Professional Documents
Culture Documents
CH 05 1 - Unlocked
CH 05 1 - Unlocked
CH 05 1 - Unlocked
On-Demand
Strategies for
5 Performance, Growth,
and Sustainability
Dr. Ebadati
Ph.D. (Computer Science),
Cybersecurity
Chapter
Delhi
and Risk
Management
Technology
Learning Objectives (1 of 5)
The Face and Future of Cyberthreats
Figure 5.1: Number of 2016 U.S. Data Breaches by Industry Sector. The number of cyberthreats in which
data records have been stolen by hackers has increased at an alarming rate.
Cyberthreat Terminology
• Cyberthreat is a threat posed by means of the Internet (a.k.a. cyberspace) and the
potential source of malicious attempts to damage or disrupt a computer
network, system, or application.
• Vulnerability is a gap in IT security defenses of a network, system, or application
that can be exploited by a threat to gain unauthorized access.
• Incident is an attempted or successful unauthorized access to a network, system,
or application; unwanted disruption or denial of service; unauthorized use of a
system for processing or storage of data; changes to a system without the owner’s
knowledge, instruction, or consent.
• Data Breach is the successful retrieval of sensitive information by an individual,
group, or software system.
Figure 5.2 The three objectives of data and information systems security
2016 Biggest Data Breaches Worldwide
Company Type of Breach Records Breached
• Hacking
• Phishing
• Crimeware
• Physical Theft
Intentional Cyberthreats: Hacking
• Hacking: is broadly defined as intentionally accessing a computer without
authorization or exceeding authorized access. There are three types of
hackers.
• White Hat: Computer security specialist who breaks into protected systems
and network to test and assess their security.
• Black Hat: Person who attempts to find computer security vulnerabilities
and exploit them for personal and/or financial gain, or other malicious
reasons.
• Gray Hat: Person who may violate ethical standards or principles, but
without the malicious intent ascribed to black hat hackers.
• Hacktivist: is short for hacker-activist, or someone who performs hacking to
promote awareness, or otherwise support a social, political, economic, or
other cause.
Intentional Cyberthreats: Spear Phishing
• Anonymous and LulzSec are two hacker groups who have committed daring data
breaches, data compromises, data leaks, thefts, threats, and privacy invasions.
Critical Infrastructure Attacks
• FBI: social media-related events have multiplied over the past five
years.
• Anonymous and LulzSec are two hacker groups who have committed daring data breaches,
data compromises, data leaks, thefts, threats, and privacy invasions.
Cyberattack Targets and Consequences Review
1. What is a critical infrastructure?
2. List three types of critical infrastructures.
3. How do social network and cloud computing increase
vulnerability?
4. Why are patches and service packs needed?
5. Why is it important to protect intellectual property?
6. How are the motives of hacktivists and APTs different?
7. Explain why data on laptops and computers need to be encrypted.
8. Explain how identity theft can occur.
Learning Objectives (3 of 5)
Cyber Risk Management
• Risk is the probability of a threat successfully exploiting a vulnerability and the
estimated cost of the loss or damage.
• Audit trails from key systems and personnel records used to detect
anomalous patters, such as excessive hours worked, deviations in patterns
of behavior, copying huge amounts of data, attempts to override controls,
unusual transactions, and inadequate documentation about a transaction.
Internal Controls (IC)
• A process to ensure that sensitive data are protected and accurate
designed to achieve:
• Operational efficiency
• Safeguarding of assets
Cyber Defense Strategies
• The major objectives of Defense Strategies are:
• Detection
• Recovery
• Correction
dr.ebadati@live.com
ebadati.com
Omid Ebadati