INTRODUCTION TO

CYBER SECURITY

Engr. Mehmood ul Hassan

MS Information Security
Military College of Signals NUST

Email: mehmood.hassan@students.au.edu.pk
mehmood.sk94@gmail.com

Room#531, 5th Floor FMC Building Au Islamabad

DEPARTMENT OF
CYBER SECURITY
AIR UNIVERSITY, ISLAMABAD CAMPUS
 OUTLINE
• COURSE OBJECTIVES
• COURSE INFORMATION
• INTRODUCTION TO BASIC CONCEPTS
• QUESTIONS & ANSWERS
 COURSE OBJECTIVES
• CYBER SECURITY’S CORE CONCEPTS, TERMINOLOGIES, HISTORY,
TECHNOLOGIES AND SKILLS.
• KNOWLEDGE AND BASIC SKILLS TO DEFEND INFORMATION ASSETS;
RESIDENT OR TRANSIENT AND INFRASTRUCTURE CARRYING IT
FROM CYBER THREATS AND ATTACKS.
• OFFENSIVE: SURVEILLANCE, EXPLOITATION, HACKING, MALWARES
ATTACK, SOCIAL ENGINEERING
• DEFENSIVE: VULNERABILITY ASSESSMENT, NETWORK DEFENSE,
PASSWORDS, FIREWALLS, VPNS, INCIDENT RESPONSE, INTRUSION
DETECTION AND PREVENTION
• DIGITAL FORENSICS AND ITS VARIOUS TECHNIQUES.
• CRUCIAL ISSUES: INDUSTRIAL ESPIONAGE & SABOTAGE, IOT
SECURITY, BLOCKCHAIN, GDPR, CYBER BULLYING AND
HARASSMENT
 COURSE INFORMATION
• CREDIT HOURS: 3.0
• DURATION: 16 WEEKS
• ASSESSMENT:
• QUIZZES: 10% (ANNOUNCED & UNANNOUNCED)
• ASSIGNMENTS: 15% (INDIVIDUAL & GROUP)
• MID TERM: 35%
• FINAL: 40%
 COURSE RESOURCES
REFERENCE BOOKS:
• C.P. PFLEEGER, “SECURITY IN
COMPUTING”, PRENTICE-HALL, 4TH
EDITION OR LATEST
• LAWRENCE C. MILLER, “CYBER
SECURITY FOR DUMMIES”, PALO ALTO
NETWORKS, 2ND EDITION OR LATEST
• WILLIAM STALLINGS, “NETWORK
SECURITY ESSENTIALS: APPLICATIONS
AND STANDARDS”, 3RD EDITION OR
LATEST
• WILLIAM STALLINGS, CRYPTOGRAPHY
AND NETWORK SECURITY: PRINCIPLES
AND PRACTICES”, 4TH EDITION
• BRUCE SCHNEIER, “APPLIED
CRYPTOGRAPHY”, 2ND EDITION OR
LATEST
 COURSE RESOURCES
REFERENCE BOOKS:
• BRUCE SCHNEIER, “BEYOND FEAR:
THINKING SENSIBLY ABOUT SECURITY IN AN
UNCERTAIN WORLD”, LATEST EDITION
• KEVIN D. MITNICK & WILLIAM L. SIMON, “THE
ART OF DECEPTION: CONTROLLING THE
HUMAN ELEMENT OF SECURITY”, WILEY
PUBLISHING INC.
• KEVIN D. MITNICK & WILLIAM L. SIMON, “THE
ART OF INTRUSION: THE REAL STORIES
BEHIND THE EXPLOITS OF HACKERS,
INTRUDERS & DECEIVERS”, WILEY
PUBLISHING INC.
• JON ERICKSON, “HACKING: THE ART OF
EXPLOITATION”, LATEST EDITION
 COURSE RESOURCES
REFERENCE BOOKS:
• GEORGE KURTZ, JOEL SCAMBRAY,
AND STUART MCCLURE, “HACKING
EXPOSED: NETWORK SECURITY
SECRETS AND SOLUTIONS”, 2ND
EDITION OR LATEST
• ELDAD EILAM, “REVERSING:
SECRETS OF REVERSE
ENGINEERING”, WILEY PUBLISHING
INC.
• BILL NELSON, AMELIA PHILLIPS,
CHIRSTOPHER STEUART, “ GUIDE
TO COMPUTER FORENSICS &
INVESTIGATIONS”, 4TH EDITION OR
LATEST
 BASIC CONCEPTS
• WHY CYBER SECURITY?
• WHAT IS CYBER SECURITY?
• BASIC CONCEPTS
• BASIC MODEL
• QUESTIONS & ANSWERS
 WHY IS SECURITY?

