WHAT IS CYBER SECURITY

Cyber security is a type of protection that involves protecting computer systems and networks from
various threats. These include the unauthorized access and use of their data, the theft of their
software, and the disruption of their services.

The importance of cybersecurity has grown due to the increasing reliance on various technologies,
such as the Internet and wireless networks. Also, due to the rise of smart devices, such as
smartphones and televisions, the field has become more relevant.

Due to the complexity of modern technology and the increasing number of people using information
systems, cyber security is becoming more prevalent. Its primary goal is to protect the integrity of the
system and its data privacy.

HISTORY

In 1977, the National Institute of Standards and Technology published the "CIA triad" to describe the
various security goals that are related to confidentiality, integrity, and availability. Although this
framework is still relevant, many more frameworks have been proposed.

The April 1967 session of the Spring Joint Conference, which was organized by Willis Ware, was
regarded as a turning point in the history of computer security. It tackled various social, cultural, and
material concerns.

The concept of computer security was initially limited to academia during the 1970s and 1980s. The
rise of the internet and the evolution of computer viruses during the 1990s marked the beginning of
the establishment of cybersecurity and cyber threats.

The rise of the internet and the digital transformation have led to the discussion of cybersecurity
becoming a regular topic in both our personal and professional lives. Cybersecurity has been a part
of our lives for the last 50 years.

During the 1970s and 1980s, there were no major computer threats. Instead, most of the threats
that were identified were usually caused by malicious insiders who were able to access sensitive files
and documents. Although there were network breaches and malware during this period, these
threats were not used for financial gain.

During the second half of the 1970s, various computer companies started offering commercial
products and services related to cybersecurity.

The first known instance of computer viruses was identified in 1971 by Bob Thomas, a BBN
employee, with the creation of the experimental program known as Creeper. In 1972, Ray Tomlinson
developed the first anti-virus software, known as Reaper. He then moved the program to the
ARPANET and deleted the Creeper worm.

In September 1986, a group of German hackers broke into the networks of US defense contractors
and universities. They then sold the information they gathered to the Soviet KGB. The group, which
was led by the German hacker known as Markus Hess, was arrested on June 29, 1987. He was then
convicted on February 15, 1990.

VULNERABILITIES AND ATTACKS

Main article: Vulnerability (computing)

A vulnerability is a weakness in an implementation or design of a process or procedure. Most of the

Researchers can perform reverse engineering, exploitation, or even attack a computer system
through a variety of tools and techniques. Understanding the vulnerabilities that can be exploited
against a computer system is important to ensure that the system is secure.

Backdoor

A backdoor is a type of secret method that can be used to bypass security controls or authentication
in a computer system. It can be created for various reasons, such as due to poor configuration or
original design. It can also be used by an attacker to gain unauthorized access. Regardless of its
motives, a backdoor can create a vulnerability.

A backdoor is very hard to detect, and it can only be discovered by someone with a good
understanding of the operating system and source code of the computer.

Denial-of-service attack

A denial of service attack is a type of attack that can be performed by attackers to prevent a machine
or network from working properly. They can do this by intentionally entering a wrong password or
overload the system's capabilities.

Although a denial of service attack can be blocked by a single IP address, other types of attacks can
be performed using a variety of points. These attacks are more difficult to defend and can come from
a vast number of sources. One of the most common types of DDoS attacks is a zombie attack that's
carried out by a botnet.

Direct-access attacks

Getting into a computer through a remote access can be very easy for an unauthorized user to copy
and paste data from it. They can also perform various other activities that can compromise the
system's security, such as installing software worms and keyloggers. One of the most effective ways
to prevent these types of attacks is by implementing a secure boot method.
Eavesdropping

In most cases, eavesdropping occurs when a private conversation is being conducted between hosts
on a network. For instance, programs known as NarusInSight and Carnivore have been used by the
FBI and the National Security Agency to monitor the activities of internet service providers.

Even machines that are not connected to the outside world can be spied on by the National Security
Agency (NSA) through its TEMPEST specification. This type of attack can be carried out by monitoring
the electromagnetic transmissions of the hardware.

Multi-vector, polymorphic attacks

In 2017, a new type of cyber threat emerged that combines multiple attacks into one. This type of
attack can be used to evade cybersecurity controls.

Phishing

The concept of phishing is a type of attack that involves tricking users into entering their personal
information, such as their passwords and credit card details. It usually occurs through instant
messaging or email spoofing. Users are then directed to a fake website that imitates the look and
feel of the real one.

