Fundamentals of Cyberssecurity

Course Introduction and Chapter One

Senait Desalegn

School of Information Technology and Engineering

Addis Ababa Institute of Technology
Temesgen Kitaw Damenu
Addis Ababa University
April
Feb 2022
2025
Contents
Course Introduction
Chapter One
• Cyber and cyberspace
• Security, information security and cybersecurity
• Objectives/goals of cybersecurity
• Cybersecurity threats (challenges)
• Cybersecurity vulnerabilities
• Cybersecurity attacks
• Cybersecurity solutions (models and mechanisms)
• The importance of cybersecurity in software engineering
SiTE - AAiT - AAU 2
 Course Introduction

SiTE - AAiT - AAU 3

Know Each Other

Name

Cybersecurity related
background

What do I expect from this

course?

SiTE - AAiT - AAU 4

Course Objectives
Explain fundamental concepts in cybersecurity

Introduce security threats and vulnerabilities of information systems

Introduce the fundamentals of cryptography

Understand and implement the principles of secure system design and
development
Introduce the security issues and defense techniques in applications, operating
systems, networks, web applications, database and mobile devices.
Introduce the techniques for vulnerability assessment and security evaluation.

SiTE - AAiT - AAU 5

Learning Outcomes
Be familiar with cybersecurity concepts and issues.

Be able to recognize, explain, and act-on threats to confidentiality, integrity,

and availability of an information system.
Understand and implement security defense mechanisms in applications,
operating systems, networks, web applications, and mobile devices
Be conversant with designing, implementing and assessing security measures
in information systems.
Apply applicable techniques and technologies to defend information systems
from security threats.

SiTE - AAiT - AAU 6

Course content
Chapter One: Introduction

Chapter Two: Cybersecurity Risks

Chapter Three: Cryptography

Chapter Four: Application and OS Security

Chapter Five: Web security

Chapter Six: Database security

Chapter Seven: Network security

Chapter Eight: Mobile Security

Chapter Nine: Security Assessment and Evaluation

SiTE - AAiT - AAU 7

Assessment Method

Assignment #1 Assignment #2
Quiz #1 – 5% Quiz #2 – 5%
– 5% – 5%

Each Lab and

Mid Exam – Final Project - Final Exam –
Final Lab exam
15% 20% 25%
– 20%

SiTE - AAiT - AAU 8

 Chapter One
❖ Cyber and cyberspace
❖ Security, information security and cybersecurity
❖ Objectives/goals of cybersecurity
❖ Cybersecurity threats (challenges)
❖ Cybersecurity vulnerabilities
❖ Cybersecurity attacks
❖ Cybersecurity solutions (models and mechanisms)
❖ The importance of cybersecurity in software engineering
SiTE - AAiT - AAU 9
Cyber
Cyber - Oxford Dictionaries

• combining form in nouns and adjectives

• “connected with electronic communication networks, especially the internet”
• Cyber-attack, cybersecurity, cybercafé etc

Cyber - Cambridge Dictionary

• adjective
• “involving, using, or relating to computers, especially the internet”

Sometimes refers to cyberspace

SiTE - AAiT - AAU 10

Cyberspace
“the interdependent network of information technology infrastructures, and includes
• the Internet,
• telecommunications networks,
• computer systems, and
• embedded processors and controllers in critical industries.” National Security Presidential Directive
fifth space (virtual space)
• next to land, air, sea, outer space

consists of four different layers (Kremling and Parker, 2016)

• (1) physical layer,
• (2) logic layer,
• (3) information layer, and
• (4) personal layer

SiTE - AAiT - AAU 11

Cyberspace: layers
Physical layer
• physical devices, such as PCs, networks, wires, grids, and routers

Logic layer
• where the platform nature of the Internet is defined and created

Information layer
• includes the creation and distribution of information and interaction
between users
Personal layer
• consists of people

