The document discusses disaster recovery (DR) as a critical component of business continuity, focusing on recovery from disruptive events such as natural disasters and cyber attacks. It outlines the essentials of DR planning, including strategies, types of recovery solutions, and the importance of metrics like RTO and RPO. Additionally, it highlights the need for secure communication and the challenges that come with software vulnerabilities while emphasizing preventive measures to manage risks effectively.

1. CYB 102 – FUNDAMENTALS OF CYBER SECURITY
Lecture Note slides Module 4
By

2. What is considered a disaster?
DR planning and strategies focus on responding to and recovering from disasters—
events that disrupt or completely stop a business from operating.
While these events can be natural disasters like a hurricane, they can also be caused
by severe system failure, an intentional attack, or even human error.
Types of disasters can include:
•Natural disasters (for example, earthquakes, floods, tornados, hurricanes, or wildfires)
•Pandemics and epidemics
•Cyber attacks (for example, malware, DDoS, and ransomware attacks)
•Other intentional, human-caused threats such as terrorist or biochemical attacks
•Technological hazards (for example, power outages, pipeline explosions, and
transportation accidents)
•Machine and hardware failure

3. Disaster Recovery Plan
• Definition: Disaster recovery (DR) is an organization’s ability to restore access
and functionality to IT infrastructure after a disaster event, whether natural or
caused by human action (or error).
• DR is considered a subset of business continuity, explicitly focusing on ensuring
that the IT systems that support critical business functions are operational as soon
as possible after a disruptive event occurs.
• Today, disaster recovery planning is crucial for any business, especially those
operating either partially or entirely in the cloud.
• Disasters that interrupt service and cause data loss can happen anytime without
warning—your network could have an outage, a critical bug could get released, or
your business might have to weather a natural disaster.
• Organizations with robust and well-tested disaster recovery strategies can
minimize the impact of disruptions, achieve faster recovery times, and resume core
operations rapidly when things go awry.

4. Importance of disaster recovery
• Disaster recovery for cloud-based systems is critical to an overall business
continuity strategy.
• A system breakdown or unplanned downtime can have serious consequences for
enterprises that rely heavily on cloud-based resources, applications, documents,
and data storage to keep things running smoothly.
• In addition, data privacy laws and standards stipulate that most organizations are now
required to have a disaster recovery strategy. Failure to follow DR plans can result in
compliance violations and steep regulatory fines.
• Every business needs to be able to recover quickly from any event that stops day-to-day
operations, no matter what industry or size.
• Without a disaster recovery plan, a company can suffer data loss, reduced productivity, out-
of-budget expenses, and reputational damage that can lead to lost customers and revenue.

5. How disaster recovery works
Disaster recovery relies on having a solid plan to get critical applications and
infrastructure up and running after an outage—ideally within minutes.
An effective DR plan addresses three different elements of recovery:
•Preventive: Ensuring your systems are as secure and reliable as possible,
using tools and techniques to prevent a disaster from occurring in the first
place. This may include backing up critical data or continuously monitoring
environments for configuration errors and compliance violations.
•Detective: For rapid recovery, you’ll need to know when a response is
necessary. These measures focus on detecting or discovering unwanted events
as they happen in real-time.
•Corrective: These measures are aimed at planning for potential DR scenarios,
ensuring backup operations to reduce impact, and putting recovery procedures
into action to restore data and systems quickly when the time comes.

6. Types of disaster recovery
The types of disaster recovery you’ll need will depend on your IT infrastructure, the type of
backup and recovery you use, and the assets you need to protect.
Here are some of the most common technologies and techniques used in disaster recovery:
•Backups: With backups, you back up data to an offsite system or ship an external drive to an
offsite location. However, backups do not include any IT infrastructure, so they are not
considered a full disaster recovery solution.
•Backup as a service (BaaS): Similar to remote data backups, BaaS solutions provide
regular data backups offered by a third-party provider.
•Disaster recovery as a service (DRaaS): Many cloud providers offer DRaaS, along with
cloud service models like IaaS and PaaS. A DRaaS service model allows you to back up your
data and IT infrastructure and host them on a third-party provider’s cloud infrastructure. During
a crisis, the provider will implement and orchestrate your DR plan to help recover access and
functionality with minimal interruption to operations.

