Cybersecurity Notes

Need for Cybersecurity

  • Risks, threats, and vulnerabilities
  • Mitigation tools and strategies
  • Digital forensics
  • Cloud
  • Commercial law
  • Cybersecurity
  • New trends

Risks

  • The potential for loss, damage, or destruction of assets because of a threat exploiting a vulnerability.
  • Real-Life Examples of Security Risks
    • Data breaches exposing sensitive customer data
    • Financial loss from ransomware attacks
    • Reputational damage due to service outages or leaked data

Threats

  • A potential event, actor, or condition that can cause harm by exploiting a vulnerability in systems, networks, or people.
  • Types of Threats
    • Hackers, Cybercriminals, nation-state actors
    • Malware (Viruses, worms, ransomware)
    • Phishing and Engineering Attacks
    • Natural Disasters

Vulnerabilities

  • A vulnerability is a weakness or flaw in a system, process, or human behavior that can be exploited by a threat to cause harm.
  • Types of Vulnerabilities
    • Unpatched software or outdated systems
    • Weak passwords and poor authentication
    • Misconfigured servers, firewalls or cloud services
    • Unsecured devices or network equipment
    • Inadequate physical access controls
    • Lack of security awareness training

Mitigation Tools and Strategies

  • Mitigation is the process of reducing the likelihood or impact of security incidents
  • Importance of Mitigation
    • Minimize risk exposure
    • Protect organizational asserts
    • Ensure business continuity
    • Prevent attacks before they occur
    • Detect threats as early as possible
    • Respond quickly to incidents

Mitigation Tools

  • Firewalls – Block unauthorized network access
  • Antivirus and Antimalware – Detect and remove malicious software
  • Encryption –Protects sensitive data in transit and at rest
  • Patch management –Regularly update software to fix vulnerabilities
  • MFA – Adds extra verification layers

Detection Tools

  • Intrusion Detection Systems – Monitor and Alert on suspicious activities (SNORT, ZEEK)
  • Intrusion Prevention Systems – Actively block identified threats (CISCO NGIPS, Cynet)
  • SIEM (security information and Event management ) – Aggregate and Analyze security logs (IBM)

Response Strategies

  • Incident Response Plan
  • Backup and Recovery
  • Disaster Recovery Plan
  • User Awareness Training

Digital Forensics

  • Digital forensics is the process of identifying, preserving, analyzing, and presenting electronic evidence in a legally acceptable manner.
  • When is it Used
    • Investigate cybercrimes
    • Support legal proceedings
    • Protect organizations from internal and external threats

Key Stages of Digital Forensics

  • Identification of Evidence
  • Collection
  • Preservation
  • Examination and Analysis
  • Documentation and Reporting

Tools and Techniques

  • EnCase, FTK(Forensic Toolkit), Autopsy, X-Ways, Volatility
  • Techniques
    • Disk imaging and Cloning
    • File carving and Recovery
    • Memory and Network Analysis
    • Log analysis

Challenges in Digital Forensics

  • Large Data Volumes
  • Encrypted or Hidden Files
  • Cloud and Remote Systems
  • Anti-Forensics Techniques used by attackers
  • Maintaining Chain of Custody

Best Practices

  • Always follow chain of custody procedures
  • Use write blockers when imaging storage devices
  • Document every action and tool used
  • Validate findings with multiple tools
  • Stay updated on new technologies and threats

Real-Life Example

  • Insider data theft at a company
    • Identification: Alert triggered on large data download
    • Preservation: Isolate suspect’s workstation
    • Collection: Image the hard drive, collect network logs
    • Analysis: Recover deleted files, check access logs
    • Reporting: Document evidence, support legal action

Cloud Computing

  • Cloud computing is the delivery of computing services (servers, storage, databases, networking, software) over the internet on demand
    • On-demand access
    • Scalability
    • Pay-as-you-go-pricing
    • Access from anywhere

Types of Cloud Services

  • Infrastructure as a Service (IaaS): Virtual servers, storage, networks (e.g., AWS EC2, Azure VMs)
  • Platform as a Service (PaaS): Tools for developers to build applications (e.g., Google App Engine, Heroku)
  • Software as a Service (SaaS): Applications delivered over the internet (e.g., Gmail, Microsoft 365)

Benefits of Cloud

  • Cost savings (no need to maintain physical servers)
  • Flexibility and scalability
  • Automatic software updates and maintenance
  • Remote work and collaboration support
  • Stronger disaster recovery and backup options

Commercial Law

  • Commercial law is the body of law that governs business and commercial transactions.
  • Regulate how businesses interact with each other, customers and government
  • Key Focus
    • Contracts
    • Sales of goods and services
    • Agency and employment law
    • Intellectual property rights
    • Competition and antitrust laws

Commercial Law

  • Contract law → governed by common law and the Consumer Protection Act
  • Sale of goods → Sale of Goods Act 68 of 1891
  • Companies law → Companies Act 71 of 2008
  • Competition law → Competition Act 89 of 1998
  • Labor law → Basic Conditions of Employment Act 75 of 1997

New Trends In Cybersecurity (2025)

  • AI and Machine Learning in Security
    • Automating threat detection and response
    • Predicting attack patterns
  • Zero Trust Architecture
    • “Never trust, always verify” — strict identity and access control
  • Cloud Security Advances
    • Focus on protecting cloud-native applications and data
    • Shared responsibility between cloud providers and clients
  • Extended Detection and Response (XDR)
    • Integrating tools across endpoints, networks, and cloud for unified defense