SiTE - AAiT - AAU 12

Cyberspace: broader view

Infrastructure Information

System

People Society

Driveittech.in

SiTE - AAiT - AAU 13

SiTE - AAiT - AAU 14 WEF
5th industrial revolution

SiTE - AAiT - AAU 15

 th th
4 & 5 industrial revolution techs
3D Printing

Big
Data
AI

AI

SiTE - AAiT - AAU

Discussion

Individually

Implication of
Organizationally
cyberspace

Nationally

SiTE - AAiT - AAU 17

Cyberspace Implication & Impact
‘Shaping’ the world, highly influenced by the ‘giants’

Borderless, virtual, accessible to all

Created flat system, empower individuals & groups

Disruptive and dynamic

Abundant opportunity and benefit

Impacting all arenas of human and fuels revolutions

SiTE - AAiT - AAU 18

 Chapter One
❖ Cyber and cyberspace
❖ Security, information security and cybersecurity
❖ Objectives/goals of cybersecurity
❖ Cybersecurity threats (challenges)
❖ Cybersecurity vulnerabilities
❖ Cybersecurity attacks
❖ Cybersecurity solutions (models and mechanisms)
❖ The importance of cybersecurity in software engineering
SiTE - AAiT - AAU 19
Security

Security is the activities involved in protecting something against attack, danger, etc:

• national security - the defense of a country

• physical security
• personnel security
• information security
• cybersecurity

SiTE - AAiT - AAU 20

Information Security
Focused on protecting the
information or data of an • data can be held on removable
disks, laptops, servers, personal
individual or an organization devices and physical records.
from any kind of attack.

• Organizations must protect

physical assets including its
premises, as well as anywhere
There are two sub-categories of else where sensitive information
can be stored physically.
information security. • The second sub-category of
information security relates to
the protection electronic
information (cybersecurity).

SiTE - AAiT - AAU 21

Cybersecurity
ability to secure, protect, and defend electronic
data stored in servers, computers, mobile devices,
networks, and other electronic devices, from being
attacked and exploited.
Cybersecurity focuses on protecting electronic (IT)
assets against external and internal cyberattacks.

This includes a wide range of security operations,

including
• cloud security,
• network security, and
• application security
The convergence of IT and physical systems
makes the scope of cybersecurity broader
• Cyber physical systems

SiTE - AAiT - AAU 22

 Chapter One
❖ Cyber and cyberspace
❖ Security, information security and cybersecurity
❖ Objectives/goals of cybersecurity
❖ Cybersecurity threats (challenges)
❖ Cybersecurity vulnerabilities
❖ Cybersecurity attacks
❖ Cybersecurity solutions (models and mechanisms)
❖ The importance of cybersecurity in software engineering
SiTE - AAiT - AAU 23
Cybersecurity goals
Confidentiality Preservation
of
• Encryption for data at rest (for instance AES256, full disk encryption). Confidentialit
• Secure transport protocols for data in motion. (SSL, TLS or IPSEC). y, Integrity
• Best practices for data in use - clean desk, no shoulder surfing, PC and
locking (automatic and when leaving).
• Strong passwords, multi-factor authentication, masking, access control, Availability
need-to-know, least privilege.
(CIA)

MNP Digital

SiTE - AAiT - AAU 24

 Cybersecurity goals…
Integrity Availability

• Cryptography. • IPS/IDS.
• Checksums (e.g. CRC). • Patch Management.
• Message Digests also known as a hash • Redundancy on hardware power (Multiple
(e.g. MD5, SHA1 or SHA2). power supplies/UPS’s/generators), Disks
• Digital Signatures: non-repudiation. (RAID), Traffic paths (Network design),
HVAC, staff.
• Access control.
• SLA’s – How much uptime do we
want(99.9%?)

SiTE - AAiT - AAU 25

Cybersecurity goals…
IAAA (Identification, Authentication, Authorization and
Accountability)

Identification: who you are

• Your name, username, ID number, employee number, SSN

etc.

