KEMBAR78
CE1C Module 7 | PDF | Security | Computer Security
Scribd
Upload
39 views20 pages

CE1C Module 7

The document is a comprehensive guide on cybersecurity, covering essential topics such as types of cyber threats, data protection strategies, defensive measures, and emerging technologies. It emphasizes the importance of user awareness and training in mitigating risks associated with cyber incidents. Additionally, it discusses cloud security challenges and the significance of compliance with data privacy regulations.

Uploaded by

joshuacorregidor15
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
39 views20 pages

CE1C Module 7

The document is a comprehensive guide on cybersecurity, covering essential topics such as types of cyber threats, data protection strategies, defensive measures, and emerging technologies. It emphasizes the importance of user awareness and training in mitigating risks associated with cyber incidents. Additionally, it discusses cloud security challenges and the significance of compliance with data privacy regulations.

Uploaded by

joshuacorregidor15
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 20

GEN EL 004 Living in the IT Era

Module 7: Cybersecurity

BSCE 1C

Joseph Emmanuel N. Arceño


Christian Russel A. Catimon
Joshua A. Corregidor
Karch Kent Ricci M. Roa

GIOVANNI N. DE LOS SANTOS

Instructor

A.Y. 2023–2024
1
BSCE 1C

Living in the IT Era


Module 7: Cybersecurity

2
TABLE OF CONTENTS

Title Page_______________________________________________________________1

Learning Outcomes________________________________________________________4

Cybersecurity______________________________________________________5

Data Protection___________________________________________________6
Threats and Vulnerabilities_________________________________________7

Defensive Strategies________________________________________________8

Emerging Trends and Technologies____________________________________9

Cyber Security Awareness and Training______________________________11

Cloud Security_____________________________________________________12

References______________________________________________________________14

Activity________________________________________________________________15

Reflection______________________________________________________________16

Questions_______________________________________________________________17

Answer Key______________________________________________________________19

3
Learni
 Understand
ng various types of cyber threats such as
malware.


Outcom
Explore different security measures.
Learn how to create and implement an effective incident
response plan to manage and mitigate the impact of cyber


es
incidents and breaches.
Identify key legal and regulatory requirements related
to cybersecurity.
 Develop security practices to ensure software
applications are safe.

Welcome to Cybersecurity!

Get ready to dive into the essentials of


protecting digital information and systems.
You'll learn to identify threats, implement
defences, and respond to incidents. Let's
embark on this journey to secure the digital
world together!

Cybersecurity
4
 Cybersecurity refers to the practices and technologies
used to protect systems, networks, programs, devices,
and data from unauthorized access, use, disclosure,
disruption, modification, or destruction. It's
essentially building your digital defenses against
cyber threats.

Key aspects of cybersecurity:

 Confidentiality: Ensuring only authorized users can


access sensitive information.
 Integrity: Guaranteeing the accuracy and completeness
of data and systems.
 Availability: Making sure authorized users can access
information and systems when needed.
 Defense Mechanisms: Implementing firewalls, intrusion
detection systems, and antivirus software to prevent
attacks.
 User Awareness: Educating users about cybersecurity
best practices like strong passwords and avoiding
suspicious links.

Security

Protect

Defend

Data Protection
5
 Data protection focuses on safeguarding personal
information. It ensures this data is collected, used,
stored, and disposed of responsibly, respecting user
privacy.

Essential elements of data protection:

 Data Minimization: Only collecting the data absolutely


necessary for a specific purpose.
 Access Control: Limiting access to data based on user roles
and permissions.
 Data Encryption: Securing data with encryption algorithms to
make it unreadable for unauthorized users.
 Data Breach Response: Having a plan to identify, contain,
and recover from data breaches.
 Data Privacy Regulations: Understanding and complying with
relevant data privacy regulations like GDPR (General Data
Protection Regulation) and CCPA (California Consumer Privacy
Act).

These concepts work


together to create a
Data
Cybersec
robust security posture. protecti
urity on
protects Strong cybersecurity governs
the data how that
itself practices are essential data is
handled
for effective data
protection.

Threats and Vulnerabilities


6
In today's interconnected world, our devices and data are constantly
exposed to threats. These threats include malicious software (malware)
designed to steal information or disrupt operations, phishing scams that
trick us into giving away sensitive information, and ransomware that holds
our data hostage. These threats exploit vulnerabilities such as outdated
software, weak passwords, and insecure network configurations, creating
openings for attackers to cause harm.

