Fundamentals of Information Security

Prof.Rakshith, Assistant Professor

Computer Science & Engineering – Cyber Security
 CHAPTER-5
E-Commerce, Digital payments, and its security
Overview of social media and its security

Social media has become an integral part of modern society, allowing people to
connect, share, and communicate with one another on a global scale. While it
offers numerous benefits, it also poses various security challenges.

What is Social Media?

Social media refers to online platforms and technologies that enable users to
create, share, and exchange content in the form of text, images, videos, and links.
Popular social media platforms include Facebook, Twitter, Instagram, LinkedIn,
Snapchat, and many more. Social media facilitates social networking, content
sharing, and communication, making it an essential tool for personal,
professional, and business use.
What is social media security?

Social media security refers to the measures businesses and individuals take to
protect the privacy, confidentiality and information of their social media
accounts.

It envelops various aspects such as privacy settings, account authentication,

awareness of phishing and scams, third-party apps and permissions, secure
browsing habits and more.

Protecting personal or business data and minimizing risks is crucial as social

media platforms grow in popularity and interconnectivity.
Cont...

 Unconfigured privacy settings increase the risk of unauthorized access

and potential data breaches
 Cybercriminals can exploit inadequate social media monitoring for
suspicious activities, spreading malware and impersonating your
company, thereby compromising its security
 Underestimating social engineering attacks and lacking tailored plans to
handle security incidents often leading to delays in effectively
addressing breaches
Cont...
What’s at stake? Protection of confidential information, preservation of
online reputation and prevention of online harassment or cyberbullying.
Yet companies frequently overlook social media security. Maybe because it
might not be the most exciting part of creating a social media strategy. But it
can be the key factor that safeguards your business from severe security
breaches or substantial financial losses.
On that note, let’s explore the benefits of social media security for individuals
and businesses.
Benefits of social media security
Understanding the benefits of social media security is a good starting point for
both individuals and businesses alike to ensure a safer and more secure online
presence.
Cont...
Benefits of social media security for individuals

It protects personal privacy: Social media security protects sensitive information,

prevents unauthorized access and defends against identity theft, fraud and
online abuse. By limiting access to trusted individuals, it ensures a higher level
of privacy.
It enhances online reputation management: It allows for better control over
one's online presence, protecting against reputational damage from
inappropriate content or harassment. Moreover, it creates a safer and more
enjoyable online experience by minimizing interactions with cyberbullies.
It protects sensitive corporate data: Social media security plays a vital role in
protecting intellectual property. It prevents unauthorized access and serves as
a shield against data breaches. This is especially crucial for businesses relying
heavily on social media platforms for marketing and sharing valuable data.
Cont...
Benefits of social media security for businesses
It mitigates brand reputation risks: Actively monitoring and addressing security
threats is key to safeguarding a brand's reputation. It helps reduce the risk of
unauthorized access to social media accounts, ensuring the protection of
valuable assets. By prioritizing security, businesses enhance their credibility
and foster trust among customers and stakeholders.
It helps to stay compliant with regulations and standards: Implementing strong
security practices is essential to comply with data protection regulations,
preserving customer trust and upholding industry standards. Businesses can
safeguard themselves from potential legal and financial consequences,
ensure the safety of sensitive data and maintain a reputable position in the
market by prioritizing security.
Cont...
Issues involving Cybersecurity for social media
As social media has grown by leaps and bounds, it has brought various
benefits simultaneously and has posed serious social media cyber security
concerns. It also acts as a vulnerable platform to be exploited by hackers.
Some issues associated are pointed out below.

Privacy of Data: Users share their personal information on social media,

which can cause privacy breaches. It can also sometimes cause personal data
loss or instigate hackers to leverage the same for malicious reasons. For
example, a user’s information can be viewed by everyone if the user’s default
setting is public.
Cont...

 Data Mining: We all leave a data trail behind on the internet. When
someone creates a new social media account and provides details such
as date of birth, name, location, and personal habits, and without our
knowledge, all these data are leveraged and shared with third-party for
targeting advertising. It can cause security concerns as third-party may
collect real-time updates on the user’s location.
 Virus and Malware Attacks: Malware and viruses quite often find a
way into the computer system through annoying ads. Once gaining
access to the network, the attacker steals confidential data or causes
complete disruption to the computer system. This often causes the loss
of all kinds of data – personal, professional, financial, etc.
Cont...

 Issues involving the use of 3rd Party Applications: Most applications

nowadays ask permission from users to access personal information such
as contacts, pictures, and current geographic location before installing, and
some of these applications which are running in the background might
download malware on the user’s phone or smart devices without their
knowledge.

