INFS2701 W1 foundations of cybersecurity

security

being protected from risk of loss, damage, unwanted modification and hazards

information security

Protecting information and information systems from unauthorised access, use, disclosure, disruption, modification, or destruction

cybersecurity

range of practices, processes, and technologies intended to protect devices, networks, programs, and data from attacks and unauthorised access

protecting data + technologies which store data

data vs information

• Data = unprocessed, without context

• Information = processed data

difference between cybersecurity and information security

ACM

Association for Computing Machinery

Structure of cybersecurity discipline based on ACM

computing based but interdisciplinary field

• Non-technical elements filter down into the technical/done through the lens/context of Policy, Law, Ethics

• Technical elements = foundation

technical elements of cybersecurity

computer science + engineering

Information tech

information systems

software engineering

difference between IS and IT

• IS = Hardware + Software + Data + People + Procedures

• IT = Hardware + Software + Data 

social cybersecurity

• Emerging area in science to understand and forecast how cyber-security is changing people behaviour, social, cultural, political outcomes, and accordingly build cyber-infrastructure to protect society

Cyberbiosecurity/biocybersecurity:

new speciality to understand and mitigate new biological security risks emerging at the interface between biosecurity and cybersecurity

malicious insider threat

Someone who intentionally abuses their authorised access to cause harm.

Negligent Insider:

Someone who causes a security incident through carelessness or lack of awareness. 

professional insider

An insider who misuses access as part of their professional role, often while appearing legitimate.

compromised insider

A legitimate user whose account or credentials have been taken over by an external attacker.

threat: compromised intellectual property

piracy, copyright infringement

threat: deviations in quality of service

internet service provider

power

WAN service

threat: espionage or trespass

unauthorised access and/or data collection

threat: forces of nature

fire, floods, earthquakes, lightning

threat: human error or failure

accidents, employee mistakes

threat: information extortion

blackmail, information disclosure

threat: sabotage or vandalism

destruction of systems or information

threat: software attacks

viruses, worms, macros, denial of service

threat: technical hardware failures or errors

equipment failure

threat: technical software failures or errors

bugs, code problems, unknown loopholes

threat: technological obsolescence

antiquated or outdated technologies

threat: theft

illegal confiscation of equipment or information

non-technical elements

risk management

law + ethics + policy

human factors

criminology

psychology

business administration