Cyber Security Briefing Document

This briefing document summarizes the key themes and important ideas presented in the
provided lecture notes on Cyber Security (CYB 211). The sources cover a range of foundational
concepts, types of threats, security measures, and relevant legal and regulatory frameworks.
Main Themes:
Definition and Importance of Cyber Security: Cyber security is defined broadly as the
practice of protecting systems, networks, programs, devices, and data from cyber attacks, which
aim for damage, theft, unauthorized access, etc. Its importance stems from the fact that almost
all modern activities involve data, which needs to be kept confidential, secure, and available.
Types/Areas of Cyber Security: The notes consistently outline several key areas within cyber
security, including:
Network Security: Securing the computer network from unauthorized access and
network-based threats using firewalls, VPNs, and network segmentation.
Application Security: Securing software applications and preventing vulnerabilities. The scale
of applications available on platforms like Google Play, Apple App Store, and Amazon Appstore
highlights the importance of this area.
Information/Data Security: Protecting sensitive information from unauthorized access using
encryption, access control, and Data Loss Prevention (DLP). Creating awareness is also crucial.
Cloud Security: Securing data and applications hosted on cloud platforms like AWS, Google
Cloud, and Azure, ensuring data protection and compliance.
Mobile Security: Securing organizational and personal data stored on mobile devices.
Endpoint Security: Securing individual devices like computers, smartphones, and IoT devices.
Critical Infrastructure Security: Protecting physical and virtual resources essential for societal
economic security.
Industrial Control Systems (ICS) Security: Securing systems used to automate industrial
operations, including Supervisory Control and Data Acquisition (SCADA).
IoT (Internet of Things) Security: Addressing the security challenges posed by interconnected
devices.
Benefits of Cyber Security: Implementing robust cyber security measures offers numerous
benefits, including:
Protecting sensitive data.
Preventing cyber attacks (e.g., malware, phishing, DDoS).
Safeguarding critical infrastructure.
Maintaining business continuity.
Ensuring compliance with regulations.
Protecting national security.
Preserving privacy.
Challenges of Cyber Security: Despite its importance, cyber security faces several ongoing
challenges:
A constantly evolving threat landscape.
A lack of skilled professionals.
Limited budgets for security implementation.
The persistent threat of insider attacks.
The increasing complexity of technology.
Features/Characteristics of Security (CIA Triad): The core features of security are
consistently identified as:
Confidentiality: Preventing the disclosure of data to unauthorized persons. Measures include
data encryption and two-factor authentication.
Integrity: Protecting information from being modified by unauthorized parties. A message sent
should be received exactly as it was sent without alteration.
Availability: Ensuring that authorized parties can access information when needed. Measures
include backing up data, implementing firewalls, and having backup power supplies.
Types of Cyber Attacks: The sources detail various types of cyber attacks, categorized broadly
as web-based and system-based attacks. Examples include:
Web-based attacks: Injection attacks (SQL, code, log, XML), DNS spoofing, session hijacking,
phishing, brute force attacks, DDoS, dictionary attacks, URL interpretation, man-in-the-middle
attacks, and file inclusion attacks.
System-based attacks: Viruses ("a type of malicious software program that spreads
throughout the computer files without the knowledge of a user"), worms ("type of malware
whose primary function is to replicate itself to spread on infected computers"), Trojan horses
("malicious program that pretends to be benign"), backdoors ("method that bypasses the normal
authentication process"), and bots ("automated process that interacts with other network
services").
Layers of Cyber Security: Cyber security is often implemented in layers to provide defense in
depth. These layers include mission-critical assets, data security, application security, endpoint
security, network security, perimeter security, and the human layer.
