1. Types of Cyber Attacks
1.1. when an individual or an organization deliberately and maliciously attempts to breach the information system of another individual or organization. While there is usually an economic goal, some recent attacks show destruction of data as a goal.
1.2. Phishing
1.2.1. involves sending emails that appear to come from trusted sources in order to collect personal data or to trick victims into taking an action. Attacks can also take place via phone call (voice phishing) and via text message (SMS phishing)
1.2.2. Spear Phishing
1.2.2.1. targeted attacks directed at specific companies and/or individuals.
1.2.3. Whaling
1.2.3.1. attacks targeting senior executives and stakeholders within an organization.
1.2.4. Pharming
1.2.4.1. leverages DNS cache poisoning to capture user credentials through a fake login landing page.
1.3. Malware
1.3.1. Malware uses a vulnerability to breach a network when a user clicks a “planted” dangerous link or email attachment, which is used to install malicious software inside the system.
1.3.1.1. Deny access to the critical components of the network
1.3.1.2. Obtain information by retrieving data from the hard drive
1.3.1.3. Disrupt the system or even rendering it inoperable
1.3.2. Ransomware
1.3.2.1. A malicious software that holds your data hostage until a ransom is paid.
1.3.2.1.1. Wannacry 2017
1.3.3. Spyware
1.3.3.1. These are programs installed to collect information about users, their browsing habits or their computer.
1.3.3.2. Adware
1.3.3.2.1. using pop-up ads with malicious intent, hacking into browser to slow down or install virus or both
1.3.4. Trojans
1.3.4.1. A seemingly legitimate program, but with a malicious intent.
1.3.4.1.1. To steal, delete, block, modify or copy personal or sensitive content
1.3.4.1.2. Spying
1.3.4.1.3. Stealing passwords
1.4. Denial-of-Service (DOS) Attack
1.4.1. DOS attacks aim to make a server, a service or an infrastructure unavailable.
1.4.1.1. Bandwidth saturation
1.4.1.1.1. overloading the targeted resource with requests
1.4.2. In addition to denial-of-service (DoS) attacks, there are also distributed denial-of-service (DDoS) attacks.
1.4.2.1. DDoS attack is launched from several infected host machines with the goal of achieving service denial and taking a system offline
1.5. Man in the Middle (MitM)
1.5.1. A hacking technique that consists of intercepting encrypted exchanges between two people or two computers in order to decode their content.
1.5.1.1. Session hijacking between a trusted client and a server, by stealing the client’s IP address
1.5.1.2. IP spoofing
1.5.1.3. Replay: occurs when an attacker intercepts and then records old messages, and later attempts to send them, posing as one of the participants in the conversation.
1.6. Structures Query Language injection
1.6.1. attacks occur when a cybercriminal executes a piece of SQL (standard computer language) code forcing the server to deliver protected information
1.7. Eavesdropping
1.7.1. The cyber-attacker can then obtain passwords, bank card numbers and other sensitive content that the Internet user sends over the network concerned
1.7.2. Passive eavesdropping : a hacker intercepts data by listening to the transmission of messages on the network
1.7.3. Active eavesdropping: a hacker actively steals information by pretending to be a friendly unit and sending requests to transmitters.
