20
Cybersecurity 1: Introduction to cybersecurity 2013 Slide 1 Cybersecurity 1 Introduction to cybersecurity

Cybersecurity 1. intro to cybersecurity

Embed Size (px)

DESCRIPTION

Introduces the concept of cybersecurity

Citation preview

Page 1: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 1

Cybersecurity 1

Introduction to cybersecurity

Page 2: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 2

What is cybersecurity?• A very wide-ranging term with no

standard definition.

• It covers all aspects of ensuring the protection of citizens, businesses and critical infrastructures from threats that arise from their use of computers and the internet.

Page 3: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 3

Internet-enabled crime

• Criminals see lower risks and high rewards from cyber crime than through ‘physical’ crime

• Stealing confidential and national secrets by intelligence agencies and others now involves illegally accessing digitised information.

Page 4: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 4

Internet-enabled crime

• Nation states have the potential to disrupt an enemy’s economy and perhaps reach their strategic objectives without risk to their armed forces

• There are fewer online barriers to anti-social behaviour on the net than in face to face interaction.

Page 5: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 5

Scope of cybersecurity• Techniques of threat and attack

analysis and mitigation

• Protection and recovery technologies, processes and procedures for individuals, business and government

• Policies, laws and regulation relevant to the use of computers and the Internet

Page 6: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 6

Cybersecurity is not…

• Computer security

• Security engineering

• Encryption

• Computer crime

• Computer forensics

Page 7: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 7

Cybersecurity is…

• A socio-technical systems problem

• Security problems almost always stem from a mix of technical, human and organisational causes

Page 8: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 8

Cyber attack

• A malicious attempt, using digital technologies, to cause personal or property loss or damage, and/or steal or alter confidential personal or organisational data

Page 9: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 9

Insider attacks

• Attacks to an organisation carried out by someone who is inside that organisation

• Difficult to counter using technical methods as the insider may have valid credentials to access the system

Page 10: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 10

External attacks

• Attacks to an organisation carried out by an external agent

• Requires either valid credentials or the exploitation of some vulnerability to gain access to the systems

Page 11: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 11

© Infosecurity magazine 2012

Page 12: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 12

Malware

• Software that has some malicious intent and which is installed on a user’s computer without that user’s consent

Page 13: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 13

Malware

• Key loggers

– Software installed on a computer that captures key strokes and sends these to a remote system

– Used to try and get personal information to gain access to sites such as banks

Page 14: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 14

Malware

• Ransomware– Software that runs on a user’s

computer and demands that the user pays some other organisation. If they don’t, the information on their computer will be destroyed.

Page 15: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 15

Malware transmission

• Malware can usually spread itself from one computer to another either as a virus or as a worm

Page 16: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 16

Viruses and worms

• Virus – malware attached to a carrier such as an email message or a word processing document

• Worm – malware can autonomously spread itself without a carrier, using information about connected computers

Page 17: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 17

Malicious and accidental damage

• Cybersecurity is most concerned with

– Cyber attacks

• Cyber-accidents–   Accidental events that can

cause loss or damage to to an individual, business or public body

Page 18: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 18

• Many of the same technologies used to protect against external attack also protect against cyber-accidents.

• However, sometimes protecting against cyber attacks increases the probability of cyber-accidents.

Page 19: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 19

• Adding protection increases system complexity which increases the likelihood of introducing bugs into the system and for humans to make mistakes.

• For example– An attack detection system might

mistakenly detects an external attack and shut down part of the system in response to this.

Page 20: Cybersecurity 1. intro to cybersecurity

Cybersecurity 1: Introduction to cybersecurity 2013 Slide 20

Summary• Cybersecurity all about protecting,

repelling and recovering from cyberattacks

• Need to be aware of the potential for both insider and external cyber attacks

• Malware is malicious code that is installed on a computer without the owner’s consent.