Uploaded byKARANSINGHD
139 views

Presentation 10 (1).pdf

This document discusses cyber security and provides information on various cyber security domains and threats. It begins with an introduction to cyber security and defines what cyber security is. It then outlines five main cyber security domains: 1) critical infrastructure security, 2) network security, 3) application security and cloud security & information security, 4) storage security & mobile security, and 5) information security. For each domain, it provides details on what they involve and examples. The document also discusses common cyber threats, dangerous cyber security myths, and provides dos and don'ts for cyber security.

Embed presentation

Download to read offline
K.S.R.COLLEGE OF ENGINEERING CYBER SECURITY PREPARED BY DIVAKAR .P (73152221010)
• Introduction of cyber security • What is cyber security • Cybersecurity domains 1)critical infrastructure security. 2)network security. 3)application security and cloud security & information security. 4)storage security & mobile security. 5)information security. • Dangerous cybersecurity myths • Common cyber threats • Do's and don'ts
Cybersecurity domains and its types • Critical infrastructure security • Critical infrastructure security - Practices for protecting the computer systems, networks, and other assets that society relies upon for national security, economic health, and/or public safety. The National Institute of Standards and Technology (NIST) has created a cybersecurity framework to help organizations in this area, while the U.S. Department of Homeland Security (DHS) provides additional guidance. This Photo by Unknown author is licensed under CC BY.
• Network security - Security measures for protectinga computer network from intruders, includingboth wired and wireless (Wi- Fi) connections. There are various networksecuritytypes, and theyinclude: • 1)Zero-trust security: This involves the principle of “never trust,always verify”when decidingwho and what can access your networkand the methods to use to make sure people and systems are what theyclaim to be. Because it questionsall connections, zero trust has become vital for network securityprotection.For example, a networksecurity key on a laptop is an example ofzero-trust security.But what does networksecurity mean?It is the code or password to access a network. • 2)Cybersecurity education: Organizations are realizingthat the best wayto wage war against cyberattackers is to equip their “soldiers”with knowledge.This involves teachingall employees the red flags theyshould lookout for and what theycan do to avoid threats. • 3)Incorporating artificial intelligence (AI): AI systems can both detect and mitigate threats,as well as send automated alerts regardingattacks.This takes some of the burden off the shoulders ofIT teams. • APPLICATION SECURITY: • Application security - Processes that help protect applications operatingon-premises and in the cloud.Security should be built into applications at the design stage, with considerations forhowdata is handled,user authentication,etc.
Cloud security and information security • Application security - Processes that help protect applications operating on-premises and in the cloud. Security should be built into applications at the design stage, with considerations for how data is handled, user authentication, etc.
Mobile security & storage security • The future of computers and communication lies with mobile devices, such as laptops, tablets and smartphones with desktop- computer capabilities. Their size, operating systems, applications and processing power make them ideal to use from any place with an internet connection. And with the expansion of ruggedized devices, the Internet of Things (IoT) and operating systems, such as Chrome OS, macos and Windows 10, every piece of hardware that's enhanced with this software and capabilities becomes a mobile computing device. • Because mobile devices have become more affordable and portable, organizations and users have preferred to buy and use them over desktop computers. And with ubiquitous wireless internet access, all varieties of mobile devices are becoming more vulnerable to attacks and data breaches. • Authentication and authorization across mobile devices offer convenience, but increase risk by removing a secured enterprise perimeter’s constraints. For example, a smartphone’s capabilities are enhanced by multi-touch screens, gyroscopes, accelerometers, GPS, microphones, multi-megapixel cameras and ports, allowing the attachment of more devices. These new capabilities change the way users are authenticated and how authorization is provided locally to the device and the applications and services on a network. As a result, the new capabilities are also increasing the number of endpoints that need protection from cybersecurity threats.
