Module 5 – Cybersecurity, as basic necessity of every learning process

[nextpage title=”Chapter 1 – Cyber Security Introduction and Overview”]

Source: https://www.pngegg.com/en/png-wjpvk

Today, we can send and receive any form of data, may be an e-mail or an audio or video file, just by the click of a button, but did we ever think how securely his data is being transmitted or sent to the other person safely without any leakage of information? Security breaches can occur when we use paper records, send information using fax machines and even verbally. However, the consequences of security breaches with digital information are potentially far more severe, as information can be distributed more easily and to a far wider audience. The answer lies in cybersecurity. Today the Internet is the fastest-growing infrastructure in everyday life.

Cybersecurity is the name for the safeguards taken to avoid or reduce any disruption from an attack on data, computers or mobile devices. Cybersecurity covers not only safeguarding confidentiality and privacy, but also the availability and integrity of data, both of which are vital for the quality and safety of care.

Cybersecurity is a constantly changing area with lots of jargon and sometimes can seem quite confusing. However, many effective and relatively simple steps can be taken to protect information and protect you and your organization. Taking some simple actions and practicing safe behaviours will reduce online threats.

Cyber-breaches are costly – in terms of expense, recovery time, and damage to reputation. That is why cybersecurity is a high priority for business and why all staff must be aware of how to implement protective measures.

Individuals should also be aware of basic cybersecurity safeguards for personal use and when participating in the management and coordination of their care and support.

By the end of this module, you will learn:

  • Understanding of cyberspace,
  • the need, and the importance of cybersecurity,
  • concepts, and fundamentals of cybersecurity.
  • the cybersecurity landscapes

Cyberspace

Cyberspace consists of various connected computer systems and integrated telecommunications systems. It has become a feature of modern society, enhancing and enabling rapid communication, distributed command and control systems, mass data storage and transfer, and a range of highly distributed systems.

All of these are now taken for granted by society and have become essential to business, our daily lives, and the delivery of services. This ubiquity of and dependency on cyberspace can be seen even in military spheres, where communications, command and control, intelligence, and precision strike elements all rely on many “cyber systems” and related communication systems.

The ubiquity of these interconnected systems has brought a measure of dependency and vulnerability to individuals, industries, and governments that are difficult to forecast, manage, mitigate, or prevent. Some nations view such vulnerable dependencies as emerging national security or national defense concern and have tasked existing elements of their security forces to respond, while other nations have created wholly new organizations charged with managing or coordinating national cybersecurity policies.

Cybersecurity has emerged as an important cross-cutting issue that requires responses from individuals, private businesses, non-government organizations, the “whole of government”, and a range of international agencies and bodies.

Importance of Cybersecurity

Part of living in the digital era is understanding that our private information is more vulnerable than ever before. News stories about ID theft and data breaches abound, with the effects being felt by millions of consumers. And while companies and institutions are constantly working to protect themselves with increasing security measures, you can play a role in this fight as well. Cybersecurity doesn’t involve just businesses and the government. Your computer, tablet, and mobile phone probably contain information that hackers and other criminals would love to have, like other people’s email addresses, names, and birthdates. Suppose, for example, a hacker had access to your contact information. He could then send an email or text message to everyone you know, using your name, encouraging them to click on a link containing malware, like “Hey There, I thought you’d love this! Click here.”

Anything that relies on the internet for communication or is connected to a computer or other smart device, can be affected by a breach of security. This includes:

  • communication systems, like email, phones, and text messages
  • transportation systems, including traffic control, car engines, airplane navigation systems
  • government databases, including Social Security numbers, licenses, tax records
  • financial systems, including bank accounts, loans, and paychecks
  • medical systems, including equipment and medical records
  • educational systems, including grades, report cards, and research information

Cybersecurity risk is increasing, driven by global connectivity and usage of cloud services, like Amazon Web Services, to store sensitive data and personal information. Widespread poor configuration of cloud services paired with increasingly sophisticated cyber criminals means the risk that your organization suffers from a successful cyber-attack or data breach is on the rise. It now seems that monthly, or sometimes even weekly, there is a segment in the news dedicated to discussing the results of a data breach at a major company or a notice that hackers have captured a local computer network and are holding it hostage in exchange for vast sums of money (also called ransomware.)

Fundamentals of Cybersecurity

The Cybersecurity on a whole is a very broad term but is based on three fundamental concepts known as “The CIA Triad“. It consists of Confidentiality, Integrity, and Availability. This model is designed to guide the organization with the policies of Cyber Security in the realm of Information security.

Confidentiality – It defines the rules that limit the access of information. Confidentiality takes on the measures to restrict sensitive information from being accessed by cyber attackers and hackers. In an organization, peoples are allowed or denied access to information according to their category by authorizing the right persons in a department. They are also given proper training about the sharing of information and securing their accounts with strong passwords. They can change the way data is handled within an organization to ensure data protection. Various ways to ensure confidentiality, like two-factor authentication, Data encryption, data classification, biometric verification, and security tokens.

Integrity: This assures that the data is consistent, accurate, and trustworthy over its period. It means that the data within the transit should not be changed, altered, deleted, or illegally being accessed. Proper measures should be taken in an organization to ensure its safety. File permissions and user access control are the measures controlling the data breach. Also, there should be tools and technologies implemented to detect any change or a breach in the data. Various Organizations uses a checksum, and even cryptographic checksum to verify the integrity of data. To cope with data loss or accidental deletion or even cyber-attacks, regular backups should be there. Cloud backups are now the most trusted solution for this.

Availability: Availability in terms of all necessary components like hardware, software, networks, devices, and security equipment should all be maintained and upgraded. This will ensure the smooth functioning and access to Data without any disruption. Also providing constant communication between the components by providing enough bandwidth. It also involves opting for extra security equipment in case of any disaster or bottlenecks. Utilities like firewalls, disaster recovery plans, proxy servers, and a proper backup solution should ensure to cope with DoS attacks. For a successful approach, it should go through multiple layers of security to ensure protection to every constituent of Cyber Security. Particularly involving computers, hardware systems, networks, software programs, and the data which are shared among them.

In an organization, to accomplish an effective Cyber Security approach, the peoples, processes, computers, networks, and technology of an organization either big or small should be equally responsible. If all components will complement each other then, it is very much possible to stand against the tough cyber threat and attacks.

