Uploaded by Bakhtawer Imtiaz

Cyber Security

advertisement
CYBER
SECURITY
Be aware! Connect with care.
WHAT IS CYBER
SECURITY?
Cyber security is the practice of
defending computers, servers, mobile
devices, electronic systems, networks,
and data from malicious attacks.
Cyber Security Goals
Confidentiality
Integrity
Ensure private or confidential information is
not being disclosed to unauthorized
individuals
Ensure data & systems are free from
unauthorized manipulation.
Availability
Availability
Ensure systems work promptly for their intended use
and service is not denied to authorized users.
Security Attacks
A cyber-attack is an exploitation of
computer systems and networks. It
uses malicious code to alter
computer code, logic or data and
lead to cybercrimes, such as
information and identity theft. We
are living in a digital era. Now a
day, most of the people use
computer and internet. Due to the
dependency on digital things, the
illegal computer activity is growing
and changing. like any type of
crime..
CYBER SECURITY ATTACKS
TYPES OF SECURITY
ATTACKS
Web-based attacks
•
•
•
•
•
Injection attacks
DNS Spoofing
Phishing
Brute force
Denial of Service
System-based attacks
•
•
•
•
Virus
Worm
Trojan horse
Backdoors
Types of Cyber Attackers
HACKTIVISTS
Cyber Criminals
Hacktivists are individuals or groups
of hackers who carry out malicious
activity to promote a political agenda,
religious belief, or social ideology.
STATE
SPONSORED
STATE-SPONSORED
State-sponsored attackers have
particular objectives aligned with
either the political, commercial or
military interests of their country of
origin.
HACKTIVISTS
An attacker is the individual or
organization who performs the
malicious activities
ATTACKERS
Attackers use every tools and
techniques they would try and
attack us to get unauthorized
access
INSIDER
THREATS
Cybercriminals are individual or group
of people who use technology to
commit cybercrime with the intention
of stealing sensitive company
information or personal data and
generating profits
CYBER
CRIMINALS
Insider Threats
These type of threats are usually
occurred from employees or former
employees, but may also arise from
third parties, including contractors,
temporary workers, employees or
customers
Cyber Security Principles
Economy of
mechanism
Open Design
Psychological
acceptability
Complete
mediation
Fail-safe defaults
Separation of
Privilege
Least Privilege
Least Common
Mechanism
Least Rights
Work Factor
Compromise
Recording
Cyber Security
Considerations
BACKUPS
01
Data backup refers to save additional copies of our data in
separate physical or cloud locations from data files in storage
ARCHIVAL STORAGE
02
Data archiving is the process of retaining or keeping of data at
a secure place for long-term storage. The data might be stored
in safe locations so that it can be used whenever it is required
03
DISPOSAL OF DATA
Data destruction or disposal of data is the method of
destroying data which is stored on tapes, hard disks and other
electronic media so that it is completely unreadable, unusable
and inaccessible for unauthorized purposes
Cyber Security
Technologies
Today, the fundamental problem is that much of the security
technology aims to keep the attacker out, and when that fails,
the defenses have failed. Every organization who uses
internet needed security technologies to cover the three
primary control types - preventive, detective, and corrective
as well as provide auditing and reporting. Most security is
based on one of these types of things: something we have
(like a key or an ID card), something we know (like a PIN or a
password), or something we are (like a fingerprint).
FIREWALL
VPN’s
INTRUSION DETECTION SYSTEM
ACCESS CONTROL
Firewall is a computer network security
system designed to prevent unauthorized
access to or from a private network.
It is a technology which creates a safe and
an encrypted connection on the Internet
from a device to a network.
An IDS is a security system which monitors
the computer systems and network traffic
Access control is a process of selecting
restrictive access to a system..
Security Technologies
VPN
A VPN stands for virtual private network. It is
a technology which creates a safe and an
encrypted connection on the Internet from a
device to a network. This type of connection
helps to ensure our sensitive data is
transmitted safely
INTRUSION DETECTION
An IDS is a security system which monitors
the computer systems and network traffic. It
analyses that traffic for possible hostile
attacks originating from the outsider and also
for system misuse or attacks originating from
the insider.
ACCESS CONTROL
Access control is a process of selecting
restrictive access to a system
The access control can be categories into
two types• Physical access control
• Logical access control
FIREWALLS
Firewall can be categorized into the following
types:
• Processing mode
• Development Era
• Intended deployment structure
• Architectural Implementation
Categories of Firewalls
Processing mode
The five processing modes that firewalls can be
categorized are:
Packet filtering
Application gateways
Circuit gateways
MAC layer firewalls
Hybrid firewalls
.
Development Era
First Generation
Second Generation
Third Generation
Fourth Generation
Fifth Generation
Intended deployment
structure
Firewall can also be categorized based on the
structure. These are:
Commercial Appliances
Small Office Home Office
Residential Software
Architectural Implementation
The firewall configuration that works best for a
particular organization depends on three
factors: the objectives of the network, the
organization's ability to develop and implement
the architectures, and the budget available for
the function.
The Risk of Fraud
The Risk of
Payment
Conflicts
The Risk of Tax
Evasion
Credit/Debit
card fraud
E-cash
ATM (Automated
Teller Machine)
THREATS TO
E-COMMERCE
Electronic payment Systems
The electronic payment systems have a very important
role in e-commerce. E-commerce processing is userfriendly and less time consuming than manual
processing. Electronic commerce helps a business
organization expand its market reach expansion. There
is a certain risk with the electronic payments system.
