CyberSecurity Fundamentals

CIA Triad: Availability

- Guranteeing reliable access to data for authorized users -Tools and Technniques: Redundancy, Failover Systems, DDoS protection

Risk Managemet

- involves the policies procedures and technology used by an organization to control threats to protect assets -process of identifying, analyzing and mitigating potential threats to IT systems and data -Goal protect organizational assets, ensure data integrity, and maintain availability while maximizing business value

Quantitative risk Assessment

-A risk assessment approach that involves numerical, measurable, and often statistical data Key features -Based on numerical data -uses objective metrics -allows for precise comparisons and calculations

Hash Functions Properties

-Deterministic: The same input will always produce the same output -Fixed Output Length: The length of the output is fixed regardless of the input's length Efficiency: Computation of the hash value is fast and efficient Pre-image Resistance: Given a hash value, it should be computationally infeasible to find the original input value Collision Resistance: It should be computationally infeasible to find two different inputs that produce the same output hash Second pre-image resistance: Given an input, in should be computationally infeasible to find a different input with the same hash output Avalanche Effect: A small change to the input should produce such a drastic change in output that the new hash appears uncorrelated with the old hash

Technical controls examples

-Encryption -Firewalls -Intrusion Detection Systems(IDS) and Intrusion Prevention System (IPS) -Multi-factor Authentication (MFA) -Security Patches and updates -Access controls (username, passwords, etc) -Log management systems -Antivirus software

CIA Triad: Integrity

-Ensuring data is accurate and unchanged from its original state -Tools and Techniques: Hashing, Digital signatures, Checksums

Asymmetric Keys (public and private keys)

-In assymetric key Cryptography, two keys are used: a public key and a private key -The public key is used for encrypton, and the private key must be kept secret. -Examples of asymmetric key algorithms include RSA (Rivest-Shamir-Adleman) and EC (Elliptic Curve Cryptography)

Symmetric key

-In symmetric-key cryptography, the same key is used for both encryption and decryption -Both the sender and the receiver must have the key, and they must keep it secret from everyone else. Ex of symmetric key algorithms include AES (Advanced encryption standard) and DES (Data Encryption standard)

Payment Card Industry Data Security Standards (PCI DSS)

-Original members of the PCI Security Standards Council -American Express, Discover Financial Services,Mastercard, Visa -Standards for processing credit card transactions -country Club Rules (all of the original members that came together set up the rules

Social Engineering Life Cycle: Extract

-Phase where the attacker gets the desired information or action from the target Methods: Manipulation, pressure, invoking authority or urgency Examples: Getting the target to click a link, divulge a password, transfer money Goal: Fulfill the objective of the attack

Social Engineering Life Cycle:Research

-Phase where the attackers gathers as much information as possible about the target Methods: Online research, dumpster diving, eavesdropping, etc Goal: Understand the target, find vulnerabilities and plan the attack

CIA Triad: Confidentiality

-Preventing unauthorized disclosure of data - Tools and techniques: Encryption, access Controls, Two-Factor Authentication

Operational Controls: Examples

-Security awareness training sessions -configuration management -backup and recovery procedures -Malware scanning and eradication -Physical security (like security guards, access controls for restricted areas) -media handling and disposal(secure destruction of paper records) -Incident handling procedures

NIST vs ISO

-Select a Framework and Controls that are consistent with the Security Team's capability and organization's maturity -Simpler Security Frameworks make greater sense for smaller less experienced security teams - Security frameworks like the NIST CST and control catalogs are easier and faster to implement - Larger teams at a higher level of capbility maturity potentially have the caacity and abilitiy to adopt more detailed security and control frameworks including ISO27001 andISO 27002

Symmetric Cryptography Usage

-Symmetric key cryptography is often used in conjunction with asymmetric cryptography. For example in secure communications, asymmetric cryptography may be used to exchange a symmetric key securely, which is then used to encrypt the actual data transmission -Symmetric key cryptography plays a crucial role in securing communications and data, especially in scenarios where performance and efficiency are critical.

Social Engineering Life Cycle: Hook

-The engagement Phase where the attacker makes the first contact with the target Techniques: Phishing emails, pretext phone calls, baiting with incentives Goal: Get the target's attention and intiate interaction -Build and foster the relationship/impersonation -Scare target/consequences/intimidation -Motivate/give target a reason to act

Choosing Hash Functions

-When selecting a hash function for cryptographic purposes, it's crucial to choose one that has been vetted for collision resistance, such as those in the SHA-2 or SHA-3 families -Understand the Birthday Paradox and Birthday attack to understand the probability of collisions and security implications

Hash Functions

A hash function is a mathematical function that takes an input or message and returns a fixed-size string of bytes. The output, typically a digest, is unique to each unique input

Risk Register

A list of risks associated with a system or an entire infrastructure, a part of risk management.