The Cybersecurity Landscape

Source: https://unsplash.com/photos/JJPqavJBy_k

The landscape of cybersecurity is always changing. Attackers are constantly probing for new weaknesses and vulnerabilities to exploit in corporate networks, while organizations are being forced to take new, more open approaches to IT systems to support trends like Bring-Your-Own-Device and cloud computing

From phishing to ransomware, the cybersecurity landscape comprised attacks that grew increasingly sophisticated as the year progressed, reminding businesses that while cybersecurity tools and protection practices have grown increasingly sophisticated, so too have methods of attack.

To understand the need for Cyber Security measures and its practices, let’s have a quick look at the few popular types of threats and attacks in cyberspace.

Ransomware: Ransomware is a file encryption software program that uses a unique robust encryption algorithm to encrypt the files on the target system. The authors of the Ransomware threat generate a unique decryption key for each of its victims and save it in a remote server. Thus, users cannot access their files by any application. The ransomware authors take advantage of this and demand a considerable ransom amount from the victims to provide the decryption code or decrypt the data. But such attacks have any guarantee of recovery of data even after paying the ransom.

Botnets Attacks: Botnets were initially designed to carry out a specific task within a group. It is defined as a network or group of devices connected with the same network to execute a task. But this is now being used by bad actors and hackers that attempt to access the network and inject any malicious code or malware to disrupt its working. Some of the botnet attacks include:

  • Distributed Denial of Service (DDoS) attacks
  • Spreading spam emails
  • Stealing of confidential data

Botnets attacks are generally carried out against large-scale businesses and organizations due to its huge data access. Through this attack, hackers can control a large number of devices and compromise them for their evil motives.

Source: https://thecollegeinvestor.com/32760/prevent-identity-theft-tips/ (picture modified by author)

Social Engineering Attacks: Social engineerings are now common tactics used by cybercriminals to gather user’s sensitive information.  It may trick you by displaying attractive advertisements, prizes, huge offers and so and ask you to feed your personal and bank account details. All the information you enter there is cloned and used for financial frauds, identity frauds and so. It is worth saying about the ZEUS virus that is active since 2007 and is being used as a social engineering attack method to steal banking details of the victims. Along with financial losses, Social engineering attacks can download other destructive threats to the concerned system.

Source: https://unsplash.com/photos/iGYiBhdNTpE

Cryptocurrency Hijacking: Cryptocurrency hijacking is a new addition to this cyber world. As the digital currency and mining are becoming popular, so it is among cybercriminals. They have found their evil benefit to crypto-currency mining which involves complex computing to mine virtual currency like Bitcoin, Ethereum, Monero, Litecoin so on. Cryptocurrency investors and traders are the soft targets for this attack. Cryptocurrency hijacking was also known as “Cryptojacking”. It is a program designed to inject mining codes silently to the system. Thus, the hacker silently uses the CPU, GPU, and power resources of the attacked system to mine for the cryptocurrency. It also lessens the lifespan of the affected device.

Source: https://imgbin.com/png/wph1R90K/spear-phishing-social-engineering-png

Phishing: Phishing is a fraudulent action of sending spam emails by imitating to be from any legitimate source. Such mails have a strong subject line with attachments like an invoice, job offers, big offers from reputable shipping services, or any important mail from higher officials of the company. The phishing scam attacks are the most common cyber-attacks that aim to steal sensitive data. Like Login credentials, credit card numbers, bank account information, and so on. To avoid this, you should learn more about phishing email campaigns and their preventive measures. One can also use email filtering technologies to avoid this attack. Along with these, 2019 will seek the potential in biometric attacks, AI (Artificial intelligence) attacks, and IoT (Internet of Things) attacks. Many companies and organizations are witnessing large-scale cyber-attacks and there is no stop for them. Despite the constant security analysis and updates, the rise of cyber-threat is consistent. Thus, it is worth educating yourself with the basics of cybersecurity and its implementations.

In summary, as more and more sophisticated cyber threats come along, the best approach is constant vigilance. Never assume you will not be the victim of a big data breach or major hack – your company will always need to have managed threat management and intelligence in place as well as detection and response systems and services.

[nextpage title=”Chapter 2 – Types of Security Threats and Attacks”]

Source: Author designed/modified image

A cybersecurity firm, called Cybersecurity Ventures, predicted that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades. Everyone needs to be aware of it and be prepared to face this with adequate cybersecurity measures.

The extent of vulnerability can be grossly related to the attack surface that the world is likely to be exposed to. And, this is much bigger than one usually thinks. It ranges from internet transactions to social media, devices, cloud, wearables to name just a few. Many times, hackers know more about your digital attack surface than you do. Impersonating domains, subdomains, landing pages, websites, mobile apps, and social media profiles are all used, many times in combination, to trick consumers and employees into giving up credentials and other personal information or installing malware. Mobile also provides an attack surface in many cases. Contrary to a general perception that there are a small number of mobile app stores; there are many secondary and affiliate stores primarily serving the Android market which provide an opportunity for malicious actors.

The more data there is in cyberspace, the greater the risk for businesses and bigger the opportunity for hackers. It stands to reason the more data growth, the more attacks. Plus, as organizations continue to integrate systems and applications, cyber-attacks will become far wider-reaching. Moving forward, we will see more cyber-attacks impacting the entire business. Using the organization’s connectedness against it, hackers can take down a website, revoke access to key documents, systems, and applications, and even cut lines of communication.

As costs come down, IoT adoption will rise next year, especially in the corporate environment. These connected devices are becoming less “nice to haves” and more expected in business. With more devices connected to the internet via 5G, the more opportunity cyber attackers will have to compromise systems and networks. And while we’ve seen an increase in IoT-enabled office spaces, we haven’t necessarily seen the same rise in security around them.

By the end of this module, you will learn:

  • Common security threats
  • The evolving security threats,
  • Increasing cost/variety of emerging security threats.

Common security threats

The landscape of cybersecurity is always changing. Attackers are constantly probing for new weaknesses and vulnerabilities to exploit in corporate networks, while organizations are being forced to take new, more open approaches to IT systems to support trends like Bring-Your-Own-Device and cloud computing. In addition to the few popular security threats that we covered in chapter 1, here are a few more common cybersecurity threats for reference. It should be noted that as cybersecurity is evolving, new threats will keep emerging and old threats losing their relevance. It is a dynamic area and one should keep updated on development in this area.