Authentication: the way to prove yourself.

• Something you know - Type 1 Authentication (passwords,

pass phrase, PIN, etc.).
• Something you have - Type 2 Authentication (ID, passport,
smart card, token, cookie on PC, etc.).
SiTE - AAiT - AAU • Something you are - Type 3 Authentication (and Biometrics)
26
(Fingerprint, iris scan, facial geometry…
Cybersecurity goals…
Authorization: what are you allowed to access?

•Access Control models. What and how we implement depends on

the organization and what our security goals are.

Accountability: also referred to as Auditing

•Trace an action to a subject’s identity

•Prove who/what a given action was performed by
(non-repudiation).

SiTE - AAiT - AAU 27

 Chapter One
❖ Cyber and cyberspace
❖ Security, information security and cybersecurity
❖ Objectives/goals of cybersecurity
❖ Cybersecurity threats (challenges)
❖ Cybersecurity vulnerabilities
❖ Cybersecurity attacks
❖ Cybersecurity solutions (models and mechanisms)
❖ The importance of cybersecurity in software engineering
SiTE - AAiT - AAU 28
Cyber threat
A Cyber threat is any malicious act that
attempts to gain access to a computer network
•without authorization or permission from the owners.

It refers to the wide range of malicious activities

•that can damage or disrupt a computer system, a

network or the information it contain.

SiTE - AAiT - AAU 29

 Sources of Cyber Threats

Cyber threats can come from a wide variety of sources,

some notable examples include:

overnments.
secret agents.
ployees.

competitors.
on insiders.

SiTE - AAiT - AAU 30

Cyber threats for CIA

Threats for confidentiality

•Attacks on your encryption (cryptanalysis).

•Social engineering.
•Key loggers (software/hardware), cameras,
Steganography.
•IoT backdoor – the growing number of connected
devices we have pose a new threat, they can be a
backdoor to other systems.

MNP Digital

SiTE - AAiT - AAU 31

 Cyber threats for CIA…

Threats for integrity

•Alterations of our data.
•Code injections.
•Attacks on your encryption (cryptanalysis).

Threats for availability

•Malicious attacks (DDOS, physical, system
compromise, staff).
•Application failures (errors in the code).
•Component failure (Hardware).
SiTE - AAiT - AAU 32
Cyber Threat Classifications

• Attacker's Resources
Threats can be classified by • Attacker's Organization
multiple criteria: • Attacker's Funding

• Unstructured Threats
On basis of these criteria, • Structured Threats
threats are of 3 types: • Highly Structured threats

SiTE - AAiT - AAU 33

Unstructured Cyber Threats

• Resources: Individual or small group.

• Organization: Little or no organization.
• Funding: Negligible.
• Attack: Easy to detect and make use of freely available cyberattack tool.
• Exploitation based on documented vulnerabilities.

SiTE - AAiT - AAU 34

Structured Cyber Threats

• Resources: Well trained individual or group.

• Organization: Well planned.
• Funding: Available.
• Attack: Against particular individual or organizations.
• Exploitation based on information Gathering.

SiTE - AAiT - AAU 35

Highly Structured Cyber Threats

• Extensive organization, resources and planning over time.

• Attack: Long term attack on particular machine or data.
• Exploitation with multiple methods:
• Technical, social and insider help.

