# Cybersecurity Lecture Notes

## 1. **Introduction to Cybersecurity**
Cybersecurity is the practice of protecting systems, networks, and data from
digital threats, attacks, or unauthorized access. With the increasing reliance on
digital platforms, cybersecurity is critical to safeguard sensitive information,
ensure privacy, and maintain system integrity.

### Key Objectives:

- Protect confidentiality, integrity, and availability (CIA) of information.
- Prevent unauthorized access and data breaches.
- Respond to and mitigate cyber threats and attacks.
- Ensure business continuity and compliance with legal/regulatory requirements.

---

## 2. **The Core Principles of Cybersecurity (CIA Triad)**

### a. **Confidentiality**
Ensures that data is only accessible to authorized users or systems and protected
from unauthorized access.
- **Examples:** Encryption, multi-factor authentication (MFA), secure file
permissions.

### b. **Integrity**
Ensures that data is accurate, consistent, and unaltered during transmission or
storage.
- **Examples:** Hashing, checksums, digital signatures.

### c. **Availability**
Ensures that systems, networks, and data are accessible and functional when needed.
- **Examples:** Redundancy, load balancing, backup systems, disaster recovery.

---

## 3. **Common Types of Cyber Threats**

### a. **Malware**
Malicious software designed to damage or gain unauthorized access to computer
systems.
- **Examples:**
- **Viruses:** Infect files and spread to other systems.
- **Worms:** Self-replicating programs that spread without user interaction.
- **Trojans:** Disguised as legitimate software but perform malicious actions.
- **Ransomware:** Encrypts data and demands payment for decryption.

### b. **Phishing**
A form of social engineering where attackers impersonate legitimate entities to
steal sensitive information (e.g., passwords, financial details).
- **Phishing Emails:** Fraudulent messages attempting to trick the recipient into
revealing personal information.

### c. **Denial of Service (DoS) Attacks**

Disrupt the availability of a system or network by overwhelming it with excessive
traffic or requests.
- **DDoS (Distributed Denial of Service):** Uses multiple systems to launch an
attack, making it harder to stop.

### d. **Man-in-the-Middle (MitM) Attacks**

Attackers intercept and alter communication between two parties, often without
either party knowing.
- **Example:** Intercepting login credentials over an insecure network.

### e. **SQL Injection**

A type of attack where attackers inject malicious SQL queries into a vulnerable
website or application to manipulate databases.
- **Example:** Stealing sensitive data from a poorly protected website.

### f. **Insider Threats**

Security risks originating from within an organization, including employees,
contractors, or anyone with authorized access to systems.
- **Example:** Disgruntled employees leaking sensitive information or intentionally
sabotaging systems.

---

## 4. **Cybersecurity Threat Mitigation Techniques**

### a. **Encryption**
Encrypting sensitive data ensures that even if intercepted, the data cannot be read
without the correct decryption key.
- **Examples:** SSL/TLS encryption for web traffic, full-disk encryption (FDE) for
storage.

### b. **Multi-Factor Authentication (MFA)**

Requires users to provide multiple forms of verification (e.g., password +
fingerprint) before gaining access to a system.
- **Example:** Bank accounts requiring both a password and a one-time code sent via
SMS.

### c. **Firewalls**
A network security device that monitors and controls incoming and outgoing network
traffic based on predetermined security rules.
- **Types:**
- **Network Firewalls:** Protect entire networks from external threats.
- **Host-based Firewalls:** Protect individual devices.

### d. **Antivirus and Anti-Malware Software**

Detects, prevents, and removes malicious software (e.g., viruses, spyware,
ransomware) from systems.
- **Example:** Installing antivirus software to scan and remove threats from files
and web traffic.

### e. **Security Patches and Updates**

Regularly updating software to patch vulnerabilities and improve system security.
- **Example:** Applying security patches for operating systems and applications to
fix known vulnerabilities.

### f. **Intrusion Detection and Prevention Systems (IDPS)**

Monitors network traffic for signs of suspicious activity, and can either alert
administrators or take automated action to block attacks.
- **IDS:** Detects and alerts administrators to potential threats.
- **IPS:** Takes active steps to block or mitigate detected threats.