 Legal Issues: There are legal risks associated with the use of social
media, like posting offensive content towards any individual, community,
or country. Often, legal actions can be and are taken when such offensive
posts are made and uploaded by any individual or organization.
Risks & Challenges
Identity Theft: As millions share their personal information to get registered on one or
more social media platforms, this data becomes vulnerable as hackers and identity
thieves use this information to reset passwords, apply for loans, or other malicious
objectives.
Romance Scams: A romance scam is a fraudulent scheme in which a swindler pretends
romantic interest in a target, establishes a relationship, and then attempts to get
money or sensitive information from the target under pretenses.
Whistle-blowers: People are often impulsive on social media; they show their vexation
with their colleagues or bosses without thinking. They may deliberately reveal sensitive
data in their posts, which can cause significant damage to the reputation of the
organization.
Cont...
 Cyber Stalking: It refers to harassment over the internet. Cyberstalkers harass
victims on social media by sending unpleasant and lewd messages. They
morph photos of victims and circulate them on social media, alleging rumors
making the victim’s life unbearable.
 Cyber Bullying: It refers to bullying through the digital medium. It can take
place on social media, gaming, and messaging platforms. It is aimed at scaring,
shaming, or annoying the targeted victim.
 Cyber Terrorism: Nowadays, social media is also used to facilitate terrorism-
related activities. It can support, promote, engage, and spread terrorism
propaganda like incitement to terrorism, recruitment, radicalizing training,
and planning of terrorist attacks.
Cont...
 Connect our devices only to authorized wifi access, use privacy options provided
by various mobile operating systems, use auto-lock features, and download
apps only from authorized app stores.
 Keep the operating system updated with the latest patches, turn on the
firewall, and avoid installing cracked software.
 Ensure our antivirus is updated and scans are performed frequently.
 We need to be smart using the internet and avoid visiting untrusted websites;
referral links to visit websites are never to be clicked; instead, type in the
browser’s URL address.
 We must accept friend requests only from people we know and block those
who post upsetting content or comments.
The most common social media security risks

• Phishing attacks and scams

• Imposter accounts
• Malware attacks and hacks
• Vulnerable third-party apps
• Password theft
• Privacy settings and data security
• Unsecured mobile devices
Phishing attacks and scams
Phishing scams are some of the most common social media cyber
security risks. In a phishing scam, the goal is to get you or your
employees to hand over passwords, banking details, or other sensitive
information.

One common phishing scam involves fake coupons for big-name brands
like Costco, Starbucks, and Bath & Body Works. This is especially popular
on Facebook. To claim the coupon, you have to hand over personal
information like your address and birth date.
Source: Facebook

Some scammers are bolder, asking for banking information and passwords
for a coupon processing fee.

Romance scams are another common social media security

problem: 40% of those who fall victim to this type of scam say it started on
social media. The FTC reports that for users aged 18-29, sextortion scams
originating on Instagram and Snapchat were of particular concern in 2022.

For Americans aged 20 to 39, social media is the most common contact
method for scammers.
Malware attacks and hacks
In one of the more embarrassing recent social media cyber security
incidents, the personal Twitter account of the U.S. Ambassador at
Large for Cyberspace & Digital Policy was hacked in February:

If hackers gain access to your social media accounts, they can

cause enormous brand reputation damage. If they manage to install
malware, there is even greater risk.

In 2022, the “Ducktail” campaign was found to target employees on

LinkedIn, then convince them to open an attachment containing
malware. The malware used browser cookies to hijack the target’s
Facebook Business accounts.
Vulnerable third-party apps
Locking down your own social accounts is great. But hackers may still be
able to gain access to your secure social media through vulnerabilities in
connected third-party apps

Instagram specifically warns about third-party apps that claim to provide

likes or followers:

“If you give these apps your login information, whether with an access
token or by giving them your username and password, they can gain
complete access to your account. They can see your personal messages,
find information about your friends, and potentially post spam or other
harmful content on your profile. This puts your security, and the security of
your friends, at risk.”
Password theft
Those social media quizzes that ask about your first car might seem like harmless
fun. But online social media challenges and quizzes are a common method
for gathering password information or gaining personal details that are often
used as forgotten password clues.

By completing them, employees can accidentally create social media security

issues.

Privacy settings and data security

People seem to be well aware of the potential privacy risks of using social media.
Overall trust in social networks’ ability to protect privacy and data has been
shrinking in recent years. In particular, TikTok has recently been in the news as
governments around the world restrict access to the platform on official
equipment based on data security concerns.
Cont…

Those concerns, of course, don’t stop people from using their favorite social
channels. The number of active social media users grew 4.2% in 2022 to 4.74
billion people.

Make sure you – and your team – understand the privacy policies and
settings for both your personal and business accounts. You should provide
privacy guidelines for employees who use their personal social accounts at
work.
Unsecured mobile phones

Mobile devices account for more than half the time we spend online. Social
media apps make it easy to access your social media accounts with just one tap.

That’s great as long as your phone stays in your own hands. But if your phone,
or an employee’s phone, is lost or stolen, one-tap access makes it easy for a
thief to access social accounts. Then they can post to your account, or even
message your connections with phishing or malware attacks.

Protecting the device with a password, fingerprint, or face verification helps,

but a surprising number of mobile users still leave their phones unlocked.
1. Create a social media policy
A social media policy is a set of guidelines that outline how your business and your employees should
use social media responsibly.

This will help protect you not only from social media and cyber security threats, but from bad PR or legal
trouble as well.

At minimum, the security section of your social media policy should include:

 Rules related to personal social media use on business equipment

 Social media activities to avoid, like quizzes that ask for personal information
 Which departments or team members are responsible for each social media account
 Guidelines on how to create an effective password and how often to change passwords
 Expectations for keeping software and devices updated
 How to identify and avoid scams, attacks, and other security threats
 Who to notify and how to respond if a social media security concern arises
For more details, check out our step-by-step guide to creating a social media policy. It includes loads of
examples from different industries.
2. Require two-factor authentication

Two-factor authentication is not foolproof, but it does provide a powerful

extra layer of security for your social media accounts. You don’t have to
take our word for how important this is – Instagram head Adam Mosseri
reminds his followers every month.
3. Train your staff on social media security awareness
Even the best social media policy won’t protect your organization if your
employees don’t follow it. Of course, your policy should be easy to understand.
But training will give employees the chance to engage, ask questions, and get a
sense of how important it is to follow.