Qualitivative Risk Assessment

A risk assessment approach that involves subjective judmgent based on non-numerical information Key features -Based on descriptions, categorizations, and expert opinions -Typically uses scales like "low-Medium-High" -involves more subjective interpretation

Asymmetric Cryptography Advantages and Disadvantages

Advantages -Security: It's extremely difficult to derive the private key from the public key, which enhances security -Non-repudiation: The creation of digital signatures ensures the origin and integrity of messages, providing non-repudiation -Key distribution: public keys can be freely shared, eliminating the key distribution problem associated with symmetric cryptography Disadvantages -Performance: Asymmetric cryptography is computationally intensive and significantly slower than symmetric cryptography. It's often impractical for encrypting large amounts of data key Management: Users need to manage their key pairs securely, and public keys need to be distributed in a trustworthy manner

Symmetric Cryptography Advantages and disadvantages

Advantages: -Efficiency: Symmetric key cryptography is generally faster and less computationally intensive than asymmetric cryptography. This makes it suitable for encrypting large amounts of data or for use in environments with limited computational resources -Simplicity: The use of a single key simplifies the process compared to schemes that require multiple keys. Disadvantages: Key Distribution Problem: Securely distributing and managing the secret key among parties is a significant challenge. If the key is intercepted during exchange, the security of the communication is compromised Scalability: In a network of n users, if each pair of users requires a unique secret key, the total number of keys required is n(n-1)/2, This makes symmetric key cryptography less scalable for a large number of users Lack of Authentication: Symmetric Key cryptography alone does not provide authentication or non-repudiation

Management Controls

Also sometimes referred to as Administrative Controls -purpose --These are the strategies, policies, procedures, and guidelines an organization establishes for overall direction and oversight of cybersecurity -They dictate the how-to at a high level and ensure that procedures and policies are in place to manage the security of the organization

Unsecured Apis

Application programming interfaces unsecured on network or internet

Risk management: Risk analysis

Assessing the potential impact and probability of identified risk

The Birthday Paradox

Based on probability with 23 people 50% chance 2 will have same birthday in the context of hash functions, the birthday paradox is used to explain the probability of collision occurances -A collision in a hash function occurs when two different inputs produce the same hash output -The paradox heps to understand that collisions are more likely than one might expect

Asymmetric Cryptography basic principle

Basic Principle:term-81 - Encryption: A message can be encrypted with the recipient's public key. Only the corresponding private key can decrypt this message -Decryption: the recipient users their private key to decrypt the message Key Pair: - Public key: This key is shared openly and can be distributed to anyone. It is used to encrypt messages intended for the key owner to verify signatures -Private Key: This key is kept secret is never shared. It is used to decrypt messages or to create digital signatures

Countering the Insider Threat

Challengers: Insiders have legitimate access, making malicious activities harder to detect -Can exploit trust and bypass standard defenses -Knowledge of internal systems and practices Mitigation Strategies: -Regular audits of user activity. -Strong access control (principle of least privilege) -Employee training and awareness programs -Anomaly detection systems

Guarding against DoS/DDoS attacks

Challenges: -Volume and intensity of attacks -Variety of attack vectors (eg volumetrc, protocol, application layer attacks -ever-evolving tactics Defense Strategies -Employ DDoS protection services -implement traffic filtering and rate limiting -Redundant infrastructure and scalability -Monitor, detect, and respond to unusual traffic patterns swiftley

Risk management: Risk monitoring

Continuous observation of the risk environment. Adjusting strategies based on changes in the landscape or organization's risk appetitie

Social Engineering

Defense Against Social Engineering: -Training and awareness Cultivate a skeptical and informated workforce -Technical measures: Anti-phishing tools, secure communication channels, multi-factor authentication -Verification protocols: Always double-check before sharing sensitive information -Reporting: encourage employees to report suspicious interactions -Cultural shift Creating a culture of security mindfulness

Asymmetric Cryptography

Definition: Asymmetric cryptography, also known as public key cryptography, is a cryptographic system that uses a pair of keys: a public key and a private key. These keys are mathematically related but it is computationally infeasible to derive one from the other

DevSecOps Security

Definition: Ensures the confidentiality, integrity, and availability of applications and data - Role: Continuous security training, vulnerability assessments, and security awareness among developers

DevSecOps Development

Definition: Focusing on software development, including writing code, testing, and deploying applications DevSecOps role: implementing code-level security measures, such as secure coding practices and regular code reviews