Cloud security • Cloud service providershave many methods to protect the data. • Firewallis the central part of cloud architecture. The firewall protects the network and the perimeter of end-users. It also protects traffic between variousappsstored in the cloud. • Access control protects data by allowingus to set access lists for various assets. For example, you can allow the applicationof specific employees while restricting others. It's a rule that employees can access the equipment that they required. We can keep essential documents which are stolen from malicious insiders or hackers to maintainingstrict access control. • Data protectionmethods include Virtual Private Networks (VPN), encryption, or masking. It allowsremote employees to connect the network. VPNaccommodatesthe tabletsand smartphone for remote access. Data masking maintainsthe data'sintegrity by keeping identifiableinformationprivate.A medicalcompany share data with data masking without violatingthe HIPAA laws. • For example, we are putting intelligenceinformation at risk in order of the importance of security. It helpsto protect mission-criticalassets from threats. Disaster recovery is vital for security because it helps to recover lost or stolen data.
Common cyber security myths • Although cybersecurity professionals work hard to close security gaps, attackers are always looking for new ways to escape IT notice, evade defense measures, and exploit emerging weaknesses. The latest cybersecurity threats are putting a new spin on “known” threats, taking advantage of work-from- home environments, remote access tools, and new cloud services. These evolving threats include: • Malware • The term “malware” refers to malicious software variants—such as worms, viruses, Trojans, and spyware—that provide unauthorized access or cause damage to a computer. Malware attacks are increasingly “fileless” and designed to get around familiar detection methods, such as antivirus tools, that scan for malicious file attachments. • Ransomware • Ransomware is a type of malware that locks down files, data or systems, and threatens to erase or destroy the data - or make private or sensitive data to the public - unless a ransom is paid to the cybercriminals who launched the attack. Recent ransomware attacks have targeted state and local governments, which are easier to breach than organizations and under pressure to pay ransoms in order to restore applications and web sites on which citizens rely. • Phishing / social engineering • Phishing is a form of social engineering that tricks users into providing their own PII or sensitive information. In phishing scams, emails or text messages appear to be from a legitimate company asking for sensitive information, such as credit card data or login information. The FBI has noted about a surge in pandemic-related phishing, tied to the growth of remote work.
Insider threats: • Current or former employees, business partners, contractors, or anyonewho has had access to systems or networks in the past can be considered an insider threat if they abuse their access permissions. Insider threats can be invisible to traditional securitysolutionslike firewallsand intrusiondetection systems, which focus on external threats. • Distributeddenial-of-service (DDoS) attacks • A DDoS attack attemptsto crash a server, website or network by overloadingit with traffic, usually from multiple coordinatedsystems. DDoS attacks overwhelm enterprise networks via the simple network management protocol (SNMP), used for modems, printers, switches, routers, and servers. Advancedpersistent threats(APTs) : • In an APT, an intruder or group of intruders infiltratea system and remain undetected for an extended period. The intruder leaves networks and systems intact so that the intruder can spy on business activity and steal sensitive data while avoidingthe activationof defensive countermeasures. The recent SolarWinds breach of United States government systems is an example of an APT. Man-in-the-middleattacks: • Man-in-the-middleis an eavesdroppingattack, where a cybercriminal interceptsand relays messages between two parties in order to steal data. For example, on an unsecure Wi-Fi network, an attacker can intercept databeing passed between guest’s device and the network.
Dangerous cyber security myths • Cyber risk is a separate category of risk • Cybersecurity is just an IT issue • Protecting yourself is good enough • Digitaland physicalsecurity are separate systems • Going back to paper or disconnectingfrom the internet minimizes risk • Getting hacked is an embarrassment • Using antivirussoftware is enough • Cybersecurity is just a form of defense • Cyber attackers do not target small and medium-sized companies • Only certain industries are vulnerableto cyber attacks • Cyber threats come from outside • Data breaches should be handledfirst by IT teams and lawyers, and other key teams in the company should be notified later
Do's and don'ts in cyber security • Do adhere to company policies on usage of any device in the company. • Do scan all emails before opening them, and make sure that you only open emails from legitimate senders. • Do make sure to use a firewall and have a strong antivirus program running on your device. • Do avoid making your personal information public on social media sites and the Internet in general. • Do avoid checking ‘Keep me logged in’ or ‘Remember me’ options on websites, especially on public computers. • Don't write down your password or give it out to anyone. • Don't select the "Remember My Password" option. • Don't purchase anything promoted in a spam message. • Don't use your official email address for social media sites.
Presentation 10 (1).pdf

