UNIT-I

CYBER SECURITY

Datrocton to Cylaee Sccustbyi

efers to the pactite of

|Potetng Corpatr netiork, and da ta Prom
Systems, nebirk,
nauthoized aess, yber atacks, and olher secsiby
bYeacheS.
invohes aeplnentng measres ensure be
the

and cgtal envionmen s.

Baste oncepts o Gybet Seaartty

Conheleo ialtysn
TÁe teim on fidntiaiby means
autbott Zed
|authosi estrc ans aclesS nd s cbsure,

mans os protecing pexsoral prvacy an d

Propriatany n btmatog.

mens data is
omplele, tuslaorty and has nt mhfed as
been
acidentally altesed an nauthotsed ser.
 Eaauptoa
he poess ol
models
obsnaton ordata by sing matheratial
Sciamble 1t in &ch a the
Can
who have -he to
it
Partes
acess 1t
ky
Cybersecumty managemeat

iovolves
the stietegte poning. epatons, trplermen
and moniorling bton,
an Caganí3aton
Gybeasecuiby pactes wrlbin

Avalablte
Aatabihty meanS and selabe
acess to an d use

aycs ot
Thde ale. Seven aye The
Huran layc
Pesmetes Seaaity
Weboosk
seasity
tgont Secrity
Applcadon secaiky
Data secstty
Mssion CItbcal Assels
 2

2. MisS ion ritical Assets :

hs is
the' ata which need to bo

Pro tected.
his focuses assets that
to ar ongonizatons pevators and
Cucial
Conlinutty
bustness
|2- Data
Seants pioteets the
he Data

and tiansfa of oata

bya dedioted to piotec ting the data

tesong netork, custing

Conticantaltiy ntegy. and aarabihky

to an gptation
Ht piotects acess
handles the Crdical assets ond
lhieh mision
the applitaton.
inteinal selity Sotlwate and
* his ocuses on keeping
layes
device ree thteats.

rotects the Connectton betoren

t
devices Gnd the netk
 5. Nebvok Se Cutkyi
Ht protects oani2otion 's nehia
to pievert matho Zed aess of the nehoxk.
The nedosk fs
an d laye Ciucial in maraging
Potectrg Be
Cormnioton.
pplatons an d behn
devices on your
6. peYimetr
netk.
Secikys
t nchudes both the physical. and
digtal secuarty paske
Mcthocklag's that
the oVelale Piotet
basiness.

tHunans -the wea Kest link

o

Iik any
|ybe Seaity Pastre. tumen secorty contiol includes
Phshing sim wlators Gnd actessrarmgement
Cone
that otect missan Xital assets Bom a oide
ot hman
voíehy 0f threats, inliolirg yboa ininak,
malicios nsides and negligent ustS
Vneiaihtyi
Valretabites Yefer to

Weakneses or Paws Sofhuate hat

or
an be Enploited by attackezs to Compromse
, or data.
-th ty
Seclity of a ne k, device
 Thete Various Vlneta bilities

.Soptare Vlnea bth lies

2. dcluok Valoa b:hlies

3. enan Vlneta brlries

|4 Vulna br ies
precedoml Veloera bi lrlies
licy and

helnevabitiesi
refey to Phus that make
Vlnc ta bii tes
designes and
|Sottare act or even
ioterd t
it tos
dev lapas not
pect.
2. Nelok Vulaca bilhties i
A Aetscrk Vulnea bilty a
lophole o go
nekosk hat Can treoten the notral

n cons he nehsog k.
3. unan Yalnata bt kties:
Hunan Valneo bi lhties ae creafed by User errot
hat an Cpese netos ks, hardave, and
Senstlive data malctous c
tors.
Physioal ulnoabth hes:
Physical Valneabrhtes aVe brondly Valnera bihties
that Presen Ce to enploit.
 Eronpe. locts -thot are ce ked
rot are
valoesbihy

5. Poltcy ond PIOCeoaal

wcatness haypern Ts CAn

mettads.
| operlral
for franpe
2. fassurd potecol
|2
Tianig PC edu.

