SlideShare une entreprise Scribd logo

Cisco Cyber Security Essentials Chapter-1

Mukesh Chinta
Mukesh Chinta

This PPT covers the first chapter of Cisco Networking Academy Cyber Security Essentials Course

Ingénierie
1  sur  35
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5 Chapter 1: Cybersecurity - A World of Experts and Criminals Cybersecurity Essentials v1.1
Presentation_ID 6© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter 1 - Sections & Objectives  1.1 The Cybersecurity World  Describe the common characteristics comprising the cybersecurity world  1.2 Cyber Criminals vs Cybersecurity Specialists  Differentiate the characteristics of cyber criminals and cybersecurity specialists  1.3 Common Threats  Compare how cybersecurity threats affect individuals, businesses, and organizations  1.4 Spreading Cybersecurity Threats  Analyze the factors that lead to the spread and growth of cybercrime  1.5 Creating More Experts  Analyze the organizations and efforts committed to expanding the cybersecurity workforce
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7 1.1 The Cybersecurity World
Presentation_ID 8© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.  Organizations face many threats to their information systems and data. Understanding all the basic elements to cyber security is the first step to meeting those threats.
Presentation_ID 9© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Companies such as Google, Facebook, and LinkedIn, could be considered to be data domains in our cyber world.  Google has arguably created the world’s largest data collection infrastructure. Google developed Android, the operating system installed on over 80% of all mobile devices connected to the Internet.  Facebook is another powerful domain within the broader Internet.  LinkedIn is yet another data domain on the Internet. • Cyber domains continue to grow as science and technology evolve, enabling the experts and their employers (Google, Facebook, LinkedIn, etc.) to collect many other forms of data. • New technologies, such as Geospatial Information Systems (GIS) and the Internet of Things (IoT), have emerged, which are very useful but also result in exponentially expanding the amount of data collected, analyzed and used to understand the world. • The data collected by GIS and IoE poses a tremendous challenge for cybersecurity professionals in the future
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10 1.2 Cybersecurity Criminals versus Cybersecurity Specialists
Presentation_ID 11© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential This group of criminals breaks into computers or networks to gain access for various reasons.  White hat attackers break into networks or computer systems to discover weaknesses in order to improve the security of these systems.  Gray hat attackers are somewhere between white and black hat attackers. The gray hat attackers may find a vulnerability and report it to the owners of the system if that action coincides with their agenda.  Black hat attackers are unethical criminals who violate computer and network security for personal gain, or for malicious reasons, such as attacking networks.
Presentation_ID 12© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Criminals come in many different forms. Each have their own motives: Teenagers or hobbyists mostly limited to pranks and vandalism, have little or no skill, often using existing tools or instructions found on the Internet to launch attacks. Grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards. Grey hat hackers who rally and protest against different political and social ideas. Hacktivists publicly protest against organizations or governments by posting articles, videos, leaking sensitive information, and performing distributed denial of service (DDoS) attacks. - These are black hat hackers who are either self-employed or working for large cybercrime organizations. Each year, cyber criminals are responsible for stealing billions of dollars from consumers and businesses. - Depending on a person’s perspective, these are either white hat or black hat hackers who steal government secrets, gather intelligence, and sabotage networks. Their targets are foreign governments, terrorist groups, and corporations. Most countries in the world participate to some degree in state-sponsored hacking.
Presentation_ID 13© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Presentation_ID 14© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential The demand for cybersecurity specialists has grown more than the demand for other IT jobs. Technology alone cannot prevent, detect, respond and recover from cybersecurity incidents. Becoming a cybersecurity specialist is a rewarding career opportunity.  Thwarting the cyber criminals is a difficult task and there is no such thing as a “silver bullet.” However, company, government and international organizations have begun to take coordinated actions to limit or fend off cyber criminals. The coordinated actions include:
Presentation_ID 15© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  Vulnerability Database: The Nation Common Vulnerabilities and Exposures (CVE) database is an example of the development of a national database. The CVE National Database was developed to provide a publicly available database of all know vulnerabilities.  Early Warning Systems: The Honeynet project is an example of creating Early Warning Systems. The project provides a HoneyMap which displays real-time visualization of attacks.  Share Cyber Intelligence: InfraGard is an example of wide spread sharing of cyber intelligence. The InfraGard program is a partnership between the FBI and the private sector. The participants are dedicated to sharing information and intelligence to prevent hostile cyberattacks.  ISM Standards: The ISO 27000 standards are an example of Information Security Management Standards. The standards provide a framework for implementing cybersecurity measures within an organization.  New Laws: The ISACA group track law enacted related to cyber security. These laws can address individual privacy to protection of intellectual property. Examples of these laws include: Cybersecurity Act, Federal Exchange Data Breach Notification Act and the Data Accountability and Trust Act.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16 1.3 Common Threats