CYBERSECURITY THREATS DETAILS
Malware Software that performs a malicious task on a target device or network, e.g. corrupting data or taking over a system.
Spear Phishing A more sophisticated form of phishing where the attacker learns about the victim and impersonates someone he or she knows and trusts.
“Man in the Middle” (MitM) attack Where an attacker establishes a position between the sender and recipient of electronic messages and intercepts them, perhaps changing them in transit. The sender and recipient believe they are communicating directly with one another. A MitM attack might be used in the military to confuse an enemy.
Trojans Named after the Trojan Horse of ancient Greek history, the Trojan is a type of malware that enters a target system looking like one thing, e.g. a standard piece of software, but then lets out the malicious code once inside the host system.
Brute force attack Comprises of repeated attempts to gain access to protected information (e.g. passwords, encryption, etc.) until the correct key is found, and information can thus be reached
Distributed Denial of Service Attack (DDoS) Where an attacker takes over many (perhaps thousands) of devices and uses them to invoke the functions of a target system, e.g. a website, causing it to crash from an overload of demand.
Attacks on IoT Devices IoT devices like industrial sensors are vulnerable to multiple types of cyber threats. These include hackers taking over the device to make it part of a DDoS attack and unauthorized access to data being collected by the device. Given their numbers, geographic distribution, and frequently out-of-date operating systems, IoT devices are a prime target for malicious actors.
Data Breaches A data breach is a theft of data by a malicious actor. Motives for data breaches include crime (i.e. identity theft), a desire to embarrass an institution (e.g. Edward Snowden or the DNC hack), and espionage.
Malware on Mobile Apps Mobile devices are vulnerable to malware attacks just like other computing hardware. Attackers may embed malware in app downloads, mobile websites, or phishing emails and text messages. Once compromised, a mobile device can give the malicious actor access to personal information, location data, financial accounts, and more.
Water Holing Setting up a fake website or compromising a legitimate one to exploit the visiting users
Cross-Site Scripting is an attack method that often involves the hacker sending an internet link to their target. This link will take you to a vulnerable website with malicious code on it and, as a result, exploit your computer.

The Evolving Cyber Security Threats

As cyber attackers become more sophisticated, organizations and cybersecurity experts become better at dealing with threats. And as cybersecurity evolves, so too does the ingenuity of the cyber-criminal. It’s not quite chicken-and-egg, but rather an ongoing cycle of improvement on both sides.

That’s not to say that the cyber attackers are winning; it just means in the current threat landscape businesses and individuals need to do all they can to mitigate the risk to their operations and customers, whether that’s from running the latest antivirus software to having to deal with ransomware, DDoS, or a data breach. Especially when it comes to the fallout of these attacks.

In an ever-changing digital landscape, it is vital to keep pace with the trends in cyber threats. Cyberattacks are changing primarily due to:

  • Evolving targets: Information theft is the most expensive and fastest-rising consequence of cybercrime. But data is not the only target. Core systems, such as industrial controls, are being hacked in a dangerous trend to disrupt and destroy.
  • Evolving impact: While data remains a target, theft is not always the outcome. A new wave of cyberattacks sees data no longer simply being copied but being destroyed—or even changed in an attempt to breed distrust. Attacking data integrity—or preventing data toxicity—is the next frontier.
  • Evolving techniques: Cybercriminals are adapting their attack methods. They are targeting the human layer—the weakest link in cyber defense—through increased ransomware and phishing and social engineering attacks as a path to entry. An interesting development is when nation-states and their associated attack groups use these types of techniques to attack commercial businesses. Attempts are being made to categorize attacks from these sources as ‘acts of war’ in an attempt to limit cybersecurity insurance settlements.

As per some experts in this area, some of the predictions for the near future are highlighted below to make aware of such possibilities and to prepare themselves for extra vigilance they should have with their digital presence.

5G Technology will make the existing IoT related vulnerabilities even worse, new vulnerabilities will emerge from the new infrastructure required to support 5G — and malicious actors will exploit these vulnerabilities via IoT devices.

Biometrics will be used more frequently to authenticate users creating additional risk (attack surface) for the users. With passwords becoming less secure and some end-users failing to embrace multi-factor authentication, biometrics will become more commonplace.

Targeting mobile banking apps to steal credentials and funds is already on the rise, and this trend is expected to continue in the near- and medium-term future, as more people turn to the ease of mobile banking.

AI (Artificial Intelligence) has been used to impersonate individuals by realistically mimicking their voice, which is useful when requesting the transfer of funds. This year, hackers will continue to use AI advancements to scan networks for vulnerabilities, automate phishing attacks, and conduct large-scale social engineering attacks to propagate the spread of “fake news,” among other things.

Ready-to-use hacking toolkits, capable of exploiting vulnerabilities or stealing data and credentials has never been easier, making the barrier to entry as low as ever. Naturally, the increased volume of hackers with the means to attack will increase the likelihood of attacks.

Increasing Cost/Impacts of the (Emerging) Cyber Security Threats

By better understanding the impact associated with cybercrime, one can understand the seriousness and pervasiveness of such crimes.  The total annual cost of all types of cyberattacks is increasing. Malware and Web-based attacks continue to be the most expensive as per a report by Accenture. The cost of ransomware (21 percent) and malicious insider (15 percent) attack types have grown the fastest over the previous years.

SOURCE: NINTH ANNUAL COST OF CYBERCRIME STUDY – BY ACCENTURE

The rapid growth of information loss over the last three years is a worrying trend. New regulations, such as GDPR and CCPA, aim to hold organizations and their executives more accountable for the protection of information assets and in terms of using customer data responsibly. Future incidents of information loss (theft) could add significantly to the financial impact of these attacks as regulators start to impose fines. The cost of business disruption—including diminished employee productivity and business process failures that happen after a cyberattack—continues to rise at a steady rate. Business disruption continues to grow steadily and is the second-largest consequence of cybercrime. Resources should be targeted on denial-of-service attacks, malicious insiders, and malware attacks to reduce this cost.

Attention should also be given to the rate of growth in each type of attack. The financial consequences of ransomware have increased by 21 percent in the last year alone. Although one of the smaller costs of cybercrime overall, organizations should not overlook this fast-growing threat.

Global ransomware damage costs were predicted to exceed $5 billion in 2017, up more than 15X from 2015. Ransomware damages are now predicted to cost the world $11.5 billion in 2019, and $20 billion in 2021.

Here are a few more statistics (from Cybersecurity Ventures1). There were nearly 4 billion Internet users in 2018 (nearly half of the world’s population of 7.7 billion), up from 2 billion in 2015. Cybersecurity Ventures predicts that there will be 6 billion Internet users by 2022 (75 percent of the projected world population of 8 billion) — and more than 7.5 billion Internet users by 2030 (90 percent of the projected world population of 8.5 billion, 6 years of age and older).

