Professional Documents
Culture Documents
1.lecture 1 Intro
1.lecture 1 Intro
1.lecture 1 Intro
https://ammarhassan.me/
1
2
About Me (Ammar Hassan)
▪ MS Information Security - 2021 to 2023 (Gold Medallist)
▪ MCS (Masters in Computer Science) - 2017 to 2019 (Distinction)
▪ BETE (Telecommunication Engr) – 2008 to 2012
▪ Certified Ethical Hacking (CEH) Practical
▪ Certified App Sec Practioner (CAP)
▪ Cisco Certified Networking Technician (CCENT)
▪ Microsoft Azure Administrator
▪ Certified Secure Computer User (CSCU)
Hassan 3
Objectives of the Course
Hassan 6
Individual Presentations
Hassan 8
Need for Information Security
Hassan 9
Need for Information Security
Hassan 10
Hassan 11
Folk Model
Hassan 12
Folk Model
Hassan 13
Folk Model
Hassan 14
Folk Model
abdullahtahir331@gmail.com
CENSORED PASSWORD SHA-1 HASH
Pyari****** 4d2d6f68d008601ebd33f546dc3c903b05350796
Pyari******** a5270250bd452e4a2589af5d1a4c69a069ae39b4
Pyari******* 4a7006b098bdc22a442e0632ea49fc73a824d093
Pyari******* da775dbce5107c9fda419bbe5f922d1fb1a22db3
Pyari******** 9e5882f60963e50b868d5e33091d62ea471942f2
pakis**** 088e4a2e6f0c20048cd3e53c639c7092bffb8524
Amiab***** 310394218fdf286b09fae67874f94df424968135
Amiab****** 59b0184d316438d870c37e3b1ca91f443348b998
Arsen***** bf62fa8f8a70f62ca9623ad9335ed63ccab9c915
Pyari********* 99f1fe77f96b27ef0e30230ea2c19a20765d6ed3
XwTNR*********** cd311299d7e362015fbfdc452226519a810becde
kS6wB*********** 9113bdd9411a7c0f15558e5ef4477f6450f55c96
!1QQQ**** 9a06a22f11346238b10240f5815094cfa3e80a46
Hassan 15
Introduction to Information Security
Hassan 16
What is Information Security
Hassan 17
What is Information Security
Hassan 18
What is Information Security
and content
Hassan 20
Layers of Security
Hassan 21
Introduction to Information Security
Hassan 22
Cyber Threat Landscape - Stats
▪ 95 percent of cybersecurity breaches are caused by human error. (World Economic Forum)
▪ The worldwide information security market is forecast to reach $366.1 billion in 2028. (Fortune Business
Insights)
▪ The U.S. was the target of 46 percent of cyberattacks in 2020, more than double any other country. (Microsoft)
▪ 54 percent of companies say their IT departments are not sophisticated enough to handle advanced
cyberattacks. (Sophos)
▪ 43 percent of all breaches are insider threats, either intentional or unintentional. (Check Point)
▪ Data breaches exposed 22 billion records in 2021. (RiskBased Security)
▪ Approximately 70 percent of breaches in 2021 were financially motivated, while less than five percent were
motivated by espionage. (Verizon)
Hassan 23
Cyber Threat Landscape
Hassan 24
Cyber Threat Landscape
Hassan 26
Edward Snowden
He was a former system administrator for the Central Intelligence Agency (CIA) and a
counterintelligence trainer at the Defense Intelligence Agency (DIA)
Hassan 27
Edward Snowden
The information revealed numerous global surveillance programs, many run by the NSA and
the Five Eyes with the cooperation of telecommunication companies and European
governments
Hassan 28
Edward Snowden
Hassan 29
Edward Snowden
Hassan 30
Edward Snowden
Hassan 31
Five Eyes Alliance
Hassan 32
Five Eyes Alliance
They have found ways to infiltrate all aspects of modern communications networks, forcing
companies to hand over their customers data under secret orders, and secretly tapping fibre
optic cables between the same companies' data centers
Hassan 33
PRISM
The NSA has direct access via the PRISM program to the servers of some of the biggest U.S.
