Cyber

Security

Ramiro Cid | @ramirocid

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

Index

1. Cyber security definition Page 3

2. Vulnerabilities Page 4
3. Social engineering and human error Page 6
4. Financial cost of security breaches Page 7
5. Computer protection Page 8
6. The cyber security job market Page 13

2
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
 Cyber Security definition

Cybersecurity, also known as “IT security” or “Computer security” is information security applied to
computing devices such as servers, computers and mobile devices (as smartphones, tablets), etc.,
as well as computer networks such as private and public networks, including the whole Internet.

The field covers all the processes and mechanisms by which digital equipment, information and
services are protected from unintended or unauthorized access, change or destruction, and is of
growing importance in line with the increasing reliance on computer systems of most societies
worldwide.

The 3 principles of Information,

confidentiality, integrity and disponibility are protected
by Cybersecurity.

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 Vulnerabilities

To understand the techniques for securing a computer system, it is important to first understand the
various types of "attacks" that can be made against it.
These threats can typically be classified into one of the 6 categories below:

a) Denial-of-service attack: Attackers can deny service to individual victims, such as by

deliberately entering a wrong password enough consecutive times to cause the victim account to
be locked, or they may overload the capabilities of a machine or network and block all users at
once.

b) Backdoors: A backdoor in a computer system, a cryptosystem or an algorithm, is a method

of bypassing normal authentication, securing remote access to a computer, obtaining access
to plaintext, and so on, while attempting to remain undetected.

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 Vulnerabilities

c) Exploits: An exploit is a piece of software, a chunk of data, or sequence of commands that take
advantage of a software "bug" or "glitch" in order to cause unintended or unanticipated behavior
to occur on computer software, hardware, or something electronic (usually computerized).

d) Direct access attacks: Someone who has gained access to a computer can install different
types of devices to compromise security, including operating system modifications, software
worms, key loggers, and covert listening devices. The attacker can also easily download large
quantities of data.

e) Eavesdropping: Is the act of surreptitiously listening to a private conversation, typically between

hosts on a network.

f) Indirect attacks: is an attack launched by a third-party computer. By using someone else's

computer to launch an attack, it becomes far more difficult to track down the actual attacker.

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 Social engineering and human error

“…A computer system is no more secure than the persons responsible for its operation…”

Malicious individuals have regularly penetrated well-designed, secure computer systems by taking
advantage of the carelessness of trusted individuals, or by deliberately deceiving them, for example
sending messages that they are the system administrator and asking for passwords. This deception
is known as social engineering.

The main target is to convince the user by means of psychological ways to disclose his or her
personal information such as passwords, card numbers, etc. by, for example, impersonating the
services company or the bank.

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 Financial cost of security breaches

Serious financial damage has been caused by security breaches, but because there is no standard
model for estimating the cost of an incident, the only data available is that which is made public by
the organizations involved. Several computer security consulting firms produce estimates of total
worldwide losses attributable to virus and worm attacks and to hostile digital acts in general.

Insecurities in operating systems have led to a massive black market for rogue software. An attacker
can use a security hole to install software that tricks the user into buying a product.

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 Computer protection

1. Security and systems design:

Although there are many aspects to take into consideration when designing a computer system,
security can prove to be very important.

2. Security measures:
A state of computer "security" is the conceptual ideal, attained by the use of the three processes:
threat prevention, detection, and response. These processes are based on various policies and
system components, which include the following:

a. User account access controls and cryptography

b. Firewalls
c. Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs)
d. "Response" is necessarily defined by the assessed security requirements of an individual system
and may cover the range from simple upgrade of protections to notification of legal authorities,
counter- attacks, etc.

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 Computer protection

3. Difficulty with response:

Responding forcefully to attempted security breaches (in the manner that one would for attempted
physical security breaches) is often very difficult for a variety of reasons:

a. Identifying attackers is difficult, as they are often in a different jurisdiction to the systems they attempt to
breach, and operate through proxies, temporary anonymous dial-up accounts, wireless connections, and
other anonym sing procedures which make backtracking difficult and are often located in yet another
jurisdiction.

b. The sheer number of attempted attacks is so large that organizations cannot spend time pursuing
each attacker.

c. Law enforcement officers are often unfamiliar with information technology, and so lack the skills and interest in
pursuing attackers.

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 Computer protection

4. Reducing vulnerabilities:

Computer code is regarded by some as a form of mathematics. It is theoretically possible to prove

the correctness of certain classes of computer programs, though the feasibility of actually achieving
this in large-scale practical systems is regarded as small by some with practical experience in the
industry.

5. Security by design:

Security by design, or alternately secure by design, means that the software has been designed from
the ground up to be secure. In this case, security is considered as a main feature.

6. Security architecture:

The Open Security Architecture organization defines IT security architecture as "the design artifacts
that describe how the security controls are positioned, and how they relate to the overall information
technology architecture. These controls serve the purpose to maintain the system's quality attributes:
confidentiality, integrity, availability, accountability and assurance services".