[nextpage title=”Chapter 3 – Cyber Security Architecture and Components”]

Source: https://www.freepik.com/free-vector/cyber-security-concept_4520117.htm#page=1&query=background%20security&position=18

About 30 years ago, cybersecurity had an enviable task, given the small number of devices they had to protect (their job was simple). Today, the use of digital technologies in the work environment is increasing sharply due to the need for enterprises to become more adaptable and agile. It creates a surging number of cyber-attackers who can use to gain access to information/data. Traditional security isn’t enough as threats are becoming more complex. As the global cyber battlefield has dramatically evolved, it is good to get a high-level idea of the cybersecurity architecture.

Security now affects everyone and is no longer solely the concern of the IT department. Security increases interaction between departments to identify what needs to be protected, thus reducing the impact of any unexpected future attack. Cybersecurity stretches its reach out to the edge where data is a moving cyber target – data generated by IoT held on mobile devices, or the data that is generated, stored, accessed in the cloud.

Cybersecurity architecture (a.k.a. cybersecurity architecture, network security architecture, or cyber architecture for short) specifies the organizational structure, functional behaviour, standards, and policies of a computer network that includes both network and security features.

The primary goals of a bona fide cybersecurity architecture are to ensure that all cyber-attack surfaces are minimized, hidden, and dynamic, all sensitive/confidential/classified data is strongly encrypted at rest and all cyber-attacks are aggressively detected, mitigated, and countered. Moving-Target Defenses with aggressive counter-measures are strongly encouraged.

While this course does not aim to provide technical details of the architecture, yet, by the end of this module, you will learn:

  • Secure architecture (data, application, endpoint, network and perimeter security).
  • Product/solution perspective (Identity and Access Management, Network Security, Endpoint Security, Messaging Security, Web Security, Security, and Vulnerability Management),
  • Security technology (Firewalls, VPN, Wireless, Intrusion Detection and Prevention, Other Security Tools (Cryptography)).

The Secure (Cybersecurity) Architecture

Cybersecurity establishments need an adaptive security architecture. It’s a valuable framework to help enterprises classify all potential and existing security investments to determine where they’re deficient and make sure there’s a balanced approach to cybersecurity. Just a competent military commander needs to fully understand different kinds of terrain and the weak points of his forces to effectively defend her troops and territory, a savvy cybersecurity architect needs to thoroughly understand different network topologies and cyber-attack surface vulnerabilities to effectively defend her crown jewel sensitive data and critical applications.

Source: Author designed Image

 

It is logical to understand security architecture beginning from the outermost layer.

Perimeter Security: The set of physical & technical security and programmatic policies that provide levels of protection against remote malicious activity; used to and protect the back-end systems from unauthorized access. When properly configured, the perimeter defense security model can prevent, delay, absorb and/or detect attacks, thus reducing the risk to critical back-end systems.

Network Security: The layer that partitions the broader network of assets and connections into enclaves; an enclave is a distinctly bounded area enclosed within a larger unit. Enclaves incorporate their individual access controls and protection mechanisms. Network Security layer when properly used can prevent damages to travel from one enclave to others and also sets policies of accesses specific to the enclaves.

Endpoint Security: Security protection mechanisms and controls that reside directly on an endpoint device (final devices such as computers, laptops, mobile devices, tablets, etc.) interfacing with any network or system.

Application Security: Security protection mechanisms and controls that are embedded within the applications residing on the network, enclaves, and Endpoint devices. Examples of such applications could be – MS Office, ERP application, Mobile Apps, etc.

Data Security: The layer of security that protects data in the Enterprise regardless of the data’s state, that is, whether it is in motion, at rest or in use.

Prevention: This is achieved by Policies, procedures, training, threat modelling, risk assessment, penetration testing and all other inclusive sustainment activities to posture a secure position.

Operations: Constant observation of the Enterprise with a keen eye, coupled with the right tools and processes, to recognize incidents & events, and respond accordingly in a timely manner.

Product/solution perspective

Cyber Security is a concern for all, and hence it is logical to believe that there must be some solution or effort to create a solution to partially/completely solve this problem. The solution is likely to come from solution providers which mostly, are commercial enterprises. There isn’t a “one-size-fits-all” solution to cybersecurity. However, in general, solutions should include both sophisticated technology and more “human” components such as employee/user training and prioritization in the company boardroom. The outline of such a solution category is discussed in this section.

Identity and Access Management: Identity and access management (IAM) in are about defining and managing the roles and access privileges of individual network users and the circumstances in which users are granted (or denied) those privileges. Those users might be customers (customer identity management) or employees (employee identity management). IAM systems provide administrators with the tools and technologies to change a user’s role, track user activities, create reports on those activities, and enforce policies on an ongoing basis.

Network Security: This is the practice of preventing and protecting against unauthorized intrusion into the networks. Network security is implemented by the tasks and tools one uses to prevent unauthorized people or programs from accessing your networks and the devices connected to them. Your computer can’t be hacked if hackers can’t get to it over the network. At a high level, this consists of protection, detection, and reaction to the threats.

Endpoint Security: Endpoint security refers to a methodology of protecting the network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connection to the network creates a potential entry point for security threats. It is designed to secure each endpoint on the network created by these devices. Endpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the network.

Messaging Security: Messaging security is focused on securing and protecting an organization’s communication channels (email software, messaging apps and social network IM platforms). This extra layer of security can help secure devices and block a wider range of viruses or malware attacks. Messaging security helps to ensure the confidentiality and authenticity of an organization’s communication methods.

Web Security

Websites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cybercrime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised. That’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it.

Security and Vulnerability Management

Vulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network. It is the “cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating” software vulnerabilities.

Security Technologies

While this is beyond the scope of this document to get into technical details of the key security technology; a high-level view of key cybersecurity technology is presented as below for reference.

Technology Category Category 2 Details
Hardware Content management Content management Content management hardware includes on-premise appliances for web and messaging security.
  Data security Data classification and data loss prevention DLP suites can detect sensitive data in motion (transiting a network), in use (being viewed or accessed via an end-user device), and at rest (e.g., data stored on endpoints, servers, and media).
  Network security Firewall Firewall products are created to filter network traffic through filtering, stateful inspection, and/or proxy. Some firewalls may include virtual private networking along with other security features.
  Intrusion detection and prevention IDP products will compare current activity with a list of known signatures to represent threats and utilize protocol analysis, anomaly, behavioral, or heuristics to discover unauthorized network activity.
  Unified threat management Product usually can perform network firewalling, network intrusion detection and prevention, and gateway antivirus.
  Virtual private network Virtual private network products allow an organization to extend the secure connectivity of its network to remote offices and users, using encryption and authentication technologies.
Software Data security Data classification and data loss prevention DLP suites can detect sensitive data in motion in use (being viewed or accessed via an end-user device), and at rest (e.g., data stored on endpoints, servers, and removable media).
  Endpoint security software Endpoint security software Access and information protection, Antimalware, Proactive endpoint risk management (PERM), Server security.
  Identity and digital trust Identity and digital trust Authentication, Legacy authentication, Privileged access, Provisioning, Single sign-on
  Messaging security Messaging security Messaging security includes antispam, antimalware, and content filtering and is deployed on all security platforms.
  Network security software Network security software Network security software protects corporate networks and network-embedded resources from the disruption caused by external threats.
  Security analytics, intelligence, response, Security analytics, intelligence, response Device/SW vulnerability assessment (VA), Forensics and incident investigation, Policy and compliance, Security device systems management (SDSM), Security information and event management (SIEM),
  Web content inspection Web content inspection Web security software protects against both inbound (malware) and outbound (data leakage) threats.

