[Module 1.1] Introduction to Cybersecurity 4.

Financial Records – information about your

income and expenditure.
1 Attack every 39 Seconds

Cybersecurity - ongoing effort to protect

individuals, organizations and governments Identity Theft
from digital attacks by protecting networked
Medical Theft – cybercriminal stealing medical
systems and data from unauthorized use or
insurance to use the benefits for themselves.
harm.
Banking – identity thief could file a fake tax
Three Levels of Protection
return and collect the refund.
1. Personal – safeguard your identity, your data,
and your computing devices.
Entities that Want your Data
2. Organizational - protect the organization’s
reputation, data and customers. 1. Internet Service Provider – tracks your online
activity and sells this data to advertisers for a
3. Government - more vital at the government
profit.
level, where national security, economic stability
and the safety and wellbeing of citizens are at 2. Advertisers – monitor and track your online
stake. activities such as shopping habits and personal
preferences and send targeted ads your way.

3. Search Engines and Social Media Platforms –

Offline Identity – real life persona that you
gather information based on your search history
present on a daily basis at home, at work, or at
and online identity. This information is then
school
sold to advertisers for profit.
Online Identity – how you present yourself to
4. Websites – use cookies to track your
others online
activities in order to provide a more
If you use the web, you have an online identity personalized experience. This data can usually
end up in the hand of advertisers.

[Module 1.2]
How Hackers Obtain your Data
Traditional Data – generated and maintained by
1. Medical Records – contains information
all organizations, big and small.
regarding your physical and mental and
wellbeing. Stored in your Electronic Health a. Transactional Data – details relating
Records (EHRs) to buying and selling.

2. Education Records – contains information b. Intellectual Property – patents,

about your academic qualification and trademarks, and new products plans.
achievements
c. Financial Data – income statements,
3. Employment Records – information on your balance sheets and cash flow statement
past employment, or even your current
performance reviews.
Internet of Things (IoT) – a large of networks of The Protection of Information in Each State
physical objects, such as sensors, software and
1. Processing – refers to data that is being used
other equipment.
to perform an operation such as updating a
Big Data – exponential growth in data database record (data in process).

McCumber Cube (John McCumber, 1991) – help 2. Storage – data stored in a memory or on a
organizations establish and evaluate permanent storage device such as a hard drive,
information security initiatives. solid-state drive or USB drive (data at rest).
Three Dimensions:
3. Transmission – refers to data travelling
1. Foundational Principles for protecting
between information systems (data in transit)
information systems.
2. Protection of information in each of
its possible states.
3. Security measures used to protect The Security Measures Used to Protect Data
data. 1. Awareness, Training and Education –
Foundational Principles for Protecting measure put in place by an organization to
Information ensure that users are knowledgeable about
potential security threats and actions they can
1. Confidentiality – set of rules that prevents take to protect information systems.
sensitive information from being disclosed to
unauthorized people, resources, and processes. 2. Technology – refers to the software and
Methods to Ensure Confidentiality hardware-based solutions designed to protect
a. Data Encryption information systems such as firewalls, which
b. Identity Proofing continuously monitor your network in search of
c. Two Factor Authentication possible malicious incidents.

2. Integrity – ensures that system information 3. Policy and Procedure – refers to the
or processes are protected from intentional or administrative controls that provide information
accidental modification. for how an organization implements
Methods to Ensure Integrity information assurance.
a. Hash Function
b. Checksum
Data Security Breaches
3. Availability – authorized users are able to
access systems and data when and where 1. Persirai Botnet (2017) – an IoT botnet
needed and those that do not meet established targeted over 1,000 different models of Internet
conditions, are not. This can be achieved: Protocol cameras, accessing open ports to inject
a. Maintaining Equipment a command that forced the cameras to connect
b. Performing Hardware Repairs to a site which installed malware on them.
c. Keeping Operating Systems 2. Equifax Inc. (2017) – attackers exploit a
d. Software up to data vulnerability in its web application software to
e. Creating Backups gain access to the sensitive personal data of
millions of customers.
Consequence of a Security Breach b. Hackers – this group of attackers break into
computer systems or networks to gain access.
1. Reputational Damage – security breach can
have a negative long-term impact on an White Hat Attackers – break into
organization’s reputation that has taken years to networks or computer systems to
build. identify any weaknesses so that the
security of a system or network can
2. Vandalism – a hacker or hacking group may
be improved
vandalize an organization’s website by posting
untrue information. Gray Hat Attackers – may set out to find
vulnerabilities in a system but they will
3. Theft – data that involves an incident where
only report their findings to the owners
sensitive personal data has been stolen.
of a system if doing so coincides with
4. Loss of Revenue – financial impact of a their agenda.
security breach can be devastating. A loss of
Black Hat Attackers – take advantage of
customer information may impede company
any vulnerability for illegal personal,
growth and expansion.
financial or political gain.
5. Damaged Intellectual Property – security
c. Organized Hackers – includes organizations of
breach can have a devastating impact on the
cyber criminals, hacktivists, terrorist, and state-
competitiveness.
sponsored hackers.

Hacktivists – make political statements

[Module 1.3] to create awareness about issues
that are important to them.
Security Breach – an incident that results in
unauthorized access to data, applications, State-sponsored Attackers – gather
services or devices, exposing private intelligence or commit sabotage on
information that attackers can use for financial behalf of their government.
gain or other advantages.

Internal Threats – employees, contract staff, or

[Module 1.4] trusted partners can accidentally or
intentionally mishandle confidential data,
Type of Attackers facilitate outside attacks by connecting infected
a. Amateurs – “script kiddies” refers to amateur USB media into the organization’s computer
or inexperience hackers who use existing tools system, invite malware, threaten the operations
or instructions found on the internet to launch of internal servers
attacks. External Threats – amateurs or skilled attackers
outside of the organization can exploit
vulnerabilities, gain unauthorize access, use
social engineering to gain access,
[Module 1.5]

Cyberwarfare – the use of technology to

penetrate and attack another nation’s computer
systems and networks in an effort to cause
damage or disrupt services, such as shutting
down a power grid.

Purpose of Cyberwarfare

1. To gather Comprised information and/or

defense secrets.

2. To impact another nation’s infrastructure