Introduction to cyber security – Week 8, Managing security risks

Information as an asset Information is valuable but can be lost or stolen. Considering information as an asset allows creation of strategies for protecting info and minimising consequences of disaster. Information assets vary by organisations/individuals: Doctors surgery Medical records Contact lists Emails Employee records Manufacturer Order books Staff records Bank references Supplier & customer correspondence Risk management Assesses value of […]

Introduction to cyber security – Week 7, When your defences fail

Identity theft Preventing identity theft – ensure AV software is up to date, do not respond to phising emails. Detecting identity theft Unexplained bank withdrawals or credit card charges Bills & other expected official letters don’t arrive Cards/cheques decline Notified that their information has been breached/compromised Connected by bank/credit card company about suspicious activity Loss of data Destruction or deletion […]

Introduction to cyber security – Week 6, Network Security

Firewall basics Blocks dangerous communications from spreading across network, either from outside into a network or within the network. Can be dedicated hardware, part of router or integrated with OS. Compares addressing and protocol information of datagram to rules setup in firewall’s software. If datagram comes from a hacker and the rules say block unknown then the firewall rejects datagram […]

Introduction to cyber security – Week 5, Cryptography

Specialised area of mathematics concerned with protecting information. Anything that can be represented as 0s and 1s can be encrypted. Applications for cryptography include: Secure banking and payment systems Protecting conversations over mobile telephones Safeguarding wireless networks Securing files on hard disks and memory keys Authenticating electronic documents Electronic voting Securing media files – Digital Rights Management (DRM) Terminology Plaintext […]

Introduction to cyber security – Week 4, Networking and Communications

What is the internet? Hierarchy of individual networks – from LANs to telephone networks. A network of networks. Two key design factors: No central controlling computer. All machines would have the same authority. Information should be deliverable along any route thereby being able to bypass machines which are unavailable. No distinct route required. How data moves Internet traffic is split […]

Introduction to cyber security – Week 3, Malware

Viruses Inserts copies of itself onto crucial parts of hard disk in applications and data. They are self-replicating and either start when the infected application starts each time or after starting once copy themselves and start each time the computer starts. Mainly written to harm users by destroying data, creating backdoors which can be exploited. Worms Self-replicating standalone applications that […]

Introduction to cyber security – Week 2, Authentiation

Passwords – what are they for? Identification and authentication – Systems need to uniquely identify each user and prevent impersonation. Risks and solutions Password sent in plain text Passwords sent over SSL are encypted. Password stored in plain text Hashed version of the password stored in database. Hashing is a one-way process, it cannot be reversed to discover true password. […]

Introduction to cyber security – Week 1, Threat Landscape

Terminology CIA – guiding principal Confidential – only to be read by right people Integrity – only changed by authorised people/processes Availability – available to read/use whenever we want Information assets Information asset could be customer data amongst other things Authentication – necessary to verify identity of source of request of information. Non-repudiation – ensuring users cannot deny sending message […]