SlideShare a Scribd company logo

Information Security Basics.pptx

Download as PPTX, PDF
Ron Price
Ron Price

An introduction to the concepts of Information security.

Education
1 of 18
INFORMATION SECURITY BASICS IS165 – Networking Fundamentals
CYBER SECURITY THREAT OR RISK 1. Human Nature 2. Malware 3. Phishing Attacks and Social Engineering 4. Formjacking 5. Inadequate Patch Management 6. Outdated Hardware and Software 7. Man-in-the-Middle Attacks
HUMAN NATURE • Capital One recently had more than 100 million customer accounts compromised in a data breach. But, not by a random hacker or even an employee. • Capital One uses Amazon Web Services (AWS) for their cloud hosting and a former AWS employee exploited a misconfigured firewall to gain access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, plus an undisclosed number of people’s names, addresses, credit scores, credit limits, balances, and other information. • Capital One expects to face $100-150 million in costs, including customer notifications, credit monitoring, tech costs, and legal support due. • Not to mention any potential company stock value losses.
MALWARE • Center for Internet Security
PHISHING ATTACKS AND SOCIAL ENGINEERING • Phishing is a fraudulent attempt to elicit sensitive information from a victim in order to perform some type of action. • Phishing comes in many forms: • General phishing • Spear phishing • CEO fraud • Smishing • Vishing • Clone phishing • Domain spoofing • URL phishing • Watering hole phishing • Evil twin phishing
• Social Engineering
FORMJACKING • British Airways formjacking attack resulted in more than 380,000 credit cards being stolen at an estimated loss of $17 million, plus £183 million fine levied by the EU for the lack of GDPR compliance. • Attackers injected malicious JavaScript code onto Ticketmaster’s website after compromising the chatbot used for customer support on Ticketmaster websites. The attackers altered the JS code to capture payment card data from customers and send it to their servers. The malicious code may have been on the Ticketmaster website for almost a year.
INADEQUATE PATCH MANAGEMENT • EternalBlue is an exploit allegedly developed by NSA. • It exploits Microsoft vulnerabilities and led to worldwide attacks that included the Petya and WannaCry ransomware. • Microsoft released patches for EternalBlue, but many organizations didn’t apply the patch and remained vulnerable or they were using old systems past their end-of-life period. • The National Healthcare System (NHS) in the UK had thousands of appointments and surgeries cancelled, which cost NHS more than £100 million. • Two years after the WannaCry attacks, EternalBlue continues to impact systems around the world.
OUTDATED SYSTEMS • Data breaches and other security incidents result from outdated or unpatched technologies. • Equifax’s 2017 data breach that exploited a patchable vulnerability that wasn’t patched is an example.
MAN-IN-THE-MIDDLE ATTACKS • A notable example of a MitM attack occurred when a group of agents from Russia’s GRU tried to hack into the office of the Organization for the Prohibition of Chemical Weapons. • They used a Wi-Fi spoofing device to try to get the results of an investigation. • The attack failed, but evidences that no one — not even governments — are exempt from being MitM attack targets.
THREATS • A Threat is a negative event that can lead to an undesired outcome, such as damage to, or loss of, an asset. • Threats become dangerous because of a vulnerability in a system. • Threat is used interchangeably with both Attack and Threat Actor, and is often substituted for a Danger.
THREAT ACTORS • Threat Actors are the person, actor, entity, or organization that is initiating a given scenario, such as a hack attempt. • Threat Actors include: • Hacktivists • Cybercriminals • Disgruntled insiders • Nation States • Careless employees • Nature
VULNERABILITIES • Vulnerabilities are weaknesses in a system that make threats possible. • A Vulnerability is a weakness exploited by a Threat Actor to do Harm. • Examples of Vulnerabilities include: • Lack of proper building access control • Cross-site Scripting (XSS) • SQL Injection • Cleartext transmission of sensitive data • Failure to check authorization to sensitive resources • Failure to encrypt sensitive data at rest
RISK • A Risk is the chance that something bad may happen including the Harm if it does happen. • The result of combining Probability and Impact: risk = probability x impact
SUMMARY • A Threat is a negative scenario you want to avoid • A Threat Actor is the agent that makes a Threat happen • A Vulnerability is a weakness that can be exploited in order to attack you • A Risk is a negative scenario you want to avoid, combined with its probability and its impact • The difference between a Threat and a Risk is a Threat is a negative event by itself, where a Risk is the negative event combined with its probability and its impact.

Recommended

HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...
HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...
HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...
Matthew J McMahon
 
Zero Trust.pptx
Zero Trust.pptxZero Trust.pptx
Zero Trust.pptx
ThavaselviMunusamy1
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
Chuck Brooks
 
Brooks18
Brooks18Brooks18
Brooks18
Chuck Brooks
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
Kabul Education University
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 

Recommended

HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...
HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...
HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...
Matthew J McMahon
 
Zero Trust.pptx
Zero Trust.pptxZero Trust.pptx
Zero Trust.pptx
ThavaselviMunusamy1
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
Chuck Brooks
 
Brooks18
Brooks18Brooks18
Brooks18
Chuck Brooks
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
Kabul Education University
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
File000119
File000119File000119
File000119
Desmond Devendran
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
David J Rosenthal
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
CIONET
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
MsVaishaliKumar
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
parveen837153
 
Vulenerability Management.pptx
Vulenerability Management.pptxVulenerability Management.pptx
Vulenerability Management.pptx
ThavaselviMunusamy1
 
Information & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. onlineInformation & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. online
SumanPramanik7
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber security
SumanPramanik7
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
Sebastien Deleersnyder
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
DevOps.com
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
John Donahue
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Hiren Selani
 
3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptx
SubhadipDutta36
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
imanuelantoniussohir
 