These training sessions are also an opportunity to review the latest threats on
social. You can talk about whether there are any sections of the policy that need
updating.

It’s not all doom and gloom. Social media training also equips your team to use
social tools effectively. When employees understand best practices, they feel
confident using social media for their work. They’re then well-equipped to use
social media safely for both personal and professional purposes.
4. Limit access to increase social media data security

Limiting access to your social accounts is the best way to keep them secure.
You might be focused on threats coming from outside your organization.
But employees are a significant source of data breaches.

You may have whole teams of people working on social media messaging,
post creation, or customer service. But that certainly doesn’t mean that
everyone needs to know the passwords to your social accounts.

It’s critical to have a system in place that allows you to revoke access to
accounts when someone leaves your organization or changes roles. Learn
more about how this works in the Tools section below.
5. Set up a system of approvals for social posts

Not everyone who works on your social accounts needs the ability to post.
It’s an important defensive strategy to limit the number of people who can
post on your accounts. Think carefully about who needs posting ability and
why.

You can use Hootsuite to give employees or contractors the ability to draft
messages. Then, they’re all set to post at the press of a button. Leave that
last button press to a trusted person on your team.
6. Put someone in charge
Assigning a key person as the eyes and ears of your social presence can go a long way
towards mitigating risks. This person should:

 own your social media policy

 monitor your brand’s social presence
 determine who has publishing access
 be a key player in the development of your social media marketing strategy
This person will likely be a senior player on your marketing team. But they should
maintain a good relationship with your company’s IT department to ensure marketing
and IT work together to mitigate risk.

This is the person team members should turn to if they ever make a mistake on social
that might expose the company to risk of any kind. This way the company can initiate
the appropriate response.
7. Set up an early warning system with social media security
monitoring tools
Keep an eye on all of your social channels. That includes the ones you use
every day as well as the ones you’ve registered but never used at all.

Assign someone to check that all the posts on your accounts are legitimate.
Cross-referencing your posts against your content calendar is a great place to
start.
Cont…
Follow up on anything unexpected. Even if a post seems legitimate, it’s worth
digging into if it strays from your content plan. It may be simple human error. Or,
it may be a sign that someone has gained access to your accounts and is testing
the water before posting something more malicious.

Use your social media monitoring plan to watch for:

 imposter accounts
 inappropriate mentions of your brand by employees
 inappropriate mentions of your brand by anyone else associated with the
company
 negative conversations about your brand
You can learn how to monitor all the conversations and accounts relevant to your
brand in our complete guide to social media listening. And check out the Tools
section below for information on resources that can help.
8. Regularly check for new social media security issues

Social media security threats are constantly changing. Hackers are always
coming up with new strategies, and new scams and viruses can emerge at any
time.

Regular audits of your social media security measures

Cont…
 Access and publishing privileges. Check who has access to your social media
management platform and social accounts. Update as needed. Make sure all
former employees have had their access revoked. Check for anyone who’s
changed roles and no longer needs the same level of access.
 Recent social media security threats. Maintain a good relationship with your
company’s IT team to improve your social media security awareness. They
can keep you informed of any new social media security risks. And keep an
eye on the news—big hacks and major new threats will be reported in
mainstream news outlets.
 Your social media policy. This policy should evolve over time. As new
networks gain popularity, security best practices change and new threats
emerge. A quarterly review will make sure this document remains useful and
helps to keep your social accounts safe.
Cyber security of digital devices
Digital security refers to the economic and social aspects of cybersecurity, as
opposed to purely technical aspects and those related to criminal law
enforcement or national and international security. The term “digital” is
consistent with expressions such as digital economy, digital transformation
and digital technologies. It forms a basis for constructive international
dialogue between stakeholders seeking to foster trust and maximise
opportunities from ICTs
Cont...

What Is Digital Security?

Digital security is a set of best practices and tools used to safeguard your
personal data and online identity. Password managers, parental controls, and
antivirus software are examples of such tools. Since that definition can seem
a little abstract, here’s a real-life analogy.
Think for a moment about your most prized physical possessions. You might
make a point to lock your expensive car in your garage, put your heirloom
jewelry in a safe, or store the title to your house in a safety deposit box. Such
actions keep these objects safe from damage, destruction, and theft.
Cont...

Your digital assets have the same — if not more — value. They hold the
keys to your identity. Yet you share information online every day.
You post on social media, sign up for newsletters, and log in to online
banking portals. And in the absence of thoughtful digital security, any
errant sensitive information could be quietly inviting identity theft.
Cont...

Cybersecurity for digital devices refers to the practice of protecting

computers, smartphones, tablets, and other electronic devices from a
range of online threats and security risks. These devices are vulnerable to
various forms of cyberattacks, and ensuring their security is essential to
safeguard personal information, sensitive data, and overall digital well-
being.
Cont...

1. Protection from Malware: This involves using antivirus and anti-

malware software to detect and remove malicious software, such as
viruses, Trojans, ransomware, and spyware.

2. Data Encryption: Encrypting sensitive data on devices and during

transmission ensures that even if a device is compromised, the data
remains secure.

3. Access Control: Using strong, unique passwords and enabling multi-

factor authentication (MFA) to prevent unauthorized access.
Cont...

4. Firewalls: Employing firewalls to filter and monitor incoming and outgoing

network traffic, blocking potentially harmful connections.