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 Computer protection

7. Hardware protection mechanisms

While hardware may be a source of insecurity, such as with microchip vulnerabilities maliciously
introduced during the manufacturing process, hardware-based or assisted computer security also
offers an alternative to software-only computer security. Using devices and methods such as
dongles, trusted platform modules, intrusion-aware cases, drive locks, disabling USB ports, and
mobile-enabled access may be considered more secure due to the physical access (or sophisticated
backdoor access) required in order to be compromised.

8. Secure operating systems

One use of the term "computer security" refers to technology that is used to implement secure
operating systems. Much of this technology is based on science developed in the 1980s and used to
produce what may be some of the most impenetrable operating systems ever. Though still valid, the
technology is in limited use today, primarily because it imposes some changes to system
management and also because it is not widely understood.

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 Computer protection

9. Secure coding

If the operating environment is not based on a secure operating system capable of maintaining a
domain for its own execution, and capable of protecting application code from malicious subversion,
and capable of protecting the system from subverted code, then high degrees of security are
understandably not possible

10. Capabilities and access control lists

Within computer systems, two security models capable of enforcing privilege separation are access
control lists (ACLs) and capability-based security. Using ACLs to confine programs has been proven
to be insecure in many situations, such as if the host computer can be tricked into indirectly allowing
restricted file access, an issue known as the confused deputy problem

11. Hacking back

There has been a significant debate regarding the legality of hacking back against digital attackers
(who attempt to or successfully breach an individual's, entity's, or nation's computer).

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 The cyber security job market

Cyber Security is a fast-growing field of IT concerned with reducing organizations'risk of hack

or data breach.

Commercial, government and non-governmental all employ cybersecurity professional, but the use
of the term "cybersecurity" is government job descriptions is more prevalent than in non-government
job descriptions, in part due to government "cybersecurity" initiatives (as opposed to corporation's "IT
security" initiatives) and the establishment of government institutions like the US Cyber Command
and the UK Defence Cyber Operations Group.

Typical cyber security job titles and descriptions include: (see next slide)

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 The cyber security job market

a) Chief Information Security Officer:

A high-level management position responsible for the entire information security division/staff. The
position may include hands-on technical work.

b) Security Engineer:

Performs security monitoring, security and data/logs analysis, and forensic analysis, to detect
security incidents, and mounts incident response. Investigates and utilizes new technologies and
processes to enhance security capabilities and implement improvements. May also review code or
perform other security engineering methodologies.

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 The cyber security job market

c) Security Analyst:

Analyzes and assesses vulnerabilities in the infrastructure (software, hardware, networks),

investigates available tools and countermeasures to remedy the detected vulnerabilities, and
recommends solutions and best practices. Analyzes and assesses damage to the data/infrastructure
as a result of security incidents, examines available recovery tools and processes, and recommends
solutions. Tests for compliance with security policies and procedures. May assist in the creation,
implementation, and/or management of security solutions.

d) Security Architect:

Designs a security system or major components of a security system, and may head a security
design team building a new security system.

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 The cyber security job market

e) Security Administrator:

Installs and manages organization-wide security systems. May also take on some of the tasks of a
security analyst in smaller organizations.

f) Security Consultant/Specialist:

Broad titles that encompass any one or all of the other roles/titles, tasked with protecting computers,
networks, software, data, and/or information systems against viruses, worms, spyware, malware,
intrusion detection, unauthorized access, denial-of-service attacks, and an ever increasing list of
attacks by hackers acting as individuals or as part of organized crime or foreign governments.

Student programs are also available to people interested in beginning a career in cybersecurity.

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

 Sources used and webs to expand
knowledge
❖ “What is Cyber Security?” | UMUC
URL: http://www.umuc.edu/cybersecurity/about/cybersecurity-basics.cfm

❖“IT Security Review: Privacy, Protection, Access Control, Assurance and System Security” | SERSC
URL: http://www.sersc.org/journals/IJMUE/vol2_no2_2007/2.pdf

❖“Protect Myself from Cyber Attacks” | Homeland Security

URL: http://www.dhs.gov/how-do-i/protect-myself-cyber-attacks

❖ “5 Ways To Protect Yourself From Cyber Attacks” |

Forbes
URL:
http://www.forbes.com/sites/realspin/2014/02/07/5-ways-to-prot
ect-yourself-from-cyber-attacks/

❖ Wikipedia | URL:
http://en.wikipedia.org/wiki/Computer_security

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid

Questions ?

Many thanks !
Ramiro Cid
CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL

ramiro@ramirocid.com

http://www.linkedin.com/in/ramirocid http://ramirocid.com
@ramirocid http://www.youtube.com/user/cidramiro
http://es.slideshare.net/ramirocid

ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid