Cyber Security

Module 1: Introduction to cyber security
Absolutely, Rishi! The internet is indeed a sea of both opportunities and

threats. Let’s break it down:
Opportunities:
1. Information Access: The internet provides access to a wealth of
knowledge and information, making it easier to learn about virtually
anything.
2. Communication: It allows for instant communication with anyone,
anywhere in the world, bringing people closer together.
3. Business and E-commerce: The internet has revolutionized the way we
do business, allowing for online shopping, digital marketing, and remote
work.
4. Entertainment: From streaming services to online gaming, the internet
offers a wide range of entertainment options.
5. Education: Online learning platforms and resources have made
education more accessible to people around the world.
6. Innovation: The internet fosters innovation by providing a platform for
sharing ideas and collaborating on projects.
Threats:
1. Cybercrime: As we discussed earlier, the internet can be a playground
for various types of cybercriminals, from hackers to scammers.
2. Privacy Concerns: With so much personal information online, privacy is
a major concern. Data breaches and misuse of personal information are
common threats.
3. Misinformation and Fake News: The internet can spread
misinformation and fake news rapidly, leading to confusion and even
harm.
4. Addiction: Internet addiction is a growing concern, with people
spending excessive amounts of time online, often at the expense of their
physical health and real-life relationships.
5. Cyberbullying: The anonymity of the internet can enable bullying and
harassment, leading to serious emotional harm.
So, while the internet is a powerful tool that offers numerous benefits, it’s also
important to be aware of its potential dangers and take necessary precautions
to stay safe online.
There are several types of cyber criminals, each with their own unique
methods and motivations. Here are some of them:
1. Hackers: These are individuals who gain unauthorized access to

computer systems for various reasons. Some do it for personal gain,
while others might be motivated by a desire to expose vulnerabilities or
simply for the thrill of it.
2. Organized Hackers: These are groups of hackers who work together,
often for financial gain. They might engage in activities like data
breaches, ransomware attacks, or selling stolen information on the dark
web.
3. Internet Stalkers: These individuals use the internet to harass or stalk
others. This could involve activities like cyberbullying, doxxing, or other
forms of online harassment.
4. Disgruntled Employees: These are individuals who use their access to a
company’s computer systems to cause harm, often as a form of revenge
for perceived wrongs.
5. Hacktivists: These are individuals or groups who use hacking as a form
of protest or to promote a particular political or social cause.
6. Script Kiddies: These are inexperienced individuals who use pre-written
hacking scripts or software to break into computer systems, often just
for the thrill of it.
7. State Actors: These are hackers who are sponsored by governments to
engage in cyber espionage, cyber warfare, or other cyber activities that
serve the interests of their government.
8. Scammers: These individuals use the internet to defraud people, often
through phishing scams, online auction fraud, or other forms of internet
fraud.
9. Cybercrime Groups: These are organized groups that engage in large-
scale cybercrime operations. They might be involved in activities like
identity theft, credit card fraud, or launching sophisticated cyber
attacks.
It’s important to note that these categories can overlap, and a single
individual or group might fit into multiple categories. Remember, awareness
and preventive measures are the best ways to protect yourself from these
cyber threats.
Source: GeeksforGeeks, MUO, EC-Council
Absolutely, these are often referred to as the CIA triad in cybersecurity, a

model designed to guide policies for information security within an
organization. Let’s delve into each one:
1. Confidentiality: This is about preventing unauthorized access to

information. Only authorized individuals should be able to access
certain data. Techniques to ensure confidentiality include data
encryption, two-factor authentication, and secure passwords.
2. Integrity: This ensures that the information is accurate and reliable. It
prevents unauthorized users from making modifications to the data.
Measures to maintain integrity include version control, checksums, and
file permissions.
3. Availability: This ensures that data and resources are available to
authorized users when they need them. This involves maintaining
hardware, performing upgrades as necessary, and recovering from
disasters. Techniques to ensure availability include data backups,
redundancy, failover, RAID, clustering, and high-availability
architectures.
These three principles form the cornerstone of any organization’s information

security strategy. They help to ensure that sensitive information remains
secure, reliable, and accessible to those with authorization. It’s a constant
balancing act to ensure all three principles are met without compromising any
one of them.
Types of cyber attacks
There are various types of cyber attacks that can target individuals,
organizations, and even governments. Here are some common types of cyber
attacks:
1. Phishing: Phishing attacks involve tricking individuals into revealing
sensitive information such as passwords, credit card numbers, or social
security numbers by posing as a trustworthy entity through emails, text
messages, or fake websites.
2. Malware: Malware refers to malicious software that is designed to disrupt,
damage, or gain unauthorized access to computer systems. This includes
viruses, worms, Trojans, ransomware, and spyware.
3. Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks:
These attacks aim to overwhelm a network or website with a flood of traffic,
making it inaccessible to legitimate users.
4. Man-in-the-Middle (MitM) attacks: In this type of attack, an attacker
intercepts and alters communications between two parties without their
knowledge. This allows the attacker to eavesdrop on sensitive information or
manipulate the communication.
5. SQL Injection: SQL injection attacks involve inserting malicious SQL code
into a website’s database query. This can allow attackers to access, modify, or
delete data, or even gain administrative control over a website or application.
6. Social Engineering: Social engineering attacks exploit human psychology to
deceive individuals into revealing sensitive information or performing actions
that may compromise security. This can include tactics such as impersonation,
persuasion, or manipulation.
7. Zero-day Exploits: Zero-day exploits target vulnerabilities in software or
hardware that are unknown to the vendor or have not yet been patched.
Attackers exploit these vulnerabilities before a fix is available, giving them an
advantage.
8. Ransomware: Ransomware is a type of malware that encrypts files on a
victim’s computer or network, rendering them inaccessible. The attacker then
demands a ransom in exchange for the decryption key.
It’s important to stay vigilant and take necessary precautions to protect

against these cyber attacks.
Sure, let’s talk about some of the key cybersecurity trends in Singapore and
globally.
In Singapore:
1. Fluctuations in Data Breaches: From 2020 to 2023, Singapore
experienced fluctuations in the number of records exposed in data
breaches, emphasizing the need for robust data protection measures.
2. Cybersecurity Health Report: A report by the Cyber Security Agency of
Singapore highlighted various aspects of cybersecurity, including the
frequency of cyber incidents and the types of business impact suffered.
3. Key Considerations: KPMG Singapore listed several key cybersecurity
considerations for 2024, such as meeting customer expectations,
embedding cybersecurity and privacy, navigating global boundaries,
modernizing supply chain security, unlocking the potential of AI, and
supercharging security with automation.
4. Market Growth: The Singapore cybersecurity market size is estimated
at USD 2.28 billion in 2024 and is expected to reach USD 4.82 billion by
2029.
Globally:
1. Cyber Inequity: The World Economic Forum highlighted the issue of
cyber inequity, where access to cybersecurity resources and skills is
unevenly distributed.
2. Geopolitical Tensions and New Technology: Geopolitical tensions and
the introduction of new technologies are affecting the cybersecurity
landscape.
3. Skills Gap: The shortage of skilled cybersecurity professionals is a
significant concern worldwide.
4. AI and Employee Behavior: Gartner identified generative AI, unsecure
employee behavior, and third-party risks as some of the top
cybersecurity trends for 2024.
These trends highlight the evolving nature of cybersecurity threats and the
need for continuous adaptation and innovation in the field of cybersecurity.
Sources: fca.edu.sg, CSA, KPMG Singapore, Mordor Intelligence, World
Economic Forum, Forbes, Gartner
Example of open source intelligence attack
Open Source Intelligence (OSINT) refers to the collection of information from
publicly available sources. While it’s a legitimate tool for researchers and
analysts, it can also be used maliciously in what’s known as an OSINT attack.
Here’s an example:
Example – Spear Phishing Attack:
Let’s say a cybercriminal targets a specific company. They start by gathering

publicly available information about the company and its employees. This
could include details from the company’s website, social media profiles, press
releases, and other online sources. They might find out who the CEO is, who
the head of finance is, and other key personnel. They might also gather
information about the company’s vendors, clients, and recent projects.
Once they have this information, they craft a phishing email. The email might
appear to come from the CEO, asking the head of finance to make an urgent
payment to a vendor. The email includes enough accurate details (gathered
through OSINT) to seem legitimate. If the finance head doesn’t realize it’s a
scam, they might make the payment – and the cybercriminal walks away with
the money.
This is just one example of how OSINT can be used in a cyber attack. It
highlights the importance of being careful about what information is shared
publicly and educating employees about the risks of phishing attacks.
Activity – check on account exposure
There are several common signs that may indicate your account has been
exposed or compromised:
1. Unauthorized access: If you notice any unfamiliar activity on your account,
such as unrecognized logins, password changes, or suspicious emails or
messages sent from your account, it could be a sign of exposure.
2. Password issues: If you are unable to log in to your account even with the
correct password, or if you receive notifications about password resets that
you did not initiate, it could indicate that someone else has gained access to
your account.
3. Unusual account activity: Keep an eye out for any unusual activity, such as
unfamiliar purchases, changes to account settings, or new contacts or friends
added without your knowledge.
4. Increased spam or phishing emails: If you start receiving an unusually high
number of spam emails or phishing attempts, it could mean that your account
information has been exposed.
5. Suspicious notifications: Be cautious of any notifications or alerts from your
account provider or online services that seem out of the ordinary, such as
account lockouts or requests for personal information.
If you notice any of these signs, it’s important to take immediate action to
secure your account. Change your password, enable two-factor authentication
if available, and contact the customer support of the affected account or
service for further assistance.
Remember, it’s always a good practice to regularly monitor your accounts for
any suspicious activity and use strong, unique passwords for each account to
minimize the risk of exposure.
Sure! Let’s take a look at a case study on cyber security goals in an

organization:
Case study on cyber security goals on organisation
Case Study: XYZ Corporation Cyber Security Goals
XYZ Corporation is a global technology company that specializes in

developing and manufacturing advanced electronic devices. With a large
customer base and valuable intellectual property, the company understands
the importance of maintaining a strong cyber security posture to protect its
assets and ensure the trust of its customers. Here are some of the cyber
security goals that XYZ Corporation has implemented:
1. Protecting Customer Data: One of the primary goals of XYZ Corporation is

to safeguard the personal and sensitive information of its customers. This
includes implementing robust data encryption, secure data storage practices,
and strict access controls. By prioritizing the protection of customer data,
XYZ Corporation aims to maintain customer trust and comply with relevant
privacy regulations.
2. Preventing Data Breaches: XYZ Corporation recognizes the potential
impact of a data breach on its reputation and financial stability. To mitigate
this risk, the company has implemented measures such as network firewalls,
intrusion detection systems, and regular vulnerability assessments. By
proactively identifying and addressing potential vulnerabilities, XYZ
Corporation aims to prevent unauthorized access to its systems and data.
3. Ensuring Employee Awareness: XYZ Corporation understands that cyber
security is a shared responsibility and that employees play a crucial role in
maintaining a secure environment. The company conducts regular training
sessions and awareness programs to educate employees about best practices,
such as strong password management, recognizing phishing attempts, and
reporting suspicious activities. By fostering a culture of cyber security
awareness, XYZ Corporation aims to minimize the risk of human error
leading to security incidents.
4. Incident Response and Recovery: Despite preventive measures, XYZ
Corporation acknowledges that security incidents can still occur. Therefore,
the company has established a robust incident response plan to effectively
detect, respond to, and recover from security breaches. This includes incident
monitoring, incident response team coordination, and regular testing of the
response plan to ensure its effectiveness.
5. Compliance with Regulations: XYZ Corporation operates in multiple
jurisdictions and is subject to various cyber security regulations. The
company is committed to maintaining compliance with relevant laws and
regulations, such as the General Data Protection Regulation (GDPR) and the
Payment Card Industry Data Security Standard (PCI DSS). By adhering to
these regulations, XYZ Corporation aims to demonstrate its commitment to
data protection and maintain a strong reputation in the industry.
By setting these cyber security goals and implementing appropriate measures,

XYZ Corporation strives to create a secure environment for its employees,
customers, and stakeholders. The company recognizes that cyber security is
an ongoing process and continuously evaluates and updates its strategies to
adapt to evolving threats and technologies.
Please note that this case study is fictional and provided for illustrative
purposes only.
Source: Adapted from personal knowledge and experience.
Here are some recent security incidents affecting organizations in Singapore

and how they can be mapped to cyber security goals:
1. Phishing and Ransomware Attacks: The Cyber Security Agency of

Singapore (CSA) reported an increase in phishing and ransomware attacks,
posing significant risks to organizations and individuals. These types of
attacks can compromise sensitive data and disrupt business operations. To
address this, organizations should focus on goals such as protecting customer
data, preventing data breaches, and ensuring employee awareness through
training on identifying and avoiding phishing attempts.
2. Increase in Phishing Attempts: The CSA also highlighted a surge in
phishing attempts in Singapore, with reported cases more than doubling in
2022 compared to the previous year. Phishing attempts often target employees
to gain unauthorized access to systems or steal sensitive information. To
mitigate this risk, organizations should emphasize employee awareness and
training, as well as implementing strong security measures such as multi-
factor authentication and email filtering.
3. Data Breaches and Financial Losses: Data breaches continue to be a
concern for organizations in Singapore, with some experiencing significant
financial losses as a result. To address this, organizations should prioritize
goals related to protecting customer data, preventing data breaches, and
implementing incident response and recovery plans. Regular security
assessments and vulnerability management can help identify and address
potential weaknesses in systems and processes.
4. Adoption of Cybersecurity Measures: The CSA conducted a survey on the
adoption levels of cybersecurity measures among organizations in Singapore.
Organizations should align their goals with the findings of such surveys to
ensure they are implementing best practices and industry standards.
Compliance with relevant regulations, such as the General Data Protection
Regulation (GDPR) and the Payment Card Industry Data Security Standard
(PCI DSS), should also be a priority.
By mapping these recent security incidents to cyber security goals,

organizations can identify areas for improvement and take proactive
measures to enhance their security posture. It is crucial to regularly assess and
update security measures to stay ahead of evolving threats and protect
sensitive data and systems.
Sources:
1. Phishing and Ransomware Continue to Pose Significant Risks to

Organisations and Individuals
2. CSA Releases Key Findings from Singapore Cybersecurity Health Report
2023
3. Ransomware and phishing attacks continued to threaten Singapore
organisations and individuals in 2021
4. Phishing Attempts Doubled in 2022 as Scams, Ransomware Attacks
Continue to Plague Singapore
5. 1 in 3 Singapore Organizations Lost up to $1.348m from Data Breaches
Module. 2
Cyber attack chain
The cyber attack chain, also known as the cyber kill chain, is a framework
that describes the stages or steps involved in a typical cyber attack.
Understanding the cyber attack chain can help organizations identify
potential vulnerabilities and develop effective defense strategies. Here are the
typical stages of the cyber attack chain:
1. Reconnaissance: In this initial stage, attackers gather information about

their target, such as identifying potential vulnerabilities, researching the
target’s infrastructure, or gathering information about employees or systems.
2. Weaponization: In this stage, attackers create or obtain the necessary tools,
malware, or exploit kits to carry out the attack. This may involve developing
custom malware, repurposing existing malware, or acquiring exploit tools
from the dark web.
3. Delivery: In this stage, attackers deliver the malicious payload to the
target’s system or network. Common delivery methods include phishing
emails, malicious attachments, drive-by downloads, or exploiting
vulnerabilities in software or systems.
4. Exploitation: Once the delivery is successful, the attacker exploits
vulnerabilities in the target’s systems or software to gain unauthorized access
or control. This may involve exploiting known software vulnerabilities,
misconfigurations, weak passwords, or social engineering techniques.
5. Installation: After gaining initial access, the attacker installs and deploys
the malware or tools necessary to maintain persistence and establish control
over the compromised system. This may involve installing backdoors, remote
access trojans (RATs), or other malware.
6. Command and Control (C2): In this stage, the attacker establishes
communication channels between the compromised system and their
command and control infrastructure. This allows them to remotely control
and manage the compromised systems, exfiltrate data, or launch further
attacks.
7. Lateral Movement: Once inside the network, the attacker moves laterally to
explore and compromise additional systems or escalate privileges. This may
involve exploiting vulnerabilities, compromising credentials, or using tools to
move laterally within the network.
8. Data Exfiltration: At this stage, the attacker identifies and exfiltrates
valuable data or information from the compromised systems. This could
include sensitive customer data, intellectual property, financial information,
or other valuable assets.
9. Actions on Objectives: In the final stage, the attacker achieves their
primary objectives, which could vary depending on their motivations. This
may involve causing disruption, stealing sensitive information, conducting
espionage, or launching further attacks.
It’s important to note that the cyber attack chain is not always linear, and
attackers may iterate or repeat stages depending on their goals and the
defenses in place. Understanding the cyber attack chain can help
organizations implement effective security measures at each stage to detect,
prevent, or mitigate cyber attacks.
Sources:
- MITRE ATT&CK Framework

- Cyber Kill Chain: The 7 Steps of a Targeted Cyber Attack
Security controls
Security controls play a crucial role in protecting systems and data from
various threats. Here are some commonly used security controls:
1. Antivirus: Antivirus software is designed to detect, prevent, and remove
malicious software, such as viruses, worms, and Trojans. It scans files and
programs for known patterns of malicious code and takes actions to mitigate
the threat.
2. Security Monitoring: Security monitoring involves the continuous
monitoring and analysis of system logs, network traffic, and other security-
related events to detect and respond to potential security incidents. This
control helps in identifying unauthorized access attempts, unusual behavior,
and other indicators of compromise.
3. Intrusion Prevention Systems (IPS): IPS is a network security control that
monitors network traffic for malicious activities and takes proactive measures
to prevent unauthorized access or attacks. It can detect and block suspicious
traffic, such as network-based attacks, malware, and intrusion attempts.
4. Identity and Access Management (IAM): IAM controls are used to manage
and control user identities, access rights, and privileges within an
organization’s systems and applications. It ensures that only authorized
individuals have access to the resources they need and helps prevent
unauthorized access or data breaches.
5. Biometrics: Biometric security controls use unique physical or behavioral
characteristics, such as fingerprints, facial recognition, or iris scans, to verify
and authenticate the identity of individuals. Biometrics provides an additional
layer of security beyond traditional username and password methods.
6. Security Scanners: Security scanners are tools used to identify
vulnerabilities and weaknesses in systems, networks, and applications. They
scan for known security flaws, misconfigurations, and outdated software
versions, helping organizations identify and remediate potential security risks.
Security controls are measures implemented to protect systems, networks, and

data from potential threats and vulnerabilities. They help organizations
mitigate risks, enforce security policies, and ensure the confidentiality,
integrity, and availability of their resources. Here are some common types of
security controls:
1. Administrative Controls: Administrative controls are policies, procedures,
and guidelines that govern the overall security practices within an
organization. They include activities such as security awareness training,
incident response planning, access control policies, and risk management
processes.
2. Physical Controls: Physical controls are measures implemented to secure
physical assets and resources. They include physical access controls like locks,
biometric systems, surveillance cameras, and secure areas to protect servers,
data centers, and other critical infrastructure.
3. Technical Controls: Technical controls are security measures implemented
through technology. They include:
- Access Controls: Access controls restrict user access to systems, networks,

