Please enable JavaScript.
Coggle requires JavaScript to display documents.
Fundamentals of cyber security (Cyber Security Threats (Removable Media…
Fundamentals of cyber security
Cyber Security
consists of the processes, practices and technologies designed to protect networks, computers, programs and dat from attack, damage or unauthorised access
Cyber Security Threats
Social engineering techniques
Malicious Code
Weak and Default Passwords
Misconfiguration access rights
: when user accounts have incorrect permissions.
Unpatched and/or outdated software
Outdated software is more likely to have flaws that can be exploited by cyber criminals. Those security gaps are more often present in older software that’s no longer maintained, automatically updated, or supported by its maker.
PENETRATION TESTING
the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access
White-box
: aims to stimulate a malicious insider who has knowledge of and possibly basic credentials for the target system
Black- box
: aims to stimulate an external hacking or cyber warfare attack
Removable Media
Loss of information
The physical design of removable media can result in it being misplaced or stolen, potentially compromising the confidentiality and availability of the information stored on it
Introduction of malware
The uncontrolled use of removable media will increase the risk from malware if the media can be used on multiple ICT systems
Information leakage
Some media types retain information after user deletion; this could lead to an unauthorised transfer of information between systems
Reputational damage
A loss of sensitive data often attracts media attention which could erode customer confidence in the business
Financial loss
If sensitive information is lost or compromised the organisation could be subjected to financial penalties
Social Engineering
: the art of manipulating people so they give up confidential information
Blagging
: the act of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances
Phishing
: a technique of fraudulently obtaining private information, often using email or SMS
Pharming
: a cyber attack intended to redirect a website's traffic to another, fake site
Shouldering
: observing a person's private information over their shoulder
Malicious Code
Malware
: an umbrella term used to refer to a variety of forms of hostile or intrusive software
Computer Virus
: A piece of code which is capable of copying itself and typically has a detrimental effect, such
as corrupting the system or destroying data.
Trojan
: malware disguised as legitimate software
Spyware
: Programs that secretly record what you do on your computer
Adware
: Software that displays advertisements and is integrated into another program offered at no
charge or at low cost.
Methods to detect and prevent cyber security threats
Biometric measures
: use scanners to identify people by a unique part of their body - usually to prevent unauthorised access
Password systems
: simple method of checking someone's identity - they should be strong - many characters long - use a combination of characters - be changed regularly
CAPTCHA
: designed to prevent programs from automatically doing certain things
Email confirmation
: used by most web services that require account registration to confirm that the email belongs to the person registering
Automatic software updates
: a piece of software released by software vendors, mainly to address security vulnerabilities in their existing products. Software updates occasionally contain bug fixes and product enhancement.