Cyber Organized Crime

Definition: Groups that coordinate and conduct illegal activities in the digital space for financial gain. Characterstics: Highly structured, specialized roles, long-term goals Activities: Cyber extortion, money laundering, fraud, trafficking, and more Examples: Cybercrime rings involved in global ransomware attacks

DevSecOps Operations

Definition: Manages IT infrastructure, including deployment, maintenance, and monitoring Role: Automated deployments, infrastructure as code, and real-time monitoring for security incidents

Symmetric Cryptography

Definition: Symmetric key cryptography, also known as secret key cryptography, is a type of cryptography in which the same key is used for both encryption and decryption processes

Social Engineering

Definition: The pyschological manipulation of individuals to divulge confidential information or perform certain actions Highlights -Humans can often be the weakest link in security -Even the best technical defenses can be bypassed through human manipulation

The Insider Threat

Definition: Threats posed by individuals who have insider information concerning an organization's security practices, data, and computer system Types of insiders: current or former employees, contractors, business partners motivation: Financial gain, revenge, ideology, coercion, negligence ex: data leakage, intentional system sabotage, theft of intellectual property

Risk management: Risk treatment/response

Determining appropriate strategies: Avoidance, Mitigation, transfer, or acceptance. Implementing controls or changes to address risks.

Symmetric Cryptography Basic principles

Encryption: The plaintext(original data) is converted into ciphertext(encrypted data) using a cryptographic algorithm ad a secret key Decryption: The ciphertext is converted back into plaintext using the same cryptographic algorithm and the same secret key Key Sharing -both the sender and the receiver must have access to the secret key, and this key must be exchanges securely between the before communication begins

FERPA

Family Educational Rights and Privacy Act Protects the privacy of student educational records Health records maintained by an educational instution related to a student

Vulnerabilities

Faults or weakness that can be exploited -Interanl control flaws, system procedure flaws, information systems flaws two categories -Technical vulnerabilities ---Flaws in hardware/software -Human vulnerabilities --Employee errors, policy and procedures

Use Cases Quantative Risk Assessment

Financial Risk: Calculating potential financial losses using historical data Infrastructure Risk: Evaluating the probability of system failure based on pervious failure rates Market Risk: Forecasting potential market fluctuations based on statistical analysis

Framework and Standards

Framework: a set of principles that set guidelines Standard: an agreed level of requirements that contain specific requirements and metrics why follow: Assist in managing and reducing overall risks - allow organization to prioritize security planning and budgeting -assists with compliance and audit requirements -typically contain best practices and universally applicable

FERPA and HIPAA difference

HIPAA protects patient health information in healthcare settings FERPA covers medical/health records at educational institutions When a student health records fall under FERPA, they are excluded from HIPAA's Privacy Rule.

Hash Function Operations

Hashing:The process of applying the hash function to input data. Hash Value or Digest: The output of the hash function Hash Vertification: Comparing a computed hash value against a known hash value to check data integrity Security concerns -The security of a hash function is paramount, especially in cryptographic and security applications. Weaknesses in hash functions can lead to vulnerabilities such as collision attacks where two different inputs produce the same hash outpt

HIPAA

Health Insurance Portability and Accountabilty act of 1996 -protects the privacy and security of individuals' health information -cybersecurity is important for HIPAA --Rising cyber threats in healthcare --Personal Health information PHI is valuable on the black market --Ensures trust between patients and healthcare providers protects PHI protected Health information -HIPAA covers doctorsm clinics, dentists, health insurance companies, HMOS and more

Risk management: Cycle

Identify -> Analyze - > Prioritize -> treat/respond -> monitor -> identify

NIST Five functions

Identify Function: assists in developing an organizational understanding of managing cybersecurity risk to systems, people, assets, data, and capabilities Protection function:Supports the ability to limit or contain the impact of potential cybersecurity events and outline safeguards for delivery of critical services Detect Function: defines the appropriate activities to identify the occurrence of a cbersecurity event in a timely manner Respond Function: Includes appropriate activities to take action regarding a detected cybersecurity incident to minimize impact Recover Function: The Recover Function identifies appropriate activities to maintain plans for resilience and to restore services impaired during cybersecurity incidents

Nation State Sponsored attacks

Implications -Erosion of trust in global digital systems -Potential for escalation into physical conflict -Economic and infrastructure vulnerability Countermeasures -International cooperation and cyber treaties -Robust national cyber defense capabilities -threat intelligence sharing and collective defense

