this could involve clicking on a designated upload button, dragging and dropping files into a specific area, or selecting files from a file explorer window.
Supported File Types: Specify which types of documents can be uploaded to the platform. This might include common formats such as PDFs, Word documents, Excel spreadsheets, images (JPG, PNG, etc.), and others.
2. 1
1.Access Control
Access control is a security technique that regulates who or what can view or use
resources in a computing environment. It is a fundamental concept in security that
minimize risk to the business or organization.
Why is access control important?
The goal of access control is to minimize the security risk of unauthorized access to
physical and logical systems. Access control is a fundamental component of security
compliance programs that ensures security technology and access control policies are
in place to protect confidential information, such as customer data. Most organizations
have infrastructure and procedures that limit access to networks, computer systems,
applications, files and sensitive data, such as personally identifiable information and
intellectual property.
How access control works
Access controls identify an individual or entity, verify the person or application is who or
what it claims to be, and authorizes the access level and set of actions associated with
the username or IP address. Directory services and protocols, including Lightweight
Directory Access Protocol provide access controls for authenticating and authorizing
users and entities and enabling them to connect to computer resources, such as
distributed applications and web server.
Types of access control
The main models of access control are the following:
Mandatory access control (MAC). This is a security model in which access rights are
regulated by a central authority based on multiple levels of security. Often used in
government and military environments, classifications are assigned to system
resources and the operating system or security kernel. MAC grants or denies access
to resource objects based on the information security clearance of the user or
device.
3. 2
Discretionary access control (DAC). This is an access control method in which
owners or administrators of the protected system, data or resource set the policies
defining who or what is authorized to access the resource. Many of these systems
enable administrators to limit the propagation of access rights. A common criticism
of DAC systems is a lack of centralized control.
Role-based access control (RBAC). This is a widely used access control mechanism
that restricts access to computer resources based on individuals or groups with
defined business functions -- e.g., executive level, engineer level 1, etc. -- rather
than the identities of individual users. The role-based security model relies on a
complex structure of role assignments, role authorizations and role permissions
developed using role engineering to regulate employee access to
systems. RBAC systems can be used to enforce MAC and DAC frameworks.
Rule-based access control. This is a security model in which the system
administrator defines the rules that govern access to resource objects. These rules
are often based on conditions, such as time of day or location. It is not uncommon to
use some form of both rule-based access control and RBAC to enforce access
policies and procedures.
Attribute-based access control. This is a methodology that manages access rights
by evaluating a set of rules, policies and relationships using the attributes of users,
systems and environmental conditions.
Principles of Access Control
1. Least Privilege Principle: Users should only be granted the minimum level of access
necessary to perform their tasks. This principle minimizes the potential damage caused
by compromised accounts or insider threats.
2. Need-to-Know Principle: Users should only have access to information that is
necessary for their job responsibilities or tasks. This principle reduces the risk of
unauthorized disclosure of sensitive data.
4. 3
3. Role-Based Access Control (RBAC): Access rights are assigned based on roles
within an organization. Users inherit permissions associated with their roles, simplifying
administration and ensuring consistency.
4.Discretionary Access Control (DAC): Owners of resources have control over who can
access them and what actions they can perform. Permissions are set at the discretion of
resource owners.
7. **Authentication and Authorization**: Authentication verifies the identity of users,
while authorization determines what actions they are allowed to perform. Strong
authentication mechanisms and authorization policies are crucial for enforcing access
control.
Mechanisms of Access Control
1. Access Control Lists (ACLs): Lists associated with resources specifying which users
or groups have permissions to access or manipulate them.
2. Capabilities: Tokens or keys that grant specific privileges to users or processes,
allowing them to access resources or perform actions.
3. Encryption: Protects data by encoding it so that only authorized users with the
appropriate decryption keys can access it.
4. Biometric Authentication: Uses unique biological characteristics such as fingerprints
or iris patterns to verify the identity of users.