### g. **Access Control and Least Privilege**

Ensure that users only have access to the information and systems necessary for
their role.
- **Examples:** Role-based access control (RBAC), principle of least privilege
(PoLP).

### h. **Backup and Disaster Recovery Plans**

Implementing regular data backups and preparing for recovery from disasters such as
cyberattacks or hardware failure.
- **Example:** Cloud-based backup solutions and on-site disaster recovery drills.

---

## 5. **Cybersecurity Frameworks and Standards**

### a. **NIST Cybersecurity Framework**

A set of guidelines from the National Institute of Standards and Technology (NIST)
for managing cybersecurity risks in organizations.
- **Core Functions:** Identify, Protect, Detect, Respond, Recover.

### b. **ISO/IEC 27001**

An international standard for information security management systems (ISMS) that
provides a systematic approach to managing sensitive company information.

### c. **GDPR (General Data Protection Regulation)**

A regulation in the EU that governs data protection and privacy for all individuals
within the European Union and the European Economic Area.
- **Key Requirements:** Data protection by design and by default, reporting
breaches within 72 hours, data subject consent.

### d. **CIS Controls**

A set of 20 critical security controls that organizations should implement to
protect against the most common cybersecurity threats.

---

## 6. **Emerging Cybersecurity Trends**

### a. **Zero Trust Security Model**

A security framework where no user or device is trusted by default, and strict
verification is required for every access request.
- **Key Concepts:**
- Trust no one, regardless of network location.
- Continuous authentication and validation.

### b. **AI and Machine Learning in Cybersecurity**

AI and machine learning algorithms can detect and respond to threats in real-time,
analyze vast amounts of data, and predict potential vulnerabilities.
- **Examples:** Threat detection, anomaly detection, automated response systems.

### c. **Cloud Security**

As more organizations move to cloud environments, securing cloud infrastructure and
services becomes increasingly important.
- **Key Areas:** Data encryption, identity and access management (IAM), and
security monitoring in cloud environments.

### d. **IoT Security**

The increasing adoption of IoT devices has led to new security challenges, as these
devices are often vulnerable to attacks.
- **Security Measures:** Secure firmware, network segmentation, and regular updates
for IoT devices.

### e. **Ransomware as a Service (RaaS)**

An emerging cybercrime business model where attackers lease ransomware tools to
other criminals, allowing them to carry out attacks without technical expertise.
- **Countermeasures:** Backup strategies, endpoint detection and response (EDR),
and proactive patching.

---

## 7. **Incident Response and Cybersecurity Frameworks**

### a. **Incident Response Lifecycle**

- **Preparation:** Develop a response plan, gather resources, and train personnel.
- **Identification:** Detect and verify the incident.
- **Containment:** Isolate affected systems to prevent further damage.
- **Eradication:** Remove the root cause of the incident (e.g., malware).
- **Recovery:** Restore systems and data to normal operations.
- **Lessons Learned:** Post-incident review to improve future response efforts.

### b. **Digital Forensics**

The practice of collecting, analyzing, and preserving digital evidence from systems
and devices after a cybersecurity incident to understand the scope and origin of
the attack.

---

## 8. **Best Practices in Cybersecurity**

- **Security by Design:** Incorporate security into the system development

lifecycle (SDLC) from the beginning.
- **Employee Training:** Educate employees about cybersecurity risks, phishing, and
safe online practices.
- **Regular Audits:** Perform regular security audits and penetration testing to
identify vulnerabilities.
- **Incident Response Planning:** Have a robust incident response plan and ensure
it is regularly tested and updated.
- **Data Protection:** Encrypt sensitive data both in transit and at rest, and
implement strong data access controls.
- **Continuous Monitoring:** Implement continuous monitoring and real-time threat
detection to identify potential risks early.

---

## 9. **Conclusion**
Cybersecurity is an ongoing effort that requires awareness, continuous learning,
and proactive management. As cyber threats evolve, so too must the strategies and
tools used to defend systems and data. Organizations must maintain a holistic
approach to cybersecurity, ensuring they protect all aspects of their digital
infrastructure.