SlideShare a Scribd company logo

Cyber-Security-Unit-1.pptx

•Download as PPTX, PDF•
•
T
TikdiPatel

intro of cyber security

Engineering
1 of 42
Cyber Security Subject Code:-102045607 Unit-1 Introduction
Largest economy in world • USA • China
Importance of Cyber Security “The only system which is truly secure is one which is switched off and unplugged, locked in a titanium safe, buried in a solid bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it.” - Professor Gene Spafford In security matters: • There is nothing like absolute security • We are only trying to build comfort levels, because security costs money and lack of it costs much more • Comfort level is a manifestation of efforts as well as a realization of their effectiveness & limitations
Importance of Cyber Security The Internet allows an attacker to work from anywhere on the planet. Risks caused by poor security knowledge and practice: Identity Theft Monetary Theft Legal Consequences (for yourself and your organization) Sanctions or termination if policies are not followed According to the SANS(SysAdmin, Audit, Network and Security) Institute, the top vectors for vulnerabilities available to a cyber criminal are: Web Browser IM Clients Web Applications Excessive User Rights
Cyber Security • Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.
Cyber Security is Safety • Security: We must protect our computers and data in the same way that we secure the doors to our homes. • Safety: We must behave in ways that protect us against risks and threats that come with technology.
Cyber Security Domains
Cyber Security Types • Network Security • Application Security • Information or Data Security • Identity management • Operational Security • Mobile Security • Cloud Security • Disaster Recovery and Business Continuity Planning • User Education
Network Security: Network security involves implementing measures to protect the integrity, confidentiality, and availability of a computer network. This includes techniques such as firewalls, intrusion detection systems, virtual private networks (VPNs), and secure network protocols to prevent unauthorized access, data breaches, and network attacks. Application Security: Application security focuses on securing software applications from potential vulnerabilities and threats. This includes secure coding practices, input validation, authentication mechanisms, encryption, and regular application security testing to identify and mitigate security flaws in applications. Information or Data Security: Information or data security involves protecting sensitive data from unauthorized access, disclosure, alteration, or destruction. This includes implementing access controls, encryption, data backup and recovery, data classification, and data loss prevention measures to safeguard sensitive information.
Identity Management: Identity management refers to the processes and technologies used to manage and secure user identities and their access to systems, applications, and data. It includes user authentication, authorization, password management, multi-factor authentication, and identity and access management (IAM) solutions. Operational Security: Operational security focuses on safeguarding the day-to-day operations of an organization. It involves establishing policies, procedures, and controls to protect physical assets, personnel, information systems, and data. This includes physical security measures, employee training, incident response planning, and security monitoring. Mobile Security: Mobile security deals with protecting mobile devices (such as smartphones and tablets) and the data stored on them. It involves securing mobile applications, implementing mobile device management (MDM) solutions, enforcing secure network connections, and educating users on mobile security best practices.
Cloud Security: Cloud security focuses on securing cloud computing environments and services. This includes securing data stored in the cloud, securing cloud infrastructure, managing user access and permissions, implementing encryption, and monitoring cloud environments for security threats. Disaster Recovery and Business Continuity Planning: Disaster recovery and business continuity planning involve developing strategies and procedures to ensure the resilience and continuity of business operations in the event of a disaster or disruptive incident. This includes creating backups, establishing recovery procedures, testing disaster recovery plans, and ensuring the availability of critical systems and data. User Education: User education is an essential component of overall security. It involves educating users about security best practices, raising awareness about common threats, teaching safe browsing habits, and promoting responsible use of technology. User education helps to mitigate risks associated with social engineering attacks, phishing attempts, and other forms of user-related vulnerabilities.
False Sense of Security?
What is a Secure System? (CIA Triad) Availability • Confidentiality – restrict access to authorized individuals • Integrity – data has not been altered in an unauthorized manner • Availability – information can be accessed and modified by authorized individuals in an appropriate timeframe
CIA Triad Protecting information from unauthorized access and disclosure Example: Criminal steals customers’ usernames, passwords, or credit card information Confidentiality
CIA Triad Protecting information from unauthorized modification Example: Someone alters payroll information or a proposed product design Integrity
CIA Triad Preventing disruption in how information is accessed Example: Your customers are unable to access your online services Availability
CIA Triad roughly • Confidentiality is Confidentiality measures equivalent are designed to privacy. to prevent sensitive information from unauthorized access attempts. • It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands.
CIA Triad • Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. • Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality).
CIA Triad • Availability means information should be consistently and readily accessible for authorized parties. • This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.
CIA Triad Putting Confidentiality into Practice: • Data encryption is one way to ensure confidentiality and that unauthorized users cannot retrieve data for which they do not have access. • Access control is also an integral part of maintaining confidentiality by managing which users have permissions for accessing data.