tech companies, including Apple, Google and Microsoft. Clandestine surveillance program
under which the United States National Security Agency (NSA) collects internet
communications of foreign nationals from at least nine major US internet companies
Hassan 34
PRISM
Number one source of raw intelligence used for NSA analytic reports", and it accounts for
91% of the NSA's Internet traffic
Hassan 35
PRISM
Hassan 36
PRISM
Prism can collect anything that you post online from Gmail, Facebook, Skype, Outlook or
Yahoo
Hassan 37
Project Chess
Skype started a secret program, called Project Chess, to make Skype calls accessible to
intelligence agencies and law enforcement
Hassan 38
Project Chess
Skype then joined the PRISM program in February 2009
Hassan 39
Boundless Informant
Hassan 40
SPYING OF HONGKONG, CHINESE
AND SPANISH CITIZENS
NSA hacked civilian computer networks in both Hong Kong and mainland China
Hassan 41
SPYING OF HONGKONG, CHINESE
AND SPANISH CITIZENS
That NSA collected 60 million Spanish telephone calls over just 30 days in late 2012 and
early 2013
Hassan 42
Monitoring of Foreign Diplomats
U.S. and the U.K. spied on foreign leaders and diplomats at the 2009 G20 summit
Hassan 43
Monitoring of Foreign Diplomats
Bugged the South African foreign ministry and planned to spy on envoys to the 2009
Commonwealth Summit
Hassan 44
UK’s Tempura Program
GCHQ’s Tempura taps into large fiber optic cables that carry massive amounts of Internet
and telephone traffic
Hassan 45
NSA’s Upstream Program
The "Upstream" program collects from the fiber-optic cable networks that carry much of the
world’s Internet and phone data
Hassan 46
XKEYSCORE
Hassan 47
XKEYSCORE
Network of 700 servers scattered across the globe that collect "nearly everything a user
does on the Internet" and store it in databases searchable by name, email, IP address,
region and language
Hassan 48
XKEYSCORE
A top-secret National Security Agency program allows analysts to search with no prior
authorization through vast databases containing emails, online chats and the browsing
histories of millions of individuals
Hassan 49
XKEYSCORE
One presentation claims the program covers "nearly everything a typical user does on the
internet", including the content of emails, websites visited and searches, as well as their
metadata
Hassan 50
Tailored Access Operations (TAO)
Hassan 51
Tailored Access Operations (TAO)
Hassan 52
Tailored Access Operations (TAO)
Hassan 53
Spying on Smartphone Data
NSA has the ability to tap into data - including emails, contacts, notes and physical location -
from all the major smart phones on the market
Hassan 54
Monitoring of Financial Networks
Branch of the NSA called Follow the Money performs bulk data collection on international
networks belonging to Visa, Mastercard, the Society for Worldwide Interbank. The NSA's
surveillance of SWIFT violates a 2010 agreement with the European Union
Hassan 55
Introduction to Information Security
Hassan 56
Backdoor found in Netis or Netcore Routers
Hassan 57
Russian Cyber Attack on Estonia
Hassan 58
Operation Orchard - 2007
Kibar Camp
(Before and After Air Strikes)
Hassan 59
Russian Cyber Attack on Georgia
Hassan 60
US’s Cyber Attack on Iran (Stux Net)
▪ US and Israel launched cyber attack on Iran using malware named as Stuxnet in
2010
▪ Reportedly, one fifth of Iranian nuclear centrifuges were damaged
Hassan 61
Cyber Attack on Ukraine
Hassan 62
Cyber Attacks on Banks
Hassan 63
US Elections Hacked
Hassan 64
Dutch Elections
▪ Amid “Hacking” fears, Dutch Government decided that general elections will be
entirely conducted manually, and votes will be counted by hand and tallied with
pen and paper
Hassan 65
Introduction to Information Security
Hassan 66
Information Security Purpose
“Security to identify the threats against, the risks and the associated
potential damage to, and the safeguarding of Information Assets..”
Hassan 67
Information Security Purpose
Hassan 68
Assets
Hassan 69
Vulnerability
Hassan 70
Threat
Hassan 71
Risk
exploiting a vulnerability.
or
Hassan 72
Motives and Goals of a Hacker
Hassan 73
Skills of an Information Security Engineer
Technical Skills
Hassan 74
Thanks
Hassan 75