ELEC-E7470 - Cybersecurity D

Lecture, 23.4.2024-29.5.2024

Lecture 1 – Basics of Cybersecurity 26.4.2024 1

ELEC-E7470 – Cybersecurity D: Course Instructors
Responsible Teacher Course Assistant

Dr. Tanesh Kumar Juho Kaivosoja

Staff Scientist, Operating Engineer,
Department of Information and Communications Department of Information and Communications
Engineering, Aalto University Engineering, Aalto University

Email: tanesh.kumar@aalto.fi Email: juho.kaivosoja@aalto.fi

Lecture 1 – Basics of Cybersecurity 26.4.2024 2

ELEC-E7470 – Cybersecurity D: Course Details

• The course focuses on overall understanding of cybersecurity including different

types of threats and solutions and the evaluation of technological solutions. After the
course students are expected to understand the basics of digital security.
• The course will be arranged virtually - virtual lectures and meetings.
• The course is graded pass/fail.
• The course consists of a preliminary assignment, five lecture days in April/May, three
group assignments (one of which case study project) and three individual assignments.
• Attending all the lecture days (for the whole time!) is mandatory; two absences are
permitted for a good reason, but you'll be assigned compensatory work for absences.
• All assignments are mandatory as well, and deadlines must be met!

Lecture 1 – Basics of Cybersecurity 26.4.2024 3

ELEC-E7470 – Cybersecurity D: Course Details

• This is a high-level course that also contains some technical cybersecurity knowledge.
• There are other courses that are much more technical. Some of these include:

Lecture 1 – Basics of Cybersecurity 26.4.2024 4

ELEC-E7470 – Cybersecurity D: Lectures Schedule
• Lecture 1 (April 23): Basics of Cybersecurity: Tanesh Kumar & Juho Kaivosoja
• Individual Assignment # 1: Deadline: 07.05.2024
• Group Assignment # 2: Deadline: 07.05.2024

• Lecture 2 (May 7): Threats and Risks of Cybersecurity: Tanesh Kumar

• Group Assignment # 3: Deadline: 14.05.2024

• Lecture 3 (May 14): Emerging Trends in Cybersecurity: Tanesh Kumar

• Individual Assignment # 4: Deadline: 21.05.2024

• Lecture 4 (May 21): Cybersecurity in Finland: Guest Speakers & Tanesh Kumar
• Individual Assignment # 5: Deadline: 27.05.2024

• Lecture 5 (May 28): Case Studies Presentations: Tanesh Kumar & Juho Kaivosoja
Lecture 1 – Basics of Cybersecurity 26.4.2024 5
ELEC-E7470 – Cybersecurity D: Today’s Plan
• 14:20 - 14:30: Start, Tanesh
• 14:30 - 15:00: Juho's Presentation
• 15:00 - 15:15: Groups in Zoom
• 15:15 - 15:30: Break
• 15:30 - 16:15: Lecture Session
• 16:15 - 16:30: Break
• 16:30 - 17:15: Lecture Session
• 17:15 - 17:30: Break
• 17:30 - 18:00: Final Wrap-up

Lecture 1 – Basics of Cybersecurity 26.4.2024 6

Lecture 1 – Basics of Cybersecurity
23.4.2024

Dr. Tanesh Kumar

Lecture 1 – Basics of Cybersecurity 26.4.2024 7
 Agenda

• What is Cybersecurity?
• Cybersecurity: Terminology
• Need/Importance of Cybersecurity
• Design Principles of Cybersecurity
• CIA TRIAD
• Cybersecurity Framework (NIST)

Lecture 1 – Basics of Cybersecurity 26.4.2024 8

What is CYBERSECURITY?

Lecture 1 – Basics of Cybersecurity 26.4.2024 9

Your thoughts on CYBERSECURITY?

What comes in your mind when you hear the word

‘Cybersecurity’.
Let’s have a chat:
https://presemo.aalto.fi/23042024

Lecture 1 – Basics of Cybersecurity 26.4.2024 10

What is CYBERSECURITY?

