SlideShare a Scribd company logo

Information and Cyber Warfare

Swapnil Jagtap
Swapnil Jagtap

This document is a report submitted by Swapnil S. Jagtap to the University of Pune for their Master's degree in Computer Engineering. The report discusses information and cyber warfare, including definitions, characteristics of cyber attacks, and ways attackers can gain access to information systems. It covers topics such as understanding cyber threats, why businesses need cyber security, getting the basics of cyber security right, assessing risks to businesses, and how to manage those risks through planning, implementation, and review.

Engineering
1 of 18
Download to read offline
Information and Cyber Warfare A REPORT SUBMITTED TO UNIVERSITY OF PUNE, PUNE FOR THE PARTIAL FULFILLMENT OF AWARD OF DEGREE Of MASTER OF ENGINEERING In (Computer Engineering) By Swapnil S. Jagtap Semester-II Roll No: ****** UNDER THE GUIDANCE OF Guide Name (Department of Computer Engineering) VPCOE, Baramati DEPARTMENT OF COMPUTER ENGINEERING Vidya Pratishthan’s College of Engineering, Vidyanagari Bhigawan Road Baramati, Dist. Pune Pin-413133 2015-2016
CERTIFICATE This is to certify that Mr. Swapnil S. Jagtap has successfully submitted his report to Department of Computer Engineering, VPCOE, Baramati, on Information and Cyber Warfare During the academic year 2015-2016 in the partial fulfillment towards completion of First year of Master of Engineering in Computer Engineering, of Pune University, Pune(Maharashtra) Swapnil S. Jagtap Guide Name Student Guide Dept. of Comp. Engg. Dept. of Comp. Engg. Date : Place: VPCOE, Baramati.
Contents 1 Introduction 3 2 What you need to know about cyber security 4 3 Why you need to know about cyber security 5 4 Getting the basics right 7 5 Taking a risk management approach: Understanding the risks to your business 9 6 How you can manage the risks 11 6.1 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 6.2 Implementing . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 6.3 Reviewing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 7 Scenario: small business loses important contract 15 8 Protect your business with Cyber Essentials 16 9 References 17
Chapter 1 Introduction Understanding Cyber Threats There are various ways to gain access to information in cyberspace. At- tackers can exploit vulnerabilities in software and hardware. They can exploit security vulnerabilities by tricking people into opening infected emails or vis- iting corrupted websites that infect their computers with malicious software. They can take advantage of people who fail to follow basic cyber security practices, such as changing their passwords frequently; updating their an- tivirus protection on a regular basis, and using only protected wireless net- works. Once they have access to a computer, attackers can steal or distort the information stored on it, corrupt its operations and program it to attack other computers and the systems to which they are connected. In many cases, victims suffer a theft of their identity and/or their personal assets. Though certain attack tools and techniques are more costly and sophisti- cated than others, most cyber attacks share four characteristics that, in part, account for their growing popularity. Cyber attacks are often: • In expensive - Many attack tools can be purchased for a modest price or downloaded for free from the Internet; • Easy - Attackers with only basic skills can cause significant damage; • Effective - Even minor attacks can cause extensive damage; and • Low risk - Attackers can evade detection and prosecution by hiding their tracks through a complex web of computers and exploiting gaps in domestic and international legal regimes. 3
Chapter 2 What you need to know about cyber security You’ve worked hard to build your business and make it a success. Youre probably using a range of IT equipment and using the internet to advertise your business and sell online. The internet brings huge business opportunities and benefits, but it also brings risks. Every day there are cyber attacks on UK companies like yours, attempting to steal your information and money, or disrupt your business. It is increasingly important to manage these risks to take advantage of the internet whilst protecting your business. In 2014, 60% of small The average cost of the business experienced a worst breach was 65,000 cyber breach to 115,000 Euros You can keep your business safe and protect against online threats by putting some simple measures in place. This report shows you how. 4
Chapter 3 Why you need to know about cyber security Cyber security is about protecting your computer-based equipment and information from unintended or unauthorised access, change, theft or de- struction. Good cyber security can enhance the reputation of your business and open up new commercial opportunities. Most companies now use the internet to do business, to advertise and sell, find new markets, customers and staff, communicate with customers and suppliers, and carry out financial transactions. The internet brings huge business opportunities and benefits. But it also brings risks. Every day there are attacks on the IT systems of UK companies like yours, attempting to steal your information and money, or disrupt your business. You can never be totally safe, but most online attacks can be pre- vented or detected with basic security practices for your staff, processes and IT systems. These security practices are as important as locking your doors or putting your cash in a safe. You can manage your online security in the same way you would protect any other aspect of your business. With more customers demanding that their suppliers are secure, this is becoming a busi- ness necessity. This report provides you with a good practice foundation for business owners and managers. Youll find links to other sources of good ad- vice at the end of this booklet if you need them. You dont need to be an IT expert to improve your security. Simple measures can make all the difference. 5
