MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

UNIT-I

Introduction to Cyber Security

Basics cyber security concepts:

Cyber Security is referred to the security offered through online services to protect the online
information.
With an increasing amount of people getting connected to the Internet, the security threats are also
massively increasing.

Cyber Security:
It is the body of technologies, processes and practices designed to protect networks, devices,
programs and data from attack, theft, damage, modification or unauthorized access. It is also called as
Information Technology Security.
OR
Cyber Security is the setoff principles and practices designed to protect the computing resources
and online information against threats.
Understanding Cyber Security:

CYBER SECURITY Page 1

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

Security Problems & Maintaining Security in Cyber field:

Viruses & Worms:

A virus is a program that is loaded into the computer without user’s knowledge and runs against
the user’s wish.

Maintenance:
Install a security suite that protects the computer against threats such as viruses and worms. (eg.,
Antivirus)

Hackers:
A hacker is a person who uses computers to gain unauthorized access to data.

Types of Hackers:
 Black Hat Hackers: (Unethical Hacker or Security Cracker)
These people hack the system illegally to steal money or to achieve their own illegal goals.
They find the banks or organization with weak security and steal money or credit card
information, they can also modifyor destroyconfidential data.
 White Hat Hackers: (Ethical Hacker or Penetration Tester)
These people use the same technique used by the black hat hackers, but they can only hack
the system that theyhave permission to hack inorder to test the securityof the system.
They focus on securing and protecting IT System. White Hat Hacker is legal.
 Grey Hat Hackers:
Grey Hat Hackers are hybrid of Black hat hackers & White hat hackers
They can hack any system even if they don’t have permission to test the security of the
system but theywill never steal money or damage the system.
Maintenance:
It may be impossible to prevent computer hacking, however effective security controls including
strong passwords and the use of firewalls.

Malware: (MALicious softWARE)

Malware is any software that infects and damages a computer system without the owner’s knowledge
or permission.

Maintenance:
Download an anti-malware program that also helps prevent infection. Activate network protection
firewall, antivirus.

Trojan Horse:
Trojan horse are email viruses that can duplicate themselves, steal information or harm the computer
system. These viruses are the most serious threats to computers.
Maintenance:
Securitysuits such as Avast Internet Security, which will prevent from downloading Trojan Horses.

CYBER SECURITY Page 2

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

Password Cracking:
Password attacks are attacks by hackers that are able to determine passwords or find passwords to
different protected electronic areas and social network sites.

Maintenance:
Use always strong password. Never use same password for two different sites.

CYBER SECURITY Page 3

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

LAYERS OF SECURITY

The 7 layers of cyber securityshould center on the mission critical assets.

1. Mission Critical Assets: This is the data which need to be protected.

2. Data Security: It protects the storage and transfer of data.
3. Application Security: It protects access to an application which handles the mission
critical assets and internal securityof the application.
4. Endpoint Security: It protects the connection between devices and the network.
5. Network Security: It protects an organization’s network to prevent unauthorized access of
the network.
6. Perimeter Security: It includes both the physical and digital security methodologies that
protect the overall business.
7. The Human Layer: Humans are the weakest link in any cyber security posture. Human
security control includes phishing simulations and access management control that protect
mission critical assets from a wide variety of human threats, including cyber criminals,
malicious insiders and negligent users.

Vulnerability, Threats and Harmful Acts:

Vulnerabilities are the gaps or weaknesses in a system that make threats possible and tempt
threat actors to exploit them.

Types of vulnerabilities in network security:

SQL injections,
Server misconfigurations,

CYBER SECURITY Page 4

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

Cross-site scripting, and Transmitting sensitive data in a non- encrypted plain text format.
Cyber threats are security incidents or circumstances with the potential to have a negative
outcome for your network or other data management systems.
Examples:
Phishing attacks that result in the installation of malware that infects your data, failure of a staff
member to follow data protection protocols that cause a data breach, or even a tornado that takes
down your company’s data headquarters, disrupting access. Vulnerabilities is not risk without a
threat exploiting it. Threat is not a risk without a vulnerabilityto be exploited.

