Cyber security

Mrs. V. Nikitha
Course Objectives:
· To familiarize various types of cyber-attacks and cyber crimes
· To give an overview of the cyber laws
· To study the defensive techniques against these attacks

Course Outcomes:
• The students will be able to understand cyber-attacks, types of
cybercrimes,cyber laws and also how to protect them self and
ultimately the entire Internet community from such attacks.
UNIT 1
 UNIT 1
TOPICS

Introduction to Cyber Security:

1. Basic Cyber Security Concepts

2. layers of security
3. Vulnerability
4. Threat
5. Harmful acts
6. Internet Governance – Challenges and Constraints
7. Computer Criminals
8. CIA Triad
9. Assets and Threat
10. Motive of attackers
11. Active attacks
12. Passive attacks
 UNIT 1
TOPICS

Introduction to Cyber Security:

13. Software attacks

14. Hardware attacks
15. Spectrum of attacks
16. Taxonomy of various attacks
17. IP spoofing
18. Methods of defense
19. Security Models
20. Risk management
21. Cyber Threats-Cyber Warfare
22. Cyber Crime
23. Cyber terrorism
24. Cyber Espionage, etc.,
25. Comprehensive Cyber Security Policy.
 1. Basic Cyber Security Concepts

What is Cyberspace?
• The interdependent network of information
technology infrastructures, which includes the
Internet, telecommunications networks, computer
systems, and embedded processors and controllers.
• First coined in William Gibson’s novel
“Neuromancer”, the term Cyberspace is used to
describe the range of information resources
available through computer networks.
 1. Basic Cyber Security Concepts

Cyber Security Challenges

• Cyberspace has intrinsic vulnerabilities that can not be evacuated
• Innumerable entry points to internet
• Assigning attribution: Internet technology makes it relatively easy
to misdirect attribution to other parties
• Computer Network Defense techniques, tactics and practices
largely protect individual systems and networks rather than critical
operations (missions)
• Attack technology outpacing defense technology
• Nation states, non-state actors, and individuals are at a peer level,
all capable of waging attacks
 1. Basic Cyber Security Concepts

10 Steps to Cyber Security

1. Network Security Protect your networks against external and

internal attack. Manage the network primer. Filter out
unauthorised access and malicious contents. Monitor and test
security controls.
2. Malware Protection Produce relevant policy and establish anti -
malware defences that are applicable and relevant to all business
areas. Scan for malware across the Orgn.
3. Monitoring Establish a monitoring strategy and produce supporting
policies. Continuously monitor all ICT system and networks.
Analyse logs for unusual activity that could indicate an attack.
 1. Basic Cyber Security Concepts

4. Incident Management Establish an incident response and

disaster recovery capability. Produce and test incident
management plans. Provide specialist training to the incident
management team. Report criminal incidents to law
enforcement.
5. User Education and Awareness Produce user policies covering
acceptable and secure use of the organisation’s systems.
Establish a staff training programme. Maintain user awareness
of the cyber risks.
6. Home and Mobile Working Develop a mobile working policy
and train staff to adhere to it. Apply the secure baseline to all
devices. Protect data both in transit and at rest.
 1. Basic Cyber Security Concepts

7. Secure Configuration Apply security patches and ensure that

the secure configuration of all ICT systems is maintained.
Create a system inventory & define a base line build for all ICT
devices.
8. Removable Media Controls Produce a policy to control all
access to removable media. Limit media types and use. Scan all
media for malware before imported on the corporate system.
9. Managing User Privileges Establish account management
processes and limit the number of privileged accounts. Limit
user privileges and monitor user activity. Control access to
activity and audit logs.
10. Information Risk Management Regime Establish an effective
governance structure and determine your risk appetite.
Maintain boards engagement with cyber risk. Produce
supporting information risk management policies.
2 layers of security
 2 layers of security

The 7 layers of cybersecurity should center on the mission critical assets you are
seeking to protect.
1. Mission Critical Assets – This is the data you need to protect*
2. Data Security – Data security controls protect the storage and transfer of
data.
3. Application Security – Applications security controls protect access to an
application, an application’s access to your mission critical assets, and the
internal security of the application.
4. Endpoint Security – Endpoint security controls protect the connection
between devices and the network.
5. Network Security – Network security controls protect an organization’s
network and prevent unauthorized access of the network.
6. Perimeter Security – Perimeter security controls include both the physical
and digital security methodologies that protect the business overall.
7. The Human Layer – Humans are the weakest link in any cybersecurity
posture. Human security controls include phishing simulations and access
management controls that protect mission critical assets from a wide variety
of human threats, including cyber criminals, malicious insiders, and negligent
users.
 3 Vulnerability

