Part I: Foundational Concepts in Cybersecurity

Briefly discuss these foundational concepts briefly in your own words. Support by your discussions
analysis and examples if possible.

1. Definition and Importance of Cyber Security

What is cyber security?

Importance of cyber security

Cyber security vs. Information security

2. Cyber Security Objectives

The CIA triad

Authenticity

Authorisation

Accounting

Non-repudiation

3. The 5 Pillars of Cyber Security (identify, protect, detect, respond, recover)

Identify

Protect

Detect

Respond

Recover

4. Cyber Attacks and Security Services

Categories of hackers: Black hat, grey hat, white hat

Types of threats: Malware, Phishing, Man-in-the-Middle, etc.

Threat actors: Hackers, nation-states, insiders, etc.

5. Impacts of Cyber Attacks

Economic impact

Operational impact

Reputational impact

Psychological and social implications

Legal and regulatory impact

Intellectual property theft

Part II: Activity

Target data breach

The 2013 Target breach was one of the most alerting tones for organisations around the world
involved in the retail industry. The company was the victim of cyber-attack through the billing portal
of vendors and suppliers. Target’s failure was both in technical and administrative controls that
resulted in the devastating cyber incident which compromised personal details of millions. The
breach has been analysed by several reports and scholarly papers, providing an in depth and
comprehensive review is the Sans White Paper report by Radichel (2021) Case study: Critical controls
that could have prevented Target breach

What is the timeline of the events in the breach?

What sequence of events took place?

Which CIA objectives were violated for each asset?

What are the impacts?

Your answer

Turned in

1. cybersecurity is the combination of people,policies,processes and technologies employed by an

enterprise to protect its cyber assets.

Cybersecurity importance:

Protection of sensitive data, individual privacy, prevention of Cyber attacks, safeguarding Critical
Infrastructure and maintaining trust and reputation.

Cybersecurity is the ability to protect or defend the use of cyberspace from cyber attcks but
Information security is protecting the information from unauthorized access,use,modification or
destruction.

2. Cyber Security Objectives

The CIA triad

Confidentiality: This means ensuring that information is only accessible to those who are authorized
to access it. It involves protecting data from unauthorized access and keeping it private.

Integrity: This principle focuses on maintaining the accuracy and trustworthiness of data. It involves
safeguarding data from being altered or tampered with by unauthorized individuals or malicious
software.
Availability: This principle ensures that information and systems are available and accessible to
authorized users when needed. It involves preventing disruptions or denial of service that could
make data or systems unavailable.

Authenticity: This concept ensures that the identity of a user or the origin of data can be verified and
confirmed. It involves confirming that something is what it claims to be. For instance, when we log in
with a username and password, the system checks if we are who we claim to be.

Authorization: Authorization refers to the process of determining what actions or activities a user is
permitted to perform within a system or on a network. Once a user has been authenticated,
authorization specifies the level of access or permissions granted to that user.

Accounting: Accounting in the context of information security involves tracking and monitoring the
actions of users. It includes logging user activities, keeping records of system and network events,
and maintaining audit trails. This helps in understanding who did what, when, and how within a
system.

Non-repudiation: This principle ensures that a user cannot deny the validity of their actions or the
authenticity of transmitted data. It prevents a sender from later denying that they sent a particular
message and prevents the recipient from denying that they received it.

3. The 5 Pillars of Cyber Security (identify, protect, detect, respond, recover)

Identify: This pillar involves understanding and recognizing potential cybersecurity risks. It includes
identifying what needs to be protected, assessing the current security posture, and recognizing any
vulnerabilities or threats within an organization's systems or networks.

Protect: Protecting systems and data involves implementing measures to safeguard against potential
threats. It includes putting up barriers and defenses to shield against unauthorized access, breaches,
or damage. This can involve using firewalls, encryption, access controls, and other security
measures.

Detect: Detection involves continuously monitoring systems and networks to identify any potential
cybersecurity incidents or breaches. This could involve using tools that detect anomalies or patterns
that might indicate a security threat. The goal is to identify and respond to security incidents as
quickly as possible.
Respond: When a cybersecurity incident is detected, the response pillar involves taking action to
address and mitigate the threat. It's about having a plan in place to respond effectively and
efficiently to any breaches or incidents that occur. This might include isolating affected systems,
containing the threat, and implementing a response plan.

Recover: This pillar involves strategies and plans for recovery after a cybersecurity incident. It
includes restoring systems to normal operation, learning from the incident, and implementing
improvements to prevent similar incidents in the future. It's about returning to a secure and
functional state after an attack or breach.

4. Cyber Attacks and Security Services

Categories of hackers:

Black hat hackers are the "bad guys" who break laws and cause harm.

White hat hackers are the "good guys" who work to improve security.

Grey hat hackers fall in a middle ground, often acting without permission but not always with
malicious intent.

Types of threats:

Malware is harmful software that can damage systems

Phishing tricks people into revealing sensitive information

Man-in-the-Middle attack involves intercepting communications between two parties without their
knowledge.

Threat actors:

Hackers are individuals using their skills for unauthorized access.

Nation-states are government entities engaging in cyber attacks.

Insiders are individuals within an organization misusing their access for malicious purposes.