CIA Triad Putting Integrity into Practice: • Event log management within a Security Incident and Event Management system is crucial for practicing data integrity. • Implementing version control and audit trails into your IT program will allow your organization to guarantee that its data is accurate and authentic. •
CIA Triad Putting Availability into Practice: • Employing a backup system and a disaster recovery plan is essential for maintaining data availability should a disaster, cyber-attack, or another threat disrupt operations. • Utilizing cloud solutions for data storage is one way in which an organization can increase the availability of data for its users. • As the reliance on data analytics expands, the need for data to be available and accessible grows for sectors like financial services and life sciences.
Challenges in Cyber Security #1. Increase in Cyberattacks #2. Supply Chain Attacks Are on the Rise #3. The Cyber Pandemic Continues #4. Cloud Services Are A Primary Target #5. Ransomware Attacks Are on the Rise #6. Mobile Devices Introduce New Security Risks …………….
Cyberspace Definition:-A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. • Cyberspace refers to the virtual computer world, and more specifically, an electronic medium that is used to facilitate online communication. Cyberspace typically involves a large computer network made up of many worldwide computer subnetworks that employ TCP/IP protocol to aid in communication and data exchange activities. • Cyberspace's core feature is an interactive and virtual environment for a broad range of participants.
Threats and Vulnerabilities What are we protecting our and our stakeholders information from? Threats: Any circumstances or events that can potentially harm an information system by destroying it, disclosing the information stored on the system, adversely modifying data, or making the system unavailable Vulnerabilities: Weakness in an information system or its components that could be exploited.
Cyber Threats A cyber security threat refers to any possible malicious attack that seeks to unlawfully access data, disrupt digital operations or damage information. Cyber threats can originate from various actors, including corporate spies, hacktivists, terrorist groups, hostile nation-states, criminal organizations, lone hackers.
Types of Cyber Security Threats 1. Malware Malware is malicious software such as spyware, ransomware, viruses and worms. Malware is activated when a user clicks on a malicious link or attachment, which leads to installing dangerous software. 2. Denial of Service A denial of service (DoS) is a type of cyber attack that floods a computer or network so it can’t respond to requests. A distributed DoS (DDoS) does the same thing, but the attack originates from a computer network. Cyber attackers often use a flood attack to disrupt the “handshake” process and carry out a DoS.
Types of Cyber Security Threats 3. Man in the Middle A man-in-the-middle (MITM) attack occurs when hackers insert themselves into a two-party transaction. After interrupting the traffic, they can filter and steal data, according to Cisco. MITM attacks often occur when a visitor uses an unsecured public Wi-Fi network. Attackers insert themselves between the visitor and the network, and then use malware to install software and use data maliciously.
Types of Cyber Security Threats 4. Phishing Phishing attacks use fake communication, such as an email, to trick the receiver into opening it and carrying out the instructions inside, such as providing a credit card number. “The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine,” Cisco reports.
Types of Cyber Security Threats 4. Phishing
Types of Cyber Security Threats 5. SQL Injection A Structured Query Language (SQL) injection is a type of cyber attack that results from inserting malicious code into a server that uses SQL. When infected, the server releases information. Submitting the malicious code can be as simple as entering it into a vulnerable website search box.
Types of Cyber Security Threats 6. Password Attacks With the right password, a cyber attacker has access to a wealth of information. Social engineering is a type of password attack that Data Insider defines as “a strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices.” Other types of password attacks include accessing a password database or outright guessing.
Types of Cyber Security Threats 7. Emotet The Cybersecurity and Infrastructure Security Agency (CISA) describes Emotet as “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware.”
Cyber Warfare Cyber Warfare is typically defined as a set of actions by a nation or organization to attack countries or institutions' computer network systems with the intention of disrupting, damaging, or destroying infrastructure by computer viruses or denial-of-service attacks. What Does Cyber Warfare Look Like? Cyber warfare can take many forms, but all of them involve either the destabilization or destruction of critical systems. The objective is to weaken the target country by compromising its core systems. This means cyber warfare may take several different shapes: • Attacks on financial infrastructure • Attacks on public infrastructure like dams or electrical systems • Attacks on safety infrastructure like traffic signals or early warning systems • Attacks against military resources or organizations
Cyber Terrorism Cyber - Anything that involved computer resources and information. Terrorism - An act of violence.
Cyber Terrorism History Of Attacks
Cyber Terrorism Cyberterrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against non-combatant targets by sub-national groups or clandestine agents. - by TechTarget The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives. - Wikipedia
Motivations of Cyber- Terrorists There are various reasons why cyber attacks are an attractive choice for terrorists. Few of them are: • No need to cross physical barrier. • Identity is kept a secret. • Easy to attack. • Fast flow of information. • Little or no regulation. • Huge audience.
Cyber Security of Critical Infrastructure • Chemical Sector. • Commercial Facilities Sector. • Communications Sector. • Critical Manufacturing Sector. • Dams Sector. • Defence Industrial Base Sector. • Emergency Services Sector. • Energy Sector.
The Cybersecurity Implications of Infrastructure Modernization The adoption of new technologies in oil and gas facilities is a dual-edged sword. On one side, there are the obvious benefits of implementing industrial internet of things (IIoT) devices to improve efficiencies and reduce operational costs. On the other side, there are inherent risks associated with upgrading systems and with the cybersecurity infrastructure.
Cyber-Security-Unit-1.pptx