[nextpage title=”Chapter 4 – Cyber Security Threat Prevention and Best Practices”]

Source:  https://unsplash.com/photos/uh5TTKr5e_w

 

 

The threat landscape is ever-changing! With the change in motivations behind the attacks from an individual system disruption, service disruption, network disruptions, state-sponsored, underground economy, and the recent ransom extraction, everyone is now forced to review their security measures against their IT systems or infrastructure. Gone are the days where the attacker had to put in reasonable efforts, to do reverse engineering to develop an exploit, after a patch is released for a known vulnerability. With the availability of the tools and exploits online, the attackers now need to put in much lesser efforts to improve or construct new exploitations tools for their needs. In order to counter these attacks effectively, one needs to do a thorough review of their security posture.

Cybersecurity threat prevention and incident management are handled a bit differently for the two-broad categories – steps taken by organizations and, steps taken by individuals. While the scope of this document is primarily around individuals, a quick view of the activities used by an organization can help build a complete perspective.

Organizations usually achieve the objective by certain popular measures – risk management (of their IT system), building incident management and response capabilities, periodic review of cybersecurity metrics, deployment of effective detection and prevention tools, continuous patch management, and, very importantly, training their human resources and raising and maintaining high awareness among human resources.

Individuals take simple measures such as installing antivirus, installing a firewall, using authentic software/applications, being cautious of any email attachments, regular backing up of files, etc. Individual measures will be discussed in more detail in this document.

By the end of this module, you will learn:

  • Overview of Threat Prevention and Threat Incident Management practices
  • Suggested popular Best Practices to protect an individual from cybersecurity threats
  • Overview of select futuristic trends in cybersecurity threats.

 

Overview of Threat Prevention and Threat Incident Management practices

Key Popular Practices by Organizations – Organizations’ best practices for defense from cyber defense include basic but extremely important countermeasures. Some of the key practices are:

Risk Management – Minimizing the adverse impact and the need for a strong base in decision-making are the main reasons organizations implement Risk Management on the IT systems. Changes to IT resources may likely introduce vulnerabilities and change the overall risk status. Effective Risk Management helps identify what are the more critical or sensitive resources so that, more stringent security controls can be applied or more efforts are required to protect. Integrating Risk Management into the System Development Life Cycle, help address security at all the stages in the Life Cycle and would yield effective results.

Incident Management – An effective Risk Management Program includes effective Incident Management and Response capabilities. A risk, not prevented by the Risk Management Controls establishes an incident. The organizations must have a strong Incident Response Team, with clearly defined Roles &Responsibilities and, Incident Management Plans to manage such incidents with an intent to stop it from leading to disaster. Incident Management is more often crisis management and hence, the policies and procedures should be clear and to be able to follow easily. The procedures should be periodically reviewed and tested for more effectiveness.

Periodic Review – The organizations should continuously monitor the Security Metrics and review their effectiveness, periodically. This helps know the effectiveness of the implemented security controls, realign the existing or implement additional controls to manage the Information Security.

Detection/Prevention Tools – Most organizations would have Intrusion Detection or Intrusion Prevention or both systems in place to detect and protect the network from malicious attacks or breaches. Apart from detecting threats or attacks, the IDS can also be used to identify problems with an organization’s security policy, document existing threats, and use the information to update awareness programs to stop users from violating the organization’s Information Security Policies. Fine-tuning these tools regularly to maximize the accuracy in recognizing real threats while minimizing the number of false positives would help detect and defend new & zero-day attacks effectively.

Patch Management – The organizations should revisit their patch management process and extend this to the complete IT systems. The increased attacks on the IoT devices can be addressed by including the Firmware updates in the Organization’s Patch Management process.

Training & Awareness – People are the greatest risk to any organization. Their actions by mistake, accident, lack of knowledge and maybe occasionally with malicious intent lead to incidents. Providing periodical training on operational knowledge and Awareness campaigns on the information security concepts will help them contribute to the Information Security Management. Include awareness on Handling email attachments, Phishing, Vishing, Click-jack, Social Engineering, etc., in the training sessions. Test the effectiveness of the awareness training, periodically.

 

 

For individuals, the best practices are simple.

The good news is that in most cases, some pretty big security organizations stand between the consumer and the hacker, e.g. the SecOps team at Verizon or AT&T. There are still preventative measures you should take to help ensure your information’s safety and these are discussed in detailed in the next section of this document

Suggested popular Best Practices

Popular Safety Measures

Password: To prevent unauthorized users from connecting wirelessly to our router, stealing our Internet connection and even accessing other computers in our local network, these are usually protected with a password. Without it, access cannot be possible. However, these passwords are often weak and easy to hack. If we check our router, we will surely find one of these 3: admin/admin; admin/password; admin/. Once they have accessed our router, hackers the password has total freedom to change the Wi-Fi password and prevent us from accessing any device we use. To avoid this, we must change the default access password of the Wi-Fi network supplied by our Internet provider. These passwords are configured with an algorithm that is available to anyone. So, by simply reading a tutorial on the Internet we might be able to misuse that information ourselves. Therefore, we must assign a password that complies with all security measures:

  • Contain lowercase, uppercase, numbers, and letters.
  • Do not use birth dates, pet names, favourite foods, and other easily guessable data.

Encryption: We must be careful with what we publish on our social networks. They store large amounts of information about the activities we do, the places we visit, the people with whom we interact, our hobbies, the food we like, etc. All this information can be used by an attacker to know our profile or plan and launch custom attacks such as the phishing that we mentioned in the first part of this guide. Besides, the information collected can be used even for kidnappings or extortions.

