CYBER SECURITY Be aware! Connect with care. WHAT IS CYBER SECURITY? Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. Cyber Security Goals Confidentiality Integrity Ensure private or confidential information is not being disclosed to unauthorized individuals Ensure data & systems are free from unauthorized manipulation. Availability Availability Ensure systems work promptly for their intended use and service is not denied to authorized users. Security Attacks A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer code, logic or data and lead to cybercrimes, such as information and identity theft. We are living in a digital era. Now a day, most of the people use computer and internet. Due to the dependency on digital things, the illegal computer activity is growing and changing. like any type of crime.. CYBER SECURITY ATTACKS TYPES OF SECURITY ATTACKS Web-based attacks • • • • • Injection attacks DNS Spoofing Phishing Brute force Denial of Service System-based attacks • • • • Virus Worm Trojan horse Backdoors Types of Cyber Attackers HACKTIVISTS Cyber Criminals Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a political agenda, religious belief, or social ideology. STATE SPONSORED STATE-SPONSORED State-sponsored attackers have particular objectives aligned with either the political, commercial or military interests of their country of origin. HACKTIVISTS An attacker is the individual or organization who performs the malicious activities ATTACKERS Attackers use every tools and techniques they would try and attack us to get unauthorized access INSIDER THREATS Cybercriminals are individual or group of people who use technology to commit cybercrime with the intention of stealing sensitive company information or personal data and generating profits CYBER CRIMINALS Insider Threats These type of threats are usually occurred from employees or former employees, but may also arise from third parties, including contractors, temporary workers, employees or customers Cyber Security Principles Economy of mechanism Open Design Psychological acceptability Complete mediation Fail-safe defaults Separation of Privilege Least Privilege Least Common Mechanism Least Rights Work Factor Compromise Recording Cyber Security Considerations BACKUPS 01 Data backup refers to save additional copies of our data in separate physical or cloud locations from data files in storage ARCHIVAL STORAGE 02 Data archiving is the process of retaining or keeping of data at a secure place for long-term storage. The data might be stored in safe locations so that it can be used whenever it is required 03 DISPOSAL OF DATA Data destruction or disposal of data is the method of destroying data which is stored on tapes, hard disks and other electronic media so that it is completely unreadable, unusable and inaccessible for unauthorized purposes Cyber Security Technologies Today, the fundamental problem is that much of the security technology aims to keep the attacker out, and when that fails, the defenses have failed. Every organization who uses internet needed security technologies to cover the three primary control types - preventive, detective, and corrective as well as provide auditing and reporting. Most security is based on one of these types of things: something we have (like a key or an ID card), something we know (like a PIN or a password), or something we are (like a fingerprint). FIREWALL VPN’s INTRUSION DETECTION SYSTEM ACCESS CONTROL Firewall is a computer network security system designed to prevent unauthorized access to or from a private network. It is a technology which creates a safe and an encrypted connection on the Internet from a device to a network. An IDS is a security system which monitors the computer systems and network traffic Access control is a process of selecting restrictive access to a system.. Security Technologies VPN A VPN stands for virtual private network. It is a technology which creates a safe and an encrypted connection on the Internet from a device to a network. This type of connection helps to ensure our sensitive data is transmitted safely INTRUSION DETECTION An IDS is a security system which monitors the computer systems and network traffic. It analyses that traffic for possible hostile attacks originating from the outsider and also for system misuse or attacks originating from the insider. ACCESS CONTROL Access control is a process of selecting restrictive access to a system The access control can be categories into two types• Physical access control • Logical access control FIREWALLS Firewall can be categorized into the following types: • Processing mode • Development Era • Intended deployment structure • Architectural Implementation Categories of Firewalls Processing mode The five processing modes that firewalls can be categorized are: Packet filtering Application gateways Circuit gateways MAC layer firewalls Hybrid firewalls . Development Era First Generation Second Generation Third Generation Fourth Generation Fifth Generation Intended deployment structure Firewall can also be categorized based on the structure. These are: Commercial Appliances Small Office Home Office Residential Software Architectural Implementation The firewall configuration that works best for a particular organization depends on three factors: the objectives of the network, the organization's ability to develop and implement the architectures, and the budget available for the function. The Risk of Fraud The Risk of Payment Conflicts The Risk of Tax Evasion Credit/Debit card fraud E-cash ATM (Automated Teller Machine) THREATS TO E-COMMERCE Electronic payment Systems The electronic payment systems have a very important role in e-commerce. E-commerce processing is userfriendly and less time consuming than manual processing. Electronic commerce helps a business organization expand its market reach expansion. There is a certain risk with the electronic payments system. Security Policies It increases efficiency The policy should inform the employees about their individual duties, and telling them what they can do and what they cannot do with the organization sensitive information It upholds discipline and accountability The organization policies act as a contract which proves that an