and data based on their roles and permissions. This includes authentication
mechanisms, such as passwords, biometrics, and multi-factor authentication,
as well as authorization mechanisms to control what resources users can
access.
- Firewalls: Firewalls monitor and control network traffic based on
predetermined security rules. They act as a barrier between internal and
external networks, preventing unauthorized access and protecting against
network-based threats.
- Intrusion Detection and Prevention Systems (IDS/IPS): IDS/IPS systems
monitor network traffic and detect potential security breaches or malicious
activities. They can generate alerts or take preventive actions to block or
mitigate attacks.
- Encryption: Encryption protects data by converting it into an unreadable
format using cryptographic algorithms. It ensures that even if data is
intercepted, it remains secure and confidential.
- Security Information and Event Management (SIEM): SIEM systems collect
and analyze security event logs from various sources to detect and respond to
security incidents. They provide real-time visibility into security events and
help identify patterns or anomalies.
4. Operational Controls: Operational controls are procedures and processes
that ensure the ongoing security of systems and data. They include activities
such as regular system patching, vulnerability management, backup and
recovery processes, and secure configuration management.
5. Legal and Compliance Controls: Legal and compliance controls ensure that
organizations adhere to relevant laws, regulations, and industry standards.
They include activities such as privacy policies, data protection measures, and
regular audits to ensure compliance.
It’s important to note that security controls should be implemented in layers

and work together to provide a comprehensive security posture. The selection
and implementation of security controls should be based on the organization’s
specific security requirements, risk tolerance, and regulatory obligations.
Remember, security controls should be regularly reviewed, updated, and

tested to ensure their effectiveness and alignment with evolving threats and
technologies. It’s recommended to consult with security professionals and
follow industry best practices when implementing and managing security
controls.
These security controls work together to create a layered defense system,

protecting against a wide range of threats. It’s important for organizations to
implement and regularly update these controls to maintain a strong security
posture.
Please note that the effectiveness of these controls may vary depending on the
specific implementation and configuration. Organizations should assess their
unique security requirements and consult with cybersecurity professionals to
determine the most appropriate controls for their environment.
Sources:
- National Institute of Standards and Technology (NIST)

- Cisco
Threat modelling
Threat modeling is a proactive approach to identifying and assessing potential
threats to an organization’s systems, networks, and data. It helps
organizations understand their assets, vulnerabilities, and potential attack
vectors, enabling them to prioritize and implement effective security controls.
Here is a general framework for threat modeling against organizations:
1. Identify Assets: Begin by identifying the critical assets within your

organization. These can include sensitive data, intellectual property, customer
information, infrastructure, and systems.
2. Define the Threat Model Scope: Determine the scope of your threat model.
This could be a specific application, a network segment, or the entire
organization’s infrastructure.
3. Identify Threat Actors: Identify potential threat actors who may target your
organization. These can include external hackers, insiders, competitors, or
nation-state actors. Understanding the motivations and capabilities of these
threat actors will help you assess the likelihood and impact of potential
attacks.
4. Enumerate Threat Vectors: Identify the various ways in which a threat
actor could exploit vulnerabilities to compromise your assets. This can include
network attacks, social engineering, insider threats, or physical attacks.
5. Assess Vulnerabilities: Identify and assess vulnerabilities within your
systems, networks, and processes. This can be done through vulnerability
scanning, penetration testing, code reviews, or configuration assessments.
Prioritize vulnerabilities based on their severity and potential impact.
6. Analyze Risks: Analyze the risks associated with each identified threat and
vulnerability. Consider the likelihood of an attack occurring, the potential
impact on your organization, and the effectiveness of existing security controls
in mitigating the risk.
7. Implement Mitigation Measures: Based on the identified risks, implement
appropriate mitigation measures. This can include implementing security
controls, patching vulnerabilities, training employees on security best
practices, and monitoring systems for suspicious activities.
8. Review and Update: Regularly review and update your threat model as new
threats emerge, technologies change, or your organization’s assets and
infrastructure evolve. Threat modeling should be an ongoing process to ensure
continuous security improvement.
It’s important to note that threat modeling should be tailored to the specific
needs and characteristics of your organization. Consider involving security
professionals or experts who can provide guidance and expertise in
conducting a thorough threat modeling exercise.
Remember, the goal of threat modeling is to proactively identify and address

potential threats, not to engage in malicious activities. Always prioritize
ethical and responsible practices when it comes to cybersecurity.
Mapping security controls against the cyber attack chain is a useful approach
to understanding how different security measures can mitigate specific stages
of an attack. Here’s a general mapping of security controls against the cyber
attack chain:
1. Reconnaissance: During this stage, attackers gather information about

their target. Security controls that can help mitigate reconnaissance
include:
- Implementing strong access controls and permissions to limit the exposure of
sensitive information.
- Monitoring and analyzing network traffic for suspicious activities using
intrusion detection systems (IDS) or intrusion prevention systems (IPS).
- Conducting regular vulnerability assessments and penetration testing to
identify and address potential weaknesses in systems and networks.
2. Weaponization: In this stage, attackers create or obtain malicious tools

or exploit payloads. Security controls that can help mitigate
weaponization include:
- Implementing strong email security measures, such as spam filters and email
authentication protocols, to prevent the delivery of malicious attachments or
links.
- Using endpoint protection solutions, such as antivirus software and endpoint
detection and response (EDR) systems, to detect and block malicious code
execution.
4. Delivery: Attackers deliver the weaponized payload to the target.

Security controls that can help mitigate delivery include:
- Implementing network firewalls and intrusion prevention systems (IPS) to
filter and block malicious network traffic.
- Using email security solutions to detect and block malicious attachments or
links.
- Educating employees about phishing and social engineering techniques to
help them recognize and report suspicious emails or messages.
3. Exploitation: Attackers exploit vulnerabilities to gain unauthorized
access or control. Security controls that can help mitigate exploitation
include:
- Regularly applying security patches and updates to systems and software to

address known vulnerabilities.
- Implementing strong access controls and least privilege principles to limit
the impact of successful exploitation.
- Conducting regular penetration testing to identify and address
vulnerabilities before attackers can exploit them.
4. Installation: Attackers install malware or establish a foothold within the

target environment. Security controls that can help mitigate installation
include:
- Using endpoint protection solutions to detect and block malicious code
execution.
- Implementing network segmentation and access controls to limit lateral
movement within the network.
- Monitoring and analyzing system logs and network traffic for signs of
unauthorized activity.
5. Command and Control: Attackers establish communication channels

with compromised systems. Security controls that can help mitigate
command and control include:
- Implementing network traffic monitoring and analysis tools to detect and

block suspicious outbound connections.
- Using intrusion detection and prevention systems (IDS/IPS) to identify and
block command and control traffic.
- Implementing strong network segmentation and access controls to limit the
spread of the attack.
6. Actions on Objectives: Attackers achieve their goals, such as data

exfiltration or system disruption. Security controls that can help
mitigate actions on objectives include:
- Implementing data loss prevention (DLP) solutions to monitor and prevent
unauthorized data exfiltration.
- Implementing backup and disaster recovery solutions to enable quick
recovery in the event of a successful attack.
- Conducting regular security awareness training for employees to help them
identify and report suspicious activities.
Remember, the effectiveness of security controls may vary depending on the

specific attack scenario and the organization’s unique environment. It’s
important to regularly assess and update security controls to address
emerging threats and vulnerabilities. Consulting with security professionals
can provide valuable insights and guidance for mapping security controls
against the cyber attack chain in your specific contexj
Password Security
Password security is crucial in protecting your personal and sensitive data
from unauthorized access. Here are some tips to maintain strong password
security:
1. Complexity: Use a mix of letters, numbers, and special characters. Try to

avoid common words or phrases.
2. Length: A longer password is generally more secure. Aim for at least 12
characters.
3. Uniqueness: Don’t use the same password for multiple accounts. If one
account gets compromised, others could be at risk.
4. Change Regularly: It’s a good practice to change your passwords
periodically, and especially if you suspect they may have been compromised.
5. Two-Factor Authentication: Whenever possible, enable two-factor
authentication. This adds an extra layer of security as it requires a second
piece of evidence – like a text message code – in addition to your password.
6. Password Managers: Consider using a password manager. They generate
and store complex passwords for you, reducing the risk of forgetting them or
writing them down.
7. Avoid Sharing: Never share your passwords with anyone.
8. Avoid Obvious Information: Don’t use easily guessable information like
your name, birth date, or common words.
Remember, maintaining good password security is a key part of protecting
your online identity and personal information. Stay safe online! 😊
Brute force attack

A brute force attack is a hacking method that uses trial and error to crack
passwords, login credentials, and encryption keys. It’s a simple yet reliable
tactic for gaining unauthorized access to individual accounts and
organizations’ systems and networks.
In this technique, attackers use trial and error to guess the information they
require, testing every possible combination. For example, they repeatedly try
many possible login credentials or password combinations until they finally
guess correctly. Once successful, the actor can enter the system masquerading
as the legitimate user and remain inside until they are detected.
To protect against brute force attacks, it’s important to:
1. Use complex passwords: As mentioned before, complex and long passwords

are harder to crack.
2. Enable account lockouts or delays after a certain number of failed attempts:
This can slow down or deter brute force attacks.
3. Use two-factor authentication: This adds an additional layer of security.
4. Monitor account activity: Unusual activity can be a sign of a brute force
attack.
It’s worth noting that if your website requires user authentication, you are a
potential target for a brute-force attack, so it’s crucial to take these
precautions.
Source: Fortinet, CrowdStrike, Splunk, Kaspersky, OWASP Foundation