Phishing typically involves a fake website that asks users for their personal information, such as their
passwords and login details. This type of attack is considered to be a form of social engineering. In
order to access a victim's real account, attackers have to use creative methods.

One common type of scam is email spoofing, which involves sending fake invoices that claim to show
that the recipient has recently purchased various apps, music, or other products.

Privilege escalation

A privilege escalation occurs when an attacker with limited access is able to access a system without
authorization. For instance, a user with limited access might b…

Top 10 Cyber Attacks In History | Biggest Cyber Attacks Of All Time

Play video with this link

https://youtu.be/fUeJtM1bgGo

We shall spare some time to watch this video and see for ourselves cases of cyber attack.

INFORMATION SECURITY CULTURE

Behavior within an organization can have a huge impact on the security of its information. Cultural
concepts can help various parts of the organization work together to improve the effectiveness of
information security. Information security culture refers to the totality of patterns of behavior that
contribute to the protection of information.

According to Reimers and Andersson (2014), employees do not see themselves as contributing to
the information security efforts of their organizations, and they often take actions that prevent them
from achieving the goals of the program. A study conducted by Verizon in 2020 revealed that 30% of
the security breaches that occurred were caused by internal actors. This suggests that continuous
improvement is needed in the culture of information security.

According to the authors of , information security culture is a continuous process that can be used to
improve the effectiveness of an organization's information security. Five steps should be taken to
manage it. These include planning and implementing a strategy, evaluation, and post-evaluation.

Operative planning: A good security culture can be established based on internal communication,
management-buy-in, security awareness and a training program.

Implementation: Four stages should be used to implement the information security culture. They
are:

Commitment of the management

Communication with organizational members

Courses for all organizational members

Commitment of the employees

Post-evaluation: To assess the success of the planning and implementation, and to identify
unresolved areas of concern.

SYSTEM AT RISK

Due to the increasing number of computer systems and the reliance on them by various
organizations and individuals, there are increasing risks that these systems will be compromised.

IMPACT OF SECURITY BREACHES

Due to the lack of a standard model that can estimate the cost of a security breach, only the data
that is made public by affected organizations can be used. Several computer security consulting firms
provide estimates of the worldwide losses caused by various types of attacks, such as those carried
out by viruses and worms.

According to estimates by various firms, the losses they experienced in 2003 ranged from $13 billion
for viruses and worms to $226 billion for various forms of covert attacks. The methodology used to
arrive at these estimates is often questioned.

Although it is generally not practical to estimate the financial cost of a security breach, it can help
organizations make informed decisions regarding their security. The Gordon-Loeb Model suggests
that a firm's investment should be only a small fraction of its expected loss due to a cyber or
information security incident.
ATTACK MOTIVATION

Due to the increasing number of targeted environments being susceptible to compromise, studies
have been conducted on the various motivations of different actors. These studies have revealed
that there are significant differences between the motivations of hackers and those of nation state
actors.

The rise of extremist groups has been attributed to their desire to disrupt social agendas or gain
political advantage. The increasing number of devices and capabilities that can be used to attack
critical infrastructure has also raised concerns about the security of these environments.

Like physical security breaches, attackers' motivations vary. Some are thrill-seekers, others are
activists, and others are criminals looking for monetary gain. State-sponsored attackers have become
more common, but they started with amateurs such as the aforementioned Markus Hess, who
worked for the KGB.

A threat modeling process is usually conducted to identify the potential attackers who would want
to take over a particular system. It involves analyzing the various factors that would motivate an
attacker to take over a particular system. The details of precautions that are taken to secure a
particular system will vary depending on its nature

COMPUTER PROTECTION

A countermeasure is a technique or action that can be taken to reduce a vulnerability or a threat in a

Some common countermeasures are listed in the following sections:

Security by design

Main article: Secure by designSecurity by design, or alternately secure by design, means that the
software has been designed from the ground up to be secure. In this case, security is considered as a
main feature.

Security architecture

The term information technology security architecture refers to the design artifacts that describe the
various security controls that are used to maintain the integrity and quality of a computer system.
These controls are also designed to improve the system's availability, confidentiality, and
accountability.

Security measures

The concept of a state of computer security refers to the various processes that are used to prevent
unauthorized access and use of the system. These include the detection, response, and threat
prevention.
Vulnerability management

The process of vulnerability management is also related to the various security controls that are
used to prevent unauthorized access and use of a computer system. It involves identifying,
remediating, and mitigating vulnerabilities in software and firmware.

