not encrypted. Encryption is a useful tool for securing
this info because it renders it illegible without the right
decryption key.
In order to encrypt data, the public key and the private key
are needed for asymmetric encryption. The public key is
used to encrypt the data, while the private key is needed to
decrypt it. This allows the sender to encrypt the data with the
receiver’s public key and the recipient to decrypt it with their
private key. However, asymmetric encryption is more secure
than symmetric encryption, but it can be time-consuming and
resource-intensive.
35
When it comes to preventing data breaches and illegal
access, encryption is a crucial component of cyber security.
While encryption is an important step toward data security, it
is important to remember that it is not a substitute for further
measures. In addition to using firewalls, antivirus software,
and strong passwords, it is important to take additional
precautions to safeguard the safety of your data online.
36
STAYING SAFE ON PUBLIC
WI-FI NETWORKS
37
HOW TO STAY SAFE ON PUBLIC WI-FI NETWORKS
If you must use a public Wi-Fi network, follow these safety
precautions:
38
UNDERSTANDING THE
IMPORTANCE OF
BACKING UP YOUR DATA
39
If you’re a home user, backing up your data is a must in
case of inadvertent deletions, hardware failure, or any other
calamity. In the event of a ransomware infection, you can
restore data from backups and avoid losing it forever.
TYPES OF BACKUP
Data backup strategies range in complexity and cost
according to data volume and available resources. Typical
forms of data protection include:
• What data to back up: Not all data has to be backed up;
thus, prioritizing which data is most crucial.
• How often to back up: The frequency of backups should
be determined by the significance and volatility of the
data being backed up.
• Where to store backups: Backups should be kept in a
safe place, like a fireproof safe or a secure offsite location.
Licensed to Pyae Sone, pyaesonewinpn@gmail.com, 07/26/2023
40
• How to test backups: To make sure your backups are
functioning properly, you should test them on a regular
basis.
41
UNDERSTANDING
CYBERSECURITY RISKS
FOR SMALL BUSINESSES
42
3. Poor Password Practices – Inadequate Password
Security Small firms are especially vulnerable because
of the prevalence of weak and readily guessed
passwords. Without secure passwords, a hacker can
obtain access to a company’s networks and data.
43
PROTECTING YOURSELF
FROM EMAIL SCAMS
AND PHISHING ATTACKS
Email scams and phishing attacks are on the rise along with
other forms of cybercrime; therefore, it is more necessary
than ever to take precautions against them. As technology
progresses, fraudsters become more skilled, making it
tougher to protect yourself against phishing emails and other
online threats.
44
Be cautious about clicking on links or downloading
attachments from people you don’t know. Be aware of
emails requesting sensitive information like your name,
address, or credit card details. Do not click on links or
download attachments in emails that look suspicious.
Last but not least, it’s crucial that you understand the
dangers of phishing and other email scams. Do not open any
attachments or click any links in emails that look suspicious.
In the event that someone you don’t know requests sensitive
information, such as bank details, it’s best to get in touch with
the organization or person in question first.
45
THE ROLE OF CYBER
INSURANCE IN CYBER SECURITY
46
Cyber insurance is a form of insurance designed to shield
policyholders from financial losses resulting from cyber
attacks and other forms of digital risk. It can reimburse you
for things like the price of recovering from a cyber attack,
the cost of legal representation, and the revenue you lose
because your business had to shut down.
47
The financial impact of a cyber assault can be mitigated with
cyber insurance, which also provides important security for
businesses.
48
LEARNING ABOUT CYBER
SECURITY FOR HOME
AUTOMATION AND IOT DEVICES
49
Keeping up with the most recent security solutions, like
encryption, two-factor authentication, and safe network
setups, is just as vital as knowing the fundamentals of
cybersecurity. Being aware of how to set up and use
these solutions, as well as deal with cyber risks, is crucial.
50
UNDERSTANDING CYBER
SECURITY FOR CLOUD
COMPUTING
51
Update your software regularly: If you want to stay safe
and take advantage of the latest features, apply updates and
patches as soon as they become available.
52
PROTECTING YOUR PRIVACY
ON SOCIAL MEDIA
53
ALWAYS CHECK YOUR PRIVACY SETTINGS
54
CYBER SECURITY FOR
REMOTE WORKERS
55
4. Provide security training: As remote workers are
generally accountable for their own cyber security
measures, it is crucial that they receive security training.
It’s crucial to equip remote workers with knowledge
about current security threats like phishing and to train
them on how to use such safeguards.
56
UNDERSTANDING CYBER
SECURITY FOR CRYPTOCURRENCY
AND BLOCKCHAIN
57
Users must also be cautious of phishing fraud. In a phishing
scam, a fraudster poses as a reputable business, like a
bitcoin exchange or wallet, and contacts the victim via email
or text message. The message typically requests sensitive
information such as usernames and passwords or directs the
recipient to a malicious website. To avoid falling victim to
phishing scams, be cautious of any emails or texts that seem
odd, and always verify the sender before providing
any personal information.
58
CYBER SECURITY FOR
TRAVELERS
59
Activate two-factor authentication on all of your online
accounts,and bring your two-factor authentication
codes with you wherever you go.
60
THE FUTURE OF CYBER SECURITY
AND EMERGING TRENDS
But what does the future of cyber security look like? What
trends are emerging in the cybersecurity industry? Let’s take
a look.
61
3. Risk Management: organizations are making plans to
manage risks in an effort to foresee and lessen the
impact of any adverse events. Security mechanisms like
firewalls, intrusion detection systems, and virus
detection systems are examples of this.
