Professional Documents
Culture Documents
Cyber Security
Cyber Security
Cyber Security
• Information state
• Security services
• Security countermeasures
Information Assurance Model
Information Assurance versus
Information Security
• Both involve people, processes, techniques, and
technology Information assurance and information
security are often used interchangeably.
• Information Security is focused on the confidentiality,
integrity, and availability of information (electronic and
non-electronic)
• IA has broader implications and explicitly includes
reliability, access control, and nonrepudiation as well as
a strong emphasis on strategic risk management
• ISO information security management standards (ISMS)
are more closely aligned with IA
Cyber Security
• Cyber security is the protection of information
and information systems against the potential
threats on the internet
• Cyber security means securing the information
related to the use of internet
• Security on the internet must involve information
or information system.
• Specific measure to maintain cyber security
– Viruses and identity threat
– Protection of applications and individual privacy
– Protection from online Predators and cyberbullies
(cyberharassment)
Principles of Cyber Security
• Data Confidentiality
• Data Integrity
• Authenticity
• Availability
• Non-repudiation
Tools & Techniques in Cyber Security
• Authentication: Intends to verify the identity of user
based on the credentials stored in the security
domain of the system.
• Encryption: Encoding and decoding of data with
proper key.
• Digital Signatures: A digital signature is a
mathematical technique used to validate the
authenticity and integrity of a message, software or
digital document.
• Anti-virus: Prevents the installation of virus in system
and also scans the system for the viruses that had
already installed.
• Firewall: Hinder any attempt of unauthorized access
to a computer or network.
Why is Cyber Security
Important?
• Governments, military, corporations, financial
institutions, hospitals and other businesses collect,
process and store a great deal of confidential
information on computers and transmit that data
across networks to other computers.
• With the growing volume and sophistication of
cyber attacks, ongoing attention is required to
protect sensitive business and personal
information, as well as safeguard national
security.
Cyber Crime
• Cyber crime is criminal activity done using
computers and the internet. It may be downloading
illegal movies, music files, stealing from bank
accounts, creating viruses and many more.
• These crimes categorised into three broad areas:
• i) Attacks against computer hardware & softwares.
E.g Viruses, malware and network intrusion.
• ii) Financial crimes such as online fraud.
• iii) Abusing in the form of grooming and
exploitation.
Types of Cyber Crimes
• Hacking: Uses a variety of software to enter a
person’s computer and access his personal or
sensitive information.
• Theft: Person violates copyrights and downloads
music, movies, games and softwares.
• Cyber Stalking: Kind of online harassment through
online messages and e-mails.
• Identity Theft: A criminal accesses data about a
person’s bank account, credit card or other details
and buy things in the victims name.
• Malicious Software: Internet based software or
programs that are used to disrupt a network.
Categorization of Cyber Crimes
• Individual: Can be in the form of cyber stalking,
distributing pornography, trafficking and grooming.
Can be the victim of hacking, theft, identity theft and
malicious software.
• Property: Criminals can steal and rob in real world,
Just like cyber criminals can steal a person’s bank
details, misuse the credit card, run a scam to get
innocent people to part with their hard earned money.
• Government: Crimes against a government are
referred to as cyber terrorism. It can wreak havoc and
cause panic to civilians. Criminals can hack
government website, military websites or circulate
propaganda.
Cyber bullies & Predators
• Cyber Bullying is the use of information technology to
repeatedly harm or harass other people in a deliberate
manner.
• Includes posting rumours, gossips or publishing
materials severely defaming & humiliating them.
• Forms of Cyber bullying includes:
• i) Flaming: Online fights.
• ii) Harassment: Direct hurtful messages.
• iii) Denigration: Harmful material posted
• iv) Outing: Sending or posting private damaging digital
material
• V)Trickery: Tricking someone into providing damaging
digital material that is then disseminated.
Cyber bullies & Predators
• Vi) Exclusion: Excluding someone from an online
group.
• Vii) Cyber Stalking: Acts that generates fear.
Business Objectives:
• Monetary losses
• Loss of personal privacy
• Loss of commercial confidentiality
• Legal actions
• Public embarrassment
• Danger to personal safety
Security Risk Analysis Steps
• Step 1: Identify and evaluate assets.
To list all the things that could be affected by a security
problem not only monetary but also good will and
customer satisfaction.
• Step 2: Identify applicable threats.
Involves the identification and description of threats that
how often they are likely to occur.
• Step 3: Identify / Describe vulnerabilities
Level of risk is determined by analysing the
interrelationship of threats and vulnerabilities. The level
of vulnerabilities decreases as countermeasures
increases.
Security Risk Analysis Steps
• Step 4: Pair threats and vulnerabilities
A threat is any action with the potential to cause a negative
impact. If there were no threats to computer systems,
there would be no need to be concerned about computer
system vulnerabilities.
• Step 5: Determine the impact of threat
occurence.
When the exploitation of vulnerability occurs, the asset
suffers a loss. Losses can be of any type like disclosure,
destruction and denial of service.
• Step 6: In-place counter measures
List the countermeasures in any risk analysis process.
Security Risk Analysis Steps
• Step 7: Determine residual risks (conclusions)
Refers to the level of risk that remains after giving credit for
the in-place countermeasures.
• Step 8:Identify additional countermeasures
(recommendations)
To identify the most effective and least costly way to
reduce risk to an acceptable level.
• Step 9: Prepare a risk analysis report.
To identify the information assets at risk and attach a value
to the risks, after the analysis is complete, a report may
be prepared for documenting the risk assessment.
Problems of Measuring Risk
Businesses normally wish to measure in money, but
• Many of the entities do not allow this
– Valuation of assets
• Value of data and in-house software - no market value
• Value of goodwill and customer confidence
– Likelihood of threats
• How relevant is past data to the calculation of future
probabilities?
– The nature of future attacks is unpredictable
– The actions of future attackers are unpredictable
– Measurement of benefit from security measures
• Problems with the difference of two approximate
quantities
– How does an extra security measure affect a ~10-5