Internet Governance – Challenges and Constraints:

Internet Governance is defined as the development and application by Government. The private
sector and civil sector in their respective roles of shared principles, norms, rules, decision making
procedures and programs that shape the evolution and use of the Internet.
The definition developed by the Working Group of Internet Governance (WGIG) dates back to
2005, and has remained unchanged ever since then and is now a complex system involving a
multitude of issues, actors, mechanisms, procedures and instruments.

Internet Governance Actors:

According to the definition, there is no single organization incharge of the Internet but various
stakeholders – Governments, Inter Governmental Organizations, the private sector, the technical
community and Civil Society share roles and responsibilities in shaping the evolution and use of this
network.
There are multiple actors which are involved in one wayor another in the governance of Internet.
1. Internet Corporation for Assigned Names and Numbers (ICANN)
2. Internet Engineering Task Force (IETF)
3. International Telecommunication Union (ITU)
4. World Intellectual Property Organization (WIPO)
5. Internet Governance Forum (IGF)

Computer Criminals:
Computer crimes have quickly become one of the fastest rising forms of modern crime. According to
cyber experts, approx., 1 million potential cyber-attacks are attempted per day.
Types of Cyber Criminals:
Cyber criminals are also known as hackers. Hackers are extremely difficult to identify on both
individual and group level, due to their various security measures.

CYBER SECURITY Page 5

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

Cyber Security expert assert that Cyber Criminals are using more ruthless methods to achieve their
objectives and the proficiency of attacks are expected to advance as they continue to develop new
methods of cyber-attacks.

Identity Thieves:
Identity thieves are cyber criminals who try to gain access to their victim’s personal
information. They use their information to make financial transaction while impersonating their
victims. Identitytheft is one of the oldest cybercrime.

Internet Stalkers:
Internet Stalkers are individuals who maliciously monitor the online activity of their victims
to acquire personal information.
This form of cybercrime is conducted through the use of social networking platforms and
malware, which are able to track an individual’s computer activity with very little detection.
Businesses should be aware of Internet Stalkers.
Phishing Scammers:
Phishing are cyber criminals who attempt to get hold of personal or sensitive information
through victim’s computer.
This is often done via phishing websites that are designed to copycat small business,
corporate or government websites.
Once such information is obtained, phishers either use the information themselves for
identity fraud scams or sell it in the dark web.
Cyber Terrorists:
Cyber Terrorism is a well-developed politically inspired cyber-attack in which the cyber
criminal attempts to steal data or corrupt corporate or Government computer systems and networks
resulting in harm to countries, business, organizations and even individuals.
The key difference between an act of cyber terrorism and a regular cyber-attack is that
within an attack of cyber terrorism, hackers are politically motivated as opposed to just seeking
financial gain.

CIA Triad
The CIA Triad is actually a security model that has been developed to help people think about
various parts of IT security.

CIA triad broken down:

Confidentiality:

CYBER SECURITY Page 6

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

Protecting confidentiality is dependent on being able to define and enforce certain access levels
for information. This process involves separating information into various collections that are
organized by authorized user, who needs to access the information and how sensitive that
information actually is - i.e. the amount of damage suffered if the confidentialitywas breached.
 Standard measures to establish confidentiality include:
Data Encryption
Two-factor authentication
Biometric Verification
Security Tokens.

Integrity

This is an essential component of the CIA Triad and designed to protect data from deletion or
modification from any unauthorized party, and it ensures that when an authorized person makes a
change that should not have been made the damage can be reversed.

