Cybersecurity_Overview_Session1

Introduction to Cybersecurity

• Session 1: Overview of Cybersecurity

Page 2: What is Cybersecurity?

• Definition: Practice of protecting systems, networks, and data from attacks.

• Importance:

  • Ensures trust in digital interactions.

  • Key for areas like online banking and e-commerce.

Page 3: Cybersecurity vs Information Security vs IT Security

• Cybersecurity: Focus on digital threats.

• Information Security: Includes physical and digital information.

• IT Security: Focus on technical infrastructure.

Page 4: The CIA Triad

• Confidentiality:

  • Ensures access to authorized users.

• Integrity:

  • Protects data accuracy and reliability.

• Availability:

  • Ensures accessibility when needed.

Page 5: Confidentiality

• Definition: Sensitive information accessible only to authorized users.

• Methods:

  • Encryption: Techniques like AES and RSA to secure data.

  • Access controls: Passwords and biometrics to restrict access.

Page 6: Integrity

• Definition: Protects data from unauthorized modification.

• Methods:

  • Hashing: Algorithms such as SHA-256 to verify data integrity.

  • Digital signatures: To ensure authenticity and integrity of data.

Page 7: Hashing

• Function: Uses algorithms to generate a fixed-size string (hash value) from data.

• Tampering detection: Any data change alters the hash value, enabling detection.

• Common Algorithms: SHA-256, SHA-3, and MD5 (less secure).

• Verification: Hashes verified on both sender and receiver sides.

Page 8: Digital Signatures

• Purpose: Verifies sender identity and ensures data integrity.

• Key Technology: Uses Public Key Infrastructure (PKI) for generation and verification.

• Trust Establishment: Combine with certificates from trusted Certificate Authorities (CAs).

Page 9: Access Control Mechanisms

• Function: Restricts who can modify, delete, or add data.

• Methods:

  • Role-Based Access Control (RBAC): Access based on roles.

  • Attribute-Based Access Control (ABAC): Access based on attributes.

• Principle of Least Privilege (PoLP): Users given the minimum level of access necessary.

Page 10: Audit Trails and Logging

• Function: Records all system changes and actions.

• Tamper-Proofing: Use tools like Splunk or ELK stack to maintain logs.

• Regular Reviews: Conduct log reviews for anomalies.

Page 11: Version Control

• Purpose: Tracks changes to files and systems.

• Tools: Git, SVN, or enterprise version control systems like Bitbucket.

• Process: Enforce code reviews and approvals.

Page 12: Integrity Monitoring Tools

• Function: Automated detection of changes to files or systems.

• Deployment: Tools like Tripwire or OSSEC to identify critical file changes.

• Alert Systems: Set up alerts for modifications to critical files.

Page 13: Backup and Recovery

• Purpose: Maintains data copies for recovery in emergencies.

• Backup Types: Create incrementals and full backups regularly.

• Storage: Store backups securely offsite and test restoration processes.

Page 14: Secure Transmission Protocols

• Purpose: Ensures data integrity during transmission.

• Protocols: TLS, HTTPS, or SFTP for encryption.

• Verification: Use checksums or hashes to verify transmitted data.

Page 15: Redundancy and Failover Systems

• Definition: Uses multiple systems to detect inconsistencies.

• Deployment: Redundant databases or systems to ensure reliability.

• Mechanisms: Quorum-based mechanisms in distributed systems ensure operational continuity.

Page 16: Key Practices

• Education: Train employees on integrity and error avoidance.

• Maintenance: Regularly update and patch systems.

• Integrity Checks: Conduct checks during audits and penetration tests.

Page 17: Availability

• Definition: Ensures systems are accessible when needed.

• Methods:

  • Backups and redundancy for immediate recovery.

  • Comprehensive disaster recovery plans.

Page 18: Redundant Systems and Failover Mechanisms

• Definition: Deploying multiple systems for takeover in case of failure.

• Implementation: Backup servers and storage for redundancy.

  • Failover systems that switch to backups during outages.

  • Use load balancers to distribute traffic across systems.

Page 19: Distributed Denial of Service (DDoS) Protection

• Definition: Preventing attacks that flood systems with traffic.

• Implementation:

  • Use services like Cloudflare, AWS Shield, or Akamai.

  • Configure rate-limiting and traffic filtering.

  • Deploy IDS/IPS for intrusion detection.

Page 20: Regular Maintenance and Patch Management

• Definition: Keeping systems updated to prevent failures.

• Implementation:

  • Apply patches and updates consistently.

  • Conduct routine hardware and software maintenance.

  • Monitor system health using tools like Nagios or SolarWinds.

Page 21: Backup and Disaster Recovery

• Definition: Ensuring data can be restored post-failure or attack.

• Implementation:

  • Perform regular backups, both incremental and full.

  • Test disaster recovery plans for service restoration.

  • Securely store backups in diverse geographic locations.

Page 22: High-Availability (HA) Architectures

• Definition: Designing systems to maximize uptime.

• Implementation:

  • Use HA clusters to auto-replace failed components.

  • Use RAID for storage redundancy.

  • Avoid single points of failure in systems.

Page 23: Scalable Infrastructure

• Definition: Systems that handle increased load.

• Implementation:

  • Utilize cloud services with auto-scaling features.

  • Monitor and adjust resource usage proactively.

  • Employ containerized architectures like Kubernetes for flexibility.

Page 24: Network Resilience

• Definition: Protecting connectivity for service availability.

• Implementation:

  • Use multiple Internet Service Providers (ISPs) for backup.

  • Implement robust firewalls and VPN solutions.

  • Segment networks to isolate failures.

Page 25: Access Control and Monitoring

• Definition: Restrict and monitor resource access.

• Implementation:

  • Utilize RBAC or ABAC for access management.

  • Monitor user activity and system performance for anomalies.

  • Detect unauthorized access attempts in real-time.

Page 26: Incident Response Planning

• Definition: Preparing for disruptions effectively.

• Implementation:

  • Develop and practice incident response plans.

  • Train staff on cybersecurity incident handling.

  • Establish communication protocols for stakeholder notification during outages.

Page 27: Environmental Controls

• Definition: Protecting infrastructure from physical threats.

• Implementation:

  • Ensure data centers have backup power (UPS, generators).

  • Maintain optimal cooling and humidity for equipment.

  • Utilize fire suppression and flood protection systems.

Page 28: Key Practices

• Monitoring: 24/7 system monitoring for issue detection.

• SLAs: Establish Service Level Agreements defining uptime requirements.

• Audits: Regular audits to ensure compliance with availability standards.

Page 29: Case Study: Target Breach (2013)

• Incident: Hackers accessed Target’s network via a third-party vendor.

• Impact on CIA Triad:

  • Confidentiality: Sensitive data stolen.

  • Integrity: Trust in the brand compromised.

  • Availability: Disruption to systems experienced.

Page 30: What Happened?

• Breach Overview: Access through third-party vendor vulnerabilities.

• Data Impact: Sensitive customer payment info and personal details stolen.

• Reputation Damage: Compromised trust and potential temporary service downtime.

• Consequences: Customers lost confidence in Target's data reliability.

Page 31: Recap and Q&A

• Summary:

  • Cybersecurity definition and significance.

  • CIA Triad Components: Confidentiality, Integrity, Availability.

• Question:

  • As a cybersecurity officer, how would you respond to a breach involving accidental sharing of customer data? Apply CIA Triad principles to manage the situation.