Recommended

CYBER SECURITY
CYBER SECURITY CYBER SECURITY
CYBER SECURITY Ashish prashar
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Cyber security
Cyber securityCyber security
Cyber securityabithajayavel
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber security
Cyber securityCyber security
Cyber securitySapna Patil
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Threat landscape 4.0
Threat landscape 4.0Threat landscape 4.0
Threat landscape 4.0Dr. C.V. Suresh Babu
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYVaishak Chandran
 

Recommended

CYBER SECURITY
CYBER SECURITY CYBER SECURITY
CYBER SECURITY Ashish prashar
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Cyber security
Cyber securityCyber security
Cyber securityabithajayavel
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber security
Cyber securityCyber security
Cyber securitySapna Patil
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Threat landscape 4.0
Threat landscape 4.0Threat landscape 4.0
Threat landscape 4.0Dr. C.V. Suresh Babu
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYVaishak Chandran
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityAkash Dhiman
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 
Cyber security
Cyber securityCyber security
Cyber securityvishakha bhagwat
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityADGP, Public Grivences, Bangalore
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityAvantika University
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
Cyber security
Cyber securityCyber security
Cyber securitySajid Hasan
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYPranjalShah18
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cyber security awareness presentation
Cyber security awareness presentationCyber security awareness presentation
Cyber security awareness presentationAshokkumar Gnanasekar
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityANGIEPAEZ304
 
Cyber security
Cyber security Cyber security
Cyber security Sachith Lekamge
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attackssommerville-videos
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptxMsVaishaliKumar
 

