1. Describe the concepts of cyber security (AC 1.1)

Understand cyber security principles (A/618/0866)

Describe the concepts of cyber security (AC 1.1)

Security

Cyber security refers to the term of protecting all most electronic devices you can think of. From small devices such as smart watches, phones, laptops to big devices such as servers. People who work in cyber security's objective is to prevent, minimise and protect from unwanted access, damage or theft of information, among countless other responsibilities.

Identity

It's important to verify identity to allow the right user to the appropriate information. This is where login details come in. Once your identity is verified, the system will display the correct information relevant to you. Thanks to identity checks in place you can be certain that only you will have access to your bank account, email account etc.

Confidentiality

Is all about unauthorised disclosure of information. This means that only people privy to sensitive information are privy to . E.g. people in HR have access to a lot of personal information about all the employees but no one else should have access to this. Another example might be people in accounting, they will have access to financial records that no else should have access to in the company.

Integrity

This refers to how accurate, trustworthy and accurate information can be. It's important to have reliable data on system. Both for your employees and customers. Imagine someone maliciously changing the details on your website promoting the exact opposite of what you're trying to achieve. This could be disastrous for your business. Malice is just one way of how data integrity can be affected. Human error or theft is another. Unwanted access to your systems is never desirable. If it happens, backups can be helpful for recovery.

Availability

Now more than ever, when everyone expects everything instantly, availability is very important. It's the notion that relevant users should have access to the information they desire. With proper maintenance of hardware and software this should never be a problem. How to protect against loss of availability: having an appropriate cyber team on hand, regular updates, having redundant systems, backups, firewall and proxy servers, adequate internet speeds. In the event of an attack/breach have procedures to follow to stop, or minimise damage and restore back to normal.

Threat

Threats is what keeps the cyber security in business. Cyber threat can either be from inside the organisation or outside. If it's from inside, it could be a disgruntled employee trying to cause damage, maybe working on his own or working with other. Outside threats can be as varied as your imagination. Such as:

• Malware attacks- Ransomware- Trojan- Worm- Spyware- Bloatware- Virus- Keylogger- Logic bomb- Rootkit

• Physical attacks- Brute force- Radio frequency identification (RFID) cloning- Environmental

• Network attacks- Distributed denial-of-service (DDoS) o o Amplified Reflected- Domain Name System (DNS) attacks- Wireless- On-path- Credential replay- Malicious code

• Application attacks- Injection- Buffer overflow- Replay- Privilege escalation- Forgery- Directory traversal

• Cryptographic attacks- Downgrade- Collision- Birthday

• Password attacks- Spraying- Brute force

• Indicators- Account lockout- Concurrent session usage- Blocked content- Impossible travel- Resource consumption- Resource inaccessibility- Out-of-cycle logging- Published/documented- Missing logs

Vulnerability

Vulnerability is what a threat actor would exploit in order to gain an access to a system. (using the above) They might get an access thanks to a simple thing, outdated software, weak credentials, human error and many more... A very small oversight can cause major problems.

Risk

Organisation faces lot of cyber risks:

• Risk of an attack (as described above)

• Risk of theft of intellectual property

• Risk of productivty loss

• Risk of being fined by regulatory bodies

• Risk of reputational harm

Hazard

A cybersecurity hazard is basically anything that could put data at risk of being stolen or compromised. It could depend on what kind of organization it is, how it works online, where it’s based, and who has access—like employees, partners, or customers.

For example, having an online database for customer info might be a hazard if there’s a chance that data could get exposed. The organization then has to decide: is this risk something they can live with, or do they need to take steps to make it safer?