Add to collection(s) Add to saved
  1. No category
Uploaded by IT Assessor

Revision Material unit 2

advertisement 
Revision Material for Cyber Security Learners
1. Cyber Crime Overview
Definition: Criminal activities involving computers and networks.
Examples:
Phishing: Fraudulent attempts to obtain sensitive information.
Hacking: Unauthorized access to data or systems.
Identity Theft: Stealing personal information for fraudulent purposes.
Ransomware: Malware that locks data until a ransom is paid.
DDoS Attacks: Overloading a service with internet traffic to render it unusable.
2. Motives for Specific Cyber Crimes
Inside Threats:
Motives: Financial gain, revenge, espionage, ideological reasons, negligence.
Ransomware:
Motives: Financial gain, disruption, data theft and double extortion.
Phishing:
Motives: Financial gain, identity theft, credential harvesting, spreading malware.
DDoS Attacks:
Motives: Disruption, extortion, ideological reasons, competitive advantage, testing and
demonstration.
3. Types of Attacks
Targeted Attacks:
Characteristics: Specific target, customized techniques, extended duration, sophisticated
methods.
Examples: Spear phishing, APTs, corporate espionage.
Untargeted Attacks:
Characteristics: Broad scope, generic techniques, random victims, automated tools.
Examples: Mass phishing, ransomware campaigns, botnets.
4. Hacking Steps
1. Reconnaissance:
Objective: Gather information about the target.
Methods: Passive (public information) and active (network scanning).
2. Scanning:
Objective: Identify active devices, open ports, and vulnerabilities.
Methods: Network scanning, port scanning, vulnerability scanning.
3. Gaining Access:
Objective: Exploit vulnerabilities to gain unauthorized access.
Methods: Exploitation, brute force.
4. Maintaining Access:
Objective: Ensure continued access to the target system.
Methods: Backdoors, rootkits, Trojan horses.
5. Covering Tracks:
Objective: Remove evidence of the attack.
Methods: Log alteration, clearing files, obfuscation.
6. Exfiltration (Optional):
Objective: Steal data from the target system.
Methods: Data transfer, network sniffing.
7. Post-Exploitation (Optional):
Objective: Further exploit the system.
Methods: Lateral movement, privilege escalation, data manipulation.
5. Common Cyber-Crime Vulnerabilities
Individual:
Weak passwords, phishing attacks, unpatched software, public Wi-Fi, social engineering,
mobile device insecurity, lack of backup.
Business (Including Charity, MNC like NHS, and International Business):
Employee negligence, insufficient security policies, outdated systems, lack of encryption, thirdparty vendors, unsecured networks, insufficient incident response, remote work vulnerabilities.
Nation:
Critical infrastructure weaknesses, government systems, cyber espionage, public awareness and
education, national policies and legislation, lack of collaboration, cyber defense capabilities.
6. Key Organizations in Cyber Security
National Cyber Security Centre (NCSC):
Role: Enhances the UK's cyber defense.
Functions: Guidance, incident response, threat analysis, training.
Government Communications Headquarters (GCHQ):
Role: Protects UK’s national security through intelligence and cyber defense.
Functions: Intelligence gathering, cyber defense, support to law enforcement, R&D.
Information Commissioner’s Office (ICO):
Role: Protects data privacy and enforces data protection laws.
Functions: Compliance with GDPR, investigates breaches, provides guidance.
Europol:
Role: Supports EU countries in fighting serious international crime and cyber crime.
Functions: Intelligence sharing, operational support, coordinates international efforts, training
law enforcement.
7. General Job Functions of Cyber Security Professionals
1. Security Monitoring
Function: Monitor networks and systems for security breaches.
Skills: Communication, analytical skills, IT/digital skills.
2. Incident Response
Function: Handle security incidents like breaches or malware.
Skills: Problem solving, project management, communication.
3. Security Implementation
Function: Design and install security systems.
Skills: IT/digital skills, analytical skills, team working.
4. Risk Management
Function: Identify and mitigate security risks.
Skills: Analytical skills, problem solving, communication.
5. Compliance
Function: Ensure compliance with laws and regulations.
Skills: Analytical skills, communication, project management.
6. Security Training
Function: Educate employees on security practices.
Skills: Communication, IT/digital skills, team working.
8. Summary of Key Skills
Communication: Convey security information clearly.
Analytical Skills: Analyze and interpret security data.
IT/Digital Skills: Use technology for security tasks.
Team Working: Collaborate with others.
Project Management: Organize and oversee projects.
Problem Solving: Address and fix security issues.
Related documents
rtf
rtf
ARTICLE ON CYBER SAFETY
ARTICLE ON CYBER SAFETY
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
Download
advertisement