 Standard measures to guarantee Integrity include:

Cryptographychecksums
Using file permissions
Uninterrupted power supplies
Data backups.
Availability

This is the final component of the CIA Triad and refers to the actual availability of your data.
Authentication mechanisms, access channels and systems all have to work properly for the
information they protect and ensure it's available when it is needed.
 Standard measures to guarantee Availability include:
Backing up data to external drives
Implementing firewalls
Having backup power supplies
Data redundancy

Assets and Threat

An asset is any data, device or other component of an organization’s systems that is

valuable – often because it contains sensitive data or can be used to access such information.
For example: An employee’s desktop computer, laptop or company phone would be
considered an asset, as would applications on those devices. Likewise, critical infrastructure,
such as servers and support systems, are assets. An organization’s most common assets are

CYBER SECURITY Page 7

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

information assets. These are things such as databases and physical files – i.e. the sensitive
data that you store
A threat is any incident that could negatively affect an asset – for example, if it’s lost,
knocked offline or accessed by an unauthorized party.

 Threats can be categorized as circumstances that compromise the confidentiality, integrity

or availabilityof an asset, and can either be intentional or accidental.
 Intentional threats include things such as criminal hacking or a malicious insider stealing
information, whereas accidental threats generally involve employee error, a technical
malfunction or an event that causes physical damage, such as a fire or natural disaster.

Motive of Attackers

The categories of cyber-attackers enable us to better understand the attackers' motivations

and the actions they take. As shown in Figure, operational cyber security risks arise from
three types of actions:
i) inadvertent actions (generally by insiders) that are taken without malicious or harmful
intent;
ii) deliberate actions (by insiders or outsiders) that are taken intentionally and are meant
to do harm; and
iii) inaction (generally by insiders), such as a failure to act in a given situation, either
because of a lack of appropriate skills, knowledge, guidance, or availability of the

Correct person to take action Of primary concern here are deliberate actions, of which there are
three categories ofmotivation.

1. Political motivations: examples include destroying, disrupting, or taking control of

targets; espionage; and making political statements, protests, or retaliatoryactions.
2. Economic motivations: examples include theft of intellectual property or other
economically valuable assets (e.g., funds, credit card information); fraud; industrial
espionage and sabotage; and blackmail.
3. Socio-cultural motivations: examples include attacks with philosophical, theological,
political, and even humanitarian goals. Socio-cultural motivations also include fun,
curiosity, and a desire for publicityor ego gratification.

CYBER SECURITY Page 8

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

CYBER SECURITY Page 9

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to

alter computer code, logic or data and lead to cybercrimes, such as information and identity
theft.
Cyber-attacks can be classified into the following categories:
1) Web-based attacks
2) System-based attacks
Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows-
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic to the attackers computer or any other computer. The DNS spoofing attacks can go on
for a long period of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthyentity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.

CYBER SECURITY Page 10

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in request per
second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get
original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.
9. File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of
the include functionality.
10. Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert
and modify the data in the intercepted connection.

System-based attacks
These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-
2. Virus
It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.

CYBER SECURITY Page 11

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

3. Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected
computers. It works same as the computer virus. Worms often originate from email
attachments that appear to be from trusted senders.
4. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will run
in the background.
5. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.
6. Bots
A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they
receive specific input. Common examples of bots program are the crawler, chatroom bots,
and malicious bots.
Active attacks: An active attack is a network exploit in which a hacker attempts to make
changes to data on the target or data en route to the target.
Types of Active attacks:

Masquerade: in this attack, the intruder pretends to be a particular user of a system to gain
access or to gain greater privileges than they are authorized for. A masquerade may be
attempted through the use of stolen login IDs and passwords, through finding security gaps in
programs or through bypassing the authentication mechanism.
Session replay: In this type of attack, a hacker steals an authorized user’s log in information
by stealing the session ID. The intruder gains access and the ability to do anything the
authorized user can do on the website.
Message modification: In this attack, an intruder alters packet header addresses to direct a
message to a different destination or modify the data on a target machine.
In a denial of service (DoS) attack, users are deprived of access to a network or web
resource. This is generally accomplished by overwhelming the target with more traffic than it
can handle.
In a distributed denial-of-service (DDoS) exploit, large numbers of compromised systems

CYBER SECURITY Page 12

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

(sometimes called a botnet or zombie army) attack a single target.

