Edited By: Omar Zayed

Cybersecurity
Diploma
Edited By: Omar Zayed

Introduction to
Cybersecurity
Edited By: Omar Zayed

Ch.1: The Need for

Cybersecurity

AMIT Cybersecurity Diploma

Introduction to Cybersecurity v2.1
Edited By: Omar Zayed

Ch.1: The Need for

Cybersecurity

Introduction to Cybersecurity v2.1

Chapter 1 - Sections & Objectives
 1.1 Personal Data

• Explain the characteristics and value of personal data.

• Define personal data.
• Explain why personal data is profitable to hackers.

 1.2 Organization Data

• Explain the characteristics and value of data within an organization.

• Describe types of data used by governments and organizations.
• Describe the impact of a security breach.

 1.3 Attackers and Cybersecurity Professionals

• Explain the characteristics and motives of cyber attackers and the legal and ethical issues for cybersecurity professionals.
• Describe the characteristics and motives of an attacker.

 1.4 Cyberwarfare

• Explain the characteristics and purpose of cyberwarfare.

• Describe cyberwarfare.

Edited By: Omar Zayed

What is Cybersecurity?

Cybersecurity is the ongoing effort to protect these networked systems and all of the data from
unauthorized use or harm. On a personal level, you need to safeguard your identity, your data, and
your computing devices.

Edited By: Omar Zayed

What is Cybersecurity?

Network
Infrastructure

Edited By: Omar Zayed

What is Cybersecurity?

Network
Security
Infrastructure

Edited By: Omar Zayed

What is Cybersecurity?

Cybersecurity
SIEM

Edited By: Omar Zayed

 1.1 Personal Data

14

Edited By: Omar Zayed

Personal Data
Your Online and Offline Identity
● As more time is spent online, your identity, both online and offline, can affect your life. Your offline
identity is the person who your friends and family interact with on a daily basis at home, at school,
or work. They know your personal information, such as your name, age, or where you live. Your
online identity is who you are in cyberspace. Your online identity is how you present yourself to
others online. This online identity should only reveal a limited amount of information about you.
● You should take care when choosing a username or alias for your online identity.
● The username should not include any personal information. It should be something appropriate and
respectful.

Edited By: Omar Zayed

Personal Data
Your Data

Financial
Data
Data on
your Education
Computing Data
Devices

Your Data
Medical Your
Data Identity

Employment
Information
Online

Edited By: Omar Zayed

Personal Data
Where is your data?

Edited By: Omar Zayed

Personal Data
Where is your data?
 When you are at the doctor’s office, the conversation you have with the doctor is recorded in
your medical chart. For billing purposes, this information may be shared with the insurance
company to ensure appropriate billing and quality. Now, a part of your medical record for the
visit is also at the insurance company.

 When you share your pictures online with your friends, do you know who may have a copy of
the pictures? Copies of the pictures are on your own devices. Your friends may have copies of
those pictures downloaded onto their devices. If the pictures are shared publicly, strangers
may have copies of them, too. They could download those pictures or take screenshots of
those pictures. Because the pictures were posted online, they are also saved on servers
located in different parts of the world. Now the pictures are no longer only found on your
computing devices.

Edited By: Omar Zayed

Personal Data
Where is your data?
 The store loyalty cards maybe a convenient way to save money for your purchases. However,
the store is compiling a profile of your purchases and using that information for its own use. The
profile shows a buyer purchases a certain brand and flavor of toothpaste regularly. The store
uses this information to target the buyer with special offers from the marketing partner. By
using the loyalty card, the store and the marketing partner have a profile for the purchasing
behavior of a customer.

Edited By: Omar Zayed

Personal Data
Personal Data as a Target
What does hackers want from YOU ?
They Want Your Money They Want Your Identity
Your online credentials are valuable. Besides stealing your money for a
These credentials give the thieves short-term monetary gain, the
access to your accounts. You may criminals want long-term profits by
think the frequent flyer miles you stealing your identity.
have earned are not valuable to
cybercriminals.

Edited By: Omar Zayed

 1.2 Organizational Data

21

Edited By: Omar Zayed

Organizational Data
Introduction to Organizational Data
Types of Organizational Data
Traditional Data Internet of Things and Big Data
Corporate data includes personnel With the emergence of the Internet of Things
information, intellectual properties, and (IoT), there is a lot more data to manage and
financial data. The personnel information secure. IoT is a large network of physical
includes application materials, payroll, offer objects, such as sensors and equipment that
letters, employee agreements, and any extend beyond the traditional computer
information used in making employment network.
decisions.