More Related Content

What's hot

Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityAkash Dhiman
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityAvantika University
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
Cyber security
Cyber securityCyber security
Cyber securitySajid Hasan
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYPranjalShah18
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cyber security awareness presentation
Cyber security awareness presentationCyber security awareness presentation
Cyber security awareness presentationAshokkumar Gnanasekar
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityANGIEPAEZ304
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attackssommerville-videos
 

What's hot (20)

Cyber security
Cyber securityCyber security
Cyber security
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika University
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Cyber security
Cyber securityCyber security
Cyber security
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber security awareness presentation
Cyber security awareness presentationCyber security awareness presentation
Cyber security awareness presentation
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber security
Cyber security Cyber security
Cyber security
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
User authentication
User authenticationUser authentication
User authentication
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
 

Similar to Cyber-Security-Unit-1.pptx

Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxdotco
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxTechnocracy2
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfssuserf98dd4
 
Information Security
Information SecurityInformation Security
Information SecurityDhilsath Fathima
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdfKARANSINGHD
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdfpublicchats
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptxParthYadav89
 

Similar to Cyber-Security-Unit-1.pptx (20)

Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Module 4.pdf
Module 4.pdfModule 4.pdf
Module 4.pdf
 
Module 4 Cyber Security Vulnerabilities& Safe Guards
Module 4 Cyber Security Vulnerabilities& Safe GuardsModule 4 Cyber Security Vulnerabilities& Safe Guards
Module 4 Cyber Security Vulnerabilities& Safe Guards
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
 
Information Security
Information SecurityInformation Security
Information Security
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdf
 
Information Security
Information Security Information Security
Information Security
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 

Recently uploaded

Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...121011101441
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxPurva Nikam
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 

Recently uploaded (20)

Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 

Cyber-Security-Unit-1.pptx

  • 2. Largest economy in world • USA • China
  • 3. Importance of Cyber Security “The only system which is truly secure is one which is switched off and unplugged, locked in a titanium safe, buried in a solid bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it.” - Professor Gene Spafford In security matters: • There is nothing like absolute security • We are only trying to build comfort levels, because security costs money and lack of it costs much more • Comfort level is a manifestation of efforts as well as a realization of their effectiveness & limitations
  • 4. Importance of Cyber Security The Internet allows an attacker to work from anywhere on the planet. Risks caused by poor security knowledge and practice: Identity Theft Monetary Theft Legal Consequences (for yourself and your organization) Sanctions or termination if policies are not followed According to the SANS(SysAdmin, Audit, Network and Security) Institute, the top vectors for vulnerabilities available to a cyber criminal are: Web Browser IM Clients Web Applications Excessive User Rights
  • 5. Cyber Security • Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.
  • 6. Cyber Security is Safety • Security: We must protect our computers and data in the same way that we secure the doors to our homes. • Safety: We must behave in ways that protect us against risks and threats that come with technology.
  • 8. Cyber Security Types • Network Security • Application Security • Information or Data Security • Identity management • Operational Security • Mobile Security • Cloud Security • Disaster Recovery and Business Continuity Planning • User Education
  • 9. Network Security: Network security involves implementing measures to protect the integrity, confidentiality, and availability of a computer network. This includes techniques such as firewalls, intrusion detection systems, virtual private networks (VPNs), and secure network protocols to prevent unauthorized access, data breaches, and network attacks. Application Security: Application security focuses on securing software applications from potential vulnerabilities and threats. This includes secure coding practices, input validation, authentication mechanisms, encryption, and regular application security testing to identify and mitigate security flaws in applications. Information or Data Security: Information or data security involves protecting sensitive data from unauthorized access, disclosure, alteration, or destruction. This includes implementing access controls, encryption, data backup and recovery, data classification, and data loss prevention measures to safeguard sensitive information.
  • 10. Identity Management: Identity management refers to the processes and technologies used to manage and secure user identities and their access to systems, applications, and data. It includes user authentication, authorization, password management, multi-factor authentication, and identity and access management (IAM) solutions. Operational Security: Operational security focuses on safeguarding the day-to-day operations of an organization. It involves establishing policies, procedures, and controls to protect physical assets, personnel, information systems, and data. This includes physical security measures, employee training, incident response planning, and security monitoring. Mobile Security: Mobile security deals with protecting mobile devices (such as smartphones and tablets) and the data stored on them. It involves securing mobile applications, implementing mobile device management (MDM) solutions, enforcing secure network connections, and educating users on mobile security best practices.
  • 11. Cloud Security: Cloud security focuses on securing cloud computing environments and services. This includes securing data stored in the cloud, securing cloud infrastructure, managing user access and permissions, implementing encryption, and monitoring cloud environments for security threats. Disaster Recovery and Business Continuity Planning: Disaster recovery and business continuity planning involve developing strategies and procedures to ensure the resilience and continuity of business operations in the event of a disaster or disruptive incident. This includes creating backups, establishing recovery procedures, testing disaster recovery plans, and ensuring the availability of critical systems and data. User Education: User education is an essential component of overall security. It involves educating users about security best practices, raising awareness about common threats, teaching safe browsing habits, and promoting responsible use of technology. User education helps to mitigate risks associated with social engineering attacks, phishing attempts, and other forms of user-related vulnerabilities.
  • 12. False Sense of Security?
  • 13. What is a Secure System? (CIA Triad) Availability • Confidentiality – restrict access to authorized individuals • Integrity – data has not been altered in an unauthorized manner • Availability – information can be accessed and modified by authorized individuals in an appropriate timeframe
  • 14. CIA Triad Protecting information from unauthorized access and disclosure Example: Criminal steals customers’ usernames, passwords, or credit card information Confidentiality
  • 15. CIA Triad Protecting information from unauthorized modification Example: Someone alters payroll information or a proposed product design Integrity
  • 16. CIA Triad Preventing disruption in how information is accessed Example: Your customers are unable to access your online services Availability
  • 17. CIA Triad roughly • Confidentiality is Confidentiality measures equivalent are designed to privacy. to prevent sensitive information from unauthorized access attempts. • It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands.
  • 18. CIA Triad • Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. • Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality).
  • 19. CIA Triad • Availability means information should be consistently and readily accessible for authorized parties. • This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.
  • 20. CIA Triad Putting Confidentiality into Practice: • Data encryption is one way to ensure confidentiality and that unauthorized users cannot retrieve data for which they do not have access. • Access control is also an integral part of maintaining confidentiality by managing which users have permissions for accessing data.