Threati
qyboseanby acts perforree
threat
by individals witA hl
oita otent, whase
goal is to steal ata, cause. damge te
-to otsnyt onutig ystens.
-heats are secrity incideats
e
CitCumstantes wA rotential to have
negative Cettome fex yeur
Oher mmnagcment Systems.
Exaple
* Phishing
atfacks,
Tntexnet Govnance
* Dotesnet fovernance Ators
 foxohl Ats
Hotnfel octs in Can fom
eladiely Sinpk aitions Iike phishing nd malaia

dis to Comples Cnes bke DD,.S attacks

tibution
and douta blenckks.
* They
al ain to Commplon
ie he integibys cunflanta
and data.

otenet GoVesn ante

2tonet govesnan Ce is a multfoceted and coucial
aSput o managing the cnlinc
inve les the cdevelopment, inplementatien, and
en etcement
ot olietes , pio fo Col's , practcs
ained at sa feguadng the
nd
inlcgrtty confidenlatit
an d
avallabi liey ok nfotmation an d
ommunia
tion echnolcgis Qer) infenstrackre and
on
the
data
inbeinet.

gorinance here
are Some
Points.
Toluy
Dordrt
Ston dads nd Poto cols
2 Coor
dinato od o
laboiation
Capactty Buibhing.
 There ove multple acos Jhith
are jovolved fn
in One
Gnolher he govetnonce
Jotenel.
Tottret coqpo
taton tor Asigntd larmcs
an d
Ahmbis (CANI)
| Totnt engincaing Task Fotte CIETE)
Zotenet Teleconuniatoa nien (21u)
Jo arld Totelectuat Proprxty oiganitatoa (wr)
9
îhtenet Gorernan te forum (GF).

Computer Cininals i
yber Goioaßs, also knoon backas, cen use
Compate gtors to gain acess bsiness ttade
n feration
Secrets and asoral
posonal for naliciou
and Brplotve papaes.
ackes ohrcuet to tidents
|* are steny
On tolh irshvioal level ohe
to lheiy Varizs Sey measu res Sech
Plonies an d renyotty neticerts KKick tert hs
an
d pootect fkeiý
 ypes
hee cl:reot of
Ctinnias
1. Scdertity Thieves
D
Doteoct stalters
3. phishing siammas
4.
Cybo Tennists.
1.Tdeotby Thieves ;
Tdentty tieves are yber cininals wbo fry
to qain their Victims' pe/scnal
access to
gain
inomaton - nome, adoress , phone numbeY: pace
ch Employment, bank aceunt
, Ctedkt
Cotd in fotntion ond Soral Secutty Oumbe.
2- Datainet staltas;
otenet stalkess ate inadtvduals
ihdividals ho

maltiousy montr he online ctvity of

ther yictíms to terro rre
teno rze and/or
acguire
Pesoral infotmation

3. phísbiog Scamnas:
|Phishers are Cyber cininal; Iho atterrpt
sensrbve
get ahold ot pasonal
infoomatin hugh
vtelino's Cbmpufs.
phishing ybti- attoc k that uses Paudu

-lent enails, websiles, and teut mesSages to

Convince victims to give yP Personad
|and corpotale data.
ybet
bes tesossm is a
sell-developed, olitical
inspired ybe atack in ohiek the
Criminol attenpts too steal ata ondo
Cospoate or govenment (omputor
Colpt
yslems and nchoorts, rsutlng -te
,
hotn -o Counties, busi nesses
and even indiviclials.
Gyber tine Techntgues
Botnet
Zombie Computr
Distileded Deíal of SNicc (DDcs)
Metamohic maleate

yber SeAvthy chalenges nd tts

Constva
Tocky yba seanty he main onponent
D
tae Country's Oveall national Seuti ty
e anomie securnty
and stratgies.
Sn Droia, there ote so mony challenges
Yelated to yberSe uithy

incYease the cyber attacks,

ganíaticn nceds secntly anayet
|avdy
who mates Sure that thesr is
Se cured.
 Challegs e descsi bed Lelos

