Security Management

Module 6
Information Security
• Information security is the practice of protecting information by
mitigating information risks. It involves the protection of information
systems and the information processed, stored and transmitted by
these systems from unauthorized access, use, disclosure, disruption,
modification or destruction. This includes the protection of personal
information, financial information, and sensitive or confidential
information stored in both digital and physical forms. Effective
information security requires a comprehensive and multi-disciplinary
approach, involving people, processes, and technology.
• Information Security is not only about securing information from
unauthorized access.
• Information Security is basically the practice of preventing unauthorized
access, use, disclosure, disruption, modification, inspection, recording or
destruction of information.
• Information can be a physical or electronic one. Information can be
anything like Your details or we can say your profile on social media, your
data on mobile phone, your biometrics etc.
• Thus Information Security spans so many research areas like
Cryptography, Mobile Computing, Cyber Forensics, Online Social Media,
etc.
Types of Information Security
• Network security
This type of security encompasses the protection of computer networks against unauthorized access or misuse. Network security involves a
range of technologies, such as firewalls, intrusion detection/prevention systems, virtual private networks (VPNs), and secure protocols, to
ensure data confidentiality, integrity, and availability.
• Application security
Application security involves securing software applications from cyber threats, such as malware, SQL injection attacks, and cross-site
scripting (XSS). Application security solutions include secure coding practices, penetration testing, and vulnerability assessments.
• Data security
Data security is the practice of protecting sensitive data from unauthorized access, use, disclosure, or destruction. Data security involves a
range of technologies, such as encryption, access control, and backup and restore procedures, to ensure data confidentiality, integrity, and
availability.
• Endpoint security
Endpoint security focuses on protecting endpoints, such as laptops, desktops, servers, and mobile devices, from cyber threats. Traditional
endpoint security technologies include antivirus and anti-malware software and firewalls. Modern endpoint security includes advanced
solutions like endpoint detection and response (EDR) that can protect against zero-day threats.
• Mobile security
Mobile security refers to the protection of mobile devices, applications, and data from unauthorized access or exploitation. Mobile security
solutions include mobile device management (MDM) software, secure mobile application development, and secure communication protocols.
• Cloud security
Cloud security involves the protection of cloud-based data, applications, and infrastructure. It covers a variety of security concerns, including
data privacy, access control, threat management, and compliance.
• IoT security
IoT security involves securing the networks, devices, and data associated with the Internet of Things (IoT). IoT security covers a range of
security issues, including data privacy, access control, device authentication, and network security.
System Vulnerability & Abuse
System Vulnerabilities
• The weaknesses or defects in a system or network that can be used by
malevolent actors to obtain unauthorized access to the system or
network are known as system vulnerabilities. Vulnerabilities can be
present in a system’s hardware, software, or configuration and can be
brought on by a number of things, including out-of-date software,
weak passwords, a lack of security precautions, or unprotected
network connections. In order to stop hostile actors from taking
advantage of vulnerabilities in a system, it is crucial to routinely find
and fix these issues.
• Outdated Software: New vulnerabilities that are present might not have been discovered
during the development of software or operating systems. Thus, software needs to be
updated regularly with security patches to avoid malicious activities.
• Weak Passwords: Using weak passwords and the same password on multiple occasions
can reduce the likelihood of malicious actors gaining access to our system and private
information.
• Insufficient Security Measures: These involve setting up firewalls, antivirus software, and
VPNs to transfer data over the internet securely. Without taking proper security
measures, nobody is safe on the internet.
• Human Error: Sometimes small human mistakes, such as opening a spam URL or
downloading over an insecure network, can cause severe impact on the system and
network.
• System Complexity: A large system or network has lots of components involved, and
configuring each component can be a hassle for an administrator. So, during
configuration, certain aspects could be left unattended, which may cause a potential
opening for abuse of the system or network.
• Unsecure Network Connection: The network used inside must be encrypted and secured
with firewalls so that attackers cannot intercept the data transferred over the network.
• System Abuse
The use of computer systems, networks, and other electronic devices
without authorization or with the intention of doing harm to people or
organizations is referred to as system abuse. This can involve practices
like virus distribution, spamming, phishing, and hacking. Abuse of the
system has the potential to harm the impacted systems, compromise
critical data, or interfere with daily operations. People and
organizations should be aware of the possible dangers of system misuse
and take precautions to defend themselves and their systems against
such attacks.
• Unauthorized Access: This is the process of exploiting a system without authorization. This
is mostly done by exploiting system vulnerabilities and by using stolen credentials.
• Denial of Service: This involves flooding the computer resource network with high traffic
or requests so that the intended user may not gain access to the network. This causes the
intended system or network to slow down or crash.
• Malware: Software that is intended to harm a computer system or network is referred to
as “malware,” which is short for “malicious software.” Malware can appear as viruses,
worms, Trojan horses, ransomware, and spyware.