Presentation_ID 17© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  Threats and vulnerabilities are the main concern of cybersecurity professionals. Two situations are especially critical: When a threat is the possibility that a harmful event, such as an attack, will occur. When a vulnerability makes a target susceptible to an attack.  Organizations like Google and Facebook have the resources to hire top cybersecurity talent to protect their domains.  As more organizations build large databases containing all of our personal data, the need for cybersecurity professionals increases. This leaves smaller businesses and organizations competing for the remaining pool of cybersecurity professionals.  Cyber threats are particularly dangerous to certain industries and the records they must maintain.
Presentation_ID 18© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1. Personal Information 2. Employment and Financial Records 3. Educational Records 4. Medical Records The following examples are just a few sources of data that can come from established organizations:
Presentation_ID 19© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Network services like DNS, HTTP and Online Databases are prime targets for cyber criminals.  Criminals use packet-sniffing tools to capture data streams over a network. Packet sniffers work by monitoring and recording all information coming across a network.  Criminals can also use rogue devices, such as unsecured Wi-Fi access points.  With DNS spoofing (or DNS cache poisoning), the criminal introduces false data into a DNS resolver’s cache, redirecting traffic for a specific domain to the criminal’s computer, instead of the legitimate owner of the domain.  Packet forgery (or packet injection) interferes with an established network communication by constructing packets to appear as if they are part of a communication. ⁂ Packet forgery enables the criminal to hijack an authorized connection or deny an individual’s ability to use certain network services. Cyber professionals call this a man-in-the-middle attack.
Presentation_ID 20© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Key industry sectors offer networking infrastructure systems such as: Manufacturing  Industry Controls  Automation  SCADA Energy Production and Distribution  Electrical Distribution and Smart Grid  Oil and Gas Communication  Phone  Email  Messaging Transportation systems  Air Travel  Rail
Presentation_ID 21© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cybersecurity is the ongoing effort to protect networked systems and data from unauthorized access. • On a personal level, everyone needs to safeguard his or her identity, data, and computing devices. • At the corporate level, it is the employees’ responsibility to protect the organization’s reputation, data, and customers. • At the state level, national security and the citizens’ safety and well-being are at stake • Cybersecurity professionals are often involved in working with government agencies in identifying and collecting data. • The efforts to protect people’s way of life often conflicts with their right to privacy
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22 1.4 Spreading Cybersecurity Threats
Presentation_ID 23© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Attacks can originate from within an organization or from outside of the organization, as shown in the figure. An internal user, such as an employee or contract partner, can accidently or intentionally:  Mishandle confidential data  Threaten the operations of internal servers or network infrastructure devices  Facilitate outside attacks by connecting infected USB media into the corporate computer system  Accidentally invite malware onto the network through malicious email or websites • Internal threats have the potential to cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices. • External attacks exploit weaknesses or vulnerabilities to gain access to internal resources.
Presentation_ID 24© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential The Vulnerabilities of Mobile Devices - In the past, employees typically used company-issued computers connected to a corporate LAN. • Today, mobile devices such as iPhones, smartphones, tablets, and thousands of other devices, are becoming powerful substitutes for, or additions to, the traditional PC. • More and more people are using these devices to access enterprise information. Bring Your Own Device (BYOD) is a growing trend. • The inability to centrally manage and update mobile devices poses a growing threat to organizations that allow employee mobile devices on their networks. Emergence Internet-of-Things - The Internet of Things (IoT) is the collection of technologies that enable the connection of various devices to the Internet. • IoT technologies enable people to connect billions of devices to the Internet. These devices include appliances, locks, motors, and entertainment devices, to name just a few. • This technology affects the amount of data that needs protection. Users access these devices remotely, which increases the number of networks requiring protection. • With the emergence of IoT, there is much more data to be managed and secured. All of these connections, plus the expanded storage capacity and storage services offered through the Cloud and virtualization, has led to the exponential growth of data.
Presentation_ID 25© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential The Impact of Big Data- Big data is the result of data sets that are large and complex, making traditional data processing applications inadequate. Big data poses both challenges and opportunities based on three dimensions: • The volume or amount of data • The velocity or speed of data • The variety or range of data types and sources