Significance in ensuring data confidentiality, integrity, and availability of Access
Control: Put simply, confidentiality is limiting data access, integrity is ensuring
your data is accurate, and availability is making sure it is accessible to those who
need it. This triad can be used as a foundation to develop strong information
security policies.
5. 4
Examples of control access systems:
1. Physical Access Control Systems (PACS):
1.Card Readers and Key Fobs: Employees use proximity cards or key fobs to
gain physical access to buildings or specific areas within a facility.
2.Biometric Systems: These systems use biometric data such as
fingerprints, retina scans, or facial recognition to verify an individual's identity before
granting physical access.
2. Logical Access Control Systems (LACS):
1.Single Sign-On (SSO): Users log in once to access multiple systems or
applications without the need to enter credentials repeatedly.
2.Role-Based Access Control (RBAC): Access permissions are based on the
user's role within an organization. Users are assigned specific roles, and
access is granted based on those roles.
1. Case Study
1: Equifax Data Breach
In 2017, Equifax, one of the largest credit reporting agencies in the United States,
suffered a massive data breach that exposed the personal information of approximately
147 million people. The breach included sensitive data such as names, Social Security
numbers, birth dates, addresses, and in some cases, driver's license numbers.
Causes:
1. Vulnerability in Apache Struts: The breach occurred due to a vulnerability in
Apache Struts, a popular open-source framework used for building web applications.
Equifax failed to patch the vulnerability promptly after it was discovered, leaving their
systems exposed to exploitation by hackers.
2. Inadequate Security Measures: Equifax was criticized for its lax security practices,
including poor password management, lack of encryption for sensitive data, and
insufficient network segmentation, which allowed attackers to move laterally within their
systems once they gained access.
Impact:
1. Loss of Trust: The breach severely damaged Equifax's reputation and eroded public
trust in the company's ability to safeguard sensitive information. Customers and
stakeholders were outraged by the mishandling of their personal data.
2. Financial Consequences: Equifax faced numerous lawsuits, regulatory fines, and
settlements, resulting in significant financial losses. The company's stock price
6. 5
plummeted in the aftermath of the breach, and its market value decreased by billions of
dollars.
3. Long-term Repercussions: The effects of the breach extended beyond the
immediate aftermath, with consumers experiencing identity theft and fraud for years to
come. Equifax also faced ongoing scrutiny and regulatory scrutiny over its data security
practices.
Lessons Learned:
1. Prioritize Patch Management: Organizations must prioritize the timely installation of
security patches to address known vulnerabilities and minimize the risk of exploitation
by attackers.
2. Enhance Security Posture: Companies should invest in robust security measures,
including encryption, access controls, network segmentation, and intrusion detection
systems, to protect sensitive data from unauthorized access.
3. Transparency and Communication: In the event of a data breach, organizations
should promptly disclose relevant information to affected parties and provide resources
for assistance, demonstrating accountability and transparency.
3. Role of AI in Cybersecurity
The role of artificial intelligence (AI) in enhancing cybersecurity measures is increasingly
vital in today's complex threat landscape. AI technologies, such as machine learning
and deep learning, are revolutionizing the way organizations detect, prevent, and
respond to cyber threats.
1. Threat Detection:
Machine Learning Algorithms: AI-powered machine learning algorithms analyze
vast amounts of data to identify patterns and anomalies indicative of malicious
activities. These algorithms can detect known threats based on historical data
and learn to recognize emerging threats by continuously adapting to new
information.
Behavioral Analysis: AI-driven behavioral analysis techniques monitor user and
network behavior to detect deviations from normal patterns. By establishing a
baseline of typical behavior, AI systems can identify suspicious activities that
may indicate a potential cyber-attack such as unusual login times, access to
sensitive files, or unauthorized network connections.