• There are a many definitions of vulnerability:

• National Institute of Standards and Technology
(NIST): Weakness in an information system, system security
procedures, internal controls, or implementation that could be
exploited or triggered by a threat source.
• ISO 27005: A weakness of an asset or group of assets that can
be exploited by one or more cyber threats where an asset is
anything that has value to the organization, its business
operations and their continuity, including information
resources that support the organization's mission.
• IETF RFC 4949: A flaw or weakness in a system's design,
implementation, or operation and management that could be
exploited to violate the system's security policy.
There are the 5 cyber security vulnerabilities

• 1. Substandard backup and recovery

• 2. Weak authentication management
• 3. poor network monitoring
• 4. end – user errors and/or misuses
• 5. inadequate end point security
 3 Vulnerability

• There are many causes of vulnerabilities including:

• Complexity: Complex systems increase the probability of a flaw, misconfiguration or unintended
access.
• Familiarity: Common code, software, operating systems and hardware increase the probability
that an attacker can find or has information about known vulnerabilities.
• Connectivity: The more connected a device is the higher the chance of a vulnerability.
• Poor password management: Weak passwords can be broken with brute force and reusing
passwords can result in one data breach becoming many.
• Operating system flaws: Like any software, operating systems can have flaws. Operating
systems that are insecure by default and give all users full access can allow viruses and malware
to execute commands.
• Internet usage: The Internet is full of spyware and adware that can be installed automatically
on computers.
• Software bugs: Programmers can accidentally or deliberately leave an exploitable bug in
software.
• Unchecked user input: If your website or software assume all input is safe it may execute
unintended SQL commands.
• People: The biggest vulnerability in any organization is the human at the end of the system. 
Social engineering is the biggest threat to the majority of organizations. 
 3 Vulnerability

What is vulnerability management?

• Vulnerability management is a cyclical practice

of identifying, classifying, remediating and
mitigating security vulnerabilities.

• The essential elements of vulnerability

management include vulnerability detection, 
vulnerability assessment and remediation (or)
Mitigation.
 3 Vulnerability

Once a vulnerability is found, it goes through the vulnerability

assessment process:
• Identify vulnerabilities: Analyzing network scans, pen test
results, firewall logs, and vulnerability scan results to find
anomalies that suggest a cyber attack could take advantage of
a vulnerability.
• Verify vulnerabilities: Decide whether the identified
vulnerability could be exploited and classify the severity of the
exploit to understand the level of risk
• Mitigate vulnerabilities: Decide on countermeasures and how
to measure their effectiveness in the event that a patch is not
available.
• Remediate vulnerabilities: Update affected software or
hardware where possible.
 3 Vulnerability

• What is vulnerability scanning?

• A vulnerability scanner is software designed to
assess computers, networks or applications for
known vulnerabilities. They can identify and
detect vulnerabilities rising from
misconfiguration and flawed programming
within a network and perform authenticated
and unauthenticated scans.
 3 Vulnerability

• Penetration testing, also known as pen testing or e

thical hacking
, is the practice of testing an information
technology asset to find security vulnerabilities an
attacker could exploit. Penetration testing can be
automated with software or performed manually.
• Either way, the process is to gather information
about the target, identify possible vulnerabilities
and attempt to exploit them and report on the
findings. 
 3 Vulnerability

• Vulnerabilities can be classified into six broad categories:

• Hardware: Susceptibility to humidity, dust, soiling, natural disaster, poor encryption or
firmware vulnerability.
• Software: Insufficient testing, lack of audit trail, design flaws, memory safety violations
(buffer overflows, over-reads, dangling pointers), input validation errors (code injection,
cross-site scripting (XSS), directory traversal, email injection, format string attacks, HTTP
header injection, HTTP response splitting, SQL injection), privilege-confusion bugs
(clickjacking, cross-site request forgery, FTP bounce attack), race conditions (symlink races,
time-of-check-to-time-of-use bugs), side channel attacks, timing attacks and user interface
failures (blaming the victim, race conditions, warning fatigue).
• Network: Unprotected communication lines, man-in-the-middle attacks, insecure network
architecture, lack of authentication or default authentication.
• Personnel: Poor recruiting policy, lack of security awareness and training, poor adherence
to security training, poor password management or downloading malware via email
attachments.
• Physical site: Area subject to natural disaster, unreliable power source or no keycard access.
• Organizational: Lack of audit, continuity plan, security or incident response plan.
 4 Threat

