PROCESS CONROL DOMIAN AND

CYBER SECURIY
BY ETL ENGINEERING
 Presentation Overview
 THREATS
 CYBER THREATS AND TYPES
 MALWARE
 PHISHING
 CYBERSECURITY STRATEGY
 IDENTIFICATION OF THE SYSTEM UNDER CONSIDERATION (SUC)
 RISK MANAGEMENT PROCESS
 RISK ANALYSIS
 CYBER VULNERABILITIES
 NETWORK INTRUSION DETECTION
 SOCIAL NETWORKING 2
 What are Threats?
FBI: At this point it is difficult to quantify since
computer intrusions occur daily originating from
several sources. The origination of these intrusions
and the intent of the intruders is often not obvious.

These threats come in the form of:

1. Computer Intrusion (hacking-passive or active)
2. Denial of service attacks (DOS)
3. Virus & Worms deployment.
Cyber Threats and Types

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
PROPAGATION

32
33
 cybersecurity strategy
A cybersecurity strategy is a high-level plan for how your organization will secure its
assets during the next three to five years. Obviously, because technology and cyber
threats can both change unpredictably, you'll almost certainly have to update your
strategy sooner than three years from now.
A cybersecurity strategy isn't meant to be perfect; it's a strongly educated guess as to
what you should do. Your strategy should evolve as your organization and the world
around you evolve.

34
 cybersecurity strategy
A cybersecurity strategy isn't meant to be perfect, but it must be proactive,
effective, actively supported and evolving.

35
 cybersecurity strategy
The intended outcome of developing and implementing a cybersecurity strategy is
that your assets are better secured. This generally involves a shift from a reactive
to proactive security approach, where you're more focused on preventing cyber
attacks and incidents than reacting to them after the fact. But a solid cybersecurity
strategy will also better prepare your organization to respond to those incidents that
do occur. By preventing minor incidents from becoming major ones, your organization
can preserve its reputation and reduce harm to the organization and its employees,
customers, partners and others.

36
How do you build a cybersecurity
strategy for your business?

Building a cybersecurity strategy for your business takes effort, but it could mean
the difference between surpassing your competitors and going out of business in
the coming years. Here's the basic steps you can follow to develop your strategy.

37
 Step 1. Understand your cyber
threat landscape

Before you can understand your cyber threat landscape, you need to examine
the types of cyber attacks that your organization faces today. Which types currently
affect your organization the most often and most severely: malware, phishing,
insider threats or something else? Have your competitors had major incidents
recently, and if so, what types of threats caused them?

38
 STEP 2. Protect your network
access

Take a comprehensive approach, ensuring firewall, endpoint, and WiFi network

security.
Firewalls are still one of the most effective security measures, monitoring and
controlling network traffic and placing a barrier between trusted internal networks and
the outside world. Your WiFi network, whether internal or customer-facing, is a ripe
target, and vulnerabilities have been found in even the most secure networks. Use a
secure router in a safe location and secure keys that require a password to join. Every
device on your network, whether company-owned devices or employee or guest
personal devices, is also a potential point of weakness.

39
 Step 3. Determine how to improve
your cybersecurity program

Now that you know where you are and where you want to be, you need to figure out
the cybersecurity tools and best practices that will help you reach your destination. In
this step, you determine how to improve your cybersecurity program so that you
achieve the strategic objectives you've defined. Every improvement will consume
resources -- money, staff time, etc. You'll need to think about different options for
achieving the objectives and the pros and cons of each option. It may be that you
decide to outsource some or all of your security tasks

40
 Step 4. Document your
cybersecurity strategy

Once you have management approval, you need to ensure your cybersecurity strategy is
documented thoroughly. This includes writing or updating risk assessments, cybersecurity
plans, policies, guidelines, procedures and anything else you need to define what is
equired or recommended in order to achieve the strategic objectives. Making it clear
what each person's responsibilities are is key.
And don't forget that your cybersecurity strategy also necessitates updating
your cybersecurity awareness and training efforts. Everyone in the organization has a role
o play in mitigating security issues and improving your enterprise cybersecurity program.

41
 Developing and implementing a
cybersecurity strategy is an
ongoing process
Developing and implementing a cybersecurity strategy is an ongoing process and
will present many challenges. It's critically important that you monitor and reassess
your organization's cybersecurity maturity periodically to measure the progress
you're making or not making toward your objectives.

42
 IDENTIFICATION OF THE SYSTEM
UNDER CONSIDERATION (SUC)
It has the purpose of understanding the way in which:
 the system was designed
 configured
 installed
 the changes that were made
 how it is being operated and maintained.
It includes the identification of vulnerabilities (public and private) associated to
each one of the Cyber-Assets.

43
 IDENTIFICATION OF THE SYSTEM
UNDER CONSIDERATION (SUC)
This service consists in the complete identification of the system under
consideration (SUC).
This is the first activity to carry out an evaluation of cyber risks in the industrial
field.
It has the purpose of understanding the way in which the system was designed,
configured, installed, the changes that were introduced from its conception, how it
is being operated and how it is being maintained.

44
 IDENTIFICATION OF THE SYSTEM
UNDER CONSIDERATION (SUC)
Whether it is old, modern systems, or a combination of these, industrial control
systems once installed in your plants tend to remain for decades. Small and successive
changes are being introduced with the passage of time.
It often happens that these small changes are not documented properly. Different
subsystems are being connected (local and / or remote) without registering these
connections.

