SlideShare a Scribd company logo

CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1

Download as PPTX, PDF
N
NilKhunt

dthxdf

Technology
1 of 18
Cyber Security Awareness
Causes of concern Common Causes of Cyber attacks Types of Cyber Attacks OWASP Top 10 / Server Hardening / Incident Reporting Violation of Information Security 01 02 Introduction Cyber Security Presentation Contents MHA Recommendations 03 04 05 06 07 08 News
Cyber Security • The internet allows an attacker to work from anywhere on the planet. • Cyber Security is the safeguarding of computer systems and networks against data leakage, theft, or damage to their hardware, software, or electronic data, as well as disruption or misdirection of services. Why is Cyber Awareness Important? • Cyber crime is a growing trend with advancement of technology • Raise awareness of threats • As with most crimes the police can’t tackle this problem alone • To encourage reporting of Cyber Crime to enforcement agencies • Cyber crime is massively under reported. Risks caused by poor security knowledge and practice • Identity Theft • Monetary Theft • Legal Ramifications (for yourself and your organization) • Departmental Action or termination as per the policies
Causes for Concern University of North Dakota: https://onlinedegrees.und.edu/blog/types-of-cyber-attacks/ On average, hackers attack every 39 seconds, 2,244 times a day. Since 2014, security breaches have increased by 67%. 68% of business leaders believe their cyber security risks are increasing. 25% of breaches in 2019 were motivated by espionage. 71% of breaches in 2019 were financially motivated. 4.1 billion records were exposed by data breaches in the first half of 2019.
Common Causes of Cyber attacks • Weak or stolen usernames and passwords • Application vulnerabilities • Absence of Antivirus and latest patches • Use of Pirated Operating Systems • System and Network Firewalls disabled • Social engineering (tricking people into breaking security protocols) • Poor access control (Unauthorized users have access) • Insider threats (System Password has not set) • Improper configuration of WIFI devices and Hotspots • Unnecessary Ports opened on Network for Backdoor Entry
Types of Cyber Attacks
Malware Internet Internet Service Providers Hackers & Snoopers Governments Malware is intrusive software that is designed to damage and destroy application and computer systems. Malware is a contraction for “malicious software.” Examples of common malware includes viruses, worms, Trojan viruses, spyware, adware, and ransomware. Salient Differences 1) Computer Virus: • Needs a host file • Copies itself • Executable 2) Network Worm: • No host (self-contained) • Copies itself • Executable 3) Trojan Horse: • No host (self-contained) • Does not copy itself • Imposter Program
•Phishing: a ‘trustworthy entity’ asks via e-mail for sensitive information such as UID, credit card numbers, login IDs or passwords. It is a kind of social engineering attack where a person steals the sensitive information of user in a fraud manner by disguising as a legitimate person. •Spoofing is a kind of computer virus attack where a person steals the details of important a legitimate user and acts as another user. It is a kind of identity theft. Cyber criminals use spoofing to fool victims into giving up sensitive information or money or downloading malware • Ransomware is a new type of malware that encrypts documents, pictures and other files, making them unreadable. The attacker then holds the decryption key for ransom until you agree to pay money, usually through an untraceable method such as BitCoin or other digital currency. Do: • Always verify the sender of a message. • Always hover over web page links (URLs) in email messages to see where they link to – beware URL shortening services (like bit.ly) that may obscure the final web site destination. • Be skeptical of messages with odd spelling/grammar, improper logos or that ask you to upgrade or verify your account. • Report suspicious emails to support@gov.in or NIC • Take backups of important files to avoid ransomware Don’t: • Open an attachment from an unknown sender. Consider the source and whether or not the file was expected. • Click on a link from an unknown sender.
Social engineering manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. Phone Call: This is John, the System Admin. What is your password? Email: ABC Bank has noticed a problem with your account… In Person: What ethnicity are you? Your mother’s maiden name? and have some software patches I have come to repair your machine…
