Chapter 3 from slide 12

avatar
Created by
Siphesihle Manzini

Cards (34)

  • Client-server network
    The clients are the workstations or PCs connected to a server
  • File management
    • Opening
    • Closing
    • Saving
    • Naming
    • Deleting
    • Organizing your digital files
  • Folder and subfolders
    Organize your files
  • Cybersecurity
    The practice of protecting systems, networks, and programs from digital attacks
  • Cybersecurity world
    • Websites and power of data
    • New technologies like GIS and IoE depend on collecting and analyzing large amounts of data
    • Data can help save energy, improve efficiencies, and reduce safety risks
  • Cybersecurity domains
    • Websites and power of data
    • Tracking worldwide weather, monitoring oceans, tracking movement and behavior of people, animals and objects in real time
  • Hackers
    Criminals who break into computers or networks to gain access for various reasons
  • Types of hackers
    • White hat attackers
    • Gray hat attackers
    • Black hat attackers
  • Cybercriminals
    • Script kiddies
    • Vulnerability brokers
    • Hacktivists
    • Cyber criminals
    • State sponsored hackers
  • Cybersecurity specialists
    • Develop vulnerability databases
    • Create early warning systems
    • Share cyber intelligence
    • Implement information security management standards
    • Enact new laws
  • Cybersecurity threat
    The possibility that a harmful event, such as an attack, will occur
  • Cyber vulnerability
    A weakness that makes a target susceptible to an attack
  • Types of data that can be targeted
    • Personal information
    • Medical records
    • Education records
    • Employment and financial records
  • Network services targeted by criminals
    • DNS
    • HTTP
    • Online databases
  • Techniques used by criminals
    • Packet sniffing
    • Using rogue devices like unsecured WiFi access points
    • Packet forgery/injection
  • Levels of cybersecurity threats
    • Personal
    • Corporate
    • State
  • The National Security Agency (NSA) is responsible for intelligence collection and surveillance activities in the U.S.
  • Efforts to protect people's way of life often conflict with their right to privacy
  • Internal security threats
    • Accidental or intentional actions by employees or contract partners
    • Potential for greater damage due to direct access and knowledge of the network
  • External security threats

    • Attacks from amateurs or skilled attackers exploiting vulnerabilities
  • Spreading Cybersecurity Threats

    • Attacks can originate from within an organization or from outside of the organization
  • Internal security threats
    An internal user, such as an employee or contract partner, can accidently or intentionally cause damage. Internal threats have the potential to cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices, knowledge of the corporate network, its resources, and its confidential data, as well as knowledge of security countermeasures, policies and higher levels of administrative privileges.
  • External security threats
    External threats from amateurs or skilled attackers can exploit vulnerabilities in networked devices, or can use social engineering, such as trickery, to gain access. External attacks exploit weaknesses or vulnerabilities to gain access to internal resources.
  • Vulnerabilities of mobile devices
    • Employees are using mobile devices like iPhones, smartphones, tablets to access enterprise information, which poses a growing threat to organizations due to the inability to centrally manage and update these devices
  • Emergence of Internet-of-Things (IoT)

    • IoT technologies enable people to connect billions of devices to the Internet, including appliances, locks, motors, and entertainment devices. This increases the amount of data that needs protection and the number of networks requiring protection.
  • Impact of Big Data
    • Big data poses challenges and opportunities based on the volume, velocity, and variety of data. This requires dramatic changes in security product designs and substantial upgrades to technologies and practices, as well as more regulations and mandates for better data protection and security controls.
  • Safety implications
    • Emergency call centers in the U.S. are vulnerable to cyberattacks that could shut down 911 networks, jeopardizing public safety. Telephone denial of service (TDoS) attacks can tie up telephone systems and prevent legitimate calls from getting through.
  • Heightened recognition of cybersecurity threats
    • The defenses against cyberattacks at the start of the cyber era were low, but now countries across the world have become more aware of the threat of cyberattacks, which now head the list of greatest threats to national and economic security in most countries.
  • Seven categories of cybersecurity work
    • Operate and Maintain
    • Protect and Defend
    • Investigate
    • Collect and Operate
    • Analyze
    • Oversight and Development
    • Securely Provision
  • Professional organizations
    • International technology organizations that sponsor workshops and conferences for cybersecurity specialists
  • Cybersecurity student organizations and competitions
    • National cybersecurity skills competitions available to cybersecurity students
  • CISSP certification
    Vendor-neutral certification for cybersecurity specialists with technical and managerial experience, formally approved by the U.S. Department of Defense
  • CISM certification

    Certification for cybersecurity specialists responsible for managing, developing and overseeing information security systems at the enterprise level or for developing best security practices
  • Cybersecurity specialists must have the same skills as hackers, especially black hat hackers, in order to protect against attacks