Uploaded byAbolarinwa
99 views

CYB 102 – Fundamentals of Cyber Security 3.pdf

The document outlines fundamental cybersecurity practices to protect individuals and organizations from threats in cyberspace, highlighting the importance of strong passwords, software updates, and multi-factor authentication. It covers personal cybersecurity tips, the significance of incident response plans, and the incident response team’s structure and roles. Additionally, it emphasizes the need for regular risk management and awareness to mitigate vulnerabilities and enhance online security.

Embed presentation

Download to read offline
CYB 102 – FUNDAMENTALS OF CYBER SECURITY Lecture Note slides Module 3 By
Cybersecurity Best Practices Cyberspace is particularly difficult to secure due to a number of factors: I. the ability of malicious actors to operate from anywhere in the world II. the linkages between cyberspace and physical systems, III. the difficulty of reducing vulnerabilities and consequences in complex cyber networks. Implementing safe cybersecurity best practices is important for individuals as well as organizations of all sizes. ▪ using strong passwords, ▪ updating your software ▪ thinking before you click on suspicious links ▪ turning on multi-factor authentication are the basics of what we call “cyber hygiene” and will drastically improve your online safety..
Personal Cyber Security Tips 1. Keep Your Software Up to Date One of the most important cyber security tips to mitigate ransomware is patching outdated software, both operating system and applications. This helps remove critical vulnerabilities that hackers use to access your devices. Here are a few quick tips to get you started: •Turn on automatic system updates for your device •Make sure your desktop web browser uses automatic security updates •Keep your web browser plugins like Flash, Java, etc. updated
2. Use Anti-Virus Protection & Firewall ▪ Anti-virus (AV) protection software has been the most prevalent solution to fight malicious attacks. ▪ AV software blocks malware and other malicious viruses from entering your device and compromising your data. ▪ Use anti-virus software from trusted vendors and only run one AV tool on your device. Using a firewall is also important when defending your data against malicious attacks. ▪ A firewall helps screen out hackers, viruses, and other malicious activity that occurs over the Internet and determines what traffic is allowed to enter your device. ▪ Windows and Mac OS X come with their respective firewalls, aptly named Windows Firewall and Mac Firewall. Your router should also have a firewall built in to prevent attacks on your network.
3. Use Strong Passwords & Use a Password Management Tool You have probably heard that strong passwords are critical to online security. The truth is passwords are important in keeping hackers out of your data. According to the National Institute of Standards and Technology’s (NIST) 2017 new password policy framework, you should consider: •Dropping the crazy, complex mixture of upper case letters, symbols, and numbers. Instead, opt for something more user-friendly but with at least eight characters and a maximum length of 64 characters. •Don’t use the same password twice. •The password should contain at least one lowercase letter, one uppercase letter, one number, and four symbols but not the following &%#@_ •Choose something that is easy to remember and never leave a password hint out in the open or make it publicly available for hackers to see. •Reset your password when you forget it. But, change it once per year as a general refresh.
4. Use Two-Factor or Multi-Factor Authentication • Two-factor or multi-factor authentication is a service that adds additional layers of security to the standard password method of online identification. • Without two-factor authentication, you would normally enter a username and password. • But, with two-factor, you would be prompted to enter one additional authentication method such as a Personal Identification Code, another password, or even a fingerprint. • With multi-factor authentication, you would be prompted to enter more than two additional authentication methods after entering your username and password. • According to NIST, an SMS delivery should not be used during two-factor authentication because malware can be used to attack mobile phone networks and can compromise data during the process.
5. Learn about Phishing Scams – be very suspicious of emails, phone calls, and flyers In a phishing scheme attempt, the attacker poses as someone or something the sender is not to trick the recipient into: • divulging credentials • clicking a malicious link, • opening an attachment that infects the user’s system with malware, trojan, or zero-day vulnerability exploit. A few important cyber security tips to remember about phishing schemes include: 1. Bottom line – Don’t open emails from people you don’t know. 2. Know which links are safe and which are not – hover over a link to discover where it directs to • Be suspicious of the emails sent to you in general – look and see where it came from and if there are grammatical errors • Malicious links can come from friends who have been infected too. So, be extra careful!
6. Protect Your Sensitive Personal Identifiable Information (PII) • Definition: Personal Identifiable Information (PII) is any information that can be used by a cybercriminal to identify or locate an individual. • PII includes information such as name, address, phone number, date of birth, Social Security Number, IP address, location details, or any other physical or digital identity data. • In the new “always-on” world of social media, you should be very cautious about the information you include online. • It is recommended that you only show the very minimum about yourself on social media. • Consider reviewing your privacy settings across all your social media accounts, particularly Facebook. • Adding your home address, birth date, or any other PII information will dramatically increase your risk of a security breach. Hackers use this information to their advantage!
7. Use Your Mobile Devices Securely According to McAfee Labs, your mobile device is now a target to more than 1.5 million new incidents of mobile malware. Here are some quick tips for mobile device security: 1.Create a Difficult Mobile Passcode – Not Your Birthdate or Bank PIN 2.Install Apps from Trusted Sources 3.Keep Your Device Updated – Hackers Use Vulnerabilities in Unpatched Older Operating Systems 4.Avoid sending PII or sensitive information over text messages or email 5.Leverage Find my iPhone or the Android Device Manager to prevent loss or theft 6.Perform regular mobile backups using iCloud or Enabling Backup & Sync from Android
8. Backup Your Data Regularly • Backing up your data regularly is an overlooked step in personal online security. • The top IT and security managers follow a simple rule called the 3-2-1 backup rule. • Essentially, you will keep three copies of your data on two different types of media (local and external hard drive) and one copy in an off- site location (cloud storage). • If you become a victim of ransomware or malware, the only way to restore your data is to erase your systems and restore with a recently performed backup.
9. Don’t Use Public Wi-Fi • Don’t use public Wi-Fi without using a Virtual Private Network (VPN). • By using VPN software, the traffic between your device and the VPN server is encrypted. • This means it’s much more difficult for a cybercriminal to obtain access to your data on your device. • Use your cell network if you don’t have a VPN when security is important.