How to know which application is safe? In mobile technology, most messaging services such as WhatsApp, for example, offer an encryption system in all our conversations. This means only we and the person with whom we communicate can read the messages, preventing access to third parties. In fact, and even if the cybercriminal could get all the shared information, they would only see codes that could not be deciphered.

When surfing the Internet, it is recommended to do it on those websites where HTTPS is placed in the address bar, which also gives the user extra encryption. When the URL of a website starts with https: //, your computer is connected to a page that is speaking to you in a coded, invader-proof and more secure language. And we must navigate in these types of websites specially when we make online purchases, as long as they are linked to recognized electronic payment gateways like Visa, Mastercard, Paypal, among others.

Firewalls: An additional tool to protect against Internet threats is the use of a firewall. It is simply a security tool that controls which applications have access to the Internet and which connections are allowed to access our computer. Firewalls are usually programmed to automatically recognize threats, which means they are usually easy to use and do not interfere with the way we use the computer.

VPN Virtual Private Network: Another very good measure is to use a VPN (Virtual Private Network), which is a network technology that allows us to create a local network (LAN) even if we are browsing remotely and we need to pass the information through a public network. A VPN creates a kind of tunnel and prevents anyone from catching and using that information. Thereby, we make sure everything that comes out of our devices is encrypted until the receiver of the message gets that information. This can prevent man-in-the-middle attacks, a type of threat in which the cybercriminal acquires the ability to divert or control communications between the two parties.

Antivirus: It is essential to keep our operating system updated and use the best antivirus to alert and protect us against possible threats. It is also important to run it periodically to find and remove malware, as well as perform automatic updates. If you are debating whether to buy an antivirus license or get one for free, we must bear in mind that although most of the free software are of high quality and offer a reasonable level of security for home users, they do not always offer the same level of protection. The best option would be to consult with an expert, and if possible, choose an antivirus that has technical support to help us with the configuration.

  • The best option is not to trust innocently in the first thing that comes into our email inbox, in that link offering us a free product, in that user who wants to add us to a social network and that we do not know, etc.
  • One must think twice before doing any of those actions – if something is too good to be true, then it is very likely to be fraudulent or harmful.
  • It is always advisable to use spam filters that help block bulk emails that may contain malware.
  • One has to be careful if someone, even a friend with good intentions or a member of the family, gives us a USB or removable disk to insert it into our computers. They could have hidden malware in it without even knowing. Therefore, it is essential to scan with an antivirus every element we introduce in our devices or download from the web.
  • Also, one should get used to backing up our device periodically to minimize data loss.

Devices such as a smartphone, a tablet, a smart TV; smart appliances such as refrigerators or ovens; even thermostats, blinds, doors, and lights controlled from your phone. This is the Internet of Things or IoT. Currently, all these devices are connected through Wi-Fi, Bluetooth or infrared connections and communicate with a central control which is usually found in the same domicile or the central server of the manufacturer. The tendency shows there will be more devices than people in each house. And these devices play an increasingly important role in domestic life.

However, the IoT represents a difficult challenge for security. The sensors of all domestic devices, even the vacuum cleaner robots that have become so well-known in the last few years can store valuable information about our homes. The internationally known brand Roomba stores information about the dimensions of the houses and plans to sell it to other large technology companies.

Internet of Things devices collect data about us: they know what television programs we see, what we say inside a room, at what time we arrived home, etc.

Overview of select futuristic trends in cybersecurity threats

How serious of a problem is cybercrime? A study by Cybersecurity Ventures predicts these crimes will cost the world $6 trillion a year by 2021. Cybercrimes have become big news, with large data and security breaches at companies generating headlines, and cyber threats from foreign locales such as China and Russia threatening U.S. businesses and elections.

Deepfakes is a combination of the words “deep learning” and “fake.” Deepfakes happen when artificial intelligence technology creates fake images and sounds that appear real. A Deepfake might create a video in which a person’s words are manipulated, making it appear that a particular person said something which in reality they never did. Deepfake voice technology Technology allows people to spoof the voices of other people — often politicians, celebrities, or CEOs — using artificial intelligence.

Synthetic identities are a form of identity fraud in which scammers use a mix of real and fabricated credentials to create the illusion of a real person. For instance, a criminal might create a synthetic identity that includes a legitimate physical address.

Using artificial intelligence, hackers are able to create programs that mimic known human behaviors. These hackers can then use these programs to trick people into giving up their personal or financial information. In these attacks, known as poisoning attacks, cybercriminals can inject bad data into an AI program. This bad data can then cause the AI system to learn something it’s not supposed to.

The idea of quantum computing is still new, but at its most basic, this is a type of computing that can use certain elements of quantum mechanics. What’s important for cybersecurity is that these computers are fast and powerful. The threat is that quantum computers can decipher cryptographic codes that would take traditional computers far longer to crack — if they ever could.

As more cars and trucks are connected to the Internet, the threat of vehicle-based cyberattacks rises. The worry is that cybercriminals will be able to access vehicles to steal personal data, track the location or driving history of these vehicles, or even disable or take over safety functions.

As the world continues to adopt digital transformation, Given the rate of change, a reliable and actionable threat intelligence, becomes very important. Popular threat intelligence measures are:

Peer-based Threat Intelligence: The first, and most common, is based on a survey of security leaders or similar individuals that asks about the sorts of threats they have been experiencing. This sort of intelligence can be especially valuable if those people being interviewed operate within the same industry or live in the same geographical region.

Expert-led Threat Reports: Threat intelligence not only needs to provide a historical review of the threat landscape but also predict potential evolutionary points for malware and cybercriminal strategies. One should start with threat reports produced by professional threat research teams.

Threat Feeds and Internally Gathered Intelligence: In addition to these intelligence sources, security leaders need to subscribe to live threat feeds that provide robust and actionable information, as well as services that provide real-time updates and recommendations from the cybersecurity front lines.

Improving organization’s ability to not only properly defend itself against current threat trends, but also predict a broad number of future attacks requires threat intelligence that enables organizations to be proactive. This ability to “see the future” of threat trends allows organizations to not only more effectively defend against current attacks but prevent the next wave of attacks before they occur.

[nextpage title=”Chapter 5 – Compliance, Ethical and Professional Issues in Cybersecurity”]

Source: https://www.freepik.es/foto-gratis/cubos-madera-titulo-etica_3648617.htm#page=1&query=etica&position=3

 

Technologies are not ethically ‘neutral’, for they reflect the values that we ‘bake in’ to them with our design choices, as well as the values which guide our distribution and use of them. Technologies both reveal and shape what humans value, what we think is ‘good’ in life and worth seeking. Cybersecurity practices have as their aim the securing—that is, the keeping safe—of data, computer systems and networks (software and hardware). While those data, systems, and networks might have some economic or other value in and of themselves, what cybersecurity practices primarily protect are the integrity, functionality, and reliability of human institutions/practices that rely upon such data, systems, and networks.