5. Regular Software Updates: Keeping device operating systems, applications,

and firmware up to date to patch known vulnerabilities.

6. Network Security: Securing Wi-Fi networks with strong passwords and

encryption, disabling unnecessary services, and using virtual private networks
(VPNs) for added security.
Cont...

10. Mobile Device Security: Protecting mobile devices with strong PINs,
biometric authentication, and installing apps only from official app stores.

11. Physical Security: Ensuring the physical protection of devices to prevent

theft or tampering.

12. User Awareness and Training: Educating users about common threats,
social engineering, and best practices for staying safe online.
Cyber Security Tools

Protecting our IT environment is very critical. Every organization needs

to take cybersecurity very seriously. There are numbers of hacking
attacks which affecting businesses of all sizes. Hackers, malware, viruses
are some of the real security threats in the virtual world. It is essential
that every company is aware of the dangerous security attacks and it is
necessary to keep themselves secure. There are many different aspects
of the cyber defence may need to be considered. Here are six essential
tools and services that every organization needs to consider to ensure
their cybersecurity is as strong as possible.
Cyber Security Tools

1. Splunk
Splunk is an extensive cybersecurity software that can monitor network security.
It is used to conduct both real-time network monitoring and threat data
searches. It possesses a streamlined user interface for acquiring, indexing and
assembling data and generating real-time alerts, summaries, dashboards and
infographics.
2. Metasploit
Experts use Metasploit to achieve a variety of security goals, like identifying
system vulnerabilities, increasing computer system security, building cyber
defence tactics and conducting security assessments. This tool can evaluate
different systems, such as web-based apps, servers and networks. It can detect
security problems as soon as they appear, ensuring that your security is always
up to date.
Cyber Security Tools

3. John the Ripper

Cybersecurity experts may utilise this tool to test password strength. It helps
them discover weak passwords that pose a security risk to a system. It can
identify sophisticated cyphers, encrypted logins, hash-type passwords and
weak passwords, all of which can pose a significant threat to a secure system.
4. BitDefender
BitDefender is a cloud-based antivirus network solution that protects your
computer from a range of cyber threats. It comes with innovative security
procedures and technology to safeguard personal data and online privacy. The
software also includes anti-phishing and anti-theft capabilities for real-time
data security, online privacy and advanced threat defence.
Cyber Security Tools

9. Acunetix
Acunetix is an intuitive tool that enables businesses to protect their web
applications from data breaches. It detects and monitors web security
concerns and assists security experts in resolving them quickly. It is also
possible to automatically detect out-of-band vulnerabilities and audit complex
applications with this tool.
Cyber Security Tools
5. Kali Linux
This is a penetration testing tool that software testers employ to look for
weaknesses in their IT systems. You can use this tool during IT system audits to
assess the penetrability of a network or firewall system. Network administrators
can use it as an administration tool to monitor a network system from a single
device rather than installing the software on each device manually. It is a versatile
program because it can observe the tools used on a network while also examining
the hosts.
6. Wireshark
Wireshark is open-source network software that can analyse network protocols in
real-time and improve security. It is a console-based password auditing and packet
sniffer tool you can use to audit passwords, networks and packet pathways.
Cybersecurity specialists utilise this program to collect data packets and analyse
the properties of those packets, which aids in the detection of network security
flaws.
Cyber Security Tools

7. Snort
Snort is an open-source network security software that can scan networks and
prevent infiltration. Security professionals use it to conduct network traffic
analysis designed to check traces of suspected breaches. It notifies users of
intrusions and protects them by blocking malicious communications. It can also
conduct protocol assessments, recognise attacks on a system and search for
data gathered from traffic.
. TotalAV
TotalAV Antivirus provides comprehensive protection for all of your personal
and office devices in a single, easy-to-use computer and mobile application. It
protects against ransomware, malware, spyware and adware in real-time. It
also improves battery life by reducing background processes, improving startup
time and clearing junk files.
Cyber Security Tools

1. Firewalls:
- Firewall Appliances: Hardware-based devices that filter network traffic
to block or allow data packets based on predefined security rules.
- Firewall Software: Software-based solutions that provide network
security by filtering traffic at the operating system or application level.

2. Antivirus and Anti-Malware Software:

- These tools detect and remove various forms of malware, including
viruses, Trojans, worms, and spyware.
Cyber Security Tools

3. Intrusion Detection and Prevention Systems (IDS/IPS):

- IDS monitors network traffic for suspicious activity, while IPS can block or
respond to detected threats automatically.

4. Security Information and Event Management (SIEM):

- SIEM solutions collect, correlate, and analyze data from various sources to
identify and respond to security incidents.

5. Vulnerability Scanners
- These tools scan systems and networks to identify weaknesses and
vulnerabilities that could be exploited by attackers.
Cyber Security Tools
6. Encryption Tools:
- Encryption software and hardware tools protect data at rest and in transit,
ensuring that it remains confidential and secure.

7. Multi-Factor Authentication (MFA):

- MFA technologies provide an additional layer of security by requiring users to
provide two or more authentication factors (e.g., password, biometrics, smart
cards) to access a system or application.

8. Virtual Private Networks (VPNs):

- VPNs establish secure, encrypted connections over the internet, ensuring the
privacy and security of data transmitted between two points.
Cyber Security Tools

9. Access Control and Identity Management:

- These tools manage user access to resources and systems, ensuring that only
authorized individuals can access sensitive data.