10. Review Your Online Accounts & Credit Reports Regularly for Changes • With the recent Equifax breach, it’s more important than ever for consumers to safeguard their online accounts and monitor their credit reports. • A credit freeze is the most effective way for you to protect your personal credit information from cyber criminals right now. • Essentially, it allows you to lock your credit and use a personal identification number (PIN) that only you will know. • You can then use this PIN when you need to apply for credit.
Top Causes of Security Breaches • Hacking, phishing, and malware incidents are becoming the number one cause of security breaches today. • But, what’s more troubling, these hacking attempts are the result of human errors in some way. • Education and awareness are critically important in the fight against cybercriminal activity and in preventing security breaches.
Security testing Definition: This is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. • Due to the logical limitations of security testing, passing the security testing process is not an indication that no flaws exist or that the system adequately satisfies the security requirements. • Typical security requirements may include specific elements of confidentiality, integrity, authentication, availability, authorization, and non-repudiation. • Actual security requirements tested depend on the security requirements implemented by the system. • Security testing as a term that has a number of different meanings and can be completed in a number of different ways. • As such, a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from.
Taxonomy Common terms used for the delivery of security testing 1. Discovery • The purpose of this stage is to identify systems within the scope and the services in use. • It is not intended to discover vulnerabilities • but version detection may highlight depreciated versions of software/firmware • thus indicating potential vulnerabilities. 2. Vulnerability Scan • Following the discovery stage this looks for known security issues by using automated tools to match conditions with known vulnerabilities. • The reported risk level is set automatically by the tool with no manual verification or interpretation by the test vendor. • This can be supplemented with credential-based scanning that looks to remove some common false positives by using supplied credentials to authenticate with a service (such as local Windows accounts).
3. Vulnerability Assessment • This uses discovery and vulnerability scanning to identify security vulnerabilities and places the findings into the context of the environment under test. • An example would be removing common false positives from the report and deciding risk levels that should be applied to each report finding to improve business understanding and context. 4. Security Assessment • Builds upon Vulnerability Assessment by adding manual verification to confirm exposure, but does not include the exploitation of vulnerabilities to gain further access. • Verification could be in the form of authorized access to a system to confirm system settings and involve examining logs, system responses, error messages, codes, etc. • A Security Assessment is looking to gain a broad coverage of the systems under test but not the depth of exposure that a specific vulnerability could lead to.
5. Penetration Test ▪ Penetration test simulates an attack by a malicious party. ▪ Building on the previous stages involves the exploitation of found vulnerabilities to gain further access. ▪ Using this approach will result in an understanding of the ability of an attacker to gain access to confidential information, affect data integrity or availability of a service, and the respective impact. ▪ Each test is approached using a consistent and complete methodology in a way that allows the tester to use their problem-solving abilities. ▪ The output from a range of tools and their own knowledge of networking and systems to find vulnerabilities that would/ could not be identified by automated tools. ▪ This approach looks at the depth of attack as compared to the Security Assessment approach which looks at the broader coverage.
6. Security Audit • Driven by an Audit / Risk function to look at a specific control or compliance issue. • Characterized by a narrow scope, this type of engagement could make use of any of the earlier approaches discussed. 7. Security Review • Verification that industry or internal security standards have been applied to system components or products. • This is typically completed through gap analysis and utilizes build/code reviews or by reviewing design documents and architecture diagrams. • This activity does not utilize any of the earlier approaches (Vulnerability Assessment, Security Assessment, Penetration Test, Security Audit)
Incident Response • Definition: Incident response is an organized, strategic approach to detecting and managing cyber attacks in ways that minimize damage, recovery time, and total costs. • Strictly speaking, incident response is a subset of incident management. • Incident management is an umbrella term for an enterprise's broad handling of cyber attacks, involving diverse stakeholders from the executive, legal, Human Resources (HR), communications, and information technology (IT) teams. • Incident response is part of incident management that handles technical cybersecurity tasks and considerations
Types of Security Incidents • In developing incident response strategies, it's important to first understand how security vulnerabilities, threats, and incidents related. • A vulnerability is a weakness in the IT or business environment. • A threat is an entity -- whether a malicious hacker or a company insider -- that aims to exploit a vulnerability in an attack. • To qualify as an incident, an attack must succeed in accessing enterprise resources or in otherwise putting them at risk. • Finally, a data breach is an incident in which attackers successfully compromise sensitive information, such as personally identifiable information or intellectual property
• When it comes to cybersecurity, an ounce of prevention is worth a pound of cure. • Experts say organizations should fix known vulnerabilities and proactively develop response strategies for dealing with common security incidents. These include the following: • Unauthorized attempts to access systems or data. • Privilege escalation attacks • Insider threats • Phishing attacks • Malware attacks • Denial-of-service (DoS) attacks • Man-in-the-middle attacks • Password attacks • Web application attacks • Advanced persistent threats
What is an incident response plan? An incident response plan is an organization's go-to set of documentation that details the following: •What: Which threats, exploits, and situations qualify as actionable security incidents, and what to do when they occur. •Who: In the event of a security incident, who is responsible for which tasks, and how others can contact them. •When: Under what circumstances team members should perform certain tasks. •How: Specifically how team members should complete those tasks.