Reducing vulnerabilities

Although formal verification of a computer system's correctness is possible, it is not yet common
practice. Some operating systems, such as those from SYSGO's PikeOS and seL4, have been formally
verified.

One of the most common methods of protecting unauthorized access to a computer system is by
implementing two-factor authentication. This type of security measure requires a person to provide
a certain combination of information to access the system.

Hardware protection mechanisms

Although hardware can be a source of insecurity, such as the vulnerability introduced in the
manufacturing process of microchips, hardware-based security can still be an effective alternative to
software-only security.

Examples of hardware-based security that are commonly used include devices such as USB ports,
drive locks, and dongles. These types of security measures are considered more secure due to the
nature of the access required in order to compromise the system.

Secure operating systems

One of the terms used to describe the type of security measures that are used to implement a
secure operating system is computer security. During the 1980s, the US Department of Defense used
the Orange Book standards instead of the Common Criteria.

Although many operating systems are able to meet the EAL4 standard, which is a method of
reviewing and testing, they are not always formally verified. For instance, the INTEGRITY-178B
operating system, which is used in the Airbus A380, is not always formally verified.

Secure coding

Software engineers use secure coding techniques to protect their systems from accidental
vulnerabilities. This process is carried out by ensuring that the algorithms that are used to
implement the security measures are secure. Formal verification is also used to ensure that the
system's correctness is maintained.

Capabilities and access control lists

Two of the most common security models that are used to implement privilege separation in
computer systems are access control lists and role-based access controls.
An access-control list is a list of permissions that are associated with a particular object in a
computer file system. It describes the types of operations that are allowed and restricted on the
given object.

End user security training

It has been estimated that about 90% of security breaches and incidents involve human error.
Among the most common forms of misjudgment and error are sending and receiving emails that
contain sensitive information, which can be sent to the wrong recipient, and not knowing which
websites to look for in an email attachment.

Digital hygiene

Digital hygiene is a fundamental principle that is related to information security. It is similar to the
concept of personal hygiene, which is about establishing simple steps to minimize the risks that can
be caused by cyber threats.

The goal of digital hygiene is to provide a layer of protection to network users. It is believed that
good hygiene practices can reduce the likelihood that a vulnerable node will be used to mount
attacks or compromise a network.

Response to breaches

Unfortunately, identifying and preventing attackers is not always easy due to the various methods
that they can use to operate. For instance, they can operate through proxy servers, wireless
connections, and anonymizing procedures. After successfully accessing a network, they can then
delete logs to cover their tracks.

Due to the number of attacks that are made using automated tools, it is sometimes difficult for
organizations to keep track of all of them.

INCIDENCE RESPONSE

An incident response is an organized process that involves identifying and managing the various
steps involved in a computer security incident. It aims to prevent a breach or a cyberattack.
Unfortunately, many organizations do not take the necessary steps to identify and manage the
incident at the time it occurs.

An incident response plan is a strategy that aims to contain a computer security incident and
minimize its damage. It can also help restore services and prevent losses. By identifying and
addressing the issues that can lead to a loss, an organization can improve its operations and prevent
further damage.

There are four key components of a computer security incident response plan:
Preparation: Preparing stakeholders on the procedures for handling computer security incidents or
compromises

Detection and analysis: Identifying and investigating suspicious activity to confirm a security
incident, prioritizing the response based on impact and coordinating notification of the incident

Containment, eradication and recovery: Isolating affected systems to prevent escalation and limit
impact, pinpointing the genesis of the incident, removing malware, affected systems and bad actors
from the environment and restoring systems and data when a threat no longer remains

Post incident activity: Post mortem analysis of the incident, its root cause and the organization's
response with the intent of improving the incident response plan and future response efforts.

LEGAL ISSUES AND GLOBAL REGULATIONS

The Internet is like giving away free plane tickets to criminals all around the world. Due to the
complexity of the situation, the use of various techniques such as bullet proof servers and dynamic
DNS can make it hard to enforce and investigate.

One of the biggest issues that law enforcers face when it comes to investigating cybercrimes and
cyberattacks is the attribution of their actions. This is because, due to the lack of global police
capabilities, viruses can easily move between different jurisdictions.

There are various international legal issues related to cybercrimes and cyber attacks. The lack of a
common global framework for addressing these issues makes it difficult for authorities to prosecute
cybercriminals and prosecute them. Security firms also often find it hard to identify the individuals
behind certain types of attacks due to the lack of laws.