Edited By: Omar Zayed

Organizational Data
Introduction to Organizational Data
Confidentiality, Integrity, and Availability

Edited By: Omar Zayed

Organizational Data
CIA Triad

Confidentiality

CIA
Triad

Integrity Availability

Edited By: Omar Zayed

Organizational Data
CIA Triad

Confidentiality

CIA
Triad

Integrity Availability

Edited By: Omar Zayed

Organizational Data
CIA Triad Confidentiality

Another term for confidentiality would be privacy. Company

policies should restrict access to the information to
authorized personnel and ensure that only those authorized
individuals view this data. The data may be
compartmentalized according to the security or sensitivity
level of the information. For example, a Java program
developer should not have to access to the personal
information of all employees. Furthermore, employees
should receive training to understand the best practices in
safeguarding sensitive information to protect themselves and
the company from attacks. Methods to ensure confidentiality
include data encryption, username ID and password, two
factor authentication, and minimizing exposure of sensitive
information.

Edited By: Omar Zayed

Organizational Data
CIA Triad

Confidentiality

CIA
Triad

Integrity Availability

Edited By: Omar Zayed

Organizational Data
CIA Triad Confidentiality

Integrity is accuracy, consistency, and trustworthiness

of the data during its entire life cycle. Data must be
unaltered during transit and not changed by
unauthorized entities. File permissions and user access
control can prevent unauthorized access. Version
control can be used to prevent accidental changes by
authorized users. Backups must be available to restore
any corrupted data, and checksum hashing can be
used to verify integrity of the data during transfer.

Edited By: Omar Zayed

Organizational Data
CIA Triad Integrity

A checksum is used to verify the integrity of files, or strings of Checksum

characters, after they have been transferred from one device to
another across your local network or the Internet. Checksums are
calculated with hash functions. Some of the common checksums File to be transferred
are MD5, SHA-1, SHA-256, and SHA-512. A hash function uses a
mathematical algorithm to transform the data into fixed-length
value that represents the data, as shown in Figure. The hashed
value is simply there for comparison. From the hashed value, the
original data cannot be retrieved directly. For example, if you
forgot your password, your password cannot be recovered from the Hash Function
hashed value. The password must be reset.

After a file is downloaded, you can verify its integrity by verifying

the hash values from the source with the one you generated using
any hash calculator. By comparing the hash values, you can ensure e88ws334 Fixed-length
that the file has not been tampered with or corrupted during the Hash Value
transfer.

Edited By: Omar Zayed

Organizational Data
CIA Triad

Confidentiality

CIA
Triad

Integrity Availability

Edited By: Omar Zayed

Organizational Data
CIA Triad Availability

Maintaining equipment, performing hardware repairs,

keeping operating systems and software up to date, and
creating backups ensure the availability of the network and
data to the authorized users. Plans should be in place to
recover quickly from natural or man-made disasters. Security
equipment or software, such as firewalls, guard against
downtime due to attacks such as denial of service (DoS).
Denial of service occurs when an attacker attempts to
overwhelm resources so the services are not available to
the users.

Edited By: Omar Zayed

Introduction to Organizational Data
Lab – Compare Data with a Hash Lab

 In this lab, you will generate a hash for a file and use the hash value to
compare the integrity of a file.

Edited By: Omar Zayed

Introduction to Organizational Data
Lab – Compare Data with a Hash Lab

 In this lab, you will generate a hash for a file and use the hash value to
compare the integrity of a file.

Edited By: Omar Zayed

Organizational Data
The Impact of a Security Breach

Ruined Vandalism Revenue Damaged

Theft Intellectual
Reputation (‫)ﺗﺧرﯾب‬ Lost Property

Loss of Damage of data

Loss of effort, and
Financial Impact Loss of copyright
customer trust material

Edited By: Omar Zayed

Organizational Data
The Impact of a Security Breach

● Security Breach Example - LastPass

○ An online password manager
○ Stolen email addresses, password reminders,
and authentication hashes
○ Requires email verification or multi-factor
authentication when logging in from an unknown device
○ Users should use complex master password,
change master password periodically, and beware of
phishing attacks

Edited By: Omar Zayed

Organizational Data
The Impact of a Security Breach

● Security Breach Example - Vtech

○ Vtech is a high tech toy maker for children
○ Exposed sensitive information including customer
names, email addresses, passwords, pictures, and
chat logs.
○ Vtech did not safeguard information properly
○ Hackers can create email accounts, apply for credits,
and commit crimes using the children’s information
○ Hackers can also take over the parents’ online
accounts

Edited By: Omar Zayed

Organizational Data
The Impact of a Security Breach

● Security Breach Example - Equifax

○ Equifax is a consumer credit reporting agency.
○ Attackers exploited a vulnerability in web
application software.
○ Equifax established a dedicated web site with a
new domain name that allowed nefarious parties
to create unauthorized websites for phishing
scheme