How to create an incident response plan Successful incident response requires proactively drafting, vetting, and testing plans before crisis strikes. Best practices include the following: 1.Establish a policy. An incident remediation and response policy should be an evergreen document describing general, high-level incident-handling priorities. A good policy empowers incident responders and guides them in making sound decisions when the proverbial excrement hits the fan. 2.Build an incident response team. An incident response plan is only as strong as the people involved. Establish who will handle which tasks, and ensure everyone has adequate training to fulfill their roles and responsibilities. 3.Create playbooks. Playbooks are the lifeblood of incident response. While an incident response policy offers a high-level view, playbooks get into the weeds, outlining standardized, step-by-step actions responders should take in specific scenarios. 4. Create a communication plan. An incident response plan can not succeed without a solid communication plan among diverse stakeholders. These may include the incident response, executive, communications, legal, and HR teams, as well as customers, third-party partners, law enforcement, and the general public.
Incident response frameworks: Phases of incident response ▪ Preparation/planning. Build an incident response team and create policies, processes and playbooks; deploy tools and services to support incident response. ▪ Detection/identification. Use IT monitoring to detect, evaluate, validate and triage security incidents. ▪ Containment. Take steps to stop an incident from worsening and regain control of IT resources. ▪ Eradication. Eliminate threat activity, including malware and malicious user accounts; identify any vulnerabilities the attackers exploited. ▪ Recovery. Restore normal operations and mitigate relevant vulnerabilities. ▪ Lessons learned. Review the incident to establish what happened, when it happened and how it happened. Flag security controls, policies and procedures that functioned sub-optimally and identify ways to improve them. Update the incident response plan accordingly.
Who is responsible for incident response? Behind every great incident response program is a coordinated, efficient, and effective incident response team. After all, without the right people to support them and put them into practice, security policies, processes, and tools mean very little. This cross-functional group consists of people from diverse parts of the organization who are responsible for completing the steps and processes involved in incident response. Types of incident response teams The three most common types of incident response teams are as follows: •Computer security incident response team (CSIRT). •Computer incident response team (CIRT). •Computer emergency response team (CERT).
Incident response team members An incident response team consists of the following members: •Technical team. This is the core incident response team of IT and security members who have technical expertise across company systems. It often includes an incident response manager, incident response coordinator, team lead, security analysts, incident responders, threat researchers and forensics analysts. •Executive sponsor. This is an executive or board member, often the CSO or CISO. •Communications team. This includes PR representatives and others who manage internal and external communications. •External stakeholders. Members include other employees or departments within the organization, such as IT, legal or general counsel, human resources (HR), business continuity and disaster recovery, physical security, and facilities teams. •Third parties. These external members might include security or incident response consultants, external legal representation, MSPs, managed security service providers, cloud service providers (CSPs), vendors and partners.
What does an incident response team do? The chief goals of an incident response team are to detect and respond to security events and minimize their business impact. As such, team responsibilities largely align with the phases outlined in an incident response framework and plan. Team tasks include the following: • Prepare for and prevent security incidents. • Create the incident response plan. • Test, update and manage the incident response plan before use. • Perform incident response tabletop exercises. • Develop metrics to analyze program initiatives. • Identify security events • Contain security events, quarantine threats and isolate systems. • Eradicate threats, discover root causes and remove affected systems from production environments. • Recover from threats and get affected systems back online.
• Contain security events, quarantine threats and isolate systems. • Eradicate threats, discover root causes and remove affected systems from production environments. • Recover from threats and get affected systems back online. • Conduct follow-up activities, including documentation, incident analysis and identifying how to prevent similar events and improve future response efforts. • Review and update the incident response plan regularly.
Risk Management ▪ Definition: Cybersecurity risk management is the process of identifying an organization's digital assets, reviewing existing security measures, and implementing solutions to either continue what works or mitigate security risks that may pose threats to a business. Cybersecurity Risk Management Process • Cyberattacks are not random. If you know where to look, there are usually signs of a planned attack against an organization. • Telltale markers of an imminent attack include mentions of the organization on the dark web the registration of similar domain names to be used for phishing attacks, and confidential information - such as user account credentials - put up for sale.
Cybersecurity Risk Management Strategy ➢ A cybersecurity risk management strategy implements four quadrants that deliver comprehensive and continuous Digital Risk Protection (DPR). ➢ DRP platforms use multiple reconnaissance methods to find, track, and analyze threats in real-time. ➢ Using both indicators of compromise (IOCs) and indicators of attack (IOAs) intelligence, a DRP solution can analyze risks and warn of attacks. Let's take a look at the four quadrants: • Map - Discover and map all digital assets to quantify the attack surface. Use the map as a foundation to monitor cybercriminal activity. • Monitor - Search the public and dark web for threat references to your digital assets. Translate found threats to actionable intelligence. • Mitigate - Automated actions to block and remove identified threats to digital assets. Includes integration with other security initiatives in place. • Manage - Manage the process used in Map, Manage, and Mitigate quadrants. Enriching IOCs and prioritizing vulnerabilities in this step is also essential to successful digital risk protection.
What are the Benefits of Cybersecurity Risk Management? ➢ Implementing cybersecurity risk management ensures cybersecurity is not relegated to an afterthought in the daily operations of an organization. ➢ Having a cybersecurity risk management strategy in place also ensures that procedures and policies are followed at set intervals and that security is kept up to date. ➢ Cybersecurity Risk Management provides ongoing monitoring, identification, and mitigation of the following threats: ▪ Phishing Detection ▪ VIP and Executive Protection ▪ Brand Protection ▪ Fraud Protection ▪ Sensitive Data Leakage Monitoring ▪ Dark Web Activity
▪ Automated Threat Mitigation ▪ Leaked Credentials Monitoring ▪ Malicious Mobile App Identification ▪ Supply Chain Risks
Why is Cybersecurity Risk Management Important? ➢ Cybersecurity risk management is important because it helps a business assess its current cybersecurity risk profile. ➢ Cybersecurity risk management is also important because it helps to bring about situational awareness within a security organization. ➢ It's essential to have a clear understanding of the risks in your organization and those that might arise in the future

