Professional Documents
Culture Documents
Merged Cyber Security
Merged Cyber Security
Cybersecurity
Introduction to Cybersecurity:
Course Agenda and Objectives
Agenda
Unit 1 Cybersecurity
• Define cybersecurity
• Understand cybercrimes and the different types that are present today
• Define phishing, spam, hacking, and identity theft
Cybersecurity
Cybersecurity is protecting yourself from someone stealing your digital information/personal data
or from someone pretending to act as you online
Key Terms
o Password – A combination of letters and numbers that is kept secret and used to gain access to a
computer, website, etc.
o Phishing – A scam email/website that tricks you into revealing personal information such as username,
password, location, etc.
o Spam – Unwanted ‘junk’ mail that can be used to trick you into revealing information or clicking a harmful
link
o Virus –Harmful “software” that attaches to other programs to hurt or destroy a computer’s ability to
function normally
o Hacker – An unauthorized user trying to disrupt or damage a computer or network of computers
*Content was created by the IBM GBS North America Transformation Office
Impact on your future
Cybersecurity is a BIG issue, just a couple of weeks ago Instagram was hacked and over 6 million verified
account information was stolen. The hackers went on to try and sell that information for money.
90 30,000 6 Million
Passwords Websites Accounts
That means that you could This means you must be careful
Hackers stole over 6 million
have 90 passwords to keep about the websites you visit and
famous Instagram accounts’
track of; it’s important to make that even if you trust them, your
information and are selling their
sure all of your accounts are information could be at risk
personal information
safe
*Content was created by the IBM GBS North America Transformation Office
Imagine this…
Currently, the cost of cybercrime is $445 Billion per year. That’s more than all the illegal drug
trade in the world
*Content was created by the IBM GBS North America Transformation Office
Types of cybercrimes
There are many different types of cybercrimes, and for this course we will be looking
at the following:
The attempt to acquire sensitive information such as usernames, passwords, and credit card
details by masquerading as a something trustworthy, like a bank.
*Content was created by the IBM GBS North America Transformation Office
An example of Phishing
Dear Heather,
*Content was created by the IBM GBS North America Transformation Office
Spam
Spam is unwanted ‘junk’ mail that can be used to trick you into revealing information or clicking
a harmful link
Spamming is the act of sending mail to a large number of e-mail addressees, and is often
compared to the term "junk mail" used to describe similar activities performed via postal
services.
Hacking is when someone gets unauthorized access to your computer/laptop and your personal
data. A Hacker is an unauthorized user trying to disrupt or damage a computer or network of
computers
Identity theft is the illegal use of someone else's personal information in order to obtain money
or credit.
Presented by
Personal data
*Content was created by the IBM GBS North America Transformation Office
Digital Footprint
*Content was created by the IBM GBS North America Transformation Office
Social media
*Content was created by the IBM GBS North America Transformation Office
Cookies
*Content was created by the IBM GBS North America Transformation Office
IP Address
An IP address is the address the computer has
when it connects to the internet.
*Content was created by the IBM GBS North America Transformation Office
Unit 2: Module II
How to protect yourself
Cybersecurity tips
Stop, Think, and Connect is a memorable
Passwords needs to be complicated but Always keep your personal information
way for you to stop and consider your
something you can remember. private.
actions online
Avoid simple passwords like password, Stop before clicking on any links, opening
Keep your personal information private
123456, qwerty – they’re easy to guess messages, sending information
Avoid sharing your name, address, phone Think about who is on the other side of
Longer passwords are more secure; try for
number, birthday, passwords to anyone anything you send and about the information
8-12 characters
you’re sending
Connect once you stopped and thought
Don’t talk to strangers or let strangers
about it, decide whether you really want to
Make them easy to remember friend/follow you
connect, send, post
*Content was created by the IBM GBS North America Transformation Office
The 10 hygiene tips to keep you safe online
Keep private
Look for the “S” in Think before you Be cautious with Update software
information
HTPPS click email regularly
PRIVATE
Change passwords Create complex Be cautious of free Log out of all Spread awareness
regularly passwords WiFi accounts to other
*Content was created by the IBM GBS North America Transformation Office
Unit 3:
Protect Your Apps
Corporates may lose Illegal use of someone else's Hurts the brand
clients, or Business personal information can be image, misleads
Partners or Customers used to obtain money, or for customers
other serious crimes
Encryption of Strong
Digital signatures
data passwords (the source contains a digital
(storing data in such a way (Create password using certificate that authenticates the
that only authorized parties different characters, and store message)
can access it) them safely)
We are increasingly using phones for banking, online shopping, and social media. The more we travel and access the
Internet on the go, the more risks we face on our mobile devices.
