Understanding Cyber Security and Risks

Cyber security, also known as IT security or computer security, is crucial for safeguarding information systems from theft, damage, and disruption. With the increasing connectivity of devices through the internet, the importance of cyber security cannot be overstated. Cyber risks encompass cyber crime, cyber war, and cyber terror, each posing unique threats to individuals, organizations, and nations. Cyber criminals leverage malware such as viruses and worms to exploit vulnerabilities and access sensitive information. It is essential for businesses and governments to stay vigilant and implement robust cyber security measures to counter these evolving threats.

• Cyber Security
• Cyber Risks
• Cyber Crime
• Malware
• Information Systems

kathryn Follow

Uploaded on Aug 25, 2024 | 2 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. CYBER CRIME What is Cyber Security?

2. Introduction Cyber security also known as IT security or Computer security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.

3. Cyber Security Cyber security defined as the protection of systems, networks and data in cyberspace is a critical issue for all businesses. Cyber security will only become more important as more devices, the internet of things , become connected to the internet. While rapid technological developments have provided vast areas of new opportunity and potential sources of efficiency for organizations of all sizes, these new technologies have also brought unprecedented threats with them .

4. Introduction to cyber risks Cyber risks can be divided into three distinct areas: Cyber crime Conducted by individuals working alone, or in organized groups, intent on extracting money, data or causing disruption, Cyber war A nation state conducting sabotage and espionage against another nation in order to cause disruption or to extract data. Cyber terror An organization, working independently of a nation state, conducting terrorist activities through the medium of cyberspace.

5. Cyber risk Post office have to consider measures against cyber war or cyber terror include governments, those within the critical national infrastructure, and very high-profile institutions.. .

6. Introduction to cyber criminals Cyberspace is unregulated and cyber-crime is increasingly simple and Congruent with the rapid pace of technological change, the world of cyber crime never stops innovating either cheap to commit,

7. Types of malware Cyber criminals operate remotely, in what is called automation at a distance , using numerous means of attack available, which broadly fall under the umbrella term of malware (malicious software).. Viruses Aim: Gain access to, steal, modify and/or corrupt information and files from a targeted computer system. Technique: A small piece of software program that can replicate itself and spread from one computer to another by attaching itself to another computer file. Worms Aim: By exploiting weaknesses in operating systems, worms seek to damage networks and often deliver payloads which allow remote control of the infected computer. Technique: Worms are self-replicating and do not require a program to attach themselves to. Worms continually look for vulnerabilities and report back to the worm author when weaknesses are discovered

8. Types of malware Spyware/Adware Aim: To take control of your computer and/or to collect personal information without your knowledge. Technique: By opening attachments, clicking links or downloading infected software, spyware/adware is installed on your computer. Trojans Aim: To create a backdoor on your computer by which information can be stolen and damage caused. Technique: A software program appears to perform one function (for example, virus removal) but actually acts as something else.

9. Attack vectors There are also a number of attack vectors available to cyber criminals which allow them to infect computers with malware or to harvest stolen data:

10. Phishing An attempt to acquire users information by masquerading as a legitimate entity. Examples include spoof emails and websites. Pharming An attack to redirect a postal traffic to a different, fake website, where the individuals information is then compromised. Drive-by Opportunistic attacks against specific weaknesses within a system. Where the system is weak and venerable .

11. Attack vectors MITM Man in the middle attack where a middleman impersonates each endpoint and is thus able to manipulate both victims. Social engineering Exploiting the weakness of the individual by making them click malicious links, or by physically gaining access to a computer through deception. Pharming and phishing are examples of social engineering

12. All organizations face one of two types of cyber-attack: They will be deliberately attacked because they have a high profile and appear to have valuable data (or there is some other publicity benefit in a successful attack).postal is vanarable at this as we deal with data from both internal and external client eg banking and parcel that attract many hackers out there The attack will be opportunistic, because an automated scan detects the existence of exploitable vulnerabilities. Virtually every Internet- facing entity, unless it has been specifically tested and secured, will have exploitable vulnerabilities

13. Cyber criminals are indiscriminate. Where there is a weakness, they will try to exploit it. Therefore, postal need to understand the cyber threats they face, and safeguard against them.

14. ISO 27001 and cyber security As well as protecting your critical assets, customer details and your operating systems, effective cyber security can also help organisations win new business by providing assurances of their commitment to cyber security to their supply chain partners, stakeholders and customers

15. ISO 27001 and cyber security.cont In order to achieve real cyber security, today s organizations have to recognize that expensive software alone is not enough to protect them from cyber threats. The three fundamental domains of effective cyber security are: people, process and technology

16. What postal should put in place to safe Gard its processes Establishing internal and external risk context, scope and boundaries Identifying and assessing risks in terms of their consequences to the business and the likelihood of their occurrence Establishing communication lines with stakeholders to inform them on the likelihood and consequences of identified risks and risk status

17. What postal should put in place to safe Gard its processes Establishing priorities for risk treatment and acceptance; Establishing priorities to reduce the chance of risks occurring; Establishing risk monitoring and risk review processes; Educating stakeholders and staff about the risks to the organization and the actions being taken to mitigate them.

18. An effective cyber security posture should be proportional to the risks faced by each organization, and should be based on the results of a risk assessment

19. Access Control Measures Access security to Server Rooms Physical access to data centers and equipment rooms must be controlled using swipe cards, keypad controls or other electronic access control systems

20. MAINTENANCE POLICY System maintenance includes any activity which requires a system or systems to become unavailable to users for a period of time for the purpose of upgrading, reconfiguring, modifying, replacing or changing it General maintenance Policy Preventive Maintenance Policy Comprehensive Maintenance Policy Maintenance Policy on Software

21. PASSWORD CONTROL Systems shall enforce minimal acceptable password length and complexity passwords). Systems shall enforce a minimum of eight (8) characters in length and contain a combination of alphanumeric, Numeric and special characters Inactive accounts shall be disabled after 30 days. Applications (Domain) shall retain history and prevent old password reuse of twelve (12) passwords. requirements (strong

22. PASSWORD CONTROL Users are responsible for their system access accounts and are responsible for all the transactions and activities carried out on the PCK- ICT systems using their accounts.Eg Posta Pesa ,EFT,PBMS,IFS and all application in our platform ICT systems with connections to the public Internet should be placed behind the Network firewall in a DMZ network and assigned a NAT private IP.

23. DATABASE BACKUP POLICY Database Administrators must put in place the following guidelines on Database / Data management and backup; Recovery procedures for the restoration of data must be kept up to date. Every day a data backup is taken and retained for 14 days Records of all stored data must be kept for audit purposes. Backups should be stored at a geographically diverse location from the primary location of the data

24. THE END