An introduction to IT Cybersecurity and Information System Security

1. GENERAL INTRODUCTION
TO IT AND CYBER
SECURITY
LESSON 1

2. DIFFERENCE BETWEEN
INFORMATION SECURITY AND
CYBER SECURITY
• Cybersecurity deals specifically with
protecting your data from cyber
threats.
• Information Security it is all about
protecting your data from various
kinds of threats.

3. • So information security is a bit
more broad. It's broader than
cyber security.
• Cyber security is a bit more niche
because it focuses specifically on
protecting data from cyber
threats.

4. • Cyber law, cyber crime and Cyber
warfare
Basically, when you hear the word cyber attack
cybersecurity always.
But when you're protecting data from physical
threats from fire outbreaks, from flood, that's
more of information security.

5. The Trinity of IT Security -
CIA These are the
three
fundamental
pillars
of
cybersecurity.

6. But what exactly are they?
• Confidentiality: Ensuring that data is private
and accessed only by those with permission
to do so. Can be achieved with the use of
passwords, biometrics and encryption
• Integrity: Ensuring that data has not been
altered in any way. Can be achieved through
the use of checksums and access control.

7. • Availability: Ensuring that data is always
available for access and use. Can be achieved
through the use of backups, maintenance &
disaster recovery plans

9. • Disclosure data is accessed by
non-authorized users.
 Things like Trojans, brute force
attacks, even theft. Physical theft of
computers, memory cards, data
discs, and so on.

10. • Alteration data has been
compromised or tampered
with.
 Malware involved, viruses, SQL
injection attacks,

11. • Deniability where access to
data and resources are blocked.
 Denial-of-service attack,
ransomware, and so on.

12. Basic
Terminologies
 Blacklist - Used to refer to a list of
banned IP addresses, applications or
users.
 Whitelist - The exact opposite of a
blacklist
 Cat fishing - The process of creating a
fake online profile in order to trick
people into believing they are someone
else for financial gain.

13. Basic
Terminologies
 Authentication - The process of proving
an individual is who they claim to be.
 Data Mining - The activity of analyzing
and/or searching through data in order
to find items of relevance, significance
or value

14. Basic
Terminologies
 Threat - This generally refers to
anything that has the potential to cause
our data, systems and networks harm.
 Exploit - A clearly defined way to breach
the security of a system.

15. Basic
Terminologies
 Vulnerabilities - These are weaknesses
within a system or network that can be
exploited to cause us harm.
 Risk - This refers to the likelihood of
something bad happening. A risk
requires both a threat and a vulnerability
to exist.

16. Basic
Terminologies
 Zero Day - This is used to describe a
threat that is unknown to security
specialists and has not been addressed.
 Hack Value - This describes a target that
may attract an above average level of
attention from an attacker.

17. Basic
Terminologies
 Non-Repudiation - This is the concept
that once an action is carried out by a
party it cannot be denied by that same
party.
 Logic Bomb - A malicious code that is
only triggered when a set of conditions
are met.

18. Basic
Terminologies
 Obfuscation - A term used to describe
the tactic of making code unclear so that
humans or programs like an antivirus
cannot understand it.
 Honey Pot - A decoy or trap for hackers
 Spoof - The act of falsifying the identity
of the source of a communication or
interaction

19. COMPUTER
PROTOCOLS
 Protocol - is a set of rules that
determine how computers
communicate with each other.
 Protocol would also govern how an
internet document gets transmitted
to a computer screen.

20. COMPUTER
PROTOCOLS
 Protocol - will also determine
what part of the conversation
comes at which time and also
how the conversation ends.

21. TWO MOST POPULAR
PROTOCOLS
 HTTP (HyperText Transfer Protocol)
 HTTPS (HyperText Transfer Protocol
Secure)

22. TWO MOST POPULAR
PROTOCOLS
 HTTP (HyperText Transfer Protocol)
- determines how web browsers and
servers communicate. Uses port 80

23. HTTP (Stateless
System)
One thing about HTTP that separates it
from other protocols out there is that it is
referred to as a stateless system. Now, what
this means is that whenever your web
browser makes a request to a web server,
once that request has been satisfied, the
communication between your web browser
and the web server will be dropped; the
connection will no longer be maintained.