• A cyber or cyber security threat is a malicious act that seeks

to damage data, steal data, or disrupt digital life in general.
Cyber threats include computer viruses, data breaches,
Denial of Service (DoS) attacks and other attack vectors.
• Cyber threats also refer to the possibility of a successful 
cyber attack that aims to gain unauthorized access, damage,
disrupt, or steal an information technology asset, computer
network, intellectual property or any other form of 
sensitive data. Cyber threats can come from within an
organization by trusted users or from remote locations by
unknown parties. 
 4 Threat
2. What are examples of cyber threats?
• Common cyber threats include:
• Malware: Malware is software that does malicious tasks on a device or
network such as corrupting data or taking control of a system.
• Spyware: Spyware is a form of malware that hides on a device providing
real-time information sharing to its host, enabling them to steal data like
bank details and passwords.
• Phishing attacks: Phishing is when a cybercriminal attempts to lure
individuals into providing sensitive data such as 
personally identifiable information (PII), banking and credit card details
and passwords.
• Distributed denial of service (DDoS) attacks: Distributed denial of service
attacks aim to disrupt a computer network by flooding the network with
superfluous requests to overload the system and prevent legitimate
requests being fulfilled.
• Ransomware: Ransomware is a type of malware that denies access to a
computer system or data until a ransom is paid.
 4 Threat

4. How to protect against and identify cyber threats

• By studying the triad of actors, it becomes possible to make informed strategic,
operation and tactical assessments: 
• Strategic assessments: Informs decision makers on broad and long-term issues,
as well as providing timely warnings of threats. Strategic cyber threat intelligence
forms a view of the intent and capabilities of malicious cyber attackers and what
cyber threats they could pose.
• Operational assessments: Target potential incidents related to events,
investigations or activities and provide guidance about how to respond to them
e.g. what to do when a computer is infected with malware.
• Tactical assessments: Real-time assessment of events, investigations and
activities that provide day-to-day support.
• Properly applied cyber threat intelligence provides insights into cyber threats and
promotes a faster more targeted response. It can assist decision makers in
determining acceptable cybersecurity risks, controls and budget constraints in
equipment and staffing, and support incident response and post-incident
response activities.
5 ways to stop network security threats

• 1. Boost physical security

• 2. Educate Your Employees About Security
Measures
• 3. Reinforce Your Security Access Control 
• 4. Use Network Protection Measures 
• 5. Install Network Monitoring Software
 5 Harmful acts

• This is general term that covers crimes such as

phishing, spoofing, DoS (Denial of
Service) attack, credit card fraud, online
transaction fraud, cyber defamation, child
pornography, kidnapping a person using chat
rooms, stalking a person using Internet as
medium, unauthorised access
to computer system, cyber terrorism.
 6 Internet Governance – Challenges and Constraints

• “Internet governance is the development and

application of shared principles, norms, rules,
decision-making procedures, and programs that
shape the evolution and use of the Internet”
• Internet governance includes activities of a
variety of stakeholders, including governments,
private and civil society organizations.
• It is characterized by “shared global ownership
without central control, innovations based on
open and interoperable frameworks”.
 7 Computer Criminals

• Computer crime is an act performed by a

knowledgeable computer user, sometimes
referred to as a hacker that illegally browses
or steals a company's or individual's private
information. In some cases, this person or
group of individuals may be malicious and
destroy or otherwise corrupt the computer or
data files
 8 CIA Triad

• There are three key concepts, known as the CIA

triad, which anyone who protects an information
system must understand:
confidentiality, integrity, and availability.
• Information security professionals are dedicated to
ensuring the protection of these principals for each
system they protect.
• Additionally, there are three key concepts that
security professionals must understand to enforce
the CIA principles properly:
Authentication,authorization and non repudiation.
 Authentication Factors
• 1. Knowledge factor
• 2. ownership factor
• 3. Inherence factor
 8 CIA Triad

• Authorization as “access privileges granted to a

user, program, or process.”
• After a secure system authenticates users, it must
also decide what privileges they have.
• For instance, an online banking application will
authenticate a user based on his or her
credentials, but it must then determine the
accounts to which that user has access.
• Additionally, the system determines what actions
the user can take regarding those accounts, such
as viewing balances and making transfers.
 8 CIA Triad