• NOW TECH IS EVERY WHERE

• THERE ARE SOME THREATS WE
ARE GOING TO LIVE WITH
• BY 2023 THE GLOBAL CYBER
SECURITY IS EXPECTED TO
SKYROCKET TO $165 BILLION
 WHY IS SECURITY?
• CYBER CRIMES ARE INCREASING,
• ITS GROWING INDUSTRY,
• ITS BENEFICIAL FOR THE ATTACKERS
AND
• RISKS ARE EXTREMELY LOW
• ANNUAL GLOBAL CYBER SECURITY
COST IS $600 BILLION
 WHY IS SECURITY?
• TOP TECH COMPANIES REVENUE IS
LESS THAN $600 BILLION
• CYBER CRIME VICTIMS PER YEAR 600
MILLION
• IF WE BREAK THAT DOWN
• 1.5 OR 1.6 MILLION PER DAY VICTIMS
• 20 PER SECOND
 WHY IS SECURITY?

• IN 2016 OVER 657 MILLION

IDENTITIES WERE EXPOSED
• MAJORITY OF WHICH WERE STOLEN
• 40 MILLION FROM US
• 54 MILLION FROM TURKEY
• 20 MILLION FROM KOREA
WHY IS SECURITY?
 WORLD'S BIGGEST DATA BREACHES

• HTTP://WWW.INFORMATIONISBEAUTIFUL.NET/VISUALIZATIONS/WORLDS-BIGGEST-DATA-BREACHES-
HACKS/
 GLOBAL CYBER SPACE ENVMT

Approx 51 % of world population is an active user of internet and related

technologies, and almost 100% are the effectees
 PAK CYBER SPACE ENVMT

• Fastest growing cellular market

• Well dev IT Industry

• Maj portion of internet tfc routed through India (Submarine

cables)
• Ltd monitoring mechanism for ISPs

• Absence of state owned Telco

• Absence of National level CERT ( computer emergency

response team)
• High reliance on foreign eqpt / tech
 CYBERSECURITY EFFORTS AT
NATIONAL LVL
• PREVENTION OF ELECTRONIC CRIME ACT 2016
• NATIONAL TELECOM AND INFO SECURITY BD
(NTISB) CABINET DIV
• NATIONAL RESPONSE CEN FOR CYBER CRIME
(NR3C) AT FIA ISB
• CYBERCRIME HOTLINE (9911) AND SMS ALERT
SVC
 CYBERSECURITY EFFORTS AT
NATIONAL LVL
• ACT FOR WEBSITE MONITORING - 2015
• CPTR FORENSIC UNIT AT PUNJAB FORENSIC
SCIENCE AGENCY, 2011
• DIGITAL FORENSIC LAB AT SIND POLICE
FORENSICS DIV, 2012
• PAKISTAN RESEARCH CEN FOR CYBER
SECURITY (PRCCS)
 CYBERSECURITY EFFORTS AT
NATIONAL LVL
• POLICY FOR INTERNET, WEBSITE, EMAIL FOR
GOVERNMENT – 2009/11
• ACT FOR PROTECTION FROM SPAM – 2009
• CYBER DEF DAY – 6 SEP
• NCCS JUNE 2018 (HEAD QUARTER AT AU)
• PAKISTAN’S NATIONAL CYBER SECURITY
POLICY/STRAT HAS NOT YET DEFINED
PREVENTION OF ELECTRONIC CRIME