More Related Content

PPTX
Cyber security-1.pptx
byCharithraaAR
 
PPTX
1.2 Best Practices of Cyber Security sbk.pptx
byuditmohanraj
 
PPTX
infosecurity & Cyber Sec 2025 September for deep.pptx
bymsrehan
 
PPTX
Protect Your Computer From Viruses, Hackers,.pptx
byanovalexter
 
PDF
Cyber Law & Forensics
byHarshita Ved
 
PDF
Cybersecurity Awareness Month Tips
byKevin Fream
 
PPTX
Personal cyber security tips remote work
byChinmayee Behera
 
PDF
Document safer online for nonprofits guide
byNguyen Xuan Quang
 
Cyber security-1.pptx
byCharithraaAR
 
1.2 Best Practices of Cyber Security sbk.pptx
byuditmohanraj
 
infosecurity & Cyber Sec 2025 September for deep.pptx
bymsrehan
 
Protect Your Computer From Viruses, Hackers,.pptx
byanovalexter
 
Cyber Law & Forensics
byHarshita Ved
 
Cybersecurity Awareness Month Tips
byKevin Fream
 
Personal cyber security tips remote work
byChinmayee Behera
 
Document safer online for nonprofits guide
byNguyen Xuan Quang
 

Similar to CYB 102 – Fundamentals of Cyber Security 3.pdf

PPTX
Lecture 3 security threats in data analysis.pptx
bychesenybrian2022
 
PPTX
Cyber security
byZwebaButt
 
PPTX
Cyberattacks.pptx
bySonakshiMundra
 
PPTX
Can your company survive a modern day cyber attack?
bySymptai Consulting Limited
 