62
UNDERSTANDING THE ROLE
OF GOVERNMENTS IN
CYBERSECURITY
63
The government must have a role in cyber security by
supplying adequate cash, manpower, and technical expertise
so that businesses and individuals can safeguard their
networks and data. Governments should collaborate with
private sector partners and other interested parties to
guarantee that businesses and individuals have access to
adequate security resources and information.
64
THE ETHICS OF
CYBER SECURITY
65
The moral ramifications of a company’s security measures
are equally important to think about. It is imperative that
they take the necessary precautions to guarantee that their
systems are safe against intrusion. Moreover, they need to
watch out for any signs of system vulnerability or abuse.
Last but not least, businesses must think about the moral
consequences of Internet use. They need to watch out for
doing anything unethical or unlawful, such as hacking or
stealing someone else’s identity. In addition, they should
avoid doing anything that could be regarded as unethical,
such as spamming or phishing.
66
CYBER SECURITY RESOURCES
AND FURTHER READING
Keep yourself and your data safe from online risks by making
use of these tools to learn more about cyber security.
Licensed to Pyae Sone, pyaesonewinpn@gmail.com, 07/26/2023
67
CONCLUSION
68
REFERENCES
• (FedTech 2017) Why Agencies Need to Protect Their Endpoints, and Not Just
Their NetworksFedTech Magazine (2017). Discussion of the need for endpoint
security and why protecting users from hackers while they use smartphones,
tablets, and other mobile devices in the field is critical to secure networks from
cybersecurity attacks. https://fedtechmagazine.com/article/2017/06/why-
agencies-need-protect-their-endpoints-and-not-just-their-networks
• (Wright 2017) Preparing for Compliance with the General Data Protection
Regulation (GDPR) A Technology Guide for Security PractitionersWright, Benjamin
(2017). PDF. Sans Institute (aka Escal Institute of Advanced Technologies).
• ATE Centers and National Science Foundation. (n.d.). ATE Centers Impact
Report. Retrieved from http://www.atecenters.org/wp-content/uploads/PDF/
ATEIMPACT_2016-17.pdf
69
• AUSTRALIA’S CYBER SECURITY STRATEGY Enabling innovation, growth &
prosperity [PDF]. (n.d.). Retrieved from https://cybersecuritystrategy.pmc.gov.
au/assets/img/PMC-Cyber-Strategy.pdf
• Baltimore Cyber Range and Cyberbit Open New Cybersecurity Training and
Simulation Center. (2017, August 3). Retrieved from https://www.cyberbit.com
• Bessen, J. (2014, August 25). Employers Aren’t Just Whining – the “Skills Gap”
is Real. Harvard Business Review. Retrieved from https://hbr.org/2014/08/
employers-arent-just-whining-the-skills-gap-is-real
• Best in Class Strategies for Entry-Level Employee Retention Prepared for 100K
[PDF]. (2016, October). FSG Reimagining Social Change. Retrieved from https://
www.100kopportunities.org/2016/10/14/best-in-class-strategies-for-entry-level-
employee-retention/
• Best Places to Work for Cyber Ninjas. (2017, May). Retrieved from https://www.
sans.org/best-places-to-work-for-cyber-ninjas?ref=195285
• Bojanova, I., Vaulx, F., Zettsu, K., Simmon, E., Sowe, S. (2016, January 21).
Cyber-Physical-Human Systems Putting People in the Loop. IT Professional.
Retrieved from http://ieeexplore.ieee.org/document/7389271/
70
• Carlini, J. (2017, August 06). Preparing for Nanokrieg: Electronic Wars
Being Won and Lost in Microseconds. Retrieved from https://intpolicydigest.
org/2016/07/08/preparing-for-nanokrieg-electronic-wars-being-won-and-lost-in-
microseconds/
• Carlini, J. (2016, April 30). Nanokrieg: The Next Trillion Dollar War | @CloudExpo
#Cloud #Security. Retrieved from http://cloudcomputing.sys-con.com/
node/3778655
• Carsen, D. (2017, July 31). High School Students Track Real Cybercriminals
at UAB. Retrieved from https://news.wbhm.org/feature/2017/high-school-
students-track-real-cybercriminals-uab/
• Clabaugh, J. (2017, June 22). The right stuff: DC area companies ready to
hire, struggle to fill IT jobs. WTOP. Retrieved from http://wtop.com/business-
finance/2017/06/the-right-stuff-dc-area-companies-struggle-to-fill-it-jobs-more-
to-open/
• Collegiate Sub Working Group. (2017, July 10). Retrieved from https://www.
nist.gov/itl/applied-cybersecurity/nice/about/working-group/collegiate-sub-
working-group
71
• Communications Security, Reliability and Interoperability Council. (2017). Final
Report- Cybersecurity Workforce Development Best Practices Recommendations.
Retrieved from https://www.fcc.gov/files/csric5-wg7-finalreport031517pdf
• Competitions Sub Working Group. (2017, July 10). Retrieved from https://www.
nist.gov/itl/applied-cybersecurity/nice/about/working-group/competitions-sub-
working-group
• Concanon, K., Williams, R., Feehan, D., Uvin, J., Yudin, M., Foster, D., … Monje,
C. (2016). Federal Partnership regarding career pathways [PDF letter]. Retrieved
from https://careerpathways.workforcegps.org/~/media/WorkforceGPS/
careerpathways/Files/Career%20Pathways%20Joint%20Letter%202016.pdf
• Conklin, W., Cline, R., & Roosa, T. (2014, March 10). Re-engineering
Cybersecurity Education in the US: An Analysis of the Critical Factors. Retrieved
from http://ieeexplore.ieee.org/document/6758852/
72
Licensed to Pyae Sone, pyaesonewinpn@gmail.com, 07/26/2023
73
Powered by TCPDF (www.tcpdf.org)