Inherent Risk vs Residual Risk vs Control Risk

Inherent Risk -Amount of risk before any measures are taken Residual Risk -Amount of Risk that remains after measures/controls are implemented Control Risk -Effectiveness of measures over time

Man-in-the-Middle Attack

Intercepting Digital Conversations Definition: Unauthorized interception of communication between two systems Execution: Wi-Fi eavesdropping, session hijacking Goal: Data theft, eavesdropping, session tampering Countering MiTM -use encrypted connections(HTTPS, VPSN) -Avoid Publics Wi-Fi or Use VPN -Certificate validations

ISO

International Organization for Standardization - 27k information security standards -31k enterprise risk management 14 control domains

Mass Privacy laws and regulations

Law/Statue Chapter 93 Security breaches Regulation: 201 CMR 17.00: standards for the protection of personal information of residents of the commonwealth In short, 201 CMR 17.00 is a law that helps to protect your privacy. If you live in Massachusetts, you have the right to know what personal information businesses have about you and to have it corrected or deleted. You also have the right to give your consent before your personal information is used or disclosed for certain purposes. Laws are less extensive than california laws

CyberSecurity Controls

Managerial Controls, Operation Controls, Technical Controls

NIST

National institute of Standards and Technology -part of the department of Commerce -NIST is non regulatory Different Frameworks - Cybersecurity Framework(CSF) - Risk Management Framework(RMF) - Federal Information Processing Standards (FIPS) - Special Publication

Control Riks

Objective: Implement measures to manage amdn mitigate identified risks Approaches: -Avoidance: Not engaging in activities or processes that lead to the risk -Reduction: Implementing safeguards -Transfer: Buying insurance or outsourcing risky activities -Acceptance: Recognizing the risk and preparing contingencies

PAIN - Four pillars of CyberSecurity

Privacy - protecting information Authentication-Determining if you are who you say you are Integrity- Knowing that something (data) wasn't altered n Non-repudiation- A party can't deny they said or received a message - Can also include Authentication and Integrity

Pros and cons of Quantative Risk Assessment

Pros: -Clear metrics for comparison -Can provide a return on investment(ROI) estimation -offers probabilistic outcomes Cons: -Requires specific and accurate data -can be time-consuming -Might oversimplify complex issues

Pros and Cons of Qualitative Risk Assessment

Pros: -Useful when data is scarce or hard to quantify -Faster and more intuitive -facilitates discussion on ambiguous or emerging risks Cons: -Lacks precision -Can be influenced by biases -May not be as robust for decision-making

Operational Controls:

Purpose: These controls are mechanisms and procedures that are primarily implemented and executed by people. They often become standard operations for employees and are put in place to address operational aspects of cybersecurity Cybersecurity training

Cybersecurity Operational Groups: Security Operations Center (SOC)

Purpose: A dedicated facility where security professionals monitor, assess, and defend computer systems, networks, and data from cyber threats. Functions include incident detection, response and continuous monitoring teams - Red Team: mimics real world cyber attacks to find vulnerabilities before hackers do -blue Team: defends against both real and simulated cyber attacks, they identify and patch vulnerabilities, monitor networks, and respond to incidents -Purple Team: Collaborative effort betweenRed and Blue teams. The goal is to ensure that defenses are continuously improved by integrating the strengths of both attack Red and Defense Blue activities

CyberSecurity Operational Groups: DevSecOps

Purpose: DevSecOps promotes a collaborative mindset among the development, security, andd operations teams, ensuring that security measures are embedded in the pipeline from the very beginning Benefits of DevSecOps - Faster detection and response to security threats -reduced vulnerability exposure -Enhanced colllaboration among teams -Improved compliance and governance

Cybersecurity Operational groups: Incident Response

Purpose: Incident response teams are specialized groups that handle and respond to security incidents, ensuring timely mitigation and recovery Teams - Cyber Incident Response Team(CIRT) focuses on responded to cyber incidents, related specifically to cyber threats like hacks, malware, or phishing attacks -Computer security incident Response team(CSIRT) A dedicated service or a group of experts that respond to computer security-related incidents. Their scope may cover an entire organization or be specific to a particular entity -Computer Emergency response Team(CERT) Typically handles a broader spectrum of emergencies, including network breaches, data breaches, and catastrophic events, some CERTs operate on a national level, providing cybersecurity and incident response guidance to the public and private sectors.

Technical Controls

Purpose: These controls are the hardware and software mechanisms used to protect systems and data. They provide automated protection from unauthorized access or misuse, facilitate detection, and support security requirements via technology.

