CPE 513 CYBERPRENEURSHIP & CYBERLAW

MODULE IV: CYBERSECURITY AND CYBER LAW

Lecture 4

CYBERSECURITY
 CYBERSECURITY

•Cybersecurity combines people, processes and

technology to continually monitor vulnerabilities and
respond proactively to secure the system

•Cybersecurity is a highly technical, specialized field

•The confidential and secured (and even private)
nature of data sent or processed in e-commerce or
other online transactions puts increasing pressure on
IT professionals to understand cybersecurity and
mitigation measures

2
CYBERSECURITY

3
 CYBERSECURITY
• LEGAL, REGULATIONS, COMPLIANCE AND
INVESTIGATIONS DOMAIN

• Cybercrimes: crimes connected to information

assets and IT
✓Successful breaches typically involve an
attacker exploiting a mistake made by the victim
organization

• Cyberlaws: laws and regulations to prevent,

investigate and prosecute cybercrimes

• Cyber forensics: involves collecting, examining,

and preserving evidence of cybercrimes
4
 CYBERSECURITY
• CYBERCRIMES
• Well-known cyberattacks include:

✓SALAMI ATTACKS
➢Typically for very small amounts over numerous
accounts that accumulate into significant sums
➢Example: rounding interest calculations into an
attacker’s account

✓SOCIAL ENGINEERING
➢Manipulating an individual into divulging confidential
information to be used for fraudulent purposes
➢Example: Phishing (faked email request to email
back information regarding bank account and/or
ATM card access information)
5
 CYBERSECURITY
✓DUMPSTER DIVING
➢Rummaging through garbage for discarded
documents or digital media
➢Example: buying discarded computer hardware and
extracting data left on the hard drive.

✓PASSWORD SNIFFING
➢Attempting to obtain passwords by sniffing messages
sent between computers on the network
➢Example: Sniffing messages sent over a free wi-fi
network at the local coffee shop to obtain others’
passwords

6
 CYBERSECURITY

• INFORMATION SECURITY AND RISK

MANAGEMENT DOMAIN

• Information security and risk management

consists of the preventive and proactive
measures taken to prevent cybercrimes
✓Information security: policies and procedures
required to secure information assets, including
IT hardware, software, and stored data
✓Information risk management: manages the risk
related to information assets and IT and is part
of the larger enterprise risk management (ERM)

7
 CYBERSECURITY

• Fundamental principles of information security

include CIA:
✓Confidentiality: Sensitive data at each point in
information processing is secure and protected
from unauthorized access
✓Integrity: Data is accurate and reliable
✓Availability: Required data is available as
needed by an organization’s users
➢If data is destroyed, data can be restored so it
is available

8
 CYBERSECURITY
• Information security management involves
developing and enforcing security policies,
standards, guidelines and procedures for
information

• Three types of information security controls

are:
✓Administrative controls: security policies,
standards, guidelines and procedures to screen
employees and provide security training
✓Technical or logical controls: security policies,
standards, guidelines and procedures for access
control and configuration of IT infrastructure
✓Physical controls: includes facility access control,
environmental controls and intrusion detection
9
 CYBERSECURITY

• A security framework provides a conceptual

structure to address security and control
✓International Standardization Organization
ISO 27000 contains specifications for an
information security management system

10
 CYBERSECURITY

• SECURITY ARCHITECTURE AND DESIGN

DOMAIN
• Security architecture and design domain relates
to security for IT architecture and design
✓IT architecture consists of architecture for
computers, networks, and databases
• Networks are interconnected computers and
devices.
✓Network architecture consists of network
hardware and software
✓Three categories of networks: LANs, MANs
and WANs

11
 CYBERSECURITY

MAN
LAN WAN

LAN
CLUSTER

ENTERPRISE
INTRANET

12
 CYBERSECURITY
• TELECOMMUNICATIONS, NETWORK AND
INTERNET SECURITY DOMAIN
• This domain covers security for
telecommunications, networks and the Internet
• Telecommunications, networks, and the
Internet all relate to data transmission

• NETWORK SECURITY
✓Cyberattacks often target network access points
(NAP) because they offer access to the network
✓Routers, bridges and gateways are access points to
the network
✓Firewalls (software programs) that control traffic
between two networks can be installed on these
routing devices to prevent unauthorized access
13
 CYBERSECURITY

✓A NAP point without a firewall is like a house

with an open entrance door
✓Multiple firewalls can be used on an enterprise
intranet
➢So if one firewall fails, another firewall may
prevent further penetration into the
enterprise's system
14
 CYBERSECURITY
• INTERNET SECURITY
✓Firewalls play an important role in e-commerce
➢If the web server is BEHIND a high-security
firewall, the website cannot be accessed by the
general public
➢If the web server is in FRONT of the enterprise
firewall, then hackers may deface the website
✓To address this dilemma:
➢an enterprise places its web servers BEHIND a low-
level security firewall which is the first firewall to
the outside world
➢Another high-level security firewall is located
behind the web servers

15
 CYBERSECURITY
✓NOTE:
➢E-commerce without firewalls is like a store with
window showcase without glass and any form of
security
➢A web server behind a high-security firewall is like
a store showcase without any window!
• Demilitarized zone (DMZ) is the area between the
first and second firewall

E-Commerce Architecture
Using Firewalls and DMZ

16
 CYBERSECURITY
✓Honeypot is a computer located in the DMZ
with attractive but irrelevant data
➢The honeypot is used to distract hackers
✓Organizations may catch hackers by tracing
them back to their source while the hackers
are busy hacking the honeypot