Presentation_ID 26© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  Software vulnerabilities today rely on programming mistakes, protocol vulnerabilities, or system misconfigurations. The cyber criminal merely has to exploit one of these  An advanced persistent threat (APT) is a continuous computer hack that occurs under the radar against a specific object. Criminals usually choose an APT for business or political motives.  Algorithmic attacks can disable a computer by forcing it to use memory or by overworking its central processing unit. Algorithmic attacks are more devious because they exploit designs used to improve energy savings, decrease system failures, and improve efficiencies.  Finally, the new generation of attacks involves intelligent selection of victims. Many of the more sophisticated attacks will only launch if the attacker can match the object signature targeted.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27 1.5 Creating More Experts
Presentation_ID 28© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Addressing the Shortage of Cybersecurity Specialist In the U.S., the National Institute of Standards and Technologies (NIST) created a framework for companies and organizations in need of cybersecurity professionals. The framework enables companies to identify the major types of responsibilities, job titles, and workforce skills needed. The Seven Categories of Cybersecurity Work The Workforce Framework categorizes cybersecurity work into seven categories. 1. Operate and Maintain includes providing the support, administration, and maintenance required to ensure IT system performance and security 2. Protect and Defend includes the identification, analysis, and mitigation of threats to internal systems and networks 3. Investigate includes the investigation of cyber events and/or cyber crimes involving IT resources 4. Collect and Operate includes specialized denial and deception operations and the collection of cybersecurity information
Presentation_ID 29© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5. Analyze includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence 6. Oversight and Development provides for leadership, management, and direction to conduct cybersecurity work effectively 7. Securely Provision includes conceptualizing, designing, and building secure IT systems
Presentation_ID 30© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Professional Organizations  Cybersecurity specialists must collaborate with professional colleagues frequently. International technology organizations often sponsor workshops and conferences. Visit each site with your class and explore the resources available.
Presentation_ID 31© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Industry Certifications In a world of cybersecurity threats, there is a great need for skilled and knowledgeable information security professionals. The IT industry established standards for cybersecurity specialists to obtain professional certifications that provide proof of skills, and knowledge level.  CompTIA Security+ - Security+ is a CompTIA-sponsored testing program that certifies the competency of IT administrators in information assurance.  EC-Council Certified Ethical Hacker (CEH) – CEH is an intermediate- level certification asserts that cybersecurity specialists holding this credential possess the skills and knowledge for various hacking practices.  SANS GIAC Security Essentials (GSEC) - The GSEC certification is a good choice for an entry-level credential for cybersecurity specialists who can demonstrate that they understand security terminology and concepts and have the skills and expertise required for “hands-on” security roles. The SANS GIAC program offers a number of additional certifications in the fields of security administration, forensics, and auditing.
Presentation_ID 32© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  (ISC)^2 Certified Information Systems Security Professional (CISSP) - The CISSP certification is a vendor-neutral certification for those cybersecurity specialists with a great deal of technical and managerial experience. It is also formally approved by the U.S. Department of Defense (DoD) and is a globally recognized industry certification in the security field.  ISACA Certified Information Security Manager (CISM) – Cybersecurity specialists responsible for managing, developing and overseeing information security systems at the enterprise level or for those developing best security practices can qualify for CISM.  Cisco Certified Network Associate Security (CCNA Security) - The CCNA Security certification validates that a cybersecurity specialist has the knowledge and skills required to secure Cisco networks.
Presentation_ID 33© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cybersecurity specialists must be able to respond to threats as soon as they occur. This means that the working hours can be somewhat unconventional. Cybersecurity specialists also analyze policy, trends, and intelligence to understand how cyber criminals think. Many times, this may involve a large amount of detective work. Here is good advice for becoming a cybersecurity specialist: : Learn the basics by completing courses in IT. Be a life-long learner. Cybersecurity is an ever-changing field, and cybersecurity specialists must keep up. : Industry and company sponsored certifications from organizations such as Microsoft and Cisco prove that one possesses the knowledge needed to seek employment as a cybersecurity specialist. : Seeking out a security internship as a student can lead to opportunities down the road. : Join computer security organizations, attend meetings and conferences, and join forums and blogs to gain knowledge from the experts. How to Become a Cybersecurity Specialist
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1

