SlideShare une entreprise Scribd logo

CS5032 L19 cybersecurity 1

Télécharger en tant que PPTX, PDF
Ian Sommerville
Ian Sommerville
1  sur  27
Cybersecurity 1 Introduction to cybersecurity, 2013 Slide 1
What is cybersecurity? • A wide-ranging term that embraces all aspects of ensuring the protection of citizens, businesses and critical infrastructures from threats that arise from their use of computers and the internet. Introduction to cybersecurity, 2013 Slide 2
Scope of cybersecurity • Techniques of threat and attack analysis and mitigation • Protection and recovery technologies, processes and procedures for individuals, business and government • Policies, laws and regulation relevant to the use of computers and the Internet Introduction to cybersecurity, 2013 Slide 3
A systems problem • Related to, but broader in scope than: – Computer security – Security engineering – Encryption – Computer crime – Computer forensics • Cybersecurity is a socio-technical systems problem • Problems almost always stem from a mix of technical, human and organisational causes Introduction to cybersecurity, 2013 Slide 4
Malicious and accidental damage • Cybersecurity is most concerned with – Cyber attacks – Malicious attempts to cause loss or damage to an individual, business or public bodies • But it should also be concerned with – Cyber-accidents – Accidental events that can cause loss or damage to to an individual, business or public body Many of the same technologies are applicable although sometimes protecting against cyber attacks increases the probability of cyber accidents Introduction to cybersecurity, 2013 Slide 5
Insider and external attacks • Insider attacks – Attacks to an organisation carried out by someone who is inside that organisation – Difficult to counter using technical methods as the insider may have valid credentials to access the system • External attacks – Attacks to an organisation carried out by an external agent – Requires either valid credentials or the exploitation of some vulnerability to gain access to the systems Introduction to cybersecurity, 2013 Slide 6
Introduction to cybersecurity, 2013 Slide 7
Classes of cyber attack • Cyber fraud – Cyber attacks that are generally aimed at gaining monetary or related gains for the perpetrator. • Cyber-spying – Cyber attacks aimed at gaining information for the perpetrator. Related to cyber-fraud in that one aim of cyber- spying may be to sell the information gained, • Cyber-stalking, cyber-bullying etc. – Cyber attacks which are designed to intimidate individuals rather than businesses or government • Introduction to cybersecurity, 2013 Slide 8
Classes of cyber attack • Cyber assault – Cyber-attacks aimed at causing damage to information or equipment that is being attacked. Again, related to cyber fraud in that some attacks such as DDOS attacks may be precursors to attempts to extort money from those affected by the attacks. – Damage may be physical damage to equipment, reputational damage, psychological damage to individuals (cyber bullying or cyber stalking) or damage to information. • Cyber warfare – An extreme form of cyber-assault where at least one of the parties involved is a nation state. Introduction to cybersecurity, 2013 Slide 9
Cyber-fraud • Phishing attacks combined with fake websites to steal users’ personal details and, with these, steal money from their accounts – Fraudsters set up a fake website that looks like a bank website – Emails are sent to large numbers of recipients with a link to this site and a message trying to lure them to log on – If the click on the link, their personal details are collected and then used by the fraudster to access their legitimate site Introduction to cybersecurity, 2013 Slide 10
Introduction to cybersecurity, 2013 Slide 11
Cyber-spying Introduction to cybersecurity, 2013 Slide 12
Introduction to cybersecurity, 2013 Slide 13
Cyber-bullying Introduction to cybersecurity, 2013 Slide 14
Introduction to cybersecurity, 2013 Slide 15
Cyber-assault Introduction to cybersecurity, 2013 Slide 16
Cyber warfare attacks • These are much harder to validate as, for obvious reasons, neither the perpetrator or the victim wish to release information • Denial of service attacks – Government and critical infrastructure sites attacked by DoS attacks with a view to taking them offline • Malware – Malware introduced to target and damage government and infrastructure facilities Introduction to cybersecurity, 2013 Slide 17
Introduction to cybersecurity, 2013 Slide 18
The scale of the problem • It’s a big problem • How big ? We really do not know • Many surveys on costs but very wide variations and different methodologies • Differing estimates: – Cybercrime in Scotland from £31 billion to £168 million • Industry reluctant to release figures but when they do, they tend to overvalue assets Introduction to cybersecurity, 2013 Slide 19
Why has this problem arisen • Connection of computers to the internet can cut costs, improve the efficiency and responsiveness of business processes and open up new opportunities for interaction. Therefore business has focused on connectivity rather than security • Security is inconvenient and slows down transactions. Businesses have decided to prioritise convenience and usability over security. • There are inherent security weaknesses in the design of the Internet Introduction to cybersecurity, 2013 Slide 20
Internet vulnerabilities • The Internet was invented in the 1970s as a network between organisations that were trustworthy and which trusted each other • Information maintained was largely non-commercial • Security was not a factor in the design of internet protocols, practices and equipment • These protocols made it easy for the Internet to be universally adopted in the 1990s but mean that we have to live with weak security. Introduction to cybersecurity, 2013 Slide 21
Internet vulnerability examples • Unencypted traffic – Packets can be intercepted and examined by an attacker • DNS system – Possible to divert traffic from legitimate to malicious addresses – Easy to hide where traffic has come from • Mail protocol – No charging mechanism for mail – Hence spam is possible Introduction to cybersecurity, 2013 Slide 22
Risk classification • Risks due to actions of people • Risks due to hardware or software • Risks due to organisational processes • There are also – Risks due to external events such as weather, infrastructure failure, regulatory changes. – But these are more difficult to Introduction to cybersecurity, 2013 anticipate and control Slide 23
Actions of people • Deliberate or accidental exposure of legitimate credentials to attackers • Failure to maintain secure personal computers and devices • Insider corruption or theft of data • Preference for convenience and usability over security – Weak passwords set because they are easy to remember and quick to type Introduction to cybersecurity, 2013 Slide 24
Hardware and software • Misconfigured firewalls and mail filters • Programming errors and omissions in software lead to malicious penetration – Buffer overflow attacks – SQL poisoning attacks • Inadequate server or router capacity leads to failure in the event of DoS attack Introduction to cybersecurity, 2013 Slide 25
Organisational processes • No established process and checks for updating and patching software • Lack of security auditing • Lack of systematic backup processes Introduction to cybersecurity, 2013 Slide 26
Key points • Cybersecurity is concerned with all aspects of ensuring the protection of citizens, businesses and critical infrastructures from threats that arise from their use of computers and the internet. • Cybersecurity is a socio-technical systems problem • Cybersecurity covers cyber-fraud, cyber- spying, cyber-bullying, cyber-assault and cyber- warfare • Cyber attacks are a major cost for business, government and individuals. But quantifying this cost is difficult. Introduction to cybersecurity, 2013 Slide 27