10. Network and Web Application Firewalls:

- These specialized firewalls protect against attacks targeting network
infrastructure and web applications.

11. Endpoint Detection and Response (EDR):

- EDR tools monitor and respond to security threats on individual devices
(endpoints), providing detailed information about incidents.
Cyber Security Tools

12. Security Awareness Training Tools:

- These platforms offer training and education to employees and users to
raise awareness of cybersecurity best practices.

13. Penetration Testing Tools:

- Pen testing tools help ethical hackers identify vulnerabilities and
weaknesses in a system or network.

14. Incident Response and Forensic Tools:

- These tools assist in analyzing and responding to security incidents and
breaches.
Cyber Security Tools

15. Cloud Security Tools:

- Tools designed to secure cloud environments, including identity and
access management, encryption, and threat detection.

16. Web Application Security Tools:

- Tools like web application firewalls, code scanners, and vulnerability
assessment tools help protect web applications from threats.

17. Container Security Tools:

- As containerization grows in popularity, specialized tools for securing
containers and orchestration platforms (e.g., Kubernetes) are essential.
Cyber Security Tools

18. Artificial Intelligence (AI) and Machine Learning (ML):

- AI and ML technologies are increasingly used in cybersecurity to detect and
respond to threats by identifying patterns and anomalies.

19. Blockchain for Security:

- Blockchain can be used to enhance the security of transactions, identity
verification, and data integrity in various applications.

20. Secure Development Tools:

- Tools that help developers write more secure code by identifying and fixing
vulnerabilities during the development process.
Cyber Security Tools

21. Security Analytics Tools:

- Tools that provide insights into security data and assist in making
informed decisions regarding threat detection and response.
Cybersecurity plan
A cybersecurity plan is a comprehensive strategy that outlines how an
organization will protect its information technology systems, networks, and
data from cyber threats.
1. Risk Assessment:
- Identify and assess potential cyber risks, vulnerabilities, and threats that
the organization may face.

2. Security Policies and Procedures:

- Develop and document security policies, guidelines, and procedures that
define how employees should handle data, access systems, and respond to
security incidents.
Cont…

3. Access Control:
- Define access control measures, including user authentication,
authorization, and least privilege principles to restrict access to sensitive
information.
4. Network Security:
- Implement firewalls, intrusion detection and prevention systems, and
encryption to protect data in transit and at rest.
5. Endpoint Security:
- Secure devices such as computers, smartphones, and IoT devices through
antivirus software, patch management, and mobile device management
(MDM) solutions.
Cont…

6. Incident Response Plan:

- Develop a well-defined incident response plan that outlines the steps to take
in the event of a cybersecurity incident, including roles and responsibilities,
communication procedures, and recovery strategies.
7. Security Awareness Training:
- Provide cybersecurity awareness training to employees to educate them
about threats like phishing, social engineering, and best practices.
8. Regular Updates and Patch Management:
- Keep software, operating systems, and firmware up to date to fix known
vulnerabilities.
Cont…
9. Data Encryption:
- Implement encryption mechanisms to protect sensitive data and ensure its
confidentiality.
10. Backup and Recovery:
- Establish data backup and recovery procedures to minimize downtime and
data loss in case of an incident.
11. Vendor and Supply Chain Security:
- Assess and monitor the security practices of third-party vendors and suppliers
to ensure they do not introduce vulnerabilities.
12. Regulatory Compliance:
- Ensure compliance with relevant data protection laws and industry
regulations.
Crisis Management
Crisis management in the context of cybersecurity refers to the actions an
organization takes when a significant security incident or breach occurs. The
primary goals of crisis management are to minimize the impact of the breach,
maintain the organization's reputation, and facilitate recovery. Key components
of a crisis management plan include:
1. Incident Identification and Assessment:
- Quickly detect and assess the extent of the security incident, identifying the
nature of the breach and the affected systems or data.
2. Communication Plan:
- Define a communication strategy that involves notifying internal and external
stakeholders, including employees, customers, partners, regulatory authorities,
and the public, as required.
Cont…
3. Containment and Eradication:
- Take immediate actions to contain the incident and prevent further damage.
Identify the root cause and eradicate the threat.
4. Forensics and Investigation:
- Conduct a thorough forensic investigation to understand the incident's scope,
how it occurred, and its impact.
5. Legal and Regulatory Compliance:
- Ensure compliance with legal obligations and regulatory requirements, including
reporting incidents to relevant authorities.
6. Public Relations and Reputation Management:
- Manage public relations to maintain the organization's reputation and trust
among stakeholders.
Cont…

7. Recovery and Resumption:

- Develop a recovery plan to restore affected systems, data, and operations.
Ensure that lessons learned are incorporated into future cybersecurity
measures.
8. Post-Incident Analysis:
- Analyze the incident to understand what went wrong, why it happened, and
how to prevent similar incidents in the future.
9. Training and Exercises:
- Conduct periodic training and exercises to ensure that the crisis
management plan is well-practiced and that employees know their roles during
a crisis.
Risk-based assessment
A risk-based assessment is a fundamental approach in cybersecurity that helps
organizations identify, evaluate, and prioritize potential security risks and
vulnerabilities based on their potential impact and likelihood. It provides a
structured way to allocate resources, implement security measures, and make
informed decisions to protect digital assets. Here's an explanation of risk-based
assessment in cybersecurity:
1. Risk Identification:
- The first step in a risk-based assessment is identifying all potential risks to an
organization's information technology systems, networks, and data. This involves
considering various sources of risk, such as external threats (e.g., hackers,
malware), internal threats (e.g., employee errors or malicious insiders), and
environmental factors (e.g., natural disasters).
Cont…

2. Risk Assessment:
- After identifying potential risks, the next step is to assess them. This
involves determining the likelihood of each risk occurring and the potential
impact it could have on the organization's assets, operations, reputation,
and financial health. Risks are typically assessed on a scale, often from low to
high, based on their severity and likelihood.