7. •Types of disaster recovery (cont.)
•Point-in-time snapshots: Also known as point-in-time copies, snapshots replicate
data, files, or even an entire database at a specific point in time. Snapshots can be
used to restore data as long as the copy is stored in a location unaffected by the
event. However, some data loss can occur depending on when the snapshot was
made.
•Virtual DR: Virtual DR solutions allow you to back up operations and data or even
create a complete replica of your IT infrastructure and run it on offsite virtual machines
(VMs). In the event of a disaster, you can reload your backup and resume operation
quickly. This solution requires frequent data and workload transfers to be effective.
•Disaster recovery sites: These are locations that organizations can temporarily use
after a disaster event, which contain backups of data, systems, and other technology
infrastructure.

8. Benefits of disaster recovery
Stronger business continuity
Every second counts when your business goes offline, impacting productivity,
customer experience, and your company’s reputation. Disaster recovery helps
safeguard critical business operations by ensuring they can recover with minimal or no
interruption.
Enhanced security
DR plans use data backup and other procedures that strengthen your security posture
and limit the impact of attacks and other security risks. For example, cloud-based
disaster recovery solutions offer built-in security capabilities, such as advanced
encryption, identity and access management, and organizational policy.
Faster recovery
Disaster recovery solutions make restoring your data and workloads easier so you can
get business operations back online quickly after a catastrophic event. DR plans
leverage data replication and often rely on automated recovery to minimize downtime
and data loss.

9. Benefits of disaster recovery (cont.)
Reduced recovery costs
The monetary impacts of a disaster event can be significant, ranging from loss of
business and productivity to data privacy penalties to ransoms. With disaster recovery,
you can avoid, or at least minimize, some of these costs. Cloud DR processes can
also reduce the operating costs of running and maintaining a secondary location.
High availability
Many cloud-based services come with high availability (HA) features that can support
your DR strategy. HA capabilities help ensure an agreed level of performance and
offer built-in redundancy and automatic failover, protecting data against equipment
failure and other smaller-scale events that may impact data availability.

10. Planning a disaster recovery strategy
A comprehensive disaster recovery strategy should include detailed emergency
response requirements, backup operations, and recovery procedures.
DR strategies and plans often help form a broader business continuity strategy, which
includes contingency plans to mitigate impact beyond IT infrastructure and systems,
allowing all business areas to resume normal operations as soon as possible.
When it comes to creating disaster recovery strategies, you should carefully consider
the following key metrics:
•Recovery time objective (RTO): The maximum acceptable length of time that
systems and applications can be down without causing significant damage to the
business. For example, some applications can be offline for an hour, while others
might need to recover in minutes.
•Recovery point objective (RPO): The maximum age of data you need to recover to
resume operations after a major event. RPO helps to define the frequency of
backups.

11. Planning a disaster recovery strategy (cont.)
metrics are particularly useful when conducting risk assessments and business
impact analysis (BIA) for potential disasters, from moderate to worst-case scenarios.
Risk assessments and BIAs evaluate all functional areas of a business and the
consequences of any risks, which can help define DR goals and the actions needed to
achieve them before or after an event occurs.
When creating your recovery strategy, it’s useful to consider your RTO and RPO
values and pick a DR pattern that will enable you to meet those values and your
overall goals. Typically, the smaller your values (or the faster your applications need to
recover after an interruption), the higher the cost to run your application.
Cloud disaster recovery can greatly reduce the costs of RTO and RPO when it comes
to fulfilling on-premises requirements for capacity, security, network infrastructure,
bandwidth, support, and facilities. A highly managed service on Google Cloud can help
you avoid most, if not all, complicating factors and allow you to reduce many business
costs significantly.

12. What is disaster recovery used for?
Disaster recovery strategies help protect business operations in a number of important ways.
Here are some common use cases.
Ensure business resilience
No matter what happens, a good DR plan can ensure that the business can return to full
operations rapidly, without losing data or transactions.
Maintain competitiveness
When a business goes offline, customers are rarely loyal. They turn to competitors to get the
goods or services they require. A DR plan prevents this.
Avoid regulatory risks
Many industries have regulations dictating where data can be stored and how it must be
protected. Heavy fines result if these mandates are not met.
Avoid data loss
The longer a business’s systems are down, the greater the risk that data will be lost. A robust
DR plan minimizes this risk.