Passive Attacks:Passive attacks are relatively scarce from a classification perspective, but
can be carried out with relative ease, particularly if the traffic is not encrypted.

Types of Passive attacks:

Eavesdropping (tapping): the attacker simply listens to messages exchanged by two entities.
For the attack to be useful, the traffic must not be encrypted. Any unencrypted information,
such as a password sent in response to an HTTP request, may be retrieved by the attacker.
Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to deduce
information relating to the exchange and the participating entities, e.g. the form of the
exchanged traffic (rate, duration, etc.). In the cases where encrypted data are used, traffic
analysis can also lead to attacks by cryptanalysis, whereby the attacker may obtain
information or succeed in unencrypting the traffic.
Software Attacks:
Malicious code (sometimes called malware) is a type of software designed to take over or
damage a computer user's operating system, without the user'sknowledge or approval. It can
be very difficult to remove and very damaging. Commonmalware examples are listed in the
following table:

Attack Characteristics
Virus A virus is a programthat attempts to damage a computer system and replicate itself
to other computer systems. A virus:

 Requires a host to replicate and usually attaches itself to a host file or a

hard drive sector.
 Replicates each time the host is used.
 Often focuses on destruction or corruption of data.
 Usuallyattaches to files with execution capabilities such as .doc, .exe, and
.bat extensions.
 Often distributes via e-mail. Many viruses can e-mail themselves to
everyone in your address book.
 Examples: Stoned, Michelangelo, Melissa, I Love You.

CYBER SECURITY Page 13

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

Worm A worm is a self-replicating program that can be designed to do any number of

things, such as delete files or send documents via e-mail. A worm can negatively
impact network traffic just in the process ofreplicating itself. A worm:

 Can install a backdoor in the infected computer.

 Is usually introduced into the system through a vulnerability.
 Infects one system and spreads to other systems on the network.
 Example: Code Red.

Trojan A Trojan horse is a malicious program that is disguised as legitimate software.

horse Discretionary environments are often more vulnerable and susceptible to Trojan
horse attacks because security is user focused and user directed. Thus the
compromise of a user account could lead to the compromise of the entire
environment. A Trojan horse:

 Cannot replicate itself.

 Often contains spying functions (such as a packet sniffer) or backdoor
functions that allow a computer to be remotely controlled from the
network.
 Often is hidden in useful software such as screen savers or games.
 Example: Back Orifice, Net Bus, Whack-a-Mole.

Logic A Logic Bomb is malware that lies dormant until triggered. A logic bomb is a
Bomb specific example of an asynchronous attack.

 A trigger activity may be a specific date and time, the launching of a

specific program, or the processing of a specific type of activity.
 Logic bombs do not self-replicate.

CYBER SECURITY Page 14

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

Hardware Attacks:
Common hardware attacks include:
 Manufacturing backdoors, for malware or other penetrative purposes; backdoors
aren’t limited to software and hardware, but they also affect embedded radio-
frequency identification (RFID) chips and memory
 Eavesdropping by gaining access to protected memory without opening other
hardware
 Inducing faults, causing the interruption of normal behavior
 Hardware modification tampering with invasive operations
 Backdoor creation; the presence of hidden methods for bypassing normal computer
authentication systems
 Counterfeiting product assets that can produce extraordinary operations and those
made to gain malicious access to systems.
Spectrum of attacks:
Types of spectrum
Anxiety, stress, and dissociation. Several types of spectrum are in use in these areas.
Obsessions and compulsions. An obsessive–compulsive spectrum – this can include a Wide
range of disorders.
General developmental disorders. An autistic spectrum – in its simplest form this Joins
together autism and Asperger.
Psychosis. The schizophrenia spectrum or psychotic spectrum – there are numerouspsychotic
spectrum disorders
Taxonomy of various attacks
The purpose of the Cyber Attacks section is to provide a general overview regarding cyber
attacks, and to show some pragmatic ways to classify them and organize them via taxonomies.
Cyber attack: An offensive action by a malicious actor that is intended to undermine the
functions of networked computers and their related resources, including unauthorized access,
unapproved changes, and malicious destruction. Examples of cyber attacks include Distributed
Denial of Service (DDoS) and Man-in-the- Middle (MITM) attacks.
The terms cyber attack, cyber threat, and cyber risk are interrelated as follows. A cyber attack is
an offensive action, whereas a cyber threat is the possibility that a particular attack may occur,
and the cyber risk associated with the subject threat estimates the probability of potential losses
that may result.

