cyber security

ramirocid.com [email protected] Twitter: @ramirocid

Ramiro Cid | @ramirocid

Cyber Security


2

Index

1. Cyber security definition Page 3

2. Vulnerabilities Page 4

3. Social engineering and human error Page 6

4. Financial cost of security breaches Page 7

5. Computer protection Page 8

6. The cyber security job market Page 13


Cyber Security definition

Cybersecurity, also known as “IT security” or “Computer security” is information security applied to

computing devices such as servers, computers and mobile devices (as smartphones, tablets), etc.,

as well as computer networks such as private and public networks, including the whole Internet.

The field covers all the processes and mechanisms by which digital equipment, information and

services are protected from unintended or unauthorized access, change or destruction, and is of

growing importance in line with the increasing reliance on computer systems of most societies

worldwide.

The 3 principles of Information,

confidentiality, integrity and disponibility are protected

by Cybersecurity.


Vulnerabilities

To understand the techniques for securing a computer system, it is important to first understand the

various types of "attacks" that can be made against it.

These threats can typically be classified into one of the 6 categories below:

a) Denial-of-service attack: Attackers can deny service to individual victims, such as by

deliberately entering a wrong password enough consecutive times to cause the victim account to

be locked, or they may overload the capabilities of a machine or network and block all users at

once.

b) Backdoors: A backdoor in a computer system, a cryptosystem or an algorithm, is a method of

bypassing normal authentication, securing remote access to a computer, obtaining access to

plaintext, and so on, while attempting to remain undetected.


Vulnerabilities

c) Exploits: An exploit is a piece of software, a chunk of data, or sequence of commands that take

advantage of a software "bug" or "glitch" in order to cause unintended or unanticipated behavior

to occur on computer software, hardware, or something electronic (usually computerized).

d) Direct access attacks: Someone who has gained access to a computer can install different

types of devices to compromise security, including operating system modifications, software

worms, key loggers, and covert listening devices. The attacker can also easily download large

quantities of data.

e) Eavesdropping: Is the act of surreptitiously listening to a private conversation, typically between

hosts on a network.

f) Indirect attacks: is an attack launched by a third-party computer. By using someone else's

computer to launch an attack, it becomes far more difficult to track down the actual attacker.


Social engineering and human error

“…A computer system is no more secure than the persons responsible for its operation…”

Malicious individuals have regularly penetrated well-designed, secure computer systems by taking

advantage of the carelessness of trusted individuals, or by deliberately deceiving them, for example

sending messages that they are the system administrator and asking for passwords. This deception

is known as social engineering.

The main target is to convince the user by means of psychological ways to disclose his or her

personal information such as passwords, card numbers, etc. by, for example, impersonating the

services company or the bank.


Financial cost of security breaches

Serious financial damage has been caused by security breaches, but because there is no standard

model for estimating the cost of an incident, the only data available is that which is made public by

the organizations involved. Several computer security consulting firms produce estimates of total

worldwide losses attributable to virus and worm attacks and to hostile digital acts in general.

Insecurities in operating systems have led to a massive black market for rogue software. An attacker

can use a security hole to install software that tricks the user into buying a product.


Computer protection

1. Security and systems design:

Although there are many aspects to take into consideration when designing a computer system,

security can prove to be very important.

2. Security measures:

A state of computer "security" is the conceptual ideal, attained by the use of the three processes:

threat prevention, detection, and response. These processes are based on various policies and

system components, which include the following:

a. User account access controls and cryptography

b. Firewalls

c. Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs)

d. "Response" is necessarily defined by the assessed security requirements of an individual system and may cover the range from simple upgrade of protections to notification of legal authorities, counter-attacks, etc.


Computer protection

3. Difficulty with response:

Responding forcefully to attempted security breaches (in the manner that one would for attempted

physical security breaches) is often very difficult for a variety of reasons:

a. Identifying attackers is difficult, as they are often in a different jurisdiction to the systems they attempt to

breach, and operate through proxies, temporary anonymous dial-up accounts, wireless connections, and other

anonym sing procedures which make backtracking difficult and are often located in yet another jurisdiction.

b. The sheer number of attempted attacks is so large that organizations cannot spend time pursuing each

attacker.

c. Law enforcement officers are often unfamiliar with information technology, and so lack the skills and interest in

pursuing attackers.


Computer protection

4. Reducing vulnerabilities:

Computer code is regarded by some as a form of mathematics. It is theoretically possible to prove

the correctness of certain classes of computer programs, though the feasibility of actually achieving

this in large-scale practical systems is regarded as small by some with practical experience in the

industry.

5. Security by design:

Security by design, or alternately secure by design, means that the software has been designed from

the ground up to be secure. In this case, security is considered as a main feature.