Recommandé

Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
Mukesh Chinta
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
Mukesh Chinta
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
Mukesh Chinta
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3
Mukesh Chinta
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
Mukesh Chinta
 
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8
Mukesh Chinta
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
Mukesh Chinta
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 

Recommandé

Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
Mukesh Chinta
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
Mukesh Chinta
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
Mukesh Chinta
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3
Mukesh Chinta
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
Mukesh Chinta
 
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8
Mukesh Chinta
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
Mukesh Chinta
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
shraddha_b
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security Risk
Dedi Dwianto
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
Sachin Darekar
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
mtvvvv
 
The Internet of Things (IoT) and cybersecurity: A secure-by-design approach
The Internet of Things (IoT) and cybersecurity: A secure-by-design approachThe Internet of Things (IoT) and cybersecurity: A secure-by-design approach
The Internet of Things (IoT) and cybersecurity: A secure-by-design approach
Deloitte United States
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
Evolve IP
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
Nasir Bhutta
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Cisco Cyber Essentials - Instructor materials.ppt
Cisco Cyber Essentials - Instructor materials.pptCisco Cyber Essentials - Instructor materials.ppt
Cisco Cyber Essentials - Instructor materials.ppt
jdenbryston
 
CA_Module_1.pdf
CA_Module_1.pdfCA_Module_1.pdf
CA_Module_1.pdf
EhabRushdy1
 

Contenu connexe

Tendances

Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 

Tendances (20)

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security Risk
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
 
The Internet of Things (IoT) and cybersecurity: A secure-by-design approach
The Internet of Things (IoT) and cybersecurity: A secure-by-design approachThe Internet of Things (IoT) and cybersecurity: A secure-by-design approach
The Internet of Things (IoT) and cybersecurity: A secure-by-design approach
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Cia security model
Cia security modelCia security model
Cia security model
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 

Similaire à Cisco Cyber Security Essentials Chapter-1

02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
RakeshPatel583282
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 

Similaire à Cisco Cyber Security Essentials Chapter-1 (20)

Cisco Cyber Essentials - Instructor materials.ppt
Cisco Cyber Essentials - Instructor materials.pptCisco Cyber Essentials - Instructor materials.ppt
Cisco Cyber Essentials - Instructor materials.ppt
 
CA_Module_1.pdf
CA_Module_1.pdfCA_Module_1.pdf
CA_Module_1.pdf
 
CA_Module_1.pptx
CA_Module_1.pptxCA_Module_1.pptx
CA_Module_1.pptx
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
 
cyber security.pdf
cyber security.pdfcyber security.pdf
cyber security.pdf
 
Cyber security
Cyber security Cyber security
Cyber security
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
CYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfCYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdf
 
ENSA_Module_3.pptx
ENSA_Module_3.pptxENSA_Module_3.pptx
ENSA_Module_3.pptx
 
Cyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetCyber Six: Managing Security in Internet
Cyber Six: Managing Security in Internet
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of Things
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber SecurityThreat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
 

Plus de Mukesh Chinta

Plus de Mukesh Chinta (20)

CCNA-2 SRWE Mod-10 LAN Security Concepts
CCNA-2 SRWE Mod-10 LAN Security ConceptsCCNA-2 SRWE Mod-10 LAN Security Concepts
CCNA-2 SRWE Mod-10 LAN Security Concepts
 
CCNA-2 SRWE Mod-11 Switch Security Configuration
CCNA-2 SRWE Mod-11 Switch Security ConfigurationCCNA-2 SRWE Mod-11 Switch Security Configuration
CCNA-2 SRWE Mod-11 Switch Security Configuration
 
CCNA-2 SRWE Mod-12 WLAN Concepts
CCNA-2 SRWE Mod-12 WLAN ConceptsCCNA-2 SRWE Mod-12 WLAN Concepts
CCNA-2 SRWE Mod-12 WLAN Concepts
 