Ronsomwate cvolution

Bloche kaia Revolution

loT Theats
AL Expansion

Sovslcss pps velnerobtlity

2. Ransomusane Evoluton
malwate
Ransomre is a
Eype of
ohta on, Vic tin's rs locke
Computer
the a

an d poyment i's deranded befote the

nlocke d. Alior Suciess
data
-bnsemed
fel poye acleSs ghts sehmed to
Ronsomware the brne
the
data pro fessionals, Ts

land snecutives.
Ronsomwore attacks grouong
he acas ot day by
day ybrine.
2 Blockchaio voltion i
Blec kehaio teckrekoy
techrnclgy
is the mest rperlart
iovntin in tompadng
hizley
kove
have o geruiney native
that we
mdhun Peer-to- peer Value eyckorge
The vast gohal patar
blcckchain is a

paries to do
mcre a

iat alous tuo oY

tlonsoction do business orlhoet

trust.
estobl'shig
nteding thivd
a party

3. DoT Thieats
îcT Thuats stans fer Sotetnet of Things.
is a Syslen ot iotetrelated rhysicnl
Can be acressible though
devíces
-he inlanet
onnected physical devites have
The
unique iden tife CUD)
kave lhe abshty to tionsfes data
Cnd
netoork witkait Yeguiement et
- to Computer
the humon-to- hun hyman
inetoeton.
4 ! Expansion
A| shost on is
Axtitcial irlealiynte
ot oputes stíente
ok t
an
deation intelligent rachines
is humons.
-lhat clo wort an d tert Itee

5. Serve less AppS

|Sevetless atckiteehie and apps is

ppllcatos whieh depends thira porty

on

os
Cloud infastucte Cloud
On bhck end Seute
Such gongle funetion, Ama Zon
AS

web Seyices CAus) lambda, ete.

Consiairts o Contrements
Hccess
Cootol
rles Yesoustes
at oks crtbe
the access privilgs of

-lhat Combines
Triad is a Romeuork
he CA Principlks
threa
fo fbnotton Secriy
key
onfidentalttyy in tguy and avla bi
piovícks Sopk ard erplete
|The CA tniad
Checklist for evaluadng an gonieateat
 Moie lhon an io felrotin Secirity famaor k,
the CIA tria d heps b1gonitations ypgtade and

mainlain
era bling
statf to retlan tasts Ite dato
Coll ec din, Custond Servie an d genaal nranafmr

-Confidentiolity CoNFIDENTAUTY

C.I.A
TRIAD

AVAlLABILITY TNTEGRITY

-Aajlabl; ty
. Confrdetialtty
Sotve data
Confidentiakty hvolves pbteting
Rtorn
Piate and 'safe urathozed accesS.

2.
ntegrity
dbta
e and busincs s
business aalysts
nale Sute dala
a
actesshg acunte fnation.
3. Availabtlt ty
tefrs to the
bullebilh hy idea that he people
o
who neeg
nect actess data Can get t Ortheit
 whout atectng ts Contrent iolity or
indegrily

Assets and Thieati

|Assetsie
Assets efes to
any valuable YesouTce
witRin an proteeton
organi tion tat necds

Vaficus thieats
These assets Can cCempas a LOtde
of lems, fncluoing
dato, Systems,
netoor ks, hascuae, sottsae and even
Feople.
Lypes ol Acsets

Data
psystems and ehor ks
Dakostachare
Pecple

Tiegts ave potential dangs malicjD u

Pese Yisks to tke contidastiah
aclivities that
idegny. and aaila bihty cf fnferna tion
ystens, nefoorks qn 2
d
ata.
 These -lGteads Can Come forn Vatious
Sousces an d
Can ate many -forns.
ypes of Thtcots
|stMalaTe
yber Atec ks
oecal tngíncing
Vunebil: ties
rsidet Thoeots
nlaton state tetors
Motive of attackaS -
7Fie Categores of ybo -attoetos erale to
better understand the atacters motivatons ond
|Ke atons thy tate.
| ) Snadverlent actbions genenlly by iio idevs )
taken without maliaios hal iatent.
tt are
(to)
pelbctate actions (oy asiders o
taln intenlondy
outsides) hat ae
and ae meant to do hatn; nd

Gr) Dradisa Cgeealy by insidex), suek as

|% act in a , a
en suation cithet beiocse o
tatete
skrls ,, knowtedge , gufdkne
a lack of of
apprpriafe
availabihy
Crect
Gcllon oP
antern
pimay
 acnples include
tating Cantel ot
o tests, or actons.
olical statemenb.
2- ongnoie matia tons
include helt in telteelal Piapoty
|&arple assets Proud:
ox ola eConsially Valuoble

inostrial cspionage and sabotoge ; and blalk

-nail.
3
SoCicCulel otiatons
Exompks fhclade atbcks wih philbsopbial,
-theologtial, o
llial, and even huongytaiian
o
gaal. socio- Culol motiatons alsy che
kun,
Ctasity> Ond a desire fei
 |Cobes Atlaetec

