PDF

Identification and Protection

  • Ethical Hacking: Introduction to ethical hacking with a focus on identification and protection.

Information Security vs Cyber Security

  • Cyber-security: Focuses on protecting networks and data from cyber threats.

  • Information Security: Broad concept that involves protecting information in various forms.

Offline Identity vs Online Identity

  • Offline Identity: The real-life persona presented in daily interactions (e.g., at home, school, work).

    • Includes personal details like full name, age, and address.

    • Importance of safeguarding offline identity to prevent identity theft.

  • Online Identity: The representation of oneself on the internet, including usernames and profiles.

    • Should limit personal information shared online to enhance security.

What is Cyber Security and Data

  • Cybersecurity Definition: Continuous effort to protect from digital attacks by securing networked systems.

  • Data Definition: Distinct pieces of information formatted in specific ways; includes raw data (unprocessed).

Company-wide Data Classification System

  • Categories of Data:

    • Public: Freely disclosed to the public.

    • Internal Only: Not meant for public disclosure.

    • Confidential: Sensitive information and internal reviews.

    • Restricted: Highly sensitive data that could impact financial or legal standings if compromised.

Types of Data in Regulatory and Compliance Frameworks

  • HIPAA: Outlines laws for the protection of health information.

General Data Protection Regulation (GDPR)

  • GDPR Overview: European regulation effective 2018.

    • Applies to businesses handling data of EU residents.

Risks, Threats, Vulnerabilities

  • Threat: Potential cause of an unwanted incident that can result in harm.

    • Types of threats include natural, intentional, and unintentional.

  • Vulnerability: A weakness that can be exploited by threats.

  • Risk: Intersection of assets, threats, and vulnerabilities; quantified as:

    • Risk = Asset + Threat + Vulnerability.

Types of Hackers

  • White Hat: Ethical hackers who use their skills for good.

  • Black Hat: Malicious hackers who violate laws and ethics.

  • Gray Hat: Operates between ethical and unethical hacking.

  • Hacktivist: Uses hacking to promote political agendas.

  • Insider Threats: Whistleblowers or disgruntled employees who misuse access to data.

Types of Malware

  • Malware Types:

    • Viruses: Self-replicating codes that infect systems.

      • Require hosts to spread.

    • Worms: Standalone malware that can self-replicate across networks.

    • Trojans: Malicious software disguised as legitimate.

    • Ransomware: Demands payment to restore access to data.

    • Spyware: Collects information stealthily without user consent.

    • Rootkits: Conceals the presence of certain processes or programs.

    • Scareware: Creates fear to prompt users to buy fake software.

Security Principles

  • The CIA Triad:

    • Confidentiality: Ensuring sensitive information is not accessed by unauthorized entities.

    • Integrity: Protecting information from unauthorized alteration.

    • Availability: Ensuring systems and data are accessible when needed.

Security Mechanisms

  • Authentication: Verifying the source or legitimacy of information.

  • Authorization: Determining what a user or process can do.

    • Access privileges granted affect levels of security.

  • Nonrepudiation: Ensuring the sender of data cannot deny their involvement.

Security Models Focus Areas

  • Focus on Confidentiality: Bell-LaPadula Model.

  • Focus on Integrity: Biba Model.

  • Focus on Conflict of Interest: Chinese Wall Model.

Security Classification Levels

  • Hierarchy of Security Classifications:

    • Top Secret: Highest level of trusted and confidential information.

    • Confidential: Sensitive, less than top secret.

    • Unclassified: Information freely shareable, no sensitive content.