Signatureless Detection: Unlike traditional signature-based approaches that rely
on known patterns of malware, AI enables signatureless detection by identifying
7. 6
malicious behaviors and characteristics that may not be explicitly defined in
threat signatures. This allows AI systems to detect novel and previously unseen
threats more effectively.
2. Anomaly Detection:
Deep Learning Models: Deep learning, a subset of AI, utilizes neural networks
with multiple layers to automatically extract complex features from data. Deep
learning models excel at detecting subtle deviations from normal behavior that
may indicate cyber threats, such as network intrusions, data exfiltration, or
insider threats.
Unsupervised Learning: AI-powered anomaly detection techniques leverage
unsupervised learning algorithms to identify irregularities in data without the need
for labeled training data. This enables AI systems to detect unknown and zero-
day attacks by flagging unusual activities or data patterns that diverge from the
norm.
3. Risk Assessment:
Predictive Analytics: AI-driven predictive analytics assess the likelihood and
potential impact of security risks based on historical data, threat intelligence
feeds, and contextual information. By analyzing various risk factors, AI algorithms
can prioritize security alerts, vulnerabilities, and remediation efforts to mitigate
the most significant threats effectively.
Automated Risk Scoring: AI-powered risk assessment tools automate the
process of assigning risk scores to assets, applications, and users based on their
susceptibility to cyber threats. By quantifying and prioritizing risks, organizations
can allocate resources more efficiently and focus on addressing the most critical
security vulnerabilities.
4.Cybersecurity Risk Management
Cybersecurity risk management is a strategic approach to prioritizing threats.
Organizations implement cybersecurity risk management in order to ensure the most
critical threats are handled in a timely manner. This approach helps identify, analyze,
evaluate, and address threats based on the potential impact each threat poses.
The cybersecurity risk management process involves four stages:
8. 7
Identifying risk – evaluating the organization’s environment to identify current or
potential risks that could affect business operations
Assess risk – analyzing identified risks to see how likely they are to impact the
organization, and what the impact could be
Control risk – define methods, procedures, technologies, or other measures that can
help the organization mitigate the risks.
Review controls – evaluating, on an ongoing basis, how effective controls are at
mitigating risks, and adding or adjusting controls as needed.
Cyber Threats:
Adversarial threats—including third-party vendors, insider threats, trusted insiders,
established hacker collectives, privileged insiders, ad hoc groups, suppliers, corporate
espionage, and nation-states. This category also includes malicious software (malware)
created by any of these entities. Large organizations mitigate these threats by
establishing a security operations center (SOC) with trained security staff and
specialized tooling.
Natural disasters—hurricanes, floods, earthquakes, fire, and lightning can cause as
much damage as a malicious cyber attacker. A natural disaster can result in loss of
data, disruption of services, and the destruction of an organization’s physical or digital
resources. The threat of natural disaster can be minimized by distributing an
organization’s operations over multiple physical sites or using distributed cloud
resources.
System failure—when a system fails, it may cause data loss and also lead to a
disruption in business continuity. Make sure that your most critical systems are running
on high-quality equipment, have redundancy in place to ensure high availability, are
backed up, and your providers offer timely support.
Cybersecurity Frameworks:
A cyber risk management framework can help organizations effectively assess,
mitigate, and monitor risks; and define security processes and procedures to address
them.
NIST CSF
The National Institute of Standards and Technology Cybersecurity Framework
(NIST CSF) is a popular framework. The NIST CSF framework provides a
comprehensive set of best practices that standardize risk management. It defines
a map of activities and outcomes related to the core functions of cybersecurity
risk management—protect, detect, identify, respond, and recover.
9. 8
ISO 27001
The International Organization for Standardization (ISO) has created the ISO/IEC
270001 in partnership with the International Electrotechnical Commission (IEC).
The ISO/IEC 270001 cybersecurity framework offers a certifiable set of standards
defined to systematically manage risks posed by information systems.
Organizations can also use the ISO 31000 standard, which provides guidelines
for enterprise risk management.