More Related Content

PPTX
Basics of Cyber Security & Threats and precention
byreetikadhiman58
 
PPTX
Cyber Security awareness of cyber security
byBabaBoss5
 
PPTX
Introduction to cyber security.pptx
bySharmaAnirudh2
 
PPTX
IMPORTANCE OF IN THE WORLD Cyber security.pptx
byfalloudiop940
 
PPTX
Cybersecurity-Protecting-Our-Digital-World (1).pptx
byJitendraGupta187
 
PPTX
An An Exploration Into the Cyber Security
bysivasakthin2022cse
 
PDF
cyber security guidelines.pdf
byVarinSingh1
 
PDF
cyber security
byNaveed Ahmed Siddiqui
 
Basics of Cyber Security & Threats and precention
byreetikadhiman58
 
Cyber Security awareness of cyber security
byBabaBoss5
 
Introduction to cyber security.pptx
bySharmaAnirudh2
 
IMPORTANCE OF IN THE WORLD Cyber security.pptx
byfalloudiop940
 
Cybersecurity-Protecting-Our-Digital-World (1).pptx
byJitendraGupta187
 
An An Exploration Into the Cyber Security
bysivasakthin2022cse
 
cyber security guidelines.pdf
byVarinSingh1
 
cyber security
byNaveed Ahmed Siddiqui
 

Similar to Presentation 10 (1).pdf

PPTX
cyber security presentation.pptx
bykishore golla
 
PPTX
Cyber Security PPT.pptx
byAkshayKhade21
 
PPTX
Rishabhcyber security.pptx
byRishabhDwivedi70
 
PPTX
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
byPradeeshSAI
 
PPTX
Cybersecurity: Definition, Importance, and Best Practices.pptx
byCloudavize
 
PPTX
Cyber Security and data Security for all.pptx
byRajagopalKeshavan
 
PPTX
Module 1Introduction to cyber security.pptx
bySkippedltd
 
PPTX
Cyber-Security-Unit-1.pptx
byTikdiPatel
 
PDF
Cyber Security Course & Guide. X.GI. pdf
byGrowthy.web
 
PPTX
Cyber Security PPT.pptx
byAbhishekDas794104
 
PDF
overview of cyber security and related chapters
byphoenixbyte
 
PPTX
INFORMATION SECURITY PPT.pptx ON CYBER SECURITY
bymee23nu
 
PDF
Top 10 Cyber Threats in 2025 _ Main Types of Cyber Threats.pdf
bymanisha06650
 
PPTX
Get Started with Cyber Security and Its Landscape Null Community Presentation...
bynull - The Open Security Community
 
PDF
The latest trends in cybersecurity and how to protect yourself.pdf
byCyberwing
 
PPTX
Cybersecurity.pptx
byJohn Donahue
 
PDF
7 Types of Cyber Security Threats | The Lifesciences Magazine
byThe Lifesciences Magazine
 
PDF
Cyber Security Intelligence
byijtsrd
 
DOCX
Task 3
byBIBEKCHAUDHARYBScHon
 
PPTX
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
bynickyy222333
 
cyber security presentation.pptx
bykishore golla
 
Cyber Security PPT.pptx
byAkshayKhade21
 
Rishabhcyber security.pptx
byRishabhDwivedi70
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
byPradeeshSAI
 
Cybersecurity: Definition, Importance, and Best Practices.pptx
byCloudavize
 
Cyber Security and data Security for all.pptx
byRajagopalKeshavan
 
Module 1Introduction to cyber security.pptx
bySkippedltd
 
Cyber-Security-Unit-1.pptx
byTikdiPatel
 
Cyber Security Course & Guide. X.GI. pdf
byGrowthy.web
 
Cyber Security PPT.pptx
byAbhishekDas794104
 
overview of cyber security and related chapters
byphoenixbyte
 
INFORMATION SECURITY PPT.pptx ON CYBER SECURITY
bymee23nu
 
Top 10 Cyber Threats in 2025 _ Main Types of Cyber Threats.pdf
bymanisha06650
 
Get Started with Cyber Security and Its Landscape Null Community Presentation...
bynull - The Open Security Community
 
The latest trends in cybersecurity and how to protect yourself.pdf
byCyberwing
 
Cybersecurity.pptx
byJohn Donahue
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
byThe Lifesciences Magazine
 
