INTRODUCTION TO

CYBER SECURITY
 Introduction & Overview to Cyber Security

1. What is Cyberspace?

Cyberspace is the virtual environment in which digital communication,

information exchange, and online interactions occur. It encompasses the
internet, private networks, and cloud computing platforms, allowing users to
connect globally without physical boundaries.

• Key Characteristics:
o Borderless: Connects users globally.
o Interactive: Enables real-time communication and data sharing.
o Evolving: Continuously growing with new technologies like IoT
and blockchain.
Example:
A person attending a virtual meeting on Zoom and simultaneously
using Google Drive to share documents operates in cyberspace.

2. What is Cyber Security?

Cybersecurity is the practice of safeguarding digital infrastructure, systems, and

data from unauthorized access, disruption, or theft. It protects against
cyberattacks such as hacking, phishing, and malware.

• Key Components:
o Tools: Firewalls, antivirus software, and intrusion detection
systems.
o Processes: Incident response plans, vulnerability assessments.
o People: Security professionals, trained users.
Example:
A company uses endpoint detection software to prevent
ransomware from encrypting its files.

3. What is Cyber Defence?

Cyber defense involves proactive and reactive measures to prevent, detect, and
respond to cyber threats. It combines threat intelligence, system monitoring, and
incident response mechanisms to safeguard systems.

• Key Strategies:
o Intrusion Prevention Systems (IPS).
o Threat Intelligence Platforms.
o Incident Response Teams.
Example:
A financial institution employs a Security Operations Center
(SOC) to monitor suspicious activities, preventing fraud attempts.

4. What is Security and Safety?

• Security: The state of being protected from intentional threats (e.g.,

hacking, espionage).
• Safety: The state of being protected from accidental harm (e.g., data loss
due to hardware failure).
Example:
• Security: Using biometric authentication to prevent unauthorized access.
• Safety: Performing regular system backups to recover from accidental
deletions.

5. Layers of Security

The layered security approach uses multiple defense measures to protect digital
systems from diverse threats.

1. Physical Security: Guards against physical breaches.

2. Personal Security: Protects individuals' identities and data.
3. Operational Security: Prevents sensitive information leakage.
4. Information Security: Safeguards data integrity, confidentiality, and
availability.
5. Network Security: Secures data transmitted over networks.
Example:
A company might use biometric scanners (physical security), encryption
(information security), and firewalls (network security).

6. Physical Security

Physical security refers to measures that protect hardware, networks, and data
storage from physical threats such as theft, vandalism, or natural disasters.
Techniques:

• CCTV monitoring.
• Biometric access control.
• Secure server rooms.
Example:
A data center requires a keycard and biometric scan for access, with
cameras monitoring the premises.

7. Personal Security

This focuses on protecting individuals from threats such as identity theft, fraud,
or phishing.
Techniques:

• Two-factor authentication (2FA).

• Privacy-focused practices, such as avoiding oversharing personal data
online.
Example:
Employees are trained to identify phishing emails to prevent credential
theft.

8. Operations Security (OPSEC)

OPSEC identifies and mitigates risks that arise from revealing critical
information to adversaries. It involves analyzing data flow and access points to
prevent leaks.
Steps:

1. Identify sensitive data.

2. Analyze potential threats.
3. Implement safeguards.
Example:
Restricting access to financial reports to a select group of executives
reduces the risk of sensitive information leaking.

9. Communications Security

Communication security ensures the confidentiality and integrity of transmitted

information. It prevents unauthorized interception or tampering.
Techniques:

• Encryption: Secure communication channels using protocols like TLS.

• VPNs: Encrypt internet traffic.
Example:
Organizations use end-to-end encrypted platforms like Signal for
sensitive discussions.

10. Computer Security

Computer security protects individual devices from threats such as malware or

unauthorized access.
Techniques:

• Installing firewalls and antivirus software.

• Regularly updating operating systems.
Example:
A company laptop is protected by BitLocker encryption to secure stored
data.
11. Network Security

This involves securing the infrastructure of networks from intrusions and

disruptions.
Techniques:

• Firewalls: Monitor and control incoming/outgoing traffic.

• Intrusion Detection Systems (IDS): Detect unusual activity.
Example:
A corporate VPN ensures secure remote access to company systems.

12. Information Security

This ensures the confidentiality, integrity, and availability (CIA) of data.

Techniques:

• Encrypting data during storage and transmission.

• Implementing role-based access controls.
Example:
Healthcare providers encrypt patient records to prevent unauthorized
access.

13. What is a Vulnerability?

A vulnerability is a weakness in software, hardware, or processes that can be

exploited by a threat actor to compromise a system.
Example:
An unpatched server running outdated software is vulnerable to ransomware
attacks.

14. What is a Threat?

A threat is any potential event or action that could exploit a vulnerability to

cause harm.
Example:
A phishing campaign targeting employees to steal sensitive credentials.

15. What is a Control?

A control is a safeguard or countermeasure implemented to mitigate risks and

vulnerabilities.
Example:
Using multi-factor authentication (MFA) to reduce the risk of unauthorized
access.

16. CIA

• Confidentiality: Preventing unauthorized access to sensitive information.

• Integrity: Ensuring data is accurate and not tampered with.
• Availability: Ensuring resources are accessible when needed.
Example:
A hospital secures patient records (confidentiality), ensures data is
unaltered (integrity), and has backups for emergencies (availability).