PDF
10 most important cyber security tips for your users
bySimpliv LLC
 
PPTX
TheCyberThreatAndYou2_deck.pptx
byKevinRiley83
 
PPT
Cyber security and safety
byDooremoore
 
PPTX
Security_Tips_Presentation .pptx
byazariahvogler3
 
PPTX
Cyber Security and Data Privacy in Information Systems.pptx
byRoshni814224
 
PDF
Cybersecurity awareness.pdf
byCRO Cyber Rights Organization
 
PPT
Securitytips
bySantosh Khadsare
 
PPTX
Cybersecurity Awareness Theme-PowerPoint-Templates (1).pptx
bygatuskevin
 
PPTX
CYBER SECURITY AWARENESS.pptx
byTapan Khilar
 
PPTX
Top practices in cybersecurity and awareness
byXQm7md
 
PPTX
a95c71a7e997e3c9adfrtreeweewerdfrtfd.pptx
byDeepakKumarKashyap9
 
PPT
Online Self Defense
byBarry Caplin
 
PDF
Mc physics colloquium2018-03-30.-handouts
byKevin Wall
 
PDF
Introduction to information security
byHarish Jangid
 
PPTX
ISSA - Security Awareness 2016-1
byPedro Serrano
 
PPTX
2016 Secure World Expo - Security Awareness
byPedro Serrano
 
Lecture 3 security threats in data analysis.pptx
bychesenybrian2022
 
Cyber security
byZwebaButt
 
Cyberattacks.pptx
bySonakshiMundra
 
Can your company survive a modern day cyber attack?
bySymptai Consulting Limited
 
10 most important cyber security tips for your users
bySimpliv LLC
 
TheCyberThreatAndYou2_deck.pptx
byKevinRiley83
 
Cyber security and safety
byDooremoore
 
Security_Tips_Presentation .pptx
byazariahvogler3
 
Cyber Security and Data Privacy in Information Systems.pptx
byRoshni814224
 
Cybersecurity awareness.pdf
byCRO Cyber Rights Organization
 
Securitytips
bySantosh Khadsare
 
Cybersecurity Awareness Theme-PowerPoint-Templates (1).pptx
bygatuskevin
 
CYBER SECURITY AWARENESS.pptx
byTapan Khilar
 
Top practices in cybersecurity and awareness
byXQm7md
 
a95c71a7e997e3c9adfrtreeweewerdfrtfd.pptx
byDeepakKumarKashyap9
 
Online Self Defense
byBarry Caplin
 
Mc physics colloquium2018-03-30.-handouts
byKevin Wall
 
Introduction to information security
byHarish Jangid
 
ISSA - Security Awareness 2016-1
byPedro Serrano
 
2016 Secure World Expo - Security Awareness
byPedro Serrano
 

More from Abolarinwa

PDF
CYB 102 – Fundamentals of Cyber Security 3.pdf
byAbolarinwa
 
PDF
CYB 102 – Fundamentals of Cyber Security .pdf
byAbolarinwa
 
PDF
CYB 102 – Fundamentals of Cyber Security 2.pdf
byAbolarinwa
 
PDF
CYB 102 – Fundamentals of Cyber Security 2.pdf
byAbolarinwa
 
PDF
CYB 102 – Fundamentals of Cyber Security 4.pdf
byAbolarinwa
 
PPTX
Introduction to Cryptography CYB 303.pptx
byAbolarinwa
 
PDF
lecture notes on Introduction to Software Engineering CSC 209 .pdf
byAbolarinwa
 
PDF
COMPUTER SCIENCE COURSE 204 COMPILER CONSTRUCTION,.pdf
byAbolarinwa
 
PDF
CYB 102 – Fundamentals of Cyber Security 4.pdf
byAbolarinwa
 
CYB 102 – Fundamentals of Cyber Security 3.pdf
byAbolarinwa
 
CYB 102 – Fundamentals of Cyber Security .pdf
byAbolarinwa
 
CYB 102 – Fundamentals of Cyber Security 2.pdf
byAbolarinwa
 
CYB 102 – Fundamentals of Cyber Security 2.pdf
byAbolarinwa
 
CYB 102 – Fundamentals of Cyber Security 4.pdf
byAbolarinwa
 
Introduction to Cryptography CYB 303.pptx
byAbolarinwa
 
lecture notes on Introduction to Software Engineering CSC 209 .pdf
byAbolarinwa
 
COMPUTER SCIENCE COURSE 204 COMPILER CONSTRUCTION,.pdf
byAbolarinwa
 
CYB 102 – Fundamentals of Cyber Security 4.pdf
byAbolarinwa
 

Recently uploaded

PPTX
Security information presentation and its importance
bybilalkingqwq
 
PPTX
computer and Technical support to maintain
byhailuatnafu62
 
PPTX
Ixkxxjxjxlxkxlkzkzjzjxhxjkxkzzjbxhxkxjxxv
bypythonp121
 
PDF
Project Brainfog: Beyond the Facade - Exposing Smart Giants
byZero Science Lab
 