Cyber Threats

 Malicious activities aimed at compromising the security of systems,


networks, and data

Malware

 Designed to damage, disrupt, or gain unauthorized access to systems

Phishing

 Involves tricking individuals into providing sensitive information


 Uses deceptive emails or websites

Ransomware

 Encrypts data
 Demands a ransom for its release

Defensive Strategies
2
7
To defend against cyber threats, robust strategies are essential.
Network security uses firewalls and intrusion detection systems to manage
traffic and monitor for suspicious activities. Endpoint security deploys
antivirus and anti-malware software to protect devices. Data encryption
secures information by making it unreadable to unauthorized users.
Understanding and applying these defenses helps ensure safer navigation of
the digital world.

Network Security Measures

 Firewalls: Filter traffic based on security rules


 Intrusion Detection Systems (IDS): Detect and alert on suspicious
activities

Endpoint Security

 Protects individual devices (computers, mobile phones) from malware


 Antivirus and anti-malware software: Scan, detect, and neutralize
malicious programs

Data Encryption and Secure Communication Protocols

 Encryption: Converts data into an unreadable format without the


decryption key

 Secure protocols (e.g., HTTPS): Protect data exchanges over the


Emerging Trends and Technologies
internet from unauthorized access

3
8
Artificial Intelligence and Machine Learning in Cyber Security

 Artificial Intelligence (AI) and Machine Learning (ML) significantly


enhance cybersecurity by employing advanced algorithms for threat
detection and response. AI algorithms process large datasets in real-
time to identify anomalies and potential threats that traditional
methods might overlook. Machine Learning models use historical data to
anticipate and prevent future cyber attacks, strengthening proactive
defense strategies.

Applications:

 Threat Detection: AI and ML can analyze vast amounts of data to detect


anomalies and potential threats in real-time.
 Predictive Analytics: Predict future attacks based on historical data
and trends.
 Automated Response: AI-driven systems can automatically respond to
certain types of threats, reducing response time

Challenges:

 Data Privacy: Ensuring AI systems do not compromise user data.


 Adversarial Attacks: Protecting AI models from being manipulated by
attackers.

Blockchain for Secure Transactions

Blockchain technology ensures secure transactions by using a


decentralized ledger that distributes records across a network of nodes.
This approach eliminates single points of failure and protects against
9
tampering. Each transaction is cryptographically linked to previous ones,
creating an immutable chain that prevents data alteration. This
transparency allows all network participants to verify transactions,
building trust and accountability. Blockchain's cryptographic security and
consensus mechanisms make it difficult for malicious actors to compromise
data. Its applications extend across finance, supply chain management, and
identity verification, leveraging its capabilities for secure and
transparent transactions.

Applications in Cyber Security:

 Secure Transactions: Enhancing the security of financial transactions.


 Data Integrity: Ensuring data has not been tampered with.
 Identity Management: Providing a secure way to manage digital
identities.

Challenges:

 Scalability: Managing the growing size of the blockchain.


 Regulation: Navigating the legal landscape around blockchain use.

Cyber Security Awareness and Training


4
10
Importance of Training and Awareness Programs

Employee training and awareness programs are essential for a strong


cybersecurity strategy, as they equip staff to defend against cyber
threats. Educating employees on security best practices—such as recognizing
phishing attempts, using strong passwords, and protecting sensitive
information—can reduce the risk of breaches caused by human error. These
programs also help ensure compliance with data protection regulations and
promote a culture of vigilance and proactive threat reporting. Investing in
comprehensive training enhances the organization's security posture and
resilience against sophisticated cyber threats.

Benefits:

 Reducing Human Error: Educated employees are less likely to fall


victim to phishing and other attacks.
 Compliance: Meeting regulatory and compliance requirements.
 Building Resilience: Strengthening the organization's overall security
posture.
 Statistics and Examples: Present data showing the impact of training
programs on security incidents.

Methods for Educating Staff on Security Best Practices

 Workshops and Seminars: In-person or virtual sessions led by security


experts.
 Online Courses: E-learning platforms offering flexibility and self-
paced learning.
 Simulated Attacks: Phishing simulations and other hands-on exercises
to test and reinforce learning.
 Regular Updates: Keeping staff informed about the latest threats and
best practices.

Cloud Security
5
11
 Collection of security measures designed to protect cloud-based
infrastructure, applications, and data.

Cloud security tool :

*NordVPN, an example of cloud security as it safeguards your connection


with next-generation encryption, so you can log into your accounts, make
bank transfers, and shop online without worries.

Few common examples of challenges in ensuring cloud security :

 Data breaches - A data breach can bring a company to its knees,


causing irreversible damage to its reputation, financial woes due to
regulatory implications, legal liabilities, incident response cost and
decreased market value.

Steps to prevent a data breach in the cloud include the following:

12
 Conduct data risk assessments.
 Protect data with cloud encryption.
 Maintain an incident response plan.
 Follow the principle of least privilege.
 Establish policies for secure data removal and disposal.

