Professional Documents
Culture Documents
Cybersecurity Chapter 2
Cybersecurity Chapter 2
1. Types of Cybercrimes:
a. Financial Crimes: These include online fraud, identity theft, credit card fraud, and
cryptocurrency-related crimes. Financial cybercrimes target individuals, businesses, and
financial institutions worldwide.
d. Ransomware: Ransomware attacks, which encrypt data and demand a ransom for
its release, have surged globally. These attacks can target individuals, businesses,
hospitals, and even municipalities.
f. Online Extortion: Criminals use threats and intimidation to extort money from
individuals and organizations by threatening to release sensitive or compromising
information.
3. Global Impact:
c. Data Privacy: Data breaches compromise the privacy of individuals worldwide, with
personal and sensitive information exposed.
4. Global Response:
PHASES OF CYBERATTACK
The phases you mentioned are often associated with the lifecycle of a cyber-attack.
These phases help describe the different stages that cybercriminals go through when
conducting an attack. Here's an overview of each phase:
1. Reconnaissance:
- In this initial phase, cyber attackers gather information about their target. This can
involve passive methods like researching online or actively probing the target's systems
to identify vulnerabilities and potential entry points.
2. Passive Attacks:
- Passive attacks typically involve monitoring or eavesdropping on a target's network
or communications without actively engaging in any intrusive actions. This phase aims
to collect valuable information without alerting the target.
3. Active Attacks:
- Active attacks are more aggressive in nature. They involve actions like sending
malicious emails, probing network services for vulnerabilities, or attempting to gain
unauthorized access to systems. Active attacks are the point at which attackers actively
start to exploit weaknesses.
4. Scanning:
- During this phase, attackers scan the target's network to identify potential
vulnerabilities. This can include using tools and techniques to discover open ports,
services, and weak points in the target's infrastructure.
5. Gaining Access:
- After identifying vulnerabilities, attackers seek to exploit them to gain unauthorized
access to the target's systems or network. This phase often involves the use of
malware, exploits, or social engineering to establish a foothold.
6. Maintaining Access:
- Once inside the target's systems, attackers aim to maintain access and control for as
long as possible. They may create backdoors, establish persistence mechanisms, or
compromise legitimate user accounts to ensure continued access.
7. Lateral Movement:
- In this phase, attackers move laterally within the target's network, seeking to expand
their access and privileges. They might escalate their privileges, explore additional
systems, and gather more data or credentials.
8. Covering Tracks:
- To avoid detection and maintain stealth, attackers attempt to cover their tracks by
erasing or altering logs, deleting evidence of their activities, or obscuring their presence
within the network. This phase is crucial for staying undetected.
It's important to note that not all cyber-attacks follow this exact sequence, and the
specific phases can vary depending on the attack's objectives, methods, and the
attacker's sophistication. Additionally, defenders and cybersecurity professionals aim to
detect and thwart attacks at various stages of this lifecycle to prevent or limit damage.
CYBERSECURITY
Cybersecurity, short for "cybersecurity," is a critical field dedicated to protecting digital
systems, networks, and data from unauthorized access, cyberattacks, and data
breaches. It encompasses a wide range of practices, technologies, and measures
designed to safeguard the confidentiality, integrity, and availability of information in the
digital realm.
Importance of Cybersecurity:
5. Financial Stability: Preventing financial losses due to fraud, online scams, and cyber
theft.
1. Threats and Attacks: Cyber threats come in various forms, from hackers trying to
steal data to malware infecting systems. Understanding these threats is crucial to
developing effective defenses.
5. Cryptography: The use of encryption and decryption to protect data from being
intercepted or tampered with during transmission or storage.
6. Incident Response: Developing plans and procedures to effectively respond to and
recover from cybersecurity incidents, including data breaches and network
compromises.
1. Confidentiality:
- Definition: Confidentiality refers to the protection of sensitive data from unauthorized
access or disclosure. It ensures that only authorized individuals or systems can access
and view certain information.
- Examples: Personal identification numbers (PINs), financial records, medical
records, and classified government documents are all examples of data that require
confidentiality.
.2. Integrity:
- Definition: Integrity involves ensuring the accuracy, completeness, and
trustworthiness of data and information throughout its lifecycle. It focuses on preventing
unauthorized or malicious alterations to data.
- Examples: Ensuring that financial transaction data remains accurate and unaltered,
maintaining the integrity of medical records, and protecting critical infrastructure from
tampering are all examples of integrity considerations.
3. Availability:
- Definition: Availability pertains to the accessibility and reliability of information and
information systems when needed. It ensures that authorized users can access data
and services without disruption or downtime.
- Examples: Keeping online services available 24/7, ensuring critical business
applications are accessible, and preventing denial-of-service (DoS) attacks that could
render systems unavailable are all examples of availability concerns.
1. Threats:
- Definition: Threats refer to potential events, circumstances, or actions that can cause
harm or damage to an organization's information systems, data, or assets. Threats can
be deliberate (such as cyberattacks) or unintentional (such as natural disasters or
equipment failures).
- Examples: Threats include cyberattacks (e.g., malware, phishing, hacking), data
breaches, insider threats, viruses, earthquakes, floods, and power outages.
