Unit 6: Introduction to Cyber Security
Introduction to Cyber Security
Cyber security is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are often aimed at accessing, changing, or destroying sensitive information, extorting money, or disrupting normal business processes. Implementing effective cyber security measures is challenging because there are more devices than people, and attackers are becoming more innovative.
Basic Cyber Security Concepts
Cyber security includes a variety of concepts and measures designed to ensure the protection of data, systems, and networks. Key concepts include confidentiality, integrity, and availability (often known as the CIA triad):
- Confidentiality: Ensures that sensitive information is accessible only to those authorized to view it.
- Integrity: Assures the accuracy and reliability of data.
- Availability: Ensures that data and resources are accessible to authorized users when needed.
Layers of Security
Cyber security uses multiple layers to create a defense-in-depth approach to protect systems from attacks. These layers include:
- Physical Security: Controls access to hardware and equipment, using measures such as locks, security personnel, and surveillance cameras.
- Network Security: Protects networks from external threats using firewalls, intrusion detection systems, and other protective measures.
- Application Security: Involves securing applications to prevent unauthorized access and data leaks.
- Endpoint Security: Protects individual devices like computers, mobile phones, and IoT devices from malware and unauthorized access.
- Data Security: Encrypts and manages access to sensitive data to prevent leaks and unauthorized access.
Vulnerability, Threat, and Harmful Acts
Vulnerability
A vulnerability is a weakness in a system that could be exploited by a threat to gain unauthorized access or cause damage. Vulnerabilities can arise from various sources, including software bugs, misconfigurations, outdated hardware, and inadequate security policies.
Threat
A threat is any potential danger to information or systems. Threats can be intentional, such as hacking or cyber terrorism, or unintentional, such as human error or natural disasters.
Harmful Acts
Harmful acts are actions that exploit vulnerabilities and constitute security breaches. These include:
- Malware: Malicious software designed to harm, exploit, or otherwise compromise data and systems.
- Phishing: A form of social engineering where attackers impersonate trusted entities to deceive individuals into revealing sensitive information.
- Man-in-the-Middle (MIM) Attack: Occurs when an attacker intercepts and potentially alters communication between two parties without their knowledge.
- Denial-of-Service (DOS) Attack: An attack designed to make a network resource unavailable by overwhelming it with requests.
- SQL Injection: An attack that exploits a vulnerability in SQL databases, allowing attackers to manipulate and retrieve information from databases.
Internet Governance – Challenges and Constraints
Internet governance refers to the rules, policies, standards, and practices that coordinate and shape global cyberspace. Governance covers a broad range of issues from domain names to cyber laws.
Challenges and Constraints
- Jurisdiction Issues: Cyber activities can take place across borders, making it difficult to apply and enforce local laws.
- Privacy Concerns: Ensuring privacy while implementing effective security measures is a constant challenge.
- Lack of Uniform Laws: There is a lack of consistent cyber security laws across different countries, which hinders cohesive enforcement.
- Rapid Technology Advancement: The fast pace of technological change can outstrip legal and regulatory frameworks, leaving gaps in security.
Computer Criminals
Computer criminals, or cybercriminals, are individuals or groups who engage in illegal activities through the use of computers. Types of computer criminals include:
- Hackers: People who break into systems for various reasons, including theft, exploitation, or even for the thrill of the challenge.
- Insiders: Employees or contractors who misuse their access to exploit or damage a company’s data or systems.
- Hacktivists: Individuals or groups who hack for political or social causes.
- Cyber Terrorists: Attackers who seek to cause damage to nations or organizations, often for ideological reasons.
- Cyber Espionage Agents: Those who spy on governments or corporations to steal sensitive information.
Assets and Threats
Assets are valuable elements within an organization, including data, networks, devices, and intellectual property, that must be protected from threats.
Threats to Assets
- Malicious Attacks: Such as hacking, malware, and ransomware that target systems for various forms of exploitation.
- Human Error: Mistakes like misconfiguration, accidental data deletion, or weak passwords can also pose serious risks.
- Natural Disasters: Events such as fires, floods, or earthquakes that can physically damage IT infrastructure.
- System Failures: Hardware or software failures that may lead to loss of data or availability.
Motive of Attackers
The motives behind cyber attacks vary widely and can include:
- Financial Gain: Many attackers seek to steal or extort money by exploiting vulnerabilities or stealing financial data.
- Political Goals: Some attackers, such as hacktivists, act on behalf of political or social causes.
- Intellectual Property Theft: Attackers may seek to gain competitive advantage by stealing proprietary information.
- Revenge or Retaliation: Disgruntled employees or insiders may launch attacks to retaliate against their organizations.
Types of Cyber Threats
Cyber Warfare
Cyber warfare involves government-sponsored attacks aimed at damaging another nation’s infrastructure, such as power grids, military systems, or financial networks. It is typically part of broader political or military strategy.
Cyber Crime
Cyber crime is illegal activity carried out for profit, and it includes identity theft, financial fraud, and extortion schemes.
Cyber Stalking
Cyber stalking is the use of digital communication to harass or intimidate an individual. This can range from sending threatening messages to tracking an individual’s online activity.
Cyber Terrorism
Cyber terrorism involves using the internet to conduct violent activities that result in or threaten significant harm. It is often politically motivated and targets essential infrastructure.
Cyber Espionage
Cyber espionage is the act of spying to obtain sensitive information from a government or corporation, often to gain an advantage in political or economic matters.
Comprehensive Cyber Security Policy
A cyber security policy is a formal set of rules and procedures designed to protect an organization’s assets from cyber threats. An effective policy addresses various aspects of security, including data protection, access control, incident response, and employee awareness.
Key Components of a Cyber Security Policy
- Access Control: Defines who has access to what resources, with specific roles and permissions.
- Data Protection: Establishes protocols for encrypting and managing data to ensure confidentiality and integrity.
- Incident Response: Outlines procedures for responding to and recovering from security incidents.
- Employee Awareness and Training: Ensures that all personnel are educated about security best practices and potential threats.
- Compliance and Legal Requirements: Ensures adherence to relevant laws and regulations to avoid legal consequences.
- Risk Management: Defines strategies for identifying, assessing, and mitigating security risks.
Developing a Cyber Security Policy
- Identify Assets: Determine the organization’s critical data and systems that need protection.
- Conduct a Risk Assessment: Assess potential vulnerabilities and threats to assets.
- Define Roles and Responsibilities: Assign specific security duties to personnel, establishing clear responsibilities.
- Implement Security Controls: Establish and implement security measures based on risk assessment.
- Regular Monitoring and Review: Continuously monitor systems for threats and review the policy periodically to ensure it remains effective.
Benefits of a Cyber Security Policy
- Minimized Security Incidents: Reduces the likelihood of breaches and attacks by enforcing preventive measures.
- Enhanced Compliance: Helps organizations stay compliant with legal requirements.
- Improved Incident Response: Establishes a clear plan for dealing with security incidents, minimizing damage.
- Protection of Reputation: Protects the organization’s reputation by preventing data breaches and misuse of sensitive information.