HM

Cybersecurity_Overview_Session1

Introduction to Cybersecurity

  • Session 1: Overview of Cybersecurity

Page 2: What is Cybersecurity?

  • Definition: Practice of protecting systems, networks, and data from attacks.

  • Importance:

    • Ensures trust in digital interactions.

    • Key for areas like online banking and e-commerce.

Page 3: Cybersecurity vs Information Security vs IT Security

  • Cybersecurity: Focus on digital threats.

  • Information Security: Includes physical and digital information.

  • IT Security: Focus on technical infrastructure.

Page 4: The CIA Triad

  • Confidentiality:

    • Ensures access to authorized users.

  • Integrity:

    • Protects data accuracy and reliability.

  • Availability:

    • Ensures accessibility when needed.

Page 5: Confidentiality

  • Definition: Sensitive information accessible only to authorized users.

  • Methods:

    • Encryption: Techniques like AES and RSA to secure data.

    • Access controls: Passwords and biometrics to restrict access.

Page 6: Integrity

  • Definition: Protects data from unauthorized modification.

  • Methods:

    • Hashing: Algorithms such as SHA-256 to verify data integrity.

    • Digital signatures: To ensure authenticity and integrity of data.

Page 7: Hashing

  • Function: Uses algorithms to generate a fixed-size string (hash value) from data.

  • Tampering detection: Any data change alters the hash value, enabling detection.

  • Common Algorithms: SHA-256, SHA-3, and MD5 (less secure).

  • Verification: Hashes verified on both sender and receiver sides.

Page 8: Digital Signatures

  • Purpose: Verifies sender identity and ensures data integrity.

  • Key Technology: Uses Public Key Infrastructure (PKI) for generation and verification.

  • Trust Establishment: Combine with certificates from trusted Certificate Authorities (CAs).

Page 9: Access Control Mechanisms

  • Function: Restricts who can modify, delete, or add data.

  • Methods:

    • Role-Based Access Control (RBAC): Access based on roles.

    • Attribute-Based Access Control (ABAC): Access based on attributes.

  • Principle of Least Privilege (PoLP): Users given the minimum level of access necessary.

Page 10: Audit Trails and Logging

  • Function: Records all system changes and actions.

  • Tamper-Proofing: Use tools like Splunk or ELK stack to maintain logs.

  • Regular Reviews: Conduct log reviews for anomalies.

Page 11: Version Control

  • Purpose: Tracks changes to files and systems.

  • Tools: Git, SVN, or enterprise version control systems like Bitbucket.

  • Process: Enforce code reviews and approvals.

Page 12: Integrity Monitoring Tools

  • Function: Automated detection of changes to files or systems.

  • Deployment: Tools like Tripwire or OSSEC to identify critical file changes.

  • Alert Systems: Set up alerts for modifications to critical files.

Page 13: Backup and Recovery

  • Purpose: Maintains data copies for recovery in emergencies.

  • Backup Types: Create incrementals and full backups regularly.

  • Storage: Store backups securely offsite and test restoration processes.

Page 14: Secure Transmission Protocols

  • Purpose: Ensures data integrity during transmission.

  • Protocols: TLS, HTTPS, or SFTP for encryption.

  • Verification: Use checksums or hashes to verify transmitted data.

Page 15: Redundancy and Failover Systems

  • Definition: Uses multiple systems to detect inconsistencies.

  • Deployment: Redundant databases or systems to ensure reliability.

  • Mechanisms: Quorum-based mechanisms in distributed systems ensure operational continuity.

Page 16: Key Practices

  • Education: Train employees on integrity and error avoidance.

  • Maintenance: Regularly update and patch systems.

  • Integrity Checks: Conduct checks during audits and penetration tests.

Page 17: Availability

  • Definition: Ensures systems are accessible when needed.

  • Methods:

    • Backups and redundancy for immediate recovery.

    • Comprehensive disaster recovery plans.

Page 18: Redundant Systems and Failover Mechanisms

  • Definition: Deploying multiple systems for takeover in case of failure.

  • Implementation: Backup servers and storage for redundancy.

    • Failover systems that switch to backups during outages.

    • Use load balancers to distribute traffic across systems.

Page 19: Distributed Denial of Service (DDoS) Protection

  • Definition: Preventing attacks that flood systems with traffic.

  • Implementation:

    • Use services like Cloudflare, AWS Shield, or Akamai.

    • Configure rate-limiting and traffic filtering.

    • Deploy IDS/IPS for intrusion detection.

Page 20: Regular Maintenance and Patch Management

  • Definition: Keeping systems updated to prevent failures.

  • Implementation:

    • Apply patches and updates consistently.

    • Conduct routine hardware and software maintenance.

    • Monitor system health using tools like Nagios or SolarWinds.

Page 21: Backup and Disaster Recovery

  • Definition: Ensuring data can be restored post-failure or attack.

  • Implementation:

    • Perform regular backups, both incremental and full.

    • Test disaster recovery plans for service restoration.

    • Securely store backups in diverse geographic locations.

Page 22: High-Availability (HA) Architectures

  • Definition: Designing systems to maximize uptime.

  • Implementation:

    • Use HA clusters to auto-replace failed components.

    • Use RAID for storage redundancy.

    • Avoid single points of failure in systems.

Page 23: Scalable Infrastructure

  • Definition: Systems that handle increased load.

  • Implementation:

    • Utilize cloud services with auto-scaling features.

    • Monitor and adjust resource usage proactively.

    • Employ containerized architectures like Kubernetes for flexibility.

Page 24: Network Resilience

  • Definition: Protecting connectivity for service availability.

  • Implementation:

    • Use multiple Internet Service Providers (ISPs) for backup.

    • Implement robust firewalls and VPN solutions.

    • Segment networks to isolate failures.

Page 25: Access Control and Monitoring

  • Definition: Restrict and monitor resource access.

  • Implementation:

    • Utilize RBAC or ABAC for access management.

    • Monitor user activity and system performance for anomalies.

    • Detect unauthorized access attempts in real-time.

Page 26: Incident Response Planning

  • Definition: Preparing for disruptions effectively.

  • Implementation:

    • Develop and practice incident response plans.

    • Train staff on cybersecurity incident handling.

    • Establish communication protocols for stakeholder notification during outages.

Page 27: Environmental Controls

  • Definition: Protecting infrastructure from physical threats.

  • Implementation:

    • Ensure data centers have backup power (UPS, generators).

    • Maintain optimal cooling and humidity for equipment.

    • Utilize fire suppression and flood protection systems.

Page 28: Key Practices

  • Monitoring: 24/7 system monitoring for issue detection.

  • SLAs: Establish Service Level Agreements defining uptime requirements.

  • Audits: Regular audits to ensure compliance with availability standards.

Page 29: Case Study: Target Breach (2013)

  • Incident: Hackers accessed Target’s network via a third-party vendor.

  • Impact on CIA Triad:

    • Confidentiality: Sensitive data stolen.

    • Integrity: Trust in the brand compromised.

    • Availability: Disruption to systems experienced.

Page 30: What Happened?

  • Breach Overview: Access through third-party vendor vulnerabilities.

  • Data Impact: Sensitive customer payment info and personal details stolen.

  • Reputation Damage: Compromised trust and potential temporary service downtime.

  • Consequences: Customers lost confidence in Target's data reliability.

Page 31: Recap and Q&A

  • Summary:

    • Cybersecurity definition and significance.

    • CIA Triad Components: Confidentiality, Integrity, Availability.

  • Question:

    • As a cybersecurity officer, how would you respond to a breach involving accidental sharing of customer data? Apply CIA Triad principles to manage the situation.