DoD RMF
The Department of Defense (DoD) Risk Management Framework (RMF) defines
guidelines that DoD agencies use when assessing and managing cybersecurity
risks. RMF splits the cyber risk management strategy into six key steps
categorize, select, implement, assess, authorize, and monitor.
FAIR Framework
The Factor Analysis of Information Risk (FAIR) framework is defined for the
purpose of helping enterprises measure, analyze, and understand information
risks. The goal is to guide enterprises through the process of making well-
informed decisions when creating cybersecurity best practices.
5.Malware Analysis
Analysis of ransomware, a particularly devastating type of malware, and its impact on
information systems. Ransomware is a type of malware that encrypts files or locks
users out of their systems, demanding payment (usually in cryptocurrency) for the
decryption key or to restore access. It has evolved into one of the most prevalent and
financially damaging cyber threats in recent years, affecting individuals, businesses,
and even critical infrastructure.
Impact on Information Systems:
1. Data Encryption: Ransomware encrypts critical files and data stored on infected
systems, rendering them inaccessible to users. This can disrupt business operations,
compromise sensitive information, and lead to data loss if backups are unavailable or
outdated.
2. Downtime and Productivity Loss: Ransomware infections can result in significant
downtime as organizations struggle to restore systems and recover from the attack.
This downtime can disrupt business operations, disrupt services, and lead to financial
losses due to lost productivity and missed deadlines.
10. 9
3. Financial Losses: Ransomware attacks can have severe financial implications for
affected organizations, including ransom payments, remediation costs, legal fees,
regulatory fines, and reputational damage. The total cost of a ransomware attack can be
substantial, potentially running into millions of dollars for large enterprises.
Detection Techniques:
1. Signature-Based Detection: Traditional antivirus software uses signature-based
detection to identify known strains of ransomware based on predefined patterns or
signatures. However, signature-based detection may be ineffective against new or
modified variants of ransomware that have not been previously identified.
2. Behavior-Based Detection: Behavior-based detection techniques monitor system
behavior for suspicious activities associated with ransomware, such as mass file
encryption, unusual network traffic, or unauthorized access to files. Machine learning
algorithms and heuristic analysis can help identify ransomware behavior patterns.
3. Anomaly Detection: Anomaly detection methods compare current system behavior
to baseline or normal patterns to detect deviations indicative of ransomware activity.
This approach can identify ransomware attacks that evade signature-based detection by
detecting unusual file access, system changes, or network connections.
Prevention Strategies:
1. Employee Training and Awareness: Educating employees about phishing scams,
suspicious email attachments, and safe browsing practices can help prevent
ransomware infections. Employees should be trained to recognize phishing attempts
and report suspicious emails or messages promptly.
2. Patch Management: Keeping software and operating systems up-to-date with the
latest security patches and updates can help mitigate vulnerabilities exploited by
ransomware. Organizations should implement a robust patch management process to
address known security vulnerabilities promptly.
3. Endpoint Security Solutions: Deploying endpoint security solutions, such as
antivirus software, intrusion detection systems, and endpoint detection and response
(EDR) tools, can help detect and block ransomware attacks at the endpoint level. These
solutions provide real-time monitoring, threat detection, and automated response
capabilities to defend against ransomware threats.
Mitigation Measures:
1. Backup and Recovery: Regularly backing up critical data and storing backups
offline or in a secure location is essential for mitigating the impact of ransomware
attacks. In the event of an infection, organizations can restore systems and files from
backup copies without paying the ransom.
11. 10
2. Law Enforcement Cooperation: Reporting ransomware attacks to law enforcement
agencies and cybersecurity authorities can help track down cybercriminals, disrupt
ransomware operations, and prevent future attacks.
6.Advanced Persistent Threats (APTs):
Advanced Persistent Threats (APTs) are sophisticated cyber adversaries typically
associated with nation-states or well-funded criminal organizations. They employ
advanced tactics, techniques, and procedures (TTPs) to infiltrate and maintain
unauthorized access to targeted networks or systems over an extended period.