Cyber Security Policies and Guidelines & Legal Frameworks: The notes emphasize the
importance of cybercrime legislation and legal frameworks at national and international levels.
Examples include GDPR, NDPR (Nigeria), the Council of Europe Convention on Cybercrime
(Budapest Convention), and various cybercrime acts and regulations in Nigeria (Evidence Act
2011, EFCC Act 2015, etc.) and other countries (like COPPA and HIPAA in the US).
Risk Management in Cyber Security: Risk management is defined as the practice of
identifying and minimizing potential risks to networked systems, data, and users. Key aspects
include:
Risk Management Frameworks: Help organizations protect their assets and businesses.
Enterprise Risk Management (ERM): A comprehensive approach to managing risk across a
large organization.
Importance of Risk Management: Helps organizations prepare for potential threats.
Benefits of Risk Management: Reduces data breaches, fortifies security, and protects
reputation.
Vulnerability Management: Proactively identifying security weaknesses and prioritizing them
for remediation.
Types of Risk Management Strategies: Risk avoidance, risk reduction, risk transfer (e.g.,
cyber insurance), and risk acceptance.
Risk Management Process: Developing a plan, identifying risks and vulnerabilities, mitigating
risks, continuously monitoring the system, preparing for incident response, and planning for
recovery (DRP).
Risk Management Solutions: Include advisory services, assessments, and security
management tools (EDR, MDR, XDR).
Network Monitoring and Analysis Tools: Tools like Wireshark are highlighted as essential for
network traffic analysis. Wireshark functions as a packet sniffer, allowing for package capture,
filtering, and visualization of network conversations. It is used by cybersecurity professionals to
trace connections and view the content of suspected network transactions. It is not an Intrusion
Detection System (IDS) as it does not actively trigger alerts.
Port Scanning: Port scanning is described as a process of probing a computer system, server,
or network host for open ports. Tools like nmap/zenmap can be used to perform port scans by
downloading and launching the tool, entering the target IP address, choosing a scanning profile,
and initiating the scan. The report will indicate the state of the port: "open" or "accepted"
(service is running), "closed" or "denied" or "not listening" (no service running), or "filtered" or
"dropped" or "blocked" (firewall is likely preventing access). Interpreting the scan report involves
analyzing open ports, service versions, and potential vulnerabilities.
Vulnerability Scanning: The command nmap --script vuln <target IP> is provided as a method
to access vulnerabilities on a host connected to a LAN. The lecture notes provide examples of
vulnerabilities identified by such scans, like those related to the Microsoft printer spooler
(smb-vuln-ms10-061 and smb-vuln-ms10-054), indicating potential remote code execution or
denial-of-service attacks.
Important Ideas and Facts (with Quotes):
Definition of Security: "A feature of security is confidence: how sure am I that this doc in
uploading/downloading from this website is safe/has no virus/malicious intent?" (CYB 211
Lecture Notes(2)- 01-11-24)
Importance of Cybersecurity: "All we do today involves data, which is raw, unprocessed
information... there is a need for the data to be confidential e.g. medical-status, bank info etc."
(CYB 211 Lecture Notes(2)- 01-11-24)
Definition of Cyber Security (Comprehensive): "CYBER SECURITY: DEFINITION this is
primarily about people, processes and technologies working together to encompass the full
range of threat reduction vulnerability reduction, deterrence, international engagement,
incidence response, resilience and recovery policies and activities including computer network
operation, information assurance, law enforcement and so on. In other words, it is the body of
technologies, processes and practices designed to protect net works, devices, programs and
data from attack, theft, damage, modification or unauthorized access; this includes using special
programs to check for harmful software and learning how to recognize and avoid online scam."
(CYB 211(Tina️️️).pdf) This definition is reiterated in slightly different wording in "CYB 211.pdf".
Scale of Application Security: "There are 3.553 million applications in Google play store,
