5. IT Security
Also known as cybersecurity, is a
specialized field focused on
protecting computer systems,
networks, data, and information
from unauthorized access, attacks,
damage, and disruptions
6. The CIA Triad
Is a foundational model used in
information security to guide the
design and implementation of
security measures.
The triad consists of three core
principles that represent the
goals and objectives of
information security:
7. The Core CIA Triad
1. Confidentiality: Ensures that information is accessible only to
authorized individuals or entities. Confidentiality aims to prevent
unauthorized access, disclosure, or exposure of sensitive
information.
2. Integrity: Integrity refers to the accuracy, consistency, and
reliability of data and information. It involves protecting data from
unauthorized modification, alteration, or tampering. Maintaining
data integrity ensures that information remains accurate and
trustworthy.
3. Availability: Availability concerns the accessibility and usability of
data and services when needed. It involves preventing
disruptions, downtime, or denial of access to authorized users.
8. CIA Triad Extended…
Authenticity
4.Ensuring that
information
comes from a
reliable and
trustworthy
source, and
that its origin
can be verified.
Digital
signatures and
public key
infrastructure
(PKI) help
establish
authenticity.
Non-Repudiation
5. This principle
prevents
individuals from
denying their
involvement in
a transaction or
action. It
ensures that
both sender
and receiver
cannot deny
their
participation in
a
communication
or transaction.
Accountability
6. Holding
individuals or
entities
responsible for
their actions
within an
information
system.
Logging,
auditing, and
access controls
contribute to
establishing
accountability.
Privacy
7.Safeguarding
individuals'
personal
information
and ensuring
compliance
with privacy
laws and
regulations.
10. Risk: refers to the potential for
harm, damage, loss, or negative
impact that could result from the
exploitation of vulnerabilities by
threats. In simpler terms, it's the
possibility of something going
wrong in the digital realm that
could lead to adverse
consequences.
Exploit: refers to a piece of code,
software, or technique that takes
advantage of a vulnerability or
weakness in a computer system,
software application, or network
to compromise its security.
Vulnerability: refers to a weakness,
flaw, or gap in the security
measures of a system, software
application, network, or process
that could potentially be
exploited by threats to
compromise the system's
confidentiality, integrity, or
availability. Vulnerabilities can
arise from various factors,
including software bugs, design
flaws, misconfigurations, or even
human errors during development
or maintenance.
11. Firewall
A firewall is a network security device or
software application that acts as a barrier
between a trusted internal network and
untrusted external networks, such as the
internet.
Its primary function is to monitor and
control incoming and outgoing network
traffic based on predetermined security
rules.
12. Attack:
refers to a deliberate, unauthorized,
and malicious attempt to exploit
vulnerabilities in a system, network,
application, or process with the
intention of compromising security,
stealing data, causing damage, or
disrupting normal operations. Attacks
are carried out by individuals or
groups known as threat actors,
attackers, or hackers.
Types of Attack:
• Intrusion
• Blocking
• Malware
Threat:
refers to any potential danger,
risk, or negative event that
could exploit vulnerabilities in a
system, network, application,
or process to cause harm or
compromise the security of
digital assets. Threats
encompass a wide range of
malicious activities and events
that pose risks to the
confidentiality, integrity, and
availability of data and
systems.
13. Intrusion
Also known as hacking, is gaining
unauthorize access to or penetrating
into a computer system, network, or
application by an individual, group, or
software with malicious intent. An
intrusion involves bypassing security.
Social Engineering Intrusion:
Attackers manipulate human behavior to deceive
individuals into revealing sensitive information or
performing actions that compromise security.
15. Insider Intrusion:
Authorized individuals within
an organization misuse their
privileges to gain
unauthorized access or
compromise data.
Password Guessing and
Cracking:
Attackers attempt to guess
or crack passwords to gain
unauthorized access to
systems or accounts.
16. Insider Intrusion:
Authorized individuals within an
organization misuse their privileges to
gain unauthorized access or
compromise data.
Password Guessing and Cracking:
Attackers attempt to guess or crack
passwords to gain unauthorized
access to systems or accounts.
shoulder surfing:
is a type of social engineering
technique used to obtain information
such as personal identification
numbers (PINs), passwords and other
confidential data by looking over the
victim's shoulder.
17. Insider Intrusion:
Authorized individuals within an
organization misuse their privileges to
gain unauthorized access or
compromise data.
Password Guessing and Cracking:
Attackers attempt to guess or crack
passwords to gain unauthorized
access to systems or accounts.
shoulder surfing:
is a type of social engineering
technique used to obtain information
such as personal identification
numbers (PINs), passwords and other
confidential data by looking over the
victim's shoulder.