24. HTTP (Stateless
System)
• So it will only be reopened whenever
again you try to access another
website or maybe even another page
on the current website.
• So in such a scenario where
connections are dropped between
the person making the request or the
system accepting the request, that's

25. TWO MOST POPULAR
PROTOCOLS
 HTTPS (HyperText Transfer Protocol
Secure) - The secure version of HTTP
that uses encryption. Commonly
used on websites where there is an
exchange of sensitive data like
passwords and credit card details.
Uses port 443

26. HTTPS (S stands for
Secured)
• So the one thing that separates
HTTPS from HTTP is that with HTTPS,
you have something called
encryption, which means that all the
information and text that you see on
that website will be protected and
secured from several criminals or
hackers.

27. PIECE OF ADVICE FROM THE
EXPERTS
• Whenever you are on a site where
sensitive information would be
exchanged, maybe credit card
information or PIN numbers or things
like that, HTTPS should be the major
protocol in operation and not HTTP.

28. PIECE OF ADVICE FROM THE
EXPERTS
• Whenever you're trying to buy
something online and you are on
a store or an e-Commerce store,
if they don't have HTTPS, that
would be a very bad idea to shop
in such a website.

29. SSL AND SSH
 SSL (stands for the Secure Sockets
Layer) and it's used by HTTPS to
provide encryption.
 SSH (stands for Secure Shell) and it's
used specifically by programmers
and network administrators.

30. One thing you should know is that they
are technically not protocols. SSL and
SSH are not technically protocols, but
they are always used by security
protocols like the HTTPS, SFTP and
some other ones out there for them to
fully operate.
…You should know

31. More PROTOCOLS
 FTP (stands for the File
Transfer Protocol) and it
governs how files are
transmitted from one
computer to another.

32. More PROTOCOLS
 SFTP (is simply the secured
form of the file transfer
protocol) So this will provide
encryption and make it more
secure against cyber criminals
and hackers.

33. IMAP AND SMTP
 IMAP is simply the Internet
Access Message Protocol, and
of course, it controls how
internet messages are sent.

34. IMAP AND SMTP
 SMTP stands for the Simple
Mail Transfer Protocol, and
this governs how emails are
sent and received.

35. What are Cookies?
• A cookie is a text file which
is placed on your computer
whenever you visit a
website.
• This cookie allows the
website to keep track of your
visit details and store your
preferences.
• The main objective here is to increase the
speed with which you visit that same
website again.

36. • At the same time, they are very
useful for advertisers who can
match the ads to your interests
after they see your browsing
history.
• Usually, cookies and temporary files may
affect your privacy since they disclose your
online habits, but it is possible to modify
your web browser preferences and set a
limit.
COOKIES FUNCTIONS

37. TCP/IP
 TCP (Transmission Control
Protocol): Divides a message
or file into smaller packets
that are transmitted over the
internet and then reassembled
at the destination point.

38. EXAMPLE
 So imagine you wanted to send a
very big device, or some sort of
machinery to a friend of yours who
lives across the country.
 Now, sending the device as one
piece might be difficult. So, what
you can do is to split up the device
into smaller pieces.

39. EXAMPLE
 You could pick out the parts one
by one, separate the bolts, the
nuts, things like that, and then
send them in smaller packages.
 That's basically what TCP does.

40. TCP/IP
 IP (stands for the Internet
Protocol): that it is responsible
for the address of each packet
that is sent so that they are
sent to the right destination.

41. WHAT WILL HAPPEN?
 TCP will split up the data into
smaller packets. IP would make
sure that all those packets are
sent to the right destination.
 And then when all those packets
have arrived at the destination,
TCP takes over again, and then
reassembles all the smaller

42. FOUR MAJOR LAYERS
 Data Link Layer
 Internet Layer
 Transport Layer
 Application Layer

43. FOUR MAJOR LAYERS
 Data Link Layer consists of
protocols that operate on a link
that connects hosts on a network
e.g Ethernet
• An example of a protocol that would
exist here, would be the Ethernet
protocol.

44. FOUR MAJOR LAYERS
 Internet Layer connects
independent networks together
e.g IP
 Transport Layer Handles
communication between hosts,
and this is where you would find
the TCP protocol itself. e.g TCP

45. FOUR MAJOR LAYERS
 Application Layer Standardizes
data exchange for applications e.g
HTTP, FTP

46. SUMMARY
• So overall, TCP and IP is very, very
popular. They are used for several kinds
of communications. They're used mostly
on the internet, used for emails.
• Whenever you're sending emails, you're
playing video games as well, you are
using TCP/IP.
• These are all examples of where the TCP
and IP

47. NEXT LESSON
HACKERS – WHO ARE
THEY?