Cybersecurity!!: Protection of information/devices in a digital world from potential threats.

Lecture 1 – Basics of Cybersecurity 26.4.2024 11
Physical World to Digital World: Security

• Security of physical world:

• locking your doors, don’t give away your keys, having fences, Stay away from
dangerous location, Don’t talk to strangers
How to integrate Cybersecurity into Security
Image Source: https://pixabay.com/illustrations/ai-generated-earth-globe-world-8463728/ Lecture 1 – Basics of Cybersecurity 26.4.2024 12
Image Source: https://pixabay.com/photos/earth-globe-planet-world-space-11015/
What is CYBERSECURITY?

• Cybersecurity comprises methods, principles and

methodologies to protect your computing resources
and digital information from potential threats.

• Cybersecurity is the practice of protecting systems,

networks, and programs from digital attacks. (CISCO).

• Prevention of damage to, protection of, and restoration

of computers, electronic communications systems,
electronic communications services, wire
communication, and electronic communication,
including information contained therein, to ensure its
availability, integrity, authentication, confidentiality, and
nonrepudiation (NIST)
Image Source: https://pixabay.com/vectors/cyber-security-word-computer-cloud-2120014/

Source: https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
Lecture 1 – Basics of Cybersecurity 26.4.2024 13
Source: https://csrc.nist.gov/glossary/term/cybersecurity
Cybersecurity Terminology !!

Lecture 1 – Basics of Cybersecurity 26.4.2024 14

Cybersecurity: Terminology

Malware!!
Hacking!!
Cyberdefense!!

Attacks!!
Cybercrime!!
Threats!!
Vulunerability!!

Firewall!! Risks
Cyberspace!! Authorization!!

Internet!!
Authentication!!
Cyberattacks!!

Lecture 1 – Basics of Cybersecurity 26.4.2024 15

Cybersecurity: Terminology: Cyberspace, Cybercrime & Cyberdefense

Cyberspace Cybercrime Cybersdefense

• Virtual or digital encironment where • It refers to illegal, unauthorized or • Provides protection mechanism. It
different entities (devices/systems) criminal activities performed includes various strategies, polices,
are interconnected and can enable through the digital means, i.e., practices and technologies to
digital communication.e.g., hacking, phishing, and online fraud. protect/mitigate various
Internet. systems/devices/networks from
threats.
• Almost everyone somehow in one
or another way is connected to the
Cyberspace

Example: Online Banking

• Cyberspace: Online banking (Internet, Computer, Networks banking websites, Mobile Apps).
• Cybercrime: Phishing attacks, where email/messages are sent by malicous actors
• Cyberdefense: Various security measures to protect/mitigate the security risks,

Source: https://www.itu.int/en/ITU-D/Cybersecurity/Documents/Introduction%20to%20the%20Concept%20of%20IT%20Security.pdf Lecture 1 – Basics of Cybersecurity 26.4.2024 16

Cybersecurity: Terminology: Threat, Vulnerability, Risk

Threat Vulnerability Risk

• Threats can be seen as the • Defect or weakness in a • Potential damage or loss
occurrence of the potential design/system/network/devi associated with the threat.
harmful event that can exploit a ce which is exploited by a Likehood of any
vulunerability. threat. cybersecurity event.
• Example: Hacker target a • Example: software bugs, • Example: A DDoS attack on
organization network to get misconfigurations, weak a specific website can led to
unauthorized access to certain passwords, and lack of inaccessible to legitmate
data, services or resources, security updates users, financial losses,
unauthorized disclosure of reputation damage
information
•

