SlideShare a Scribd company logo

Cybersecurity 3 cybersecurity costs and causes

Download as PPTX, PDF
S
sommerville-videos

Discusses the costs to society of cybersecurity issues and why there are technical, human and organisational causes of cybersecurity vulnerabilities

1 of 28
Introduction to cybersecurity, 2013 Slide 1 Cybersecurity: costs and causes
Introduction to cybersecurity, 2013 Slide 2 The cybersecurity problem • How big a problem is cybersecurity for individuals, businesses and nations? • Why is it difficult to make networked systems secure?
Introduction to cybersecurity, 2013 Slide 3 The scale of the problem • It’s a big problem • How big ? We really do not know • Many surveys on cyber-security related losses but very wide variations and different methodologies
Introduction to cybersecurity, 2013 Slide 4 Individuals • Cyber fraud • Identity theft • Cyber bullying and cyber stalking
Introduction to cybersecurity, 2013 Slide 5 © The Guardian 2013
Introduction to cybersecurity, 2013 Slide 6
Introduction to cybersecurity, 2013 Slide 7 Businesses • Differing estimates: – The extent of losses depends on how these losses are measured and what data is collected • Industry reluctant to release figures but when they do, they tend to overvalue assets
Introduction to cybersecurity, 2013 Slide 8 © The Scotsman 2013 © deadline.co.uk 2012
Introduction to cybersecurity, 2013 Slide 9 © The IET 2013
Introduction to cybersecurity, 2013 Slide 10 Nations • Cyberattacks on critical infrastructures are seen as a critical economic risk by all countries • Significant resources now being devoted to cyberdefence
Introduction to cybersecurity, 2013 Slide 11 © Wall Street Journal, 2013
Introduction to cybersecurity, 2013 Slide 12© World Affairs Journal 2013
Introduction to cybersecurity, 2013 Slide 13 • Why has cybersecurity become such a major problem – Scale and ubiquity of the internet – Lower level of physical risk to criminals – Fundamental business and technical reasons for insecurity
Introduction to cybersecurity, 2013 Slide 14 Business reasons • Connection of computers to the internet can cut costs, improve the efficiency and responsiveness of business processes and open up new opportunities for interaction. Therefore business has focused on connectivity rather than security
Introduction to cybersecurity, 2013 Slide 15 • Security is inconvenient and slows down transactions. Businesses have decided to prioritise convenience and usability over security. • Accepting the cost of losses through cyber fraud may be a cost-effective strategy
Introduction to cybersecurity, 2013 Slide 16 Internet vulnerabilities • The Internet was invented in the 1970s as a network between organisations that were trustworthy and which trusted each other • The information maintained on their computers was non-commercial and not thought to be of interest to others
Introduction to cybersecurity, 2013 Slide 17 • Consequently, security was not a factor in the design of internet protocols, practices and equipment. • Security slows things down so efficiency was prioritized
Introduction to cybersecurity, 2013 Slide 18 • These protocols made it easy for the Internet to be universally adopted in the 1990s • However, the problems can only be properly addressed by a complete redesign of Internet protocols, which is probably commercially impractical.
Introduction to cybersecurity, 2013 Slide 19 Internet vulnerabilities • Unencypted traffic by default • Packets can be intercepted and the contents read by anyone who intercepts these packets
Introduction to cybersecurity, 2013 Slide 20 Internet vulnerabilities • DNS system – Possible to divert traffic from legitimate to malicious addresses – Easy to hide where traffic has come from • Domain name servers vulnerable to DoS attacks
Introduction to cybersecurity, 2013 Slide 21 Internet vulnerabilities • Mail protocol – No charging mechanism for mail – Hence spam is possible
Introduction to cybersecurity, 2013 Slide 22 Technology is not the only problem • Internet vulnerabilities make possible some kinds of cyber-attack but it is important to remember that cybersecurity is a socio-technical systems problem • Problems almost always stem from a mix of technical, human and
Introduction to cybersecurity, 2013 Slide 23 Risk classification • Risks due to actions of people • Risks due to hardware or software • Risks due to organisational processes
Introduction to cybersecurity, 2013 Slide 24 Actions of people • Deliberate or accidental exposure of legitimate credentials to attackers • Failure to maintain secure personal computers and devices
Introduction to cybersecurity, 2013 Slide 25 • Insider corruption or theft of data • Preference for convenience and usability over security – Weak passwords set because they are easy to remember and quick to type
Introduction to cybersecurity, 2013 Slide 26 Hardware and software • Misconfigured firewalls and mail filters • Programming errors and omissions in software lead to malicious penetration – Buffer overflow attacks – SQL poisoning attacks
Introduction to cybersecurity, 2013 Slide 27 Organisational processes • No established process and checks for updating and patching software • Lack of security auditing • Lack of systematic backup processes
Introduction to cybersecurity, 2013 Slide 28 Summary • Cyber attacks are a major cost for business, government and individuals. But quantifying this cost is difficult. – The Internet was not designed as a secure network and making it secure is practically impossible – To make systems useable, people take actions that introduce vulnerabilities into sociotechnical systems.