45
 Document Evaluation
All the documentation available and provided by the client is analyzed in search of
changes, undocumented connections and differences with the physical reality. All
cyber-assets are understood, the current situation, technology and their relationships
are analyzed. All the necessary data for each one of the cyber-assets are raised for an
adequate treatment and subsequent use. As a result of this service, the
corresponding documentation will be updated and the specific data obtained from
the different sources will be recorded.

46
 Physical Evaluation
Physical security and cybersecurity are closely related. The only evaluation of the
documentation is not enough and a visualization of the physical context is required for
each of the cyber-assets that make up the system under consideration (SuC).
Distances among these, the way in which they were installed, how they are being
maintained, the processes that are being controlled and the aggressiveness of the
physical environment are only some of the aspects to analyze. On site various service
orders are executed, all passively.

47
 Identification of Cyber ​Assets

All the cybernetically sensitive assets of hardware and software of the system under
consideration (SuC) are correctly identified and all relevant information is collected
for evaluation. The full list of cyber-assets and associated information will be required
in other subsequent activities. The existing partial lists are reviewed, updated and
completed with additional information relevant to cybersecurity.

48
 Identification of Vulnerabilities

Through different methods, techniques and sources of information, the vulnerabilities

in the system under consideration begin to be identified. Contrary to what many
professionals believe, the vulnerabilities of control systems are not unique to
technology; but they are also located in the way in which the systems were designed,
in how they were built, in how they are being operated and how they are maintained.
While a large number of vulnerabilities are identified at this stage, other methods and
techniques will be necessary for complete identification.

49
 Identification of Threats

In a similar way, for each of the cyber-assets we will begin to identify a certain number
of potential threats. Without dismissing any of them, the threats are identified as well
as their possible actions on the cyber-asset. Additional methods and techniques will be
necessary in later stages to obtain a complete list of threats. These threats have
different natures, different origins, different ways of manifesting and acting.

50
 Risk identification
Risk identification is the process of determining risks that could potentially
prevent the program, enterprise, or investment from achieving its objectives. It
includes documenting and communicating the concern.

51
Risk Identification tools and
techniques

Documentation Reviews.
Information Gathering Techniques.
Brainstorming.
Delphi Technique.
Interviewing.
Root Cause Analysis.
Swot Analysis (STRENGTH, Weakness, Opportunities And Threats)
Checklist Analysis.

52
 Risk Identification
The purpose of risk identification is to reveal what, where, when, why, and how
something could affect a company's ability to operate. For example, a business
located in central California might include “the possibility of wildfire” as an event
that could disrupt business operations.

53
 Risk Management Process

The risk management process is a framework for the actions that need to be taken.
There are five basic steps that are taken to manage risk; these steps are referred to as
the risk management process. It begins with identifying risks, goes on to analyze
risks, then the risk is prioritized, a solution is implemented, and finally, the risk is
monitored.

54
 Step 1: Identify the Risk

The first step is to identify the risks that the business is exposed to in its operating
environment. There are many different types of risks – legal risks, environmental
risks, market risks, regulatory risks, and much more. It is important to identify as
many of these risk factors as possible. In a manual environment, these risks are
noted down manually. If the organization has a risk management solution employed
all this information is inserted directly into the system.

55
 Step 2: Analyze the Risk

Once a risk has been identified it needs to be analyzed. The scope of the risk must
be determined. It is also important to understand the link between the risk and
different factors within the organization. To determine the severity and seriousness
of the risk it is necessary to see how many business functions the risk affects. There
are risks that can bring the whole business to a standstill if actualized
while there are risks that will only be minor inconveniences in the analysis. In a
manual risk management environment, this analysis must be done manually.

56
 Step 3: Evaluate or Rank the Risk

Risks need to be ranked and prioritized. Most risk management solutions have
different categories of risks, depending on the severity of the risk. A risk that may
cause some inconvenience is rated lowly, risks that can result in catastrophic loss are
rated the highest. It is important to rank risks because it allows the organization to
gain a holistic view of the risk exposure of the whole organization. The business may
be vulnerable to several low-level risks, but it may not require upper management
intervention.

57
 Step 4: Treat the Risk

Every risk needs to be eliminated or contained as much as possible. This is done by

connecting with the experts of the field to which the risk belongs. In a manual
environment, this entails contacting each and every stakeholder and then setting up
meetings so everyone can talk and discuss the issues. The problem is that the
discussion is broken into many different email threads, across different documents and
spreadsheets, and many different phone calls.
In a risk management solution, all the relevant stakeholders can be sent notifications
from within the system. The discussion regarding the risk and its possible solution can
take place from within the system. Upper management can also keep a close eye on
the solutions being suggested and the progress being made within the system.

58
 Step 5: Monitor and Review the
Risk

Not all risks can be eliminated – some risks are always present. Market risks and
environmental risks are just two examples of risks that always need to be monitored.
Under manual systems monitoring happens through diligent employees. These
professionals must make sure that they keep a close watch on all risk factors. Under a
digital environment, the risk management system monitors the entire risk framework
of the organization. If any factor or risk changes

59
 What is Risk Management?

Risk management is an important business practice that helps businesses identify,

evaluate, track, and mitigate the risks present in the business environment. Risk
management is practiced by the business of all sizes; small businesses do it
informally, while enterprises codify it.

60
 What is vulnerability
identification?

Vulnerability identification involves the process of discovering vulnerabilities and

documenting these into an inventory within the target environment. In order for
vulnerabilities to be identified, they need to be accurately mapped. There are
vulnerability lists that make this easy to do.