Source: https://www.itu.int/dms_pub/itu-t/opb/tut/T-TUT-ICTSS-2020-4-PDF-E.pdf
Source: https://informationsecurity.wustl.edu/vulnerabilities-threats-and-risks-explained/ Lecture 1 – Basics of Cybersecurity 26.4.2024 17
Cybersecurity: Terminology: Authentication and Authorization
Authentication
• Mechanism to verify/identify the
users or devices, so that only
legitimate entities can access the
device/system or a network
• Verify identity
Example: Secure Access to Office Building
• Authentication:
• To enter building, one have to authenticate by
showing the ID card to security guard.
• The guard checks the ID/password/Biometrics and
matches with the details with the record.
• On successful verification of ID, authentication
process is complete and access to building is
given.
Source: https://csrc.nist.gov/glossary/term/authentication
Source: https://csrc.nist.gov/glossary/term/authorization
Authorization
• Mechanism for giving permission to the
legitimate users/devices to access
particular data, services or resources.
• Determines access rights based on
identity and role.
• Authorization:
• Inside the building, there are specific restricted
areas/rooms that further require authorization, for
example a server room having sensitive data.
• Authorization is given based on job
responsibility/department and permissions rights.
• Authorization is also done with ID/password and
access is granted on successful verification.
Lecture 1 – Basics of Cybersecurity 26.4.2024 18
Cybersecurity: Terminology: Cryptography

Cryptography
• Mechanism/process to protect and secure the digital communications in a way that
only intended person can read/access that information.
• Various techniques/codes are used in cryptography, i.e., Authentication, Encryption,
Digital Signatures, Timestamps.

Example:
• Let’s assume you and your friend form a secret code to communicate so that other can
not understand it You agree that every letter of the alphabet corresponds to a number.
• A = 1, B = 2, C = 3, and so on.
• Spaces and punctuation marks are also given corresponding numbers.

Source: https://www.ibm.com/topics/cryptography
Source: https://www.itu.int/en/ITU-D/Cybersecurity/Documents/01-Introduction%20to%20Cryptography.pdf Lecture 1 – Basics of Cybersecurity 26.4.2024 19
Cybersecurity: Terminology: Encryption and Decryption

Encryption: Decryption:
• To protect and secure the data/information, so • Reverse process of encryption. It is used to
that only authorized entities can extract the restore data in its original form and only
needed information. authorized entities can decrypt and read the
data.
• Converts plain text (readable) into cipher text
(unreadable) using encryption algorithm or keys. • Converts cipher text (unreadable) into plain
text (readable) using decryption algorithm or
keys.
Example: Sending message through locked box
• Encryption:
• Suppose a box containing valuable items (your message). Before sending it, you put a lock on the suitcase (encryption). This lock represents
the encryption process. Only one which have the key to unlock the box.

• Decryption:
• Box received by receiver and wants to access the contents (decrypt the message). You send them the key separately, allowing them to
unlock the box (decrypt the message) and access its contents. With the key, the receiver can open the box and view the valuable items (read
the message).

Source: https://www.itu.int/en/ITU-D/Cybersecurity/Documents/01-Introduction%20to%20Cryptography.pdf
Source: https://cloud.google.com/learn/what-is-encryption Lecture 1 – Basics of Cybersecurity 26.4.2024 20
Cyber Security: Terminology: Firewall
Firewall:
• A firewall is a crucial defense mechanism that acts as a barrier between the
devices/computer (internal network) and the internet (untrusted network)., e.g.,
Network Firewall
• It monitors and manages the Incoming and outgoing traffic based on a defined set
of rules/instructions.
• A firewall can be hardware, software, software-as-a service (SaaS), public cloud, or
private cloud (virtual).

Example:
• Imagine your computer is like a house, and the internet is the outside world.
• Firewall as a security guard placed at the entrance of the home monitors/manages incoming
who is coming inside home and who is going outside from home

Source: https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html
Source: https://www.ibm.com/docs/en/i/7.5?topic=ssw_ibm_i_75/rzaj4/rzaj4fwfirewallconcept.html
Source: https://www.f-secure.com/en/articles/firewall Lecture 1 – Basics of Cybersecurity 26.4.2024 21
Cyber Security: Terminology: Hacking
Hacking is the use of unconventional or illicit means to gain unauthorized
access to a digital device, computer system or computer network (IBM).