Edited By: Omar Zayed

 1.3 Attackers and
Cybersecurity Professionals

38

Edited By: Omar Zayed

The Profile of a Cyber Attacker
Types of Attackers Types of Hackers

Hackers

White Hat Hackers Grey Hat Hackers Black Hat Hackers

White hats – break into Gray hats – compromise Black hats - take advantage
system with permission to systems without permission of any vulnerability for
discover weaknesses so illegal personal, financial or
that the security of these political gain
systems can be improved

Edited By: Omar Zayed

The Profile of a Cyber Attacker
Internal and External Threats
Cyber
Attackers • Internal Security Threats
-Can be an employee or contract partner
-Mishandle confidential data
Insiders Outsiders -Threaten the operations of internal servers or
network
infrastructure devices
Organized -Facilitate outside attacks by connecting infected
Employees Hackers Amateurs
Attackers USB
media into the corporate computer system
Ex- Cyber White Hat -Accidentally invite malware onto the network
employees Criminals Hackers through malicious email or websites
-Can cause great damage because of direct access
Contract Grey Hat • External Security Threats
Hacktivists -Exploit vulnerabilities in network or computing
staff Hackers
devices
-use social engineering to gain access
Trusted Black Hat
Terrorists
Partners Hackers
• Amateurs
-Script kiddies with little or no skill
State- -Using existing tools or instructions found
Sponsored online for attacks
Edited By: Omar Zayed
 1.4 Cyberwarfare

41

Edited By: Omar Zayed

Overview of Cyberwarfare
What is Cyberwarfare

○ Conflict using cyberspace

○ Stuxnet malware
■ Designed to damage Iran’s
nuclear enrichment plant
■ Used modular coding
■ Used stolen digital certificates
https://video.cisco.com/video/2093705517001

Edited By: Omar Zayed

 1.5 Chapter Summary

43

Edited By: Omar Zayed

Summary
Summary
 Define personal data.

 Explain the characteristics and value of personal data.

 Explain the characteristics and value of data within an organization.

 Describe the impact of security breach.

 Describe the characteristics and motives of an attacker.

 Describe the legal and ethical issues facing a cybersecurity professional.

 Explain the characteristics and purpose of cyberwarfare.

Edited By: Omar Zayed

Chapter Questions
 What three items are components of the CIA triad? (Choose three.)
• intervention
• availability
• scalability
• confidentiality
• integrity
• access

Edited By: Omar Zayed

Chapter Questions
 What is another name for confidentiality of information?
• trustworthiness
• privacy
• accuracy
• consistency

Edited By: Omar Zayed

Chapter Questions
 Which statement describes cyberwarfare?
• Cyberwarfare is an attack carried out by a group of script kiddies.
• It is simulation software for Air Force pilots that allows them to practice under a
simulated war scenario.
• It is a series of personal protective equipment developed for soldiers involved in nuclear
war.
• It is Internet-based conflict that involves the penetration of information systems of
other nations.

Edited By: Omar Zayed

Chapter Questions
 What is an example of “hacktivism”?
• A group of environmentalists launch a denial of service attack against an oil company
that is responsible for a large oil spill.
• A teenager breaks into the web server of a local newspaper and posts a picture of a
favorite cartoon character.
• A country tries to steal defense secrets from another country by infiltrating government
networks.
• Criminals use the Internet to attempt to steal money from a banking company.

Edited By: Omar Zayed

Chapter Questions
 What is the motivation of a white hat attacker?
• discovering weaknesses of networks and systems to improve the security level of these
systems
• studying operating systems of various platforms to develop a new system
• taking advantage of any vulnerability for illegal personal gain
• fine tuning network devices to improve their performance and efficiency

Edited By: Omar Zayed

Chapter Questions
 Which method is used to check the integrity of data?
• checksum
• backup
• authentication
• encryption

Edited By: Omar Zayed

Chapter Questions
 Fill in the blank.
• The individual user profile on a social network site is an example of a/an
identity.
Online

Edited By: Omar Zayed

Chapter Questions
 Match the type of cyber attackers to the description. (Not all options are used.)

Script
gather intelligence or commit sabotage on specific Kiddies
goals on behalf of their government

Hacktivists
make political statements, or create fear, by causing
physical or psychological damage to victims
Terrorists

make political statements in order to create an

awareness of issues that are important to them State-
Sponsored

Edited By: Omar Zayed

Chapter Questions
 What are three methods that can be used to ensure confidentiality of information?
(Choose three.)
• data encryption
• backup
• file permission settings
• username ID and password
• two factor authentication
• version control

Edited By: Omar Zayed

Chapter Questions
 What is a reason that internal security threats might cause greater damage to an
organization than external security threats?
• Internal users can access the infrastructure devices through the Internet.
• Internal users can access the corporate data without authentication.
• Internal users have direct access to the infrastructure devices.
• Internal users have better hacking skills.

Edited By: Omar Zayed

Edited By: Omar Zayed