13. What is disaster recovery used for? (cont.)
Keep customers happy
Meeting customer service level agreements (SLAs) is always a priority. A well-
executed DR plan can help businesses achieve SLAs despite challenges.
Maintain reputation
A business that has trouble resuming operations after an outage can suffer brand
damage. For that reason, a solid DR plan is critical.

14. BASIC CRYPTOGRAPHY
Definition: Cryptography is the study and practice of techniques for secure
communication in the presence of third parties called adversaries.
It deals with developing and analyzing protocols that prevent malicious third
parties from retrieving information being shared between two entities thereby
following the various aspects of information security.
Secure Communication refers to the scenario where the message or data
shared between two parties can’t be accessed by an adversary.
In Cryptography, an Adversary is a malicious entity, which aims to retrieve
precious information or data thereby undermining the principles of information
security.
Data Confidentiality, Data Integrity, Authentication, and Non-repudiation are
core principles of modern-day cryptography.

15. BASIC CRYPTOGRAPHY (CONT.)
▪ Confidentiality refers to certain rules and guidelines usually executed under
confidentiality agreements which ensure that the information is restricted to certain
people or places.
▪ Data integrity refers to maintaining and making sure that the data stays accurate
and consistent over its entire life cycle.
▪ Authentication is the process of making sure that the piece of data being claimed
by the user belongs to it.
▪ Non-repudiation refers to the ability to make sure that a person or a party
associated with a contract or a communication cannot deny the authenticity of their
signature over their document or the sending of a message

16. BASIC CRYPTOGRAPHY (CONT.)
▪ Consider two parties Alice and Bob. Now, Alice wants to send a message m
to Bob over a secure channel. So, what happens is as follows.
▪ The sender’s message or sometimes called the Plaintext, is converted into
an unreadable form using a Key k.
▪ The resultant text obtained is called the Ciphertext. This process is known as
Encryption.
▪ At the time of received, the Ciphertext is converted back into the plaintext
using the same Key k, so that it can be read by the receiver. This process is
known as Decryption.

17. Here, C refers to the Ciphertext while E and D are the Encryption and
Decryption algorithms respectively.
Let’s consider the case of Caesar Cipher or Shift Cipher as an example. As the
name suggests, in Caesar’s Cipher each character in a word is replaced by
another character under some defined rules.
Thus, if A is replaced by D, B by E and so on. Then, each character in the word
would be shifted by a position of 3. For example:

18. Note: Even if the adversary knows that the cipher is based on Caesar’s Cipher, it
cannot predict the plaintext as it doesn’t have the key in this case which is to shift the
characters back by three places.
Types of Cryptography:
There are several types of cryptography, each with its own unique features and
applications. Some of the most common types of cryptography include:
1. Symmetric-key cryptography: This type of cryptography involves the use of a
single key to encrypt and decrypt data. Both the sender and receiver use the same
key, which must be kept secret to maintain the security of the communication.
2. Asymmetric-key cryptography: Asymmetric-key cryptography, also known as
public-key cryptography, uses a pair of keys – a public key and a private key – to
encrypt and decrypt data. The public key is available to anyone, while the private key
is kept secret by the owner.
Hash functions: A hash function is a mathematical algorithm that converts data of any
size into a fixed-size output. Hash functions are often used to verify the integrity of
data and ensure that it has not been tampered with.

19. Applications of Cryptography:
Cryptography has a wide range of applications in modern-day
communication, including:
•Secure online transactions: Cryptography is used to secure online
transactions, such as online banking and e-commerce, by encrypting
sensitive data and protecting it from unauthorized access.
•Digital signatures: Digital signatures are used to verify the authenticity
and integrity of digital documents and ensure that they have not been
tampered with.
•Password protection: Passwords are often encrypted using
cryptographic algorithms to protect them from being stolen or intercepted.

20. Challenges of Cryptography:
While cryptography is a powerful tool for securing information, it also
presents several challenges, including:
•Key management: Cryptography relies on the use of keys, which must
be managed carefully to maintain the security of the communication.
•Quantum computing: The development of quantum computing poses a
potential threat to current cryptographic algorithms, which may become
vulnerable to attacks.
•Human error: Cryptography is only as strong as its weakest link, and
human error can easily compromise the security of communication.