Recommended

System safety
System safetySystem safety
System safety
sommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
sommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
sommerville-videos
 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resilience
sommerville-videos
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems intro
sommerville-videos
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
Legal Services National Technology Assistance Project (LSNTAP)
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001
Donald E. Hester
 

Recommended

System safety
System safetySystem safety
System safety
sommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
sommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
sommerville-videos
 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resilience
sommerville-videos
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems intro
sommerville-videos
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
Legal Services National Technology Assistance Project (LSNTAP)
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001
Donald E. Hester
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber security
avinashkumar1912
 
Security and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariSecurity and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariArber Hoxhallari
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015
ObserveIT
 
SGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecuritySGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems Security
Andy Bochman
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information System
Daryl Conson
 
Im 111 lecture 1
Im 111 lecture 1Im 111 lecture 1
Im 111 lecture 1
ITNet
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
Simeon Ogao
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
CYBER SECURITY audit course report
CYBER SECURITY audit course reportCYBER SECURITY audit course report
CYBER SECURITY audit course report
PDEA's college of engineering, Pune
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technologyparamalways
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
Pankaj Rane
 
Ch02 mis-ctrl-appl
Ch02 mis-ctrl-applCh02 mis-ctrl-appl
Ch02 mis-ctrl-applSR NAIDU
 
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasSundas Kayani
 
Flaws in Identity Management and How to Avoid Them
Flaws in Identity Management and How to Avoid ThemFlaws in Identity Management and How to Avoid Them
Flaws in Identity Management and How to Avoid Them
NetIQ
 
PACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and TrainingPACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and Training
Pace IT at Edmonds Community College
 
Comprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationComprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationJoe Hessmiller
 
Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breach
sommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
sommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
sommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
sommerville-videos
 

More Related Content

What's hot

information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber security
avinashkumar1912
 
Security and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariSecurity and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariArber Hoxhallari
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015
ObserveIT
 
SGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecuritySGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems Security
Andy Bochman
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information System
Daryl Conson
 
Im 111 lecture 1
Im 111 lecture 1Im 111 lecture 1
Im 111 lecture 1
ITNet
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
Simeon Ogao
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
CYBER SECURITY audit course report
CYBER SECURITY audit course reportCYBER SECURITY audit course report
CYBER SECURITY audit course report
PDEA's college of engineering, Pune
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technologyparamalways
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
Pankaj Rane
 
Ch02 mis-ctrl-appl
Ch02 mis-ctrl-applCh02 mis-ctrl-appl
Ch02 mis-ctrl-applSR NAIDU
 
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasSundas Kayani
 
Flaws in Identity Management and How to Avoid Them
Flaws in Identity Management and How to Avoid ThemFlaws in Identity Management and How to Avoid Them
Flaws in Identity Management and How to Avoid Them
NetIQ
 
PACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and TrainingPACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and Training
Pace IT at Edmonds Community College
 
Comprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationComprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationJoe Hessmiller
 

What's hot (18)

information security technology
information security technologyinformation security technology
information security technology
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber security
 
Security and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariSecurity and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber Hoxhallari
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015
 
SGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecuritySGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems Security
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information System
 
Im 111 lecture 1
Im 111 lecture 1Im 111 lecture 1
Im 111 lecture 1
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
 
CYBER SECURITY audit course report
CYBER SECURITY audit course reportCYBER SECURITY audit course report
CYBER SECURITY audit course report
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technology
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
Ch02 mis-ctrl-appl
Ch02 mis-ctrl-applCh02 mis-ctrl-appl
Ch02 mis-ctrl-appl
 
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
 
Flaws in Identity Management and How to Avoid Them
Flaws in Identity Management and How to Avoid ThemFlaws in Identity Management and How to Avoid Them
Flaws in Identity Management and How to Avoid Them
 
PACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and TrainingPACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and Training
 
Comprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationComprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organization
 

Viewers also liked

Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breach
sommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
sommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
sommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
sommerville-videos
 