Cyber Security Intelligence
byijtsrd
 
Task 3
byBIBEKCHAUDHARYBScHon
 
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
bynickyy222333
 

Recently uploaded

PPTX
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
PPTX
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
PDF
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
PDF
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
PDF
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PDF
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
PDF
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
PDF
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
PDF
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
PDF
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
PDF
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
PPTX
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
PPTX
02_Extended Warehouse Management Functions and Features.pptx
byUdayakumar218983
 
PDF
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
PPTX
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
PDF
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 
PPTX
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
PDF
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
PDF
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
02_Extended Warehouse Management Functions and Features.pptx
byUdayakumar218983
 
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 

Presentation 10 (1).pdf

  • 1.
  • 2.
    • Introduction ofcyber security • What is cyber security • Cybersecurity domains 1)critical infrastructure security. 2)network security. 3)application security and cloud security & information security. 4)storage security & mobile security. 5)information security. • Dangerous cybersecurity myths • Common cyber threats • Do's and don'ts
  • 3.
    Cybersecurity domains and itstypes • Critical infrastructure security • Critical infrastructure security - Practices for protecting the computer systems, networks, and other assets that society relies upon for national security, economic health, and/or public safety. The National Institute of Standards and Technology (NIST) has created a cybersecurity framework to help organizations in this area, while the U.S. Department of Homeland Security (DHS) provides additional guidance. This Photo by Unknown author is licensed under CC BY.
  • 4.
    • Network security- Security measures for protectinga computer network from intruders, includingboth wired and wireless (Wi- Fi) connections. There are various networksecuritytypes, and theyinclude: • 1)Zero-trust security: This involves the principle of “never trust,always verify”when decidingwho and what can access your networkand the methods to use to make sure people and systems are what theyclaim to be. Because it questionsall connections, zero trust has become vital for network securityprotection.For example, a networksecurity key on a laptop is an example ofzero-trust security.But what does networksecurity mean?It is the code or password to access a network. • 2)Cybersecurity education: Organizations are realizingthat the best wayto wage war against cyberattackers is to equip their “soldiers”with knowledge.This involves teachingall employees the red flags theyshould lookout for and what theycan do to avoid threats. • 3)Incorporating artificial intelligence (AI): AI systems can both detect and mitigate threats,as well as send automated alerts regardingattacks.This takes some of the burden off the shoulders ofIT teams. • APPLICATION SECURITY: • Application security - Processes that help protect applications operatingon-premises and in the cloud.Security should be built into applications at the design stage, with considerations forhowdata is handled,user authentication,etc.
  • 5.
    Cloud security and informationsecurity • Application security - Processes that help protect applications operating on-premises and in the cloud. Security should be built into applications at the design stage, with considerations for how data is handled, user authentication, etc.
  • 6.
    Mobile security & storage security • Thefuture of computers and communication lies with mobile devices, such as laptops, tablets and smartphones with desktop- computer capabilities. Their size, operating systems, applications and processing power make them ideal to use from any place with an internet connection. And with the expansion of ruggedized devices, the Internet of Things (IoT) and operating systems, such as Chrome OS, macos and Windows 10, every piece of hardware that's enhanced with this software and capabilities becomes a mobile computing device. • Because mobile devices have become more affordable and portable, organizations and users have preferred to buy and use them over desktop computers. And with ubiquitous wireless internet access, all varieties of mobile devices are becoming more vulnerable to attacks and data breaches. • Authentication and authorization across mobile devices offer convenience, but increase risk by removing a secured enterprise perimeter’s constraints. For example, a smartphone’s capabilities are enhanced by multi-touch screens, gyroscopes, accelerometers, GPS, microphones, multi-megapixel cameras and ports, allowing the attachment of more devices. These new capabilities change the way users are authenticated and how authorization is provided locally to the device and the applications and services on a network. As a result, the new capabilities are also increasing the number of endpoints that need protection from cybersecurity threats.
  • 7.