PPTX
CEIS114 Final Course Project Template_New.pptx
bylauramccall10
 
PPTX
Internet of Communicating Things (IoCT).pptx
byVishal Garg
 
PDF
GPU, HBM, DDR4/DDR5, DRAM Is The New Gold
byVladislav Solodkiy
 
PDF
Black and Grey 3D Shapes How TCP/IP Works Presentation.pdf
byrk42vd8ydw
 
PPTX
Java_Inheritance_Types_With_Examples.pptx
byharry77pq
 
Security information presentation and its importance
bybilalkingqwq
 
computer and Technical support to maintain
byhailuatnafu62
 
Ixkxxjxjxlxkxlkzkzjzjxhxjkxkzzjbxhxkxjxxv
bypythonp121
 
Project Brainfog: Beyond the Facade - Exposing Smart Giants
byZero Science Lab
 
CEIS114 Final Course Project Template_New.pptx
bylauramccall10
 
Internet of Communicating Things (IoCT).pptx
byVishal Garg
 
GPU, HBM, DDR4/DDR5, DRAM Is The New Gold
byVladislav Solodkiy
 
Black and Grey 3D Shapes How TCP/IP Works Presentation.pdf
byrk42vd8ydw
 
Java_Inheritance_Types_With_Examples.pptx
byharry77pq
 

CYB 102 – Fundamentals of Cyber Security 3.pdf

  • 1.
    CYB 102 –FUNDAMENTALS OF CYBER SECURITY Lecture Note slides Module 3 By
  • 2.
    Cybersecurity Best Practices Cyberspaceis particularly difficult to secure due to a number of factors: I. the ability of malicious actors to operate from anywhere in the world II. the linkages between cyberspace and physical systems, III. the difficulty of reducing vulnerabilities and consequences in complex cyber networks. Implementing safe cybersecurity best practices is important for individuals as well as organizations of all sizes. ▪ using strong passwords, ▪ updating your software ▪ thinking before you click on suspicious links ▪ turning on multi-factor authentication are the basics of what we call “cyber hygiene” and will drastically improve your online safety..
  • 3.
    Personal Cyber SecurityTips 1. Keep Your Software Up to Date One of the most important cyber security tips to mitigate ransomware is patching outdated software, both operating system and applications. This helps remove critical vulnerabilities that hackers use to access your devices. Here are a few quick tips to get you started: •Turn on automatic system updates for your device •Make sure your desktop web browser uses automatic security updates •Keep your web browser plugins like Flash, Java, etc. updated
  • 4.
    2. Use Anti-VirusProtection & Firewall ▪ Anti-virus (AV) protection software has been the most prevalent solution to fight malicious attacks. ▪ AV software blocks malware and other malicious viruses from entering your device and compromising your data. ▪ Use anti-virus software from trusted vendors and only run one AV tool on your device. Using a firewall is also important when defending your data against malicious attacks. ▪ A firewall helps screen out hackers, viruses, and other malicious activity that occurs over the Internet and determines what traffic is allowed to enter your device. ▪ Windows and Mac OS X come with their respective firewalls, aptly named Windows Firewall and Mac Firewall. Your router should also have a firewall built in to prevent attacks on your network.
  • 5.
    3. Use StrongPasswords & Use a Password Management Tool You have probably heard that strong passwords are critical to online security. The truth is passwords are important in keeping hackers out of your data. According to the National Institute of Standards and Technology’s (NIST) 2017 new password policy framework, you should consider: •Dropping the crazy, complex mixture of upper case letters, symbols, and numbers. Instead, opt for something more user-friendly but with at least eight characters and a maximum length of 64 characters. •Don’t use the same password twice. •The password should contain at least one lowercase letter, one uppercase letter, one number, and four symbols but not the following &%#@_ •Choose something that is easy to remember and never leave a password hint out in the open or make it publicly available for hackers to see. •Reset your password when you forget it. But, change it once per year as a general refresh.
  • 6.
    4. Use Two-Factoror Multi-Factor Authentication • Two-factor or multi-factor authentication is a service that adds additional layers of security to the standard password method of online identification. • Without two-factor authentication, you would normally enter a username and password. • But, with two-factor, you would be prompted to enter one additional authentication method such as a Personal Identification Code, another password, or even a fingerprint. • With multi-factor authentication, you would be prompted to enter more than two additional authentication methods after entering your username and password. • According to NIST, an SMS delivery should not be used during two-factor authentication because malware can be used to attack mobile phone networks and can compromise data during the process.
  • 7.
    5. Learn aboutPhishing Scams – be very suspicious of emails, phone calls, and flyers In a phishing scheme attempt, the attacker poses as someone or something the sender is not to trick the recipient into: • divulging credentials • clicking a malicious link, • opening an attachment that infects the user’s system with malware, trojan, or zero-day vulnerability exploit. A few important cyber security tips to remember about phishing schemes include: 1. Bottom line – Don’t open emails from people you don’t know. 2. Know which links are safe and which are not – hover over a link to discover where it directs to • Be suspicious of the emails sent to you in general – look and see where it came from and if there are grammatical errors • Malicious links can come from friends who have been infected too. So, be extra careful!
  • 8.
    6. Protect YourSensitive Personal Identifiable Information (PII) • Definition: Personal Identifiable Information (PII) is any information that can be used by a cybercriminal to identify or locate an individual. • PII includes information such as name, address, phone number, date of birth, Social Security Number, IP address, location details, or any other physical or digital identity data. • In the new “always-on” world of social media, you should be very cautious about the information you include online. • It is recommended that you only show the very minimum about yourself on social media. • Consider reviewing your privacy settings across all your social media accounts, particularly Facebook. • Adding your home address, birth date, or any other PII information will dramatically increase your risk of a security breach. Hackers use this information to their advantage!
  • 9.
    7. Use YourMobile Devices Securely According to McAfee Labs, your mobile device is now a target to more than 1.5 million new incidents of mobile malware. Here are some quick tips for mobile device security: 1.Create a Difficult Mobile Passcode – Not Your Birthdate or Bank PIN 2.Install Apps from Trusted Sources 3.Keep Your Device Updated – Hackers Use Vulnerabilities in Unpatched Older Operating Systems 4.Avoid sending PII or sensitive information over text messages or email 5.Leverage Find my iPhone or the Android Device Manager to prevent loss or theft 6.Perform regular mobile backups using iCloud or Enabling Backup & Sync from Android
  • 10.
    8. Backup YourData Regularly • Backing up your data regularly is an overlooked step in personal online security. • The top IT and security managers follow a simple rule called the 3-2-1 backup rule. • Essentially, you will keep three copies of your data on two different types of media (local and external hard drive) and one copy in an off- site location (cloud storage). • If you become a victim of ransomware or malware, the only way to restore your data is to erase your systems and restore with a recently performed backup.
  • 11.