61
The different types of
vulnerability
In the table below four different types of vulnerability have been identified:
 Human-social
 Physical
 Economic and
Environmental and their associated direct and indirect losses.

62
The different types of vulnerability

63
 What is cybersecurity security
analysis?

Security Analytics is an approach to cybersecurity focused on the analysis of data

to produce proactive security measures. For example, monitored network traffic
could be used to identify indicators of compromise before an actual threat occurs.

64
network security devices and
tools?

Access control.
Antivirus and anti-malware software.
Application security.
Behavioral analytics.
Data loss prevention.
Distributed denial of service prevention.
Email security.
Firewalls.

65
 What are the three types of
network security?

To deter cyberattacks and hacking attempts, a total of three types of network

security components can be called upon –
 hardware
 software and
cloud security components.
Hardware components include servers and devices that perform an array of security
operations within a network.

66
 performed?

Security analysis refers to the method of analyzing the value of securities like
shares and other instruments to assess the total value of business which will be
useful for investors to make decisions. There are three methods to analyze the value
of securities –
Fundamental
 technical and
quantitative analysis.

67
Five Types of Cyber Security for
Organizational Safety

Critical Infrastructure Cybersecurity. The critical infrastructure cybersecurity

technique is deployed to secure the systems that have the critical infrastructure.
Network Security.
Cloud Security.
Internet of Things Security.
Application Security.

68
 Network Security Types
The common types of network security include :
Network Access Control
 IT Security Policies
 Application Security
 Vulnerability Patch Management
 Network Penetration Testing
 Data Loss Prevention
 Antivirus Software
 Endpoint Detection And Response (EDR)
 Email Security
 Wireless Security
 IDS/IPS
Network Segmentation, 69
What is the importance of
network security?

While there is no network that is immune to attacks, a stable and efficient network
security system is essential to protecting client data. A good network security
system helps business reduce the risk of falling victim of data theft and sabotage.
Network security helps protect your workstations from harmful spyware.

70
Five key elements of effective
network security.

Identity. Accurate and positive identification of network users, hosts,

applications, services, and resources is a must.
Perimeter security.
Data privacy.
Security monitoring.
Policy management.

71
 What tools do security analysts
use?

Cybersecurity Analysts use a variety of tools in their jobs, which can be organized
into a few categories:
 network security monitoring
 encryption
 web vulnerability
 penetration testing
 antivirus software
 network intrusion detection and
 packet sniffers.

72
 What Tools Do Cybersecurity
Analysts Use?

Network Security Monitoring Tools

These tools are used to analyze network data and detect network-based threats.
Examples of tools include Argus, Nagios, Splunk, and OSSEC.
Encryption Tools
Encryption protects data by scrambling text so that it is unreadable to unauthorized
users. Examples of tools include Tor, KeePass, and TrueCrypt.
Web Vulnerability Scanning Tools
These software programs scan web applications to identify security vulnerabilities.
Examples of tools include Burp Suite, Nikto, Paros Proxy, and SQLMap.

73
 Cybersecurity Tools
Penetration Testing
Penetration testing, also known as “pen test”, simulates an attack on a computer
system in order to evaluate the security of that system. Examples of tools include
Metasploit, Kali Linux, and Wireshark.
Antivirus Software
This software is designed to find viruses and other malware, including ransomware,
worms, spyware, adware, and Trojans. Examples of tools include Norton 360 and
McAfee Total Protection.

74
 Cybersecurity Tools
Network Intrusion Detection
An Intrusion Detection System (IDS) monitors network and system traffic for unusual
or suspicious activity and notifies the administrator if a potential threat is detected.
Examples of tools include Snort, Security Onion, SolarWinds Security Event Manager,
and Zeek.
Packet Sniffers
A packet sniffer, also called a packet analyzer, protocol analyzer or network analyzer,
is used to intercept, log, and analyze network traffic and data. Examples of tools
include Wireshark, Tcpdump, and Windump.

75
Five steps to becoming a
Cybersecurity Analyst:

Learn cybersecurity fundamentals

Practice technical cybersecurity skills
Earn a cybersecurity certificate
Research the industry
Apply to relevant cybersecurity jobs

76
 1. Learn Cybersecurity
Fundamentals

When thinking about how to become a Cybersecurity Analyst, your first step should
be to learn about the current threat landscape. As technologies change and evolve,
it’s important to know how to identify vulnerabilities and threats.
It’s also important to learn cybersecurity fundamentals, including how information
systems may be threatened, and how to anticipate and detect threats. You should also
get familiar with key elements important to cybersecurity, such as network
architecture and protocol, routing and switching, firewalls, and more.

77
2. Practice Technical Cybersecurity
Skills

After learning cybersecurity fundamentals, it’s important to apply your knowledge

and practice common cybersecurity tasks, like performing security audits, analyzing
network traffic, and securing information through encryption.
There are many online cybersecurity training labs available that simulate workplace
environments. These give you the opportunity to put your cybersecurity training to
the test and practice handling real-world challenges.

78
 3. Earn a Cybersecurity Certificate

Taking a cybersecurity certificate course is a great way to learn about cybersecurity,

the current threat landscape, and the related technology and tools used to detect and
protect against threats.
A good cybersecurity course can give you a better understanding of how information
systems operate and the tools and best practices to identify threats, and then defend
against cyber attacks. The best of these courses will allow you to earn a cybersecurity
certificate, which can help you stand out on the job market when applying for a
Cybersecurity Analyst job. This is particularly helpful if you don’t have an extensive
technical background.