SiTE - AAiT - AAU 36

Types of threats

SiTE - AAiT - AAU 37

Types of threats…

SiTE - AAiT - AAU 38

Cyber threat landscape - Global

Average weekly attacks per organization

by Industry H1 2022 compared to 2021
SiTE - AAiT - AAU (Checkpoint, 2022)
39
Cyber threat landscape – Global …

(IBM, 2022)
SiTE - AAiT - AAU 40
 Chapter One
❖ Cyber and cyberspace
❖ Security, information security and cybersecurity
❖ Objectives/goals of cybersecurity
❖ Cybersecurity threats (challenges)
❖ Cybersecurity vulnerabilities
❖ Cybersecurity attacks
❖ Cybersecurity solutions (models and mechanisms)
❖ The importance of cybersecurity in software engineering
SiTE - AAiT - AAU 41
Vulnerabilities
vulnerabilities are weaknesses in the software, hardware, people that can
be exploited by attacker

a weakness or absence of security controls that could be exploited by a

threat

• can be technical, physical, procedure or other

• vulnerabilities exist in security policies and procedures

SiTE - AAiT - AAU 42

Vulnerability…
It’s impact is determined by the intersection of three elements:

• A system susceptibility or flaw

• Attacker access to the flaw, and
• Attacker capability to exploit the flaw

Common causes

• Design and development flaws

• Poor security management
• Incorrect implementation
• Incorrect usage

SiTE - AAiT - AAU 43

Classification of Vulnerabilities

Vulnerabilities are classified according to the asset:

• Hardware.
• Software.
• Network.
• Personal.
• Physical site.
• Organizational.

SiTE - AAiT - AAU 44

 Chapter One
❖ Cyber and cyberspace
❖ Security, information security and cybersecurity
❖ Objectives/goals of cybersecurity
❖ Cybersecurity threats (challenges)
❖ Cybersecurity vulnerabilities
❖ Cybersecurity attacks
❖ Cybersecurity solutions (models and mechanisms)
❖ The importance of cybersecurity in software engineering
SiTE - AAiT - AAU 45
 Cyber attack
❖ An illegal act to Espionage/Spying
gain something
from a computer
system Denial of Service/
Destruction/ Hijack
❖ Compromise of
– Confidentiality,
– Integrity,
– Availability
Interception

SiTE - AAiT - AAU 46

 Or
ga L
Impacts of cyber
ni
Cl
attacks os
za s Nation
osDecre
Loss public S Cyber
ti
Money theft ase Econo of al Crisis
Political
in
Confidence oc
Terrorism
o Espio S Image
g Marke ial mic
n nage ovDegra
S t CrCrisis
A erdation
er Share isi
ss ei
vi s
et g
ce
L nt
os y
s

SiTE - AAiT - AAU

Types of cyber attacks
❖ Based on goal/target ❖ Based on methods/tools
– Cyber fraud – Phishing
• Social engineering
– Cyber spying
– Brute force attack
– Cyber bullying
– Denial of Service (DoS)
– Cyber warfare
– Malware
– etc
– etc

SiTE - AAiT - AAU 48

Cyber fraud, spying and bullying
Cyber fraud

• Cyber attacks that are generally

aimed at gaining monetary or related
gains for the perpetrator.

Cyber spying

• Cyber attacks aimed at gaining

information for the perpetrator.
• One aim of cyber- spying may be to sell
the information gained
Cyber bullying

• Cyber attacks which are designed to

frighten and intimidate individuals rather
than businesses or government

SiTE - AAiT - AAU 49

Cyber warfare
An extreme form of cyber attack where at least one of the
parties involved is a nation state.

These are much harder to validate as, for obvious reasons, neither the
perpetrator or the victim wish to release information

Examples.

• Government and critical infrastructure sites attacked by DoS attacks

with a view to taking them offline
• Malware introduced to target and damage government and
infrastructure facilities

SiTE - AAiT - AAU 50

Cyber warfare: global cases

USA Vs China

Russia? Vs USA

North Korea Vs
South Korea, USA

Israel, USA? Vs Iran

SiTE - AAiT - AAU

Phishing
Phishing is the attempt to acquire sensitive information, often for
malicious reasons, by masquerading as a trustworthy entity in an
electronic communication

Spear phishing

• targets specific organizations for confidential data

Whaling

• the targets are high-ranking bankers, executives or others in

powerful positions or job titles

SiTE - AAiT - AAU 52

Phishing…
www.facebook.com or www.faceb00k.com
www.ethiotelecom.et or www.ethiote1ecom.et