White Hat: Black Hat: Gray Hat:

• Ethical Hackers: use hacking • Use hacking expertise in an • Comes in between the white
skills for defensive purposes, offensive/illegal way to get the and black hat hackers.
i.e., to identify and resolve financial gain, personal interests Compromise the system without
security for company, or stealing sensitive information authorizatio/consent, even
organization or with government though the intent may not be
to improve cyberdefense. • Doesn’t follow legal boundries malicious.
and driven by some idelology,
• Work within the legal boundries desire or personal reasons. • Doesn’t follow the legal
and ethical guildliness. boundries
• Example: Ransomware attacks
• Example: Ethical hackers, • Example: Unauthorized
Cyberscurity experts/analyst Network Testing

Source: https://www.ibm.com/topics/cyber-hacking
Source: https://www.geeksforgeeks.org/types-of-hackers/ Lecture 1 – Basics of Cybersecurity 26.4.2024 22
Source: https://www.avast.com/c-hacker-types
Image Source: https://pixabay.com/vectors/hacker-computer-programming-hacking-5471975/
Cyber Security: Terminology: Cyberattacks
A Cyberattack is a malicious effort to access computer systems
without authorization with the intent to steal, expose, modify, disable
or eradicate information, (International Business Machines (IBM))

Threat Actors Motive for cyberattacks/cybercrime

• Career Cybercriminals: • Financial Gains
• Insiders • Corporate espionage
• Nation states • Personal
• Script kiddies • Political
• Organized Crime Groups • Sabotage and Disruption.
• Criminal

Sources: https://www.lupovis.io/what-are-cybersecurity-threat-actors/
Source: https://www.ibm.com/topics/cyber-attack Lecture 1 – Basics of Cybersecurity 26.4.2024 23
Source: https://www.sophos.com/en-us/cybersecurity-explained/threat-actors
Cyber Security: Terminology: Cyberattacks Types

Phishing

SQL
Malware Injection

MiTM
Password Attacks
Attacks

DoS Attacks

Source: https://www.ibm.com/topics/cyber-attack
Lecture 1 – Basics of Cybersecurity 26.4.2024 24
Cyber Security: Terminology: Cyberattacks Types

Cyberattack Example: Phishing Example

• According to CISCO, Phishing attacks are the practice of sending fraudulent
communications while appearing to be a reputable source.
• Usually sent via emails, text messages or website links (which looks legitimate) and
ask users to click the link (infected link or attachment).
• The goal is to such as login credentials, personal data, credit card info etc.

Source: https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html

Lecture 1 – Basics of Cybersecurity 26.4.2024 25

Assignment # 1: Individual Assignment

Find out, from different sources, different definitions of cybersecurity and then
formulate your own definition for cybersecurity in the context of your
domain/field. Write a report of 1-2 pages (in PDF format) and upload the file by
May 7th, 2024.

Lecture 1 – Basics of Cybersecurity 26.4.2024 26

The Need/Importance of CYBERSECURITY

Presenter Name 26.4.2024 27

Need of Cybersecurity: Digitized World

Social media Remote working brings new cybersecurity challenges

Image Source: https://pixabay.com/illustrations/social-media-word-cloud-936543/ Image Source: https://pixabay.com/illustrations/work-from-home-remote-work-hammock-6636480/

Lecture 1 – Basics of Cybersecurity 26.4.2024 28

Online applications, e.g., shopping.
Image Source: https://pixabay.com/illustrations/shopping-cart-process-shop-3407232/
Need of Cybersecurity: Cost of Cybercime Worldwide
• According to Cybercrime Magazine, 16

cybercrime will cost the world $10.5 13,82

14
trillion annually by 2025! 12,43
12 11,36
10,29

Cost in trillion U.S. dollars

• Global cybercrime costs are predicted 10 9,22
8,15
to rise by almost 15 percent yearly 8
7,08
over the next four years.
6 5,49