organization has taken steps to protect its intellectual property, as well as its customers and clients. It can make or break a business deal It is not necessary for companies to provide a copy of their information security policy to other vendors during a business deal that involves the transference of their sensitive information. It helps to educate employees on security literacy A well-written security policy can also be seen as an educational document which informs the readers about their importance of responsibility in protecting the organization sensitive data Security Standards ISO stands for International Organization for Standardization. International Standards make things to work. These standards provide a world-class specification for products, services and computers, to ensure quality, safety and efficiency. This act is also used to check misuse of cyber network and computer in India. . ISO IT Act Intellectual property rights is a right that allow creators, or owners of patents, trademarks or copyrighted works to benefit from their own plans, ideas, or other intangible assets or investment in a creation The copyright law has been enacted to balance the use and reuse of creative works against the desire of the creator their work by controlling who can make and sell copies of the work Copyright Act Patent law is a law that deals with new inventions Patent Law IPR DIGITAL SIGNATURE A digital signature is a mathematical technique which validates the authenticity and integrity of a message, software or digital documents Application of Digital Signature • Authentication • Non-repudiation • Integrity Algorithms in Digital Signature A digital signature consists of three algorithms: 1. Key generation algorithm The key generation algorithm selects private key randomly from a set of possible private keys. This algorithm provides the private key and its corresponding public key. 2. Signing algorithm A signing algorithm produces a signature for the document. 3. Signature verifying algorithm A signature verifying algorithm either accepts or rejects the document's authenticity. How digital signatures work The steps which are followed in creating a digital signature are: 1.Select a file to be digitally signed. 2.The hash value of the message or file content is calculated. This message or file content is encrypted by using a private key of a sender to form the digital signature. 3.Now, the original message or file content along with the digital signature is transmitted. 4.The receiver decrypts the digital signature by using a public key of a sender. 5.The receiver now has the message or file content and can compute it. 6.Comparing these computed message or file content with the original computed message. The comparison needs to be the same for ensuring integrity. Types of Digital Signature Certified Signatures Visible Digital Signature The certified digital signature documents display a unique blue ribbon across the top of the document. The visible digital signature allows a user to sign a single document digitally. This signature appears on a document in the same way as signatures are signed on a physical document. Approval Signatures Invisible Digital Signature The approval digital signatures on a document can be used in the organization's business workflow. They help to optimize the organization's approval procedure. We can use invisible digital signatures when we do not have or do not want to display our signature but need to provide the authenticity of the document, its integrity, and its origin. Cyber Security Tools PKI Services This tool supports the distribution and identification of public encryption keys. Antivirus Software Antivirus software is a program which is designed to prevent, detect, and remove viruses and other malware attacks on the individual computer, networks, and IT systems. Firewalls The firewalls are used to prevent unauthorized internet users from accessing private networks connected to the Internet. 6 3 2 1 Staff Training Staff training is not a 'cybersecurity tool' but ultimately, having knowledgeable employees who understand the cybersecurity which is one of the strongest forms of defense against cyberattacks 5 TOOLS 4 Penetration Testing Penetration testing, or pen-test, is an important way to evaluate our business's security systems and security of an IT infrastructure by safely trying to exploit vulnerabilities MDR MDR is an advanced security service that provides threat hunting, threat intelligence, security monitoring, incident analysis, and incident response CYBER SECURITY CHALLENGES Ransomware Evolution There are so many challenges related to cybersecurity. Serverless Apps Vulnerability IoT Threats Blockchain Revolution AI Expansion With the increase of the cyber-attacks, every organization needs a security analyst who makes sure that their system is secured. These security analysts face many challenges related to cybersecurity such as securing confidential data of government organizations, securing the private organization servers, etc. RISK ANALYSIS Cyber Security Risk Analysis Risk analysis refers to the review of risks associated with the particular action or event. The risk analysis is applied to information technology, projects, security issues and any other event where risks may be analyzed based on a quantitative and qualitative basis. Risks are part of every IT project and business organizations. The analysis of risk should be occurred on a regular basis and be updated to identify new potential threats. The strategic risk analysis helps to minimize the future risk probability and damage. Steps in the risk analysis process The basic steps followed by a risk analysis process are: • Conduct a risk assessment survey • Identify the risks • Analyze the risks • Develop a risk management plan • Implement the risk management plan • Monitor the risks RISK ANALYSIS TYPES TYPES OF RISK ANALYSIS QUANTITATIVE QUALITATIVE The qualitative risk analysis process is a project management technique that prioritizes risk on the project by assigning the probability and impact number. The objectives of performing quantitative risk analysis process provide a numerical estimate of the overall effect of risk on the project objectives. THANK YOU