• Phishing: Phishing is a sort of cyberattack in which the perpetrator creates misleading

emails or websites to lure victims into disclosing private data, including login passwords or
financial information. In an attempt to acquire the victim’s personal information or login
credentials, the attacker may frequently create emails or websites that look like they are
coming from reputable businesses or organizations. The attacker can exploit the victim’s
information to access their accounts or take their sensitive information once they have
submitted it.
• Intellectual Property Theft: Unauthorized use or distribution of copyrighted or
proprietary content, including software or trade secrets, falls under this category of abuse.
Security Threats
• Information security threats and attacks are actions or events that can compromise the confidentiality, integrity, or availability of data
and systems. They can originate from various sources, such as individuals, groups, or even natural events. Here are some common
information security threats and attacks:

• Malware: Malicious software designed to infiltrate, damage, or disrupt systems. Malware includes viruses, worms, Trojans,
ransomware, and spyware. It can steal sensitive information, cause system downtime, or provide unauthorized access to attackers.
• Phishing: A social engineering attack where attackers deceive users into revealing sensitive information or executing malicious actions,
typically through fraudulent emails or messages that impersonate legitimate entities.
• Advanced persistent threats (APTs): Sophisticated, long-term cyberattacks, often state-sponsored, that target specific organizations or
governments to steal sensitive information or cause disruption.
• Zero-day exploits: Attacks that exploit previously unknown vulnerabilities in software or hardware, giving developers no time to create
patches or fixes.
• Insider threats: These involve employees, contractors, or partners with legitimate access to an organization's systems and data who
misuse their privileges, either intentionally or unintentionally, to cause harm or compromise security.
• Password attacks: Attackers attempt to gain unauthorized access by cracking user passwords through methods such as brute force,
dictionary attacks, or keylogging.
• Man-in-the-Middle (MitM) attacks: Attackers intercept communication between two parties, eavesdropping on, manipulating, or
injecting malicious data into the conversation without the parties' knowledge.
• Distributed Denial of Service (DDoS): A coordinated attack on a target system or network by overwhelming it with a flood of traffic,
rendering it inaccessible to legitimate users.
• Physical attacks: Unauthorized access, theft, or damage to physical assets, such as computer systems, servers, or storage devices, which
can lead to data loss or disruption of operations.
• Natural disasters: Events like floods, earthquakes, or fires that can cause physical damage to infrastructure, leading to data loss or
system downtime.
• Counter Measures for Security Threats
Use strong passwords
Strong passwords are vital to good online security. Make your password
difficult to guess by:
• using a combination of capital and lower-case letters, numbers and
symbols
• making it between eight and 12 characters long
• avoiding the use of personal data
• changing it regularly
• never using it for multiple accounts
• using two-factor authentication
Create a password policy for your business to help staff follow security
best practices. Look into different technology solutions to enforce your
password policy, eg scheduled password reset.
Control access to data and systems
Make sure that individuals can only access data and services for which they are authorised. For
example, you can:

• control physical access to premises and computers network

• restrict access to unauthorised users
• limit access to data or services through application controls
• restrict what can be copied from the system and saved to storage devices
• limit sending and receiving of certain types of email attachments
Modern operating systems and network software will help you to achieve most of this, but you
will need to manage the registration of users and user authentication systems - eg passwords.

Put up a firewall
Firewalls are effectively gatekeepers between your computer and the internet. They act as a
barrier to prevent the spread of cyber threats such as viruses and malware. It's important to set
up firewall devices properly and check them regularly to ensure their software/firmware is up to
date, or they may not be fully effective.
• Use security software
You should use security software, such as anti-spyware, anti-malware and anti-virus programs,
to help detect and remove malicious code if it slips into your network. See our detailed
guidance to help you detect spam, malware and virus attacks.
• Update programs and systems regularly
Updates contain vital security upgrades that help protect against known bugs and
vulnerabilities. Make sure that you keep your software and devices up-to-date to avoid falling
prey to criminals.
• Monitor for intrusion
You can use intrusion detectors to monitor systems and unusual network activity. If a detection
system suspects a potential security breach, it can generate an alarm, such as an email alert,
based on the type of activity it has identified. See more on cyber security breach detection.
• Raise awareness
Your employees have a responsibility to help keep your business secure. Make sure that they
understand their role and any relevant policies and procedures and provide them with regular
cyber security awareness and training. Read about insider threats in cyber security.
• You should also follow best practices defined in the government's Cyber Essentials scheme.
Cybercrime