CCNA-2 SRWE Mod-13 WLAN Configuration
CCNA-2 SRWE Mod-13 WLAN ConfigurationCCNA-2 SRWE Mod-13 WLAN Configuration
CCNA-2 SRWE Mod-13 WLAN Configuration
 
CCNA-2 SRWE Mod-15 Static IP Routing
CCNA-2 SRWE Mod-15 Static IP RoutingCCNA-2 SRWE Mod-15 Static IP Routing
CCNA-2 SRWE Mod-15 Static IP Routing
 
CCNA-2 SRWE Mod-14 Routing Concepts
CCNA-2 SRWE Mod-14 Routing ConceptsCCNA-2 SRWE Mod-14 Routing Concepts
CCNA-2 SRWE Mod-14 Routing Concepts
 
Protecting the Organization - Cisco: Intro to Cybersecurity Chap-4
Protecting the Organization - Cisco: Intro to Cybersecurity Chap-4Protecting the Organization - Cisco: Intro to Cybersecurity Chap-4
Protecting the Organization - Cisco: Intro to Cybersecurity Chap-4
 
Protecting Your Data and Privacy- Cisco: Intro to Cybersecurity chap-3
Protecting Your Data and Privacy- Cisco: Intro to Cybersecurity chap-3Protecting Your Data and Privacy- Cisco: Intro to Cybersecurity chap-3
Protecting Your Data and Privacy- Cisco: Intro to Cybersecurity chap-3
 
Attacks, Concepts and Techniques - Cisco: Intro to Cybersecurity Chap-2
Attacks, Concepts and Techniques - Cisco: Intro to Cybersecurity Chap-2Attacks, Concepts and Techniques - Cisco: Intro to Cybersecurity Chap-2
Attacks, Concepts and Techniques - Cisco: Intro to Cybersecurity Chap-2
 
The need for Cybersecurity - Cisco Intro to Cybersec Chap-1
The need for Cybersecurity - Cisco Intro to Cybersec Chap-1The need for Cybersecurity - Cisco Intro to Cybersec Chap-1
The need for Cybersecurity - Cisco Intro to Cybersec Chap-1
 
Protocols and Reference models CCNAv7-1
Protocols and Reference models CCNAv7-1Protocols and Reference models CCNAv7-1
Protocols and Reference models CCNAv7-1
 
Basic Switch and End Device configuration CCNA7 Module 2
Basic Switch and End Device configuration CCNA7 Module 2Basic Switch and End Device configuration CCNA7 Module 2
Basic Switch and End Device configuration CCNA7 Module 2
 
Introduction to networks CCNAv7 Module-1
Introduction to networks CCNAv7 Module-1Introduction to networks CCNAv7 Module-1
Introduction to networks CCNAv7 Module-1
 
Process scheduling (CPU Scheduling)
Process scheduling (CPU Scheduling)Process scheduling (CPU Scheduling)
Process scheduling (CPU Scheduling)
 
OS - Process Concepts
OS - Process ConceptsOS - Process Concepts
OS - Process Concepts
 
Operating systems system structures
Operating systems system structuresOperating systems system structures
Operating systems system structures
 
Introduction to Operating Systems
Introduction to Operating SystemsIntroduction to Operating Systems
Introduction to Operating Systems
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Mobile IP
Mobile IPMobile IP
Mobile IP
 
Wireless communication
Wireless communicationWireless communication
Wireless communication
 

Dernier

(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
ranjana rawat
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
roncy bisnoi
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Call Girls in Nagpur High Profile
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
ranjana rawat
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Dr.Costas Sachpazis
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Dr.Costas Sachpazis
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
ranjana rawat
 

Dernier (20)

(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and Properties
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 