4
• Global indicator 'Estimated Cost of 2,95

Cybercrime' in cybersecurity market 2 1,16

0,7 0,86
was forecast to continuously increase
0
between 2023 and 2028 by in total 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028
5.7 trillion U.S. dollars (+69.94 %). Note(s): Worldwide; 2017 to 2028
Further information regarding this statistic can be found on page 8.
Source(s): Statista; Statista Technology Market Insights; ID 1280009

Source: https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide
Lecture 1 – Basics of Cybersecurity 26.4.2024 29
Source: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
Need of Cybersecurity: Malware observations in Finland

• Over the period from 2019 to 2023, the 90 000

81 202
number of malware observations in 80 000 74 405
69 644 67 789
Finland fluctuated strongly. 70 000 64 350 63 557
63 143
59 853

Number of incidents
60 000 53 693 55 335

50 000 46 775
42 666
• Number of detected malware and 40 000
39 106
32 107 33 443
32 066
malicious traffic peaked at roughly 81 30 000
thousands incidents during the third 20 000 16 752
quarter of 2021. 10 000

0
Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3
2019 2019 2020 2020 2020 2020 2021 2021 2021 2021 2022 2022 2022 2022 2023 2023 2023
• The lowest number of 16,752 incidents
Description: Over the period from 2019 to 2023, the number of malware observations in Finland fluctuated strongly. The number of detected malware and malicious traffic peaked at roughly
was reported in the 3rd quarter of 2019. 81 thousands incidents during the third quarter of 2021. The lowest number of 16,752 incidents was reported in the 3rd quarter of 2019. Read more
Note(s): Finland; Q3 2019 to Q3 2023; Detected malware and malicious traffic
Source(s): Traficom

Source: https://www.statista.com/statistics/733010/number-of-malware-incidents-per-quarter-in-finland/
Lecture 1 – Basics of Cybersecurity 26.4.2024 30
Need of Cybersecurity: Information security violations in Finland

6 000
• In 2020, roughly 12000

Number of violations and threats

4 912
5 000
information security violations and
4 000 3 771
threat notifications were
3 000
processed by the National Cyber
2 000
Security Centre in Finland. 980 1 062
805
1 000
153 83 124 116 32
0
• Majority of notifications processed
by the national authorities during
2020 concerned online scams
(4,912) and phishing (3,771).
Description: In 2020, roughly 12 thousand information security violations and threat notifications were processed by the National Cyber Security Centre in Finland. This was a major increase
of over 100 percent from the previous year, when roughly 4.5 thousand cases were handled. The majority of notifications processed by the national authorities during 2020 concerned online
scams (4,912) and phishing (3,771). Other common types of information security violations and threats included spam, malware, [...] Read more
Note(s): Finland; 2020; Notifications received and processed by the National Cyber Security Centre
Source(s): Telia Company

Source: https://www.statista.com/statistics/1224712/number-of-reported-information-security-violations-and-threats-finland/
Lecture 1 – Basics of Cybersecurity 26.4.2024 31
 Need of Cybersecurity: Personal data
breaches in Finland
600
• In 2022, 518 personal data 539
518
breaches were reported by 500 481

Number of data breaches

telecommunication operators in 395
400
Finland.
300 278

• The number of these types of data 200

breaches increased dramatically 93

100
in recent years, peaking at 539 12 9 11 6
incidents in 2021. 0
2013 2014 2015 2016 2017 2018 2019 2020 2021 2022
Description: In 2022, 518 personal data breaches were reported by telecommunication operators in Finland. The number of these types of data breaches increased dramatically in recent years, peaking at
539 incidents in 2021. However, according to the source, this development may be explained through better awareness and repor ting practices of Finnish telecommunication operators. Read more
Note(s): Finland; 2013 to 2022; Incl. incidents reported to Traficom by telecommunications operators
Source(s): Traficom