• Cybercrime can be defined as “The illegal usage of any

communication device to commit or facilitate in committing any illegal
act”.
• A cybercrime is explained as a type of crime that targets or uses a
computer or a group of computers under one network for the
purpose of harm.
• Cybercrimes are committed using computers and computer networks.
They can be targeting individuals, business groups, or even
governments.
• Investigators tend to use various ways to investigate devices
suspected to be used or to be a target of a cybercrime.
Types of Cyber Crime
1. Phishing and Scam:
Phishing is a type of social engineering attack that targets the user and tricks them by sending fake messages
and emails to get sensitive information about the user or trying to download malicious software and exploit
it on the target system.
2. Identity Theft
Identity theft occurs when a cybercriminal uses another person’s personal data like credit card numbers or
personal pictures without their permission to commit a fraud or a crime.
3. Ransomware Attack
Ransomware attacks are a very common type of cybercrime. It is a type of malware that has the capability
to prevent users from accessing all of their personal data on the system by encrypting them and then asking
for a ransom in order to give access to the encrypted data.
4. Hacking/Misusing Computer Networks
This term refers to the crime of unauthorized access to private computers or networks and misuse of it
either by shutting it down or tampering with the data stored or other illegal approaches.
5. Internet Fraud
Internet fraud is a type of cybercrimes that makes use of the internet and it can be considered a general
term that groups all of the crimes that happen over the internet like spam, banking frauds, theft of service,
etc.
6. Cyber Bullying
It is also known as online or internet bullying. It includes sending or sharing harmful and humiliating content about
someone else which causes embarrassment and can be a reason for the occurrence of psychological problems. It
became very common lately, especially among teenagers.
7. Cyber Stalking
Cyberstalking can be defined as unwanted persistent content from someone targeting other individuals online with the
aim of controlling and intimidating like unwanted continued calls and messages.
8. Software Piracy
Software piracy is the illegal use or copy of paid software with violation of copyrights or license restrictions. An example
of software piracy is when you download a fresh non-activated copy of windows and use what is known as “Cracks” to
obtain a valid license for windows activation. This is considered software piracy. Not only software can be pirated but
also music, movies, or pictures.
9. Social Media Frauds
The use of social media fake accounts to perform any kind of harmful activities like impersonating other users or sending
intimidating or threatening messages. And one of the easiest and most common social media frauds is Email spam.
10. Online Drug Trafficking
With the big rise of cryptocurrency technology, it became easy to transfer money in a secured private way and complete
drug deals without drawing the attention of law enforcement. This led to a rise in drug marketing on the internet. Illegal
drugs such as cocaine, heroin, or marijuana are commonly sold and traded online, especially on what is known as the
"Dark Web".
11. Electronic Money Laundering
Also known as transaction laundering. It is based on unknown companies or online
business that makes approvable payment methods and credit card transactions but with
incomplete or inconsistent payment information for buying unknown products. It is by far
one of the most common and easy money laundering methods.
12. Cyber Extortion
Cyber extortion is the demand for money by cybercriminals to give back some important
data they've stolen or stop doing malicious activities such as denial of service attacks.
13. Intellectual-property Infringements
It is the violation or breach of any protected intellectual-property rights such as copyrights
and industrial design.
14. Online Recruitment Fraud
One of the less common cybercrimes that are also growing to become more popular is the
fake job opportunities released by fake companies for the purpose of obtaining a financial
benefit from applicants or even making use of their personal data.
 Cyber Security Tools
• Network security monitoring tools
These tools are used to analyze network data and detect network-based threats. Examples of tools include Argus, Nagios, Pof, Splunk, and OSSEC.
• Encryption tools
Encryption protects data by scrambling text so that it is unreadable to unauthorized users. Examples of tools include Tor, KeePass, VeraCrypt,
NordLocker, AxCrypt, and TrueCrypt.
• Web vulnerability scanning tools
These software programs scan web applications to identify security vulnerabilities including cross-site scripting, SQL injection, and path traversal.
Examples of tools include Burp Suite, Nikto, Paros Proxy, and SQLMap.
• Penetration testing
Penetration testing, also known as “pen test”, simulates an attack on a computer system in order to evaluate the security of that system. Examples
of penetration testing tools include Metasploit, Kali Linux, Netsparker, and Wireshark.
• Antivirus software
This software is designed to find viruses and other harmful malware, including ransomware, worms, spyware, adware, and Trojans. Examples of
tools include Norton 360, Bitdefender Antivirus, Norton AntiVirus, Kapersky Anti-Virus, and McAfee Total Protection.
• Network intrusion detection
An Intrusion Detection System (IDS) monitors network and system traffic for unusual or suspicious activity and notifies the administrator if a
potential threat is detected. Examples of tools include Snort, Security Onion, SolarWinds Security Event Manager, Kismet, and Zeek.
• Packet sniffers
A packet sniffer, also called a packet analyzer, protocol analyzer or network analyzer, is used to intercept, log, and analyze network traffic and data.
Examples of tools include Wireshark, Tcpdump, and Windump.
• Firewall tools
Top firewall security management suites include Tufin, AlgoSec, FireMon, and RedSeal.
• Managed detection services
• Managed detection services analyze and proactively detect and eventually eliminate cyber threats. Alerts are investigated to determine if any action is
required.