Inadveent Derboale noclion

Toltiaa FConoroie Scio- Culusol

Active attacts
actve ctlack s a
hek a hactes attacks ond modihes
syslen ond a

the cata or the inttraton et eguitencols

to peztosn matcious o sks.er
Daing actie alocts, Gc. atlocko tatcs
active' ole. in attenyt lo
access
jain nauhoarey
lo a syslen
Examples of aete athck

Man-itte midle
LanSomware
Passive Attoti
|Passive Attock is a

attoces a and Copies Tods lie

Con lent or tee afetrtorn
 10

Sendes Peceives
8ends Receive
tMessoge

Mesnge obsavirg

Attackt
TassiVE ATACE.
ACTIVE ATTACk

Softuare atack
A
Sofluaie. atock is teless to maftcious,
activiy
epbiaton ot velara bil:lies
wWitiin solluase applaions, system ,
netoos ks to
Cormpsomise S Secatity gain
Lnathortzed aCleSs, ausG hotn to
cs tomputa Systms

9. Mallat thcks
2 Explerts a velnetobshty tacts
3
Dos Athc ks dar DDOs Attacks.
phishiag and SpeaY phis bing Atlacts.
S:
Man- in-he - Midd le Atacks,
 avalatle bt boes not modhy he ineoralon.

pasive atbcks, the atacker maofs

to
land cavesdeps te nchook ltoflta fo
gain acless
to Confdegiel oY Sesitive ata.

mpls ok pasive Attack ;

toves
ooprir

Diletendes Betueen Delve ond fassive Dtecks -

A
passive attotk does rot hain the
attbcted Systern s, as
hete as an actve atbek
dres
f# An octve atbck Can be castly ck ducted.,
Lchde as a passive allack is deuit to delet.

an actlve attc k , tie Victim is intor

, hat's not
hat he has bten attcted bt
the essive ateck.
 Hewrd JaNe attacks
HasNC a-tta cks involve enploiing vilnea bitilteg
physi cal devies eY Compooents -to Compiomise
tn
Se curihy a Sgtlem
Jhe

Mantctine Ba ckdoors
- f maluwase o oth es
Penetratne puvpOse

. The Pre sence d h idden metho dy

BocKdoov Chcabiun
Labie
audhenticahon Syslem.
mal Comput

By q aning acces to proteeled

kave sdyopping
meroy wdhout openiny othes hasdee
Causin he inlegruphiors normal
Inducine fawts,
behariof.
mo diticahon tampesing with in vavioe
HedSe
opatoy, hasdue
oY
Jatl -sroken Softe
Cou
Countea itne (Fosga) roduet ssets dhat
e

Rrodce operatod and those

to rmalicjous caLeen fo
made
Systen.
 Hend wa)c. attacks
biiteg
Hasdanc atta ckS involve enplortng vilnea
devies Compo0eots to Conpiomise
physiea
sgslem
Jhe
of

Maunutectrine Backdoors fey maluwese

Peneane pYpase

sence hidden metho dg

backoov Chuahi The Pe
notrnal Comput audhenhcckon Sem.
acces to proteced
Eavesdiopeng y 3cùning
othes hagdee
mernoy wdhout openin
dhe inlegpion norma
lnduciny fawts, causing
behair.
mo diteahon tampesing with invavise
Hesdse
ov Softe.
opaatioy, hasdeae
Coontea Peitng (Fogna) rodoet asets dhat Caa)
Cntra opezato4 and Jhose
Prodee
nalicjous cLeey fo
made to
 Spechun attackS
Shre cund dis soclaion
Anxiet hege
USe, in
Specro
Seuenl types
eg.
Compulsho
and clude a

Spechrum - dhis Cor io

obessive Cornpolse
ide raunge disee.
d isorday
Geneal development
Simplest forn dhis
aut isic Spectur) -in ik
Joins to gethe auts
ound Asnege.