CYBER SECURITY Page 15

MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY IT

For example, a Distributed Denial of Service (DDoS) cyber attack by a botnet is a cyber threat
for many enterprises with online retail websites, where the
associated cyber risk is a function of lost revenues due to website downtime and the
probability that a DDoS cyber attack will occur.
Cyber Attack Malware Taxonomy

MALW REQUI SELF- APPEAR CAN CAN CAN

ARE RES SPREAD S CARR COMM ATTAC
TYPE HOST ING? LEGITIM Y O K OS
FILE ATE HARM WITH KERNE
TO (HARML FUL COMM L &
INFEC ESS)? PAYLO AND & FIRMW
T? AD? CONTR ARE?
OL
SERVE
R?

Virus A A N/A A N/A A

Worm A A N/A A N/A A

Trojan A A A A N/A A

Bots/Botne N/A N/A N/A A A A

t

Spyware A A N/A A A A

Rootkit N/A N/A N/A A N/A A

Blended A A A A A A
Threat

IP Spoofing:
IP spoofing is the creation of Internet Protocol (IP) packets which have a modified source address
in order to either hide the identity of the sender, to impersonate another computer system, or both.
It is a technique often used by bad actors to invoke DDoS attacks against a target device or the
surrounding infrastructure.
Sending and receiving IP packets is a primary way in which networked computers and other
devices communicate, and constitutes the basis of the modern internet. All IPpackets contain a
header which precedes the body of the packet and contains important routing information,

CYBER SECURITY Page 16

 Unit - 1

IP Spoofing :
IP spoofing is a technique where an attacker sends data packets on a network
with a fake source IP address. This means the attacker can hide their identity and
pretend to be another device or person on the network. IP spoofing is often used
in cyber attacks, especially DDoS (Distributed Denial of Service) attacks, to make
the attack harder to trace and stop.

Here's a simpler explanation of how IP spoofing works and why it’s a problem:

- **What happens in IP spoofing**: In a normal network communication, data

packets contain information about the sender's IP address. In IP spoofing, the
attacker changes the source IP address in the packets they send, making it look
like the packets come from a different, often legitimate source.

- **Why attackers use IP spoofing**: By hiding their real IP address, attackers

can avoid being identified or blocked. They might also want to confuse the target,
making them think the attack is coming from somewhere else.

- **DDoS attacks**: In a DDoS attack, attackers use many devices to send a huge
amount of traffic to a target, making it slow or crash. By spoofing IP addresses,
they can prevent the target from easily identifying and blocking the malicious
traffic.

- **Amplification attacks**: IP spoofing can also be used to trick other servers

into sending large amounts of data to a victim. This is known as an amplification
attack.
To protect against IP spoofing, network operators can use measures like:

- **Ingress filtering**: Checking incoming packets to see if the source IP matches

the expected origin. If not, the packet can be rejected.

- **Egress filtering**: Checking outgoing packets to make sure they have

legitimate source IP addresses, preventing someone within the network from
launching attacks.

By using these filtering techniques, networks can help stop spoofed packets and
protect against various types of attacks.

