The document provides an introduction to cybersecurity, covering key concepts, historical context, and the importance of critical thinking in managing cybersecurity challenges. It discusses fundamental principles such as the CIA triad (confidentiality, integrity, availability), common security threats, and the roles of professionals in the field. Additionally, it highlights the growing demand for cybersecurity roles and the need for ongoing skills development in response to evolving threats.

1. CYBER SECURITY BASICS
AN INTRODUCTION TO CYBER SECURITY
SPEAKER : ARAVIND R

2. KEY CONCEPTS
• What is cybersecurity and describe key terms, security roles & roles within an IT
association
• History of cybersecurity
• Why critical thinking is an important skill in cybersecurity space
• Why securing online resources are hard and what resources are available to help
WWW.ARAVINDR.COM

3. OVERVIEW OF CYBERSECURITY TOOLS & CYBER ATTACKS
• Current Challenges in Cybersecurity
• Threats are Increasing
• Alerts to threats are increasing
• Need for security analysts and experts are in high demand
• Required knowledge on cybersecurity space is increasing
• Less time
By 2022, there will be 1.8 Million
unfulfilled Cybersecurity jobs
WWW.ARAVINDR.COM

4. OVERVIEW OF CYBERSECURITY TOOLS & CYBER ATTACKS
• Security Operation Center Analyst Tasks
• Review security incidents in Security Incident & Event
Management (SIEM)
• Review the relevant data that embrace the incident
• Trace the data to find the outcast (Unusual hits, Ips,
Access)
• Think and search out side the to capture more data
around that incident
• Decide on which to focus next
Monitor
&
Review
Prioritize
Embrace
the Data
Trace the
Data
Gather
More
Data
Repeat
WWW.ARAVINDR.COM

5. • According to NIST (National Institute of
Standards and Technology)
• It is the protection of Information Systems from unauthorizes
activities in order to provide confidentiality, integrity and
availability or CIA Triad
• CIA Triad has three different principles
• Confidentiality : It is similar to Privacy. It measures the prevention
of data from falling into the hands of people who does not have
authorization to access the data
• Integrity : In the digital world Integrity is all making sure the data
is accurate and unmodified. It is the measure of making sure that
the data that is sent over a network reaches the destination
without any tampering
• Availability : It is the measure of ensuring the availability of the
data throughout the journey and mainly focused on maintenance
and upgrading of hardware, software and operating system
environments.
WHAT IS CYBERSECURITY?
WWW.ARAVINDR.COM

6. KEY TERMINOLOGIES IN CYBERSECURITY SPACE
• Vulnerability
• A flaw, loophole, oversight or error that can be
exploited to violate system security policy
• Threat
• A threat is an event (natural or man-made), able
to cause negative impact to an organization
• Exploit
• An exploit is defined a way to breach the
security of on IT System through an vulnerability
• Risk
• It is a situation or scenario that is exposed to
danger
Information
Systems
Vulnerability
Threat
Exploit
Risk
WWW.ARAVINDR.COM

7. SECURITY THREATS
Security
Threats
Human
Internal
Former
Employees
Current
Employees
External
Malicious
Events
Hackers or
Crackers
Virus, Trojans
& Worms
Natural
Lightning,
Hurricane
Tornado,
Tsunami
WWW.ARAVINDR.COM

8. VULNERABILITY ASSESSMENT
• Vulnerability assessment is a search of exploits or exposures in order to
apply a patch or fix to prevent a compromise
• There are many systems that are shipped with known and unknown
• Security loops
• Bugs
• Default passwords
• As per the analysis, most vulnerabilities are result of misconfigurations by
system admins
WWW.ARAVINDR.COM

9. ROLES IN CYBER SECURITY
• CISO (Chief Information Security Officer)
• Information Security Architect
• Information Security Consultant / Specialist
• Information Security Analyst
• Information Security Auditor
• Security Software Developer
• Penetration Tester or Ethical Hacker
• Vulnerability Assessor
WWW.ARAVINDR.COM

10. CYBERSECURITY INTRODUCTION
• Why it is Hard to Implement Online Security?
• This analysis is done in 2018 “Data Never Sleeps
• The figures represents the count of data that has been
shared and uploaded to cloud
• And you the interesting part? Those are minute numbers
• Do we know the worth of data we share in the internet?
• Couple of Facebook post, Few Twitter Shares &
Instagram Uploads → 1000$
• What is difficult now?
• Lots of devices that are connected to Internet
• All these devices are to be protected
• Protection is not for the Product but to the assets the
Product holds
WWW.ARAVINDR.COM