3. Risk Analysis:
- Risk analysis involves quantifying and measuring identified risks, typically
using methodologies such as risk matrices, risk scoring, or other risk
assessment models. The goal is to assign numerical values to risks, which can
help prioritize them.
Cont…
4.Risk Prioritization:
- Once risks are quantified and assessed, they can be prioritized based on their
significance. Risks that pose the highest potential impact and likelihood receive
top priority for mitigation and management efforts.
5. Risk Mitigation:
- After prioritization, organizations develop strategies to mitigate or manage the
most critical risks. This may involve implementing security measures, controls,
and best practices to reduce the likelihood and impact of identified risks.
6. Risk Acceptance:
- Some risks may be deemed acceptable, particularly if the cost of mitigation
outweighs the potential impact. In such cases, organizations formally accept the
risks while maintaining awareness and monitoring.
Cont…

7. Risk Monitoring and Review:

- Continuous monitoring is crucial to ensure that the risk landscape remains up
to date. Risks may evolve, new threats may emerge, or existing controls may
become ineffective, requiring ongoing assessment and adjustment.

8. Documentation and Reporting:

- Throughout the risk-based assessment process, detailed documentation is
essential. This includes recording the identified risks, assessment results,
mitigation plans, and ongoing monitoring efforts. Reporting to relevant
stakeholders is also important for transparency and accountability.
Cont…

9. Adaptive Strategy:
- Cybersecurity is dynamic, so organizations must adapt their strategies as
the threat landscape evolves. Regularly reviewing and updating the risk
assessment and mitigation strategies is crucial.

10. Compliance and Regulations:

- Organizations should also consider any industry-specific regulations or
legal requirements related to cybersecurity and ensure that they are
compliant with them.
What is a cyber security risk assessment?

A cyber security risk assessment is the process of identifying, analysing and

evaluating risk. It helps to ensure that the cyber security controls you choose
are appropriate to the risks your organisation faces.
Without a risk assessment to inform your cyber security choices, you could
waste time, effort and resources. There is little point implementing measures
to defend against events that are unlikely to occur or won’t impact your
organisation.
Likewise, you might underestimate or overlook risks that could cause
significant damage. This is why so many best-practice frameworks, standards
and laws – including the GDPR (General Data Protection Regulation) – require
risk assessments to be conducted.
ISO 27001 and Cyber risks
The international standard ISO/IEC 27001:2013 (ISO 27001) provides the specifications for a
best-practice ISMS (information security management system) – a risk-based approach to
information security risk management that addresses people, processes and technology.
Clause 6.1.2 of the Standard sets out the requirements of the information security risk
assessment process. Organisations must:

 Establish and maintain specific information security risk criteria;

 Ensure that repeated risk assessments “produce consistent, valid and comparable results”;
 Identify “risks associated with the loss of confidentiality, integrity and availability for
information within the scope of the information security management system” and
identify the owners of those risks; and
 Analyse and evaluate information security risks, according to the criteria established
earlier.
Cont…

It is essential that organisations “retain documented information about

the information security risk assessment process” so that they can
demonstrate that they comply with these requirements.
They will also need to follow several steps – and create relevant
documentation – as part of the information security risk treatment
process.
IT Governance cyber risk assessment service

Our team of qualified cyber security advisers will provide business-driven

consultation on the overall process of assessing information risk. They will
offer support, guidance and advice in the following areas:
 Identifying the assets that require protection.
 Identifying relevant threats and weaknesses.
 Identifying exploitable vulnerabilities.
Assessing the level of threat posed by threat agents.
Cont…

 Determining the business impacts of risks being realised.

 Producing a security risk assessment.
 Advising on a risk acceptance threshold or level of
acceptance.
 Advising on suitable control implementation.
Cyber risk assessment should be a continual activity. A comprehensive
enterprise security risk assessment should be conducted at least once a year or
when significant changes occur to the business, the IT estate, or legal
environment to explore the risks associated with the organisation’s information
systems. An enterprise security risk assessment can only give a snapshot of the
risks of the information systems at a particular point in time.
What is a Cybersecurity Audit?

A cybersecurity audit involves a comprehensive analysis and review of your

IT infrastructure. It detects vulnerabilities and threats, displaying weak links
and high-risk practices.
Significant benefits of IT security audits are:
 Risk assessment and vulnerability identification
 Strengthened security measures
 Compliance with regulations and standards
 Incident response preparedness
 Safeguarding sensitive data and customer trust
Proactive threat detection and prevention
Cont…