Take the simple steps set out in this report and your business will benefit. You can save money through adopting an efficient risk man- agement approach - plan, implement and review. You can gain a competitive advantage by being seen to take security seriously gaining the Cyber Essen- tials badge will help you do this. Good security can be an enabler for a thriving business: you will be protecting your assets, your reputation, your customers, and your peace of mind. 6
Chapter 4 Getting the basics right Taking some simple actions and practising safe behaviours will reduce the risk of online threats to your business. Download software updates Download software and app updates as soon as they appear. They con- tain vital security upgrades that keep your devices and business information safe. Use strong passwords Use strong passwords made up of at least three random words. Using lower and upper case letters, numbers and symbols will make your pass- words even stronger. Delete suspicious emails Delete suspicious emails as they may contain fraudulent requests for in- formation or links to viruses. 7
Use anti-virus software Your computers, tablets and smartphones can easily become infected by small pieces of software known as viruses or malware. Install internet secu- rity software like anti-virus on all your devices to help prevent infection. Train your staff Make your staff aware of cyber security threats and how to deal with them. The Government offers free online training courses tailored for you and your staff which take around 60 minutes to complete. 8
Chapter 5 Taking a risk management approach: Understanding the risks to your business What is directly at risk ? Your money, your information, your reputation, your IT equipment and your IT-based services. Information is an asset that can take many forms: client lists, customer databases, your financial details, your customer’s finan- cial details, deals you are making or considering, your pricing information, product designs or manufacturing processes. There is a risk to your IT ser- vices and information wherever they are stored, whether held on your own systems and devices, or on third-party hosted systems (i.e. ‘in the cloud’). Who could pose a threat to these assets ? • Current or former employees, or people you do business with. Com- promising your information by accident, through negligence, or with malicious intent. • Criminals. Out to steal from you, compromise your valuable informa- tion or disrupt your business because they don’t like what you do. • Business competitors. Wanting to gain an economic advantage. 9
What form could the threat take ? • Theft or unauthorised access of computers, laptops, tablets, mobiles. • Remote attack on your IT systems or website. • Attacks to information held in third party systems e.g. your hosted services or company bank account. • Gaining access to information through your staff. What impact could an attack have ? • Financial losses from theft of information, financial and bank details or money. The average cost of the worst security breach is between 65,000 to 115,000 Euros. • Financial losses from disruption to trading and doing business espe- cially if you are dependent on doing business online. The worst breaches can result in a business being put of action for up to 10 days. • Losing business from bad publicity & damage to your reputation & customer base. • Costs from cleaning up affected systems and getting them up and run- ning. • Costs of fines if personal data is lost or compromised. • Damage to other companies that you supply or are connected to. 10
Chapter 6 How you can manage the risks 11
6.1 Planning Take these steps to make information security part of your normal business risk management procedures. • Consider whether your business could be a target - this will indicate the level of risk your business is exposed to. Ask around to see whether any of your suppliers, major customers or similar businesses in your area have been attacked, so you can learn from their experiences. • Know whether you need to comply with personal data protection leg- islation and Payment Card Industry compliance. • Identify the financial and information assets that are critical to your business, and the IT services you rely on, such as the ability to take payments via your website. • Assess all the IT equipment within your business, including mobile and personal IT devices. Understand the risks to all of these things by considering how they are currently managed and stored, and who has access to them. • Assess the level of password protection required to access your equip- ment and/or online services by your staff, third parties and customers, and whether it is enough to protect them. • Ensure that your staff have appropriate awareness training, so that everyone understands their role in keeping the business secure. Decide whether you need to make an investment, or seek expert advice, to get the right security controls in place for your business. You could seek advice from accredited security consultants, internet and managed service providers or even your web designer if they have the capability. • Consider who you could turn to for support if you are attacked, or if your online services are disrupted in some way. Define what your recovery procedures would be, and how you could keep your business running, particularly if you trade online. • You may like to consider whether cyber insurance could protect your business against any impacts resulting from a cyber attack. 12