Security Policies
It increases efficiency
The policy should inform the
employees about their individual
duties, and telling them what they
can do and what they cannot do
with the organization sensitive
information
It upholds discipline and
accountability
The organization policies act as a
contract which proves that an
organization has taken steps to
protect its intellectual property, as
well as its customers and clients.
It can make or break a
business deal
It is not necessary for companies to
provide a copy of their information
security policy to other vendors
during a business deal that involves
the transference of their sensitive
information.
It helps to educate employees
on security literacy
A well-written security policy can
also be seen as an educational
document which informs the
readers about their importance of
responsibility in protecting the
organization sensitive data
Security Standards
ISO stands for International
Organization for
Standardization. International
Standards make things to work.
These standards provide a
world-class specification for
products, services and
computers, to ensure quality,
safety and efficiency.
This act is also used to check
misuse of cyber network and
computer in India.
.
ISO
IT Act
Intellectual property rights
is a right that allow
creators, or owners of
patents, trademarks or
copyrighted works to
benefit from their own
plans, ideas, or other
intangible assets or
investment in a creation
The copyright law has been enacted to
balance the use and reuse of creative works
against the desire of the creator their work by
controlling who can make and sell copies of
the work
Copyright Act
Patent law is a law that
deals with new
inventions
Patent Law
IPR
DIGITAL
SIGNATURE
A digital signature is a mathematical technique
which validates the authenticity and integrity of a
message, software or digital documents
Application of Digital Signature
• Authentication
• Non-repudiation
• Integrity
Algorithms in Digital Signature
A digital signature consists of three
algorithms:
1. Key generation algorithm
The key generation algorithm selects
private key randomly from a set of
possible private keys. This algorithm
provides the private key and its
corresponding public key.
2. Signing algorithm
A signing algorithm produces a signature
for the document.
3. Signature verifying
algorithm
A signature verifying algorithm either
accepts or rejects the document's
authenticity.
How digital signatures work
The steps which are followed in creating
a digital signature are:
1.Select a file to be digitally signed.
2.The hash value of the message or file
content is calculated. This message or
file content is encrypted by using a
private key of a sender to form the digital
signature.
3.Now, the original message or file
content along with the digital signature is
transmitted.
4.The receiver decrypts the digital
signature by using a public key of a
sender.
5.The receiver now has the message or
file content and can compute it.
6.Comparing these computed message
or file content with the original computed
message. The comparison needs to be
the same for ensuring integrity.
Types of Digital Signature
Certified Signatures
Visible Digital Signature
The certified digital signature
documents display a unique blue
ribbon across the top of the
document.
The visible digital signature allows a
user to sign a single document
digitally. This signature appears on a
document in the same way as
signatures are signed on a physical
document.
Approval Signatures
Invisible Digital Signature
The approval digital signatures on a
document can be used in the
organization's business workflow.
They help to optimize the
organization's approval procedure.
We can use invisible digital
signatures when we do not have or
do not want to display our signature
but need to provide the authenticity
of the document, its integrity, and its
origin.
Cyber Security Tools
PKI Services
This tool supports the distribution and
identification of public encryption keys.
Antivirus Software
Antivirus software is a program which is
designed to prevent, detect, and remove
viruses and other malware attacks on the
individual computer, networks, and IT
systems.
Firewalls
The firewalls are used to prevent
unauthorized internet users from
accessing private networks connected to
the Internet.
6
3
2
1
Staff Training
Staff training is not a 'cybersecurity tool' but
ultimately, having knowledgeable employees
who understand the cybersecurity which is one
of the strongest forms of defense against cyberattacks
5
TOOLS
4
Penetration Testing
Penetration testing, or pen-test, is an important
way to evaluate our business's security
systems and security of an IT infrastructure by
safely trying to exploit vulnerabilities
MDR
MDR is an advanced security service that
provides threat hunting, threat
intelligence, security monitoring, incident
analysis, and incident response
CYBER SECURITY CHALLENGES
Ransomware
Evolution
There are so many
challenges related
to cybersecurity.
Serverless
Apps
Vulnerability
IoT Threats
Blockchain
Revolution
AI Expansion
With the increase of the cyber-attacks, every organization needs a security analyst who makes sure that their system is secured. These security analysts face many
challenges related to cybersecurity such as securing confidential data of government organizations, securing the private organization servers, etc.
RISK ANALYSIS
Cyber Security Risk Analysis
Risk analysis refers to the review of risks associated with the particular action or event.
The risk analysis is applied to information technology, projects, security issues and any
other event where risks may be analyzed based on a quantitative and qualitative basis.
Risks are part of every IT project and business organizations. The analysis of risk
should be occurred on a regular basis and be updated to identify new potential threats.
The strategic risk analysis helps to minimize the future risk probability and damage.
Steps in the risk analysis process
The basic steps followed by a risk analysis process are:
• Conduct a risk assessment survey
• Identify the risks
• Analyze the risks
• Develop a risk management plan
• Implement the risk management plan
• Monitor the risks
RISK ANALYSIS TYPES
TYPES OF
RISK
ANALYSIS
QUANTITATIVE
QUALITATIVE
The qualitative risk analysis
process is a project
management technique that
prioritizes risk on the project
by assigning the probability
and impact number.
The objectives of performing
quantitative risk analysis
process provide a numerical
estimate of the overall effect
of risk on the project
objectives.
THANK YOU
Download