No single, detailed code of cybersecurity ethics can be fitted to all contexts and practitioners; organizations and professions should, therefore, be encouraged to develop explicit internal policies, procedures, guidelines and best practices for cybersecurity ethics that are specifically adapted to their own activities and challenges.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems to force companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access (stealing intellectual property or confidential information) and control system attacks. There are numerous measures available to prevent cyberattacks.

There have been attempts to improve cybersecurity through regulation and collaborative efforts between the government and the private sector to encourage voluntary improvements to cybersecurity. Industry regulators, including banking regulators, have taken notice of the risk from cybersecurity and have either begun or planned to begin to include cybersecurity as an aspect of regulatory examinations.

By the end of this module, you will learn:

  • Overview of Cyber Security Regulations and Compliances needed globally and in the EU.
  • Overview of Ethical Issues in Cyber Security
  • Some Suggested Best Practices

Overview of Cyber Security Regulations and Compliances needed globally and in the EU

In general, compliance is defined as following rules and meeting requirements. In cybersecurity, compliance means creating a program that establishes risk-based controls to protect the integrity, confidentiality, and accessibility of information stored, processed, or transferred. However, cybersecurity compliance is not based on a stand-alone standard or regulation. Depending on the industry, different standards may overlap, which can create confusion and excess work for organizations using a checklist-based approach. For example, the healthcare industry needs to meet Health Insurance Portability and Accountability Act (HIPAA) compliance requirements, but if a provider also accepts payments through a point-of-service (POS) device, then it also needs to meet Payment Card Industry Data Security Standard (PCI DSS) requirements. And it’s not unusual for companies to have to comply with multiple regulations at once, making it even more of a struggle to stay compliant. These include, but are not limited to:

  • NIST(National Institute of Standards and Technology)
  • CIS Controls (Center for Internet Security Controls)
  • ISO (International Organization for Standardization)
  • HIPAA(Health Insurance Portability and Accountability Act) / HITECH Omnibus Rule
  • PCI-DSS (The Payment Card Industry Data Security Standard)
  • GDPR(General Data Protection Regulation)
  • CCPA(California Consumer Privacy Act)
  • AICPA (American Institute of Certified Public Accountants)
  • SOX (Sarbanes-Oxley Act)
  • COBIT(Control Objectives for Information and Related Technologies)
  • GLBA(Gramm-Leach-Bliley Act)
  • FISMA (Federal Information Security Modernization Act of 2014)
  • FedRAMP (The Federal Risk and Authorization Management Program)
  • FERPA(The Family Educational Rights and Privacy Act of 1974)
  • ITAR (International Traffic in Arms Regulations)
  • COPPA (Children’s Online Privacy Protection Rule)
  • NERC CIP Standards (NERC Critical Infrastructure Protection Standards)

Of course, it’s critically important to comply with regulatory requirements. Businesses need to follow the state, federal, and international laws and regulations that are relevant to their operations. Failure to comply will open you up to potential lawsuits and financial liability, not to mention broken trust with clients, partners and others. However, it’s expensive, complex and requires the right expertise just to stay on top of existing standards, let alone embrace new ones. The result is that companies often focus on meeting the minimum requirements instead of implementing proper cybersecurity policies, which in today’s environment where our attackers are always one step ahead of our defenses, is not a good thing.

To observe best practices, and to meet with technical and other requirements, organizations often use frameworks for cybersecurity compliance and regulatory compliance. These frameworks provide best practices and guidelines to assist in improving security, optimizing business processes, meeting regulatory requirements, and performing other tasks necessary to achieve specific business objectives such as breaking into a market niche or selling to government agencies.

Regulatory compliance regimes usually set out highly specific and often stringent requirements for organizations and industry sectors to follow, to meet established standards, and to comply with existing laws. These requirements may be numerous and complex – so frameworks designed to assist in meeting with compliance demands are a welcome addition to the resource and knowledge base of most enterprises. Some typical examples include the following:

The Act What it Regulates Company Affected
NIST

 

This framework was created to provide a customizable guide on how to manage and reduce cybersecurity-related risk by combining existing standards, guidelines, and best practices. It also helps foster communication between internal and external stakeholders by creating a common risk language between different industries. This is a voluntary framework that can be implemented by any organization that wants to reduce its overall risk.
CIS Controls

 

Protect your organization assets and data from known cyber attack vectors. Companies that are looking to strengthen security in the internet of things (IoT).
 ISO 27000 Family This family of standards provides security requirements around the maintenance of information security management systems (ISMS) through the implementation of security controls. These regulations are broad and can fit a wide range of businesses. All businesses can use this family of regulations for assessment of their cybersecurity practices.
ISO 31000 Family This set of regulations governs principles of implementation and risk management. These regulations are broad and can fit a wide range of businesses. All businesses can use this family of regulations for assessment of their cybersecurity practices.
HIPAA/ HITECH This act is a two-part bill. Title I protects the healthcare of people who are transitioning between jobs or are laid off. Title II is meant to simplify the healthcare process by shifting to electronic data. It also protects the privacy of individual patients. This was further expanded through the HITECH / Omnibus Rule. Any organization that handles healthcare data. That includes, but is not limited to, doctor’s offices, hospitals, insurance companies, business associates, and employers.
PCI-DSS

 

A set of 12 regulations designed to reduce fraud and protect customer credit card information. Companies handling credit card information.
GDPR

 

This regulates the data protection and privacy of citizens of the European Union. Any company doing business in the European Union or handling the data of a citizen of the European Union.
CCPA Privacy rights and consumer protection for the residents of California. Any business, including any for-profit entity, that does business in California and collects consumers’ personal data.
AICPA

SOC2

The security, availability, processing integrity, and privacy of systems processing user data and the confidentiality of these systems. Service organizations that process user data.
SOX

 

This act requires companies to maintain financial records for up to seven years. It was implemented to prevent another Enron scandal. U.S. public company boards, management, and public accounting firms.

