Introduction to Cybersecurity

Cybersecurity is an ongoing effort to protect individuals, organizations, and governments from digital attacks by protecting networked systems and data from unauthorized use or harm.

Personal data can be categorized as offline and online. Offline data includes real-life personal details such as full name, address, age, and family details. Online identity is how you present yourself online, including usernames and social identities. Cybercriminals can exploit this sensitive information to infringe on your privacy.

We often share our private data knowingly or unknowingly. For example, store loyalty cards may save you money but can also be used to build a profile of your purchasing behavior. With all your information available online, hackers aim for financial gain through identity theft.

Organizational data has several types:

1. 1. Traditional data: This includes transactional data related to buying and selling activities, intellectual property like patents, and financial data such as income statements.
2. 2. Internet of Things (IoT) and big data: IoT refers to a network of physical objects connected to the internet that collect and share data.

The McCumber cube is a framework created by John McCumber in 1991 to help organizations evaluate information security initiatives. It has three dimensions:

1. 1. The foundational principles for protecting an information system.
2. 2. The protection of information in each of its possible states.
3. 3. The security measures used to protect data.

1. 1. Confidentiality: Rules that prevent unauthorized disclosure of sensitive information.
2. 2. Integrity: Ensures protection from intentional or accidental modification of information.
3. 3. Availability: Authorized users can access the system when needed.

1. 1. Processing: Data being used to operate, such as updating a database record.
2. 2. Storage: Data stored in memory or permanent storage devices.
3. 3. Transmission: Data traveling between information systems.

1. 1. Awareness, training and education for users about potential threats.
2. 2. Technology solutions like firewalls for protection.
3. 3. Policies and procedures that provide a foundation for implementing information assurance.

A security breach results in unauthorized access to data, applications, or services. To protect against breaches:

• 1. Invest in cybersecurity training for staff.
• 2. Enforce two-factor authentication for sensitive data access.
• 3. Maintain log files and monitor for anomalous behavior.
• 4. Store customer passwords using salting and robust hashing algorithms.
• 5. Separate cloud resources from the public Internet into isolated networks.
• 6. Grant access only via secure VPN connections.

1. 1. 'Script kiddies' are amateur hackers using existing tools to launch attacks.
2. 2. Hackers can be classified as white, grey, or black hat based on their intentions. White hats improve security; grey hats may report vulnerabilities based on their agenda; black hats exploit vulnerabilities for gain.
3. 3. Organized hackers are sophisticated groups providing cybercrime services to others.