79
 4. Research the Industry

Cybersecurity has to constantly evolve. Technology is always innovating and, in turn,

cyber attackers are coming up with new tactics and workarounds.
To be a successful Cybersecurity Analyst, it is important to stay on top of new
developments in the cybersecurity and cybercrime world. By understanding new
trends in security and information technology, you can ensure your knowledge and
skills match current needs.

80
 5. Apply to Relevant Cybersecurity
Jobs

Cybersecurity professionals are in high demand. Cybersecurity Ventures predicts that by 2021, there will be 3.5 million
unfulfilled cybersecurity jobs globally.
Here are some of the most in-demand roles in cybersecurity:
Cybersecurity Analyst
Cybersecurity Engineer
Systems Analyst
Systems Engineer
Systems Administrator
Network Engineer or Architect
Security Manager or Administrator
Vulnerability Analyst
Penetration Tester
Cybersecurity Consultant
Forensic Computer Analyst
Chief Information Security Officer
81
What is network intrusion
prevention system?
An intrusion prevention system (IPS) is a network security tool (which
can be a hardware device or software) that continuously monitors a
network for malicious activity and takes action to prevent it, including
reporting, blocking, or dropping it, when it does occur.

82
 What is intrusion detection
and prevention?
Intrusion detection is the process of monitoring the events occurring in your
network and analyzing them for signs of possible incidents, violations, or
imminent threats to your security policies. Intrusion prevention is the process of
performing intrusion detection and then stopping the detected incidents.

83
 What is network intrusion
detection?

An intrusion detection system (IDS) is a device or software application that

monitors a network for malicious activity or policy violations. Any malicious
activity or violation is typically reported or collected centrally using a security
information and event management system.

84
 Why You Need Network IDS

A network intrusion detection system (NIDS) is crucial for network security because
it enables you to detect and respond to malicious traffic. The primary benefit of an
intrusion detection system is to ensure IT personnel is notified when an attack or
network intrusion might be taking place

85
 What is IDS and IPS?

Intrusion detection is the process of monitoring the events occurring in your

network and analyzing them for signs of possible incidents, violations, or imminent
threats to your security policies. Intrusion prevention is the process of performing
intrusion detection and then stopping the detected incidents. These security
measures are available as intrusion detection systems (IDS) and intrusion prevention
systems (IPS), which become part of your network to detect and stop potential
incidents.

86
 Why is IDS and IPS important?

IDS and IPS systems are important factors in any network. They work in
tandem to keep bad actors out of your personal or corporate networks. IDS
systems only look for suspicious network traffic and compare it against a
database of known threats. IPS systems work proactively to keep threats out
of the system.

87
 Firewall
A Firewall is a network security device that monitors and filters incoming and
outgoing network traffic based on an organization's previously established security
policies. A firewall's main purpose is to allow non-threatening traffic in and to keep
dangerous traffic out

88
 Firewall
A firewall is a network security device that monitors incoming and outgoing network
traffic and decides whether to allow or block specific traffic based on a defined set of
security rules.
Firewalls have been a first line of defense in network security for over 25 years. They
establish a barrier between secured and controlled internal networks that can be
trusted and untrusted outside networks, such as the Internet.
A firewall can be hardware, software, or both.

89
 What is a Firewall?

A Firewall is a network security device that monitors and filters incoming and
outgoing network traffic based on an organization’s previously established security
policies. At its most basic, a firewall is essentially the barrier that sits between a
private internal network and the public Internet. A firewall’s main purpose is to allow
non-threatening traffic in and to keep dangerous traffic out.

90
 Types of Firewalls

Packet filtering
A small amount of data is analyzed and distributed according to the filter’s standards.
Proxy service
Network security system that protects while filtering messages at the application
layer.
Stateful inspection
Dynamic packet filtering that monitors active connections to determine which
network packets to allow through the Firewall.
Next Generation Firewall (NGFW)
Deep packet inspection Firewall with application-level inspection.

91
Unified threat management
(UTM) Firewall

A UTM device typically combines, in a loosely coupled way, the functions of a

stateful inspection firewall with intrusion prevention and antivirus. It may also
include additional services and often cloud management. UTMs focus on simplicity
and ease of use.

92
 Virtual Firewall

A virtual firewall is typically deployed as a virtual appliance in a private cloud (VMware

ESXi, Microsoft Hyper-V, KVM) or public cloud (AWS, Azure, Google, Oracle) to
monitor and secure traffic across physical and virtual networks. A virtual firewall is
often a key component in software-defined networks (SDN)

93
 Next-generation firewall (NGFW)

Firewalls have evolved beyond simple packet filtering and stateful inspection. Most
companies are deploying next-generation firewalls to block modern threats such as
advanced malware and application-layer attacks.
According to Gartner, Inc.’s definition, a next-generation firewall must include:
Standard firewall capabilities like stateful inspection
Integrated intrusion prevention
Application awareness and control to see and block risky apps
Upgrade paths to include future information feeds
Techniques to address evolving security threats
While these capabilities are increasingly becoming the standard for most companies,
NGFWs can do more.
94
 What Firewalls Do?

A Firewall is a necessary part of any security architecture and takes the guesswork out
of host level protections and entrusts them to your network security device. Firewalls,
and especially Next Generation Firewalls, focus on blocking malware and application-
layer attacks, along with an integrated intrusion prevention system (IPS), these Next
Generation Firewalls can react quickly and seamlessly to detect and react to outside
attacks across the whole network. They can set policies to better defend your network
and carry out quick assessments to detect invasive or suspicious activity, like malware,
and shut it down.

