3. INTRODUCTION
• Cyber Security’s goal: Protect our information and
information systems
• Cyber Security is: “Protection of information systems
against unauthorized access to or modification of
information, whether in storage, processing or transit, and
against the denial of service to authorized users, including
those measures necessary to detect, document, and counter
such threats.”
3
5. Primary goal 5
WHY IS CYBER SECURITY?
• Information is considered sensitive if
the loss of Confidentiality, Integrity, or
Availability could be expected to have
a serious, severe, or catastrophic
adverse effect on organizational
operations, organizational assets, or
individuals.
• Types of sensitive information
include:
• Personnel
• Financial
• Payroll
• Medical
• Privacy Act information. Confidentiality Integerity Availabity
6. • Confidentiality: Safeguards information from being accessed by individuals without the
proper clearance, access level, and need to know.
• Integrity: Results from the protection of unauthorized modification or destruction of
information.
• Availability: Information services are accessible when they are needed. Authentication
means a security measure that establishes the validity of a transmission, message, or
originator, or a means of verifying an individual's authorization to receive specific
categories of information.
Why is Cyber Security 6
11. TYPES OF CYBERSECURITY THREATS
• Phishing
Phishing is the practice of sending fraudulent emails that resemble emails from reputable
sources. The aim is to steal sensitive data like credit card numbers and login information. It’s
the most common type of cyber attack. You can help protect yourself through education or a
technology solution that filters malicious emails.
• Ransomware
Ransomware is a type of malicious software. It is designed to extort money by blocking access
to files or the computer system until the ransom is paid. Paying the ransom does not guarantee
that the files will be recovered or the system restored
Types of cybersecurity threats 11
12. • Malware
Malware is a type of software designed to gain unauthorized access or to cause damage to a
computer.
• Social engineering
Social engineering is a tactic that adversaries use to trick you into revealing sensitive
information. They can solicit a monetary payment or gain access to your confidential data. Social
engineering can be combined with any of the threats listed above to make you more likely to click on
links, download malware, or trust a malicious source.
• Distributed denial-of-service (DDoS) attacks
Are those in which multiple systems disrupt the traffic of a targeted system, such as a server,
website or other network resource. By flooding the target with messages, connection
requests or packets, the attackers can slow the system or crash it, preventing legitimate
traffic from using it.
Types of Cybersecurity threats 12
14. TYPE OF CYBERSECURITY
1. Network Security
Most attacks occur over the network, and network security solutions are designed to identify and block these
attacks. These solutions include data and access controls such as Data Loss Prevention (DLP), IAM (Identity
Access Management), NAC (Network Access Control), and NGFW (Next-Generation Firewall) application
controls to enforce safe web use policies.
2. Cloud Security
A cloud security strategy includes cyber security solutions, controls, policies, and services that help to protect an
organization’s entire cloud deployment (applications, data, infrastructure, etc.) against attack.
3. Endpoint Security
The zero-trust security model prescribes creating micro-segments around data wherever it may be. One way to
do that with a mobile workforce is using endpoint security. With endpoint security, companies can secure end-
user devices such as desktops and laptops with data and network security controls, advanced threat prevention
such as anti-phishing and anti-ransomware, and technologies that provide forensics such as endpoint detection
and response (EDR) solutions.
Type of Cyber security 14
15. 4. Mobile Security
Often overlooked, mobile devices such as tablets and smartphones have access to corporate data, exposing
businesses to threats from malicious apps, zero-day, phishing, and IM (Instant Messaging) attacks. Mobile
security prevents these attacks and secures the operating systems and devices from rooting and jailbreaking.
When included with an MDM (Mobile Device Management) solution, this enables enterprises to ensure only
compliant mobile devices have access to corporate assets.
5. IoT Security
IoT security protects these devices with discovery and classification of the connected devices, auto-
segmentation to control network activities, and using IPS as a virtual patch to prevent exploits against vulnerable
IoT devices. In some cases, the firmware of the device can also be augmented with small agents to prevent
exploits and runtime attacks.
6. Application Security
Web applications, like anything else directly connected to the Internet, are targets for threat actors. Since 2007,
OWASP has tracked the top 10 threats to critical web application security flaws such as injection, broken
authentication, misconfiguration, and cross-site scripting to name a few.
7. Zero Trust
The traditional security model is perimeter-focused, building walls around an organization’s valuable assets like a
castle. However, this approach has several issues, such as the potential for insider threats and the rapid
dissolution of the network perimeter. As corporate assets move off-premises as part of cloud adoption and
remote work, a new approach to security is needed. Zero trust takes a more granular approach to security,
protecting individual resources through a combination of micro-segmentation, monitoring, and enforcement of
Presentation title 15