SiTE - AAiT - AAU

Social engineering attack
❖ It is a non-technical
method that relies
heavily on human
interaction and often
involves tricking
people into breaking
normal security
procedures

SiTE - AAiT - AAU 54

Brute force attack
❖ It is a trial and error method
❖ Generates large number of guesses
and validate them to obtain
passwords
❖ Dictionary attack
– Contains a list of commonly used
passwords and validate them to get
original password

SiTE - AAiT - AAU 55

Denial of Service (DoS)
❖ Implies that an attacker disables or corrupts
networks, systems, or services with the
intent to deny services to intended users
❖ DoS attacks involve either crashing the
system or slowing it down to the point that
it is unusable
❖ DoS can also be as simple as deleting or
corrupting information which involves
running a hack or script.
❖ Example: E-mail bombs, Misconfiguring
routers, Out-of-band attacks 56
SiTE - AAiT - AAU
Malware

❖ Malware - malicious ❖ Types of malware

software – Virus
– Worm
❖ Malicious computer
– Trojan horse
program that runs without
– Backdoor
the consent of user. – Spyware
– Bots
– Rootkit
– etc

SiTE - AAiT - AAU 57

Viruses
❖ Self replicating.
❖ Require host to spread.
❖ Interfere with computer operation.
❖ Corrupt or delete data.
❖ Targets are:
– Executable files.
– Disk's boot sector.
– Documents that supports macros.

SiTE - AAiT - AAU 58

Worms
❖ Self-replicating.
❖ Spread over a network.
– May not need user intervention
❖ Don’t need to attach on existing programs.
❖ Use exploitable vulnerabilities.
– Un-patched machines are vulnerable
❖ Propagate carrying dangerous payloads.

SiTE - AAiT - AAU 59

Trojan Horses
❖ Appear to have useful purpose, but
hide a malicious capability.
❖ Crash systems or destroy data.
– E.g. A DVD writer software package
appears to convert read-only DVD
drive into a drive that could write
DVDs.
❖ Allow an attacker to access data.
SiTE - AAiT - AAU 60
Backdoors
❖ Allows an attacker to access a machine using an alternative entry method.
❖ Bypass normal system security controls such as user IDs and passwords.
❖ The remote attacker:
– Can reconfigure or install any software.
– Will have greater understanding and control of the machine.
– May harden the system to prevent other attackers - doing the job of the legitimate
system administrator.
❖ If you don't own your machine, someone else will own it for
you.
SiTE - AAiT - AAU 61
Backdoor Trojan Horses
❖ Backdoors melded into Trojan horses.
❖ The attacker control the system remotely.
❖ Harvest sensitive information from the victim.
❖ Types of Trojan Horse Backdoor
– Application-level Trojan horse backdoor
– User-mode Rootkits
– Kernel-mode Rootkits

SiTE - AAiT - AAU 62

Application-level Trojan horse backdoors
❖ Separate application to a system to control it across the
network.
– Analogy: An attacker adds poison to your soup that you are
going to eat.
❖ Types of application-level Trojan horse backdoors
– Remote-Control Backdoors
– Bots
– Spyware