Apple store has 1.642 million, Amazon has 483 million application software." (CYB 211 Lecture
Notes(2)- 01-11-24) This emphasizes the vast attack surface that application security needs to
cover.
Confidentiality Explained: "Confidentiality: This is about preventing the disclosure of data to
unauthorized persons or parties. It also means to keep the identity of authorized persons
involved in holding and sharing data private, anonymous." (CYB 211(Tina️️️).pdf)
Integrity Explained: "Integrity: This refers to protecting the information from being modified by
unauthorized parties or users or persons. Example, a message sent should be received the
exact same way without modification." (CYB 211(Tina️️️).pdf)
Availability Explained: "Availability: This has to do with ensuring that authorized parties are
able to access the information when needed." (CYB 211(Tina️️️).pdf)
Definition of a Cyber Attack: "A cyber attack is an exploitation of computer system and
network. It uses malicious codes to alter computer codes, logic or data and leads to cyber
crimes such as information & identity theft." (CYB 211(Tina️️️).pdf)
Virus Definition: "Virus: This is a type of malicious software program that spreads throughout
the computer files without the knowledge of a user. It is a self-replicating malicious computer
program that replicates itself by inserting copies of itself into other computer programs." (CYB
211(Tina️️️).pdf)
Worm Definition: "Worms: These are types of malware whose primary function is to replicate
itself to spread on infected computers. It works the same way as a virus and often originates
from email attachments that appear to be from original senders." (CYB 211(Tina️️️).pdf)
Trojan Horse Definition: "Trojan Horse: This type of malware pretends to be what it is not. It is
a malicious program that looks or appears to be normal, expected changes to computer setting
and unusual activity even when the computer should be idle. It misleads the users of its true
intent. It appears to be normal application but when opened or executed, some malicious code
will run in the background." (CYB 211(Tina️️️).pdf)
Bot Definition: "Bots: Popularly known as Robots. A bot is an automated process that interacts
with other network services. Some bot programs run automatically while others only execute
their commands when they receive specific input." (CYB 211(Tina️️️).pdf)
Cybercrime Legislation: "Cyber crime legislation is a type of law that prohibits and punishes
cybercrime. A legal framework is a collection of laws and regulations that govern a specific area
of law." (CYB 211(Tina️️️).pdf)
Risk Management Definition: "Risk management in CTB is the practice of identifying and
minimize potential risks to networked systems, data and users." (CYB 211(Tina️️️).pdf)
Vulnerability Management Definition: "Vulnerability Management This is the process of
proactively identifying security weaknesses and flaws in IT systems and softwares, tracking the
vulnerability and prioritizing them for remediations/solutions." (CYB 211(Tina️️️).pdf)
Wireshark Functionality: "As a package sniffer it does the following: 1. Package capture: It
listens to a network connection in real time and then grabs the entire streams of traffic (100s of
thousands). 2. Filtering: capable of slicing all of the raw live data using filters. 3. Visualization: It
allows one to dive right into the very middle of a network packet to visualize entire conversations
and network streams." (CYB 211 Lecture Notes(5) - 20-01-25.pdf)
Port Scanning Purpose: "Portscanning is a process of probing a computer system, server or
network host for open ports." (CYB 211 Lecture Notes(5) - 20-01-25.pdf)
Interpreting Port Scan Results: "'Open' or 'Accepted': This means that the port or service
running on the computer can be accessed by other network devices." "'Closed' or 'denied' or
'Not listening': This means the port or service is not running on the computer and therefore
cannot be used." "'Filtered' or 'dropped' or 'Blocked': This means that access to a port or service
is being blocked by a firewall and therefore cannot be exploited." (CYB 211 Lecture Notes(5) -
20-01-25.pdf)
This briefing document provides a foundational overview of the key concepts and information
presented in the provided CYB 211 lecture notes. It highlights the multifaceted nature of cyber
security and the continuous efforts required to protect digital assets in an evolving threat
landscape.