6.2 Implementing Take these steps to put the right security controls in place for your business. If you use third-party managed IT services, check your contracts and service level agreements, and ensure that whoever handles your systems and data has these security controls in place. • Malware protection: install anti-virus solutions on all systems, and keep your software and web browsers up to date. Consider restricting access to inappropriate websites to lessen the risk of being exposed to malware. Create a policy governing when and how security updates should be installed. • Network security: increase protection of your networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists and other measures. • Secure configuration: maintain an inventory of all IT equipment and software. Identify a secure standard configuration for all existing and future IT equipment used by your business. Change any default passwords. • Managing user privileges: restrict staff and third-party access to IT equipment, systems and information to the minimum required. Keep items physically secure to prevent unauthorised access. • Home and mobile working, including use of personal devices for work: ensure that sensitive data is encrypted when stored or trans- mitted online so that data can only be accessed by authorised users. • Removable media: restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on such media to prevent data being lost and malware from being installed. • Monitoring: monitor use of all equipment and IT systems, collect activity logs, and ensure that you have the capability to identify any unauthorised or malicious activity. 13
6.3 Reviewing Take these steps to review your security and respond to any changes or problems you identify, including attacks or disruption to busi- ness. • Test, monitor and improve your security controls on a regular basis to manage any change in the level of risk to your IT equipment, services and information. • Remove any software or equipment that you no longer need, ensuring that no sensitive information is stored on it when disposed of. Review and manage any change in user access, such as the creation of accounts when staff arrive and deletion of accounts when they leave. • If your business is disrupted or attacked, ensure that the response in- cludes removing any ongoing threat such as malware, understanding the cause of the incident and, if appropriate, addressing any gaps in your security that have been identified following the incident. • If you fall victim to online fraud or attack, you should report the in- cident to the police via the Action Fraud website. You may need to notify your customers and suppliers if their data has been compromised or lost. 14
Chapter 7 Scenario: small business loses important contract 15
Chapter 8 Protect your business with Cyber Essentials Once you’ve got the basics right and taken the steps outlined in this re- port, you are well on your way to becoming Cyber Essentials certified, which demonstrates to your customers you have good cyber security protections in place. Cyber Essentials is a new Government-backed and industry supported scheme to help businesses protect themselves against the common cyber threats seen online. Government analysis shows the majority of online threats could be prevented if businesses put basic security measures in place. This booklet describes many of those measures. Cyber Essentials builds on this by clearly setting out the five key controls organisations should have in place to protect against common internet-based threats. The Cyber Essentials documents are free to download and any organ- isation, large or small, can use the guidance to implement these essential security controls. Businesses can self-assess against the criteria, or seek in- dependent verification and gain the Cyber Essentials badge, which enables your company to advertise the fact that it adheres to a Government endorsed standard. There are two levels of assurance to provide flexibility and afford- ability: Cyber Essentials and Cyber Essentials Plus. Cyber Essentials is for all organisations, of all sizes, and in all sectors. This includes companies in the private sector, universities, charities, and public sector organisations. The Government encourages all organisations to adopt the requirements as appropriate to their business. 16
Chapter 9 References 1. Alperovitch, D. (2011) “Revealed: Operation Shady RAT”McAfee Cor- poration Santa Clara, CA. 2. EU (2010) MEMO/10/463: Proposal for a Directive on attacks against information systems, repealing Framework Decision 2005/222/JHA, European Union (EU), Brussels. 3. Lipinski, D., et al. (2010) “H.R. 4061: Cybersecurity Enhancement Act of 2010.”in 111th Congress 2009-2010, Washington, DC, United States House of Representatives. 4. Toure, H. (2010) “Securing Cyberspace.”in Annual Meeting 2010 of the World Economic Forum, Davos, Switzerland, World Economic Forum. 5. UN (2010) “A/RES/64/211: Creation of a Global Culture of Cyber- security and taking stock of national efforts to protect Critical Infor- mation Infrastructures.”in Sixty-Fourth Session of the United Nations (UN) General Assembly. 6. www.cyberstreetwise.com 7. www.nationalarchives.gov.uk/sme 8. www.actionfraud.police.uk 9. www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace 10. www.pcisecuritystandards.org 17