Phishing Intrusion:
Attackers trick individuals into
revealing sensitive information or
clicking on malicious links through
fraudulent emails or messages.
18. Zero-Day Exploit
Intrusion
Man-in-the-
Middle (MitM)
Attacks
Brute Force
Attacks
Attackers exploit
vulnerabilities that are
unknown to the
vendor and
unpatched.
Attackers intercept and
potentially alter
communication between two
parties, often without either
party realizing their
communication is
compromised.
Attackers attempt to gain
unauthorized access by
systematically trying all
possible combinations of
passwords until they find
the correct one..
19. Blocking
Attacks that are meant to prevent
authorized access to information or
resources are generally referred to as
"Denial of Service" (DoS) attacks.
These attacks are designed to disrupt
the availability of systems, networks,
or services, making them inaccessible
to legitimate users.
20. Traditional DoS Attack: In a traditional DoS attack, the
attacker overwhelms a target system or network with an
excessive amount of traffic. This flood of traffic consumes
the target's resources, such as bandwidth, processing
power, or memory, causing the system to become slow or
unresponsive.
Distributed DoS (DDoS) Attack: In a DDoS attack, the
attacker uses a network of compromised computers
(botnet) to flood the target with traffic. This distributed
approach makes DDoS attacks even more powerful and
difficult to mitigate.
Flood Attacks: Attackers send a large number of requests
or packets to a target, saturating its capacity and causing it
to become unresponsive.
Forms of Blocking attacks
21. short for "malicious software," refers to any
type of software or code specifically
designed to harm, exploit, or compromise
computer systems, networks, or devices.
Malware is typically created with malicious
intent and can take various forms, including
viruses, worms, Trojans, spyware, adware,
ransomware, and more. Its primary goal is to
gain unauthorized access to or control over a
system, steal sensitive information, disrupt
normal operations, or extort users for
financial gain.
Malware
22. Viruses: These are programs that infect legitimate files and spread when
those files are executed. They can attach themselves to other software
and replicate when that software is run.
Worms: Worms are self-replicating malware that can spread
independently without attaching themselves to other files. They often
exploit security vulnerabilities in networks to propagate quickly.
Trojans: Trojans disguise themselves as legitimate software but contain
malicious code. They often trick users into running them by appearing
as useful or harmless applications.
Spyware: This type of malware is designed to secretly collect
information about a user's online activities, such as browsing habits,
passwords, and personal information.
Adware: Adware displays unwanted advertisements to users. While not
always inherently harmful, it can be considered malware when it
disrupts the user experience or collects data without consent.
23. Ransomware: Ransomware encrypts a victim's files or locks them out of
their own system until a ransom is paid to the attacker. It has become a
significant threat in recent years.
Keyloggers: Keyloggers record the keystrokes of a user, allowing
attackers to capture sensitive information like passwords and credit card
details.
Botnets: A botnet is a network of infected computers, known as "bots,"
that are controlled by a central command server. Botnets are often used
for distributed denial-of-service (DDoS) attacks or spam distribution.
Rootkits: Rootkits are designed to hide their presence and activities on a
system, often granting unauthorized access to attackers while remaining
undetected by regular security measures.
Malvertising: This involves spreading malware through online
advertisements. Attackers might inject malicious code into legitimate ads,
causing them to deliver malware to users' devices.
25. Against Intrusion
1. Strong Authentication: Implement multi-factor authentication (MFA) to add
an extra layer of security to user accounts, making it harder for unauthorized
users to gain access.
2. Firewalls: Set up firewalls to monitor and control incoming and outgoing
network traffic. Network firewalls can block unauthorized access attempts.
3. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS):
Use IDS and IPS to monitor network traffic for suspicious patterns or
behavior and take action to prevent unauthorized access.
4. Regular Security Audits: Conduct regular security audits to identify
vulnerabilities and weaknesses in systems and applications.
5. Patching and Updates: Keep all software, operating systems, and
applications up to date with the latest security patches to minimize known
vulnerabilities.
6. Employee Training: Train employees on cybersecurity best practices, such as
identifying phishing emails and avoiding clicking on suspicious links.
26. 1. Strong passwords are based on a
descriptive phrase or sentence that's easy
for you to remember and hard for someone
else to guess—like the first letters in words
that make up a favorite title or song, the
first letters of words in a sentence about
something you did—and include a
combination of letters, numbers, and
symbols. For example,
“I went to Western Elementary School for grade
3” could be used to build a password like:
Iw2We$t4g3.