5. Impacts of Cyber Attacks

Economic Impact: Cyber attacks can result in significant financial losses. They can disrupt business
operations, leading to revenue loss, increased spending on recovery and mitigation.
Operational Impact: Attacks can disrupt an organization's regular operations, leading to downtime,
loss of productivity, and interruption of services.

Reputational Impact: A cyber attack can damage an organization's reputation, eroding trust among
customers, partners, and stakeholders. This loss of trust might lead to a decline in business, loss of
customers, and long-term damage to the brand.

Psychological and Social Implications: Cyber attacks can create fear and anxiety among individuals,
particularly if personal information is compromised. There might be a loss of confidence in digital
systems, affecting how people interact online and impacting social behavior.

Legal and Regulatory Impact: Cyber attacks can lead to legal implications. Organizations might face
lawsuits, regulatory fines, or penalties for failing to protect sensitive information.

Intellectual Property Theft: Cyber attacks often target intellectual property. Theft of intellectual
property can have long-term consequences, such as loss of competitive advantage, innovation, or
trade secrets.

Part II: Activity

Target data breach

Timeline of Events:

Initial Entry: The breach began when cybercriminals gained access to Target's network through a
third-party HVAC vendor, Fazio Mechanical Services. The attackers reportedly stole the vendor's
credentials to enter Target's systems.

Installation of Malware: The attackers installed malware on Target's point-of-sale (POS) systems,
designed to capture customers' credit and debit card information.

Data Collection: Over a period of several weeks, the malicious software collected data from the
magnetic stripes of credit and debit cards used at Target stores.

Exfiltration of Data: Stolen data, including card numbers, expiration dates, CVVs, and other personal
information, was extracted from Target's network and transferred to servers controlled by the
attackers.

Discovery and Response: Target became aware of the breach after being notified by the Department
of Justice and the Secret Service. They took measures to contain the attack and informed the public
about the breach.

CIA Objectives Violated for Each Asset:

Confidentiality: The attackers violated confidentiality by gaining unauthorized access to sensitive

customer data, including credit card information and personal details. This breach compromised the
confidentiality of the stored data.

Integrity: The integrity of the data was compromised as the attackers manipulated the POS systems,
injecting malware that collected and altered the data as it was being processed.
Availability: Although the direct impact on availability was not a primary focus of the attack, the
breach led to a loss of trust and confidence in Target's systems, potentially affecting the availability
of services as customers might have avoided shopping at Target due to security concerns.

Impacts of the Breach:

Financial Losses: Target incurred substantial financial losses due to the breach, including costs
associated with investigating and mitigating the attack, legal fees, compensation to affected
individuals, and the decline in sales and stock prices.

Reputational Damage: The breach severely damaged Target's reputation. The loss of customer trust
and confidence resulted in a significant impact on its brand and long-term customer loyalty.

Legal Consequences: Target faced numerous lawsuits, regulatory fines, and settlements with
affected customers and financial institutions due to the compromise of personal data.

Operational Disruption: The breach caused significant operational disruption as the company had to
invest in security improvements, revamp its infrastructure, and implement new security protocols to
prevent future breaches.

1. Standards: Think of standards as established criteria or rules that define a level

of quality, consistency, or compatibility for products, services, or practices. They
provide a benchmark or a set of agreed-upon principles that ensure something is
done consistently and meets certain expectations. For example, in technology,
there are standards for internet protocols, coding languages, etc.

2. Guidelines: Guidelines are recommendations or suggested best practices. They

offer advice or suggested paths to follow but often allow for flexibility or
alternative approaches. They're not strict rules but serve as a reference for
achieving a particular goal. For instance, style guidelines for writing or design
guidelines for creating a website.

3. Practices: Practices are the actual methods, processes, or routines that are
commonly followed in a particular field or industry. They are the day-to-day
activities or methodologies that are recognized as effective or efficient. For
example, best practices in project management, healthcare, or teaching.

4. Frameworks: Frameworks are structured outlines or models that provide a

foundation or structure for addressing a problem, building something, or
organizing a system. They often offer a set of tools, libraries, or methodologies to
achieve a goal. Frameworks provide a scaffold to work within, like software
development frameworks (e.g., React for web development, or Scrum for project
management).
Identify Function:

 ID.AM: Asset Management

 ID.BE: Business Environment

 ID.BE-1: Mission and Objectives

 ID.BE-2: Governance

 ID.BE-3: Risk Assessment

 ID.GV: Governance

 ID.GV-1: Risk Assessment

 ID.RA: Risk Assessment

 ID.RA-1: Asset Management

 ID.RM: Risk Management Strategy

 ID.RM-1: Risk Management Strategy

Protect Function:

 PR.AC: Access Control

 PR.AC-1: Identity Management and Access Control

 PR.AT: Awareness and Training

 PR.AT-1: Awareness and Training

 PR.DS: Data Security

 PR.DS-1: Data Protection

 PR.IP: Information Protection Processes and Procedures

 PR.IP-1: Governance

Detect Function:

 DE.AE: Anomalies and Events

 DE.AE-1: Anomalies and Events

 DE.CM: Security Continuous Monitoring

 DE.CM-1: Security Continuous Monitoring

 DE.DP: Detection Processes

 DE.DP-1: Detection Processes

 DE.ED: Event Detection

 DE.ED-1: Event Detection

 DE.TS: Detection Tools and Systems

 DE.TS-1: Detection Tools and Systems