Recommended

Topic11
Topic11Topic11
Topic11
Anne Starr
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
KloudLearn
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?
Osei Fortune
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe Security
Rahul Tyagi
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity report
Kevin Leffew
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
Helen Carpenter
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation Slides
SlideTeam
 

Recommended

Topic11
Topic11Topic11
Topic11
Anne Starr
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
KloudLearn
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?
Osei Fortune
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe Security
Rahul Tyagi
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity report
Kevin Leffew
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
Helen Carpenter
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation Slides
SlideTeam
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
Imperva
 
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingCybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Bryan Len
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
Nawanan Theera-Ampornpunt
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
William McBorrough
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
SsendiSamuel
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
Michael Noel
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...Nicolas Beyer
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
Bloxx
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
Murray Security Services
 
Hacking3e ppt ch09
Hacking3e ppt ch09Hacking3e ppt ch09
Hacking3e ppt ch09
Skillspire LLC
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
Ivo Depoorter
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
kailash shaw
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus Cloud
Swapna Shetye
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
Community Protection Forum
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
PECB
 
Data security 2016 trends and questions
Data security 2016 trends and questionsData security 2016 trends and questions
Data security 2016 trends and questions
Bill McCabe
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutions
Capri Insurance
 
The Need for Internet Security for Small Businesses - 10 Best Practices | The...
The Need for Internet Security for Small Businesses - 10 Best Practices | The...The Need for Internet Security for Small Businesses - 10 Best Practices | The...
The Need for Internet Security for Small Businesses - 10 Best Practices | The...
TheEntrepreneurRevie
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 

More Related Content

What's hot

Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
Imperva
 
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingCybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Bryan Len
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
Nawanan Theera-Ampornpunt
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
William McBorrough
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
SsendiSamuel
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
Michael Noel
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...Nicolas Beyer
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
Bloxx
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
Murray Security Services
 
Hacking3e ppt ch09
Hacking3e ppt ch09Hacking3e ppt ch09
Hacking3e ppt ch09
Skillspire LLC
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
Ivo Depoorter
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
kailash shaw
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus Cloud
Swapna Shetye
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
Community Protection Forum
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
PECB
 
Data security 2016 trends and questions
Data security 2016 trends and questionsData security 2016 trends and questions
Data security 2016 trends and questions
Bill McCabe
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutions
Capri Insurance
 

What's hot (20)

Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingCybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex Training
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Hacking3e ppt ch09
Hacking3e ppt ch09Hacking3e ppt ch09
Hacking3e ppt ch09
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus Cloud
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
 
Data security 2016 trends and questions
Data security 2016 trends and questionsData security 2016 trends and questions
Data security 2016 trends and questions
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutions
 

Similar to Information and Cyber Warfare

The Need for Internet Security for Small Businesses - 10 Best Practices | The...
The Need for Internet Security for Small Businesses - 10 Best Practices | The...The Need for Internet Security for Small Businesses - 10 Best Practices | The...
The Need for Internet Security for Small Businesses - 10 Best Practices | The...
TheEntrepreneurRevie
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 
How to Protect Your Business from Cyber Threats | The Entrepreneur Review
How to Protect Your Business from Cyber Threats | The Entrepreneur ReviewHow to Protect Your Business from Cyber Threats | The Entrepreneur Review
How to Protect Your Business from Cyber Threats | The Entrepreneur Review
TheEntrepreneurRevie
 