    9. Don’t UsePublic Wi-Fi • Don’t use public Wi-Fi without using a Virtual Private Network (VPN). • By using VPN software, the traffic between your device and the VPN server is encrypted. • This means it’s much more difficult for a cybercriminal to obtain access to your data on your device. • Use your cell network if you don’t have a VPN when security is important.
  • 12.
    10. Review YourOnline Accounts & Credit Reports Regularly for Changes • With the recent Equifax breach, it’s more important than ever for consumers to safeguard their online accounts and monitor their credit reports. • A credit freeze is the most effective way for you to protect your personal credit information from cyber criminals right now. • Essentially, it allows you to lock your credit and use a personal identification number (PIN) that only you will know. • You can then use this PIN when you need to apply for credit.
  • 13.
    Top Causes ofSecurity Breaches • Hacking, phishing, and malware incidents are becoming the number one cause of security breaches today. • But, what’s more troubling, these hacking attempts are the result of human errors in some way. • Education and awareness are critically important in the fight against cybercriminal activity and in preventing security breaches.
  • 14.
    Security testing Definition: Thisis a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. • Due to the logical limitations of security testing, passing the security testing process is not an indication that no flaws exist or that the system adequately satisfies the security requirements. • Typical security requirements may include specific elements of confidentiality, integrity, authentication, availability, authorization, and non-repudiation. • Actual security requirements tested depend on the security requirements implemented by the system. • Security testing as a term that has a number of different meanings and can be completed in a number of different ways. • As such, a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from.
  • 15.
    Taxonomy Common terms usedfor the delivery of security testing 1. Discovery • The purpose of this stage is to identify systems within the scope and the services in use. • It is not intended to discover vulnerabilities • but version detection may highlight depreciated versions of software/firmware • thus indicating potential vulnerabilities. 2. Vulnerability Scan • Following the discovery stage this looks for known security issues by using automated tools to match conditions with known vulnerabilities. • The reported risk level is set automatically by the tool with no manual verification or interpretation by the test vendor. • This can be supplemented with credential-based scanning that looks to remove some common false positives by using supplied credentials to authenticate with a service (such as local Windows accounts).
  • 16.
    3. Vulnerability Assessment •This uses discovery and vulnerability scanning to identify security vulnerabilities and places the findings into the context of the environment under test. • An example would be removing common false positives from the report and deciding risk levels that should be applied to each report finding to improve business understanding and context. 4. Security Assessment • Builds upon Vulnerability Assessment by adding manual verification to confirm exposure, but does not include the exploitation of vulnerabilities to gain further access. • Verification could be in the form of authorized access to a system to confirm system settings and involve examining logs, system responses, error messages, codes, etc. • A Security Assessment is looking to gain a broad coverage of the systems under test but not the depth of exposure that a specific vulnerability could lead to.
  • 17.
    5. Penetration Test ▪Penetration test simulates an attack by a malicious party. ▪ Building on the previous stages involves the exploitation of found vulnerabilities to gain further access. ▪ Using this approach will result in an understanding of the ability of an attacker to gain access to confidential information, affect data integrity or availability of a service, and the respective impact. ▪ Each test is approached using a consistent and complete methodology in a way that allows the tester to use their problem-solving abilities. ▪ The output from a range of tools and their own knowledge of networking and systems to find vulnerabilities that would/ could not be identified by automated tools. ▪ This approach looks at the depth of attack as compared to the Security Assessment approach which looks at the broader coverage.
  • 18.
    6. Security Audit •Driven by an Audit / Risk function to look at a specific control or compliance issue. • Characterized by a narrow scope, this type of engagement could make use of any of the earlier approaches discussed. 7. Security Review • Verification that industry or internal security standards have been applied to system components or products. • This is typically completed through gap analysis and utilizes build/code reviews or by reviewing design documents and architecture diagrams. • This activity does not utilize any of the earlier approaches (Vulnerability Assessment, Security Assessment, Penetration Test, Security Audit)
  • 19.
    Incident Response • Definition:Incident response is an organized, strategic approach to detecting and managing cyber attacks in ways that minimize damage, recovery time, and total costs. • Strictly speaking, incident response is a subset of incident management. • Incident management is an umbrella term for an enterprise's broad handling of cyber attacks, involving diverse stakeholders from the executive, legal, Human Resources (HR), communications, and information technology (IT) teams. • Incident response is part of incident management that handles technical cybersecurity tasks and considerations
  • 20.
    Types of SecurityIncidents • In developing incident response strategies, it's important to first understand how security vulnerabilities, threats, and incidents related. • A vulnerability is a weakness in the IT or business environment. • A threat is an entity -- whether a malicious hacker or a company insider -- that aims to exploit a vulnerability in an attack. • To qualify as an incident, an attack must succeed in accessing enterprise resources or in otherwise putting them at risk. • Finally, a data breach is an incident in which attackers successfully compromise sensitive information, such as personally identifiable information or intellectual property
  • 21.
    • When itcomes to cybersecurity, an ounce of prevention is worth a pound of cure. • Experts say organizations should fix known vulnerabilities and proactively develop response strategies for dealing with common security incidents. These include the following: • Unauthorized attempts to access systems or data. • Privilege escalation attacks • Insider threats • Phishing attacks • Malware attacks • Denial-of-service (DoS) attacks • Man-in-the-middle attacks • Password attacks • Web application attacks • Advanced persistent threats
  • 22.
    What is anincident response plan? An incident response plan is an organization's go-to set of documentation that details the following: •What: Which threats, exploits, and situations qualify as actionable security incidents, and what to do when they occur. •Who: In the event of a security incident, who is responsible for which tasks, and how others can contact them. •When: Under what circumstances team members should perform certain tasks. •How: Specifically how team members should complete those tasks.
  • 23.
