Learn about cybersecurity

Basic knowledge

Types of Organizational Data

- Traditional Data (Corporate data includes personnel information, intellectual properties, and financial data)

- Internet of things and big data ( A large network of physical objects including sensors and equipment)

Confidentiality, Integrity, and Availability

Confidentiality – Ensures the privacy of data by restricting access through authentication encryption

Integrity – assures info is accurate and trustworthy

Availability – Ensures info is accessible to authorized people, Checksum is used to verify the integrity of files or strings of characters which is calculated with hash function)

Type of attackers

Amateurs (Script kiddies) – Attackers with little / no skill (Using existing tools/instructions found on internet)

Hackers – group of attackers to break into computer to gain access (White ,grey /back hats)

Organized hackers – organization of cyber criminals , hacktivists , terrorist ,state-sponsored hackers (Groups of professional criminals focused on control, power and wealth )

Internal security threats

- Attacks can be within the organization or outside the organization

- An internal user such as employee or contract partner can accidently or intentionally

è Mishandle confidential date

è Threaten the operations of internal servers or network infrastructure devices

è Facilitate outside attacks by connecting infected USB media into the corporate computer system

è Accidentally invite malware onto the network through malicious email or websites

- External security threats

è From amateurs or skilled attackers

è Can exploit vulnerabilities in network or computing devices to gain access

Cyberwarfare

- Important dimension of warfare where nations can carry out conflicts without the clashes of traditional troops and machines.

- Attackers have the resources and expertise to launch massive Internet-based attacks against other nations to cause damage or disrupt services, such as shutting down a power grid

- Main purpose of cyberwarfare is to gain advantage over adversaries, whether they are nations or competitors.

Stuxnet – A malware program designed to damage the nuclear enrichment plant of iran, a program which is an example of a state-sponsored attack

International Multilateral Partnership Against Cyber Threats (IMPACT) – A global partnership of world governments, industries, and academia dedicated to improving global capabilities when dealing with cyber threats

Ethics – Codes of behavior that are sometimes but not always enforced by laws

Security vulnerabilities (Any kind of software or hardware defect)

- Buffer overflow

è Occurs when data is written beyond the limits of a buffer, are memory areas allocated to application

- Non-validated input

è Data coming into the program could have malicious content, designed to force the program to behave in an unintended way