Enterprise Intranet with Honeypot

Pot is the server

and the honey is
the data on that
server 17
 CYBERSECURITY
• CONTROL ACCESS DOMAIN
✓The control access domain addresses security
for access to the enterprise system, including
computers, networks, routers and databases
✓Access control threats include:
➢Network sniffers that examines traffic on the
network
➢Phishing to obtain confidential information
➢Identify theft
✓Security principles (IAAA) for access control
include:
➢Identification
➢Authentication
➢Authorization
➢Accountability
18
 CYBERSECURITY
✓For a user to be allowed access to a secured
system (computers and network) the user should
be identified, authenticated and then authorized
to access the system
• Password Management
✓To identify users, usernames and passwords may
be required to login to the system.
✓Password management involves:
➢Number of passwords a user has
➢Frequency of password changes
➢Password format including length and type (e.g.,
alphanumeric)
➢Number of incorrect login attempts

19
 CYBERSECURITY
✓Dynamic Password: a password that is used
once and then changed (OTP)
✓Token Device (TD):
➢Is a hardware device containing a password
generator protocol
➢Creates a new password each time the token is
used
➢Eliminates the need for the user to memorize a
continually changing password
✓Single Sign-On (SSO): permits the user to use
one username and password to log into various
systems

20
 CYBERSECURITY

• Biometric Access
✓Biometrics is an access method which
identifies the user by analyzing his/her
personal attributes
✓Biometrics include:
➢Fingerprints
➢face recognition
➢retina scans
➢palm scans

21
 CYBERSECURITY
• Intrusion Prevention/Detection Systems

✓Intrusion prevention systems (IPS) attempt to

prevent cyberattacks from occurring
✓Intrusion detection systems (IDS) attempt to
detect the occurrence of cyberattacks
➢IDS are inadequate because the attack would
have already occurred
✓IPS can include sniffers used by the
enterprise to detect malicious messages on its
own network
➢The message can be destroyed before causing
harm

22
 CYBERSECURITY
• Operations security
✓Operations security refers to activities and
procedures required to keep IT running
securely
✓IT security management includes responsibility
for maintaining security devices and software
such as:
➢Virus detection
➢Firewalls
➢IPS
➢IDS
✓Security assessment is carried out on a
scheduled basis to evaluate the security of the
various components of the enterprise system

23
 CYBERSECURITY

✓IT security operational responsibilities relate

to how the enterprise system operates
✓It includes:
➢input/output controls
➢accounting for software licenses
➢training for all employees regarding security
procedures
➢conducting vulnerability checks
➢developing contingency plans for cyberattacks

24
 CYBERSECURITY

• Physical and Environmental Security Domain

✓The physical and environmental security domain
addresses the physical security of IT
components, such as hardware and software
✓Physical threats include:
➢Natural environmental disasters, such as fire and
flood
➢Supply system threats
➢Man-made threats
➢Politically motivated threats

25
 CYBERSECURITY

• APPLICATION SECURITY DOMAIN

✓The application security domain addresses
security and controls for application
software, including input, processing, and
output
• Malware (malicious software)
✓Malware is spread throughout an enterprise
system by email, fake adverts, Internet
downloads and shared drives
✓Malware includes:
➢Viruses
➢Bots
➢Worms
➢Logic bombs
➢Trojan horses
➢Spam
26
 CYBERSECURITY

✓Bots: (short for robots) a tiny piece of

programming code which installs itself on a
Zombie (infected computer)
➢Bots monitor the Zombie computer and transmit
information back to the Master (hacker’s
computer).
27
 CYBERSECURITY

✓Viruses: a small computer program that infects

other application software by attaching to and
disrupting the application’s function
✓Logic bombs: malware that executes when a
specified event happens within the computer, as
for example, when the user logs into his or her
bank account
✓Trojan horses: malware disguised as a
legitimate program that may be downloaded and
installed by users without realizing it is a virus
✓Spam: malware sent by email
➢Spam can be a virus, bot, logic bomb, worm, or
Trojan horse

28
 CYBERSECURITY

• BUSINESS CONTINUITY AND DISASTER

RECOVERY DOMAIN
✓This domain addresses an enterprise’s
business continuity and disaster recovery plan
✓The goals of a disaster recovery plan include:
➢Minimize disruption, damage, and loss from a
disaster
➢Provide a temporary method for processing
business and data transactions
➢Resume normal operations quickly

29
 CYBERSECURITY
• CRYPTOGRAPHY DOMAIN
✓Cryptography is encoding data in a form that
only the sender and intended receiver can
understand
✓Encryption is a method of converting plaintext
data into an unreadable form called ciphertext
➢Ciphertext is converted back to plain text using
decryption

30
 CYBERSECURITY
✓Encryption methods determine the number of
keys and how the keys are used to encode and
decode data
✓Encryption methods include:
➢Symmetric cryptography or 1 key method: This
method uses 1 key to encode and the same key to
decode
➢Both the sender and the recipient have the same
key

31
 CYBERSECURITY
✓Asymmetric cryptography or 2 key method: Uses
two keys with one key used to encode and a
second related, but different key to decode the
message
➢Public key: key used to encrypt the message
➢Private key: key used to decode the message

32
 CYBERSECURITY
✓Digital envelope or 3 key method: combines
symmetric and asymmetric cryptography
➢The intended recipient’s key is transmitted using
the 2 Key method in a digital envelope

• NOTE
✓Encryption is a useful tool for protecting data
in transit and when stored in databases
✓As encryption tools have improved, crackers
(high-level hackers) use more sophisticated
techniques to bypass data encryption
➢Example: malware that captures keystrokes
for data as the user is entering the data into
the computer screen
Data is captured by the cracker before there
is a chance for it to be encrypted 33