ACT – 2016
 NATIONAL CYBER SECURITY
CHALLENGES
• IMPLEMENTATION OF CYBER SECURITY LAWS /
REGS
• ABSENCE OF NATIONAL LVL CERT
• ABSENCE OF ADEQUATE DISASTER REC
MECHANISM
• CRITICAL NATIONAL NETWORKS ARE PRONE TO
CYBER THREATS
 NATIONAL CYBER SECURITY
CHALLENGES

• LACK OF QUAL CYBER SECURITY WORKFORCE

BOTH IN PUB AND PTE SECS
• LESS EMPHASIS ON CYBER SECURITY
AWARENESS AT ALL LVLS
 NATIONAL CYBER SECURITY
CHALLENGES

• LACK OF QUAL CYBER SECURITY WORKFORCE

BOTH IN PUB AND PTE SECS
• LESS EMPHASIS ON CYBER SECURITY
AWARENESS AT ALL LVLS
 VOIDS AT NATIONAL LEVEL

• LACK OF CYBER SECURITY AWARENESS AT ALL

LEVELS
• NEED OF IMPROVEMENT IN A CYBER
GOVERNANCE FRAMEWORK AND CYBER
SECURITY LAWS / REGULATIONS
• ABSENCE OF NATIONAL LEVEL SYSTEM FOR
DETECTION OF CYBER THREATS AND
SITUATIONAL AWARENESS
 VOIDS AT NATIONAL LEVEL

• DEPENDENCE ON FOREIGN VENDORS FOR

HARDWARE AND SOFTWARE PRODUCTS
• MOST OF THE CRITICAL NETWORKS ARE
CONNECTED TO THE PUBLIC INTERNET
• LACK OF EFFECTIVE PUBLIC PRIVATE
PARTNERSHIPS
• LACK OF COHERENCE AMONGST VARIOUS CYBER
SECURITY ORGANIZATIONS AND INITIATIVES
 VOIDS AT NATIONAL LEVEL

• DISASTER RECOVERY MANAGEMENT SYSTEM OF

NATIONAL FRAMEWORK IS MISSING
• LACK OF QUALIFIED CYBER SECURITY
WORKFORCE BOTH IN PUBLIC AND PRIVATE
SECTORS
• WIDESPREAD USE OF SOCIAL MEDIA NETWORKS IN
PUBLIC WITHOUT REQUISITE SAFE GUARDS
 VOIDS AT NATIONAL LEVEL

• POOR AND MISSING ARRANGEMENTS AT

EMBASSIES AND DAS ABROAD
• LACK OF INTERNATIONAL COOPERATION FOR
MITIGATING THREATS FROM OUTSIDE OWN
BORDERS
CONCEPTS
 WHAT IS SECURITY?

A STATE OF BEING SECURE AND

FREE FROM DANGER OR HARM;
THE ACTIONS TAKEN TO MAKE
SOMEONE OR SOMETHING SECURE
WHAT IS CYBER SECURITY?
PROTECTING DATA / INFORMATION
FROM UNAUTHORIZED ACCESS, USE,
DISCLOSURE,
DESTRUCTION, MODIFICATION, OR
DISRUPTION
RESIDENT OR IN TRANSIT
OVER THE INTERNET
 WHAT IS CYBER SECURITY?
PROTECTION OF THE
CONFIDENTIALITY, INTEGRITY, AND
AVAILABILITY OF INFORMATION
ASSETS, WHETHER IN STORAGE,
PROCESSING, OR TRANSMISSION, VIA
THE APPLICATION OF POLICY,
EDUCATION, TRAINING AND
AWARENESS, AND TECHNOLOGY.
 WHAT IS CYBER SECURITY?
THE PROTECTION OF
INFORMATION AND ITS CRITICAL
ELEMENTS, INCLUDING SYSTEMS
AND HARDWARE THAT USE,
STORE, AND TRANSMIT THAT
INFORMATION
COMMITTEE OF NATIONAL SECURITY SYSTEMS (CNSS)
COMPONENTS OF INFOSEC
RECOMMENDED READING
Q&A
 THANKYOU

Slides Reference Khwaja Mansoor ul Hassan (Air University Islamabad)