CSIS 273

Personal Computing for

Applied Sciences

Chapter 5
Cybersecurity

1
 Presentation on IT Fundamentals of Cyber
Security
• Introduction to cybersecurity tools and cyber attack
• Cybersecurity roles, processes and operating system
security
• Cybersecurity compliance, Framework and system
administration
• Network security and Database

2
 Content
• Introduction
• Categories of Cyber crime
• Types of Cyber crime
• Types of Security tools
• Advantage of Cybersecurity
• Safety tips to Cyber crime
• References
3
 Introduction
• The Internet is growing rapidly. There are two sides to a coin. Internet
also has it's own disadvantages is cyber-crime-illegal activity
committed on the Internet.
• Crime committed using a computer and the Internet to steal a
person’s identify or illegal imports or malicious programs. Cyber
crime is an activity done using computers and the internet.
• Cyber Security refers to the technologies and processes designed to
protect computers, networks, and data from unauthorized access and
attacks delivered via the internet by cyber criminals. Though, Cyber
Security is important for the network, data, and application security.
• The objective of Cyber Security is to establish rules and measure to
use against attacks over the internet. 4
WHAT IS CYBER SECURITY
• Cybersecurity is the protection of internet-connected
systems, including hardware, software, and data, from
cyberattacks.
• In a computing context, security comprises cybersecurity
and physical security– both are used by enterprises to
protect against unauthorized access centers and other
computerized systems.
• Information security, which is designed to maintain the
confidentiality, integrity and availability of data, is a subset
of cybersecurity.

5
 THE CIA TRIAD OF INFORMATION SECURITY
• Confidentiality: Ensures that data or an
information system is accessed by only an
authorized person.
• Integrity: Integrity assures that the data
or information system can be trusted..
Ensures that it is edited by only
authorized persons and remains in its
original state when at rest.
• Availability: Data and Information
systems are available when required.

6
SECURITY & PRIVACY
• Privacy relates to any • Security refers to how
rights you have to your personal
control your personal information is
information and how it protected.
is used.

7
 Categories of Cyber Crime
We can categorize cyber crime in two ways:

• The computer as a target: Using a computer to attack

other computer e.g. Hacking, Virus Etc…

• The computer as a weapon: Using a computer to

commit real world crime 2.g. credit card fraud etc…

8
 Types of Cyber Crime
• Hacking
• Phishing
• Denial of Service
• Spam Email
• Spyware
• Malware (Trojan, Virus, Worms. Etc..)
• ATM skimming and Point of Scale Crimes
• Ransomware 9
 Types of Cyber Crime
• Hacking
• Phishing
• Denial of Service
• Malware (Trojan, Virus, Worms. Etc..)
• Spyware
• ATM skimming and Point of Scale Crimes
• Ransomware
11
Hacking
• Hacking in simple terms means an
illegal intrusion into a computer
system and/or network.

• It is also known as cracking.

Government websites are the host
targets of the hackers due to the
press coverage, it receives.

12
Phishing
• Phishing is a fraudulent, fake, illegal
attempt, usually made through
email, to steal your personal
information

• Phishing is the attempt to obtain

sensitive information such as
username, password, and credit
card details, often for malicious
reasons through electronic
communication (such as Email). 13
Phishing (Cont)
• A common online phishing scam (or trick) starts with an email
message that appears to come from a trusted source
(legitimate source) but actually directs recipients to provide
information to a fraudulent Web Site.

14
Phishing (Cont)

15
Denial of Service
• This is an act by the criminal who floods the bandwidth of the
victims network.
• A DoS (denial-of-service) attack is a cyberattack that makes a
computer or other device unavailable to its intended users. This
is usually accomplished by overwhelming the targeted machine
with requests until normal traffic can no longer be processed.
With a DoS attack, a single computer launches the attack.
• DoS =When a single host attacks
• DDoS = when multiple hosts attack simultaneously and
continuously.
16
Denial of Service (Cont)

17
Malware
• It’s malicious software (such as Virus,
Worms, & Trojans), which specifically
deigned to corrupt, or damage
computer system or mobile networks.
• Hackers use malware for any number
of reasons such as extracting personal
information or passwords, stealing
money, or preventing owners from
accessing their device

18
Malware (Cont)
• Viruses are programs that attach themselves to a computer or a file and
then circulate themselves to other files and to other computers on a
network. They usually affect the data on a computer and mobile device
either by altering or deleting it.
• Worms unlike virus do not need the host to attach themselves.. They
merely make functional copies of themselves and do this repeatedly till
they wat all available space on the computer’s memory.
• Trojan is a type of ,malware that pretends to be something useful,
helpful, or fun while actually causing harm or stealing data. It can affect
you in places where you might not expect it, such as emails, and
downloads.
19
Spyware
• Spyware is a type of
malware that hackers use
to spy on you in order to
gain access to your
personal information,
banking details, or online
activity. We should
protect ourselves by
antispyware tool.
20
Adware
• Adware is a type of malware that bombards you with endless
ads, and pop-up windows that could potentially be dangerous
for your device. The best way to remove adware is to use an
adware removal tool.

