Cyber Security PRESENTED BY:

Isaac Momanyi Maonga: D61/79546/2012Anthony Njogu :D61/75282/2012Bernard Njenga: D61/62047/2013

Bryan Tetea: D61/67521/2011Rose Waeni: D61/79063/2012

DefinitionCyber security (n) is defined as the state of being

protected against the criminal or unauthorised use of electronic data, or the measures taken to achieve this.

Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.

Governments, military, corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security.

IntroductionCyber security involves protecting information

and systems from major cyber threats, such as cyber terrorism, cyber warfare, and cyber espionage. Cyber threats take aim at secret, political, military, or infrastructural assets of a nation, or its people. Cyber security is therefore a critical part of any governments’ security strategy.

Cyber terrorism is the disruptive use of information technology by terrorist groups to further their ideological or political agenda. This takes the form of attacks on networks, computer systems, and telecommunication infrastructures

Cyber warfare involves nation-states using information technology to penetrate another nation’s networks to cause damage or disruption.

Cyber espionage is the practice of using information technology to obtain secret information without permission from its owners or holders. 

Cyber espionage is most often used to gain strategic, economic, political, or military advantage. It is conducted through the use of cracking techniques and malware

During a US Senate hearing in March 2013, top intelligence officials warned that cyber attacks and digital spying are the top threat to national security, eclipsing terrorism.

Introduction (cont’d)

Bot − A computer connected to the Internet that has been surreptitiously/secretly compromised with malicious logic to perform activities under the remote command and control of a remote administrator.

Honey pots – Computers that are either intentionally or unintentionally left vulnerable to attack by hackers. They can be used to catch hackers or fix vulnerabilities.

Denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users, mainly by use of bots.

Cryptography − The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication and data origin authentication.

Data Breach − The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.

Glossary of Cyber security terms

Digital Forensics − The processes and specialized techniques for gathering, retaining and analysing system-related data (digital evidence) for investigative purposes.

Information Assurance − The measures that protect and defend information and information systems by ensuring their availability, integrity and confidentiality.

Intrusion Detection − The process and methods for analysing information from networks and information systems to determine if a security breach or security violation has occurred.

Malware − Software that compromises the operation of a system by performing an unauthorized function or process.

Penetration Testing − An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system. The term “white hat” refers to an ethical computer hacker, or a computer security expert, who specialises in penetration testing

Glossary of Cyber security terms (cont’d)

Phishing − A digital form of social engineering to deceive individuals into providing sensitive information.

Root − A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges and conceal the activities conducted by the tools.

Software Assurance − The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.

Virus − A computer program that can replicate itself, infect a computer without permission or knowledge of the user and then spread or propagate to another computer.

Glossary of Cyber security terms (cont’d)

PRISM is a clandestine national security electronic mass surveillance program operated by the United States National Security Agency (NSA) since 2007. Its existence was leaked 10th June 2013 by NSA contractor (infrastructure analyst) Edward Snowden, after fleeing to Hong Kong. He later sought and was granted political asylum by Russia

Providers (mostly through legally binding orders and subpoenas, usually not voluntary) include phone company Verizon that had been ordered to turn over to the NSA logs (metadata) tracking all of its customers’ telephone calls, tech companies Microsoft, Yahoo!, Google, Facebook, YouTube, AOL, Skype, Apple, “with 98% of PRISM production [being] based on Yahoo, Google and Microsoft.”

Cyber security vs. Privacy – NSA’s PRISM

Is privacy dead? Or has privacy simply become less relevant?

Proponents argue that the NSA must have effective, efficient, and powerful tools at its disposal to counter the threats of the modern world. One cannot expect these tools to come without a price. The simple reality is that part of the price tag is a portion of the privacy to which we have become accustomed. (Implication: We must trust the US government with these tools.)

Opponents argue that the NSA has harmed global cyber security as it was revealed that NSA has worked to weaken the international cryptographic standards that define how computers secure communications and data, and also deliberately introduced backdoors into security-critical software and hardware.

Cyber security vs. Privacy – NSA’s PRISM (cont’d)

How to overcome cyber attacksUser education and awarenessProduce user security policy cover ing acceptable

and secure use of organization’s system.Establish a staff training programme of the cyber

risks.

Incident managementEstablish an incident response and disaster

recovery capability.Provide specialist training to the incident

management team.Report criminal incidents to law enforcement

Manage user privilegesEstablish account management processes and

limit the number of privileged accounts.Limit user privileges and monitor user activity.Control access to activity and audit logs

Malware protectionProduce relevant policy and establish anti-

malware defences that are applicable and relevant to all business across.

Scan for malware across the organization

Secure configurationApply security patches and ensure that the

secure configuration of all ICT systems is maintained.

Create a system inventory and define a baseline build for all ICT devices.

Network securityProtect your networks against external and

internal attack.Manage the network perimeterFilter out unauthorized access and malicious

contentMonitor and test security controls

MonitoringEstablish a monitoring strategy and produce

supporting policies.Continuously monitor all ICT systems and

network.Analyze logs for unusual activity that could

indicate an attack.

Removable media controlProduce a policy to control all access to

removable media.Limit media types and use.Scan all media for malware before importing on

to corporate system

Building cyber threat management capabilities

Anticipate capabilities Assess inherent risks and implement controls

Detect capabilities Monitor and track emerging risks and current

controls

Respond capabilities Prevent and investigate incidents

Contain capabilities Communicate and Improve

ImplicationsAll citizens should be aware of cyber risks, secure

their computers and take steps to protect their

identities, privacy and finances Online.

Businesses should operate a secure and resilient information and communications technologies to

protect the integrity of their own operations and the identity and privacy of their customers.

Government should, ensures its information and communications technologies are secure and

resilient.

Conclusion

With the rapid escalation in the intensity and sophistication of cyber crime and other cyber security threats, it is imperative that government, business and the community are aware of the severity of cyber security risks, and commit to work together to protect what has become a vital component of our economy and society.