1. Moderate passwords are passwords
that are strong and not easy for
malicious software to guess, but
could be guessed by someone who
knows you (for example,
IwenttoWestern).
2. Weak passwords commonly use
personal information like a pet’s
name, are easy to crack, and can be
guessed by someone who knows
you (for example, “IloveBuddy” or
“Ilikechocolate”).
Guidelines for creating strong passwords
27. Dos
• Use a different password for each of your important accounts.
• Use at least eight characters. The longer the better (as long as
you can remember it!).
• Use combinations of letters (uppercase and lowercase),
numbers, and symbols.
• Make your passwords memorable so you don’t need to write
them down, which would be risky.
• Immediately change your password if you think someone else
knows it (besides a parent or guardian).
• Change your passwords every now and then.
• Always use strong screenlocks on your devices. Set your devices
to automatically lock in case they end up in the wrong hands.
• Consider using a password manager, such as one built into your
browser, to remember your passwords. This way you can use a
unique password for each of your accounts and not have to
remember them all
Don’ts
• Donʼt use personal information (name, address,
email, phone number, Social Security number,
motherʼs maiden name, birth dates or even a pet’s
name, etc.) in your password.
• Donʼt use a password thatʼs easy to guess, like your
nickname, chocolate, just the name of your school,
favorite sports team, a string of numbers (like
123456), etc. And definitely don’t use the word
‘password”!
• Donʼt share your password with anyone other than
your parent or guardian.
• Never write passwords down where someone can
find them.
Guidelines for creating strong passwords
28. Against Blocking
1. Traffic Filtering: Use traffic filtering mechanisms to identify and
block malicious traffic that could be part of a denial of service
attack.
2. Rate Limiting: Implement rate limiting to restrict the number of
requests coming from a single IP address, preventing a single
source from overwhelming the system.
3. Content Delivery Networks (CDNs): Employ CDNs to distribute
web traffic across multiple servers, reducing the impact of a single
point of failure in a denial of service attack.
4. DDoS Mitigation Services: Subscribe to DDoS mitigation services
that can detect and absorb or redirect malicious traffic during an
attack.
5. Load Balancing: Use load balancers to evenly distribute incoming
traffic across multiple servers, preventing overload on any one
server.
29. Against Malware
1. Antivirus and Antimalware Software: Install reputable
antivirus and antimalware software to detect and remove
malicious software from your systems.
2. Regular Scans: Schedule regular scans of systems and
devices to identify and remove any malware that might be
present.
3. Email Filtering: Use email filtering to block or quarantine
emails containing known malware attachments or links.
4. Software Whitelisting: Implement software whitelisting to
only allow approved applications to run on systems,
preventing the execution of unauthorized or malicious
software.
5. User Permissions: Assign appropriate user permissions to
restrict the execution of files and applications to authorized
users only.
6. Backup and Recovery: Regularly back up critical data and
systems, so in case of a malware infection, you can restore
your systems to a clean state.
32. Share with Care
Protecting yourself, your information and
your privacy online
• When not to share
• Keeping it private
• That’s not what I meant!
• Frame it
• Who is this person anyway?
• How do others see us online?
33. Don’t Fall
for Fake
• Popups, catfishing and other scams
• Who’s this ‘talking’ to me?
• Is that really true?
• Spotting untrustworthy information
• If we were a search engine
• Practicing Internet search
34. Secure Your
Secrets
• But that wasn’t me!
• How to build a great password
• Keep it to yourself Lesson
35. It’s Cool to Be
Kind
• Noticing feelings Lesson
• Practicing empathy Lesson
• Your kindness gram Lesson
• Ways to show kindness Lesson
• From negative to nice Lesson
• About your tone Lesson
• How words can change the whole picture
36. When in Doubt,
Talk It Out
• What does it mean to be brave?
• From bystanders to helpers
• Helpers have options!
• Seeing upsetting stuff: What do I do?
• Upsetting stuff online: What do I do?
• What to do about mean stuff on screens
• Handling mean behavior online
• When to get help
• Report it online, too
37. Thank you for your
attention!
For more information, visit
www.zoa-international.com
38.
39. We are here for our neighbours in need,
who are suffering in this broken world.
We are here for victims of conflict and disasters,
who are seeking comfort, shelter and food.
We are here for those who have lost everything,
and are in danger of losing heart.
We help people meet their immediate needs,
providing food, clothing and access to clean water.
We give communities a voice,
restoring dignity and promoting choice.
We remain faithful communities as they recover,
helping them to get back on their feet.
We are here. We are ZOA.
www.zoa-international.com