21
Ransomware
• Ransomware is as scary as it sounds. Hackers use this technique
to lock you out of your devices and demand a ransom in return
for access. Ransomware puts you in a sticky situation, so it’s
bets to know how to avoid it.

22
ATM Skimming and Point
• It is a technique of compromising the ATM machine by installing
a skimming on top of the machine keypad to appear ass a
genuine keypad or a device made to be affixed to the card
reader to look like a part of the machine.

23
TYPES OF SECURITY TOOLS
• WireShark Demonstration
• Nmap demonstration
• Vulnerability assessment scanning tool

24
Vulnerability Assessment Scanning Tool
• The Vulnerability
Management Life Cycle is
intended to allow
organizations to identify
computer system security
weaknesses; prioritize assets;
assess, report, and remediate
the weaknesses; and verify
that they have been
eliminated.
25
Vulnerability assessment scanning tool
• In computer security, a vulnerability is a security flaw
or weakness that allows an intruder to reduce a
system’s information assurance.
• A vulnerability requires three elements: a system
weakness, an intruder’s access to the weakness, and
the intruder’s ability to exploit the weakness using a
tool or technique.

26
Steps in the Vulnerability Management Life Cycle
• The following
diagram
illustrates the
steps in the
Vulnerability
Management Life
Cycle.

27
Steps in the Vulnerability Management Life Cycle
(cont)
• The steps in the Vulnerability Management Life Cycle are
described below.
• Discover: Inventory all assets across the network and identify
host details including operating system and open services to
identify vulnerabilities. Identify security vulnerabilities on a
regular automated schedule.
• Prioritize Assets: Categorize assets into groups or business units.
• Assess: Determine a baseline risk profile so you can eliminate
risks based on asset criticality, vulnerability threat, and asset
classification.
28
Steps in the Vulnerability Management Life Cycle
(cont)
• Report: Measure the level of business risk associated with your
assets according to your security policies. Document a security
plan, monitor suspicious activity, and describe known
vulnerabilities.
• Remediate: Prioritize and fix vulnerabilities in order according to
business risk. Establish controls and demonstrate progress.
• Verify: Verify that threats have been eliminated through follow-
up audits.

29
Nessus
• Nessus is a vulnerability assessment scanning tool.
• It is a remote security scanning tool, which can scan a
computer and raises an alert if it discovers any
vulnerabilities that malicious hackers could use to gain
access to any computer you have connected to a
network.

30
WireShark Demonstration
• WireShark is a network packet
analyzer.
• It is a free and open source
packet analyzer.
• It is used for network
troubleshooting, analysis,
software and communications
protocol development, and
education.

31
Nmap Demonstration
• Network Mapper is a free and
open source utility for network
discovery and security auditing.

32
Nmap Demonstration (Cont)
Uses of Wireshark:
Wireshark can be used in the following ways:
• It is used by network security engineers to examine security problems.
• It allows the users to watch all the traffic being passed over the network.
• It is used by network engineers to troubleshoot network issues.
• It also helps to troubleshoot latency issues and malicious activities on
your network. (Troubleshooting is the process of systematically testing for
finding and fixing problems).
• It can also analyze dropped packets.
• It helps us to know how all the devices like laptop, mobile phones,
desktop, switch, routers, etc., communicate in a local network or the rest
of the world.
33
ADVANTAGES OF CYBERSECURITY
• Valuable Information protection
• Evade loss of crucial data
• Risk mitigation (i.e the permeant reduction of the
risk of disaster)
• Privacy of customer and employee is ensured
• Recovery time is improved

34
SAFETY TIPS to CYBER CRIME

35
SAFETY TIPS to CYBER CRIME

36
SAFETY TIPS to CYBER CRIME

37
 SAFETY TIPS to CYBER CRIME
The NIST CYBERSECURITY FRAMEWORK

38
 SAFETY TIPS to CYBER CRIME
The NIST CYBERSECURITY FRAMEWORK (Cont)

39
 SAFETY TIPS to CYBER CRIME
The NIST CYBERSECURITY FRAMEWORK (Cont)

40
PHYSICAL SECURITY

41
PHYSICAL SECURITY

42
PHYSICAL SECURITY

43
PHYSICAL SECURITY

44
PHYSICAL SECURITY

45
References
• https://www.ftc.gov/system/files/attachments/cybersecurity-small-
business/cybersecuirty_sb_factsheets_all.pdf
• https://heimdalsecurity.com/pdf/cyber_security_for_beginners_eboo
k.pdf
• https://www.uou.ac.in/sites/default/files/slm/Introduction-cyber-
security.pdf

46