SiTE - AAiT - AAU 63

Remote-Control Backdoors
A Remote-Control Backdoor Can
❖ Full control of any file on the system
❖ Remotely execute any command
❖ Log keystrokes - gather passwords &
sensitive information
❖ Pop-up dialog - utilize social engineering
❖ GUI control - control keyboard and mouse.
❖ Sniffers - gather packets from the LAN.
SiTE - AAiT - AAU 64
Bots
❖ Bots are software programs to control many infected
machines simultaneously by a single attacker .
❖ Some of Bot functionalities are:
❖ Denial-of service flood
❖ Vulnerability scanner
❖ File morphing capabilities
❖ Anonymizing HTTP proxy
❖ E-mail address harvester
SiTE - AAiT - AAU 65
Spyware
❖ Performs certain activities without users’ consent, such as:
– Gathering users' surfing habits to know their interest & advertise.
– Collecting personal information
– Phone no., address, credit card no. etc
– Customizing or filtering Web search results
– Inserting pop-up ads
– Changing the configuration of users’ computer
– Grabbing keystrokes and sending them to the attacker
❖ Spyware is often associated with adware that displays ads.
SiTE - AAiT - AAU 66
User-Mode Rootkits
❖ Modify critical operating system executables or libraries to let
an attacker have backdoor access and hide on the system.
– Analogy: An attacker replaces the potatoes in your soup
with genetically modified potatoes that are poisonous.
❖ One of the technique is the in memory modification of
system DLLs.

SiTE - AAiT - AAU 67

 Kernel-Mode Rootkits
❖ The kernel is modified to foster backdoor access and allow
the attacker to hide.
❖ The kernel itself becomes a Trojan horse, looking like a nice,
well-behaved kernel.
– Analogy: An attacker replace your tongue with a modified,
poison tongue .
❖ Have execution redirection capability.
– Intercepts calls and map to run attacker’s application.
❖ Kernel-Mode Rootkits can hide file, process, network port
usage
SiTE - AAiT - AAU 68
Malware Propagation Mechanisms
❖ Removable Storage
❖ Floppy disks
❖ Flash disks.
❖ Memory cards. etc
❖ Shared Directories
❖ A multiuser file server
❖ Vulnerable (un-patched) machines.
❖ Vulnerable browsers
SiTE - AAiT - AAU 69
Malware Propagation Mechanisms…
❖ Downloads
– Illicit software, games, etc that
appear useful and attractive but
hiding malicious programs.
❖ E-Mail attachments
– Executable files & documents
– Funny images & greeting cards
– Audio and video files. Etc
– Virustotal.com

SiTE - AAiT - AAU 70

Malware Propagation Mechanisms…
❖ Phishing Attacks and URL Obfuscation
– E-mail with no attachment, but link to a web site that appears to
belong to a legitimate enterprise but to an evil web site.
– The e-mails are spoofed to appear to come from a trusted
source.

SiTE - AAiT - AAU 71

 Chapter One
❖ Cyber and cyberspace
❖ Security, information security and cybersecurity
❖ Objectives/goals of cybersecurity
❖ Cybersecurity threats (challenges)
❖ Cybersecurity vulnerabilities
❖ Cybersecurity attacks
❖ Cybersecurity solutions (models and mechanisms)
❖ The importance of cybersecurity in software engineering
SiTE - AAiT - AAU 72
Discussion

•Technical
What are the main •Managerial
cybersecurity solutions •Human related
•Physical

SiTE - AAiT - AAU 73

Cybersecurity solutions
Are cybersecurity controls which will help to Solutions Can be
defend cyber attacks and assure cybersecurity
•Technical
Different models and approaches are •Managerial
recommended
•Human related
• Defence in depth •Physical
• Standards and frameworks
• ISO27001
• NIST Cybersecurity Framework

SiTE - AAiT - AAU 74

 Defense-in-Depth

Using a layered
Strong passwords, ACLs,
approach: Data encryption, EFS, backup

❖ Increases an
and restore strategy
Application Application hardening
attacker’s risk of OS hardening, authentication,
Host update management, antivirus updates,
detection auditing
❖ Reduces an attacker’s Internal network Network segments, IPSec, NIDS

chance of success Perimeter

Firewalls, boarder routers, VPNs with
quarantine procedures
Physical security Guards, locks, tracking devices
Security policies, procedures, and
Policies, procedures, and awareness
education

SiTE - AAiT - AAU

NIST Cybersecurity Framework
❖ Developed by US
National Institute
of Standards and
Technology
❖ It is a Framework
for Improving
Critical
Infrastructure
Cybersecurity
❖ Consists five
functions and 21
categories