PsychoSic
Spectrom o pSychosG Sqectun
The Schizophrenia spechYU dis ordes
nomeouspsychoh
there
VaioUS attuckS.
Taxonomy
termate colegot'gaon
a Sgs
AHacK takonoy tneiy chesaclee Ishey
Based
attee ks
kongets.
aY
te chnige
evoe De attek
A ttack taxonomies foundatn
Seyve a
meh
incident relpone, volnaablity mungneut.
 Secoiy a
whnos Progtane, enasling
Bettc, ondesland Ond rioritye
ganiekong to
theit Secuity de lenseg Pased o
Jne revalen9

attackK veco tus

Exomples attoek
vaay he
At tack ta xonontes dependng
Cund he organizatar usig dhen te is

Context
gener al Cornroon Codegoses

Netork Baed alteces

Denial Seavice. (oos)
Dishriooed Dental c Seavice Copos).

Man in he middle (ITH) attaeks

Network Scannmg arc
and seconaissanee
Paclket Sniiny and eavesdogeing

Malware attecks+
Viuse uorhs, Tvoyany

Reun somwase attacks

Bo tet und Corman and Contol (Coc) attocks

Rootits nd BacKoor
 web Based atacks
CvOSSsite Scripiny (xss
SQL lojecton. Rogery csRF)
CYOSS
Sit gest
phishing
Socicl. Engneg

Attaeks to qettn os
Buffea veatlo attecks
Privilege es calcon attacks
tkeanel evel atacks
2e0 -douy eaploits.
mobile attacks
wiveleK cund

eaweschopeng and spoofngy

wiß
nobile mclne
SMS phishing
B)ve tooth ottecks.
Insiders attacts
acee
Unauthorsed
ex filhator
Jetea dheft
inentional dornage
Sastug
Privileges aey
Unauthozed
 3

Phyicod dheft device

ha equiprmet
Tampesing cwith
Oumpslea
iy
Phgcd secnity
.
Sodaltngneing
phishiy ishiy.Smishig
Sonaor)
Prelextn and impa
and tei lg otng
Pake alerts.
SCarewase

Spoofyt
adre spoofng, refey
Tp Spog Rsotocal P) Packets
Creaio) tnleanet
to the
to Impsonabe
wi a lase Source iP addrey
Comastg Systero.
arathes out.
Cubee cimials to Cag
spooting alaws Cyhe
cheteehorn.
maliCioos
actong, ofteo usthout
include Ste atin yau dala in fech
This mgut
device malware
Sesvel
 tec hoigue oflen By Bad aclere

Inove opos aHacks cgangt

device Jhe Surrodig in Bes tructue.

spony
tnside Jhe Pecset,
dhe Souree
a dcntges 4 this Proces
talke
Marcioos hackels
theit Cddes
ordes to hide
enecoting tasgats.
attackS
davice
do Jhis to Rool he tget
Hackr
Jhe Source
rs to
nto acthtey.
Conduet hei hacany
yourself
ne to Projeat
enyps to taf
a

cnd nides oo nacks,

Pantey
lacws) spooed
Packet
St:Patne
ds vickm.
Method de jenge
attecks eguineg
Dehnginy against ybe vahious melhods
dnat Combines
approach
layeadec netiorKs and dasa.
chnologies to Proteet
sgsles,
te
and Poeo cedoves
Rro teatine
By impemerthng esponse (vDR),endot
deteehon and
NehoYK analsge
and esponse CeDR) to idenify
deteeton petwor :.
eport inciteos dhut
and
nekoork Seeurity
Rre uwall
i. Rre walsE
cind Concol inlorniney
ices
devices that monte
dnat
on perdkemined Security
traffhc Bosed
Intenal etoKS
ules.Thy aut ad a Besie inkanet
cy the
n
enenal netoY ks, Such malieious
Blocr
Prevent anaioorged acce
trafie.
Deteetorn Syse (10s) and inshusio)
a. oshuson
Prevete Systern.
fex Signs
IOS
Ios and PS oehr ttotic
K