11. CYBERSECURITY, HOW AND WHERE TO START?
• Evaluate
• Identify
• Understand the Risk & Threats
Security
Program
• Confidentiality
• Integrity
• Availability
Asset
Management
• Implementation of Network Infra, Servers, Protection
Standards
• Vulnerability Management
• Firewalls
Tech Controls
• Security Policies
• Incident Response Teams
• Disaster Recovery Procedures & Compliances
Admin
Controls
WWW.ARAVINDR.COM

12. • Within the Principles for Security, we hear
• Confidentiality : Only the sender, intended receiver should
understand the message. Authentication : Sender, Receiver to
confirm their identity
• Message Integrity : Sender, Receiver to make sure the intended
message is not altered in any ways. Be it after sent, in transit or
after receiving
• Availability : Services should be available to users
WHAT IS SECURITY?
Sender Receiver
Intruder
Data Data
DataChannels
WWW.ARAVINDR.COM

13. ADDITIONAL CHALLENGES
• Security is not as simple as it seems
• Easy Requirements, Tough Solutions
• Solutions can be the targets themselves
• Security Policy to ben enforced can be changed
• Protection sometimes makes the solutions complicated
• Breaking the security walls is as much important as the data
• No one likes security until it is required
• The value of security is always overlooked
Protectors has to be Right all the
Time, Attackers only once
WWW.ARAVINDR.COM

14. • What is Critical Thinking?
• Does not have a hard and fast definition
• According to me it is an analysis & evaluation of a situation in
order to come to a decision
• Why in Cybersecurity?
• Cybersecurity is a diverse, multifaced field with
• Changing atmosphere
• Fast-Paced
• Various Stakeholders
• Critical thinking helps us to think and act in scenarios where
we longer find answers or we do not have a specific
approach / procedures
• Art 50%, Science 50%. It is subjective and not possible to
measure
CRITICAL THINKING IN CYBERSECURITY
WWW.ARAVINDR.COM

15. CRITICAL THINKING – 5 SKILLS
• An Assumption is a thought that help us to predict an outcome, Based on our past experience
• It may be right or wrong
• High chances that it may turn out to be a Risk
• Perform a through brainstorming session with the list of assumptions
Challenge
Assumptions
Consider
Alternatives
Evaluate
Data
Identify
Key Drivers
Get the
Context
• Do not conclude with one path. Think from another angle always
• Our brains can come up with a scenario with just few inputs of data
• Missing to consider all the data or alternate paths can lead us down the wrong path
• Know Your Data. What does normal looks like. What is the Anomaly?
• Benchmark on what’s normal (Web Traffic, Network, Endpoints, Volume etc..)
• Be in the urge of finding inconsistent data
WWW.ARAVINDR.COM

16. CRITICAL THINKING – 5 SKILLS
• Technology : Encryption | Authentication | Tools | Infrastructure
• Regulatory : Privacy | Intellectual Property | Safety Regulations
• Employees : Employee Perspective | Skills | Training Needs
• Threat Actions : Technical Capability | Motives | Opportunity
Challenge
Assumptions
Consider
Alternatives
Evaluate
Data
Identify
Key Drivers
Get the
Context
• Understand the operational environment based on your work
• Think yourself from other’s shoes. What do they need from me? | How can I frame the issue?
• Framing Technique will help us to think from other’s perspective
• Key Components
• Factors at Play
• Relationships
• Similarities / Differences
• Redefine
WWW.ARAVINDR.COM

17. TOP CYBERSECURITY ORGANIZATIONS
• WICys Organization : https://www.wicys.org/about-wicys
• The SANS Institute : https://www.sans.org/about/
• OWASP :
https://wiki.owasp.org/index.php/About_The_Open_Web_Application_Security_Project
• ISSA : https://www.issa.org/about-issa/
• FIRST : https://www.first.org/about/
WWW.ARAVINDR.COM

18. WWW.ARAVINDR.COM

19. WWW.ARAVINDR.COM
REFERENCES & SOURCES
Coursera : Introduction to Cybersecurity - https://www.coursera.org/learn/introduction-
cybersecurity-cyber-attacks

20. THANK YOU
WWW.ARAVINDR.COM