1. Topic - Cyber security
It is the practice of the protecting the system ,device,networks and programs from digital
attacks .These cyber attacks are usually aimed at the accessing ,changing or destroyed
sensitive information
Extorting money from user or interrupting normal business process in cyber security
Types of Cyber security
● Network Security: Most of the attacks occur over the network and network security
solutions are designed to identify and block these attacks .
● These solution include data and access controls such as a data loss prevention
IAM,NGFW,application controls to enforce safe web use policies
● Cloud security: In the organization increasingly adopt cloud computing ,securing the
cloud becomes a major priority ,A under to cyber security in the cloud security strategy
include solution ,controls ,policies and service that help to protect organization entire
cloud deployment
● Endpoint security; The Zero-Trust security is the model of the creating micro-segment
around data wherever it may be .One way to do that with a mobile workforce is the
using endpoint security .With endpoint security ,companies can secure end-user device
such as desktop and laptop with data and network security controls advanced threat
prevention such as anti-phishing and anti-ransomware etc.
● Mobile security;In the under cyber security ,Mobile device in the such as tablet and
smartphones access to corporate data ,exposing business to threat from malicious
app,zero-day ,phishing ,and I'M attacks
● IoTSecurity: It is protect these device with discovery and classification of the connected
device
● auto -segmentation to control network activities and using IPS as a virtual patch to
prevent exploits against vulnerable devices.
● Application security : Application security also prevents bot attacks and stops any
malicious interaction with applications and APIs
● Zero-Trust: The traditional security model is perimeter-focused, building walls around an
organization’s valuable assets like a castle.
Cyber security attacks
2. ● Supply chain attack : Protecting against supply chain attacks requires a zero trust
approach to cyber security .While partnership and vendor relationships are good for
business ,third-party user and software should be good for business ,third-party users
and software should have access limited to the minimum necessary to do their jobs
and should be continually monitoring.
● Ransomware attack: While ransomware has been around for decades, it only became
the dominant form of malware within the last few years. The WannaCry ransomware
outbreak demonstrated the viability and profitability of ransomware attacks, driving a
sudden surge in ransomware campaigns.
● Phishing attack:Phishing attacks have long been the most common and effective means
by which Cyber security criminals gain access to corporate environments. It is often
much easier to trick a user into clicking a link or opening an attachment than it is to
identify and exploit a vulnerability within an organization’s defenses.
● Malware:Modern malware is swift, stealthy, and sophisticated. The detection techniques
used by legacy security solutions (such as signature-based detection) are no longer
effective, and, often, by the time Cyber security analysts have detected and responded to
a threat, the damage is already done.
TOPIC 2 - IAM - Identity and access management
In The framework of business process ,policies and technologies that facilitates the
management of the electronic or digital.with an IAM framework in place,information technology
IT managers can control user access to critical information within their organization .
System used for the IAM include single-sign-on system ,MFA and privileged access
management .These technologies also provided the ability the ability to securely store identity
and profile data as well as data governance function to ensure that only that necessary and
relevant is shared
On a fundamental level ,IAM encompasses the following component
● How individuals are identified in a system
● How role is identified in a system
● How they are assigned to individuals
● Adding ,removing,and updating individuals and their roles in a system
● Assigning levels of access to individuals or group of individuals and protecting the
sensitive data
3. ● Within the system and securing the system itself
Why is IAM important
IT departments are under increased regulatory and organizational pressure to protect access to
corporate resources.
IAM including biometrics, behavior analytics and AI -- is well suited to the rigors of the new
security landscape.
For example, IAMs tight control of resource access in highly distributed and dynamic
environments aligns with the industry's transition from firewalls to zero-trust models and with
the security requirements of IoT. For more information on the future of IoT security,
Basic components of IAM
Access is the ability of an individual user to perform a specific task, such as view, create or
modify a file. Roles are defined according to job, authority and responsibility within the
enterprise.
capture and record user login information, manage the enterprise database of user identities,
and orchestrate the assignment and removal of access privileges. That means systems used for
IAM should provide a centralized directory service with oversight and visibility into all aspects of
the company user base.
TOPIC 3- Hacking
The hacking act of compromising digital devices and networks through unauthorized access to
an account or computer system. Hacking is not always a malicious act, but it is most commonly
associated with illegal activity and data theft by cyber criminals.
Types of Hackers
● Black Hat Hackers : Black hat hackers are the "bad guys" of the hacking scene. They go
out of their way to discover vulnerabilities in computer systems and software to exploit
them for financial gain or for more malicious purposes, such as to gain reputation, carry
out corporate espionage, or as part of a nation-state hacking campaign.
● Gray Hat Hackers:Grey hat hackers sit somewhere between the good and the bad guys.
Unlike black hat hackers, they attempt to violate standards and principles but without
intending to do harm or gain financially.
● White Hat hackers : White hat hackers can be seen as the “good guys” who attempt to
prevent the success of black hat hackers through proactive hacking. They use their
4. technical skills to break into systems to assess and test the level of network security,
also known as ethical hacking. This helps expose vulnerabilities in systems before black
hat hackers can detect and exploit them.
Device Most Vulnerable in Hacking
● Smart Device :Smart devices, such as smartphones, are lucrative targets for hackers.
Android devices, in particular, have a more open-source and inconsistent software
development process than Apple devices, which puts them at risk of data theft or
corruption.
● Webcam:Webcams built into computers are a common hacking target, mainly because
hacking them is a simple process. Hackers typically gain access to a computer using a
Remote Access Trojan (RAT) in rootkit malware
● Router:Hacking routers enables an attacker to gain access to data sent and received
across them and networks that are accessed on them.
● Email: Email is one of the most common targets of cyberattacks. It is used to spread
malware and ransomware and as a tactic for phishing attacks, which enable attackers to
target victims with malicious attachments or links.
Prevention to hacking
● Software Update : Hackers are hacking constantly on the lookout for vulnerabilities or
holes in security that have not been seen or patched.
● Use Unique Password for different account :Weak passwords or account credentials and
poor password practices are the most common cause of data breaches and
cyberattacks.
● HTTPS encryption: Spoofed websites are another common vehicle for data theft, when
hackers create a scam website that looks legitimate but will actually steal the
credentials that users enter.
● Avoid Clicking ADs :Advertisements like pop-up ads are also widely used by hackers.
When clicked, they lead the user to inadvertently download malware or spyware onto
their device.