Infrastructure control
Infrastructure controlInfrastructure control
Infrastructure control
sommerville-videos
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
sommerville-videos
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructure
sommerville-videos
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
sommerville-videos
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
sommerville-videos
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
sommerville-videos
 
Scada security
Scada securityScada security
Scada security
sommerville-videos
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classificationsommerville-videos
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
sommerville-videos
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
sommerville-videos
 
Scaling agile
Scaling agileScaling agile
Scaling agile
sommerville-videos
 
System dependability
System dependabilitySystem dependability
System dependability
sommerville-videos
 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineering
sommerville-videos
 

Viewers also liked (20)

Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breach
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependability
 
Infrastructure control
Infrastructure controlInfrastructure control
Infrastructure control
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructure
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
 
System success and failure
System success and failureSystem success and failure
System success and failure
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Scada security
Scada securityScada security
Scada security
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
System dependability
System dependabilitySystem dependability
System dependability
 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineering
 

Similar to Cybersecurity 3 cybersecurity costs and causes

CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
chapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptxchapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptx
GhofraneFerchichi2
 
Keeping security relevant amid digital transformation
Keeping security relevant amid digital transformationKeeping security relevant amid digital transformation
Keeping security relevant amid digital transformation
Symptai Consulting Limited
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
Peter Wood
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
This account is closed
 
Cyber Security - Awareness Presentation - High Level
Cyber Security - Awareness Presentation - High LevelCyber Security - Awareness Presentation - High Level
Cyber Security - Awareness Presentation - High Level
bbothma718
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Applied Forensic Research Sciences
 
Pros and Cons of Cyber Security in Current World
Pros and Cons of Cyber Security in Current WorldPros and Cons of Cyber Security in Current World
Pros and Cons of Cyber Security in Current World
Jetking Chandigarh
 
Overcoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart citiesOvercoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart cities
Saeed Al Dhaheri
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
Malu704065
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
AVEVA
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
 
Preventing Data Cloud Breaches with Zero Trust
Preventing Data Cloud Breaches with Zero TrustPreventing Data Cloud Breaches with Zero Trust
Preventing Data Cloud Breaches with Zero Trust
Sara Goodison
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibition
Dale Butler
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computing
ijtsrd
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
marukanda
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Ontario Cloud SIG
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
Radouane Mrabet
 

Similar to Cybersecurity 3 cybersecurity costs and causes (20)

CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
chapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptxchapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptx
 
Keeping security relevant amid digital transformation
Keeping security relevant amid digital transformationKeeping security relevant amid digital transformation
Keeping security relevant amid digital transformation
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
 
Cyber Security - Awareness Presentation - High Level
Cyber Security - Awareness Presentation - High LevelCyber Security - Awareness Presentation - High Level
Cyber Security - Awareness Presentation - High Level
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Pros and Cons of Cyber Security in Current World
Pros and Cons of Cyber Security in Current WorldPros and Cons of Cyber Security in Current World
Pros and Cons of Cyber Security in Current World
 
Overcoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart citiesOvercoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart cities
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
 
Preventing Data Cloud Breaches with Zero Trust
Preventing Data Cloud Breaches with Zero TrustPreventing Data Cloud Breaches with Zero Trust
Preventing Data Cloud Breaches with Zero Trust
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibition
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computing
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 

More from sommerville-videos

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
sommerville-videos
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
sommerville-videos
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
sommerville-videos
 
User stories
User storiesUser stories
User stories
sommerville-videos
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
sommerville-videos
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
sommerville-videos
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
sommerville-videos
 
Why se script
Why se scriptWhy se script
Why se script
sommerville-videos
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
sommerville-videos
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
sommerville-videos
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
sommerville-videos
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
sommerville-videos
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
sommerville-videos
 
System security
System securitySystem security
System security
sommerville-videos
 

More from sommerville-videos (16)

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
User stories
User storiesUser stories
User stories
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
Why se script
Why se scriptWhy se script
Why se script
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
 
System security
System securitySystem security
System security
 

Recently uploaded

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 

Recently uploaded (20)