Cisco Cyber Security Essentials Chapter-1

  • 1.
  • 2.
  • 3.
  • 4.
  • 5. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5 Chapter 1: Cybersecurity - A World of Experts and Criminals Cybersecurity Essentials v1.1
  • 6. Presentation_ID 6© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter 1 - Sections & Objectives  1.1 The Cybersecurity World  Describe the common characteristics comprising the cybersecurity world  1.2 Cyber Criminals vs Cybersecurity Specialists  Differentiate the characteristics of cyber criminals and cybersecurity specialists  1.3 Common Threats  Compare how cybersecurity threats affect individuals, businesses, and organizations  1.4 Spreading Cybersecurity Threats  Analyze the factors that lead to the spread and growth of cybercrime  1.5 Creating More Experts  Analyze the organizations and efforts committed to expanding the cybersecurity workforce
  • 7. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7 1.1 The Cybersecurity World
  • 8. Presentation_ID 8© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.  Organizations face many threats to their information systems and data. Understanding all the basic elements to cyber security is the first step to meeting those threats.
  • 9. Presentation_ID 9© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Companies such as Google, Facebook, and LinkedIn, could be considered to be data domains in our cyber world.  Google has arguably created the world’s largest data collection infrastructure. Google developed Android, the operating system installed on over 80% of all mobile devices connected to the Internet.  Facebook is another powerful domain within the broader Internet.  LinkedIn is yet another data domain on the Internet. • Cyber domains continue to grow as science and technology evolve, enabling the experts and their employers (Google, Facebook, LinkedIn, etc.) to collect many other forms of data. • New technologies, such as Geospatial Information Systems (GIS) and the Internet of Things (IoT), have emerged, which are very useful but also result in exponentially expanding the amount of data collected, analyzed and used to understand the world. • The data collected by GIS and IoE poses a tremendous challenge for cybersecurity professionals in the future
  • 10. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10 1.2 Cybersecurity Criminals versus Cybersecurity Specialists
  • 11. Presentation_ID 11© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential This group of criminals breaks into computers or networks to gain access for various reasons.  White hat attackers break into networks or computer systems to discover weaknesses in order to improve the security of these systems.  Gray hat attackers are somewhere between white and black hat attackers. The gray hat attackers may find a vulnerability and report it to the owners of the system if that action coincides with their agenda.  Black hat attackers are unethical criminals who violate computer and network security for personal gain, or for malicious reasons, such as attacking networks.
  • 12. Presentation_ID 12© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Criminals come in many different forms. Each have their own motives: Teenagers or hobbyists mostly limited to pranks and vandalism, have little or no skill, often using existing tools or instructions found on the Internet to launch attacks. Grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards. Grey hat hackers who rally and protest against different political and social ideas. Hacktivists publicly protest against organizations or governments by posting articles, videos, leaking sensitive information, and performing distributed denial of service (DDoS) attacks. - These are black hat hackers who are either self-employed or working for large cybercrime organizations. Each year, cyber criminals are responsible for stealing billions of dollars from consumers and businesses. - Depending on a person’s perspective, these are either white hat or black hat hackers who steal government secrets, gather intelligence, and sabotage networks. Their targets are foreign governments, terrorist groups, and corporations. Most countries in the world participate to some degree in state-sponsored hacking.
  • 13. Presentation_ID 13© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
  • 14. Presentation_ID 14© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential The demand for cybersecurity specialists has grown more than the demand for other IT jobs. Technology alone cannot prevent, detect, respond and recover from cybersecurity incidents. Becoming a cybersecurity specialist is a rewarding career opportunity.  Thwarting the cyber criminals is a difficult task and there is no such thing as a “silver bullet.” However, company, government and international organizations have begun to take coordinated actions to limit or fend off cyber criminals. The coordinated actions include:
  • 15. Presentation_ID 15© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  Vulnerability Database: The Nation Common Vulnerabilities and Exposures (CVE) database is an example of the development of a national database. The CVE National Database was developed to provide a publicly available database of all know vulnerabilities.  Early Warning Systems: The Honeynet project is an example of creating Early Warning Systems. The project provides a HoneyMap which displays real-time visualization of attacks.  Share Cyber Intelligence: InfraGard is an example of wide spread sharing of cyber intelligence. The InfraGard program is a partnership between the FBI and the private sector. The participants are dedicated to sharing information and intelligence to prevent hostile cyberattacks.  ISM Standards: The ISO 27000 standards are an example of Information Security Management Standards. The standards provide a framework for implementing cybersecurity measures within an organization.  New Laws: The ISACA group track law enacted related to cyber security. These laws can address individual privacy to protection of intellectual property. Examples of these laws include: Cybersecurity Act, Federal Exchange Data Breach Notification Act and the Data Accountability and Trust Act.