17. Software Vulnerabilities

These are flaws in software that can be exploited, including:

• Buffer Overflows: Executing malicious code via memory manipulation.

• SQL Injection: Exploiting databases through improper inputs.
Example:
The Log4Shell vulnerability allowed attackers to execute malicious code
remotely.
18. Types of Intruders

Intruders are individuals or entities attempting unauthorized access to systems

or networks.

Types:

1. Script Kiddies: Use pre-written tools without deep technical knowledge.

Example: A teenager using a downloaded tool to deface websites.
2. Hacktivists: Attack systems for political or social motives.
Example: Anonymous hacking government websites to protest policies.
3. Insiders: Employees or contractors exploiting their access.
Example: An employee leaking company trade secrets.
4. Advanced Persistent Threats (APTs): Highly skilled attackers targeting
sensitive organizations.
Example: A state-sponsored group conducting cyber espionage.

19. Risk Mitigation

Risk mitigation involves strategies to minimize the potential damage caused by

vulnerabilities or threats.

Strategies:

• Risk Avoidance: Avoid actions that introduce risks.

Example: Avoiding the use of outdated software.
• Risk Reduction: Implementing controls to reduce risks.
Example: Using encryption for sensitive data.
• Risk Transfer: Sharing risk through insurance.
Example: Purchasing cyber insurance to cover potential losses.
• Risk Acceptance: Acknowledging and accepting minor risks.
Example: Allowing limited BYOD (Bring Your Own Device) policies.

20. Types of Controls

Controls are mechanisms to reduce risks.

1. Preventive Controls: Stop incidents before they occur.

Example: Firewalls to block unauthorized access.
2. Detective Controls: Identify incidents after they occur.
Example: IDS to monitor unusual activity.
3. Corrective Controls: Rectify the situation after an incident.
Example: Restoring backups after a ransomware attack.

21. Defense in Depth (DiD)

Defense in Depth is a security strategy employing multiple layers of defense to

protect systems.
Layers Include:

• Physical (e.g., locked server rooms).

• Technical (e.g., firewalls, encryption).
• Administrative (e.g., security policies, user training).
Example: A company might secure data with firewalls, encrypt files, and
train employees on phishing risks.

22. Controls in Security

Controls ensure system integrity, confidentiality, and availability.

• Access Controls: Restrict who can access systems.

Example: Role-based access control (RBAC).
• Process Controls: Define how operations should proceed securely.
Example: Change management policies.
23. Authentication & Authorization – Passwords

Authentication verifies identity, while authorization determines access

rights. Passwords are a common authentication method.
Best Practices for Passwords:

• Minimum 12 characters.
• Use of special characters, numbers, and case sensitivity.
Example: Users accessing a banking system need a strong password
(authentication) and specific account permissions (authorization).

24. Password Security Implications

Weak passwords can lead to breaches.

Security Measures:

• Regularly change passwords.

• Avoid reusing passwords across platforms.
Example: A weak password like "123456" makes an account susceptible
to brute force attacks.

25. Hashing

Hashing converts data into a fixed-length string using an algorithm, ensuring

integrity but not reversibility.
Uses:

• Storing passwords securely.

• Verifying data integrity.
Example: A hashed password, like SHA-256 output, is stored in
databases instead of plain text.

26. Digital Signature Functions

Digital signatures ensure authenticity and integrity of digital documents.
How It Works:

1. Data is hashed.
2. The hash is encrypted with the sender’s private key.
3. The recipient uses the sender’s public key to verify the signature.
Example: Signing contracts electronically using a digital certificate.

27. Public Key Infrastructure (PKI)

PKI manages digital certificates and encryption keys to secure communications.

Components:

• Certificate Authority (CA): Issues certificates.

• Public and Private Keys: Encrypt and decrypt data.
Example: HTTPS uses PKI to secure web traffic.

28. Social Engineering Taxonomy

Social engineering manipulates individuals into revealing sensitive information.

Types:

• Human-based: Face-to-face interactions, such as impersonation.

• Technology-based: Leveraging technology like phishing emails.
Example: A caller pretending to be IT support to extract login
credentials.

29. Types of Social Engineering Attacks

1. Phishing: Deceptive emails to steal information.

2. Pretexting: Creating a fabricated scenario to gain trust.
3. Baiting: Offering enticing content to lure victims.
Example: A fake USB drive labeled “Salary Info” infecting systems
when plugged in.
30. Phishing Types

1. Spear Phishing: Targeting specific individuals with personalized

content.
Example: Sending a fake email to a CEO about a merger.
2. Whaling: Targeting high-level executives.
Example: Impersonating a CFO to authorize a fraudulent transfer.
3. Clone Phishing: Sending altered copies of legitimate emails.
Example: A fake invoice resembling a genuine vendor request.

31. Vishing Types

Voice-based phishing using phone calls to extract information.

• Examples:
o Impersonating banks for credit card details.
o Calling employees pretending to be senior executives to request
sensitive data.

32. Impersonation

Impersonation involves pretending to be someone else to gain access or trust.

Example:
An attacker poses as a delivery person to enter a secure office area.

33. Social Engineering and Social Media Security

Attackers use social media to gather information for exploitation.

Risks:

• Oversharing personal details.

• Clicking on malicious links.
Example:
An attacker connects with an employee on LinkedIn to learn about the
organization’s internal systems and exploit this knowledge in a phishing
email.