Cybersecurity

Diploma
Cybersecuri
ty
Diplom
Edited By: Om r Z
yed

Introduction
to
Cybersecurit
y
Ch.1: The Need for
Cybersecurity
 Chpter 1 - Sections E
Objectives
 1.1 Personal Data

• Explain the characteristics and value of personal data.

• Define personal data.
• Explain why personal data is profitable to hackers.
 1.2 Organization Data

• Explain the characteristics and value of data within an

organization.
• Describe types of data used by governments and organizations.
• Describe the impact of a security breach.
 1.3 Attackers and Cybersecurity Professionals

• Explain the characteristics and motives of cyber attackers and

the legal and ethical issues for cybersecurity professionals.
• Describe the characteristics and motives of an attacker.
 1.4 Cyberwarfare

• Explain the characteristics and purpose of cyberwarfare.

• Describe cyberwarfare.
 What is
Cybersecurity?
Cybersecurity is the ongoing eff ort to protect these networked systems and all of the
data from unauthorized use or harm. On a personal level, you need to safeguard your
identity, your data, and your computing devices.
1.1 Persona l a
Da 
t
 Personal Data
Your Online and Offline Identity
● As more time is spent online, your identity, both online and offline, can affect your life. Your offline
identity is the person who your friends and family interact with on a daily basis at home, at school,
or work. They know your personal information, such as your name, age, or where you live. Your
online identity is who you are in cyberspace. Your online identity is how you present yourself to
others online. This online identity should only reveal a limited amount of information about you.
● You should take care when choosing a username or alias for your online identity.
● The username should not include any personal information. It should be something appropriate and
respectful.
 Financia
l Data
Data on
your Educatio
Computin n Data
g Devices

Your
Medica Your
l Data Identit
Data y

Employme
Informatio
n
nt
Online
Financia
l Data
 When you are at the doctor’s office, the conversation you have with the doctor is
recorded in your medical chart. ForFinancia
billing purposes, this information may be
shared with the insurance company lto Dataensure appropriate billing and quality. Now,
a part of your medical record for the visit is also at the insurance company.

 When you share your pictures online with your friends, do you know who may have a
copy of the pictures? Copies of the pictures are on your own devices. Your
friends may have copies of those pictures downloaded onto their devices. If the
pictures are shared publicly, strangers may have copies of them, too. They could
download those pictures or take screenshots of those pictures. Because the
pictures were posted online, they are also saved on servers located in different
parts of the world. Now the pictures are no longer only found on your computing
devices.
 The store loyalty cards maybe a convenient way to save money for your purchases.
However, the store is compilingFinancia
a profile of your purchases and using that
l Data
information for its own use. The profile shows a buyer purchases a certain brand
and flavor of toothpaste regularly. The store uses this information to target the
buyer with special offers from the marketing partner. By using the loyalty card, the
store and the marketing partner have a profile for the purchasing behavior of a
customer.
 What does hackers want from
Financia
YOU ?
They Want Your Money l Data
They Want Your Identity
Your online credentials are Besides stealing your money for a
valuable. These credentials give short-term monetary gain,
the thieves access to your criminals want long-term profits
the
accounts. You may think the by stealing your
frequent flyer miles you have identity.
earned are not valuable to
cybercriminals.
 Financia
l Data

1.2 Organization
Data
Introduction to Organization
Data
Financia
Traditional Data l Data Internet of Things and Big Data
Corporat data personne With the emergence of the Internet of
e
information, includes
intellectual properties,
l Things (IoT), there is a lot more data to
and financial data. The personnel manage and secure. IoT is a large
includes
informationapplication materials, payroll, network of physical objects, such as
offer letters, employee agreements, sensors and equipment that extend
and any information used in beyond the traditional computer
making employment decisions. network.
Confidentiality, Financia
Integrity, and Availability
l Data
 Financia
l Data

Confidentilit
y

CIA
Tri
d
Integrit Av il
y bility
 Financia
l Data

Confidentilit
y

CIA
Tri
d
Integrit Av il
y bility
 Financia
l Data
Another term for confidentiality would be privacy.
Company policies should restrict access to the
information to authorized personnel and ensure that
only those authorized individuals view this data.
The data may be compartmentalized
according to the security or sensitivity level of
the information. For example, a Java program
developer should not have to access to the personal
information of all employees. Furthermore,
employees should receive training to understand the
best practices in safeguarding sensitive information
to protect themselves and the company from attacks.
Methods to ensure confidentiality include data
encryption, username ID and password, two factor
authentication, and minimizing exposure of sensitive
information.
 Financia
l Data

Confidentilit
y

CIA
Tri
d
Integrit Av il
y bility
 Financia
l Data
Integrity is accuracy, consistency, and
trustworthiness of the data during its entire life
cycle. Data must be unaltered during transit
and not changed by unauthorized entities.
File permissions and user access control can
prevent unauthorized access. Version control
can be used to prevent accidental changes by
authorized users. Backups must be available to
restore any corrupted data, and checksum hashing
can be used to verify integrity of the data during
transfer.
Integrit
y
A checksum is used to verify the integrity of files, or strings
Financia
Checksu
of characters, after they have been transferred
l Data from one m
device to another across your local network or the
Internet. Checksums are calculated with hash functions. Some File to be
of the common checksums are MD5, SHA-1, SHA-256, and transferred
SHA-512. A hash function uses a mathematical algorithm to
transform the data into fixed-length value that represents
the data, as shown in Figure. The hashed value is simply
there for comparison. From the hashed value, the original
data cannot be retrieved directly. For example, if you Hash
forgot your password, your password cannot be recovered Function
from the hashed value. The password must be reset.
After a file is downloaded, you can verify its integrity by
verifying the hash values from the source with the one you
Integrit
generated using any hash calculator. By comparing the hash e88ws334 Fixed-
values, you can ensure that the file has not been tampered with length
or corrupted during the transfer.
y Hash
Value
 Financia
l Data

Confidentilit
y

CIA
CIA
Tri
Tri
d
d
Integrit Av il
y bility
 Financia
l Data
Maintaining equipment, performing hardware repairs,
keeping operating systems and software up to date, and
creating backups ensure the availability of the network and
data to the authorized users. Plans should be in place to
recover quickly from natural or man-made disasters. Security
equipment or software, such as firewalls, guard against
downtime due to attacks such as denial of service (DoS).
Denial of service occurs when an attacker att empts to
overwhelm resources so the services are not available to
the users.