Methods Of Defence
When it comes to protecting against computer-based crime and ensuring the
security of our systems, there are several strategies we can use to prevent, detect,
and recover from attacks:

1. **Prevent**:
- **Block the attack**: This involves using firewalls, antivirus software, and
other security measures to stop threats before they can cause harm.
- **Close vulnerabilities**: This means keeping software up-to-date with
patches and fixes to address known weaknesses.

2. **Deter**:
- **Make attacks harder**: By strengthening security measures, we can make
it more difficult and time-consuming for attackers to succeed.

3. **Deflect**:
- **Make other targets more attractive**: Sometimes, we can shift attackers'
focus away from critical systems by making them less appealing targets.
4. **Detect**:
- **Spot attacks as they happen**: Tools like intrusion detection systems can
monitor for signs of an attack and alert us quickly.
- **Notice attacks after the fact**: Auditing and log analysis can help us find
evidence of past attacks, even if they weren't detected in real-time.

5. **Recover**:
- **Fix problems and restore systems**: After an attack, we need to repair any
damage, such as restoring data from backups and patching vulnerabilities.

By using a combination of these methods, we can enhance our cybersecurity and

reduce the risks of harm from attacks.

Security Models
The Cyber Security Model (CSM) is a set of guidelines created by the UK Ministry
of Defence (MOD) as part of the Defence Cyber Protection Partnership (DCPP) to
improve cybersecurity for the defense sector and its suppliers. The CSM, a joint
effort between the MOD and industry, ensures suppliers manage cybersecurity
risks properly and protect the MOD’s sensitive information. It builds on the
Government’s Cyber Essentials scheme but goes further by including additional
controls and broader cybersecurity aspects like governance and risk management.
Since 2016, suppliers handling sensitive MOD information must have at least
Cyber Essentials certification, with more stringent measures required for higher-
risk contracts.

Risk Management
Cyber Security Risk Management

Risk management refers to the process of identifying, assessing, and controlling

threats to a company’s finances. These risks or threats could come from a number
of sources including legal liabilities, strategic management mistakes, accidents,
and natural disasters. As we move toward an increasingly digital way of life, cyber
security introduces additional risks that have to be managed appropriately.

It’s possible to invest in various types of insurance to protect physical assets from
losses, but digital data isn’t tangible – and therefore isn’t covered under these
kinds of policies.

Cyber security risk management relies on user education, strategy, and technology
to protect an organization against attacks that could compromise systems, allow
data to be stolen, and ultimately damage the company’s reputation. The rate of
cyber attacks continues to grow both in terms of volume and severity. As such,
businesses who want to protect themselves to the best of their ability must begin
focusing efforts on cyber security risk management.

Cybersecurity Risk Management Process

You want to begin the process by starting with a cyber security framework that’s
been developed from each area of your business to determine what your desired
risk posture should be.

It’s a good idea to use technology that can help you find and map data across the
organization. Once the data is mapped, you’ll be able to make better decisions on
how the data is governed and reduce your risk. For instance, even with training
and strong security culture, it’s possible for sensitive information to leave a
company by accident. Leaving data stored in hidden rows across spreadsheets or
included in notes within employee presentations or email threads leaves room for
accidental data leakage.

By scanning the company for sensitive data at rest and then removing any of that
data stored where it does not belong, you greatly reduce the risk of accidental data
loss.
Use the Community Maturity Model:
- Initial: This is the starting point for using a new or undocumented repeat
process.
- Repeatable: At this stage, the process is documented well enough that
repeating the same steps can be attempted.
- Defined: At this level, the process has been defined and is confirmed as a
standard business process.
- Managed: At this level, the process is quantitatively managed according to the
agreed-upon metrics.
- Optimizing: At the final stage, the process management includes deliberate
actions to optimize and improve it.

Once you’ve determined the desired risk posture, take a look at your existing
technology infrastructure to set the baseline for the current risk posture, then
determine what must be done to move from the current state to the desired state.

As long as your organization is taking proactive steps to understand all the

potential risks, you decrease the likelihood of running into a security incident that
could hurt the company.