Recommandé

CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013Ian Sommerville
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Ian Sommerville
 
Final2[1]
Final2[1]Final2[1]
Final2[1]MohammedHazzaa1
 
3 Telecom+Network Part1
3 Telecom+Network Part13 Telecom+Network Part1
3 Telecom+Network Part1Alfred Ouyang
 

Recommandé

CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013Ian Sommerville
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Ian Sommerville
 
Final2[1]
Final2[1]Final2[1]
Final2[1]MohammedHazzaa1
 
3 Telecom+Network Part1
3 Telecom+Network Part13 Telecom+Network Part1
3 Telecom+Network Part1Alfred Ouyang
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk MgmtAlfred Ouyang
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development SecurityAlfred Ouyang
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations SecurityAlfred Ouyang
 
WP82 Physical Security in Mission Critical Facilities
WP82 Physical Security in Mission Critical FacilitiesWP82 Physical Security in Mission Critical Facilities
WP82 Physical Security in Mission Critical FacilitiesSE_NAM_Training
 
Dave Ford Resume
Dave Ford ResumeDave Ford Resume
Dave Ford ResumeDave Ford
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_dsArun Gopinath
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
NEtwork Security Admin Portal
NEtwork Security Admin PortalNEtwork Security Admin Portal
NEtwork Security Admin PortalBhadreshsinh Gohil
 