Cyberattacks - Cloud cyberattacks can lead to performance degradation,


downtime, customers unknowingly hosting malware, data loss and more

Insider threats - Insiders, including current and former employees,


contractors and partners, can cause data loss, system downtime, reduced
customer confidence and data breaches.

Insider threats fall into three categories:

 Compromised insiders - an employee who clicks a phishing link and has


their credentials stolen or downloads malware onto the company
network.
 Negligent insiders - an employee who loses a device containing company
data or from which an attacker can steal their credentials.
 Malicious insiders - an employee who steals data to commit fraud.

13
REFERENCES
Cybersecurity Framework | NIST. (2024, July 17). NIST.
https://www.nist.gov/cyberframework

Cyber Security Training | SANS Courses, Certifications & Research. (2024,


December 9). https://www.sans.org/

CIS. (n.d.). CIS. https://www.cisecurity.org/

Cyber Security Training | SANS Courses, Certifications & Research. (2024b,


December 9). https://www.sans.org/

Deshpande, C. (2024, July 16). What Is Firewall: Types, How Does It Work,
Advantages & Its Importance. Simplilearn.com.
https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-
is-firewall

Cybersecurity Framework | NIST. (2024b, July 17). NIST.


https://www.nist.gov/cyberframework

General Data Protection Regulation (GDPR) Compliance Guidelines. (2019,


February 19). GDPR.eu. https://gdpr.eu/

ISO/IEC 27001:2022. (n.d.). ISO. https://www.iso.org/standard/27001

Shea, S. (2024, April 29). Top 11 cloud security challenges and how to
combat them. Security.
https://www.techtarget.com/searchsecurity/tip/Top-11-cloud-security-
challenges-and-how-to-combat-them

14
Activity
Instructions: Determine whether each statement is True or False.

1. Malware is designed to protect systems from unauthorized access by


scanning for suspicious activities.

2. Phishing attacks use deceptive emails or websites to trick individuals


into providing sensitive information.

3. Data encryption converts data into an unreadable format to prevent


unauthorized users from accessing it.

4. A firewall is a tool used to detect and alert on suspicious activities


within a network.

15
5. Insider threats can include compromised insiders, negligent insiders,
and malicious insiders, all of which can cause data breaches.

Reflection
How has the increasing dependence on digital technologies, accelerated
by recent global events, influenced your perspective on the importance
of cybersecurity measures in safeguarding personal and organizational
information? Consider how this evolving digital landscape has shaped
your understanding of the balance between technological advancement and
security challenges.

________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________

16
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________

Questions
1. Which of the following is NOT a key aspect of cybersecurity?

A. Confidentiality
B. Integrity
C. Data Minimization
D. Availability
2. What does data encryption primarily aim to achieve?

A. Ensuring data is available to all users


B. Making data unreadable to unauthorized users
C. Minimizing the amount of data collected
D. Educating users about strong passwords
3. Which of the following is a key element of data protection?

A. Defence Mechanisms
B. User Awareness
C. Data Encryption
D. Confidentiality

4. Which type of cyber threat involves encrypting data and demanding a


ransom for its release?

A. Malware
B. Phishing
C. Ransomware
D. Virus
17
5. What is a common method used in phishing attacks?

A. Encrypting data to demand ransom


B. Exploiting outdated software vulnerabilities
C. Deceptive emails or websites to trick individuals
D. Using firewalls to prevent unauthorized access

6. Which security measure is designed to filter network traffic based on


security rules?

A. Antivirus Software
B. Intrusion Detection Systems (IDS)
C. Firewalls
D. Data Encryption

7. What is the primary purpose of data encryption in cybersecurity?

A. To detect and alert on suspicious activities


B. To protect individual devices from malware
C. To convert data into an unreadable format without the decryption
key
D. To manage and filter network traffic

8. Which tool is mentioned as an example of cloud security that


safeguards connections with encryption?

A. Norton Antivirus
B. McAfee
C. NordVPN
D. Bitdefender

9. What is one of the common challenges in ensuring cloud security?

A. Improved network performance


B. Data breaches
C. Increased employee productivity
D. Enhanced customer satisfaction

10. Which of the following is NOT a category of insider threats?

A. Compromised insiders
B. Negligent insiders
C. Malicious insiders
D. Authorized insiders

18
ANSWER KEY
ACTIVITY

1.FALSE
2.TRUE
3.TRUE
4.FALSE
5.TRUE

QUESTIONS

1. C 6. C

2. B 7. C

3. C 8. C

4. C 9. B

5. C 10. D
19
20

You might also like