1.8. Password Attack
1.8.1. The most common means of authentication for accessing a system.
1.8.2. Brute-Force attack
1.8.3. Keylogger attack
1.8.4. Password Spraying
1.8.5. Credential Stuffing
1.8.6. Attackers will often try to use Phishing techniques to obtain a user’s password.
2. NIST Cybersecurity Framework
2.1. Aim of the framework
2.1.1. integrate industry standards and best practices to help organisations and businesses manage their cybersecurity risks
2.1.2. provide a common language that allows staff to develop a shared understanding of their cybersecurity risks
2.1.3. give guidance on how to reduce these risks
2.1.4. give advice on how to respond and recover from cybersecurity attacks and learn from those incidents
2.2. 5 Key Areas
2.2.1. Identify
2.2.1.1. looking at current data use and then evaluating and identifying risk
2.2.1.2. Asset Management
2.2.1.3. Governance
2.2.1.4. Risk Management Strategy
2.2.2. Protect
2.2.2.1. the elements that help protect a business
2.2.2.2. Access Control
2.2.2.3. Data Security
2.2.2.4. Awareness and Training
2.2.2.5. Protective Technology
2.2.3. Detect
2.2.3.1. being aware of problems as they happen
2.2.3.2. Anomalies and Events
2.2.3.3. Security and Continuous Monitoring
2.2.3.4. Detection Processes
2.2.4. Respond
2.2.4.1. the bases needing to be covered to make an adequate response to a problem
2.2.4.2. Response planning
2.2.4.3. Analysis
2.2.4.4. Mitigation
2.2.5. Recover
2.2.5.1. the steps needed to make an effective recovery of lost data
2.2.5.2. Recovery Planning
2.2.5.3. Improvements
2.2.5.4. Communications
3. Goals of Cyber Security
3.1. CIA Triad
3.1.1. Confidentiality
3.1.1.1. Confidentiality is the protection of personal information. Confidentiality means keeping a client’s information between you and the client, and not telling others including co-workers, friends, family, etc.
3.1.1.1.1. Cracking Encrypted Data
3.1.1.1.2. Man in the Middle attacks on plain text
3.1.1.1.3. Data leakage
3.1.1.1.4. Installing Spyware/Malware on a server
3.1.2. Integrity
3.1.2.1. Integrity, in the context of computer systems, refers to methods of ensuring that data is real, accurate and safeguarded from unauthorized user modification.
3.1.2.1.1. Web penetration for malware insertino
3.1.2.1.2. Maliciously accessing servers and forging records
3.1.2.1.3. Unauthorised Database scans
3.1.2.1.4. Remotely controlling zombie systems
3.1.3. Availability
3.1.3.1. Availability, in the context of a computer system, refers to the ability of a user to access information or resources in a specified location and in the correct format.
3.1.3.1.1. DOS/DDos attacks
3.1.3.1.2. Ransomware attacks
3.1.3.1.3. Deliberately distruptionng a server rooms power supply
3.1.3.1.4. Flooding a server with too many request
3.2. How to Achieve Goal
3.2.1. Best Practices
3.2.1.1. Keep software up-to-date
3.2.1.1.1. Turn on Automatic Updates for your operating system.
3.2.1.1.2. Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.
3.2.1.1.3. Make sure to keep browser plug-ins (Flash, Java, etc.) up-to-date.
3.2.1.2. Avoid pop-ups, unknown emails, and links
3.2.1.2.1. Scan emails before opening to read
3.2.1.2.2. Be suspicious of any official-looking email message or phone call that asks for personal or financial information
3.2.1.3. Practice good password management
3.2.1.3.1. Use password manager to help you to maintain strong unique passwords for all of your accounts.
3.2.1.4. Connect to secure Wi-Fi
3.2.1.4.1. Public Wi-Fi networks can be risky and make your data vulnerable to being intercepted.
3.2.1.5. Safeguard Protected Data
3.2.1.5.1. Keep high-level Protected Data off of your workstation, laptop, or mobile devices.
3.2.1.5.2. Securely remove sensitive data files from your system when they are no longer needed.
3.2.1.5.3. Always use encryption when storing or transmitting sensitive data.
3.2.1.6. Use mobile devices safely
3.2.1.6.1. Lock your device with a PIN or password - and never leave it unprotected in public.
3.2.1.6.2. Keep the device's operating system up-to-date.
3.2.1.6.3. Don't click on links or attachments from unsolicited emails or texts.
3.2.1.6.4. Avoid transmitting or storing personal information on the device.
3.2.1.7. Enable firewall protection at work and at home
3.2.1.7.1. Firewalls prevent unauthorized users from accessing your websites, mail services, and other sources of information that can be accessed from the web
3.2.1.8. Embrace education and training
3.2.1.8.1. Raise awareness about cyber threats your company faces and how they affect the bottom line.
3.2.1.8.2. Show examples of real-life security breaches, their consequences, and the difficulty of the recovery process.
3.2.2. IAAA - Identification, Authentication, Authorization, Accountability
3.2.2.1. Identification
3.2.2.1.1. username
3.2.2.1.2. ID number
3.2.2.1.3. employee number
3.2.2.1.4. SSN
3.2.2.2. Authentication
3.2.2.2.1. Something you know – Type 1
3.2.2.2.2. Something you have – Type 2
3.2.2.2.3. Something you are – Type 3
3.2.2.2.4. Somewhere you are – Type 4
3.2.2.2.5. Something you do – Type 5
3.2.2.3. Authorisation
3.2.2.3.1. Who is allowed to access what – Access Control models are used, implementation depends on the organization its security goals.