Integrit
y

In this lab, you will generate a hash for a file and use the hash
Financia
value to compare the integrity of a file.
l Data

Integrit
y

In this lab, you will generate a hash for a file and use the hash
Financia
value to compare the integrity of a file.
l Data

Integrit
y
The Impact Security
of Breach
Financia
l Data

Ruined Vandalism Revenu Damaged

Theft Intellectu
Reputatio (‫بﯾرﺧ‬ e Lost al
n ‫)ﺗ‬ Property

Loss of Loss of eff ort, Financial

customer and Loss of
Damage of material Impact
trust copyright
data

Integrit
y
 Financia
● Security Breach Example - LastPass
l Data
○ An online password manager
○ Stolen email addresses, password
reminders, and authentication hashes
○ Requires email verification or multi-factor
authentication when logging in from an unknown
device
○ Users should use complex master password,
change master password periodically, and
beware of phishing attacks
Integrit
y
●
Security Breach Example - Financia
Vtech
l Data
○ Vtech is a high tech toy maker for children
○ Exposed sensitive information including
customer names, email addresses,
passwords, pictures, and chat logs.
○ Vtech did not safeguard information
properly
○ Hackers can create email accounts, apply for
credits, and commit crimes using the
children’s information Integrit
○ y the parents’
Hackers can also take over
online accounts
 Financia
●
Security Breach Example l-Data
Equifax
○ Equifax is a consumer credit reporting
agency.
○ Attackers exploited a vulnerability
in web application software.
○ Equifax established a dedicated web site
with a new domain name that allowed
nefarious parties to create unauthorized
websites for phishing scheme
Integrit
y
 Financia
l Data

1.3 Attackers and

Cybersecurity
Professionals
Integrit
y
 Financia
l Data
H ckers

White H t H Grey H t H Bl ck H t H
Grey H t H Bl ck H t H
ckers ckers ckers
ckers ckers

White hats – break Black hats - take

into system with Gray hats – advantage of any

weaknesses
Integrit
permission to discover
so that
compromise systems vulnerability for illegal
without permission personal, financial or
y
the security of these political gain
systems can be
improved
 Financia
l Data

Integrit
y
 Financia
l Data

1.4 Cyberwa
rfa re
Integrit
y
 Financia
l Data
○ Conflict using cyberspace
○ Stuxnet malware
■ Designed to damage
Iran’s nuclear
enrichment plant
■ Used modular coding
■ Used stolen digital
certificates
Integrit
y h
t
t
p
s
:
 Financia
l Data

1.5 Cha
pter Summa
Integrit

ry y
 Define personal data.
Financia
 Explain the characteristics and value lof personal data.
Data

 Explain the characteristics and value of data within an

organization.
 Describe the impact of security breach.

 Describe the characteristics and motives of an attacker.

 Describe the legal and ethical issues facing a cybersecurity

professional.
 Explain the characteristics and purpose of cyberwarfare.

Integrit
y
 What three items are components of the CIA triad? (Choose three.)
Financia
• intervention l Data
• availability
• scalability
• confidentiality
• integrity
• access

Integrit
y
 What is another name for confidentiality of information?
Financia
• trustworthiness l Data
• privacy
• accuracy
• consistency

Integrit
y
 Which statement describes cyberwarfare?
Financia
• Cyberwarfare is an attack carriedl out
Databy a group of script kiddies.
• It is simulation software for Air Force pilots that allows them to
practice under a simulated war scenario.
• It is a series of personal protective equipment developed for soldiers involved
in nuclear war.
• It is Internet-based confl ict that involves the penetration of information
systems of other nations.

Integrit
y
 What is an example of “hacktivism”?
Financia
• A group of environmentalists launch a denial of service attack against an
l Data
oil company that is responsible for a large oil spill.
• A teenager breaks into the web server of a local newspaper and posts a
picture of a favorite cartoon character.
• A country tries to steal defense secrets from another country by infiltrating
government networks.
• Criminals use the Internet to attempt to steal money from a banking
company.

Integrit
y
 What is the motivation of a white hat attacker?
Financia
• discovering weaknesses of networks and systems to improve the security
l Data
level of these systems
• studying operating systems of various platforms to develop a new system
• taking advantage of any vulnerability for illegal personal gain
• fine tuning network devices to improve their performance and effi ciency

Integrit
y
 Which method is used to check the integrity of data?
Financia
• checksum l Data
• backup
• authentication
• encryption

Integrit
y
 What are three methods that can be used to ensure confidentiality of information?
(Choose three.) Financia
l Data
• data encryption
• backup
• file permission settings
• username ID and password
• two factor authentication
• version control

Integrit
y
 What is a reason that internal security threats might cause greater damage to an
organization than external securityFinancia
threats?
l Data
• Internal users can access the infrastructure devices through the Internet.
• Internal users can access the corporate data without authentication.
• Internal users have direct access to the infrastructure devices.
• Internal users have better hacking skills.

Integrit
y
Cybersecuri
ty
Diplom