In-Depth Notes on Cyber Security

Cyber Security Context
- Week 02 lecture focuses on understanding the cyber security landscape.
Class Housekeeping
- Phones should be on silent to minimize disruptions.
- Be considerate—no talking during the session.
- Raise hands for questions and arrive on time.
Recording Announcement
- This session is being recorded for internal resources.
- Speak to the lecturer if there are concerns about the recording.
Learning Outcomes
- Understand the general context of cyber security.
- Identify relevant local and international bodies responsible for cyber security.
- Appreciate opportunities and the skilled labor shortage in the UK.
- Identify various knowledge areas in cyber security.
Introduction to Cyber Security
- Defining what cyber security is and its importance.
- Overview of cyber security organizations and required skills.
- Discussion of relevant UK laws.
Definition of Cyber Security
- According to NIST, cyber security is the protection of automated information systems to maintain integrity, availability, and confidentiality of resources.
Basic Components
- Confidentiality: Protection against unauthorized access.
- Integrity: Safeguarding against unauthorized changes.
- Availability: Ensuring timely accessibility.
- Authenticity: Verification of components and data.
- Authorization: Prevention of unauthorized control.
Key Terms in Cyber Security
- Vulnerabilities: Points susceptible to attack.
- Threats: Possible dangers to systems (e.g., person, event).
- Countermeasures: Techniques to protect systems.
Types of Vulnerabilities
- Physical, natural, hardware/software, media, emanation, communications, and human vulnerabilities.
- Some vulnerabilities are easier to exploit than others (e.g., cordless phone tapping with a $199 scanner).
Types of Threats
- Natural Threats: E.g., natural disasters.
- Unintentional Threats: Accidental actions causing harm.
- Intentional Threats: From insiders (e.g., employees) or outsiders (e.g., hackers, terrorists).
Countermeasures
- Examples include encryption, firewalls, authentication, and authorization.
- Categorized into various types: technical, policy-related, education, and human intelligence monitoring.
Security Attacks
- Cover concepts like eavesdropping, message tampering, and fabrication.
Security Evaluation
- Strongest security systems account for their weakest link.
- Strategies to improve security focus on identifying and enhancing weak points.
Cyber Security Breach Statistics (2022)
- 39% of businesses experienced breaches, primarily due to phishing (83%).
- 21% faced advanced attacks; 75% of larger businesses targeted.
Costs of Cyber Security Breaches
- Estimated average cost of a data breach in 2022: 4.35 ext{ million}.
- Example: British Airways faced significant reputational and financial repercussions due to a breach.
Key Organizations in Cyber Security (UK)
- GCHQ: Intelligence and security agency responsible for cybersecurity efforts.
- NCSC: Provides guidelines and support for cyber security in the UK, works towards securing the online environment.
Global Cyber Security Organizations
- ECSO: European body supporting cyber security capabilities.
- NSA: U.S. agency managing signal intelligence.
Standards in Cyber Security
- Established to identify best practices and ensure compliance.
- NIST and BSI cover benchmarks for security measures.
Professional Accreditation
- Certifications include CISSP, GIAC, Certified Ethical Hacker, and various NCSC recognized courses.
Cyber Security Skills Demand in the UK
- 51% of businesses have a basic skills gap; 33% face more advanced skill shortages.
UK National Cyber Security Strategy (2016-2030)
- Aims to defend, deter, and develop the UK against cyber threats through organizational cooperation and resilience building.
Conclusion
- Cyber security is critical for mitigating risks against cyber attacks.
- The government is focused on closing the skills gap and updating strategies to align with evolving threats.