There are several ways to check if your passwords have been previously
exposed or compromised:
1. Have I Been Pwned: This is an online platform where you can enter your
email address or phone number to see if it has been compromised in any data
breaches. They also offer a ‘Pwned Passwords’ feature where you can check if
a password has previously appeared in a data breach.
2. Browser Tools: Some browsers, like Microsoft Edge, have built-in features
that automatically check your saved passwords against a database of known
compromised passwords. If any of your passwords are found in this database,
you’ll be prompted to change them.
3. Operating System Tools: Both Android and iOS have tools that can help
you find and change compromised passwords.
4. Password Manager Apps: Many password manager apps have features that
alert you if your passwords have been compromised.
5. Privacy Monitor from Clean Email: This service can also help you check for
compromised passwords.
Remember, if you find out that one of your passwords has been compromised,
it’s crucial to change it immediately to protect your data.
Source: Have I Been Pwned, Microsoft Edge Learning Center, Clean Email
Password strength
Password strength is a measure of the effectiveness of a password in resisting

guessing and brute-force attacks. The strength of a password is determined by
its complexity, length, and unpredictability. Here are some factors that
contribute to a strong password:
1. Length: The longer your password, the harder it is to crack. Aim for at least
12 characters.
2. Complexity: Include a mix of upper and lower case letters, numbers, and
special characters.
3. Unpredictability: Avoid using predictable patterns or sequences (like
“12345” or “qwerty”), common phrases, or personal information that could
be easily guessed (like your name or birthdate).
4. Uniqueness: Don’t reuse passwords. Each of your accounts should have a
unique password.
5. Variation: Change your passwords periodically, and especially if you
suspect they may have been compromised.
A strong password is your first line of defense against unauthorized access to
your personal information, so it’s important to take the time to create and
manage your passwords carefully.
Multifactor authentication (MFA)
Multifactor authentication (MFA), also known as two-factor authentication

(2FA), is an additional layer of security used to protect your online accounts.
It requires users to provide two or more pieces of evidence to verify their
identity before granting access. The most common factors used in multifactor
authentication are:
1. Something you know: This is typically a password or a PIN that only you
should know.
2. Something you have: This can be a physical device, such as a smartphone or
a hardware token, that generates a unique code or receives a push
notification.
3. Something you are: This refers to biometric factors, such as fingerprint or
facial recognition.
By combining multiple factors, multifactor authentication significantly

enhances the security of your accounts. Even if someone obtains your
password, they would still need access to your physical device or biometric
data to gain entry.
Here’s how multifactor authentication typically works:
1. You enter your username and password as the first factor.

2. You are then prompted to provide the second factor, which can be a code
generated by an authentication app, received via SMS, or a biometric scan.
3. Once both factors are verified, you gain access to your account.
Enabling multifactor authentication adds an extra layer of protection against

unauthorized access and helps prevent identity theft and data breaches. Many
online platforms and services offer the option to enable MFA, and it’s highly
recommended to enable it whenever possible.
Remember to choose strong and unique passwords in combination with

multifactor authentication for the best security.
Source: Personal knowledge

A brute force attack is a hacking method that uses trial and error to crack
passwords, login credentials, and encryption keys. It’s a simple yet reliable
tactic for gaining unauthorized access to individual accounts and
organizations’ systems and networks.
In this technique, attackers use trial and error to guess the information they
require, testing every possible combination. For example, they repeatedly try
many possible login credentials or password combinations until they finally
guess correctly. Once successful, the actor can enter the system masquerading
as the legitimate user and remain inside until they are detected.
To protect against brute force attacks, it’s important to:
1. Use complex passwords: As mentioned before, complex and long passwords

are harder to crack.
2. Enable account lockouts or delays after a certain number of failed attempts:
This can slow down or deter brute force attacks.
3. Use two-factor authentication: This adds an additional layer of security.
4. Monitor account activity: Unusual activity can be a sign of a brute force
attack.
It’s worth noting that if your website requires user authentication, you are a
potential target for a brute-force attack, so it’s crucial to take these
precautions.
Source: Fortinet, CrowdStrike, Splunk, Kaspersky, OWASP Foundation
Account security is essential to protect your personal information and prevent

unauthorized access to your online accounts. Here are some important
practices to enhance your account security:
1. Strong and Unique Passwords: Use complex passwords that include a

combination of uppercase and lowercase letters, numbers, and special
characters. Avoid using easily guessable information like your name or
birthdate. Additionally, ensure that you use a unique password for each of
your accounts to prevent one compromised account from affecting others.
2. Multifactor Authentication: Enable multifactor authentication (MFA) or
two-factor authentication (2FA) whenever possible. This adds an extra layer of
security by requiring an additional verification step, such as a code sent to
your mobile device, to access your account.
3. Regularly Update and Change Passwords: Regularly update your
passwords and change them periodically. This reduces the risk of
unauthorized access, especially if your password has been compromised.
4. Beware of Phishing Attacks: Be cautious of phishing attempts where
attackers try to trick you into revealing your login credentials or personal
information. Avoid clicking on suspicious links or providing sensitive
information through email or unfamiliar websites.
5. Keep Software and Devices Updated: Regularly update your operating
system, web browsers, and other software to ensure you have the latest
security patches and protections against vulnerabilities.
6. Use Secure Networks: Be cautious when accessing your accounts on public
Wi-Fi networks, as they can be insecure. Whenever possible, use a secure and
trusted network or consider using a virtual private network (VPN) for added
security.
7. Monitor Account Activity: Regularly review your account activity and
notifications for any suspicious or unauthorized activity. If you notice
anything unusual, report it immediately to the service provider.
8. Use Account Recovery Options: Set up account recovery options, such as
alternate email addresses or phone numbers, to regain access to your account
in case you forget your password or get locked out.
9. Be Wary of Third-Party Apps and Permissions: Be cautious when granting
permissions to third-party apps or services that require access to your
accounts. Only provide access to trusted and reputable applications.
10. Regularly Back Up Data: Regularly back up important data from your
accounts to ensure you can recover it in case of any security incidents or data
loss.
By following these best practices, you can significantly enhance the security of
your online accounts and protect your personal information from
unauthorized access.

Account security is crucial for all types of accounts, including email accounts,
social media accounts, and bank accounts. Here are some specific measures
you can take to enhance the security of each type of account:
Email Accounts:
1. Strong Password: Use a strong and unique password for your email
account.
2. Enable Two-Factor Authentication (2FA): Set up two-factor authentication
for your email account to add an extra layer of security.
3. Beware of Phishing: Be cautious of suspicious emails asking for personal
information or login credentials. Avoid clicking on links or downloading
attachments from unknown sources.
4. Regularly Update Recovery Information: Keep your recovery email address
and phone number up to date so you can regain access to your account if
needed.
5. Monitor Account Activity: Regularly review your email account’s activity
and check for any unauthorized access or suspicious activity.
Social Media Accounts:
1. Strong and Unique Password: Use a strong and unique password for each
social media account.
2. Enable Two-Factor Authentication (2FA): Enable two-factor authentication
for your social media accounts to provide an extra layer of security.
3. Review Privacy Settings: Regularly review and adjust your privacy settings
to control who can see your posts and personal information.
4. Be Cautious of Third-Party Apps: Be cautious when granting permissions
to third-party apps and ensure they are trustworthy.
5. Monitor Account Activity: Keep an eye on your social media account
activity and report any suspicious or unauthorized access.
Bank Accounts:
1. Strong and Unique Password: Use a strong and unique password for your
bank account.
2. Enable Two-Factor Authentication (2FA): If your bank offers it, enable two-
factor authentication for your online banking.
3. Use Secure Networks: Only access your bank accounts from secure and
trusted networks.
4. Monitor Account Activity: Regularly review your bank account statements
and activity for any unauthorized transactions.
5. Keep Contact Information Updated: Ensure your bank has your current
contact information to receive important security alerts and notifications.
In addition to these specific measures, it’s important to follow general account

security practices like regularly updating your software and devices, being
cautious of suspicious emails or links, and using strong and unique passwords
for all your accounts.
Remember, maintaining strong security practices across all your accounts is

crucial to protect your personal information and financial well-being.
Phishing scams related to organizations can take various forms and target
individuals within those organizations. Here are some common types of
phishing attacks related to organizations:
1. Email Phishing: Phishing emails are one of the oldest and most common
types of phishing attacks. Attackers send fraudulent emails that appear to
come from a trustworthy source, such as a colleague or a higher-ranking
employee, to trick individuals into revealing sensitive information or clicking
on malicious links.
2. Spear Phishing: Spear phishing involves targeting specific individuals
within an organization. Attackers gather information about their targets, such
as their name, position, and contact details, to personalize the phishing
attempt and make it more convincing.
3. Whaling: Whaling, also known as CEO fraud, targets high-level executives
within organizations. Attackers conduct research on the CEO or other senior
leaders, gather information from social media or corporate websites, and then
impersonate them to trick employees into performing actions like wire
transfers or sharing sensitive information.
4. Pharming: Pharming involves redirecting users to fraudulent websites that
mimic legitimate ones. Attackers manipulate DNS settings or inject malicious
code to redirect users to fake websites where they unknowingly enter their
login credentials or other sensitive information.
5. Watering Hole Phishing: In watering hole phishing, attackers compromise
websites that are frequently visited by employees of a targeted organization.
When employees visit these compromised websites, they unknowingly
download malware or are redirected to phishing pages.
6. Smishing: Smishing is a form of phishing that occurs through SMS or text
messages. Attackers send text messages pretending to be from legitimate
sources, such as banks or organizations, to trick individuals into revealing
personal information or clicking on malicious links.
It’s important to stay vigilant and be cautious of these types of phishing