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 

Cybersecurity 3 cybersecurity costs and causes

  • 1. Introduction to cybersecurity, 2013 Slide 1 Cybersecurity: costs and causes
  • 2. Introduction to cybersecurity, 2013 Slide 2 The cybersecurity problem • How big a problem is cybersecurity for individuals, businesses and nations? • Why is it difficult to make networked systems secure?
  • 3. Introduction to cybersecurity, 2013 Slide 3 The scale of the problem • It’s a big problem • How big ? We really do not know • Many surveys on cyber-security related losses but very wide variations and different methodologies
  • 4. Introduction to cybersecurity, 2013 Slide 4 Individuals • Cyber fraud • Identity theft • Cyber bullying and cyber stalking
  • 5. Introduction to cybersecurity, 2013 Slide 5 © The Guardian 2013
  • 7. Introduction to cybersecurity, 2013 Slide 7 Businesses • Differing estimates: – The extent of losses depends on how these losses are measured and what data is collected • Industry reluctant to release figures but when they do, they tend to overvalue assets
  • 8. Introduction to cybersecurity, 2013 Slide 8 © The Scotsman 2013 © deadline.co.uk 2012
  • 9. Introduction to cybersecurity, 2013 Slide 9 © The IET 2013
  • 10. Introduction to cybersecurity, 2013 Slide 10 Nations • Cyberattacks on critical infrastructures are seen as a critical economic risk by all countries • Significant resources now being devoted to cyberdefence
  • 11. Introduction to cybersecurity, 2013 Slide 11 © Wall Street Journal, 2013
  • 12. Introduction to cybersecurity, 2013 Slide 12© World Affairs Journal 2013
  • 13. Introduction to cybersecurity, 2013 Slide 13 • Why has cybersecurity become such a major problem – Scale and ubiquity of the internet – Lower level of physical risk to criminals – Fundamental business and technical reasons for insecurity
  • 14. Introduction to cybersecurity, 2013 Slide 14 Business reasons • Connection of computers to the internet can cut costs, improve the efficiency and responsiveness of business processes and open up new opportunities for interaction. Therefore business has focused on connectivity rather than security
  • 15. Introduction to cybersecurity, 2013 Slide 15 • Security is inconvenient and slows down transactions. Businesses have decided to prioritise convenience and usability over security. • Accepting the cost of losses through cyber fraud may be a cost-effective strategy
  • 16. Introduction to cybersecurity, 2013 Slide 16 Internet vulnerabilities • The Internet was invented in the 1970s as a network between organisations that were trustworthy and which trusted each other • The information maintained on their computers was non-commercial and not thought to be of interest to others
  • 17. Introduction to cybersecurity, 2013 Slide 17 • Consequently, security was not a factor in the design of internet protocols, practices and equipment. • Security slows things down so efficiency was prioritized
  • 18. Introduction to cybersecurity, 2013 Slide 18 • These protocols made it easy for the Internet to be universally adopted in the 1990s • However, the problems can only be properly addressed by a complete redesign of Internet protocols, which is probably commercially impractical.
  • 19. Introduction to cybersecurity, 2013 Slide 19 Internet vulnerabilities • Unencypted traffic by default • Packets can be intercepted and the contents read by anyone who intercepts these packets
  • 20. Introduction to cybersecurity, 2013 Slide 20 Internet vulnerabilities • DNS system – Possible to divert traffic from legitimate to malicious addresses – Easy to hide where traffic has come from • Domain name servers vulnerable to DoS attacks
  • 21. Introduction to cybersecurity, 2013 Slide 21 Internet vulnerabilities • Mail protocol – No charging mechanism for mail – Hence spam is possible
  • 22. Introduction to cybersecurity, 2013 Slide 22 Technology is not the only problem • Internet vulnerabilities make possible some kinds of cyber-attack but it is important to remember that cybersecurity is a socio-technical systems problem • Problems almost always stem from a mix of technical, human and
  • 23. Introduction to cybersecurity, 2013 Slide 23 Risk classification • Risks due to actions of people • Risks due to hardware or software • Risks due to organisational processes
  • 24. Introduction to cybersecurity, 2013 Slide 24 Actions of people • Deliberate or accidental exposure of legitimate credentials to attackers • Failure to maintain secure personal computers and devices
  • 25. Introduction to cybersecurity, 2013 Slide 25 • Insider corruption or theft of data • Preference for convenience and usability over security – Weak passwords set because they are easy to remember and quick to type
  • 26. Introduction to cybersecurity, 2013 Slide 26 Hardware and software • Misconfigured firewalls and mail filters • Programming errors and omissions in software lead to malicious penetration – Buffer overflow attacks – SQL poisoning attacks
  • 27. Introduction to cybersecurity, 2013 Slide 27 Organisational processes • No established process and checks for updating and patching software • Lack of security auditing • Lack of systematic backup processes
  • 28. Introduction to cybersecurity, 2013 Slide 28 Summary • Cyber attacks are a major cost for business, government and individuals. But quantifying this cost is difficult. – The Internet was not designed as a secure network and making it secure is practically impossible – To make systems useable, people take actions that introduce vulnerabilities into sociotechnical systems.