Source: https://www.statista.com/statistics/1204061/number-of-personal-data-breaches-reported-in-finland/
Lecture 1 – Basics of Cybersecurity 26.4.2024 32
Need of Cybersecurity
• In 2021, cybercrime cost the world $6 trillion.
• By 2025, these costs will increase to $10.5 trillion.
• Number of people using internet and digital services are significantly increasing.
• Cybercrime is an increasingly serious problem, and to address it, strong cybersecurity
is critical.
• Economic Costs
•
•
• Cybersecurity is highly important because it provides mechanism to protect all
kinds/categories of data from potential threats and risks.
• Without placing appropriate cybersecurity measures, any organization, company or
business can not deal with cyber attacks

Source: https://www.upguard.com/blog/cybersecurity-important
Source: https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/ Lecture 1 – Basics of Cybersecurity 26.4.2024 33
Need of Cybersecurity
• Personal
• Businesses
• Government Agencies
• Critical Infrastructure Providers
• Healthcare Organizations
• Financial Institutions
• Educational Institutions
• Nonprofit Organizations
• And many more…….

Lecture 1 – Basics of Cybersecurity 26.4.2024 34

Design Principles of CYBERSECURITY

Presenter Name 26.4.2024 35

 The CIA Triad
• Confidentiality: Protection of information and disclosed to the
authorized entities only
• Example: Criminal steals customers’ usernames, passwords, or
credit card information

• Integrity: Ensuring accuracy of information, no unauthorized

entity can change/alter information.
• Example: Someone modify payroll information or a product design.

• Availability: Ensuring/Enabling the availability of information,

data, and resources.
• Example: Customers are unable to access online digital services

Source: https://www.nccoe.nist.gov/publication/1800-26/VolA/
Lecture 1 – Basics of Cybersecurity 26.4.2024 36
Source: https://www.ibm.com/topics/information-security
The CIA Triad: Banking/ATM Example

• ATMs (Automated Teller Machines) serves be

appropriate example of the CIA Triad because of their
key role in handling sensitive financial transactions.

• Confidentiality: Two-factor authentication (ATM Card

and PIN Code)
• Integrity: Ensure that transactions are accurately
processed and recorded.
• Availability: ATMs are deployed in public places and
can be accessed even if the banks are closed.

Image Source: https://pixabay.com/vectors/atm-banking-withdrawal-man-money-3077727/

Lecture 1 – Basics of Cybersecurity 26.4.2024 37

The CIA Triad: Other Examples?

Can you think of any other suitable real-life

examples/applications that demonstrates the CIA
Triad for Cybersecurity

Image Source: https://pixabay.com/vectors/thinker-thinking-person-idea-28741/

Lecture 1 – Basics of Cybersecurity 26.4.2024 38

 Cybersecurity Framework (NIST)
The NIST Cybersecurity Framework can help an organization begin or improve their cybersecurity program. The
Framework is organized by five key Functions – Identify, Protect, Detect, Respond, Recover.

Understanding to manage cybersecurity risk to: systems,

IDENTIFY assets, data, and capabilities

PROTECT Appropriate safeguards to ensure delivery of services

DETECT Activities to identify occurrence of a cybersecurity event

RESPOND To take action regarding a detected cybersecurity event

To maintain plans for resilience that were impaired due to

RECOVER a cybersecurity event.

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1271.pdf Lecture 1 – Basics of Cybersecurity 26.4.2024 39

 Cybersecurity Framework (NIST)

Example Case Study: Financial

Sector/Banking

Let's consider a financial organization,

XYZ Bank, and how it applies the five
cybersecurity pillars

Image Source: https://pixabay.com/vectors/cards-card-stealing-steal-3252979/

Lecture 1 – Basics of Cybersecurity 26.4.2024 40

Cybersecurity Framework (NIST): Identify

Understanding to manage cybersecurity risk to: systems,

IDENTIFY assets, data, and capabilities

• XYZ bank perform a comprehensive risk analysis and assessment to

identify potential cybersecurity threats, risks and vulnerabilities.
• It may include identification of key data assets and information of
customer’s and their sensitive data, and analysis various security
controls.
• During the risk assessment, bank may identify probability and impact of
various threats, likehood of event occurring and potential impact.