• Authentication as a “security measure designed

to establish the validity of a transmission,
message, or originator, or a means of verifying
an individual’s authorization to receive specific
categories of information.”
• Eg:
fingerprint scan and a personal identification
number (PIN) is, as it validates something the
user is (the owner of that fingerprint) and
something the user knows (a PIN).
 8 CIA Triad

• Nonrepudiation:
“assurance the sender of data is provided
with proof of delivery and the recipient is
provided with proof of the sender’s identity, so
neither can later deny having processed the
data.”
 8 CIA Triad

C: Confidentiality:
• Confidentiality as “assurance that information is not
disclosed to unauthorized individuals, processes, or
devices.”
• First, the information must have protections
capable of preventing some users from accessing it.
• Second, limitations must be in place to restrict
access to the information to only those who have
the authorization to view it.
• Third, an authentication system must be in place to
verify the identity of those with access to the data.
 8 CIA Triad

• One way to protect information is by storing it in a private

location or on a private network that is limited to those who
have legitimate access to the information.
• If a system must transmit the data over a public network,
organizations should use a key that only authorized parties know
to encrypt the data.
• For information traveling over the Internet, this protection could
mean using a virtual private network (VPN), which encrypts all
traffic between endpoints, or using encrypted e-mail systems,
which restrict viewing of a message to the intended recipient.
• If confidential information is physically leaving its protected
location (as when employees transport backup tapes between
facilities), organizations should encrypt the data in case it falls
into the hands of unauthorized users.
 8 CIA Triad

• Confidentiality of digital information also requires controls in

the real world.
• Shoulder surfing, the practice of looking over a person’s
shoulder while at his or her computer screen, is a
nontechnical way for an attacker to gather confidential
information.
• Physical threats, such as simple theft, also threaten
confidentiality.
• The consequences of a breach of confidentiality vary
depending on the sensitivity of the protected data.
• A breach in credit card numbers, as in the case of the
Heartland Payment Systems processing system in 2008, could
result in lawsuits with payouts well into the millions of
dollars.
 8 CIA Triad

• Integrity In the information security real, integrity normally

refers to data integrity, or ensuring that stored data are
accurate and contain no unauthorized modifications.
• The National Information Assurance Glossary (NIAG)
defines integrity as follows:
Quality of an IS (Information System) reflecting the logical
correctness and reliability of the operating system; the logical
completeness of the hardware and software implementing
the protection mechanisms; and the consistency of the data
structures and occurrence of the stored data.
• Note that, in a formal security mode, integrity is
interpreted more narrowly to mean protection against
unauthorized modification or destruction of information.
 8 CIA Triad

• Software flaws and vulnerabilities can lead to

accidental losses in data integrity and can open
a system to unauthorized modification.
• Programs typically tightly control when a user
has read-to-write access to particular data, but
a software vulnerability might make it possible
to circumvent that control.
• For example, an attacker can exploit a
Structured Query Language (SQL) injection
vulnerability to extract, alter, or add
information to a database
 8 CIA Triad

• Disrupting the integrity of data at rest or in a

message in transit can have serious consequences.
• If it were possible to modify a funds transfer
message passing between a user and his or her
online banking website, an attacker could use that
privilege to his or her advantage.
• The attacker could hijack the transfer and steal the
transferred funds by altering the account number of
the recipient of the funds listed in the message to
the attacker’s own bank account number.
• Ensuring the integrity of this type of message is vital
to any secure system.
 8 CIA Triad

• Availability Information systems must be accessible to

users for these systems to provide any value. If a system
is down or responding too slowly, it cannot provide the
service it should.
• Availability is defined as “timely, reliable access to data
and information services for authorized users.”
• Attacks on availability are somewhat different from those
on integrity and confidentiality.
• The best-known attack on availability is a denial of
service (DoS) attack.
• A DoS can come in many forms, but each form disrupts a
system in a way that prevents legitimate users from
accessing it.
 8 CIA Triad

• Understanding the components of the CIA triad and

the concepts behind how to protect these principals
is important for every security professional.
• Each component acts like a pillar that holds up the
security of a system. If an attacker breaches any of
the pillars, the security of the system will fall.
• Authentication, authorization, and nonrepudiation
are tools that system designers can use to maintain
these pillars.
• Understanding how all of these concepts interact
with each other is necessary to use them effectively.
 9 Assets and Threat

• In information security, computer
security and network security, an asset is any data,
device, or other component of the environment
that supports information-related activities. Assets
generally include hardware (e.g. servers and
switches), software (e.g. mission critical
applications and support systems) and confidential
information. Assets should be protected from illicit
access, use, disclosure, alteration, destruction,
and/or theft, resulting in loss to the organization.
 10 Motive of attackers

• The motivations for cyber criminals can be

quite simple. The two that make up the huge
majority are money and information.
According to a Verizon Enterprise report,
financial and espionage-driven motivation
make up a full 93% of motivation for attacks.
 11. Active Attacks

• An active attack is probing the network.