105
attack PattenS.
know
Supicious achity aboot Potential
alents adminishretorg
de tecs and
Scoity Breache, whle
Preet mali ciouS traffic
taget
 Aothnaloal SoftwoSe.
,
Andvius cntmakoase
and Softae deteet gU tne. an
ViYuse eosos,
and renore malicioUS neSottsa n
TYopns and ounsoane
Rsorn Ssler and. etoks.

tiansfo nS data in
a Seccore lalgori th
g)
Encvypion ma
Rornat osing crpotogsa phie algoshng kng it
Unreadele to Un auoized

Acces Conhio)
Tmpementhng stong Contols Such a least
Contol (AGnc),
role ied alces
USe Cund Syslers ony bave aec es o

ense dhat
deda ne sscy Po dher volej.
he eYeg Cn

Pa teh
manceyenet

Regoleaty appyng Szcuity pa tehes and updakes

, nd helps oddes
to Sofhane 0S
vulne abiihey
" ond pevent enploitahor
attacens.
Sceuit Awanets Fraii
Educangy embyees cund Usenscbot yhes soanihy
Best Psactceg Suh phising attenp's
Cseabng Stsong asoordy and ep bay Suspiciaus
a
actityhelps Qoild Secusiy cuiture and
edceg dhe hkelinod Se scesfol attaek
 Mocelg
Secoity
f de
Psovde traneuoyts
Secoty nodels Conhols sthin
imple menting Steuity folces cnd
and
iofasuche. Mee cNe SOre
ofganzahon's IT
Secur modhely.
Common

J. Bell -Lapodla moel

model en fioe
Oeve loped
coocept Teod op
thioug Jhe Concept
Conhdenthty revents Users foom aceshmy
cuvte dowr Poley it CConfdenhal)
Securi levels
at highe
tntormatio ivileed).
lowe Seuit) leves Ces

Biba inteorit Model

enforcing
main toi nhng daba integihy By
Focuses Prenents
write up, no veod doon' Policy. it
deta at a h'yhey inlegiity
USes trom
loweg inkgrity leel
leed hey at a

e
data Corrupon.
dhus dcng dhe

wilson mohel
Clark
Designed apieaons, this moel
emphases he
inley an Consiskny datan

By enfor ciny Sepanaton dotes and sing

wel defned acee ConhrolS.
Tate. Grant model
Used acees Conto) d'stribled Sylems,
dhis model ve prejenks Pemissiong as token ar dhot
S

Sobjeets (useng Procone)

Ccun be drensfeec Betueen
dekoe sules
objects Creyouree). it
e votmay Pe missiong Base token Ouspen Sh
nd
Cund deleshon.
Yisk manaqmeut

Risc maagernel dhe proces identig

and
mi
igahng to cn

vongation's asee operahiod, and epstatoy.

jdenieaor!
riSK maag cment ts identthiying
The Airst step affeet
dhat Coold dne oigonzahon.
otenal dhreds(such ay
yhe atHaeks
idenikyng
This nvolve
o eru)
hurnan emot) and vulnesatg
disastey,
natal y those dhrets.
Cewld be enploied
Dssessanet
hane been identiedhy
are sesed
risK
likelihood OCeorenee and
to deleamine the
Potental Impoact the Grgangato.
 Pyiocihge Base dreiy Siqnifcanee
Risrs
and po
kotal imact on he ogan jaon's
objecties. Risks wdh highe Iikel:hood and
Potenkal impact gven highes
Jeate atern thion
cund regune iomediat
Cund resoceg

Qisk mihgeont
,
have oeen identfiec assessed and
iskS
, niigatian measores
Priorhyed appropriake
imglerseotec to redce the
nvove mparntny
Nsks.
his This mqy
Count neasug to prevent
Contols, aPegrads,
respond to even
detet
RisK onaunicaten
Commiae) riskS and
Efeehve ensue
esenHal
managemel staegies Is
awre Polenihal thrats
dnat stale holdeg
ord ndustan the osgan'aors appreh to
This Cormoonicain
rnanag therm. incldes
ong proges o
asses ment
iHgin plng and updates
Seni managmab Gostoment
heleven Panteg.
 Cybeg dhreals and ybed

Cybes dhreals cjeg Ao polenil

netwots
ochuiiea osgding Cornpuleg S
ler,
malicios
Jhe in ket to
to in futrngbun
gain an authorized
Cybey Thyeas!