 Out-of-date technology– Being dependent on older technologies like old

software, old hardware, outdated policies & practices, and outdated services
can leave you vulnerable to emerging threats.
 Risks flowing widely over opportunities – You should experiment and innovate
with new technologies. If you’re afraid of adopting new technologies with the
concern that new tech will expose you to new threats, then it’s time to
strengthen your security framework.
 Thinking your Business is “Too small” for cybersecurity Audit – Do you believe
that only large-scale companies require cybersecurity Audits? Think Again!
Regardless of size, most companies are increasingly outsourcing services,
enabling third parties to closely examine your critical systems and practices.
Organizations of all sizes can benefit from a cybersecurity assessment.
The Scope of a Cybersecurity Audit
Cybersecurity audits ensure a 360-degree in-depth audit of your organization’s
security posture. They aim to identify vulnerabilities, risks, and threats that may
affect the organization. These audits cover various areas, including:
 Data Security – involves reviewing network access control, encryption use,
data security at rest, and transmissions.
 Operational Security – involves a review of security policies, procedures,
and controls.
 Network Security – a review of network & security controls, anti-virus
configurations, security monitoring capabilities, etc.
 System Security – This review covers hardening processes, patching
processes, privileged account management, role-based access, etc.
Cont…

 Physical Security – a review that covers disk encryption, role-based

access controls, biometric data, multifactor authentication, etc.
 Beyond these, a cybersecurity audit can also cover cybersecurity risk
management, cyber risk governance, training & awareness, legal,
regulatory & contractual requirements, technical security controls,
business continuity & incident management, and third-party
management.
External Security Audit:

 Independence: External auditors offer an unbiased assessment as they

are not directly involved in the company’s day-to-day operations.
 Expertise and Experience: External auditors often have specialized
knowledge and experience in conducting security audits across various
industries.
 Compliance and Regulations: External audits help ensure compliance
with industry regulations, standards, and legal requirements.
 Objectivity: External auditors objectively evaluate the company’s
security controls without any internal bias or conflicts of interest.
Internal Security Audit:

 In-depth Knowledge: Internal auditors have a better understanding of

the company’s internal systems, processes, and culture, which allows
for a more comprehensive assessment.
 Cost-effectiveness: Conducting internal audits can be more cost-
effective since there is no need to engage external resources.
 Continuous Monitoring: Internal audits can be performed regularly,
providing ongoing monitoring and evaluation of the organization’s
security measures.
 Company-specific Focus: Internal audits can specifically address the
company’s unique security challenges and requirements.
Cybersecurity Audit

A cybersecurity audit is a comprehensive examination of an organization's IT

infrastructure, systems, processes, and policies to determine the effectiveness
of its security measures and identify areas of improvement. The primary
objectives of a cybersecurity audit are as follows:

1. Assessing Security Controls: Evaluate the effectiveness of security controls in

place, such as firewalls, intrusion detection systems, and encryption methods.

2. Risk Assessment: Identify potential security risks and vulnerabilities within the
organization's digital assets, including data, applications, and systems.
Cont…

3. Compliance Verification: Ensure that the organization adheres to regulatory

requirements, industry standards, and internal policies related to
cybersecurity.

4. Incident Response Evaluation: Assess the organization's readiness and

capability to respond to security incidents and breaches effectively.

5. Review of Access Controls: Evaluate user access controls, authentication

mechanisms, and authorization processes to prevent unauthorized access to
sensitive data.
Cont…

6. Security Awareness: Examine the organization's security awareness

training and education programs to ensure that employees are
knowledgeable about security best practices.

7. Data Protection: Review data encryption, backup, and recovery

procedures to safeguard against data loss and breaches.

8. Documentation and Records: Verify that all relevant cybersecurity

documentation, including policies, procedures, and incident response plans,
are up-to-date and well-maintained.
Cont…

9. Third-Party and Vendor Assessment: Assess the security practices of

third-party vendors and service providers with access to the organization's
systems and data.

10. Recommendations: Provide recommendations and actionable insights

for improving cybersecurity controls, mitigating identified risks, and
enhancing overall security posture.
Cybersecurity Compliance

Cybersecurity compliance involves meeting the legal, regulatory, and industry-

specific requirements related to information security. Different organizations
may be subject to various compliance frameworks, such as:

1. General Data Protection Regulation (GDPR): Applicable to organizations

handling personal data of European Union (EU) citizens.
2. Health Insurance Portability and Accountability Act (HIPAA): Relevant to
healthcare organizations that handle protected health information (PHI).
3. Payment Card Industry Data Security Standard (PCI DSS): Mandatory for
businesses that handle credit card transactions.
Cont…

4. National Institute of Standards and Technology (NIST) Cybersecurity

Framework: Provides guidelines for enhancing cybersecurity and is widely
used in various industries.

5. Sarbanes-Oxley Act (SOX): Applies to publicly traded companies to ensure

financial data integrity and security.
The compliance process involves several steps

- Assessment: Determine which compliance regulations apply to the

organization and assess the current state of compliance.

- Gap Analysis: Identify areas where the organization falls short of compliance
requirements and develop plans to address these gaps.

- Policy Development: Create or revise policies, procedures, and controls to

align with compliance standards.
Cont…

- Implementation: Deploy security measures, controls, and technologies that

meet compliance requirements.

- Monitoring and Reporting: Continuously monitor and report on security

measures to ensure ongoing compliance.

- Auditing: Conduct internal and external audits to verify adherence to

compliance standards.
Cont…

- Documentation: Maintain accurate and detailed records of compliance

efforts and audits.

