INTRODUCTION TO CYBER SECURITY

Presented by Amos Oyoo

what is cyber security?

• Cybersecurity is the ability to protect or defend Cyberspace from an attacks – (National Institutes of Standards Technology –NIST)

• Cyber attack – an attack for disrupting, disabling, destroying or maliciously controlling a computer environment/infrastructure; or destroying the integrity of the data or stealing controlled information

What is cyberspace?Cyberspace is where

online communication happens. If you've spent time chatting with friends

on the Internet, you've been in cyberspace.

Cyberspace is a world of information through the

internet. It can be said that anything

that is done via the use of internet, occurs within the confines of the cyberspace

Why does cybersecurity matter?

•Cybersecurity is involved every time we touch a computer or a computing device

•Your cyber hygiene affects others

•Cyber security is a shared responsibility

Why Cybersecurity Training?

•Status of the office•We already have:

• Management Controls

• Technical Controls

• Operational Controls

•We need:• Human Controls

Who are the victims of cyber attacks?

• Businesses• Government• Financial

Institutions• Energy Companies• Educational

Institutions• Media outlets• You

What do we stand to lose?•Money•Reputation •Personal information

Who are the attackers?• Hackers • Cyber criminals• Cyber spies• Nation-States• Malicious Insiders• Hacktivists –

hackers with political motives

• Script Kiddies 76 Chinese Hackers Arrested in

Runda

How are they attacking?• Network attack (Denial of service; man-in-

the middle attack; Brute force attack etc)• Malware Distribution – malicious software:

(through emails; infected documents; websites; QR codes; Crypto-locker)

• Social Engineering -psychological manipulation of people to divulge confidential information

• Data theft

Who are our defenders?• ICT Team• Security Vendors – firewalls,

antivirus, Intrusion monitors and detections

• ICT Hardware/Software manufacturers

• The Government – laws, policies, prosecutions etc

• You, the User

What are we protecting?

What is information systems

• A computer information system is a system composed of people and computers that processes or interprets information.

• The software used to run a computerized database or to refer to only a computer system.

Computer-Based Information Systems

Quality information needs to possess the following attributes:

Without data and the ability to process it, an organization

could not successfully complete most business activities

The Value of Information

• Value of information is directly linked to how it helps decision makers achieve their organization’s goals

• For example, value of information might be measured in:• Time required to make a decision• Increased profits to the company

security VS Safety

Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology.

LEADING THREATS• Virus - A virus attaches itself to a program, file, or disk• Worm - Worms are more sophisticated viruses that can

replicate automatically and send themselves to other computers by first taking control of certain software programs on your PC, such as email.

• Trojan Horse / Logic Bomb• Phishing –acquire sensitive information such as usernames,

passwords, and credit card details often for malicious reasons, by masquerading as a trustworthy entity

• Social Engineering

LOOMING THREATS• Cloud services• Ransomware• Spear phishing - is an email that

appears to be from an individual or business that you know. 

• The Internet of Things