Enterprise Mobile Security
Enterprise Mobile SecurityEnterprise Mobile Security
Enterprise Mobile Securitytbeckwith
 
Jump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeJump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeDenim Group
 
CH11-Managing Computing Securely, Safely and Ethically
CH11-Managing Computing Securely, Safely and EthicallyCH11-Managing Computing Securely, Safely and Ethically
CH11-Managing Computing Securely, Safely and EthicallySukanya Ben
 
HIPAA Preso
HIPAA PresoHIPAA Preso
HIPAA PresoJoseph Schorr
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...IOSR Journals
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET Journal
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterIan Sommerville
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million usersIan Sommerville
 

Contenu connexe

Tendances

1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk MgmtAlfred Ouyang
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development SecurityAlfred Ouyang
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations SecurityAlfred Ouyang
 
WP82 Physical Security in Mission Critical Facilities
WP82 Physical Security in Mission Critical FacilitiesWP82 Physical Security in Mission Critical Facilities
WP82 Physical Security in Mission Critical FacilitiesSE_NAM_Training
 
Dave Ford Resume
Dave Ford ResumeDave Ford Resume
Dave Ford ResumeDave Ford
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_dsArun Gopinath
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
Enterprise Mobile Security
Enterprise Mobile SecurityEnterprise Mobile Security
Enterprise Mobile Securitytbeckwith
 
Jump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeJump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeDenim Group
 
CH11-Managing Computing Securely, Safely and Ethically
CH11-Managing Computing Securely, Safely and EthicallyCH11-Managing Computing Securely, Safely and Ethically
CH11-Managing Computing Securely, Safely and EthicallySukanya Ben
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...IOSR Journals
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET Journal
 

Tendances (20)

1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development Security
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations Security
 
WP82 Physical Security in Mission Critical Facilities
WP82 Physical Security in Mission Critical FacilitiesWP82 Physical Security in Mission Critical Facilities
WP82 Physical Security in Mission Critical Facilities
 
Dave Ford Resume
Dave Ford ResumeDave Ford Resume
Dave Ford Resume
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_ds
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
NEtwork Security Admin Portal
NEtwork Security Admin PortalNEtwork Security Admin Portal
NEtwork Security Admin Portal
 
Enterprise Mobile Security
Enterprise Mobile SecurityEnterprise Mobile Security
Enterprise Mobile Security
 
Jump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeJump Start Your Application Security Knowledge
Jump Start Your Application Security Knowledge
 
CH11-Managing Computing Securely, Safely and Ethically
CH11-Managing Computing Securely, Safely and EthicallyCH11-Managing Computing Securely, Safely and Ethically
CH11-Managing Computing Securely, Safely and Ethically
 
HIPAA Preso
HIPAA PresoHIPAA Preso
HIPAA Preso
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Security
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
 

En vedette

CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterIan Sommerville
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million usersIan Sommerville
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsIan Sommerville
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013Ian Sommerville
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013Ian Sommerville
 
CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013Ian Sommerville
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachIan Sommerville
 
CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013Ian Sommerville
 
CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013Ian Sommerville
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptographydrewz lin
 
CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013Ian Sommerville
 

En vedette (20)

CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disaster
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
 
Chap 01 intro
Chap 01 introChap 01 intro
Chap 01 intro
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systems
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013
 
CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breach
 
CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013
 
CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013
 
Quan nguyen symmetric versus asymmetric cryptography
Quan nguyen symmetric versus asymmetric cryptographyQuan nguyen symmetric versus asymmetric cryptography
Quan nguyen symmetric versus asymmetric cryptography
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013
 
Chap 28 security
Chap 28 securityChap 28 security
Chap 28 security
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems intro
 
System dependability
System dependabilitySystem dependability
System dependability
 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineering
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptography
 
CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013
 

Similaire à CS5032 L19 cybersecurity 1

Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecuritysommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptxPradeeshSAI
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdfSuleiman55
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxAkshayKhade21
 
DIGITAL EMPOWERMENT ASSIGNMENT.docx
DIGITAL EMPOWERMENT ASSIGNMENT.docxDIGITAL EMPOWERMENT ASSIGNMENT.docx
DIGITAL EMPOWERMENT ASSIGNMENT.docxHateMe9
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdfKARANSINGHD
 
CYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfCYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfJayaMalaR6
 
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber SecurityThreat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber SecurityIRJET Journal
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxMBRoman1
 
Subhankar Dutta, Cyber security presentation.pptx
Subhankar Dutta, Cyber security presentation.pptxSubhankar Dutta, Cyber security presentation.pptx
Subhankar Dutta, Cyber security presentation.pptxSubhankar26
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptxRishabhDwivedi70
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptxjondon17
 

Similaire à CS5032 L19 cybersecurity 1 (20)

Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdf
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
DIGITAL EMPOWERMENT ASSIGNMENT.docx
DIGITAL EMPOWERMENT ASSIGNMENT.docxDIGITAL EMPOWERMENT ASSIGNMENT.docx
DIGITAL EMPOWERMENT ASSIGNMENT.docx
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
cyber security.pdf
cyber security.pdfcyber security.pdf
cyber security.pdf
 
Cyber security
Cyber security Cyber security
Cyber security
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
CYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfCYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdf
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber SecurityThreat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Subhankar Dutta, Cyber security presentation.pptx
Subhankar Dutta, Cyber security presentation.pptxSubhankar Dutta, Cyber security presentation.pptx
Subhankar Dutta, Cyber security presentation.pptx
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptx
 

Plus de Ian Sommerville

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale SystemsIan Sommerville
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITSIan Sommerville
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems designIan Sommerville
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITSIan Sommerville
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITSIan Sommerville
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-studyIan Sommerville
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureIan Sommerville
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureIan Sommerville
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013Ian Sommerville
 

Plus de Ian Sommerville (13)

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
 
Requirements reality
Requirements realityRequirements reality
Requirements reality
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITS
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failure
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructure
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013
 