95
 Why Do We Need Firewalls?

Firewalls, especially Next Generation Firewalls, focus on blocking malware and

application-layer attacks. Along with an integrated intrusion prevention system (IPS),
these Next Generation Firewalls are able to react quickly and seamlessly to detect and
combat attacks across the whole network. Firewalls can act on previously set policies
to better protect your network and can carry out quick assessments to detect invasive
or suspicious activity, such as malware, and shut it down. By leveraging a firewall for
your security infrastructure, you’re setting up your network with specific policies to
allow or block incoming and outgoing traffic.

96
 The Importance of NAT and VPN

Firewalls also perform basic network level functions such as Network Address
Translation (NAT) and Virtual Private Network (VPN). Network Address
Translation hides or translates internal client or server IP addresses that may be
in a “private address range”, as defined in RFC 1918 to a public IP address.
Hiding the addresses of protected devices preserves the limited number of IPv4
addresses and is a defense against network reconnaissance since the IP address
is hidden from the Internet.

97
 Virtual private network
A virtual private network (VPN) extends a private network across a public network
within a tunnel that is often encrypted where the contents of the packets are
protected while traversing the Internet. This enables users to safely send and receive
data across shared or public networks

98
Cybercrimes And Cyber Laws In
Nigeria
Nigerians have become cyber-creatures, spending a significant amount
of time online. As the digital world expands, so does cybercrime in
Nigeria. The necessity to combat these seemingly uncontrollable
phenomena gave rise to Cyber Laws in Nigeria.
Cyber law acts as a shield over cyberspace, preventing cybercrime from
occurring. The government is committed to developing and enforcing
regulations to combat illicit online activities.

99
The "Cybercrimes (Prohibition
and Prevention) Act, 2015
The "Cybercrimes (Prohibition and Prevention) Act, 2015" has a
significant impact on cyber law in Nigeria. This Act creates a
comprehensive legal, regulatory, and institutional framework in Nigeria
to prohibit, prevent, detect, prosecute, and punish cybercrime.
The Act also encourages cybersecurity and protection of computer
systems and networks, electronic communications, data and computer
programs, intellectual property, and privacy rights, as well as the
protection of important national information infrastructure.

100
 What is a Cybercrime?

Cybercrime is a type of crime that takes place in cyberspace, or in the realm of

computers and the Internet. Because our society is evolving towards an
information society where communication occurs in cyberspace, cybercrime is
now a global phenomenon. Cybercrime has the potential to significantly influence
our lives, society, and economy.

101
 What is Cyber Law?

Any law that deals with the internet and similar technology is known as cyber law.
Cyber Law is frequently referred to as "Law of the Internet" or "IT Law." It's a legal
framework for dealing with issues relating to the Internet, computing, Cyberspace,
and other associated matters.
Cyber law is a legal framework for dealing with cybercrime. Due to the increased use
of E-commerce, it is critical that suitable regulatory practices are in place to ensure
that no malpractices occur.

102
 Cybercrimes (Prohibition and
Prevention) Act, 2015

The Act provides an effective, unified and comprehensive legal, regulatory and
institutional framework for the prohibition, prevention, detection, prosecution
and punishment of cybercrimes in Nigeria.

103
 Cybercrimes highlighted under this
ACT include:

Offences against critical national information infrastructure

Hacking Computer Systems and Data Alteration

Unauthorized Access of Protected Systems

Illegal Registration of Cybercafé or Usage of Unregistered Cybercafé

System Interference

Interception of electronic messages, email, electronic money transfers

Tampering with critical infrastructure

Willful misdirection of electronic messages

Unlawful interceptions

Computer related forgery

Computer related fraud

Theft of Electronic Devices

Unauthorised modification of computer systems, network data and system interference 104
Cybercrimes highlighted under
this ACT include:
Fraudulent issuance of e-instructions
Tampering with Computer Source Documents
Identity theft and impersonation
Child pornography and related offences
Cyberstalking
Cybersquatting
Racist and xenophobic offences
Attempt, conspiracy, aiding and abetting
Importation and fabrication of e-tools
Breach of Confidentiality and Privacy
Manipulation of ATM/POS Terminals
Phishing, spamming, spreading of computer virus
Electronic cards related fraud
Use of fraudulent device or attached e-mails and websites 105
 Administration and Enforcement
of Cyber Law in Nigeria

Under the 2015 Cybercrime Act, the National Security Adviser's office serves as the
coordinating body for the security and enforcement authorities. The Attorney-
General of the Federation reinforces and improves Nigeria's existing legal
frameworks regarding cybercrime.
All law enforcement, security, and intelligence agencies develop the institutional
capacity necessary for the effective implementation of the provisions of the 2015
Cybercrime Act, and in collaboration with the Office of the National Security Adviser,
initiate, develop, or organize training programs for officers charged with cybercrime
on a national or international level.

106
Establishment of the Cybercrime
Advisory Council

To Coordinate Cybercrime Act 2015, there was established a Cybercrime Advisory

Council (in this Act referred to as "the Council") incharge of handling issues relating
to the prevention and combating of cybercrimes, cyberthreat, computer-related
cases and the promotion of cybersecurity in Nigeria.