    How to createan incident response plan Successful incident response requires proactively drafting, vetting, and testing plans before crisis strikes. Best practices include the following: 1.Establish a policy. An incident remediation and response policy should be an evergreen document describing general, high-level incident-handling priorities. A good policy empowers incident responders and guides them in making sound decisions when the proverbial excrement hits the fan. 2.Build an incident response team. An incident response plan is only as strong as the people involved. Establish who will handle which tasks, and ensure everyone has adequate training to fulfill their roles and responsibilities. 3.Create playbooks. Playbooks are the lifeblood of incident response. While an incident response policy offers a high-level view, playbooks get into the weeds, outlining standardized, step-by-step actions responders should take in specific scenarios. 4. Create a communication plan. An incident response plan can not succeed without a solid communication plan among diverse stakeholders. These may include the incident response, executive, communications, legal, and HR teams, as well as customers, third-party partners, law enforcement, and the general public.
  • 24.
    Incident response frameworks:Phases of incident response ▪ Preparation/planning. Build an incident response team and create policies, processes and playbooks; deploy tools and services to support incident response. ▪ Detection/identification. Use IT monitoring to detect, evaluate, validate and triage security incidents. ▪ Containment. Take steps to stop an incident from worsening and regain control of IT resources. ▪ Eradication. Eliminate threat activity, including malware and malicious user accounts; identify any vulnerabilities the attackers exploited. ▪ Recovery. Restore normal operations and mitigate relevant vulnerabilities. ▪ Lessons learned. Review the incident to establish what happened, when it happened and how it happened. Flag security controls, policies and procedures that functioned sub-optimally and identify ways to improve them. Update the incident response plan accordingly.
  • 25.
    Who is responsiblefor incident response? Behind every great incident response program is a coordinated, efficient, and effective incident response team. After all, without the right people to support them and put them into practice, security policies, processes, and tools mean very little. This cross-functional group consists of people from diverse parts of the organization who are responsible for completing the steps and processes involved in incident response. Types of incident response teams The three most common types of incident response teams are as follows: •Computer security incident response team (CSIRT). •Computer incident response team (CIRT). •Computer emergency response team (CERT).
  • 26.
    Incident response teammembers An incident response team consists of the following members: •Technical team. This is the core incident response team of IT and security members who have technical expertise across company systems. It often includes an incident response manager, incident response coordinator, team lead, security analysts, incident responders, threat researchers and forensics analysts. •Executive sponsor. This is an executive or board member, often the CSO or CISO. •Communications team. This includes PR representatives and others who manage internal and external communications. •External stakeholders. Members include other employees or departments within the organization, such as IT, legal or general counsel, human resources (HR), business continuity and disaster recovery, physical security, and facilities teams. •Third parties. These external members might include security or incident response consultants, external legal representation, MSPs, managed security service providers, cloud service providers (CSPs), vendors and partners.
  • 27.
    What does anincident response team do? The chief goals of an incident response team are to detect and respond to security events and minimize their business impact. As such, team responsibilities largely align with the phases outlined in an incident response framework and plan. Team tasks include the following: • Prepare for and prevent security incidents. • Create the incident response plan. • Test, update and manage the incident response plan before use. • Perform incident response tabletop exercises. • Develop metrics to analyze program initiatives. • Identify security events • Contain security events, quarantine threats and isolate systems. • Eradicate threats, discover root causes and remove affected systems from production environments. • Recover from threats and get affected systems back online.
  • 28.
    • Contain securityevents, quarantine threats and isolate systems. • Eradicate threats, discover root causes and remove affected systems from production environments. • Recover from threats and get affected systems back online. • Conduct follow-up activities, including documentation, incident analysis and identifying how to prevent similar events and improve future response efforts. • Review and update the incident response plan regularly.
  • 29.
    Risk Management ▪ Definition:Cybersecurity risk management is the process of identifying an organization's digital assets, reviewing existing security measures, and implementing solutions to either continue what works or mitigate security risks that may pose threats to a business. Cybersecurity Risk Management Process • Cyberattacks are not random. If you know where to look, there are usually signs of a planned attack against an organization. • Telltale markers of an imminent attack include mentions of the organization on the dark web the registration of similar domain names to be used for phishing attacks, and confidential information - such as user account credentials - put up for sale.
  • 30.
    Cybersecurity Risk ManagementStrategy ➢ A cybersecurity risk management strategy implements four quadrants that deliver comprehensive and continuous Digital Risk Protection (DPR). ➢ DRP platforms use multiple reconnaissance methods to find, track, and analyze threats in real-time. ➢ Using both indicators of compromise (IOCs) and indicators of attack (IOAs) intelligence, a DRP solution can analyze risks and warn of attacks. Let's take a look at the four quadrants: • Map - Discover and map all digital assets to quantify the attack surface. Use the map as a foundation to monitor cybercriminal activity. • Monitor - Search the public and dark web for threat references to your digital assets. Translate found threats to actionable intelligence. • Mitigate - Automated actions to block and remove identified threats to digital assets. Includes integration with other security initiatives in place. • Manage - Manage the process used in Map, Manage, and Mitigate quadrants. Enriching IOCs and prioritizing vulnerabilities in this step is also essential to successful digital risk protection.
  • 31.
    What are theBenefits of Cybersecurity Risk Management? ➢ Implementing cybersecurity risk management ensures cybersecurity is not relegated to an afterthought in the daily operations of an organization. ➢ Having a cybersecurity risk management strategy in place also ensures that procedures and policies are followed at set intervals and that security is kept up to date. ➢ Cybersecurity Risk Management provides ongoing monitoring, identification, and mitigation of the following threats: ▪ Phishing Detection ▪ VIP and Executive Protection ▪ Brand Protection ▪ Fraud Protection ▪ Sensitive Data Leakage Monitoring ▪ Dark Web Activity
  • 32.
    ▪ Automated ThreatMitigation ▪ Leaked Credentials Monitoring ▪ Malicious Mobile App Identification ▪ Supply Chain Risks
  • 33.
    Why is CybersecurityRisk Management Important? ➢ Cybersecurity risk management is important because it helps a business assess its current cybersecurity risk profile. ➢ Cybersecurity risk management is also important because it helps to bring about situational awareness within a security organization. ➢ It's essential to have a clear understanding of the risks in your organization and those that might arise in the future