Non-compliance with regulatory requirements can result in legal and financial

consequences, while a robust compliance program helps protect an
organization's reputation and instills trust among customers and stakeholders.
Cybersecurity audits and compliance efforts are integral to maintaining the
security and integrity of an organization's information and digital assets.
do’s and don’ts

DO’S
• Create strong passwords that are at least eight characters long, and including at
least a numerical value and a symbol, such as #, to foil password-cracking
software. Avoid common words, and never disclose a password online.
• Change your password every ninety days.
• Perform regular backups of important data.
• Create a password for your files in order to protect file sharing activities.
• Physically secure your laptop
• Delete any message that refers to groups or organizations that you are not a
part of.
• Download and install software only from online sources you trust.
• Never click on a link from an untrusted source.
Cont…

• Close windows containing pop-up ads or unexpected warnings by clicking on

the “X” button in the upper most right hand corner of that window, not by
clicking within the window.
• Use antivirus software, and update it on a regular basis to recognize the latest
threats. Heed ITR security alerts to download antidotes for newly circulating
viruses and worms.
• Regularly update your operating system, Web browser, and other major
software, using the manufacturers' update features, preferably using the auto
update functionality.
• Set Windows or Mac updates to auto-download.
• Save attachments to disk before opening them. McAfee “Auto-Protect” will
automatically scan your attachments if you save them to disk.
Cont…

DON’TS
• Never write down your password. Especially on a Post-It note stuck to your
computer!
• Never give out your password to anyone, whether you know them or not.
• Never select the "Remember My Password" option. Many applications do not
store them securely.
• Never purchase anything promoted in a spam message. Even if the offer isn’t
a scam, you are only helping to finance and encourage spam.
• Please refrain from opening an e-mail attachment, even from someone you
know well, unless you were expecting it.
Cont…

• Avoid creating common passwords such as your name, social security, UNI,
etcetera.
• Do not leave your laptop unattended, even for a few minutes.
• Never reply to e-mail(s) requesting financial or personal information.
• Avoid opening e-mail(s) or e-mail attachments from an unknown sender.
• Please refrain from clicking on the close button within pop-up ads.
• Under no circumstances should you install or use pirated copies of software.
• Do not install P2P file sharing programs which can illegally download
copyrighted material.
• Never set your e-mail program to "auto-open" attachments.
Dos and Don'ts of Information Security Awareness
Computers are indispensable learning tools nowadays, and it is of utmost
importance to understand how to secure the computers, the data, and other
electronic devices. Below are some tips to help raising the awareness against
information leakage and IT security attacks.
General
People is the weakest link in information security as in many cases the
leakage can be avoided if the person involved can have better knowledge in
data protection. Users are recommended to develop information security
mindset, build and reinforce good practice through regular updates of
information security awareness.
Computer/Data Usage

Risk DOs DON'Ts

o Loss of data o Be accountable for your IT assets o Don’t store sensitive
o Compromis and data information in portable
device without strong
e security o Adhere to Policies on Use of IT
encryption
policies Services and Resources
o Don’t leave your computer /
o Misuse of o Use good judgement to protect your
sensitive documents unlocked
data data
o Don’t discuss something
o Protect your laptop during trip
sensitive in public place.
o Ensure sensitive information on the People around you may be
computer screen is not visible to listening to your conversation
others
o Protect your user ID and password
Surfing Web
Risk DOs DON'Ts
o Virus o Validate the website you are accessing o Don't download data from doubtful
sources
o Worms o Install personal Firewall
o Don't visit untrustworthy sites out of
o Trojan o Be cautious if you are asked for personal
curiosity, or access the URLs provided
information
o Spyware in those websites
o Use encryption to protect sensitive data
o Malware o Don't use illegal software and
transmitted over public networks and the
programs
Internet
o Don't download programs without
o Install anti-virus, perform scheduled virus
permission of the copyright owner or
scanning and keep virus signature up-to-
licensee (e.g. the use of BT software)
date
o Apply security patching timely
o Backup your system and data, and store it
securely
Email

Risk DOs DON'Ts

o Junk mail o Do scan all email attachments for o Don't open email
o Spam mail viruses before opening them attachments from unknown
sources
o Virus o Use email filtering software
o Only give your email address to o Don't send mail bomb,
o Phishing forward or reply to junk
Email people you know
email or hoax message
o Use PGP or digital certificate to
o Don’t click on links
encrypt emails which contain
embedded in spam mails
confidential information; staff can
use confidential email o Don’t buy things or make
charity donations in response
o Use digital signature to send
emails for proving who you are to spam email
E-Commerce
Risk DOs DON'Ts
o Identity o Check the terms and disclaimers of an e-shopping o Don’t make any e-shopping
theft site before acquiring its service transactions using
computers in Internet cafe
o Choose well-known or trustworthy e-shopping sites
o Don't visit untrustworthy
o Check the trustworthiness of the e-commerce
sites out of curiosity
website (e.g. checking the SSL certificate)
o Don’t use easily-guessed
o Use digital certificate for executive transactions over
password, such as HKID
the web
card number, phone
o Use strong password, and change your password on number, date of birth
a regular basis
o Don’t share your IDs with
o Logout immediately after you finished your e- others
shopping activities
o Retain and review your transaction records
o Use different passwords for bank accounts,
university accounts and external accounts
Public Terminals

Risk DOs DON'Ts

o Account Access o Always reboot when starting o Don’t leave without

o Information Loss to use the public PCs closing all browsers and
logging out from the
o Clean up cache files after use
public PCs
o Don't let others watch
over your shoulder while
logging in or doing online
transactions
How to Secure Your Computer

o Patch the system regularly

o Install security software (e.g. web filtering, anti-Virus, anti-Spam, anti-
Spyware, personal firewall etc.)
o Beware of P2P software (e.g. BT, Foxy, eMule)
www.paruluniversity.ac.in