    Cloud security • Cloudservice providershave many methods to protect the data. • Firewallis the central part of cloud architecture. The firewall protects the network and the perimeter of end-users. It also protects traffic between variousappsstored in the cloud. • Access control protects data by allowingus to set access lists for various assets. For example, you can allow the applicationof specific employees while restricting others. It's a rule that employees can access the equipment that they required. We can keep essential documents which are stolen from malicious insiders or hackers to maintainingstrict access control. • Data protectionmethods include Virtual Private Networks (VPN), encryption, or masking. It allowsremote employees to connect the network. VPNaccommodatesthe tabletsand smartphone for remote access. Data masking maintainsthe data'sintegrity by keeping identifiableinformationprivate.A medicalcompany share data with data masking without violatingthe HIPAA laws. • For example, we are putting intelligenceinformation at risk in order of the importance of security. It helpsto protect mission-criticalassets from threats. Disaster recovery is vital for security because it helps to recover lost or stolen data.
  • 8.
    Common cyber security myths • Although cybersecurityprofessionals work hard to close security gaps, attackers are always looking for new ways to escape IT notice, evade defense measures, and exploit emerging weaknesses. The latest cybersecurity threats are putting a new spin on “known” threats, taking advantage of work-from- home environments, remote access tools, and new cloud services. These evolving threats include: • Malware • The term “malware” refers to malicious software variants—such as worms, viruses, Trojans, and spyware—that provide unauthorized access or cause damage to a computer. Malware attacks are increasingly “fileless” and designed to get around familiar detection methods, such as antivirus tools, that scan for malicious file attachments. • Ransomware • Ransomware is a type of malware that locks down files, data or systems, and threatens to erase or destroy the data - or make private or sensitive data to the public - unless a ransom is paid to the cybercriminals who launched the attack. Recent ransomware attacks have targeted state and local governments, which are easier to breach than organizations and under pressure to pay ransoms in order to restore applications and web sites on which citizens rely. • Phishing / social engineering • Phishing is a form of social engineering that tricks users into providing their own PII or sensitive information. In phishing scams, emails or text messages appear to be from a legitimate company asking for sensitive information, such as credit card data or login information. The FBI has noted about a surge in pandemic-related phishing, tied to the growth of remote work.
  • 9.
    Insider threats: • Currentor former employees, business partners, contractors, or anyonewho has had access to systems or networks in the past can be considered an insider threat if they abuse their access permissions. Insider threats can be invisible to traditional securitysolutionslike firewallsand intrusiondetection systems, which focus on external threats. • Distributeddenial-of-service (DDoS) attacks • A DDoS attack attemptsto crash a server, website or network by overloadingit with traffic, usually from multiple coordinatedsystems. DDoS attacks overwhelm enterprise networks via the simple network management protocol (SNMP), used for modems, printers, switches, routers, and servers. Advancedpersistent threats(APTs) : • In an APT, an intruder or group of intruders infiltratea system and remain undetected for an extended period. The intruder leaves networks and systems intact so that the intruder can spy on business activity and steal sensitive data while avoidingthe activationof defensive countermeasures. The recent SolarWinds breach of United States government systems is an example of an APT. Man-in-the-middleattacks: • Man-in-the-middleis an eavesdroppingattack, where a cybercriminal interceptsand relays messages between two parties in order to steal data. For example, on an unsecure Wi-Fi network, an attacker can intercept databeing passed between guest’s device and the network.
  • 10.
    Dangerous cyber security myths • Cyber riskis a separate category of risk • Cybersecurity is just an IT issue • Protecting yourself is good enough • Digitaland physicalsecurity are separate systems • Going back to paper or disconnectingfrom the internet minimizes risk • Getting hacked is an embarrassment • Using antivirussoftware is enough • Cybersecurity is just a form of defense • Cyber attackers do not target small and medium-sized companies • Only certain industries are vulnerableto cyber attacks • Cyber threats come from outside • Data breaches should be handledfirst by IT teams and lawyers, and other key teams in the company should be notified later
  • 11.
    Do's and don'tsin cyber security • Do adhere to company policies on usage of any device in the company. • Do scan all emails before opening them, and make sure that you only open emails from legitimate senders. • Do make sure to use a firewall and have a strong antivirus program running on your device. • Do avoid making your personal information public on social media sites and the Internet in general. • Do avoid checking ‘Keep me logged in’ or ‘Remember me’ options on websites, especially on public computers. • Don't write down your password or give it out to anyone. • Don't select the "Remember My Password" option. • Don't purchase anything promoted in a spam message. • Don't use your official email address for social media sites.