Lecture 1 – Basics of Cybersecurity 26.4.2024 41

Cybersecurity Framework (NIST): Protect

PROTECT Appropriate safeguards to ensure delivery of services

• Based on risk assessment, XYZ bank will adopt corresponding different

security mechanisms (e.g., firewalls, access controls, multi-factor
authentication, IDS) to protect customer sensitive information.
• XYZ bank also initiate regular employee training program to give more
awareness and educate to their employees about recent trends of
cybersecurity

Lecture 1 – Basics of Cybersecurity 26.4.2024 42

Cybersecurity Framework (NIST): Detect

DETECT Activities to identify occurrence of a cybersecurity event

• With various security monitoring tools (e.g., intrusion detection systems

(IDS), anomaly detection algorithms), XYZ bank deploy can regularly
keep track of any suspicious activities or unusual behaviors.
• Let’s assume, despite all protection measures, the bank detects the
occurrence of Phishing attacks to their customers.

Lecture 1 – Basics of Cybersecurity 26.4.2024 43

Cybersecurity Framework (NIST): Respond

RESPOND To take action regarding a detected cybersecurity event

• In case of any attack (Phishing attack), cyber incident team of XYZ bank
takes the lead to limit its impact and apply potential mitigation approaches
• Team will take the necessary actions, e.g., informing the customers,
suggest to reset their passwords, notify about any unauthorized
transaction and take necessary measures for phishing emails/websites,
• The team will also coordinate with government authorities and law
enforcement agencies to get root cause of the incident and further
strengthen the security measures, i.e., block the phishing websites.

Lecture 1 – Basics of Cybersecurity 26.4.2024 44

Cybersecurity Framework (NIST): Recover

To maintain plans for resilience that were impaired due to

RECOVER a cybersecurity event.

• After mitigation of phishing attack, XYZ bank focuses on rapid

recovery efforts.
• This involves restoring affected systems, assessing any damage or
loss, and help customers in restoring lost during this phishing scam.
• Moreover, the XYZ bank updates the security measures according to
recent phishing attacks, to prevent similar incidents in the future.

Lecture 1 – Basics of Cybersecurity 26.4.2024 45

 Cybersecurity Framework (NIST): CSF 2.0
Mainly designed in the context of small-to-medium sized businesses (SMB),
particuarly those who have modest or no cybersecurity plans in place.

• Govern: establish and monitor business’s cybersecurity

risk management strategy, expectations, and policy.
• Identify: determine current cybersecurity risk to business.
• Protect: supports your ability to use safeguards to prevent
or reduce cybersecurity risks.
• Detect: provides outcomes that help you find and analyze
possible cybersecurity attacks and compromises.
Respond: supports your ability to take action regarding a
detected cybersecurity incident.
Recover: activities to restore assets and operations that
were impacted by a cybersecurity incident.
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1300.pdf Lecture 1 – Basics of Cybersecurity 26.4.2024 46
Assignment # 2: Group Assignment

Take a use-case company (fictional) and analyze how you can enhance the
overall cybersecurity and strengthen the cyberdefense of the organization by
applying the NIST five-cybersecurity principles (Identify, Protect, Detect,
Respond, and Recover). Write a report of 2-3 pages and a slide show of three
slides that you prepare to present on the next lecture.

Hand in two files: the report as a PDF and the presentation (PDF, PPT). Each
group needs to upload both files only once by May 7th, 2024.

Lecture 1 – Basics of Cybersecurity 26.4.2024 47

Kiitos
aalto.fi

Lecture 1 – Basics of Cybersecurity 26.4.2024 48