 

The Act What it Regulates Company Affected
COBIT

 

This framework was developed to help organizations manage information and technology governance by linking business and IT goals. Organizations that are responsible for business processes related to technology and quality control of information. This includes, but is not limited to, areas such as audit and assurance, compliance, IT operations, governance, and security and risk management.
GLBA

 

This act allowed insurance companies, commercial banks, and investment banks to be within the same company. As for security, it mandates that companies secure the private information of clients and customers. This act defines “financial institutions” as: “…companies that offer financial products or services to individuals, like loans, financial or investment advice, or insurance.”
FISMA

 

This act recognizes information security as a matter of national security. Thus, it mandates that all federal agencies develop a method of protecting their information systems. All Federal agencies fall under the range of this bill.
FedRAMP

 

Cloud services across the Federal Government. Executive departments and agencies.
FERPA

 

Section 3.1 of the act is concerned with protecting student educational records. Any post-secondary institution including, but not limited to, academies, colleges, seminaries, technical schools, and vocational schools.
ITAR

 

Controls the sale of defense articles and defense services (providing critical military or intelligence capability). Anyone who produces or sells defense items and defense services.
COPPA

 

The online collection of personal information about children under 13 years of age. Any Person or entity under U.S. jurisdiction.
NERC CIP Standards

 

Improve the security of North America’s power system. All bulk power system owners and operators.
NIST

 

This framework was created to provide a customizable guide on how to manage and reduce cybersecurity-related risk by combining existing standards, guidelines, and best practices. It also helps foster communication between internal and external stakeholders by creating a common risk language between different industries. This is a voluntary framework that can be implemented by any organization that wants to reduce its overall risk.
CIS Controls

 

Protect your organization assets and data from known cyber attack vectors. Companies that are looking to strengthen security in the internet of things (IoT).

Overview of Ethical Issues in Cyber Security

The foundation of all security systems is formed by moral principles and practices of those people involved and the standards of the profession. That is, while people are part of the solution, they are also most the problem. Security problems with which an organization may have to deal with include responsible decision-making, confidentiality, pri­vacy, piracy, fraud & misuse, liability, copyright, trade secrets, and sabotage. This metaphorical arms race shows no signs of stopping as interconnected technologies become further ingrained in the fabric of professional life.

IT security personnel often have access to confidential data and knowledge about individuals’ and companies’ networks and systems that give them a great deal of power. That power can be abused, either deliberately or inadvertently. But there are no mandatory standards for cyberethics issues that cybersecurity professionals are obligated to follow. In fact, many IT pros don’t even realize that their jobs involve ethical issues. Yet they make decisions daily that raise ethical questions. Many of the ethical issues involve privacy. For example:

  • Should you read the private e-mail of your network users just because you can? Is it OK to read employees’ e-mail as a security measure to ensure that sensitive company information isn’t being disclosed? Is it OK to read employees’ e-mail to ensure that company rules (for instance, against personal use of the e-mail system) aren’t being violated? If you do read employees’ e-mail, should you disclose that policy to them? Before or after the fact?
  • Is it OK to monitor the Web sites visited by your network users? Should you routinely keep logs of visited sites? Is it negligent to not monitor such internet usage, to prevent the possibility of pornography in the workplace that could create a hostile work environment?
  • Is it OK to place key loggers on machines on the network to capture everything the user types? What about screen capture programs so you can see everything that’s displayed? Should users be informed that they’re being watched in this way?
  • Is it OK to read the documents and look at the graphics files that are stored on users’ computers or in their directories on the file server?

Remember it’s not about the legal questions here. A company may very well have the legal right to monitor everything an employee does with its computer equipment. It is about the ethical aspects of having the ability to do so.

A common concept in any ethics discussion is the “slippery slope.” This pertains to the ease with which a person can go from doing something that doesn’t really seem unethical, such as scanning employees’ e-mail “just for fun,” to doing increasingly unethical things, such as making little changes in their mail messages or diverting messages to the wrong recipient. The slippery slope concept can also go beyond using your IT skills. If it’s OK to read other employees’ e-mail, is it also OK to go through their desk drawers when they aren’t there? To open their briefcases or purses?

Then there are money issues. The proliferation of network attacks, hacks, viruses and other threats to their IT infrastructures have caused many companies to “be afraid, be very afraid.” As a security consultant, it may be very easy to play on that fear to convince companies to spend far more money than they really need to. Is it wrong for you to charge hundreds or even thousands of dollars per hour for your services, or is it a case of “whatever the market will bear?”

Another ethical issue involves promising more than you can deliver or manipulating data to obtain higher fees. You can install technologies and configure settings to make a client’s network more secure, but you can never make it completely secure.

Suggested popular Best Practices

No single, detailed code of cybersecurity ethics can be fitted to all contexts and practitioners; organizations and professions should, therefore, be encouraged to develop explicit internal policies, procedures, guidelines and best practices for cybersecurity ethics that are specifically adapted to their own activities and challenges. Some of the popular guidance are as suggested below:

  • Keep Cybersecurity Ethics in the Spotlight: Ethics is a pervasive aspect of cybersecurity practice. Because of the immense social power of information technology, ethical issues are virtually always in play when we strive to keep that technology and its functioning secure.
  • Consider the Human Lives and Interests Behind the Systems: In technical contexts, it’s easy to lose sight of what most of the systems we work with are: namely, ways of improving human lives and protecting human interests.
  • Establish Chains of Ethical Responsibility and Accountability: In organizational settings, the ‘problem of many hands’ is a constant challenge to responsible practice and accountability.
  • Practice Cybersecurity Disaster Planning and Crisis Response: Most people don’t want to anticipate failure or crisis; they want to focus on the positive potential of a project or system.
  • Promote Values of Transparency, Autonomy, and Trustworthiness: It is important to preserve a healthy relationship between security practitioners and the public is to understand the importance of transparency, autonomy, and trustworthiness in the relationship.
  • Make Ethical Reflection & Practice Standard, Pervasive, Iterative, and Rewarding: Ethical reflection and practice, as we have already said, is an essential and central part of professional excellence in cybersecurity.

Some of the popular best practices for ethics in the cybersecurity.

Practice Self-Reflection/Examination: This involves spending time regularly thinking about the person you want to become, in relation to the person you are today.

  • Look for Moral Exemplars: Many of us spend a great deal of our time, often more than we realize, judging the shortcomings of others.
  • Exercise Moral Imagination: It can be hard to notice our ethical obligations, or their importance because we have difficulty imagining how what we do might affect others.
  • Acknowledge Our Own Moral Strength: For the most part, living well in the ethical sense makes life easier, not harder.
  • Seek the Company of Other Moral Persons: Many have noted the importance of friendship in moral development; in the 4th century B.C. the Greek philosopher Aristotle argued that a virtuous friend can be a ‘second self,’ one who represents the very qualities of character that we value and aspire to preserve in ourselves.

[nextpage title=”Final Quiz”]

Facebook
Facebook
YouTube