2. Vulnerabilities:
- Definition: Vulnerabilities are weaknesses or flaws in an organization's information
systems, processes, or security controls that can be exploited by threats to cause harm.
These weaknesses can exist in software, hardware, configurations, or even human
behavior.
- Examples: Vulnerabilities may include unpatched software, misconfigured firewalls,
weak passwords, lack of user training, or unencrypted data transmission.
3. Risk:
- Definition: Risk is the likelihood that a threat will exploit a vulnerability, resulting in
harm, damage, or loss. It combines the potential impact of an incident with the
probability of it occurring. Risk is typically assessed in terms of the likelihood and
severity of the consequences.
- Examples: High-risk scenarios might involve a significant data breach that could lead
to financial losses, reputational damage, and legal consequences. Low-risk scenarios
might include minor incidents that have minimal impact.
Risk management, risk assessment, and risk analysis are essential components of
cybersecurity and broader business strategy. They help organizations identify, evaluate,
and mitigate potential risks to their information systems, data, and overall operations.
Here's an explanation of each concept:
1. Risk Management:
- Process: The risk management process typically involves the following steps:
- Identification: Identify potential risks and threats that could affect the organization.
- Assessment: Evaluate the likelihood and potential impact of each identified risk.
- Prioritization: Prioritize risks based on their significance and potential
consequences.
- Mitigation: Develop and implement strategies and controls to reduce the likelihood
or impact of risks.
- Monitoring: Continuously monitor risks and assess their effectiveness to make
adjustments as needed.
2. Risk Assessment:
- Process: The risk assessment process typically includes the following steps:
- Asset Identification: Identify and classify assets, such as data, systems, and
infrastructure.
- Threat Identification: Identify potential threats or hazards that could impact these
assets.
- Vulnerability Assessment: Evaluate vulnerabilities or weaknesses that could be
exploited by threats.
- Risk Analysis: Analyze the potential impact and likelihood of risks by considering
the interaction between threats and vulnerabilities.
- Risk Evaluation: Determine the overall risk level based on the analysis and
prioritize risks for mitigation.
- Tools: Risk assessment often involves the use of risk matrices, risk heat maps, and
qualitative or quantitative risk analysis methods.
3. Risk Analysis:
- Benefits: Risk analysis helps organizations understand which risks are most critical
and need immediate attention. It also provides a basis for comparing risks and deciding
where to allocate resources for mitigation.
1. Information Classification:
- Definition: Information classification is the process of categorizing data and
information based on its sensitivity, value, and criticality to the organization. It involves
labeling data with appropriate classifications to determine how it should be handled,
protected, and shared.
2. Policies:
- Examples: Acceptable Use Policy, Data Classification Policy, Password Policy, and
Incident Response Policy are examples of information security policies.
3. Standards:
- Definition: Information security standards are more detailed and specific than
policies. They define the specific technical or procedural requirements that must be
followed to comply with the policies.
4. Procedures:
- Definition: Procedures are detailed, step-by-step instructions for carrying out specific
security tasks or processes. They provide specific guidance on how to implement
security controls and respond to security incidents.
- Examples: Incident response procedures, data backup procedures, and user
account provisioning procedures are examples of security procedures.
.
5. Guidelines:
- Definition: Guidelines are advisory documents that offer recommendations and best
practices for implementing security controls. While they are not mandatory, they provide
valuable insights for achieving security objectives.
- Examples: Secure coding guidelines, email security guidelines, and mobile device
security guidelines are examples of security guidelines.
- Physical Controls: These are security measures designed to protect physical assets,
such as buildings, servers, and hardware devices. Examples include security cameras,
access control systems, biometric authentication, locks, and environmental controls like
fire suppression systems.
- Logical Controls: Logical controls focus on safeguarding digital assets and data.
They include authentication mechanisms, encryption, intrusion detection systems,
firewalls, and security software. Logical controls are vital for protecting against cyber
threats.
2. Security Frameworks:
Security frameworks are structured guidelines and best practices that organizations can
adopt to develop and maintain a robust security program. They offer a systematic
approach to addressing security risks and achieving compliance with industry standards
and regulations
Adopting a security framework helps organizations align their security efforts with
industry-recognized standards, ensuring a structured and effective approach to security
management.
- Perimeter Security: This is the outermost layer, often protected by firewalls, intrusion
detection systems, and intrusion prevention systems, designed to keep unauthorized
users out.
- Network Security: Within the network, additional security measures, such as network
segmentation, access controls, and network monitoring, protect against internal threats
and lateral movement by attackers.
- Host Security: Security controls at the host level, including antivirus software, host-
based firewalls, and regular patch management, secure individual devices and servers.
- User Education and Training: Security awareness programs ensure that employees
and users are educated about security risks and best practices.
6. Time-Based Factors:
- Time-based factors take into account the timing or frequency of authentication
attempts.
- Time-based One-Time Passwords (TOTP) generated by authenticator apps or
hardware tokens are an example.
- Time-based factors ensure that a code or token is valid only for a specific period.
1. Authorization:
Authorization is the process of granting or denying permissions to individuals or
systems based on their identities and roles. It ensures that users have the appropriate
level of access to resources while protecting sensitive data and system functionality.
- Data Access Control: Ensures that users can only access and modify data they are
authorized to access. It includes file-level, database-level, and object-level access
controls.