  • 16. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16 1.3 Common Threats
  • 17. Presentation_ID 17© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  Threats and vulnerabilities are the main concern of cybersecurity professionals. Two situations are especially critical: When a threat is the possibility that a harmful event, such as an attack, will occur. When a vulnerability makes a target susceptible to an attack.  Organizations like Google and Facebook have the resources to hire top cybersecurity talent to protect their domains.  As more organizations build large databases containing all of our personal data, the need for cybersecurity professionals increases. This leaves smaller businesses and organizations competing for the remaining pool of cybersecurity professionals.  Cyber threats are particularly dangerous to certain industries and the records they must maintain.
  • 18. Presentation_ID 18© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1. Personal Information 2. Employment and Financial Records 3. Educational Records 4. Medical Records The following examples are just a few sources of data that can come from established organizations:
  • 19. Presentation_ID 19© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Network services like DNS, HTTP and Online Databases are prime targets for cyber criminals.  Criminals use packet-sniffing tools to capture data streams over a network. Packet sniffers work by monitoring and recording all information coming across a network.  Criminals can also use rogue devices, such as unsecured Wi-Fi access points.  With DNS spoofing (or DNS cache poisoning), the criminal introduces false data into a DNS resolver’s cache, redirecting traffic for a specific domain to the criminal’s computer, instead of the legitimate owner of the domain.  Packet forgery (or packet injection) interferes with an established network communication by constructing packets to appear as if they are part of a communication. ⁂ Packet forgery enables the criminal to hijack an authorized connection or deny an individual’s ability to use certain network services. Cyber professionals call this a man-in-the-middle attack.
  • 20. Presentation_ID 20© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Key industry sectors offer networking infrastructure systems such as: Manufacturing  Industry Controls  Automation  SCADA Energy Production and Distribution  Electrical Distribution and Smart Grid  Oil and Gas Communication  Phone  Email  Messaging Transportation systems  Air Travel  Rail
  • 21. Presentation_ID 21© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cybersecurity is the ongoing effort to protect networked systems and data from unauthorized access. • On a personal level, everyone needs to safeguard his or her identity, data, and computing devices. • At the corporate level, it is the employees’ responsibility to protect the organization’s reputation, data, and customers. • At the state level, national security and the citizens’ safety and well-being are at stake • Cybersecurity professionals are often involved in working with government agencies in identifying and collecting data. • The efforts to protect people’s way of life often conflicts with their right to privacy
  • 22. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22 1.4 Spreading Cybersecurity Threats
  • 23. Presentation_ID 23© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Attacks can originate from within an organization or from outside of the organization, as shown in the figure. An internal user, such as an employee or contract partner, can accidently or intentionally:  Mishandle confidential data  Threaten the operations of internal servers or network infrastructure devices  Facilitate outside attacks by connecting infected USB media into the corporate computer system  Accidentally invite malware onto the network through malicious email or websites • Internal threats have the potential to cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices. • External attacks exploit weaknesses or vulnerabilities to gain access to internal resources.
  • 24. Presentation_ID 24© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential The Vulnerabilities of Mobile Devices - In the past, employees typically used company-issued computers connected to a corporate LAN. • Today, mobile devices such as iPhones, smartphones, tablets, and thousands of other devices, are becoming powerful substitutes for, or additions to, the traditional PC. • More and more people are using these devices to access enterprise information. Bring Your Own Device (BYOD) is a growing trend. • The inability to centrally manage and update mobile devices poses a growing threat to organizations that allow employee mobile devices on their networks. Emergence Internet-of-Things - The Internet of Things (IoT) is the collection of technologies that enable the connection of various devices to the Internet. • IoT technologies enable people to connect billions of devices to the Internet. These devices include appliances, locks, motors, and entertainment devices, to name just a few. • This technology affects the amount of data that needs protection. Users access these devices remotely, which increases the number of networks requiring protection. • With the emergence of IoT, there is much more data to be managed and secured. All of these connections, plus the expanded storage capacity and storage services offered through the Cloud and virtualization, has led to the exponential growth of data.
  • 25. Presentation_ID 25© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential The Impact of Big Data- Big data is the result of data sets that are large and complex, making traditional data processing applications inadequate. Big data poses both challenges and opportunities based on three dimensions: • The volume or amount of data • The velocity or speed of data • The variety or range of data types and sources