21. SOFTWARE APPLICATION VULNERABILITIES
Understanding software vulnerabilities is fundamental to managing modern security threats.
Whether your business depends on the software created by third parties, software built by
your own developers, or a combination of both, the ability to detect and manage software
vulnerabilities is absolutely central to keeping software secure and shifting security left.
What Is a Software Vulnerability?
A software vulnerability is a defect in software that could allow an attacker to gain control of a
system.
As we explain in greater detail below, the defects that cause software vulnerabilities can result
from:
▪ flaws in the way the software is designed
▪ problems with the software’s source code
▪ poor management of data
▪ access control settings within the application
▪ any other type of issue that attackers could potentially exploit.

22. What Can an Attacker Do With a Software Vulnerability?
An attacker can exploit a software vulnerability to steal or manipulate
sensitive data, join a system to a botnet, install a backdoor, or plant other
types of malware. In addition, after penetrating into one network host, the
attacker could use that host to break into other hosts on the same
network.
The specific exploits that an attacker can execute vary from one
vulnerability to the next. Not all vulnerabilities allow attackers to cause the
same types of harm, and not all vulnerabilities create equally severe risks.
However, all vulnerabilities pose at least some level of risk to the
applications they impact, as well as the environments that host those
applications and any resources that integrate with the applications.

23. How Are Vulnerabilities Exploited?
To take advantage of a vulnerability, an attacker must first discover the vulnerability.
Attackers can do this in a variety of ways. But to provide an example, one common
technique for finding vulnerabilities is to run port scanning software, like the open
source tool Nmap, which can collect information about which services are running on a
server or computer, and even which specific operating system is installed. With that
information, the attacker can determine whether the services or operating system are
subject to any known vulnerabilities.
Then, the attacker must devise a method for exploiting the vulnerability. Here again,
exploit methods vary widely, but they may involve techniques like injecting malicious
code into an application or bypassing access controls. Some vulnerabilities can be
exploited remotely, meaning that attackers can take advantage of the security
weakness over the network. Others require direct physical access to the infrastructure
that hosts the vulnerable software.
If the exploit is successful, the attacker will gain the ability to perform malicious actions
within the compromised application or its host system. Depending on the nature of the
vulnerability, these actions could include activities like exfiltrating sensitive data,
running malicious commands, planting malware or disrupting critical services in order
to cause problems for the business.

24. What Causes Software Vulnerabilities?
There are many potential causes for a software vulnerability. Some applications are vulnerable
due to overall design flaws, such as an architecture that involves moving sensitive data over
unsecured networks. In other cases, vulnerabilities result from specific coding errors that
introduce vulnerabilities such as the following:
▪ Buffer overflows: These allow someone to put more data into an input field than what the
field is supposed to allow. An attacker can take advantage of this by placing malicious
commands into the overflow portion of the data field, which would then execute.
▪ SQL Injection: This could allow an attacker to inject malicious commands into the
database of a web application. The attacker can do this by entering specially-crafted
Structured Query Language commands into either a data field of a web application form or
into the URL of the web application. If the attack is successful, the unauthorized and
unauthenticated attacker would be able to retrieve or manipulate data from the database.
▪ Third-party libraries: Many programmers use third-party code libraries, rather than try to
write all software from scratch. This can be a real time-saver, but it can also be dangerous if
the library has any vulnerabilities. Before using any of these libraries, developers need to
verify that they don’t have vulnerabilities.
▪ Application Programming Interfaces: An API, which allows software programs to
communicate with each other, could also introduce a software vulnerability. Many APIs are
not set up with strict security policies, which could allow an unauthenticated attacker to gain
entry into a system.

25. How to Handle Software Vulnerabilities: Vulnerability Scanning and Beyond
• The best way to deal with a software vulnerability is to prevent it from happening in
the first place.
• Software developers need to learn secure coding practices and automatic security
testing must be built into the entire software development process.
• But again, it’s impossible to guarantee that the code your business depends on is
not subject to vulnerabilities.
• For that reason, it’s important to leverage vulnerability scanning. Vulnerability
scanning is the process of automatically scanning application source code and/or
binaries for known vulnerabilities. If scanners detect an application component that
is known to be vulnerable, they alert developers so that they can fix the issue.
• Once you have detected vulnerabilities, you should assess how severe each one is.
Depending on the amount of harm each vulnerability can cause and how easy it is
to exploit, the vulnerability may be more or less severe than other vulnerabilities, so
you should determine which ones to prioritize.