Violation of Information Security The classified official communication(i.e. in four categories TOP SECRET, SECRET, CONFIDENTIAL and RESTRICTED. ) on public domain messaging platform like WhatsApp, Telegram, messenger etc. is a clear violation of information security instructions as provided in Manual of Departmental Security Instructions (MoDSl) and National information Security Policy Guidelines (NISPG). According to NISPG, the Top Secret and Secret information shall be shared only in a closed network with leased line connectivity where ScientificAnalysis Group - DRDO(SAG) grade encryption mechanism is deployed. However, Confidential and Restricted information can be shared on internet through networks that have deployed commercial AES 256-bit encryption. International Threat Information shall be harvested by private companies owning the platform as they control storage servers that are often located outside the country. Information Tampering Disrupt digital operations or damage information of the plans and projects yet to be formalized Individual Information leakage Personal information of an individual is used for adversaries or can be monetised for gains.
1) Use E-Office for official communication: The product is developed by National Informatics Centre (NIC) and aims to usher in more efficient, effective and transparent inter-government and intra- government transactions and processes. it may be advised that the Ministry/Department may deploy proper firewalls and white-listing of lP addresses. The eOffice service may be accessed through a Virtual Private Network (VPN) for enhanced security. The Top Secret & Secret information shall be shared over the e-Office system only with leased line closed network and SAG grade encryption mechanism. Benefits of eOffice : • Enhance transparency • Increase accountability • Assure data security and data integrity • Promote innovation by releasing staff energy and time from unproductive procedures • Transform the government work culture and ethics MHA Recommendations to maintain Cyber Security
2) Use Government Email (NIC Email) for official communication: NlC email facility or Government instant Messaging Platforms (such as CDAC's Samvad, NIC's Sandesh, etc.) is recommended in the Ministry/Departments for the communication of Confidential and Restricted information. However, utmost care should be taken during the classification of information and before the communication of the same over internet (i.e. an information which may deserve a Top Secret & Secret classification shall not be downgraded to Confidential/Restricted for the purpose of sharing the information over the internet). • Features… • Email platform is supported by 2-level authentication factor i.e. KAVACH which enables extra security. • The feature of BRIEFCASE which is used to store the personalize data similar to google drive • NIC never asks… •… for your credentials via email or over the phone. • … to follow a link to clean a virus from your email mailbox, upgrade or reactivate your account. •… you to update or increase your email quota. When in doubt, forward suspicious emails to support@gov.in or NIC Division of Ministry MHA Recommendations to maintain Cyber Security(Cont.)
3) Use only Government Video Conferencing solutions: The VC platforms offered by CDAC, CDOT and NIC (BharatVC, VidyoConnect, Studio based) may be used. The meeting lD and password shall be shared only with authorized participants. To ensure better security, the 'Waiting Room' facility and prior registration of the participants may be used. However, Top Secret and Secret information shall not be shared during the VC. Benefits of Government VC solutions : • Due to secure network transmission which assures data security and data integrity • Data recordings and sharing rights are confined within government organizations like CDAC, CDOT and NIC. • It prohibits the trespassers from breaching into the system as communication happens within dedicated government network and servers. MHA Recommendations to maintain Cyber Security(Cont.)
4) Avoid Digital Assistant devices: While discussing official information avoid usage of digital assistant devices like Amazon's Echo, Apple's HomePod, Google Home, etc. and may not be kept in office. Further, Digital Assistants (such as Alexa, Siri, etc.) should be turned off in the smart phones/watches used by the employee. Smart phones may be deposited outside the meeting room during discussion on classified issues. Benefits of avoiding digital assistant devices: • Decrease the chances of incident that results in unauthorized access to information. • Increase accountability MHA Recommendations to maintain Cyber Security(Cont.)
The Open Web Application Security Project (OWASP) Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. OWASP Top 10 / Server Hardening / Incident Reporting Server hardening is a set of disciplines and techniques which improve the security of an server. Hardening is the changes made in configuration, access control, network settings and server environment, including applications, in order to improve the server security and overall security of an organization’s IT infrastructure.  CERT-In is functional organization under MEitY with the objective of securing India cyber space and respond to cyber attacks.  incident@cert-in.org.in is the email address to report any incident of cyber attack.  For closing of Fake / clone websites and applications FIR copy is mandatory for necessary actions.
News…!!!
THANK YOU…!!!