SiTE - AAiT - AAU 76

ISO/IEC 27001 and 27002 (Standards)
❖ Developed by ISO and IEC
❖ ISO/IEC 27001:2022
Information security,
cybersecurity and privacy
protection — Information
security management
systems — Requirements
❖ ISO/IEC 27002:2022
Information security,
cybersecurity and privacy
protection — Information
security controls
SiTE - AAiT - AAU 77
Cybersecurity good practices
❖ Harden your system configuration
❖ Look for unusual TCP and UDP Ports
– Close unused ports
❖ Apply security patches.
❖ Use difficult-to-guess passwords.
❖ Use antivirus and antispyware.
– Update your antivirus and antispyware

SiTE - AAiT - AAU 78

Cybersecurity good practices…
❖ Use the Internet Carefully
– Don’t use vulnerable browser.
– Make sure that e-mail attachments are from source and are not
malicious before opening them.
– Don't respond to unsolicited e-mail that appears to come from
e-commerce sites or banks.
– When you surf to a Web site that requests sensitive information
make sure that the site is legitimate.

SiTE - AAiT - AAU 79

Cybersecurity good practices…
❖ Handle Pop-up dialog boxes carefully
❖ Don’t do everything your computer tells you to do.
❖ E.g. attacker
password
collector

SiTE - AAiT - AAU 80

Cybersecurity good practices…
❖ Know your software before install
– Check it using antivirus and antispyware.
– Make sure that the developer is trustworthy.
– Run software from trusted developers only.
– Check the digital fingerprint to verify that the program has not
been altered.

SiTE - AAiT - AAU 81

Chapter One
❖ Cyber and cyberspace
❖ Security, information security and cybersecurity
❖ Objectives/goals of cybersecurity
❖ Cybersecurity threats (challenges)
❖ Cybersecurity vulnerabilities
❖ Cybersecurity attacks
❖ Cybersecurity solutions (models and mechanisms)
❖ The importance of cybersecurity in software engineering
SiTE - AAiT - AAU 82
Importance
Attackers are constantly trying to find security
breaches in software systems.

Software is now a critical part of most businesses,

• organizations and developers need to be aware of

the potential threats and the way to defend them

Importance of cyber security measures have become

integral to software development

• to ensure systems are safe from malicious attacks

and unauthorized access.
• to ensure user privacy
software security has become a crucial factor in the
success of any modern business.

SiTE - AAiT - AAU 83

 • When
securit
y
measur
Benefits of security in software development
• By
es are
implem
in
enting
Protects place,
securit
organiz
the y
reputatio • ations
When
measur
can
n of securit
es,
• protect
ySecurit
organiza
Reduce organiz
their
ymeasur
ations
tions.
s reputati
measur
es are
can
on
security es
in
reduce help
risks. from
ensure
place,
Ensures • the securit
that
organiz
HIPAA,
securit
user yGDPR,
users’
ations
y risks
privacy. • breach data
can
and
Cyber
posed be
es.
and
confide
other
securit
Provides by
informa
nt
ysecurit
malicio that
peace of tion
ytheir
measur
us
mind.
Ensures remain
data
regulati
es can
actors.
regulatio secure.
and
ons
help
n system
require
organiz
complia sations
organiz
Saves
nce. remain
ations
save
the safe
to
money have
bottom from
securit
by
line. ymalicio
prevent
us
measur
ing
SiTE - AAiT - AAU attacks
es in
securit 84
.yplace.
Benefits for software engineers
Protect themselves from cyber attack

Protect their systems from cyber attack

Select secure systems and platforms for their work

Develop secure systems which contribute towards

• Secure citizens
• Secure organizations
• Secure nation

May engage on cybersecurity jobs

SiTE - AAiT - AAU 85

 Thank you!

SiTE - AAiT - AAU 86