CHAPTER 6: RISK AND CYBER SECURITY
What is the weakest point in a business?
- People! - (Ex.) In companies with over 1000 employees, 43% of all data losses were from employees.
Frequency Analysis
- how often or frequent various letters are used in typical correspondence. - (Ex.) the letter "E" is the most common letter used in the English language.
(C) What are the 2 methods we use to keep our messages confidential?
1. VPN 2. Encryption
Risk Mitigation
Actions you take to reduce the probability/impact that something bad will happen. (Ex.) locking your doors, wearing a seatbelt.
(QUIZ) Malware is software to protect your computer from anti-malware attacks by viruses, spying tools, ransomware, and trojan horses.
False
How do businesses protect themselves?
They protect themselves with: - Firewalls - Encryption - Authentication & Authorization - Procedures & Policies
Risk Acceptance
When you are willing to take a risk.
Risk Avoidance
When you don't want to take a risk.
Once a piece of info (text, pictures, music, videos, movies) is digitized, can it be shared with billions of people?
Yes!
Risk Transferring or Sharing
(Ex.) getting insurance on your car so in case something happens, your insurance company will cover some of the loss.
Risk
(the probability of a bad thing happening) X (the impact of its occurrence)
(A) Who ensures that availability is done?
- Availability is more often something done by the organizations with which you do business. - (Ex.) Amazon keeps all of the information about stuff you buy (price, style, size, checkout information) on special computers called servers.
What are other risks you can endure by being on the Internet?
- Computer viruses - Spying tools - Malware - Phishing - Unauthorized sharing
Unauthorized Sharing of Your Personal Information
- Ever since the Internet became available to the general public, people have had to deal with the risk of having very personal information and photos shared with people they never intended to see them. - Once something is out on the internet, it will always be out there and there is no getting it back - AVOID THE RISK!
What risks of you face by being on the Internet?
- Identity theft - Financial theft - Blackmail - Extortion - Unauthorized sharing The internet is the biggest risk.
Integrity (I)
- Keeping information free from unauthorized changes. - (Ex.) your login ID and password authenticates you to the network.
Phishing Email
- One of the biggest problems people have to deal with. - Emails sent to you wanting access to your computer by asking for you to provide your login ID and password or bank account number and pin, or by asking you to click on a bogus internet link that could infect your computer with malware. (or asking for money) - The point is to recognize a phishing email and not give your personal information.
(A) What is the importance of Servers?
- When you go on a website like Amazon, you connect with one of their servers to make your purchase. - Having it's servers available to customers is very important for Amazon. - One time, one of Amazons servers went down and they lost a lot of money.
(I) How should you make your password(s)?
- it's important to pick a hard to guess password using both upper and lower case letters, numbers, and maybe some special characters (#, %, &, !, *) - The longer the password and the more types of characters used makes your password more difficult to guess. - (but make sure it's easy for YOU to remember)
Caesar Cipher
- one of the simplest forms of encryption. - The person wanting to encrypt a message would shift the letters of the alphabet in one direction or another. - (Ex.) "shift 4 right" is known as the key and if you have the key you can figure out the cipher.
What does the "CIA" mean in the "CIA" Model?
-Confidentiality -Integrity -Availability
What are 2 things you can do to protect yourself and your information?
1. Ensuring you have a good, up-to-date antivirus program. 2. Knowing how to spot a phishing attack.
Cipher
A method or algorithm for encrypting information.
Who are potential targets for cyber-attacks?
Businesses
(QUIZ) One method of keeping information secure when sent over the internet or stored on a computer is ________.
Encryption
(QUIZ) Risk is the probability of a bad thing happening divided by the impact of its occurrence.
False
(QUIZ) When you use the Internet you run the risk of __________.
Identity theft, Financial theft, Blackmail, Extortion.
Confidentiality (C)
Keeping conversations and information on the internet private.
Availability (A)
Making your computer or website or information system available to people who need it.
Can you ever get rid of risk?
No. Everyday you make choices about risk. You can do things to make risk more acceptable, but you can NEVER get rid of it.
What is one of the first things you should do when you get a new computer?
Put an anti-malware application on it.
What Framework do professionals who work in the field of cybersecurity have?
The "CIA" model
Risk Appetite
The amount of risk you are willing to accept.
(QUIZ) Information on the Internet has an unlimited life and is rarely deleted.
True
What is one of the biggest risks you take on the Internet?
Unauthorized sharing of your personal information.
What do modern encryption methods use?
Very complex and sophisticated ciphers.
(QUIZ) Integrity means keeping information secure from unauthorized changes. You can do this by using a hard to guess password. Which of the following is the best password?
XVG$4u5i6&n
Virtual Private Network (VPN)
a tunnel through the internet that helps keep information about the sender and receiver of messages private.
Vulnerabilities
applications that run on computers that have weaknesses in them.
Anti-Malware Software
install this to fix the vulnerabilities on your computer and protect the information you store on it from malware or viruses.
Encryption
keeps messages really confidential. It transforms the original content of the message, (plaintext), into a sort of code. (ciphertext)
One of the biggest problems people have to deal with today is...
phishing emails.
Malware
term used to label computer viruses, spying tools, and other things that can take over your computer and perpetrate a crime.
The applications that run on the computers have weaknesses in them called...
vulnerabilities.