6. Security architecture:

The Open Security Architecture organization defines IT security architecture as "the design artifacts

that describe how the security controls are positioned, and how they relate to the overall information

technology architecture. These controls serve the purpose to maintain the system's quality attributes:

confidentiality, integrity, availability, accountability and assurance services".


Computer protection

7. Hardware protection mechanisms

While hardware may be a source of insecurity, such as with microchip vulnerabilities maliciously

introduced during the manufacturing process, hardware-based or assisted computer security also

offers an alternative to software-only computer security. Using devices and methods such as

dongles, trusted platform modules, intrusion-aware cases, drive locks, disabling USB ports, and

mobile-enabled access may be considered more secure due to the physical access (or sophisticated

backdoor access) required in order to be compromised.

8. Secure operating systems

One use of the term "computer security" refers to technology that is used to implement secure

operating systems. Much of this technology is based on science developed in the 1980s and used to

produce what may be some of the most impenetrable operating systems ever. Though still valid, the

technology is in limited use today, primarily because it imposes some changes to system

management and also because it is not widely understood.


Computer protection

9. Secure coding

If the operating environment is not based on a secure operating system capable of maintaining a

domain for its own execution, and capable of protecting application code from malicious subversion,

and capable of protecting the system from subverted code, then high degrees of security are

understandably not possible

10. Capabilities and access control lists

Within computer systems, two security models capable of enforcing privilege separation are access

control lists (ACLs) and capability-based security. Using ACLs to confine programs has been proven

to be insecure in many situations, such as if the host computer can be tricked into indirectly allowing

restricted file access, an issue known as the confused deputy problem

11. Hacking back

There has been a significant debate regarding the legality of hacking back against digital attackers

(who attempt to or successfully breach an individual's, entity's, or nation's computer).


The cyber security job market

Cyber Security is a fast-growing field of IT concerned with reducing organizations'risk of hack

or data breach.

Commercial, government and non-governmental all employ cybersecurity professional, but the use

of the term "cybersecurity" is government job descriptions is more prevalent than in non-government

job descriptions, in part due to government "cybersecurity" initiatives (as opposed to corporation's "IT

security" initiatives) and the establishment of government institutions like the US Cyber Command

and the UK Defence Cyber Operations Group.

Typical cyber security job titles and descriptions include: (see next slide)



a) Chief Information Security Officer:

A high-level management position responsible for the entire information security division/staff. The

position may include hands-on technical work.

b) Security Engineer:

Performs security monitoring, security and data/logs analysis, and forensic analysis, to detect

security incidents, and mounts incident response. Investigates and utilizes new technologies and

processes to enhance security capabilities and implement improvements. May also review code or

perform other security engineering methodologies.



c) Security Analyst:

Analyzes and assesses vulnerabilities in the infrastructure (software, hardware, networks),

investigates available tools and countermeasures to remedy the detected vulnerabilities, and

recommends solutions and best practices. Analyzes and assesses damage to the data/infrastructure

as a result of security incidents, examines available recovery tools and processes, and recommends

solutions. Tests for compliance with security policies and procedures. May assist in the creation,

implementation, and/or management of security solutions.

d) Security Architect:

Designs a security system or major components of a security system, and may head a security

design team building a new security system.



e) Security Administrator:

Installs and manages organization-wide security systems. May also take on some of the tasks of a

security analyst in smaller organizations.

f) Security Consultant/Specialist:

Broad titles that encompass any one or all of the other roles/titles, tasked with protecting computers,

networks, software, data, and/or information systems against viruses, worms, spyware, malware,

intrusion detection, unauthorized access, denial-of-service attacks, and an ever increasing list of

attacks by hackers acting as individuals or as part of organized crime or foreign governments.

Student programs are also available to people interested in beginning a career in cybersecurity.


Sources used and webs to expand knowledge

� “What is Cyber Security?” | UMUC

URL: http://www.umuc.edu/cybersecurity/about/cybersecurity-basics.cfm

� “IT Security Review: Privacy, Protection, Access Control, Assurance and System Security” | SERSC

URL: http://www.sersc.org/journals/IJMUE/vol2_no2_2007/2.pdf

� “Protect Myself from Cyber Attacks” | Homeland Security

URL: http://www.dhs.gov/how-do-i/protect-myself-cyber-attacks

� “5 Ways To Protect Yourself From Cyber Attacks” | Forbes

URL: http://www.forbes.com/sites/realspin/2014/02/07/5-ways-to-protect-yourself-from-cyber-attacks/

� Wikipedia | URL: http://en.wikipedia.org/wiki/Computer_security


Questions ?

Many thanks !Ramiro Cid

CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL

[email protected]

@ramirocid

http://www.linkedin.com/in/ramirocid

http://ramirocid.com http://es.slideshare.net/ramirocid

http://www.youtube.com/user/cidramiro

cyber security

Technology

state of computer security

computer software

security measures

security hole

computer networks

thirdparty computer

computer protection1

secure computer systems