Risk management: Risk Prioritization

Ranking risks based on their potential impact and liklihood. Helps allocate resources effectively

Risk Management: Risk Identification

Recognizing potential threats and vulnerabilities

use cases-Qualitative Risk Assessment

Reputational Risk: Gauging the potential damage to reputation from a negative event Strategic Risk: Evaluating potential challenges to long-term business strategies. Emerging Risks: discussing new risks for which there is limited historical data

Social Engineering Life Cycle

Research Hook Extract Exit

Risk posture and risk appetite

Risk Posture: Overall defenses against attacks Risk Appetite: How much risk you are willing to accept

Examples of Cryptographic Hash Functions

SHA-256 (Secure hash Algorithm 256) part of the SHA-2 family widely used and provides a 256 bit long hash v alue SHA-3: The latest member of the Secure Hash Algorithm afmily, providing the same hash lengths as SHA-2 MD5(Message Digest Algorithm 5) Produces a 128 bit hash value, but is no longer considered secure against collision attacks SHA-1: Produces a 160 bit hash value, but is also no longer considered secure agaisnt collision attacks

Asymmetric Cryptography Usage

Secure Communication: Asymmetric cryptography can be used to establish a secure channel over an insecure medium (ex the internet) Often it's used to exchange a symmetric key, which is then used for the bulk of encryption of data Digital Signatures: it's used to create and verify digital signatures, ensuring the authenticity and integrity of data Public key Infrastructure (PKI) Its the foundation of PKI, which establishes trust through digital certificates and certificate authorities (CA)

Cybersecurity operational groups

Security Operations Center (SOC) - Teams(Red/Blue/Purple) Incident response -Cyber incident response team (CIRT) - Computer security incident response team (CSIRT) -Computer emergency response team (CERT) DevSecOps -Development, Security, and Operations

Management Controls: Examples

Security Policies and procedures -Risk management processes -Training and awareness programs -Personnel Security(background checks, job rotation etc.) -Incident Response Plans -Business Continuity and Disaster Recovery plans Vendor management processes -Security audits and reviews

California Consumer privacy ACT CCPA and California Privacy Rights Act (CPRA)

Strongest state privacy rights and regulations in the United States The CCPA creates six rights for consumers 1. The right to know what personal info is beinng collected 2.The right to deleted personal information collected from the consumer 3. The right to opt out of the sale of PI 4. The right to opt in to the sale of personal information 5. The right to non-discriminatory treatment 6. The right to initiate a private cause of action for data breaches CPRA adds two additonal rights 7. right to correct inaccurate personal information 8. The right to limit use and disclosure of sensitive personal information

Digital Crime Syndicate

Tactics - Advanced Persistent Threats -sophisticated malware and ransomware campaigns -multi-layered phishing and fraud schemes Impacts: -Massive financial losses globally -Compromise of critical infrastructure -Loss of public and private data Protection measures -Collaborative global cybersecurity efforts -Advanced threat detection systems -Public awareness and education

CIA TRIAD

The CIA triad represents the three fundamental objectives of information security purpose: To protect sensitive data from unauthorized access and modifications while ensuring it's available when needed.

Social Engineering Life Cycle: Exit

The conclusion phase where the attacker breaks off contact without arousing suspicion Tactics: Erasing traces, creating diversions, ensuring no immediate realization of the scam Goal: Leave without being detected or traced

Safe-harbor state

a Safe-harbor state allows for encrypted data to "walk out the door" A safe-harbor state for encrypted data is a state that has laws that protect businesses from liability if their encrypted data is breached. This means that businesses can encrypt their data with confidence, knowing that they will not be held responsible for a breach if it does occur. Massachussetts is not a safe-harbor state, California is

Multi-Factor authentication

a system that requires at least two steps to unlock protected information; each step adds a new layer of security that must be broken to gain unauthorized access

Social Engineering Red flags and awareness

common signs of social engineering attempts -Urgency or time pressure -Unusual requests or offers -Inconsistencies in details -Requests for sensitive information -Importance of always verifiying the authenticity of suspicious or unexpected communications

Dos/DDOS

definition DoS(denial of Service):Overwhelming a single target with data or requests DDoS(Distributed Denial of Service): Using multiple compromised systems to flood a target Objective: Disrupt services, cause downtime, divert attention from other attacks comon methods: Traffic flooding, exploiting vulnerabilities, resource exhaustion ex: Major website outages, online service disruptions

Nation State Sponsored attacks

definition: Cyber operations backed or conducted by national governments to achieve strategic, military, or political objectives characteristics: Highly sophisticated, persistent, and well-funded motivations: Espionage, geopolitical leverage, infrastructure sabotage, influence operations ex: Stuxnet(targeting Iranian nuclear facilities