Transcript
Alexandra Willis
Content & Digital, AELTC
The Wimbledon experience today is such a curious mix of fantastic traditions things such as grass court
tennis, white clothing, the celebrations with the trophies, the opening of the grass on the very first day of
the championships but then there's also the way that Wimbledon has kept pace with change and
innovated to ensure that its experiences what fans would expect. So by the Wimbledon app you can have
real-time scoring, you can have alerts. We try to make sure that wherever you are in the world you don't
miss a single thing that happens. We are the go-to place for content about Wimbledon and so the security
strategy that we put around that is paramount.
Martin Borrett
CTO IBM Security Europe
Wimbledon.com faces a myriad of external threats and attacks. Last year we already saw a tremendous
increase in the number of cyber attacks against Wimbledon. 300% year-over-year and this year shows no
signs of changing. We saw 200 million attacks across the whole tournament.
Alexandra Willis
Content & Digital, AELTC
The most important thing in working with any partner is having trust and so the fantastic thing about the
relationship between Wimbledon and IBM is that it has stood the test of time, we've been partners for
more than 25 years. Thankfully we haven't had a major challenge in the security area which is
fundamental proof that IBM are offering us a good service but particularly in the context of today's day
and age when hacks and security breaches are more common, we read about them in the paper often it's
even more important to know that that trust is there and that resilience is there if ever it should arise.
If there was to be a security breach and our presence to the world be damaged in some way its
inextricably linked to the health of our brand. Wimbledon does have this association with the very fabric of
British identity and so attack on that could be perceived as an attack on more than just a tennis event.
Martin Borrett
CTO IBM Security Europe
At this year's tournament we really saw two main dynamics: one was the sheer volume of attacks, and the
other was the sophistication of those attacks. We saw for the first time I think deception techniques,
where perhaps there was a low and slow attack going on under the covers while something else was going
on over here trying to distract us from the from the real threat.
At Wimbledon we use a range of IBM security technologies. At the heart of it is IBM security Qradar, our
security intelligence platform that brings together data from literally thousands of endpoints and devices
Explorers
Cybersecurity
Case A: IBM Security helps Wimbledon focus on the court, not the cloud
across the infrastructure, correlates it and helps our security team prioritize and identify the threats that
they're facing.
Alexandra Willis
Content & Digital, AELTC
It's easy for people to forget that actually we are here all year round and our digital
properties are here all year round and as soon as one tournament finishes we actually the very next day
start planning for the next one. So that's another aspect of our security protection and the role that IBM
plays with us, making sure that we're set up for success for the fortnight by planning properly during the
year but also keeping us secure and alive for the rest of the year.
Martin Borrett
CTO IBM Security Europe
What we see today is the emergence of a new type of security operation center, a cognitive security
operation center, underpinned by capabilities like Watson for cyber security that bring with them
tremendous efficiencies, the ability to respond to threats far more rapidly than we've been able to do
before, reducing the investigation times from 60 minutes to just a minute. Confident in the knowledge that
they’re eliminating false positives that can be safely ignored and really focusing on the real threats,
investigating those thoroughly and then importantly responding to them.
Wimbledon trusts IBM security and our secure cloud infrastructure to keep the tournament safe from
harm so that the fans can enjoy a really world-class experience
Explorers
Cybersecurity
Skill Overview: How it Works: Cybersecurity
Transcript
Cybercrime is a global problem that's been dominating the news cycle. It poses a threat to individual
security and an even bigger threat to large international companies, banks and governments. Today's
organized cyber crimes far out shadow loan hackers of the past. Now large organized crime rings function
like startups and often employ highly-trained developers who are constantly innovating online attacks.
Most companies have preventive security software to stop these types of attacks but no matter how
secure we are, cybercrime is going to happen.
Meet Mia, she's the chief security officer for a company that makes a mobile app, to help customers track
and manage their finances, so security is a top priority. Mia's company has an incident response platform
(IRP) in place that automates the entire cybersecurity process. The IRP software integrates all the
security and IT software needed to keep a large company like Mia's secured into a single dashboard and
acts as a hub for the people, processes and technology needed to respond to and contain cyber attacks.
Let's see how this platform works in the case of a security breach. While Mia is on vacation, irregular
activity occurs on her account. A user behavior analytics engine that monitors account activity recognizes
the suspicious behavior involving late-night logins and an unusual amount of data being downloaded. This
piece of software is the first signal that something is wrong. An alert is sent to the next piece of software in
the chain, the security information and event management system. Now the IRP can orchestrate a chain
of events that ultimately prevents the company from encountering a serious security disaster.