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdf
Metaorange
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptx
Metaorange
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
Hokme
 
How to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdfHow to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdf
Mr. Business Magazine
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
netwealthInvest
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
Meg Weber
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To Know
Shantam Goel
 
Ri cyber-security-for-your-small-business
Ri cyber-security-for-your-small-businessRi cyber-security-for-your-small-business
Ri cyber-security-for-your-small-business
Meg Weber
 
Texas Cybersecurty Consulting - Blue Radius.pdf
Texas Cybersecurty Consulting - Blue Radius.pdfTexas Cybersecurty Consulting - Blue Radius.pdf
Texas Cybersecurty Consulting - Blue Radius.pdf
Vograce
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice Guide
Inspiring Women
 
Module 8 - External Crisis – Changing Technology.pptx
Module 8 - External Crisis – Changing Technology.pptxModule 8 - External Crisis – Changing Technology.pptx
Module 8 - External Crisis – Changing Technology.pptx
caniceconsulting
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
AwodiranOlumide
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
Skillmine Technology Consulting
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
Skillmine Technology Consulting
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
cyberprosocial
 
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
Lucy Zeniffer
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
 

Similar to Information and Cyber Warfare (20)

The Need for Internet Security for Small Businesses - 10 Best Practices | The...
The Need for Internet Security for Small Businesses - 10 Best Practices | The...The Need for Internet Security for Small Businesses - 10 Best Practices | The...
The Need for Internet Security for Small Businesses - 10 Best Practices | The...
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
 
How to Protect Your Business from Cyber Threats | The Entrepreneur Review
How to Protect Your Business from Cyber Threats | The Entrepreneur ReviewHow to Protect Your Business from Cyber Threats | The Entrepreneur Review
How to Protect Your Business from Cyber Threats | The Entrepreneur Review
 
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdf
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptx
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 
How to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdfHow to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdf
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To Know
 
Ri cyber-security-for-your-small-business
Ri cyber-security-for-your-small-businessRi cyber-security-for-your-small-business
Ri cyber-security-for-your-small-business
 
Texas Cybersecurty Consulting - Blue Radius.pdf
Texas Cybersecurty Consulting - Blue Radius.pdfTexas Cybersecurty Consulting - Blue Radius.pdf
Texas Cybersecurty Consulting - Blue Radius.pdf
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice Guide
 
Module 8 - External Crisis – Changing Technology.pptx
Module 8 - External Crisis – Changing Technology.pptxModule 8 - External Crisis – Changing Technology.pptx
Module 8 - External Crisis – Changing Technology.pptx
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 

Recently uploaded

一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
bakpo1
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
WENKENLI1
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
TeeVichai
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
AJAYKUMARPUND1
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
Planning Of Procurement o different goods and services
Planning Of Procurement o different goods and servicesPlanning Of Procurement o different goods and services
Planning Of Procurement o different goods and services
JoytuBarua2
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
ViniHema
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
R&R Consult
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
VENKATESHvenky89705
 
AP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specificAP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specific
BrazilAccount1
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
FluxPrime1
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
Amil Baba Dawood bangali
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
Divya Somashekar
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
thanhdowork
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
Pratik Pawar
 

Recently uploaded (20)

一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
Planning Of Procurement o different goods and services
Planning Of Procurement o different goods and servicesPlanning Of Procurement o different goods and services
Planning Of Procurement o different goods and services
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
 
AP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specificAP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specific
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 

