Cyber safety

Lecture №8
Plan:

•1.Security risks of information and their classification. Industry of

cybersafety.
•2.Cybersafety and control of the Internet. Malicious applications.
Measures and means of information protection.
•3.Standards and specifications in information security field. The acts
of the Republic of Kazakhstan governing legal relations in the sphere of
information security. Digital signature. Encoding.
Aim of the lecture:
•to give an idea of legal regulation that covers the information
security.
•Having studied this session the student will be able to:
• Identify the types of computer threats that you may meet with the
software and hardware of your computers
• Take safety precautions to minimize threats to your computer
• Identify and solve privacy issues
• Understand the legal regulations related to cyber safety
A list of possible attacks
• Record keystrokes and steal passwords.
• Send spam and phishing emails.
• Harvest and sell email addresses and passwords.
• Access restricted or personal information on your computer or other
systems that you have access to.
•
A list of possible attacks
• Illegally distribute music, movies and software.
• Distribute child pornography.
• Infect other systems.
• Hide programs that launch attacks on other computers.
• Generate large volumes of traffic, slowing down the entire system.
The cybersafety industry
The cybersafety industry, also known as the cybersecurity industry, is a
rapidly growing field that focuses on protecting systems, networks,
and programs from digital attacks². It aims to safeguard individuals'
and organizations' systems, applications, computing devices, sensitive
data, and financial assets
The industry includes a wide range of solutions such as
• antivirus software,
• firewalls, anti-spyware programs,
• and various security services. It also encompasses the development
and use of security applications and browser extensions that enhance
online safety.
The cybersafety industry
• the global cybersecurity market size was valued at USD 153.65 billion
in 2022.
The market is projected to grow from USD 172.32 billion in 2023 to US
D 424.97 billion in 2030
• Key players in this industry include companies like IBM,
Accenture Security, and many others offering various cybersecurity
solutions31.
The industry also has a significant impact on economies, industries, an
d global issues
3
.
• It's important to note that despite the advancements in cybersecurity
solutions, no security tool can provide 100% protection.
Cyber Safety: Protecting
Yourself Online

• protecting personal
information,
• avoiding
cyberbullying,
• preventing
cybercrime, etc.
Online Threats

•viruses,
• malware,
•phishing,
• social engineering,
• identity theft,
•and cyberbullying.
Cyberbullying
how to prevent and respond to
cyberbullying
• block the bully,
• don't retaliate, (отомстить)
• talk to a trusted adult, etc.
• The first step in countering
(противодействии)cyberbullying
is to get a thorough understanding
of the scope and nature of the
problem.
 Passwords and
Personal Information tips for creating strong passwords

the importance of strong • using a mix of letters, numbers,

passwords and the risks of
sharing personal information and symbols,
online • avoiding personal information,
• changing passwords regularly,
• etc
Phishing and Scams What phishing is and how it works
(Мошенничество)

• checking the sender's email

address, avoiding suspicious links,
• not sharing personal information.
Malware(Вредоносное ПО) and Viruses

tips for preventing and removing

malware and viruses
• using antivirus software,
• avoiding suspicious downloads,
• updating software regularly,
• etc.
Social Media

The risks associated with social media

• cyberbullying,
• privacy concerns,
• scams, etc
Tips for staying safe on social media .
• adjusting privacy settings,
• avoiding sharing personal information,
• reporting inappropriate behavior,
• etc
Online Gaming
the risks associated with online gaming
• (e.g. cyberbullying,
• addiction,
• scams, etc.)
tips for staying safe while gaming online
• (e.g. avoiding personal information sharing,
• not meeting strangers in person,
• setting limits on gaming time, etc.)
 Public Wi-Fi

The risks associated with public Wi-Fi

• (e.g. hacking,
• malware, etc.)
Tips for staying safe on public wi-fi
• (e.g. avoiding sensitive transactions,
• using a virtual private network (VPN),
• turning off file sharing, etc.
Use Security Applications and Extensions
: Install additional applications and
extensions, such as
• HTTPS Everywhere and
• two-factor authentication.
Suspecting a Virus/malware present in your computer

•your computer suddenly slows down

•press Ctrl, Alt and Delete and get the task manager by clicking on
task manger button of your computer if it is not displayed that means
you are at a problem.
• performance tab CPU usage is always reaching 100% without doing
any useful task
•nagging messages appearing
•you cannot eject your thumb drive without any document or program
open from that thumb drive
•see that files are automatically created with unknown rubbish names
Security Applications

• Antivirus Software: Programs like Norton Antivirus, McAfee, or Avast

help protect your computer from viruses and other malicious
software.
• Firewalls: Tools like ZoneAlarm or the built-in firewall in your
operating system help block unauthorized access to your computer.
• Anti-Spyware: Programs like Spybot Search & Destroy or
Malwarebytes help protect your computer from spyware.
Browser Extensions
• AdBlock Plus: This extension helps block ads on websites, making
pages load faster and protecting against malicious ads.
• LastPass: This is a password manager that securely stores your
passwords, helping to protect against phishing attacks.
• HTTPS Everywhere: This extension ensures that you use a secure
(HTTPS) connection whenever possible, protecting your data from
being intercepted.
• Privacy Badger: This extension blocks third-party trackers, helping to
protect your privacy online.
Online Shopping
• 1. Before entering bank card details,
make sure that you have not landed on
a fake site.
• should get a separate card
• . There are cunning Trojans that
masquerade as various mobile
applications and intercept messages
from banks.
• Keyloggers a Trojan behaves invisibly
and records everything that the user
types on the keyboard.
Standards and specifications in the
information security field
Standards and specifications in the information security field are guidelines and
frameworks that organizations follow to protect their information and network
security
1. ISO/IEC 27001: This is an internationally recognized standard for
information security management systems. It provides a management framework
for ensuring the confidentiality, integrity, and availability of all corporate data1.
• 2. ISO/IEC 27000: This standard provides an overview of information
security management systems and defines a common vocabulary of terms and
definitions used throughout the ISO/IEC 27000 series
• The “ISO” in the name stands for the International Organization for Standardization, which develops and publishes these standards. “IEC”
stands for the International Electrotechnical Commission, which is a leading organization for the preparation and publication of international
standards for electrical, electronic, and related technologies.
The acts of the Republic of Kazakhstan governing
legal relations in the sphere of information security.
• Decree of the Government of the Republic of Kazakhstan dated Dece
mber 20, 2016 No. 832 “On approval of uniform requirements in the fi
eld of information and communication technologies and information s
ecurity
• https://adilet.zan.kz/rus/docs/P1600000832
There are requirements to
• Equipment of Internet service providers
• Information system’s security
• Legal entities involved in information and communication sevice in
Kazakhstan and their responsibility and accountability
• Requirements for the hardware and software complex. etc
Digital signature
• A digital signature is a mathematical scheme for verifying the
authenticity of digital messages or documents . It’s a type of
electronic signature that provides more security and assurance of the
document’s origin, identity, and integrity3.
• Here’s how it works:
• Key Generation: A mathematical algorithm generates two keys that
are mathematically linked: one private and one public .
• Signing: When a signer digitally signs a document, a cryptographic
hash (a series of encrypted numbers and letters) is generated for the
document . This hash is then encrypted using the sender’s private key .
The resulting encrypted hash is the digital signature .
Digital signature
• Verification: The receiver uses the sender’s public key to decrypt the
hash. If it matches the hash generated from the received document,
then the document has not been altered, and the signature is
verified .
• The private key is always securely kept by the signer and should never
be shared or exposed . This process ensures that digital signatures
provide a high level of security and are legally binding in many
countries .