A vital part of the risk management process is to conduct a risk and reward
calculation. This helps prioritize security enhancements that will give you the
greatest improvements at the lowest cost. Some companies may be comfortable
with 99% of all security upgrades being made but others, especially those in highly
regulated industries, will want to be closer to 100%. Because of this, there should
be incremental steps and goals such as a 5% improvement achieved within 6
months, that can be measured to determine if the company is making progress
toward its final goal.

That said, even small security vulnerabilities can lead to massive losses if systems
are connected in a way that allows access to an unimportant area to bridge entry
into systems that contain sensitive data.
The only way to ensure a system is fully secure is to make sure no one can access
it – which isn’t practical. The more you lock down a system, the harder it becomes
for authorized personnel to conduct business as usual. If authorized users
determine they cannot access the data they need to perform their jobs, they may
look for workarounds that could easily result in compromised systems.

Mitigating Security Risks

So you will never be able to eliminate all cyber threats and security risks, there are
a number of precautions you can take to mitigate risks when it comes to
cybersecurity. Among these are the option to:
- Limit devices with internet access.
- Limit the number of staff members with administrator credentials and control the
rights for each administrator.
- Limit administrative rights.
- Use antivirus programs and endpoint security.
- Require users to implement two-factor authentication to gain access to certain
files and systems.
- Install network access controls.
- Allow automatic updates and patches for operating systems.
- Place limits on older operating systems.
- Use firewalls.

To take risk mitigation a step further, your organization may also want to consider
advanced encryption, redaction, and element-level security. Advanced encryption
must be implemented systematically and strategically to protect data from
cybercriminals and insider threats. This includes standards-based cryptography,
advanced key management, granular role-based access, and separation of duties,
as well as algorithms that drastically decrease exposure.

Data encryption can help protect against outside breaches, but it doesn’t do much
to prevent internal data theft. Employees with access to sensitive data will have
the credentials needed to decrypt it as part of their daily work, so organizations
must also take action to prevent that data from being removed from the corporate
system through flash drives and other removable media.

Redaction creates a balance between data protection and the ability to share it.
With redaction, companies can share the information they need to share with
minimal effort by hiding sensitive information such as names, social security
numbers, addresses, and more.

Redaction is an important part of data security, but companies need to be able to

do it at the property level based on employee roles. Companies also need to be
able to implement custom and out-of-the-box rules as necessary. With purchase
control, user permission can be controlled at a highly granular level and should go
a long way toward preventing accounts payable fraud.

Cyber Threats :

Cyber warfare involves the use of digital attacks such as computer viruses and
hacking by one nation or international organization to disrupt the critical computer
systems of another nation. The goal is to cause damage, destruction, and
potentially even death. In future conflicts, hackers will use computer code to target
an enemy's infrastructure alongside traditional military forces using weapons like
guns and missiles. This form of warfare can include actions such as deploying
computer viruses or carrying out denial-of-service attacks to harm another
country's computers or information networks.

Cyber Crime
**Cybercrime**: Cybercrime refers to criminal activities that target or use
computers, networks, or connected devices. It is committed by cybercriminals or
hackers, often for financial gain, and can involve individuals or organized groups.
While some cybercriminals use sophisticated methods and possess high technical
skills, others may be less experienced hackers.

**Cyber Terrorism**: Cyber terrorism involves combining cyberspace and

terrorism to carry out illegal attacks or threats against computers, networks, and
stored information. These actions aim to intimidate or coerce a government or its
people for political or social purposes. Examples include hacking systems,
spreading viruses, defacing websites, launching denial-of-service attacks, or
making terroristic threats via electronic communication.

**Cyber Espionage**: Cyber espionage, also known as cyber spying, involves

secretly obtaining secrets and information from individuals, competitors, groups,
governments, or enemies without their knowledge or permission. This practice
aims to gain personal, economic, political, or military advantages using online
methods.