Information and Cyber Warfare

  • 1. Information and Cyber Warfare A REPORT SUBMITTED TO UNIVERSITY OF PUNE, PUNE FOR THE PARTIAL FULFILLMENT OF AWARD OF DEGREE Of MASTER OF ENGINEERING In (Computer Engineering) By Swapnil S. Jagtap Semester-II Roll No: ****** UNDER THE GUIDANCE OF Guide Name (Department of Computer Engineering) VPCOE, Baramati DEPARTMENT OF COMPUTER ENGINEERING Vidya Pratishthan’s College of Engineering, Vidyanagari Bhigawan Road Baramati, Dist. Pune Pin-413133 2015-2016
  • 2. CERTIFICATE This is to certify that Mr. Swapnil S. Jagtap has successfully submitted his report to Department of Computer Engineering, VPCOE, Baramati, on Information and Cyber Warfare During the academic year 2015-2016 in the partial fulfillment towards completion of First year of Master of Engineering in Computer Engineering, of Pune University, Pune(Maharashtra) Swapnil S. Jagtap Guide Name Student Guide Dept. of Comp. Engg. Dept. of Comp. Engg. Date : Place: VPCOE, Baramati.
  • 3. Contents 1 Introduction 3 2 What you need to know about cyber security 4 3 Why you need to know about cyber security 5 4 Getting the basics right 7 5 Taking a risk management approach: Understanding the risks to your business 9 6 How you can manage the risks 11 6.1 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 6.2 Implementing . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 6.3 Reviewing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 7 Scenario: small business loses important contract 15 8 Protect your business with Cyber Essentials 16 9 References 17
  • 4. Chapter 1 Introduction Understanding Cyber Threats There are various ways to gain access to information in cyberspace. At- tackers can exploit vulnerabilities in software and hardware. They can exploit security vulnerabilities by tricking people into opening infected emails or vis- iting corrupted websites that infect their computers with malicious software. They can take advantage of people who fail to follow basic cyber security practices, such as changing their passwords frequently; updating their an- tivirus protection on a regular basis, and using only protected wireless net- works. Once they have access to a computer, attackers can steal or distort the information stored on it, corrupt its operations and program it to attack other computers and the systems to which they are connected. In many cases, victims suffer a theft of their identity and/or their personal assets. Though certain attack tools and techniques are more costly and sophisti- cated than others, most cyber attacks share four characteristics that, in part, account for their growing popularity. Cyber attacks are often: • In expensive - Many attack tools can be purchased for a modest price or downloaded for free from the Internet; • Easy - Attackers with only basic skills can cause significant damage; • Effective - Even minor attacks can cause extensive damage; and • Low risk - Attackers can evade detection and prosecution by hiding their tracks through a complex web of computers and exploiting gaps in domestic and international legal regimes. 3
  • 5. Chapter 2 What you need to know about cyber security You’ve worked hard to build your business and make it a success. Youre probably using a range of IT equipment and using the internet to advertise your business and sell online. The internet brings huge business opportunities and benefits, but it also brings risks. Every day there are cyber attacks on UK companies like yours, attempting to steal your information and money, or disrupt your business. It is increasingly important to manage these risks to take advantage of the internet whilst protecting your business. In 2014, 60% of small The average cost of the business experienced a worst breach was 65,000 cyber breach to 115,000 Euros You can keep your business safe and protect against online threats by putting some simple measures in place. This report shows you how. 4
  • 6. Chapter 3 Why you need to know about cyber security Cyber security is about protecting your computer-based equipment and information from unintended or unauthorised access, change, theft or de- struction. Good cyber security can enhance the reputation of your business and open up new commercial opportunities. Most companies now use the internet to do business, to advertise and sell, find new markets, customers and staff, communicate with customers and suppliers, and carry out financial transactions. The internet brings huge business opportunities and benefits. But it also brings risks. Every day there are attacks on the IT systems of UK companies like yours, attempting to steal your information and money, or disrupt your business. You can never be totally safe, but most online attacks can be pre- vented or detected with basic security practices for your staff, processes and IT systems. These security practices are as important as locking your doors or putting your cash in a safe. You can manage your online security in the same way you would protect any other aspect of your business. With more customers demanding that their suppliers are secure, this is becoming a busi- ness necessity. This report provides you with a good practice foundation for business owners and managers. Youll find links to other sources of good ad- vice at the end of this booklet if you need them. You dont need to be an IT expert to improve your security. Simple measures can make all the difference. 5