Recommended

CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
prtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
Imran Khan
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security Threats
Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
SonakshiMundra
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptx
jondon17
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
MBRoman1
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
ANIKETKUMARSHARMA3
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
AkshayKhade21
 

Recommended

CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
prtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
Imran Khan
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security Threats
Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
SonakshiMundra
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptx
jondon17
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
MBRoman1
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
ANIKETKUMARSHARMA3
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
AkshayKhade21
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
56ushodayareddy
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
PradeeshSAI
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
KARANSINGHD
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
MuhammadRehan856177
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
MuhammadRehan856177
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
Net at Work
 
6 security
6 security6 security
6 security
valency paul
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptx
jondon17
 
Cyber security By rajeev.pptx
Cyber security By rajeev.pptxCyber security By rajeev.pptx
Cyber security By rajeev.pptx
AmeyBarbade1
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptx
RishabhDwivedi70
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Vansh Verma
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
Brian Pichman
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
Cyber security best practices power point presentation
Cyber security best practices power point presentationCyber security best practices power point presentation
Cyber security best practices power point presentation
AbcdEfg576575
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
AwodiranOlumide
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
David J Rosenthal
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy control
Sifat Hossain
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Breaking the Ruby Performance Barrier with YJIT
Breaking the Ruby Performance Barrier with YJITBreaking the Ruby Performance Barrier with YJIT
Breaking the Ruby Performance Barrier with YJIT
maximechevalierboisv1
 

More Related Content

Similar to CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1

Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
56ushodayareddy
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
PradeeshSAI
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
KARANSINGHD
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
MuhammadRehan856177
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
MuhammadRehan856177
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
Net at Work
 
6 security
6 security6 security
6 security
valency paul
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptx
jondon17
 
Cyber security By rajeev.pptx
Cyber security By rajeev.pptxCyber security By rajeev.pptx
Cyber security By rajeev.pptx
AmeyBarbade1
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptx
RishabhDwivedi70
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Vansh Verma
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
Brian Pichman
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
Cyber security best practices power point presentation
Cyber security best practices power point presentationCyber security best practices power point presentation
Cyber security best practices power point presentation
AbcdEfg576575
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
AwodiranOlumide
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
David J Rosenthal
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy control
Sifat Hossain
 

Similar to CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1 (20)

Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
 
6 security
6 security6 security
6 security
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptx
 
Cyber security By rajeev.pptx
Cyber security By rajeev.pptxCyber security By rajeev.pptx
Cyber security By rajeev.pptx
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptx
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Cyber security best practices power point presentation
Cyber security best practices power point presentationCyber security best practices power point presentation
Cyber security best practices power point presentation
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy control
 

Recently uploaded

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Breaking the Ruby Performance Barrier with YJIT
Breaking the Ruby Performance Barrier with YJITBreaking the Ruby Performance Barrier with YJIT
Breaking the Ruby Performance Barrier with YJIT
maximechevalierboisv1
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
QADay
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 

Recently uploaded (20)

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Breaking the Ruby Performance Barrier with YJIT
Breaking the Ruby Performance Barrier with YJITBreaking the Ruby Performance Barrier with YJIT
Breaking the Ruby Performance Barrier with YJIT
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 

CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1

  • 2. Causes of concern Common Causes of Cyber attacks Types of Cyber Attacks OWASP Top 10 / Server Hardening / Incident Reporting Violation of Information Security 01 02 Introduction Cyber Security Presentation Contents MHA Recommendations 03 04 05 06 07 08 News
  • 3. Cyber Security • The internet allows an attacker to work from anywhere on the planet. • Cyber Security is the safeguarding of computer systems and networks against data leakage, theft, or damage to their hardware, software, or electronic data, as well as disruption or misdirection of services. Why is Cyber Awareness Important? • Cyber crime is a growing trend with advancement of technology • Raise awareness of threats • As with most crimes the police can’t tackle this problem alone • To encourage reporting of Cyber Crime to enforcement agencies • Cyber crime is massively under reported. Risks caused by poor security knowledge and practice • Identity Theft • Monetary Theft • Legal Ramifications (for yourself and your organization) • Departmental Action or termination as per the policies
  • 4. Causes for Concern University of North Dakota: https://onlinedegrees.und.edu/blog/types-of-cyber-attacks/ On average, hackers attack every 39 seconds, 2,244 times a day. Since 2014, security breaches have increased by 67%. 68% of business leaders believe their cyber security risks are increasing. 25% of breaches in 2019 were motivated by espionage. 71% of breaches in 2019 were financially motivated. 4.1 billion records were exposed by data breaches in the first half of 2019.
  • 5. Common Causes of Cyber attacks • Weak or stolen usernames and passwords • Application vulnerabilities • Absence of Antivirus and latest patches • Use of Pirated Operating Systems • System and Network Firewalls disabled • Social engineering (tricking people into breaking security protocols) • Poor access control (Unauthorized users have access) • Insider threats (System Password has not set) • Improper configuration of WIFI devices and Hotspots • Unnecessary Ports opened on Network for Backdoor Entry
  • 6. Types of Cyber Attacks
  • 7. Malware Internet Internet Service Providers Hackers & Snoopers Governments Malware is intrusive software that is designed to damage and destroy application and computer systems. Malware is a contraction for “malicious software.” Examples of common malware includes viruses, worms, Trojan viruses, spyware, adware, and ransomware. Salient Differences 1) Computer Virus: • Needs a host file • Copies itself • Executable 2) Network Worm: • No host (self-contained) • Copies itself • Executable 3) Trojan Horse: • No host (self-contained) • Does not copy itself • Imposter Program
  • 8. •Phishing: a ‘trustworthy entity’ asks via e-mail for sensitive information such as UID, credit card numbers, login IDs or passwords. It is a kind of social engineering attack where a person steals the sensitive information of user in a fraud manner by disguising as a legitimate person. •Spoofing is a kind of computer virus attack where a person steals the details of important a legitimate user and acts as another user. It is a kind of identity theft. Cyber criminals use spoofing to fool victims into giving up sensitive information or money or downloading malware • Ransomware is a new type of malware that encrypts documents, pictures and other files, making them unreadable. The attacker then holds the decryption key for ransom until you agree to pay money, usually through an untraceable method such as BitCoin or other digital currency. Do: • Always verify the sender of a message. • Always hover over web page links (URLs) in email messages to see where they link to – beware URL shortening services (like bit.ly) that may obscure the final web site destination. • Be skeptical of messages with odd spelling/grammar, improper logos or that ask you to upgrade or verify your account. • Report suspicious emails to support@gov.in or NIC • Take backups of important files to avoid ransomware Don’t: • Open an attachment from an unknown sender. Consider the source and whether or not the file was expected. • Click on a link from an unknown sender.
  • 9. Social engineering manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. Phone Call: This is John, the System Admin. What is your password? Email: ABC Bank has noticed a problem with your account… In Person: What ethnicity are you? Your mother’s maiden name? and have some software patches I have come to repair your machine…