ROLE OF GOVERNMENT

Despite the government's role in regulating cyberspace, some people still believe that it should
remain free of government interference. This is the view that emerged in the discussions about
bitcoin and blockchain.

The government has a role in making regulations to protect companies and organizations from
cyberattacks. It also aims to protect the country's infrastructure, such as the electricity grid.

Despite the government's efforts, many experts and officials believe that the government should do
more to improve regulation. They noted that the private sector is not able to effectively address the
cybersecurity problem. R. Clarke, a former US congressman, said during a panel discussion that the
industry only responds to threats when they are threatened.

Despite the government's role in regulating cyberspace, some executives from the private sector
believe that the government should not interfere in their operations. They also believe that the
private sector can improve its cybersecurity. Daniel McCarthy, a cybersecurity expert, discussed the
role of the private sector in the constitution of political order.

On May 22, 2020, the UN held its second cybersecurity meeting to discuss the increasing number of
attacks and threats that are threatening international peace. According to the Secretary-General,
new technologies are often used to violate the rights of people.
INTERNATIONAL ACTIONS

Many different teams and organizations exist, including:

The Forum of Incident Response and Security Teams (FIRST) is the global association of CSIRTs.[187]
The US-CERT, AT&T, Apple, Cisco, McAfee, Microsoft are all members of this international team.

The Council of Europe helps protect societies worldwide from the threat of cybercrime through the
Convention on Cybercrime.

The purpose of the Messaging Anti-Abuse Working Group (MAAWG) is to bring the messaging
industry together to work collaboratively and to successfully address the various forms of messaging
abuse, such as spam, viruses, denial-of-service attacks and other messaging exploitations.[190]
France Telecom, Facebook, AT&T, Apple, Cisco, Sprint are some of the members of the MAAWG.

ENISA : The European Network and Information Security Agency (ENISA) is an agency of the
European Union with the objective to improve network and information security in the European
Union.

NATIONAL ACTIONS

You will take you time to read more about national actions in the materials that will come with your
certificates

MODERN WARFARE

Due to the rise of cyberwarfare and cyberterrorism, various terms have been coined. For instance,
the US Cyber Command was established in 2009.

In the future, wars will not only be fought using guns and planes, but they will also be fought using
computer programs that can be launched from a half-world away. These programs can disrupt vital
industries such as transportation, energy, and communications. Their attacks could disable warships,
fighter jets, and military networks.

According to Mark Clayton, in 2015, the rise of cyberwarfare is becoming a serious concern. He
noted that it could become the next stage of warfare.

Some experts doubt that cybersecurity is as serious a threat as it has been made out to be.
CYBER INSURANCE

A cyber-insurance product is a type of insurance that focuses on protecting businesses from various
risks related to the activities and infrastructure of information technology. Unlike traditional
insurance policies, this type of insurance is not typically offered as a standard form of liability.

Cyber-insurance policies can provide coverage against various types of losses, such as data
destruction, theft, extortion, and hacking. They can also provide liability protection against the
damages caused by errors and omissions, as well as other risks, such as defamation and breach of
confidentiality. These policies additionally offer various benefits, such as regular security audits and
investigative expenses.

Advantages:-

Although the cyber-insurance market is relatively small in many countries, it can still have a
significant impact on the development and implementation of cyber threats. As a result, insurance
companies are still developing their services related to this type of insurance.

Due to the increasing number of cyber-losses and the changing nature of threats, many companies
are now purchasing insurance products alongside their existing IT security services. Although the
underwriting criteria for these products are still in development, many insurance companies are
working with IT security firms to develop their own products.

Aside from being able to improve the security of a company's information, cyber-insurance can also
help businesses recover from major losses following a security breach. This type of insurance can
provide a smooth funding mechanism for the recovery of the damages caused by a major loss.

In addition to being able to improve the security of a company's information, cyber-insurance can
also help businesses recover from major losses following a security breach. One of the side benefits
of this type of insurance is that it can require companies to participate in an IT security audit before
it can be offered. This process can help the insurance carrier identify the potential risks that a
company might face.

Before a company can purchase a cyber-insurance policy, it must complete an IT security audit,
which is a process that involves regularly reviewing the company's current security vulnerabilities.
This step can help prevent a potential cyber crime from happening.

Unlike traditional insurance policies, cyber-insurance can also be distributed fairly. This eliminates
the possibility of free-riding, as the premiums are usually commensurate with the expected loss.