  • 7. Take the simple steps set out in this report and your business will benefit. You can save money through adopting an efficient risk man- agement approach - plan, implement and review. You can gain a competitive advantage by being seen to take security seriously gaining the Cyber Essen- tials badge will help you do this. Good security can be an enabler for a thriving business: you will be protecting your assets, your reputation, your customers, and your peace of mind. 6
  • 8. Chapter 4 Getting the basics right Taking some simple actions and practising safe behaviours will reduce the risk of online threats to your business. Download software updates Download software and app updates as soon as they appear. They con- tain vital security upgrades that keep your devices and business information safe. Use strong passwords Use strong passwords made up of at least three random words. Using lower and upper case letters, numbers and symbols will make your pass- words even stronger. Delete suspicious emails Delete suspicious emails as they may contain fraudulent requests for in- formation or links to viruses. 7
  • 9. Use anti-virus software Your computers, tablets and smartphones can easily become infected by small pieces of software known as viruses or malware. Install internet secu- rity software like anti-virus on all your devices to help prevent infection. Train your staff Make your staff aware of cyber security threats and how to deal with them. The Government offers free online training courses tailored for you and your staff which take around 60 minutes to complete. 8
  • 10. Chapter 5 Taking a risk management approach: Understanding the risks to your business What is directly at risk ? Your money, your information, your reputation, your IT equipment and your IT-based services. Information is an asset that can take many forms: client lists, customer databases, your financial details, your customer’s finan- cial details, deals you are making or considering, your pricing information, product designs or manufacturing processes. There is a risk to your IT ser- vices and information wherever they are stored, whether held on your own systems and devices, or on third-party hosted systems (i.e. ‘in the cloud’). Who could pose a threat to these assets ? • Current or former employees, or people you do business with. Com- promising your information by accident, through negligence, or with malicious intent. • Criminals. Out to steal from you, compromise your valuable informa- tion or disrupt your business because they don’t like what you do. • Business competitors. Wanting to gain an economic advantage. 9
  • 11. What form could the threat take ? • Theft or unauthorised access of computers, laptops, tablets, mobiles. • Remote attack on your IT systems or website. • Attacks to information held in third party systems e.g. your hosted services or company bank account. • Gaining access to information through your staff. What impact could an attack have ? • Financial losses from theft of information, financial and bank details or money. The average cost of the worst security breach is between 65,000 to 115,000 Euros. • Financial losses from disruption to trading and doing business espe- cially if you are dependent on doing business online. The worst breaches can result in a business being put of action for up to 10 days. • Losing business from bad publicity & damage to your reputation & customer base. • Costs from cleaning up affected systems and getting them up and run- ning. • Costs of fines if personal data is lost or compromised. • Damage to other companies that you supply or are connected to. 10
  • 12. Chapter 6 How you can manage the risks 11
  • 13. 6.1 Planning Take these steps to make information security part of your normal business risk management procedures. • Consider whether your business could be a target - this will indicate the level of risk your business is exposed to. Ask around to see whether any of your suppliers, major customers or similar businesses in your area have been attacked, so you can learn from their experiences. • Know whether you need to comply with personal data protection leg- islation and Payment Card Industry compliance. • Identify the financial and information assets that are critical to your business, and the IT services you rely on, such as the ability to take payments via your website. • Assess all the IT equipment within your business, including mobile and personal IT devices. Understand the risks to all of these things by considering how they are currently managed and stored, and who has access to them. • Assess the level of password protection required to access your equip- ment and/or online services by your staff, third parties and customers, and whether it is enough to protect them. • Ensure that your staff have appropriate awareness training, so that everyone understands their role in keeping the business secure. Decide whether you need to make an investment, or seek expert advice, to get the right security controls in place for your business. You could seek advice from accredited security consultants, internet and managed service providers or even your web designer if they have the capability. • Consider who you could turn to for support if you are attacked, or if your online services are disrupted in some way. Define what your recovery procedures would be, and how you could keep your business running, particularly if you trade online. • You may like to consider whether cyber insurance could protect your business against any impacts resulting from a cyber attack. 12