Based on the sources and our conversation history, the legal frameworks in cybersecurity are
crucial for establishing rules, setting standards, and providing mechanisms to address
cybercrime and protect digital assets.

A legal framework in the context of cybersecurity is defined as a collection of laws and

regulations that govern this specific area. Cybercrime legislation is a key component,
serving as a type of law that prohibits and punishes cybercrime, which can be both
computer-dependent and independent. These frameworks operate at various levels:
international, regional, and national.

Importance of Legal Frameworks:

●​ They provide a formal structure for deterring cybercriminal activities through defined
offenses and penalties.
●​ They facilitate international cooperation in investigating and prosecuting cybercrimes,
which often transcend national borders.
●​ They establish legal obligations for organizations to protect data and implement security
measures.
●​ They empower law enforcement agencies with the necessary legal authority to
investigate and take action against cyber threats.
●​ They contribute to building trust and security in the digital environment.

Examples of Legal Frameworks:

●​ International Level:​

○​ UN Convention against Transnational Organized Crime (Palermo

Convention): Focuses on cooperation against transnational criminal groups,
including aspects relevant to cybercrime like extradition and mutual legal
assistance.
○​ Convention on the Right of the Child: Addresses the protection of children
from various forms of exploitation, including those occurring in cyberspace.
○​ Council of Europe Convention on Cyber Crime (Budapest Convention): A
significant international treaty that aims to harmonize national cybercrime laws,
enhance investigative capabilities, and promote international cooperation.
 ●​ Regional Level:​

○​ GDPR (General Data Protection Regulation): A European Union regulation

focusing on data protection and privacy within the EU and the European
Economic Area.
○​ NDPR (Nigeria Data Protection Regulation): A national regulation in Nigeria
concerning data protection.
○​ African Union Convention on Cyber Security: Aims to establish a framework
for cybersecurity across African Union member states.
○​ Other examples include the Gulf Cooperation Council (GCC) legal framework,
Arab League Model Cyber Law, Commonwealth Model Law on Computer
and Computer Related Crime, ECOWAS Directive, and the broader EU
Directive.
●​ National Level (Nigeria): Nigeria has a comprehensive set of cybercrime regulations
and related laws, including:​

○​ Evidence Act 2011

○​ EFCC Act 2015
○​ National Cyber Security Policy and Strategy 2015
○​ Cybercrime (Prevention, Prohibition) Act 2015
○​ Cybercrime Advisory Council 2016
○​ Advanced Fee Fraud and Other Related Offences Act
○​ Money Laundering (Prohibition, Amendment) Act 2022
○​ Corrupt Practices and Other Related Offences Act 2000 (ICPC Act)
○​ Terrorism (Prevention) Act 2011 & 2013
○​ Nigeria Data Protection Regulation 2019
●​ National Level (Other Countries): Various countries have enacted specific laws to
address cybercrime and data protection:​

○​ Japan: APPI (Act on the Protection of Personal Information) 2003

○​ US: COPPA (Children's Online Privacy Protection Act) 1998, GLBA
(Gramm-Leach-Bliley Act) 1999 (focused on financial data protection), CCPA
(California Consumer Privacy Act) 2020, and HIPAA (Health Insurance
Portability and Accessibility Act) for health-related information.
○​ Argentina: PPDA (Personal Data Protection Act 2000)
○​ Kenya: Data Protection Act 2019
○​ South Africa: POPIA (Protection of Personal Information Act 2020)

Legislative Institutions:

In Nigeria, several institutions play a crucial role in enforcing and implementing cybercrime
legislation, including:

●​ ICPC (Independent Corrupt Practices and Other Related Offences Commission)

●​ EFCC (Economic and Financial Crimes Commission)
 ●​ NDPC (Nigeria Data Protection Commission)
●​ NFIU (Nigerian Financial Intelligence Unit)
●​ NEFF (Nigerian Electronic Fraud Forum)
●​ ngCERT (Nigerian Computer Emergency Response Team)
●​ NCWC (Nigerian Cybercrime Working Group)

These institutions are responsible for investigating cybercrimes, enforcing relevant laws,
developing policies, and coordinating national cybersecurity efforts.

In summary, legal frameworks are a fundamental pillar of cybersecurity, providing the necessary
legal and regulatory foundation to combat cyber threats, protect digital information, and foster a
secure cyberspace at local, national, regional, and international levels.