Disadvantages:-

Due to the nature of information technology, it is typically required for companies to have a
separate product line that specifically deals with this aspect of their business. This is done through a
scoping exercise that excludes the damage and theft associated with modern technology.

According to Bruce Schneier, an insurance industry expert, the traditional model for assessing the
risks associated with information technology tends to follow the flood or fire model. However, due
to the increasing number of cyber-losses, the scope of cyber-insurance has been restricted to reduce
the risk to the insurance carrier.
Unfortunately, there is a lack of data regarding the types of events that can affect a company's
information technology business. Also, there is a lack of industry best practices related to the
classification of events.

Despite the lack of data regarding the various types of risks that can affect a company's information
technology business, the insurance industry still relies on sound actuarial data to determine the
value of its products. This is because the lack of these types of data can prevent the buyers from
achieving their goals.

According to Josephine Wolff, a cyber-insurance expert, the insurance industry has been ineffective
at preventing cybersecurity losses due to how it normalizes the payment of ransoms online. On the
other hand, the goal of cybersecurity is to reduce the profitability of ransomware by discouraging
the use of such payments.

CYBER SELF-DEFENCE

Cyber self-defense is a term used to describe the actions of individuals and organizations in response
to cyberattacks. While it usually refers to the cybersecurity measures taken by computer users, it can
also refer to the self-defense of entire organizations.

A surveillance self-defense technique is often associated with cyber self-defense. Both active and
passive measures can help defenders defend themselves against various threats. Organizations and
sectors are required to implement cyber security standards.

An organization can perform a penetration test or hire a third-party firm to audit its systems. Large
organizations can also carry out attacker-defending scenarios with a "red team" defending against an
attack, and a "blue team" defending against a different attack. The defenders, which include
programmers, system administrators, and threat hunters, are responsible for managing the various
aspects of an organization's information systems.

The members of a blue team are usually responsible for the various aspects of an organization's
information systems. They can also be targeted by social engineering attacks or security audits. A
physical security team might be tested for weaknesses, while an audit of the digital systems might
involve simulating the conditions for attackers.

The goal of a penetration test is to provide the attacker with all the necessary details about an
organization's systems. In white box tests, the attacker is given all the information about the client's
systems. On the other hand, in black box tests, the attacker is not given any information about the
client's systems.

Jeffrey Carr, a cybersecurity researcher, said that cyber self-defence can be compared to martial arts
due to how attackers can shrink their attack surface to reduce their chances of exploitation.

DATA SECURITY

A data security strategy is a set of measures that protect the digital information that a person or
organization collects. It involves protecting against unauthorized access and destruction of the data.
WHAT IS DIGITAL IDENTITY

Play video with this link

What is Identity and Access Management

https://youtu.be/IKxigcbhsGk

IDENTITY MANAGEMENT

The terms identity management and access management are often interchangeably used. IDM refers
to the process of managing an individual's identity, while access management is the process of
managing an individual's access to certain resources.

IdM provides a comprehensive view of the availability of resources across various technology
environments. It enables organizations to meet their compliance requirements and ensure that their
applications are secure.

A comprehensive identity and access management system helps organizations manage the access to
their various resources. It also ensures that employees are able to use them efficiently.

The concept of identity management, also known as IdAM, is a framework that aims to ensure that
the right people have the proper access to the technology resources of an organization. It involves
implementing policies and technologies that are designed to ensure that the right people have the
necessary access to these resources.

A comprehensive identity and access management system can be used to manage the various
activities of an organization's various entities, such as individuals, software applications, and
hardware.

IdM covers various issues related to the identity of an individual. These include how an individual
can gain access to the resources, the permissions that they are granted, and the technologies that
are designed to protect their identity.

INTERNET SAFETY

As the number of people using the internet continues to grow, governments and organizations are
concerned about the safety of teenagers and children. Over 45% of them have experienced some
form of cyber-harassment. To raise awareness about this issue, the Get Safe Online campaign was
launched in the UK in February. The campaign has received support from various Internet companies
and government agencies.

E-Safety or Internet safety is a process that aims to make sure that people are aware of the various
risks that they are taking when they use the internet. It involves protecting themselves from
computer crime and ensuring that their private information is secure.
INTERNET SECURITY

The branch of computer security that focuses on protecting the Internet, including browser security,
network security, and web site security, is known as Internet security. Its goal is to establish rules
and procedures to prevent attacks on the Internet. The channel is vulnerable to fraud and intrusion,
and there are numerous types of threats that can affect the exchange of information.

THE END.