Softwane
to inflkrale
desianed Ao
malwaNet MalicioUS
intormaton
,o Stea
dearnage
yglerns.
Compta
to tick ndiiag
audulent aternpts
Phishing
8enstive
'oto weasi tey
decephve emals
d
Distibole
Sevice (oos) anc
Denial of
At+acks
Sesuice (o0os) aojdh
ne twoks
tageted Sylens Umava lebe.
Oveuheln Jhem
vendeing
tafc
oy
that pts
encxpts l eg oY

RonsONwaLe malee
Out

Pold
 hadicios a
ctions Secoriy
Inside Tneat
ut inviduc
Reacheg CoSied
(ontraclors
Cgangaion, Suc ernplyee
Bebind Cybeg Trecdst
Modivahons

Crain: many cube attacts

.Financi ad a slcaling
Soch
noivaked rancial incentes
poyrnonk
Sensive ln fomatho Sose ole
Espionget Waton
Netion~ ates and hes acterg
y
ge to gathes in teMigence,
Condu Cybey espion
a dvessahie9 Sleol ntellectual Propty.
maniter
Can
e osed to
OiSTUphon ybe attacks
Sesvieg
the
ntagtie tre, Poaic
Cihcal natto.
atong OganiRo

Naton -steles Conet

AttaecS
Stale- Sponsed n
otlon s Joresnment
ayainst the
ottactS in dastoiey
milha tnfra stoucre,
ag encies, geopolitcal
Rsroedog
Pant
Mitcny oprtny
Cgbe
Capabiitiy oe
mtitay opu akons , inctodny
megeted
offesive ybey atachs tragchng eneyén er Comron.d
cnd contole Sgstems, Comrouni aie netseks and
Togisieg fntra stucture.

meuy be Cornbned asith onvenirl

Cybey cttacks di unfomalto
, Propaganu and
teties segic oojeches obite
Cchicve
Compargns to Con foontalun.

minimise dircet
cend Irmpieaken
4.
chalcnies
Peapetadors gbet
lden tyney Jhe
Atibohon dhe anonymihy
chalongingy due to
be
attaeky Cen mating
s ophis teutier
aiackey
Cnd
to hold

Scalattoo Rr
potentia calate
have dhe
ottaeks
Cybe
betuwoon naton lea ding to retaliato
Con Aie ts
Qun undesmiig
acion

Csicot
cny Cyininel
Cybes Cime
totey place
tohleb odhey IT
Cornputes Tnanet
is nost ComNoN
Cybeg
moTen
Pleuys vey teo role
 Ciminals
not eny cauny
dhe Socichy cnd 9ovesnment Bt hey
ide nlty to gveat
Ho hide che en ten t
clsie
achuithes done
Thene nombeg (rima nu
(iminal
cre intanet dhogh
Inenet and lompukas in
oreatlng .Tntesnal
daily re, ubes c
Cine in
Bot hag
Convini ence to Jhe
frodes oo
deuk
Cnmes
Some nuoly emegy
cyba staling
Haceing

Ermail Bomby
Cybeg Terorsm
Data Theft ele

LUmole Cetoe
data and applieukon
Unauthozed s
Compots viruS malse.
sprescniy
wiy
Digtally dshiboting child porngephy.
reel oney
uebsite to look
Deslgnlny fake
money viruS.
Con denal deta
 Compooy and inanef.
Chbey teaoris is
a teu orist
a

Comectwiy cydea to launh

qttack.
loss
Pe at
hare
Cybey tenois
possibilikg
al [he
Commuocatio
tCenonic disupton
Supply hnes
in fras dute
o natonal in
deqradaH
heneral

to Cause damoge and

teos Seelcs
Poss le, The ldea
public
aSe as
actitey people
&o arong
to gtike

CeLse ybes
Actal
Commnd.
CENTCoM,- U.S
SPYWARE.
CENTCOM fnfe cted ith
Tn a00t, lot.
Payting.
dyive wal lett
A
plgged into his
Solde to
wokStch, Jhus Introducing pyae
CE NTcOH
networ
 Signikceut Secority Beacn and
Tbis daumoged is
mvch deta was
houw
know0.
Compsks
Decembeg 004, Hac kens Broke into
Tn pl ans
Secret deyense
Sysemg Stole tte
and
Sootth korea

Korea wy 9es ponsi bles

SuSpeekec
Authoe
}t.