3.2.2.4. Accountability (Auditing)
3.2.2.4.1. Trace an Action to a Subjects Identity
3.2.2.4.2. Prove who/what a given action was performed by (non-repudiation).
4. Vulnerability, Threat, Exploit, Risk
4.1. Threats
4.1.1. Threats have the potential to steal or damage data, disrupt business, or create harm in general
4.1.2. Intentional threats:
4.1.2.1. Things like malware, ransomware, phishing, malicious code, and wrongfully accessing user login credentials are all examples of intentional threats. They are activities or methods bad actors use to compromise a security or software system.
4.1.2.2. Social Engineering
4.1.2.3. Theft
4.1.2.4. Vandalism
4.1.3. Unintentional threats:
4.1.3.1. Unintentional threats are often attributed to human error. For example, an employee could forget to update their firewall or anti-virus software. Current and even former employees may also have unnecessary access to sensitive data, or simply be unaware of the threats.
4.1.3.2. Human error
4.1.3.3. Software error
4.1.3.4. Hardware error
4.1.4. Natural threats:
4.1.4.1. While acts of nature aren’t typically associated with cybersecurity, they are unpredictable and have the potential to damage your assets.
4.1.4.2. Force of nature
4.2. Vulnerability
4.2.1. refers to a weakness in your hardware, software, or procedures. It’s a gap through which a bad actor can gain access to your assets. In other words, threats exploit vulnerabilities.
4.2.1.1. small to medium-sized businesses tend to be more vulnerable to attacks because few can afford a dedicated IT/security department, making it less likely that there are security procedures in place.
4.3. Risk
4.3.1. Cyber risk is the intersection of assets, threats, and vulnerabilities. It’s the potential for loss, damage, or destruction of an asset when a threat takes advantage of a vulnerability
4.3.1.1. Threats + Vulnerability = Risk
4.3.1.2. To determine your level of cyber risk, you have to understand the types of threats that are out there and know your system’s vulnerabilities
4.4. Risk control strategies
4.4.1. Defense
4.4.1.1. Applying safeguards that eliminate or reduce the remaining uncontrolled risk
4.4.2. Transferral
4.4.2.1. Shifting risks to other areas or to outside entities
4.4.3. Mitigation
4.4.3.1. Reducing the impact of information assets should an attacker successfully exploit a vulnerability
4.4.4. Acceptance
4.4.4.1. Understanding the consequences of choosing to leave a risk uncontrolled and then properly acknowledging the risk that remains without an attempt at control
4.4.5. Termination
4.4.5.1. Removing or discontinuing the information asset from the organization's operating environment
5. Types of Cyber Security for Organisational Safety
5.1. Critical Infrastructure Cybersecurity
5.1.1. deployed to secure the systems that have the critical infrastructure.
5.2. Network Security
5.2.1. enables organizations to secure computer networks from intruders, targeted attackers, and opportunistic malware.
5.2.2. New Passwords
5.2.3. Antivirus programs
5.2.3.1. work by detecting, quarantining and/or deleting malicious code, to prevent malware from causing damage to your device.
5.2.4. Firewalls
5.2.5. Monitored Internet access
5.2.6. Cryptography
5.2.6.1. Secret Key
5.2.6.2. Public Key
5.2.6.3. Hash Function
5.3. Cloud Security
5.3.1. By integrating the system with a cloud security platform, the users will be rendered with the secured data, thus mitigating the possibility of a cyber-attack.
5.4. Internet of Things Security
5.4.1. By integrating the system with IoT security, organizations are provided with insightful analytics, legacy embedded systems, and secure network.
5.5. Application Security
5.5.1. Application security thwarts the cyber-security infringement by adopting the hardware and software methods at the development phase of the project.
5.5.2. Anti-virus program
5.5.2.1. work by detecting, quarantining and/or deleting malicious code, to prevent malware from causing damage to your device.
5.5.3. Firewalls
5.5.3.1. software or hardware that work as a filtration system for the data attempting to enter your computer or network.
5.5.4. Encryption
5.5.4.1. taking plain text, like a text message or email, and scrambling it into an unreadable format