  • 21. CIA Triad Putting Integrity into Practice: • Event log management within a Security Incident and Event Management system is crucial for practicing data integrity. • Implementing version control and audit trails into your IT program will allow your organization to guarantee that its data is accurate and authentic. •
  • 22. CIA Triad Putting Availability into Practice: • Employing a backup system and a disaster recovery plan is essential for maintaining data availability should a disaster, cyber-attack, or another threat disrupt operations. • Utilizing cloud solutions for data storage is one way in which an organization can increase the availability of data for its users. • As the reliance on data analytics expands, the need for data to be available and accessible grows for sectors like financial services and life sciences.
  • 23. Challenges in Cyber Security #1. Increase in Cyberattacks #2. Supply Chain Attacks Are on the Rise #3. The Cyber Pandemic Continues #4. Cloud Services Are A Primary Target #5. Ransomware Attacks Are on the Rise #6. Mobile Devices Introduce New Security Risks …………….
  • 24.
  • 25. Cyberspace Definition:-A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. • Cyberspace refers to the virtual computer world, and more specifically, an electronic medium that is used to facilitate online communication. Cyberspace typically involves a large computer network made up of many worldwide computer subnetworks that employ TCP/IP protocol to aid in communication and data exchange activities. • Cyberspace's core feature is an interactive and virtual environment for a broad range of participants.
  • 26. Threats and Vulnerabilities What are we protecting our and our stakeholders information from? Threats: Any circumstances or events that can potentially harm an information system by destroying it, disclosing the information stored on the system, adversely modifying data, or making the system unavailable Vulnerabilities: Weakness in an information system or its components that could be exploited.
  • 27. Cyber Threats A cyber security threat refers to any possible malicious attack that seeks to unlawfully access data, disrupt digital operations or damage information. Cyber threats can originate from various actors, including corporate spies, hacktivists, terrorist groups, hostile nation-states, criminal organizations, lone hackers.
  • 28. Types of Cyber Security Threats 1. Malware Malware is malicious software such as spyware, ransomware, viruses and worms. Malware is activated when a user clicks on a malicious link or attachment, which leads to installing dangerous software. 2. Denial of Service A denial of service (DoS) is a type of cyber attack that floods a computer or network so it can’t respond to requests. A distributed DoS (DDoS) does the same thing, but the attack originates from a computer network. Cyber attackers often use a flood attack to disrupt the “handshake” process and carry out a DoS.
  • 29. Types of Cyber Security Threats 3. Man in the Middle A man-in-the-middle (MITM) attack occurs when hackers insert themselves into a two-party transaction. After interrupting the traffic, they can filter and steal data, according to Cisco. MITM attacks often occur when a visitor uses an unsecured public Wi-Fi network. Attackers insert themselves between the visitor and the network, and then use malware to install software and use data maliciously.
  • 30. Types of Cyber Security Threats 4. Phishing Phishing attacks use fake communication, such as an email, to trick the receiver into opening it and carrying out the instructions inside, such as providing a credit card number. “The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine,” Cisco reports.
  • 31. Types of Cyber Security Threats 4. Phishing
  • 32. Types of Cyber Security Threats 5. SQL Injection A Structured Query Language (SQL) injection is a type of cyber attack that results from inserting malicious code into a server that uses SQL. When infected, the server releases information. Submitting the malicious code can be as simple as entering it into a vulnerable website search box.
  • 33. Types of Cyber Security Threats 6. Password Attacks With the right password, a cyber attacker has access to a wealth of information. Social engineering is a type of password attack that Data Insider defines as “a strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices.” Other types of password attacks include accessing a password database or outright guessing.
  • 34. Types of Cyber Security Threats 7. Emotet The Cybersecurity and Infrastructure Security Agency (CISA) describes Emotet as “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware.”
  • 35. Cyber Warfare Cyber Warfare is typically defined as a set of actions by a nation or organization to attack countries or institutions' computer network systems with the intention of disrupting, damaging, or destroying infrastructure by computer viruses or denial-of-service attacks. What Does Cyber Warfare Look Like? Cyber warfare can take many forms, but all of them involve either the destabilization or destruction of critical systems. The objective is to weaken the target country by compromising its core systems. This means cyber warfare may take several different shapes: • Attacks on financial infrastructure • Attacks on public infrastructure like dams or electrical systems • Attacks on safety infrastructure like traffic signals or early warning systems • Attacks against military resources or organizations
  • 36. Cyber Terrorism Cyber - Anything that involved computer resources and information. Terrorism - An act of violence.
  • 38. Cyber Terrorism Cyberterrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against non-combatant targets by sub-national groups or clandestine agents. - by TechTarget The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives. - Wikipedia
  • 39. Motivations of Cyber- Terrorists There are various reasons why cyber attacks are an attractive choice for terrorists. Few of them are: • No need to cross physical barrier. • Identity is kept a secret. • Easy to attack. • Fast flow of information. • Little or no regulation. • Huge audience.
  • 40. Cyber Security of Critical Infrastructure • Chemical Sector. • Commercial Facilities Sector. • Communications Sector. • Critical Manufacturing Sector. • Dams Sector. • Defence Industrial Base Sector. • Emergency Services Sector. • Energy Sector.
  • 41. The Cybersecurity Implications of Infrastructure Modernization The adoption of new technologies in oil and gas facilities is a dual-edged sword. On one side, there are the obvious benefits of implementing industrial internet of things (IIoT) devices to improve efficiencies and reduce operational costs. On the other side, there are inherent risks associated with upgrading systems and with the cybersecurity infrastructure.