Agantet Cyaes turST). ded'celed

Defense
must Beso
)MajoN academtc insihtong . Progrennd ten Cyhes Secority.
.
acoemic
heasech an soicudy
most be
breated fr
Comptea nmes
)
Ponishmeut and acthe
rgey:
wih Sto he
cone.
Shoo t
tnVesh getiens
to law enforcemeut
8howld be rovdec
Basic Compls Crne
ophe-es SHled cmptes
be
These Should igy enRernend
Psobe. ssion als
lao
&yilkro moit oe
estab,1shed
An Emesgeny rting
epurtig
) Cour
vaious tn duskiey
Prtesonay .

place and
Sngle
Jheiy issueg
 Cubeg E
spiog
cybes esionge
,
adtemps
ohich nauthoed
Cybeaattack oY inlclleduc
cs casifd
ClassiRied dota
acces Sosihve
nsie
o
Compolitte adantage
eLonoic ain
Ropety
poic Heal meascoN.

Cyes espionaye teogts

q esptonag Can hane
victm cyhe
Recoming a eputalior
cvgarizalans
ConSe queney
domagg Getween Covportuong and
erode hust
and Can
(ustomn
helr
opaatorg intomatior
ntanal ermployee
dereloprsent CeGo) dod,
(R40)
Re seaneb and
openatoned deta
Salaie
ntelectoal mopey (i0)
, Sensitre Projeets and anu
ropaietay Plans
ateueke ould Sel Prot.
Oxopeny.
client
Custome, infarmolu.
Chents sts, she Seaviceg ny Irovi dod,
hoo much hey Poy
 Compehter Cund meakeno tnlellqence

Band ncume9, cormoin nameg, logp ,nigue

and Creekve asets
ue bsi te clesi

Cybe esplonege ctteeks

fortune soo
Qoog, 30 high- lsoli le
infeimausly, in
ybeg esponge arnpy
Companies wee tegeked y dhe
to steo troade Secves rno Ney victms,on
designed Breeehed,
Googe poblicy admitted dhat iVawa
disclcsme dhat Gmol aceants
Gelangine to cinese
-
hod been Compromlsed
riguls advocoteg
Cormprehesive abe Secrtdy folicy

cybe Securlty poliy defneg dhe

Cormpehe nsie Proteeted,
most Be
dote asel Jhat
1T and
Jhe
threats a he suleg goieng
dhe
Protechon the ase.
technoloes, Prachces, %
dhe denices
bo
netua kS,
to Seure
de signed
and Processc fson attaks ,unaudhorize
informato, and roams
ybegserurty teme
acc eys, danege.
iofeomoton technolog securty

1. Intoducton and Puspse

polieys objeciveg, Scope
Piove % the
Cund nprotance to the sgangahiog
Secunty Pos tuve
Roles Cunð Resonsibilitieg
aespoosbiiheg Individalg and
Defne Jhe ole and cybaseoty
Leodhin Jhe regaing
osganizakon
depnd menls
Senier mangnet 7pesonnel, emp'oyeey
Inclucing
vendor.
thtrd pesy
RisK manoagern ent
idonfifjng ,asseng
3.
aproach to
dne organizatir'r
Out line ris ks, inclo dng
miHgatng csbeg
Prioinay and isk tseetmeut and
cusesernet
"NsK
Procese fe
montorig
conwols Cund measureg
4- Secoity
nd neasUYey
secority Control S
Specit he oganigeke)'s ayes,
to proect dhe
be implenenkecd Contols Cond
,Physical
Conhol\S,
Includy techoical Con ho 1S
aministrate
S. Datea protecton nd ivac
Fes oke thng Snsi He
cund proceduvey
Deßne polices ,aceeg
dda cleussi icalon, encyption
data, im cluding , Cornpianee
and Cormplicunee
re tenion,anc
melenton uitn
Con holS, data regualtiong
nelevout
and ngermet
Response
6. locdet
Establsh roceedorey
decteting ,reptiy
to <gbgsecity tncidenb, inclag
and nespondy
oihes. escalaio) Psocedes,
oles and responsi b
Incident Ccteqcig aton, Contcinment, ead'tn
and