Lecture 3.pptx
Lecture 3.pptxLecture 3.pptx
Lecture 3.pptx
MuhammadRehan856177
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
L007 Managing System Security (2016)
L007 Managing System Security (2016)L007 Managing System Security (2016)
L007 Managing System Security (2016)
Jan Wong
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
MJDuyan
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
Nbelano25
 

More Related Content

Similar to Information Security Basics.pptx

20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
CIONET
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
DevOps.com
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 

Similar to Information Security Basics.pptx (20)

File000119
File000119File000119
File000119
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Vulenerability Management.pptx
Vulenerability Management.pptxVulenerability Management.pptx
Vulenerability Management.pptx
 
Information & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. onlineInformation & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. online
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber security
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptx
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
 
Lecture 3.pptx
Lecture 3.pptxLecture 3.pptx
Lecture 3.pptx
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
 
L007 Managing System Security (2016)
L007 Managing System Security (2016)L007 Managing System Security (2016)
L007 Managing System Security (2016)
 

Recently uploaded

Recently uploaded (20)

Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptx
 
Economic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food AdditivesEconomic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food Additives
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Simple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfSimple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdf
 
Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17
 
Our Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdfOur Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdf
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of Play
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
PANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxPANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 

Information Security Basics.pptx

  • 1. INFORMATION SECURITY BASICS IS165 – Networking Fundamentals
  • 2.
  • 3.
  • 4. CYBER SECURITY THREAT OR RISK 1. Human Nature 2. Malware 3. Phishing Attacks and Social Engineering 4. Formjacking 5. Inadequate Patch Management 6. Outdated Hardware and Software 7. Man-in-the-Middle Attacks
  • 5. HUMAN NATURE • Capital One recently had more than 100 million customer accounts compromised in a data breach. But, not by a random hacker or even an employee. • Capital One uses Amazon Web Services (AWS) for their cloud hosting and a former AWS employee exploited a misconfigured firewall to gain access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, plus an undisclosed number of people’s names, addresses, credit scores, credit limits, balances, and other information. • Capital One expects to face $100-150 million in costs, including customer notifications, credit monitoring, tech costs, and legal support due. • Not to mention any potential company stock value losses.
  • 6. MALWARE • Center for Internet Security
  • 7. PHISHING ATTACKS AND SOCIAL ENGINEERING • Phishing is a fraudulent attempt to elicit sensitive information from a victim in order to perform some type of action. • Phishing comes in many forms: • General phishing • Spear phishing • CEO fraud • Smishing • Vishing • Clone phishing • Domain spoofing • URL phishing • Watering hole phishing • Evil twin phishing
  • 9. FORMJACKING • British Airways formjacking attack resulted in more than 380,000 credit cards being stolen at an estimated loss of $17 million, plus £183 million fine levied by the EU for the lack of GDPR compliance. • Attackers injected malicious JavaScript code onto Ticketmaster’s website after compromising the chatbot used for customer support on Ticketmaster websites. The attackers altered the JS code to capture payment card data from customers and send it to their servers. The malicious code may have been on the Ticketmaster website for almost a year.
  • 10.
  • 11. INADEQUATE PATCH MANAGEMENT • EternalBlue is an exploit allegedly developed by NSA. • It exploits Microsoft vulnerabilities and led to worldwide attacks that included the Petya and WannaCry ransomware. • Microsoft released patches for EternalBlue, but many organizations didn’t apply the patch and remained vulnerable or they were using old systems past their end-of-life period. • The National Healthcare System (NHS) in the UK had thousands of appointments and surgeries cancelled, which cost NHS more than £100 million. • Two years after the WannaCry attacks, EternalBlue continues to impact systems around the world.
  • 12. OUTDATED SYSTEMS • Data breaches and other security incidents result from outdated or unpatched technologies. • Equifax’s 2017 data breach that exploited a patchable vulnerability that wasn’t patched is an example.
  • 13. MAN-IN-THE-MIDDLE ATTACKS • A notable example of a MitM attack occurred when a group of agents from Russia’s GRU tried to hack into the office of the Organization for the Prohibition of Chemical Weapons. • They used a Wi-Fi spoofing device to try to get the results of an investigation. • The attack failed, but evidences that no one — not even governments — are exempt from being MitM attack targets.
  • 14. THREATS • A Threat is a negative event that can lead to an undesired outcome, such as damage to, or loss of, an asset. • Threats become dangerous because of a vulnerability in a system. • Threat is used interchangeably with both Attack and Threat Actor, and is often substituted for a Danger.
  • 15. THREAT ACTORS • Threat Actors are the person, actor, entity, or organization that is initiating a given scenario, such as a hack attempt. • Threat Actors include: • Hacktivists • Cybercriminals • Disgruntled insiders • Nation States • Careless employees • Nature
  • 16. VULNERABILITIES • Vulnerabilities are weaknesses in a system that make threats possible. • A Vulnerability is a weakness exploited by a Threat Actor to do Harm. • Examples of Vulnerabilities include: • Lack of proper building access control • Cross-site Scripting (XSS) • SQL Injection • Cleartext transmission of sensitive data • Failure to check authorization to sensitive resources • Failure to encrypt sensitive data at rest
  • 17. RISK • A Risk is the chance that something bad may happen including the Harm if it does happen. • The result of combining Probability and Impact: risk = probability x impact
  • 18. SUMMARY • A Threat is a negative scenario you want to avoid • A Threat Actor is the agent that makes a Threat happen • A Vulnerability is a weakness that can be exploited in order to attack you • A Risk is a negative scenario you want to avoid, combined with its probability and its impact • The difference between a Threat and a Risk is a Threat is a negative event by itself, where a Risk is the negative event combined with its probability and its impact.