CS5032 L19 cybersecurity 1

  • 1. Cybersecurity 1 Introduction to cybersecurity, 2013 Slide 1
  • 2. What is cybersecurity? • A wide-ranging term that embraces all aspects of ensuring the protection of citizens, businesses and critical infrastructures from threats that arise from their use of computers and the internet. Introduction to cybersecurity, 2013 Slide 2
  • 3. Scope of cybersecurity • Techniques of threat and attack analysis and mitigation • Protection and recovery technologies, processes and procedures for individuals, business and government • Policies, laws and regulation relevant to the use of computers and the Internet Introduction to cybersecurity, 2013 Slide 3
  • 4. A systems problem • Related to, but broader in scope than: – Computer security – Security engineering – Encryption – Computer crime – Computer forensics • Cybersecurity is a socio-technical systems problem • Problems almost always stem from a mix of technical, human and organisational causes Introduction to cybersecurity, 2013 Slide 4
  • 5. Malicious and accidental damage • Cybersecurity is most concerned with – Cyber attacks – Malicious attempts to cause loss or damage to an individual, business or public bodies • But it should also be concerned with – Cyber-accidents – Accidental events that can cause loss or damage to to an individual, business or public body Many of the same technologies are applicable although sometimes protecting against cyber attacks increases the probability of cyber accidents Introduction to cybersecurity, 2013 Slide 5
  • 6. Insider and external attacks • Insider attacks – Attacks to an organisation carried out by someone who is inside that organisation – Difficult to counter using technical methods as the insider may have valid credentials to access the system • External attacks – Attacks to an organisation carried out by an external agent – Requires either valid credentials or the exploitation of some vulnerability to gain access to the systems Introduction to cybersecurity, 2013 Slide 6
  • 8. Classes of cyber attack • Cyber fraud – Cyber attacks that are generally aimed at gaining monetary or related gains for the perpetrator. • Cyber-spying – Cyber attacks aimed at gaining information for the perpetrator. Related to cyber-fraud in that one aim of cyber- spying may be to sell the information gained, • Cyber-stalking, cyber-bullying etc. – Cyber attacks which are designed to intimidate individuals rather than businesses or government • Introduction to cybersecurity, 2013 Slide 8
  • 9. Classes of cyber attack • Cyber assault – Cyber-attacks aimed at causing damage to information or equipment that is being attacked. Again, related to cyber fraud in that some attacks such as DDOS attacks may be precursors to attempts to extort money from those affected by the attacks. – Damage may be physical damage to equipment, reputational damage, psychological damage to individuals (cyber bullying or cyber stalking) or damage to information. • Cyber warfare – An extreme form of cyber-assault where at least one of the parties involved is a nation state. Introduction to cybersecurity, 2013 Slide 9
  • 10. Cyber-fraud • Phishing attacks combined with fake websites to steal users’ personal details and, with these, steal money from their accounts – Fraudsters set up a fake website that looks like a bank website – Emails are sent to large numbers of recipients with a link to this site and a message trying to lure them to log on – If the click on the link, their personal details are collected and then used by the fraudster to access their legitimate site Introduction to cybersecurity, 2013 Slide 10
  • 17. Cyber warfare attacks • These are much harder to validate as, for obvious reasons, neither the perpetrator or the victim wish to release information • Denial of service attacks – Government and critical infrastructure sites attacked by DoS attacks with a view to taking them offline • Malware – Malware introduced to target and damage government and infrastructure facilities Introduction to cybersecurity, 2013 Slide 17
  • 19. The scale of the problem • It’s a big problem • How big ? We really do not know • Many surveys on costs but very wide variations and different methodologies • Differing estimates: – Cybercrime in Scotland from £31 billion to £168 million • Industry reluctant to release figures but when they do, they tend to overvalue assets Introduction to cybersecurity, 2013 Slide 19
  • 20. Why has this problem arisen • Connection of computers to the internet can cut costs, improve the efficiency and responsiveness of business processes and open up new opportunities for interaction. Therefore business has focused on connectivity rather than security • Security is inconvenient and slows down transactions. Businesses have decided to prioritise convenience and usability over security. • There are inherent security weaknesses in the design of the Internet Introduction to cybersecurity, 2013 Slide 20
  • 21. Internet vulnerabilities • The Internet was invented in the 1970s as a network between organisations that were trustworthy and which trusted each other • Information maintained was largely non-commercial • Security was not a factor in the design of internet protocols, practices and equipment • These protocols made it easy for the Internet to be universally adopted in the 1990s but mean that we have to live with weak security. Introduction to cybersecurity, 2013 Slide 21
  • 22. Internet vulnerability examples • Unencypted traffic – Packets can be intercepted and examined by an attacker • DNS system – Possible to divert traffic from legitimate to malicious addresses – Easy to hide where traffic has come from • Mail protocol – No charging mechanism for mail – Hence spam is possible Introduction to cybersecurity, 2013 Slide 22
  • 23. Risk classification • Risks due to actions of people • Risks due to hardware or software • Risks due to organisational processes • There are also – Risks due to external events such as weather, infrastructure failure, regulatory changes. – But these are more difficult to Introduction to cybersecurity, 2013 anticipate and control Slide 23
  • 24. Actions of people • Deliberate or accidental exposure of legitimate credentials to attackers • Failure to maintain secure personal computers and devices • Insider corruption or theft of data • Preference for convenience and usability over security – Weak passwords set because they are easy to remember and quick to type Introduction to cybersecurity, 2013 Slide 24
  • 25. Hardware and software • Misconfigured firewalls and mail filters • Programming errors and omissions in software lead to malicious penetration – Buffer overflow attacks – SQL poisoning attacks • Inadequate server or router capacity leads to failure in the event of DoS attack Introduction to cybersecurity, 2013 Slide 25
  • 26. Organisational processes • No established process and checks for updating and patching software • Lack of security auditing • Lack of systematic backup processes Introduction to cybersecurity, 2013 Slide 26
  • 27. Key points • Cybersecurity is concerned with all aspects of ensuring the protection of citizens, businesses and critical infrastructures from threats that arise from their use of computers and the internet. • Cybersecurity is a socio-technical systems problem • Cybersecurity covers cyber-fraud, cyber- spying, cyber-bullying, cyber-assault and cyber- warfare • Cyber attacks are a major cost for business, government and individuals. But quantifying this cost is difficult. Introduction to cybersecurity, 2013 Slide 27