107
The Cybercrime Advisory Council comprises of a
representative each of the following Ministries,
Departments and Agencies –
(a) Federal Ministry of Justice;
(b) Federal Ministry of Finance;
(c) Ministry of Foreign Affairs;
(d) Federal Ministry of Trade and Investment;
(e) Central Bank of Nigeria;
(f)Office of the National Security Adviser;
(g) Department of State Services;
(h) Nigeria Police Force;
(i)Economic and Financial Crimes Commission;
(j)Independent Corrupt Practices Commission;
(k) National Intelligence Agency; 108
The Cybercrime Advisory Council comprises of a
representative each of the following Ministries,
Departments and Agencies –
(l)Nigeria Security and Civil Defence Corps;
(m) Defence intelligence Agency;
(n) Defence Headquarters;
(o) National Agency for the Prohibition of Traffic in Persons;
(p) Nigeria Customs Service;
(q) Nigeria Immigration Service;
(r) National Space Management Agency;
(s) Nigerian Information Technology Development Agency;
(t)Nigerian Communications Commission;
(u) Galaxy backbone;
(v) National Identity Management Commission;
(w) Nigeria Prisons Service;
109
 What is the Importance of Cyber
Laws in Nigeria?

Cyber law is important for organizations that are exposed to risk as a result of an
inefficient cybersecurity system. These laws apply to all forms of corporate
organizations and digital systems that do business on a daily basis. Each organization
adheres to unique cybersecurity guidelines, cybersecurity legislation, cybersecurity
policies, and legal issues regulations.

110
the significant importance of cyber
law in Nigeria:

It establishes the parameters for all acts and reactions in Cyberspace.

All online transactions are guaranteed to be safe and protected.
Cyber law enforcement officials monitor all internet activity.
Protection for all data and property of individuals, organizations, and Government
Contributes to the elimination of unlawful cyber activity through due diligence
All activities and reactions carried out in any cyberspace have a legal component.
Maintains a database of all electronic records
Contributes to the establishment of electronic governance

111
What is network verification?

The purpose of a network is to transport data from the source to one or more
destinations. IT teams use network verification tools to ensure hardware, software
and network configurations will operate error-free and without any unforeseen issues.

112
How do I verify my network?

Resolution
Click the Start button, and then click Run. The Run window appears.
Type command in the text field labeled Open:, then click the OK button. The DOS
Prompt window appears.
At the blinking cursor, type ipconfig and then press the <Enter> key.
At the blinking cursor, type ping <ip>
Press the <Enter> key.

113
 How can I check my IP address
connectivity?

Ping Test
Open a command window.
Type: ping ip address. Where ip address is the IP address of the Remote Host
Daemon.
Press Enter. The test is successful if reply messages from the Remote Host
Daemon display. If there is 0% packet loss, the connection is up and running.

114
 What is high level risk
assessment?

The High-Level Risk Assessment is the starting point for risk analysis
activities, and its purpose is to define the scope of future assessments,
develop initial security level targets for devices, establish the zone and
conduit diagram, identify high risk areas for further analysis, and determine
responses

115
Different approaches to risk assessments can even be
used within a single assessment.

Qualitative Risk Assessments.

Quantitative Risk Assessments.
Generic Risk Assessments.
Site-Specific Risk Assessments.
Dynamic Risk Assessments.

116
Risk assessment
There are four parts to any good risk assessment and they are:
Asset identification
Risk Analysis
Risk likelihood & impact
Cost of Solutions

117
 1.Asset Identification
This is a complete inventory of all of your company’s assets, both physical and non-
physical. From there you’ll want to evaluate what the asset is worth. A $5,000
server’s worth is not based on its cost but a range of additional factors like what it
would cost to fixit or replace it should it break or be hacked. You may want to start
with a telecom audit, starting at $2,500, just to get a hold of what assets you
actually have out in the field.

118
 2.Risk Analysis
This is where you’ll assign both quantitative and qualitative values to risk, analyze
the probability of said risk, and strategies to reduce that risk. For example, if your
data center is where all your data storage and processing takes place, you’ll want
to mitigate that risk by taking a hybrid approach incorporating both AWS and
Azure to offload some of that compute and mitigate your risk of failure.
Simultaneously, you’ll want to look at exactly what you have in the cloud and what
impact you’ll have if one of your cloud providers fail

119
 3.Risk Likelihood & Impact
This is the part of your risk assessment where you’ll rate the probability and its
impact. Your Annual Loss Expectancy is obtained by multiplying your Single Loss
Expectancy (what it will cost) by your Annual Rate of Occurrence (how often it will
happen). This is where subjective opinions may clash but your organization should
really rely on IT experts to make these decisions and assign these values. One of the
most common mistakes that we run across in businesses are in-house data centers.
Adding colocation may seem expensive until a storm floods your data center.

120
 4.Cost of Solutions
Now is your chance to justify your budget with finance. If the cost of the solution far
outweighs the likelihood of an event, then there’s no justification. There’s no reason
to build Fort Knox for a couple of dollars and there is no reason for a Palo Alto device
with all the bells and whistles for a small home office. A SonicWall will probably do
just fine. Along that same line of thought, you can’t have an outdated firewall
protecting sensitive health or financial information

121
 Detailed engineering
Detailed engineering are studies which creates a full definition of every aspect of a
project development. Detail engineering studies are a key component for every
project development across mining, infrastructure, energy, pharmaceuticals,
chemicals, and oil and gas sectors.