  • 26. Presentation_ID 26© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  Software vulnerabilities today rely on programming mistakes, protocol vulnerabilities, or system misconfigurations. The cyber criminal merely has to exploit one of these  An advanced persistent threat (APT) is a continuous computer hack that occurs under the radar against a specific object. Criminals usually choose an APT for business or political motives.  Algorithmic attacks can disable a computer by forcing it to use memory or by overworking its central processing unit. Algorithmic attacks are more devious because they exploit designs used to improve energy savings, decrease system failures, and improve efficiencies.  Finally, the new generation of attacks involves intelligent selection of victims. Many of the more sophisticated attacks will only launch if the attacker can match the object signature targeted.
  • 27. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27 1.5 Creating More Experts
  • 28. Presentation_ID 28© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Addressing the Shortage of Cybersecurity Specialist In the U.S., the National Institute of Standards and Technologies (NIST) created a framework for companies and organizations in need of cybersecurity professionals. The framework enables companies to identify the major types of responsibilities, job titles, and workforce skills needed. The Seven Categories of Cybersecurity Work The Workforce Framework categorizes cybersecurity work into seven categories. 1. Operate and Maintain includes providing the support, administration, and maintenance required to ensure IT system performance and security 2. Protect and Defend includes the identification, analysis, and mitigation of threats to internal systems and networks 3. Investigate includes the investigation of cyber events and/or cyber crimes involving IT resources 4. Collect and Operate includes specialized denial and deception operations and the collection of cybersecurity information
  • 29. Presentation_ID 29© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5. Analyze includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence 6. Oversight and Development provides for leadership, management, and direction to conduct cybersecurity work effectively 7. Securely Provision includes conceptualizing, designing, and building secure IT systems
  • 30. Presentation_ID 30© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Professional Organizations  Cybersecurity specialists must collaborate with professional colleagues frequently. International technology organizations often sponsor workshops and conferences. Visit each site with your class and explore the resources available.
  • 31. Presentation_ID 31© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Industry Certifications In a world of cybersecurity threats, there is a great need for skilled and knowledgeable information security professionals. The IT industry established standards for cybersecurity specialists to obtain professional certifications that provide proof of skills, and knowledge level.  CompTIA Security+ - Security+ is a CompTIA-sponsored testing program that certifies the competency of IT administrators in information assurance.  EC-Council Certified Ethical Hacker (CEH) – CEH is an intermediate- level certification asserts that cybersecurity specialists holding this credential possess the skills and knowledge for various hacking practices.  SANS GIAC Security Essentials (GSEC) - The GSEC certification is a good choice for an entry-level credential for cybersecurity specialists who can demonstrate that they understand security terminology and concepts and have the skills and expertise required for “hands-on” security roles. The SANS GIAC program offers a number of additional certifications in the fields of security administration, forensics, and auditing.
  • 32. Presentation_ID 32© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  (ISC)^2 Certified Information Systems Security Professional (CISSP) - The CISSP certification is a vendor-neutral certification for those cybersecurity specialists with a great deal of technical and managerial experience. It is also formally approved by the U.S. Department of Defense (DoD) and is a globally recognized industry certification in the security field.  ISACA Certified Information Security Manager (CISM) – Cybersecurity specialists responsible for managing, developing and overseeing information security systems at the enterprise level or for those developing best security practices can qualify for CISM.  Cisco Certified Network Associate Security (CCNA Security) - The CCNA Security certification validates that a cybersecurity specialist has the knowledge and skills required to secure Cisco networks.
  • 33. Presentation_ID 33© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cybersecurity specialists must be able to respond to threats as soon as they occur. This means that the working hours can be somewhat unconventional. Cybersecurity specialists also analyze policy, trends, and intelligence to understand how cyber criminals think. Many times, this may involve a large amount of detective work. Here is good advice for becoming a cybersecurity specialist: : Learn the basics by completing courses in IT. Be a life-long learner. Cybersecurity is an ever-changing field, and cybersecurity specialists must keep up. : Industry and company sponsored certifications from organizations such as Microsoft and Cisco prove that one possesses the knowledge needed to seek employment as a cybersecurity specialist. : Seeking out a security internship as a student can lead to opportunities down the road. : Join computer security organizations, attend meetings and conferences, and join forums and blogs to gain knowledge from the experts. How to Become a Cybersecurity Specialist