The IRP connects to a user directory software that Mia's company uses, which immediately recognizes
that the user account belongs to an executive who's on vacation. Next the IRP sends the incidents IP
address to a threat intelligence software, which identifies the address as a suspected malware server. As
each piece of security software runs, the findings are recorded in the IRP’s incident which is already busy
creating a set of instructions called a playbook for a security analyst to follow. The analyst then locks Mia's
account and changes her passwords. By this time the software has determined the attempted attack
came from a well-known cybercrime organization using stolen credentials.
Mia's credentials were stolen when the hackers found a vulnerability in her company's firewall software
and used it to upload a malware infected file. Now that we know how the attack happened, the analyst
uses the IRP to identify the specific server vulnerability that allowed the attack, what other machines on
the network are vulnerable and the malware file. The IRP uses information from the endpoint tool to
determine which machines need to be patched, recommends how to patch them, and then allows the
analyst to push the patches to all the computers and mobile devices instantly.
Meanwhile Mia has to alert the legal department of the breach. The IRP instantly notifies the correct
person of the situation and the status of the incident. After the attack is contained and Mia's account is
secured the analyst communicates which data may have been stolen or compromised during the incident.
He identifies which geographies, jurisdictions and regulatory agencies cover the users and information
affected by the attack. Then the IRP creates a series of tasks so the organization can notify the affected
parties and follow all relevant compliance and liability procedures.
Explorers
Cybersecurity
Skill Overview: How it Works: Cybersecurity
In the past, a security breach this large would have required Mia's company to involve several agencies
and third parties to solve the problem, a process that could have taken months or longer. In a matter of
hours the Incident Response platform organized all of the people, processes and technology to identify
and contain the problem, find the source of the attack, fix the vulnerability and notify all affected parties
and in the future Mia and her team will be able to turn to cognitive security tools.
These tools will read and learn from tens of thousands of trusted publications, blogs and other sources of
information. This knowledge will uncover new insights and patterns, anticipate, isolate and minimize
attacks as they happen and immediately recommend actions for security professionals to take keeping
data safe and companies like Mia's out of the headlines
Explorers
Cybersecurity
Case B: How West Virginia University Protects Sensitive Student Data
Transcript
Alex Jalso
Director, Information Security Services, West Virginia University
West Virginia University located in Morgantown West Virginia founded in 1867, is the state's flagship
university and one of two land-grant institutions. Within the state there are 29,000 students at the
Morgantown campus, around 31,000 when you include the regional campuses. Information security is
important to West Virginia University because we have to ensure the security and integrity of student’s
academic records as set forth in the Family Educational Rights and Privacy Act federal law. That is the law
that governs what has to be done to protect student records and what actions need to be take in the event
of a compromise. We want to make sure a compromise or an information security incident does not occur
on campus.
The office of information technology, lowers the probability of an information security incident occurring
by working with application owners to do a security assessment of their applications by using IBM's
AppScan enterprise security assessment tool. The owners of the applications work with the office of
information technology, conduct an assessment, share with the application owners the results, the
owners remediate their results, and the office of information technology ensures remediation was done
effectively. Once all of the vulnerabilities have been remediated the application can proceed their
production.
I’m using IBM’s AppScan enterprise the office of information technology has been able to achieve a
reduction year-on-year of information security events occurring within applications at the university. By
reducing the number of information security events which have occurred, we have lowered the risk
exposure to West Virginia University. the objectives of the Office of Information Security is to continue the
proactive use of IBM's AppScan Enterprise so that we can lower the probability of an information security
incident occurring at the university which lowers the risk exposure for West Virginia University, which then
leads to securing the students’ academic information as they progress from enrollment through
graduation.
Explorers
Cybersecurity
Case C: MyEyeDr. - Protection Against Insider Threats with IBM Security
Transcript
James Davenport
IT Director, MyEyeDr.
MyEyeDr is based in Washington DC and we have offices throughout the southeastern United States. We
work primarily with independent doctors of Optometry and provide management services for them for all
of their non-doctor related services support. With all the additional people that we have joining the
organization we have to keep security and manage all these individuals, we have people coming and going
as part of the acquisitions and so keeping track of who's who, what they're doing within the systems is
vital.
For security, we use IBM Guardium, IBM Mass 360, IBM PIM and IBM Qradar, so a broad across-the-
board collection of products and then roll them all up into QRadar. So I have a complete dashboard of
what's going on within my organization. The thing that I like about the IBM products is that it gives me
visibility, it gives me information that I've never had before and you know I never had the insight.
Before the IBM security products, it would take us weeks to go through and analyze the data. Now that we
have the IBM security products we get those reports in real time. So that we know what's happening
externally and internally to our network. MyEyeDr’s security is now very proactive versus reactive we are
looking at the threats as they as they come into the organization, as opposed to wondering if they
happened and then researching to determine if they did in fact happen.