attacks. Be wary of unsolicited emails, messages, or requests for sensitive
information, and always verify the authenticity of the sender before taking
any action.
Sources: UpGuard, Norton, Fortinet, CSO Online, Privacy Ninja
Open Source Intelligence (OSINT) refers to the collection and analysis of

publicly available information from various sources, including websites, social
media platforms, news articles, public records, and more. OSINT is used to
gather information and insights about individuals, organizations, events, or
any other subject of interest.
In the context of cybersecurity, OSINT plays a crucial role in gathering

intelligence about potential threats, vulnerabilities, and risks. Here’s how
OSINT is used in cybersecurity:
1. Threat Intelligence: OSINT is used to gather information about potential

threats, such as emerging malware, hacking techniques, or vulnerabilities in
software or systems. This information helps cybersecurity professionals stay
informed and take proactive measures to protect their networks and systems.
2. Attack Surface Discovery: OSINT helps identify an organization’s digital
footprint, including publicly accessible systems, websites, and online services.
By understanding their attack surface, organizations can assess potential
vulnerabilities and take necessary steps to secure their infrastructure.
3. Social Engineering: OSINT is used to gather information about individuals
or organizations that can be exploited in social engineering attacks. Attackers
may use publicly available information to craft convincing phishing emails or
impersonate individuals to gain unauthorized access.
4. Threat Actor Profiling: OSINT is used to gather information about threat
actors, such as their motivations, techniques, and infrastructure. This
information helps in understanding the tactics, techniques, and procedures
(TTPs) employed by threat actors and enables better threat hunting and
incident response.
5. Brand Protection: OSINT is used to monitor online platforms and social
media for brand-related risks, such as impersonation, reputation damage, or
unauthorized use of intellectual property. By monitoring and responding to
such risks, organizations can protect their brand and reputation.
6. Vulnerability Research: OSINT is used to gather information about known
vulnerabilities in software, systems, or devices. This information helps
organizations prioritize patching and security updates to mitigate potential
risks.
It’s important to note that while OSINT provides valuable insights, it should
be used ethically and within legal boundaries. Organizations should also
consider privacy implications when collecting and analyzing publicly available
information.
Overall, OSINT is a valuable tool in the cybersecurity arsenal, helping

organizations gather intelligence, identify risks, and enhance their overall
security posture.
Sources: Personal knowledge, Recorded Future, Cybersecurity Insiders,

Digital Guardian
There are various types of scams related to organizations that individuals
should be aware of. Here are some common ones:
1. Phishing Scams: Phishing scams involve fraudsters impersonating
legitimate organizations, such as banks or government agencies, and tricking
individuals into revealing sensitive information like passwords, usernames, or
credit card details. This can occur through email, SMS, or fake websites.
2. SMS Phishing (Smishing) Scams: Smishing scams involve fraudsters
sending deceptive text messages pretending to be from a reputable
organization. The messages often contain requests for personal information or
ask recipients to click on malicious links.
3. Job Scams: Job scams target job seekers by offering fake employment
opportunities or work-from-home schemes. Scammers may request personal
information, payment for training or equipment, or even ask victims to cash
fraudulent checks.
4. E-commerce Scams: E-commerce scams involve fraudulent online sellers
who deceive buyers by offering counterfeit or non-existent products. Victims
may make payments but never receive the purchased items.
5. Investment Scams: Investment scams lure individuals with promises of high
returns on investments or insider information. Scammers may use persuasive
tactics to convince victims to invest in fraudulent schemes or fake companies.
It’s important to stay vigilant and take precautions to protect yourself from
these scams. Be wary of unsolicited communications, double-check the
legitimacy of websites and messages, and avoid sharing personal or financial
information unless you are certain of the recipient’s authenticity.
If you encounter any suspicious activity or believe you have been targeted by a
scam, report it to the relevant authorities or the organization being
impersonated.
Sources: The Straits Times, FCA Education, Tech.gov.sg, Business.com

Sure, I can help you with that! Here’s some information and tips for each of
the tasks you mentioned:
1. Password Strength Checker:
2. To check the strength of your passwords, you can use online tools or
password managers that provide password strength analysis. These
tools usually evaluate the complexity, length, and uniqueness of your
passwords. They can also suggest improvements to make your
passwords stronger. It’s important to use strong and unique passwords
for each of your accounts to enhance security.
3. Multi-Factor Authentication (MFA):
4. Enabling multi-factor authentication adds an extra layer of security to
your accounts. It requires you to provide an additional verification
method, such as a code sent to your mobile device, in addition to your
password. This helps protect your accounts even if your password is
compromised. Most online services, including social media platforms,
email providers, and financial institutions, offer MFA options in their
account settings.
4. Adjusting Privacy Settings for Social Media Accounts:
5. To enhance your privacy on social media platforms, you can review and
adjust the privacy settings for your accounts. These settings allow you to
control who can see your posts, photos, personal information, and who
can contact you. You can also limit the visibility of your profile to
specific groups of people, such as friends only. Take some time to
explore the privacy settings of each social media platform you use and
customize them according to your preferences.
6. Checking for Online Account Activity:
7. Regularly monitoring your online account activity is essential for
detecting any unauthorized access or suspicious activity. Most online
services provide options to view your account activity history, where you
can see the devices, locations, and IP addresses associated with your
account. If you notice any unfamiliar activity, such as login attempts
from unknown locations or devices, it’s important to take immediate
action, such as changing your password and contacting the service
provider if necessary.
5. Open Source Intelligence (OSINT) for Company Information:
6. Open source intelligence refers to gathering information from publicly
available sources. To search for information about a company using
OSINT, you can start by using search engines to find news articles, press
releases, and official websites related to the company. You can also
explore social media platforms, business directories, and professional
networking sites for additional information. Keep in mind that the
information you find may not always be up-to-date or accurate, so it’s
important to verify the credibility of your sources.
I hope these tips help you with the tasks you mentioned! Let me know if you
have any more questions or if there’s anything else I can assist you with.
Certainly! Here are some security risks and recommendations related to
wireless networks, mobile devices, laptops, USB devices, and web cameras:
1. Wireless Networks:
- Security Risk: Unauthorized access to the wireless network, known as Wi-Fi

hacking, can lead to data theft, unauthorized network usage, and potential
attacks on connected devices.
- Recommendations:
- Use strong and unique passwords for your Wi-Fi network.
- Enable network encryption, such as WPA2 or WPA3, to protect your
wireless communication.
- Regularly update the firmware of your wireless router to ensure it has the
latest security patches.
- Disable network features like WPS (Wi-Fi Protected Setup) that can be
vulnerable to attacks.
- Consider using a separate guest network for visitors to limit their access to
your main network.
2. Mobile Devices:
- Security Risk: Mobile devices are vulnerable to various risks, including
malware infections, data breaches, and physical theft.
- Recommendations:
- Set a strong PIN, password, or biometric authentication (e.g., fingerprint or
face recognition) to lock your device.
- Regularly update your device’s operating system and applications to patch
security vulnerabilities.
- Avoid downloading apps from untrusted sources and only use official app
stores.
- Install a reputable mobile security app to protect against malware and other
threats.
- Enable remote tracking and wiping features to locate or erase your device in
case of loss or theft.
3. Laptops:
- Security Risk: Laptops are susceptible to theft, malware infections, and
unauthorized access, which can result in data loss or compromise.
- Recommendations:
- Use full-disk encryption to protect the data on your laptop in case it gets
stolen.
- Keep your operating system, antivirus software, and applications up to date
with the latest security patches.
- Enable a strong login password and consider using multi-factor
authentication for added security.
- Be cautious when connecting to public Wi-Fi networks, as they may be
insecure. Use a VPN (Virtual Private Network) for secure browsing.
- Regularly backup your important data to an external storage device or cloud
service.
3. USB Devices:
- Security Risk: USB devices can introduce malware, viruses, or unauthorized
software into your system, leading to data breaches or system compromise.
- Recommendations:
- Avoid using USB devices from unknown or untrusted sources.
- Scan USB devices with antivirus software before accessing any files.
- Disable the autorun feature on your computer to prevent automatic
execution of programs from USB devices.
- Consider using USB data blockers or secure USB devices that only allow
data transfer and block any potentially harmful activities.
5. Web Cameras:
- Security Risk: Web cameras can be compromised by hackers, allowing
unauthorized access to your personal space and potentially recording sensitive
information.
- Recommendations:
- Keep your operating system and webcam firmware up to date with the latest
security patches.
- Cover your webcam with a physical shutter or use a webcam cover when not
in use.
- Be cautious when granting webcam access to applications and websites. Only
allow access to trusted and necessary sources.
- Regularly scan your computer for malware that may be accessing your
webcam without your knowledge.
- Consider using a dedicated security solution that monitors and alerts you to
any unauthorized webcam access.
Remember, these are general recommendations, and it’s important to assess

and implement security measures based on your specific needs and
circumstances. Stay vigilant and regularly update your security practices to
protect your devices and data.
If you have any more questions or need further assistance, feel free to ask!se
Risk management and cybersecurity risks for organisations
Sure, I can provide you with some information on risk management and
cybersecurity risks for organizations.
1. Perimeter of Exposure:
2. The perimeter of exposure refers to the extent to which an
organization’s assets, systems, and data are exposed to potential risks. It
involves identifying and assessing the vulnerabilities and potential
threats that can impact the organization’s security. By understanding
the perimeter of exposure, organizations can prioritize their risk
management efforts and implement appropriate security measures to
protect their assets.
2. Cybersecurity Risks Examples:

a. Phishing Attacks: Phishing is a common cybersecurity risk where attackers
send fraudulent emails or messages to trick individuals into revealing sensitive
information, such as passwords or credit card details. These attacks can lead
to data breaches, financial loss, and reputational damage for organizations.
b. Malware Infections: Malware refers to malicious software that can infect
systems and networks, causing damage or unauthorized access. Examples
include ransomware, which encrypts data and demands a ransom for its
release, and spyware, which steals sensitive information.
c. Insider Threats: Insider threats involve employees, contractors, or partners

who misuse their authorized access to intentionally or unintentionally harm
the organization’s security. This can include data theft, sabotage, or accidental
disclosure of sensitive information.
d. Distributed Denial of Service (DDoS) Attacks: DDoS attacks aim to

overwhelm a target’s network or website with a flood of traffic, making it
inaccessible to legitimate users. These attacks can disrupt business operations,
cause financial loss, and damage the organization’s reputation.
e. Data Breaches: Data breaches occur when unauthorized individuals gain

access to sensitive data, such as customer information or intellectual property.
This can result in financial loss, legal implications, and loss of customer trust.
f. Social Engineering: Social engineering involves manipulating individuals to

gain unauthorized access to systems or sensitive information. This can include
tactics like impersonation, pretexting, or baiting.
g. Weak Passwords and Authentication: Weak passwords and inadequate

authentication mechanisms can make it easier for attackers to gain
unauthorized access to systems and data. This can lead to unauthorized data
access, privilege escalation, and unauthorized activities.
It’s important for organizations to implement robust cybersecurity measures,
including regular security assessments, employee training, strong access
controls, and incident response plans, to mitigate these risks.
Please note that this is not an exhaustive list, and cybersecurity risks can vary
depending on the industry, organization, and technological landscape. It’s
important for organizations to conduct comprehensive risk assessments and
stay updated on emerging threats to effectively manage cybersecurity risks.
If you need more specific examples or have any other questions, feel free
to ask!
Certainly! Here’s some information on social engineering, including tactics

and techniques used in social engineering, as well as key principles such as
authority, intimidation, social proof, scarcity, urgency, and familiarity:
Social engineering is a technique used by malicious individuals to manipulate

and deceive people into divulging sensitive information or performing actions
that may compromise security. It relies on exploiting human psychology and
trust to bypass technical security measures.
1. Authority:
2. Social engineers may pose as someone in a position of authority to gain
trust and compliance from their targets. For example, they may
impersonate a manager, IT personnel, or a government official to
convince individuals to disclose sensitive information or perform
actions.
Example: A social engineer pretending to be an IT technician contacts an
employee, claiming there is a security issue with their computer and requests
their login credentials to resolve the problem.
3. Intimidation:
4. Social engineers may use intimidation tactics to pressure individuals
into providing information or taking certain actions. They create a sense
of urgency and fear of consequences to manipulate their targets.
Example: A social engineer threatens an individual with legal action or job

loss if they don’t immediately provide access to confidential data.
3. Social Proof:
4. Social engineers leverage the tendency of individuals to follow the
actions of others. They create a perception of trust and credibility by
referencing other people or organizations to influence their targets.
Example: A social engineer claims that many other employees have already
shared their login credentials for a supposed security audit, encouraging the
target to do the same.
5. Scarcity:
6. Social engineers exploit the fear of missing out or losing an opportunity
by creating a sense of scarcity. They make their targets believe that time
or resources are limited, thereby pressuring them to act quickly.
Example: A social engineer claims that there are limited spots available for a
special training session and convinces individuals to provide personal
information to secure their spot.
5. Urgency:
6. Social engineers create a sense of urgency to bypass critical thinking
and convince individuals to act without considering potential risks or
consequences.
Example: A social engineer poses as a bank representative and claims that

there has been suspicious activity on the target’s account, urging them to
provide personal information immediately to prevent further unauthorized
access.
7. Familiarity:
8. Social engineers exploit the trust that individuals place in familiar faces
or organizations. They may use personal information or publicly
available details to create a sense of familiarity and establish a
connection with their targets.
Example: A social engineer pretends to be a colleague or a friend of the target,

using shared interests or experiences to gain trust and convince them to share
sensitive information.
It’s important to be aware of these social engineering tactics and principles to

protect yourself and your organization. Regular security awareness training,
strong authentication practices, and skepticism towards unsolicited requests
for information or actions can help mitigate the risks associated with social
engineering attacks.
If you have any more questions or need further assistance, feel free to ask!
Sure! Here’s some information on common social engineering vectors,
including vishing, phishing, smishing, impersonation, and how to distinguish
between real and phishing websites:
1. Vishing (Voice Phishing):
Vishing is a social engineering vector that involves using phone calls or
voice messages to deceive individuals into providing sensitive
information or taking certain actions. Attackers may impersonate
legitimate organizations or individuals to gain trust and convince
targets to disclose personal or financial information.
Example: A vishing attack may involve a fraudster calling individuals,

pretending to be a bank representative, and requesting their account details or
PIN numbers.
2. Phishing:
Phishing is a common social engineering vector that uses fraudulent
emails, messages, or websites to trick individuals into revealing sensitive
information or performing actions that compromise security. Attackers
often impersonate trusted entities, such as banks, social media
platforms, or government agencies.
Example: A phishing attack may involve sending an email that appears to be

from a popular online retailer, asking recipients to click on a link and provide
their login credentials to resolve an issue with their account.
3. Smishing (SMS Phishing):

Smishing is a social engineering vector that uses text messages (SMS) to
deceive individuals into providing sensitive information or clicking on
malicious links. Attackers may send SMS messages that appear to be from
legitimate sources, such as banks or service providers, to trick recipients.
Example: A smishing attack may involve sending a text message claiming to
be from a mobile service provider, asking recipients to click on a link and
update their account information.
3. Impersonation:
Impersonation is a social engineering tactic where attackers pretend to
be someone else to gain trust and manipulate individuals into sharing
sensitive information or performing actions. They may impersonate
colleagues, IT personnel, or trusted individuals to deceive their targets.
Example: An impersonation attack may involve an attacker posing as a

company executive, sending an email to an employee requesting urgent wire
transfer of funds to a specified account.
Distinguishing Between Real and Phishing Websites:

To distinguish between real and phishing websites, consider the following tips:
- Check the URL: Phishing websites may have URLs that are slightly different
or misspelled compared to legitimate websites. Look for any suspicious
variations in the domain name.
- Verify the SSL certificate: Legitimate websites often have SSL certificates,
indicated by a padlock symbol in the address bar. Click on the padlock to view
the certificate details and ensure it matches the website you expect.
- Be cautious of email or link redirects: Phishing websites may redirect you
from a legitimate-looking email or link to a fraudulent website. Avoid clicking
on suspicious links and manually type the website URL in your browser.
- Look for security indicators: Legitimate websites often have security
indicators, such as HTTPS in the URL and security logos or trust seals on the
page.
- Be wary of requests for sensitive information: Legitimate websites rarely ask
for sensitive information, such as passwords or Social Security numbers, via
email or unsolicited messages. Avoid providing such information unless you
are certain of the website’s authenticity.
Remember to stay vigilant, be cautious of unsolicited requests for information,

and report any suspicious activities to the relevant authorities or IT
department.
The dark web is a part of the internet that is not indexed by traditional search
engines and requires specific software, such as Tor, to access. While the dark
web itself is not inherently a social engineering vector, it can be used as a
platform for various illicit activities, including the exchange of stolen data,
illegal goods, and services.
Social engineering vectors can be present in various online platforms,

including the dark web. Here are a few examples of how social engineering
vectors can be utilized on the dark web:
1. Phishing Services: Some individuals or groups on the dark web may offer
phishing services, where they provide phishing kits or templates for creating
fraudulent websites or emails to trick individuals into revealing sensitive
information.
2. Credential Marketplaces: On the dark web, there are marketplaces where
stolen credentials, such as usernames and passwords, are bought and sold.
This information is often obtained through various social engineering
techniques, including phishing and impersonation.
3. Social Engineering Forums: Dark web forums or chat rooms may exist
where individuals discuss and share social engineering tactics, techniques, and
experiences. These platforms can provide a breeding ground for the exchange
of knowledge and collaboration on social engineering attacks.
It’s important to note that engaging in any illegal activities on the dark web is
against the law and can have severe consequences. Accessing the dark web
itself is not illegal, but it is crucial to exercise caution and prioritize
cybersecurity measures when navigating these hidden online spaces.
To protect yourself from social engineering attacks, regardless of the platform,

it is important to stay vigilant, be cautious of unsolicited requests for
information, and follow best practices such as verifying the authenticity of
websites, avoiding clicking on suspicious links, and regularly updating your
passwords.
Activity
Sure! Here’s some guidance on reviewing third-party access for accounts,
setting browser activity, and designing a security program to prevent social
engineering attacks:
1. Review Third-Party Access for Accounts:

2. To review third-party access for accounts, follow these steps:
- Identify all the third-party applications, services, or integrations that have

access to your accounts.
- Regularly review the permissions granted to these third-party entities and
assess whether they are still necessary.
- Remove access for any third-party applications or services that are no longer
needed or trusted.
- Consider implementing a centralized identity and access management
solution to have better control over third-party access.
3. Set Browser Activity:

4. To enhance browser security and privacy, consider the following
practices:
- Keep your browser up to date with the latest security patches and updates.
- Enable automatic updates for your browser to ensure you have the latest
security features.
- Disable or remove unnecessary browser extensions or plugins that may
introduce vulnerabilities.
- Configure your browser’s privacy settings to limit tracking and data
collection.
- Regularly clear your browser cache, cookies, and browsing history to remove
stored data.
- Be cautious when installing browser add-ons or accepting browser
notifications, as they may be used for social engineering or malicious
purposes.
3. Design a Security Program to Prevent Social Engineering Attacks:

To design a security program to prevent social engineering attacks, consider
the following steps:
- Conduct regular security awareness training for employees to educate them

about social engineering tactics and how to recognize and respond to potential
threats.
- Implement strong authentication mechanisms, such as multi-factor
authentication, to minimize the risk of unauthorized access.
- Develop and enforce strong password policies to ensure employees use
complex and unique passwords.
- Establish incident response procedures specifically tailored to address social
engineering incidents, including reporting channels, investigation processes,
and recovery steps.
- Regularly review and update security policies and procedures to address
emerging social engineering techniques.
- Conduct periodic social engineering tests or simulations to assess the
effectiveness of your security program and identify areas for improvement.
Remember, preventing social engineering attacks requires a combination of

technical measures, employee awareness, and ongoing vigilance. Regularly
assess and update your security program to adapt to evolving threats and
ensure the protection of your organization’s assets and data.
Module 6 – cybersecurity regulations
Cybersecurity regulations in Singapore are governed by the Cybersecurity

Act, which establishes a legal framework for the oversight and maintenance of
national cybersecurity. The act aims to ensure the protection of critical
information infrastructure and safeguard against cyber threats. Additionally,
there are specific regulations, such as the Cybersecurity (Critical Information
Infrastructure) Regulations, that provide guidelines for the protection of
critical information infrastructure.
On the other hand, the Personal Data Protection Act (PDPA) governs the
collection, use, and disclosure of personal data by organizations in Singapore.
Its objective is to safeguard individuals’ personal data and strike a balance
between organizations’ need to use data and individuals’ need for privacy. The
PDPA covers both electronic and non-electronic personal data and applies to
both personal and work activities.
To apply the PDPA to personal and work activities, individuals and

organizations need to ensure compliance with the data protection obligations
outlined in the act. These obligations include accountability, notification,
consent, purpose limitation, accuracy, protection, retention, transfer, access
and correction, data breach notification, and data portability.
When it comes to protecting personal data online, there are several best
practices to follow. Here are some essential tips:
1. Update privacy settings: Adjust the privacy settings on your browser and
online accounts to limit data collection and tracking.
2. Use strong passwords: Create unique and complex passwords for your
online accounts and consider using a password manager to securely store
them.
3. Enable two-factor authentication: Add an extra layer of security by
enabling two-factor authentication whenever possible.
4. Be cautious with sharing personal information: Only provide personal
information on trusted websites and be mindful of the information you share
on social media.
5. Regularly update software and devices: Keep your devices, operating
systems, and software up to date with the latest security patches and updates.
6. Use secure Wi-Fi networks: Avoid using public Wi-Fi networks for sensitive
activities, such as online banking or accessing personal accounts.
7. Be wary of phishing attempts: Be cautious of emails, messages, or calls
asking for personal information and avoid clicking on suspicious links.
8. Regularly back up your data: Back up important data regularly to protect
against data loss or ransomware attacks.
Remember, protecting personal data is a shared responsibility between

individuals and organizations. By practicing good cybersecurity habits and
staying informed about data protection measures, we can help ensure the
security of our personal information online.
Sources:
- Cybersecurity Act
- Personal Data Protection Act 2012
- PDPC – Personal Data Protection Commission Singapore
- How To Protect Your Privacy Online: 15 Essential Ways In 2024
- How to protect personal information online: A simplified guide – Norton™
- How To Protect Your Privacy Online In 8 Tips : Life Kit : NPR
Establishing sound and robust technology risk governance and oversight is

crucial for organizations to effectively manage technology risks. The board of
directors and senior management play a significant role in this process. They
need to have the necessary skills and understanding of technology risks and
should have distinct roles and responsibilities in managing these risks. The
objective is to ensure that there is a strong framework in place to govern and
oversee technology risks.
On the other hand, cyber resilience refers to an organization’s ability to
continue delivering intended outcomes despite experiencing challenging cyber
events, such as cyberattacks, natural disasters, or economic slumps. It
combines business continuity, information systems security, and
organizational resilience. The main goal of cyber resilience is to maintain an
appropriate state of cybersecurity preparedness to prevent or reduce
compromises of business functions. This includes continuous security
monitoring to identify and remediate attacks that cannot be blocked.
In summary, establishing sound and robust technology risk governance and

oversight is essential to effectively manage technology risks, while cyber
resilience focuses on maintaining business continuity and minimizing the
impact of cyber events. Both aspects are crucial for organizations to protect
their systems and data from cyber threats.
Sources:
- Technology Risk Management Guidelines – Monetary Authority of

Singapore
- What is Cyber Resilience? | IBM
- What Is Cyber Resilience? – Cisco
Certainly! Let’s take a look at a case study involving commission decisions.
Case Study: Commission Decision on Anti-Competitive Behavior
Background:
In this case, a commission is responsible for enforcing competition laws and
ensuring fair market practices. The commission received complaints
regarding anti-competitive behavior in the telecommunications industry. After
conducting an investigation, the commission found evidence of anti-
competitive practices by a dominant player in the market.
Commission Decision:
1. Identification of Anti-Competitive Behavior:

2. The commission identified that the dominant player engaged in anti-
competitive practices by abusing its market power. The company was
found to have engaged in predatory pricing, exclusive dealing, and
unfair bundling practices, which hindered competition and harmed
consumers.
3. Investigation and Evidence Gathering:
4. The commission conducted a thorough investigation, gathering evidence
through interviews, document reviews, and data analysis. They analyzed
market data, pricing strategies, and contractual agreements to establish
the anti-competitive behavior.
3. Statement of Objections:
Based on the evidence gathered, the commission issued a statement of
objections to the dominant player, outlining the specific anti-competitive
practices and their impact on the market. The company was given an
opportunity to respond and present its defense.
5. Hearing and Legal Proceedings:
6. A hearing was conducted where the dominant player presented its
arguments and evidence in defense. The commission carefully evaluated
the arguments and counterarguments presented by both parties.
5. Commission Decision:
6. After considering all the evidence and arguments, the commission made
its decision. It concluded that the dominant player had indeed engaged
in anti-competitive behavior and violated competition laws. The decision
included the following:
a. Fines and Penalties: The commission imposed significant fines
and penalties on the dominant player for its anti-competitive
practices. The fines were calculated based on the severity of the
violations and the company’s market share.
b. Remedial Measures: The commission ordered the dominant

player to cease the anti-competitive practices immediately. It also
imposed specific remedies, such as unbundling services and
ensuring fair pricing, to restore competition in the market.
c. Compliance Monitoring: The commission established a monitoring

mechanism to ensure that the dominant player complied with the decision.
Regular reporting and audits were required to verify the company’s
adherence to the prescribed remedies.
6. Appeals and Judicial Review:
The dominant player had the right to appeal the commission’s decision to a
higher court or seek a judicial review. The appeals process allowed for a
thorough review of the case and the commission’s decision.
Conclusion:
Commission decisions play a crucial role in enforcing competition laws and
promoting fair market practices. In this case study, the commission identified
anti-competitive behavior, conducted a thorough investigation, and made a
decision based on the evidence and arguments presented. The decision
included fines, penalties, and remedial measures to restore competition and
protect consumer interests.
Please note that this case study is fictional and provided for illustrative
purposes only.
Sources:
- European Commission – Competition

- Competition Commission of Singapore
Module 7 – incident preparedness and response

Incident preparedness and response refers to the actions and plans put in
place to effectively handle and manage various incidents or emergencies that
may occur. This includes both proactive measures to prevent incidents from
happening and reactive measures to respond to and mitigate the impact of
incidents that do occur.
Some key aspects of incident preparedness and response include:
1. Risk Assessment: Identifying potential risks and hazards that could lead to
incidents and assessing their likelihood and potential impact.
2. Emergency Planning: Developing comprehensive plans and procedures to
respond to different types of incidents, including evacuation plans,
communication protocols, and resource allocation.
3. Training and Education: Providing training and education to individuals
and teams involved in incident response, ensuring they have the necessary
knowledge and skills to effectively handle emergencies.
4. Communication and Coordination: Establishing clear lines of
communication and coordination among all stakeholders involved in incident
response, including emergency services, government agencies, and relevant
organizations.
5. Incident Response Drills and Exercises: Conducting regular drills and
exercises to test the effectiveness of incident response plans and identify areas
for improvement.
6. Incident Investigation and Lessons Learned: Conducting thorough
investigations of incidents to determine their causes and identify lessons
learned to prevent similar incidents in the future.
By implementing these measures, organizations and communities can enhance

their preparedness and response capabilities, minimize the impact of
incidents, and ensure the safety and well-being of individuals involved.
Preparing for incidents and adopting an assumed breach mindset is crucial
for several reasons:
1. Proactive Risk Mitigation: Incident preparedness allows organizations to
identify potential vulnerabilities and implement measures to mitigate risks
before they turn into actual incidents. By adopting an assumed breach
mindset, organizations assume that they will be breached at some point and
take proactive steps to minimize the impact.
2. Minimize Impact: Incidents can have significant consequences, including
financial losses, reputational damage, and disruption of operations. By
preparing for incidents, organizations can develop strategies and response
plans to minimize the impact and recover more quickly.
3. Timely Response: Incidents often require swift and coordinated action to
mitigate the damage. Being prepared ensures that organizations have the
necessary resources, protocols, and trained personnel in place to respond
effectively and minimize the duration and severity of the incident.
4. Compliance and Legal Requirements: Many industries have specific
compliance and legal requirements related to incident response and data
breach notification. Being prepared ensures that organizations meet these
obligations and avoid potential legal and regulatory consequences.
5. Stakeholder Trust: Incident preparedness demonstrates a commitment to
the safety and security of stakeholders, including customers, employees, and
partners. By taking proactive measures, organizations can build trust and
confidence among their stakeholders.
6. Continuous Improvement: Adopting an assumed breach mindset
encourages organizations to continuously assess and improve their security
posture. By regularly reviewing incident response plans, conducting drills,
and learning from past incidents, organizations can identify areas for
improvement and enhance their overall security resilience.
In summary, preparing for incidents and adopting an assumed breach