  • 10. Violation of Information Security The classified official communication(i.e. in four categories TOP SECRET, SECRET, CONFIDENTIAL and RESTRICTED. ) on public domain messaging platform like WhatsApp, Telegram, messenger etc. is a clear violation of information security instructions as provided in Manual of Departmental Security Instructions (MoDSl) and National information Security Policy Guidelines (NISPG). According to NISPG, the Top Secret and Secret information shall be shared only in a closed network with leased line connectivity where ScientificAnalysis Group - DRDO(SAG) grade encryption mechanism is deployed. However, Confidential and Restricted information can be shared on internet through networks that have deployed commercial AES 256-bit encryption. International Threat Information shall be harvested by private companies owning the platform as they control storage servers that are often located outside the country. Information Tampering Disrupt digital operations or damage information of the plans and projects yet to be formalized Individual Information leakage Personal information of an individual is used for adversaries or can be monetised for gains.
  • 11. 1) Use E-Office for official communication: The product is developed by National Informatics Centre (NIC) and aims to usher in more efficient, effective and transparent inter-government and intra- government transactions and processes. it may be advised that the Ministry/Department may deploy proper firewalls and white-listing of lP addresses. The eOffice service may be accessed through a Virtual Private Network (VPN) for enhanced security. The Top Secret & Secret information shall be shared over the e-Office system only with leased line closed network and SAG grade encryption mechanism. Benefits of eOffice : • Enhance transparency • Increase accountability • Assure data security and data integrity • Promote innovation by releasing staff energy and time from unproductive procedures • Transform the government work culture and ethics MHA Recommendations to maintain Cyber Security
  • 12. 2) Use Government Email (NIC Email) for official communication: NlC email facility or Government instant Messaging Platforms (such as CDAC's Samvad, NIC's Sandesh, etc.) is recommended in the Ministry/Departments for the communication of Confidential and Restricted information. However, utmost care should be taken during the classification of information and before the communication of the same over internet (i.e. an information which may deserve a Top Secret & Secret classification shall not be downgraded to Confidential/Restricted for the purpose of sharing the information over the internet). • Features… • Email platform is supported by 2-level authentication factor i.e. KAVACH which enables extra security. • The feature of BRIEFCASE which is used to store the personalize data similar to google drive • NIC never asks… •… for your credentials via email or over the phone. • … to follow a link to clean a virus from your email mailbox, upgrade or reactivate your account. •… you to update or increase your email quota. When in doubt, forward suspicious emails to support@gov.in or NIC Division of Ministry MHA Recommendations to maintain Cyber Security(Cont.)
  • 13. 3) Use only Government Video Conferencing solutions: The VC platforms offered by CDAC, CDOT and NIC (BharatVC, VidyoConnect, Studio based) may be used. The meeting lD and password shall be shared only with authorized participants. To ensure better security, the 'Waiting Room' facility and prior registration of the participants may be used. However, Top Secret and Secret information shall not be shared during the VC. Benefits of Government VC solutions : • Due to secure network transmission which assures data security and data integrity • Data recordings and sharing rights are confined within government organizations like CDAC, CDOT and NIC. • It prohibits the trespassers from breaching into the system as communication happens within dedicated government network and servers. MHA Recommendations to maintain Cyber Security(Cont.)
  • 14. 4) Avoid Digital Assistant devices: While discussing official information avoid usage of digital assistant devices like Amazon's Echo, Apple's HomePod, Google Home, etc. and may not be kept in office. Further, Digital Assistants (such as Alexa, Siri, etc.) should be turned off in the smart phones/watches used by the employee. Smart phones may be deposited outside the meeting room during discussion on classified issues. Benefits of avoiding digital assistant devices: • Decrease the chances of incident that results in unauthorized access to information. • Increase accountability MHA Recommendations to maintain Cyber Security(Cont.)
  • 15. The Open Web Application Security Project (OWASP) Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. OWASP Top 10 / Server Hardening / Incident Reporting Server hardening is a set of disciplines and techniques which improve the security of an server. Hardening is the changes made in configuration, access control, network settings and server environment, including applications, in order to improve the server security and overall security of an organization’s IT infrastructure.  CERT-In is functional organization under MEitY with the objective of securing India cyber space and respond to cyber attacks.  incident@cert-in.org.in is the email address to report any incident of cyber attack.  For closing of Fake / clone websites and applications FIR copy is mandatory for necessary actions.
  • 16.