1.Stealthy Operations: APTs prioritize stealth to evade detection for as long as
possible. They often employ techniques like encryption, obfuscation, and anti-forensic
methods to conceal their activities.
2.Targeted Approach: APTs meticulously select their targets based on strategic
objectives, such as government agencies, defense contractors, critical infrastructure, or
high-profile corporations. They conduct thorough reconnaissance to gather intelligence
on their targets before launching attacks.
3.Custom Malware: APTs frequently develop custom malware tailored to their specific
targets, which helps them evade detection by traditional security solutions. These
malware variants are often sophisticated and designed to remain undetected for
extended periods.
4.Zero-Day Exploits: APTs exploit previously unknown vulnerabilities (zero-day
exploits) in software or systems to gain initial access. They may also leverage known
vulnerabilities if they provide an entry point into the target environment.
5. Persistence Mechanisms: Once inside a target network, APTs employ various
techniques to maintain persistence, ensuring continuous access even if initial entry
points are closed. This may involve establishing backdoors, creating hidden user
accounts, or manipulating legitimate system processes.
Notable APT groups and their targets:
1.Titan Rain (2003): In 2003 hackers based in China began a series of far-ranging
cyberattacks against U.S government targets with the aim of stealing sensitive state
secrets, in an operation nicknamed Titan Rain by U.S investigators. The hackers’ focus
was on military data and included APT attacks on high-end systems of organizations
such as NASA and the FBI. The level of sophistication used in the attacks led Adam
12. 11
Paler, SANS Institute research director, to state “no other organization could do this if
they were not a military”. The attacks caused some friction between the U.S and
Chinese governments. Many security analysts pointed the finger at the Chinese military
(People’s Liberation Army) as the source of the attacks.
2.Sykipot Attacks (2006): Sykipot attacks leverage vulnerabilities in Adobe Reader
and Acrobat and are part of a long-running series of cyberattack campaigns aimed
primarily at U.S and U.K organizations including defense contractors,
telecommunications companies and government departments. The attackers
consistently used targeted emails containing either a link or malicious attachment
containing zero-day exploits. This point of entry method to corporate and government
systems, known as spear-phishing, is the most commonly used tactic in APT attacks.
3.GhostNet (2009): GhostNet is the name that researchers gave to a large-scale
cyberespionage operation that was first detected in 2009. Carried out in China, the
attacks were successful in compromising computers in over 100 different countries with
a focus on infiltrating network devices associated with embassies and government
ministries. The operations were largely viewed as China’s attempts to position itself as
leaders of an emerging “information war”. These attacks were characterized by their
frightening capability to control compromised devices, turning them into listening
devices by remotely switching on their camera and audio-recording functions.
4.Stuxnet Worm (2010): Considered at the time to be one of the most sophisticated
pieces of Malware ever detected, the Stuxnet Worm was used in operations against Iran
in 2010. Its complexity indicated that only nation state actors could have been involved
in its development and deployment. A key differential with Stuxnet is that, unlike most
viruses, the worm targets systems that are traditionally not connected to the internet for
security reasons. It instead infects Windows machines via USB keys and then
propagates across the network, scanning for Siemens Step7 software on computers
13. 12
controlling a PLC (programmable logic controllers). The operations were designed to
provide the hackers with sensitive information on Iranian industrial infrastructure.
5.Deep Panda (2015): A recently discovered APT attack affecting the US Government's
Office of Personnel Management has been attributed to what’s being described as on-
going cyberwar between China and the U.S. The latest rounds of attacks have been
referred to using a variety of different codenames, with Deep Panda being among the
most common attribution. The attack on OPM in May 2015 was understood to have
compromised over 4million USpersonnel records with fear that information pertaining to
secret service staff may also have been stolen.