• They gather information like IP addresses, OS
type & version etc.
• In computer security, persistent attempt to
introduce invalid data into a system to damage
the data.
• It is treated as a criminal offense in many
countries.
• In active attack types:
• 1. Masquerade
• 2.Replay attack
• 3. Data modification
• 4. Denial of service
 11. Active Attacks

Two phases

Phase 1: Scanning & Scrutinizing gathered

information

Phase 2: Launching the attack.

 11. Active Attacks

Phase 1: Scanning & Scrutinizing gathered

information
1. Scanning:
It is a key step to examine intelligently while
gathering information bout the target.
2. Scrutinizing(inspecting):
It is a phase called enumeration in the hacking
world. The objective behind this step is to identify.
 11. Active Attacks

Steps: Scanning
1. Port Scanning:
Identify open/close ports & services.
2. Network scanning:
Understand IP addresses & related information
about the computer network system.
3. Vulnerability scanning:
Understand the existing weaknesses in the system.
 11. Active Attacks

Steps: Scrutinizing (inspecting)

1. The valid user accounts or groups.

2. Network resources and/or shared resources.
3. OS & different applications that are running
on the OS.
 11. Active Attacks

Steps: Launching the attack

1. Crack the password.

2. Exploit the privileges.
3. Execute the malicious command/applications.
4. Hide the files
5. Cover the tracks-delete access logs,so that
there is no trail illicit activity.
 12. Passive Attacks

 Involves gathering information about a target

without his/her knowledge.eg: googling a
person
Surfing online community groups like
orkut/facebook to gain information about
individual.
Attempt to steal information stored in a
system by electronic wiretapping or similar
means.
Passive attack types:
1. Release of the content(Eavesdropping)
2. Traffic analysis
 12. Passive Attacks

 Organization website may provide a personnel

directory or information about key employees.

Network sniffing is a passive attack to get

useful information like IP, hidden servers or
networks.

Tools used are google earth,WHOIS, Nslookup

(name server lookup),Dnsstuff,eMailTrackerPro &
Website Watcher.
 13 Software attacks

• Denial-of-service (DoS) and distributed denial-of-

service (DDoS) attacks. ...
• Man-in-the-middle (MitM) attack. ...
• Phishing and spear phishing attacks. ...
• Drive-by attack. ...
• Password attack. ...
• SQL injection attack. ...
• Cross-site scripting (XSS) attack. ...
• Eavesdropping attack.
13 Software attacks
 Software Attacks
• Common malware examples:
• Virus: A virus is a program that attempts to
damage a computer system and replicate itself
to other computer systems.
• Worm: A worm is a self-replicating program that
can be designed to do any number of things,
such as delete files or send documents via e-
mail. A worm can negatively impact network
traffic just in the process of replicating itself.
• Trojan horse :A Trojan horse is a malicious
program that is disguised as legitimate software.
• Logic Bomb :A Logic Bomb is malware that lies
dormant until triggered.
 14 Hardware attacks

• Manufacturing backdoors, for malware or

other penetrative purposes; backdoors aren't
limited to software and hardware, but they
also affect embedded radio-frequency
identification (RFID) chips and memory.
Eavesdropping by gaining access to protected
memory without opening other hardware
15 Spectrum of attacks
16 Taxonomy of various attacks
AVOIDIT
 17 IP spoofing

• Spoofing is a specific type of cyber-attack in which

someone attempts to use a computer, device, or
network to trick other computer networks by
masquerading as a legitimate entity. It's one of
many tools hackers use to gain access to computers
to mine them for sensitive data, turn them into
zombies (computers taken over for malicious use),
or launch Denial-of-Service (DoS) attacks. Of the
several types of spoofing, IP spoofing is the most
common.
 19 Security Models

• A security model in an information system are

the set of procedures to evaluate and
authenticate security policies in order to map
the intellectual goals of the policy to
an information system by specifying explicit
data structures and techniques necessary to
implement the security policy
 20. Risk Management

Risk management is comprised of a set of

coordinated activities for overseeing &
controlling risks.