  • 14. 6.2 Implementing Take these steps to put the right security controls in place for your business. If you use third-party managed IT services, check your contracts and service level agreements, and ensure that whoever handles your systems and data has these security controls in place. • Malware protection: install anti-virus solutions on all systems, and keep your software and web browsers up to date. Consider restricting access to inappropriate websites to lessen the risk of being exposed to malware. Create a policy governing when and how security updates should be installed. • Network security: increase protection of your networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists and other measures. • Secure configuration: maintain an inventory of all IT equipment and software. Identify a secure standard configuration for all existing and future IT equipment used by your business. Change any default passwords. • Managing user privileges: restrict staff and third-party access to IT equipment, systems and information to the minimum required. Keep items physically secure to prevent unauthorised access. • Home and mobile working, including use of personal devices for work: ensure that sensitive data is encrypted when stored or trans- mitted online so that data can only be accessed by authorised users. • Removable media: restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on such media to prevent data being lost and malware from being installed. • Monitoring: monitor use of all equipment and IT systems, collect activity logs, and ensure that you have the capability to identify any unauthorised or malicious activity. 13
  • 15. 6.3 Reviewing Take these steps to review your security and respond to any changes or problems you identify, including attacks or disruption to busi- ness. • Test, monitor and improve your security controls on a regular basis to manage any change in the level of risk to your IT equipment, services and information. • Remove any software or equipment that you no longer need, ensuring that no sensitive information is stored on it when disposed of. Review and manage any change in user access, such as the creation of accounts when staff arrive and deletion of accounts when they leave. • If your business is disrupted or attacked, ensure that the response in- cludes removing any ongoing threat such as malware, understanding the cause of the incident and, if appropriate, addressing any gaps in your security that have been identified following the incident. • If you fall victim to online fraud or attack, you should report the in- cident to the police via the Action Fraud website. You may need to notify your customers and suppliers if their data has been compromised or lost. 14
  • 16. Chapter 7 Scenario: small business loses important contract 15
  • 17. Chapter 8 Protect your business with Cyber Essentials Once you’ve got the basics right and taken the steps outlined in this re- port, you are well on your way to becoming Cyber Essentials certified, which demonstrates to your customers you have good cyber security protections in place. Cyber Essentials is a new Government-backed and industry supported scheme to help businesses protect themselves against the common cyber threats seen online. Government analysis shows the majority of online threats could be prevented if businesses put basic security measures in place. This booklet describes many of those measures. Cyber Essentials builds on this by clearly setting out the five key controls organisations should have in place to protect against common internet-based threats. The Cyber Essentials documents are free to download and any organ- isation, large or small, can use the guidance to implement these essential security controls. Businesses can self-assess against the criteria, or seek in- dependent verification and gain the Cyber Essentials badge, which enables your company to advertise the fact that it adheres to a Government endorsed standard. There are two levels of assurance to provide flexibility and afford- ability: Cyber Essentials and Cyber Essentials Plus. Cyber Essentials is for all organisations, of all sizes, and in all sectors. This includes companies in the private sector, universities, charities, and public sector organisations. The Government encourages all organisations to adopt the requirements as appropriate to their business. 16
  • 18. Chapter 9 References 1. Alperovitch, D. (2011) “Revealed: Operation Shady RAT”McAfee Cor- poration Santa Clara, CA. 2. EU (2010) MEMO/10/463: Proposal for a Directive on attacks against information systems, repealing Framework Decision 2005/222/JHA, European Union (EU), Brussels. 3. Lipinski, D., et al. (2010) “H.R. 4061: Cybersecurity Enhancement Act of 2010.”in 111th Congress 2009-2010, Washington, DC, United States House of Representatives. 4. Toure, H. (2010) “Securing Cyberspace.”in Annual Meeting 2010 of the World Economic Forum, Davos, Switzerland, World Economic Forum. 5. UN (2010) “A/RES/64/211: Creation of a Global Culture of Cyber- security and taking stock of national efforts to protect Critical Infor- mation Infrastructures.”in Sixty-Fourth Session of the United Nations (UN) General Assembly. 6. www.cyberstreetwise.com 7. www.nationalarchives.gov.uk/sme 8. www.actionfraud.police.uk 9. www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace 10. www.pcisecuritystandards.org 17