mindset allows organizations to be proactive, minimize the impact of
incidents, respond effectively, comply with legal requirements, build
stakeholder trust, and continuously improve their security posture.
Incident preparedness and response in organizations involves a
comprehensive approach to handling incidents effectively. Here are the key
components and steps involved in incident response:
1. Preparation:
- Develop an Incident Response Plan (IRP): Create a documented plan that
outlines the roles, responsibilities, and procedures for responding to incidents.
- Establish an Incident Response Team (IRT): Identify and train a team of
individuals who will be responsible for coordinating and executing the
incident response efforts.
- Conduct Risk Assessments: Identify potential risks and vulnerabilities within
the organization’s systems, networks, and processes.
- Implement Security Controls: Put in place technical and procedural controls
to prevent and detect incidents, such as firewalls, intrusion detection systems,
and employee awareness training.
2. Detection and Analysis:
- Implement Monitoring Systems: Deploy security monitoring tools to detect
and alert on potential security incidents, such as intrusion detection systems
(IDS) and security information and event management (SIEM) systems.
- Establish Incident Triage Process: Develop a process for quickly assessing
and prioritizing incoming incident alerts or reports.
- Conduct Forensic Analysis: Gather and analyze evidence related to the
incident to determine the cause, extent, and impact of the incident.
3. Containment and Eradication:
- Isolate Affected Systems: Take immediate action to isolate or disconnect
compromised systems from the network to prevent further spread of the
incident.
- Remove Malicious Code or Access: Identify and remove any malicious code,
malware, or unauthorized access from affected systems.
- Patch Vulnerabilities: Apply necessary patches and updates to address any
vulnerabilities that were exploited during the incident.
4. First Incident Recovery:

- Restore Systems and Data: Recover affected systems and restore data from
backups or other sources.
- Validate System Integrity: Ensure that the restored systems are free from
any malicious code or unauthorized access.
- Test System Functionality: Verify that the recovered systems are functioning
properly and are ready to be put back into production.
5. Incident Response Checklist:
- Develop a checklist that outlines the specific steps and actions to be taken
during each phase of the incident response process.
- Include contact information for key personnel, external parties (such as law
enforcement or incident response vendors), and any necessary tools or
resources.
6. Incident Response Simulation:
- Conduct regular incident response simulations or tabletop exercises to test
the effectiveness of the incident response plan and identify areas for
improvement.
- Simulate different types of incidents to ensure that the response team is
prepared to handle a variety of scenarios.
- Document lessons learned and update the incident response plan based on
the outcomes of the simulations.
Remember, incident response is an ongoing process that requires continuous

monitoring, evaluation, and improvement. By being well-prepared,
organizations can effectively respond to incidents, minimize the impact, and
recover quickly.
Module 6 – cybersecurity regulations

Cybersecurity regulations play a crucial role in safeguarding personal data
and ensuring the privacy and security of individuals. One such regulation is
the Personal Data Protection Act (PDPA). Here’s an overview of PDPA, its
objectives, how it works, and its application to personal and work activities:
1. Objectives of Securing Personal Data:

- Protecting individuals’ personal data from unauthorized access, use, or
disclosure.
- Establishing accountability and transparency in the handling of personal
data.
- Giving individuals control over their personal data and the right to access
and correct it.
- Promoting public trust and confidence in organizations’ handling of personal
data.
2. How PDPA Works:
- Consent: Organizations must obtain individuals’ consent before collecting,
using, or disclosing their personal data, except in specific circumstances.
- Purpose Limitation: Personal data should only be collected for specific
purposes and used or disclosed only for those purposes.
- Data Protection Obligations: Organizations are required to implement
reasonable security measures to protect personal data from unauthorized
access, use, or disclosure.
- Access and Correction: Individuals have the right to access their personal
data held by organizations and request corrections if necessary.
- Data Breach Notification: Organizations must notify affected individuals
and the relevant authorities in the event of a data breach that poses a risk of
significant harm.
3. Applying PDPA to Personal and Work Activities:
- Personal Activities: Individuals should be mindful of the personal data they
share online and take steps to protect their privacy, such as using strong
passwords, enabling two-factor authentication, and being cautious while
sharing personal information on social media platforms.
- Work Activities: Organizations must ensure compliance with PDPA by
implementing data protection policies and practices, conducting regular data
protection training for employees, and implementing technical measures to
secure personal data, such as encryption and access controls.
4. Protecting Personal Data Online:
- Use Strong Passwords: Create unique and complex passwords for online
accounts and consider using a password manager.
- Enable Two-Factor Authentication (2FA): Use 2FA whenever possible to add
an extra layer of security to online accounts.
- Be Cautious with Personal Information: Avoid sharing sensitive personal
data on public platforms or with untrusted sources.
- Regularly Update Software and Devices: Keep software, applications, and
devices up to date with the latest security patches to protect against
vulnerabilities.
- Use Secure Networks: Avoid using public Wi-Fi networks for sensitive
transactions and consider using a virtual private network (VPN) for added
security.
5. MAS TRM and Cyber Resilience:

- The Monetary Authority of Singapore (MAS) Technology Risk Management
(TRM) guidelines provide a framework for financial institutions to establish
sound and robust technology risk governance and oversight.
- It emphasizes the importance of identifying, assessing, and managing
technology risks, including cybersecurity risks.
- Organizations are required to implement measures to maintain cyber
resilience, including regular risk assessments, incident response plans,
employee training, and third-party risk management.
By understanding and complying with regulations like PDPA, individuals and
organizations can protect personal data, maintain privacy, and enhance
cybersecurity resilience. It is essential to stay informed about the evolving
cybersecurity landscape and adopt best practices to mitigate risks effectively.

Cyber Security

Uploaded by

Copyright:

Available Formats

Cyber Security

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Security

Uploaded by

Copyright:

Available Formats

Module 1: Introduction to cyber security

Absolutely, Rishi! The internet is indeed a sea of both opportunities and

1. Hackers: These are individuals who gain unauthorized access to

Source: GeeksforGeeks, MUO, EC-Council

Absolutely, these are often referred to as the CIA triad in cybersecurity, a

1. Confidentiality: This is about preventing unauthorized access to

These three principles form the cornerstone of any organization’s information

It’s important to stay vigilant and take necessary precautions to protect

Example – Spear Phishing Attack:

Let’s say a cybercriminal targets a specific company. They start by gathering

Sure! Let’s take a look at a case study on cyber security goals in an

Case study on cyber security goals on organisation

Case Study: XYZ Corporation Cyber Security Goals

XYZ Corporation is a global technology company that specializes in

1. Protecting Customer Data: One of the primary goals of XYZ Corporation is

By setting these cyber security goals and implementing appropriate measures,

Source: Adapted from personal knowledge and experience.

Here are some recent security incidents affecting organizations in Singapore

1. Phishing and Ransomware Attacks: The Cyber Security Agency of

By mapping these recent security incidents to cyber security goals,

1. Phishing and Ransomware Continue to Pose Significant Risks to

1. Reconnaissance: In this initial stage, attackers gather information about

- MITRE ATT&CK Framework

Security controls are measures implemented to protect systems, networks, and

- Access Controls: Access controls restrict user access to systems, networks,

It’s important to note that security controls should be implemented in layers

Remember, security controls should be regularly reviewed, updated, and

These security controls work together to create a layered defense system,

- National Institute of Standards and Technology (NIST)

1. Identify Assets: Begin by identifying the critical assets within your

Remember, the goal of threat modeling is to proactively identify and address

1. Reconnaissance: During this stage, attackers gather information about

2. Weaponization: In this stage, attackers create or obtain malicious tools

4. Delivery: Attackers deliver the weaponized payload to the target.

- Regularly applying security patches and updates to systems and software to

4. Installation: Attackers install malware or establish a foothold within the

5. Command and Control: Attackers establish communication channels

- Implementing network traffic monitoring and analysis tools to detect and

6. Actions on Objectives: Attackers achieve their goals, such as data

Remember, the effectiveness of security controls may vary depending on the

1. Complexity: Use a mix of letters, numbers, and special characters. Try to

Remember, maintaining good password security is a key part of protecting

your online identity and personal information. Stay safe online! 😊

Brute force attack

1. Use complex passwords: As mentioned before, complex and long passwords

Source: Fortinet, CrowdStrike, Splunk, Kaspersky, OWASP Foundation

Password strength is a measure of the effectiveness of a password in resisting

Multifactor authentication (MFA)

Multifactor authentication (MFA), also known as two-factor authentication

By combining multiple factors, multifactor authentication significantly

Here’s how multifactor authentication typically works:

1. You enter your username and password as the first factor.

Enabling multifactor authentication adds an extra layer of protection against

Remember to choose strong and unique passwords in combination with

Source: Personal knowledge

To protect against brute force attacks, it’s important to:

1. Use complex passwords: As mentioned before, complex and long passwords

Source: Fortinet, CrowdStrike, Splunk, Kaspersky, OWASP Foundation

Account security is essential to protect your personal information and prevent

1. Strong and Unique Passwords: Use complex passwords that include a