122
 Detailed engineering
A detailed engineering project is the set of documents generated from the Basic
Engineering. These include all the construction details by discipline (Civil,
Mechanical, Process, Electric, Telecommunications, Instrumentation and Control,
Computer Systems) which must be approved for construction.

123
 Detailed engineering
Detailed engineering are studies which creates a full definition of every aspect of a
project development. It includes all the studies to be performed before project
construction starts. Detail engineering studies are a key component for every project
development across mining, infrastructure, energy, pharmaceuticals, chemicals,
and oil and gas sectors.
Detailed engineering is a service which is delivered for example by global
engineering companies

124
What is a mechanical completion
oil and gas?
Verification that the components, equipment and the systems are constructed,
installed and tested in accordance with applicable drawings and specifications
and are ready for testing and commissioning in a safe manner.

125
 What is mechanical completion in
commissioning?

A Mechanical Completion (M/C) is the final phase of construction activities to

verify the completeness of the constructed plant that each installed component
conforms to or is fabricated, installed, and tested in accordance with the project
specifications and procedures after all mechanical works

126
 Ethical hacking
Ethical hacking is a process of detecting vulnerabilities in an application, system, or
organization's infrastructure that an attacker can use to exploit an individual or
organization. They use this process to prevent cyberattacks and security breaches by
lawfully hacking into the systems and looking for weak points.

127
Five Phases of Ethical Hacking
Phase 1: Reconnaissance/Footprinting.
Phase 2: Scanning.
Phase 3: Gaining Access.
Phase 4: Maintaining Access.
Phase 5: Clearing Tracks.

128
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
Social Engineering Example
Hello, I'm calling from Technology for
America – we're a non-profit organization,
working to help ensure that the U.S. stays
at the forefront of computer technology.

Today we're conducting a telephone survey

about the usage of computer systems. Can
I ask you a few questions about your
computer system?

Social engineering is a collection of techniques intended to trick people into

divulging private information. Includes calls, emails, web sites, text messages,
interviews, etc.

155
 Mobile Computing
Always maintain physical control of mobile devices!

• Properly label with

classification and contact
information
• Disable wireless functionality
when it is not in use

156
Clean up cost of Cyber-attacks
 SirCam: 2.3 million computers affected
–Clean-up: $460 million
–Lost productivity: $757 million
 Code Red: 1 million computers affected
–Clean-up: $1.1 billion
–Lost productivity: $1.5 billion
 Love Bug: 50 variants, 40 million computers
affected
–$8.7 billion for clean-up and lost productivity
 Nimda
–Cost still to be determined
Secure System

158
Securing organization
in Digital world

•Network and ICT infrastructure Security

•Vulnerability and Threat Management
•Application Security
•Cloud Security
•Mobile Security
•Disaster Recovery plan
•Planning for the worst case
 Cybersecurity is a
cultural change

Cybersecurity is a cultural change that covers:

•People
•Processes
•Technology
For cybersecurity to be successful,
all the three elements must be addressed;

160
 People, Process and Technology

People must recognize that they have a fundamental

role to play in ensuring security within their
organization.

Processes must be designed to protect sensitive

information.

Technology must be used securely

161
People , Process Technology

162
 Internet Service
Provider

Internet Service Provider

An Internet Service Provider (ISP) is a company that offers
users access to the Internet. The ISP connects
its users using data transmission technology appropriate for
delivering Internet Protocol datagram, such as dial-up, DSL,
cable modem, or broadband. Contact the local ISP to report
the following incidents:
(a) Spam
(b) Denial-of-Service
(c) Hacking attempts
163
Check Your Web
Browser’s Privacy and
Security Settings 164

Almost all computers and smart phones come

already installed with one or more web browsers
(such as Safari, Firefox, Internet Explorer, Chrome
or others). The browsers come with default settings
that seek to strike a balance between keeping your
computer secure, and allowing you to get the
functionality you expect from most websites.
 Privacy and Security
Settings

The settings create limits for the extent to which the computer
will allow Internet applications – such as cookies, ActiveX and
Java – that help websites perform important functions. For
example, they may keep track of what’s in your shopping cart, or
remember your login information so you don’t have to re-enter it
every time. If your browser allows unlimited interaction with
cookies and other applications that track your Internet activity,
you may be at greater risk of a malware attack – or of being
solicited by advertising software. But if you block these
applications completely, websites may not function as efficiently.

165
 If You Use a Wireless
Router

If You Use a Wireless Router

Wireless router systems broadcast your Internet connection
over a radio signal to your computers. Failure to properly
secure this connection could potentially open your Internet
connection to other users, and expose you to potential
problems.

166
 Social Networking

Social Networking: Defend Against Phishing and

Malware Attacks
As noted previously, some posts or messages you receive
through social networking sites may actually be phishing
attacks or Trojan horses.
You also need to beware of third-party applications, such as
games and quizzes, found on some social networking sites.
Using these applications may expose your computer to
malicious code – or may make your information available to
advertisers.

167
Fundamental of Network
Security
 Confidentiality
Prevent the disclosure of sensitive information from unauthorized
people, resources, and processes

 Integrity
The protection of system information or processes from intentional
or accidental modification

 Availability
The assurance that systems and data are
accessible by authorized users when needed

168
Business Impact of Cyber
Attack

169
 Cyber Vulnerabilities
In 2001, the National Infrastructure Protection Center at the FBI
released a document summarizing the “Ten Most Critical Internet
Security Vulnerabilities.
Since that time, thousands of organizations rely on this list to prioritize
their efforts so they can close the most dangerous holes first.
The threat landscape is very dynamic, which in turn makes it
necessary to adopt newer security measures.
Just over the last few years, the kinds of vulnerabilities that are being
exploited are very different from the ones being exploited in the past.