Three factors are needed to explore risk

management.
1. Risk assessment
2. Risk treatment
3. Risk control
 20. Risk Management

1. Risk assessment:
 The given cloud environment is analyzed to
identify potential vulnerabilities and shortcomings
that threats can exploit in the risk assessment stage.
 The cloud consumers can ask the potential cloud
provider for statistics & other information about
past attacks ( both successful & unsuccessful)
carried out in its cloud.
 The identified risks are quantified & qualified
according to the probability of occurrence & the
degree of impact.
 20. Risk Management

1. Risk treatment:
 Mitigation policies & plans are designed during the
risk treatment stage with the intent of successfully
treating the risks that were discovered.
 Some risks are eliminated, some can be mitigated
while others can be dealt with by outsourcing or
even incorporated into insurance or operating loss
budgets.
 The cloud provider itself may agree to assume
responsibility as part of its contractual obligations.
 20. Risk Management

1. Risk control:

 It is like risk monitoring which is a 3 step process

that is comprised of:

• surveying related events

• reviewing these events to determine the effectiveness of
previous assessments
• treatments & identifying any policy adjustment needs.
 21 Cyber Threats-Cyber Warfare

• Cyber warfare involves the actions by a nation-state or

international organization to attack and attempt to damage
another nation's computers or information networks through, for
example, computer viruses or denial-of-service attacks.

• Examples:
• Any of the most common methods of cyber misconduct,
including infecting a computer system with malware, holding it
hostage with ransomware, disabling it with a flood of messages
(also-called denial of service attack) or hacking data for the
purpose of espionage.
 21 Cyber Threats-Cyber Warfare

• What is the main purpose of cyber warfare?

Cyberwarfare refers to the use of digital attacks -- like computer viruses
and hacking -- by one country to disrupt the vital computer systems of
another, with the aim of creating damage, death and destruction.
• Top 10 Countries Best Prepared Against Cyber Attacks
• USA. The United States of America is one of the countries that is
experiencing a huge amount of cyber attacks each year. ...
• Israel. ...
• Russia. ...
• Canada. ...
• United Kingdom. ...
• Malaysia. ...
• China. ...
• France.
 22 Cyber Crime

• Cybercrime is an illegal behaviour directed by

means of electronic operations that targets the
security of computer systems & data processed
by them.
• They are also called as,
– Computer related crime
– Internet crime
– E-crime
– High tech crime
 22 Cyber Crime

More Definitions
• It is a crime committed using a computer &
internet to steal a persons identity.
• Crimes completed either on or with a computer
• Any illegal activity done through internet or on
the computer.
• All criminal activities done using internet,
cyberspace & www.
• Any criminal activity which uses network access
to commit a criminal act.
 Types of Cybercrime
• 1. Hacking
• 2. Child pornography
• 3.Child grooming
• 4.Copyright infringement
• 5.Money laundering
• 6. Cyber-extortion
 23 Cyber terrorism

• Was coined by Barry Collin a senior research

fellow at institute for security & intelligence in
in carlifornia in the year 1997.
• Cyberterrorism is the premeditated,politically
motivated attack against
information,computer systems, computer
programs & data which result in violence by
secret agents.
 24 Cyber Espionage

• Cyber espionage is a form of cyber attack that

steals classified, sensitive data or intellectual
property to gain an advantage over a competitive
company or government entity.
• The primary intent of cyber espionage is to steal
classified information from government agencies or
trade secrets from corporations. ... These states
engage in deliberate efforts to obtain sensitive
business and technology information.
 Definition
The act or practice of obtaining
secrets without the permission of
the holder of the information.
Individuals, Competitors,etc.
Credit card, Bank Information, etc.
 Ways to get Through
Methods on the Internet
Through networks or Individual
computers
Cracking Techniques
Malicious software
Trojan horses
Spyware
 Work Uses
Military
Used to spy on other countries
Security Field
Learn to block attacks
Learn about viruses
Business
Spy on competitors
 18 Methods of defense
• Data protection – Data protection
methods include data at rest encryption,
hashing, secure data transmission and
encrypted backups.
• Perimeter defenses – Network perimeter defe
nses include firewalls, intrusion detection
systems and intrusion prevention systems.
 25 Comprehensive Cyber Security Policy.

• What is a Comprehensive IT Security

Policy? ... A comprehensive IT security
policy is essentially a battle plan that guides
your organization, ensuring that your data and
network is guarded from
potential security threats. Think of it as a link
between your people, processes, and
technology.