170
Cyber Vulnerabilities

171
 Vulnerable Web Sites
 Two main avenues for exploiting web applications are:
 Password Guessing
 Attack commonly weak application interfaces with
“input fields”.

 Objective is to:
 Compromise weak credentials .
 Compromise website to gain control or
 Place malicious code for later ”drive-by downloads”

172
 Rationale for Cyber Security

1.Internet connectivity is 24/7 and it is worldwide.

2.Increase of cyber crime

3. Impact on business and individuals

4.Prolifieration of threats

5.Sophistication of threats

173
ATTACKS

174
THE RISKS

175
REGULATORY FOCUS AREAS

176
THE GENERAL DATA PROTECTION
REGULATION (GDPR)

177
 Cyber Threats
• A potential danger to information or a system
• The ability to gain unauthorized access to systems or information in order to
commit fraud, network intrusion, industrial espionage, identity theft, or
simply to disrupt the system or network
• There may be weaknesses that greatly increase the likelihood of a threat
manifesting
• Threats may include:
 Equipment failure,
 Structured attacks,
 Natural disasters,
 Physical attacks,
178
 Theft, viruses etc.
Intrusion Analysis Report

179
Types of Cyber crime
Fraud/Scams

Identity theft

Theft of Telecommunications Services

Electronic Vandalism,

Terrorism and Extortion

180
 Leading Cyber Security Threats
 Hackers and Fraudsters
 Malicious Codes
 Social Engineering
 Information Leakage Attacks
 Denial of Service (DoS)
 Buffer overflow: - DoS attack sends more traffic to a device than the
program anticipates and can handle.
 Email Attack:- Phishing and spoofed websites
 DNS Attack
 Viruses and Worms
 Physical Infrastructure Attack

181
 Malicious Code Attacks
 Refers to viruses, worms, Trojan horses, logic bombs, and other
uninvited software

 Damage personal computers, but also attack systems that are

more sophisticated

 Actual costs attributed to the presence of malicious code have

resulted primarily from system outages and staff time involved in
repairing the systems

 Costs can be significant

182
 Social Engineering
 Hacker-speak for tricking a person into revealing some confidential
information
 An attack based on deceiving users or administrators at the target site
 Done to gain illicit access to systems or useful information
 The goals of social engineering are fraud, network intrusion, industrial
espionage, identity theft, etc.
 Social Engineering relies on the followings:
 People want to help
 People want to trust
 Disguise as people in the authority
 People want to avoid inconvenience

183
 Email Attacks – Spoofing and Phishing
 Impersonate someone in authority and:
 Ask them to visit a web-site (faked website)
 Ask them to open an attachment or run update (spoofed email)
 Objective is to get the targeted user
“open the door”

Examples
 Microsoft Security Patch Download

184
Email Attacks – Spoofing and Phishing

185
Email Attacks – Spoofing and Phishing

186
 Denial of Service (DOS) attack

 Commonly used against information stores like web sites

 Simple and usually quite effective

 Does not pose a direct threat to sensitive data

 The attacker tries to prevent a service from being used and making that
service unavailable to legitimate users

 Attackers typically go for high visibility targets such as the web server, or for
infrastructure targets like routers and network links

187
 DOS – DNS Attack
 A famous DNS attack was a DDoS "ping" attack.

The attackers broke into machines on the Internet (popularly called

"zombies") and sent streams of forged packets at the DNS root servers via
intermediary legitimate machines.

 The goal was to clog the servers, and communication links on the way
to the servers, so that useful traffic was gridlocked. The assault is not
DNS-specific--the same attack has been used against several popular
Web servers in the last few years.

188
 DoS – Viruses and Worms
 Viruses or worms, which replicate across a network in various ways, can be
viewed as denial-of-service attacks where the victim is not usually
specifically targeted but simply a host unlucky enough to get the virus.
 Available bandwidth can become saturated as the virus/worm attempts to
replicate itself and find new victims.

189
 DOS – Physical Infrastructure Attack
 Someone can just simply snip your cables! Fortunately this can be quickly
noticed and dealt with.

 Other physical infrastructure attacks can include recycling systems,

affecting power to systems and actual destruction of computers or storage
devices

190
 How to curb Cyber Security
Threats

 People
 Need to understand their role
 Need to understand policies/standards/procedures
 Need to follow through on their role – Accountability
 Training and Awareness
 Rules
 Implementation and adherence to clear policies and standards
- Users authentication before network access
- Users authorization to resources
 Tools
 ID badges (2-way authentication)
 Visitor logs and service calendars
 Network perimeter security layer

191
Risk Managment

Control physical access Password protection

Develop a Security Policy

The process of assessing and quantifying risk and establishing an acceptable

level of risk for the organization

Risk can be mitigated, but cannot be eliminated

192
Incident Response 193

Security
Policy

Defined
Processes Mode of
Be Communication
Prepared

Chain of Escalation
Command Procedures
Basic Security Necessities

194
Basic Security Necessities

195
 Survival…..

“It is not the strongest of the species that

survive, nor the most intelligent, but the
one most responsive to change”
Charles Darwin
Thank You
Adebule Adebayo
B.Tech (Computer Science), OCA
Associate Member (CPN,NIM)
Email: [email protected]
Tel: 08033600367

197