UNILESA, Faculty of Computing

Lecture Note

On

Introduction to Cybersecurity and Strategy

Prepared by:

Dr. A.E.A. Kareem,

A.A. Womiloju and

J.O. Adesoji

1
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

2
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

Course Information:
Course Code: CYB 201

Course Unit: 2.0

Course Status: Core

Level: 200 Level

Department: Cybersecurity

Learning Objectives:
At the end of this course, students should be able to understand:
1. Basic cybersecurity concepts, its methods, elements, and terminologies of cybersecurity,
security, threat, attack, defence, and operations;
2. Describe common cyber-attacks and threats, cybersecurity issues, challenges and
proffered solutions, and build an enhanced view of main actors of cyberspace and cyber
operations;
3. The techniques for identifying, detecting, and defending against cybersecurity threats,
attacks and protecting information assets;
4. Impact of cybersecurity on civil and military institutions, privacy, business and
government applications;
5. Identify the methods and motives of cybersecurity incident perpetrators, and the
countermeasures employed by organisations and agencies to prevent and detect those
incidences and software application vulnerabilities; and
6. State the ethical obligations of security professionals, evaluate cybersecurity and national
security strategies to the typologies of cyber-attacks that require policy tools and
domestic response, and define the cybersecurity requirements and strategies evolving in
the face of big risk.

3
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

Course Contents:
 Basic concepts: cyber, security, confidentiality, integrity, availability, authentication,
access control, non-repudiation and fault-tolerant methodologies for implementing
security.
 Security policies, best current practices, testing security, and incident response.
 Risk management, disaster recovery and access control.
 Basic cryptography and software application vulnerabilities.
 Evolution of cyber-attacks.
 Operating system protection mechanisms, intrusion detection systems, basic formal
models of security, cryptography, steganography, network and distributed system
security, denial of service (and other) attack strategies, worms, viruses, transfer of funds/
value across networks, electronic voting, secure applications.
 Cybersecurity policy and guidelines.
 Government regulation of information technology.
 Main actors of cyberspace and cyber operations.
 Impact of cybersecurity on civil and military institutions, privacy, business and
government applications; examination of the dimensions of networks, protocols,
operating systems, and associated applications.
 Methods and motives of cybersecurity incident perpetrators, and the countermeasures
employed by organisations and agencies to prevent and detect those incidences.
 Ethical obligations of security professionals.
 Trends and development in cybersecurity.
 Software application vulnerabilities.
 Evolution of cybersecurity and national security strategies, requirements to the
typologies of cyber-attacks that require policy tools and domestic response.
 Cybersecurity strategies evolving in the face of big [Link] of standards and
frameworks.

4
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON ONE

BASIC CONCEPT OF CYBERSECURITY

Cyber security is the most concerned matter as cyber threats and attacks are overgrowing.
Attackers are now using more sophisticated techniques to target the systems. Individuals, small-
scale businesses or large organization, are all being impacted. So, all these firms whether IT or
non-IT firms have understood the importance of Cyber Security and focusing on adopting all
possible measures to deal with cyber threats.

1.1 What is cyber security?

"Cyber security is primarily about people, processes, and technologies working together to
encompass the full range of threat reduction, vulnerability reduction, deterrence, international
engagement, incident response, resiliency, and recovery policies and activities, including
computer network operations, information assurance, law enforcement, etc."
OR
Cyber security is the body of technologies, processes, and practices designed to protect networks,
computers, programs and data from attack, damage or unauthorized access.
• The term cyber security refers to techniques and practices designed to protect digital data.
• The data that is stored, transmitted or used on an information system.
OR
Cyber security is the protection of Internet-connected systems, including hardware, software, and
data from cyber attacks. It is made up of two words one is cyber and other is security.

• Cyber is related to the technology which contains systems, network and programs or data.
• Whereas security related to the protection which includes systems security, network
security and application and information security.

1.2 Why is cyber security important?

Listed below are the reasons why cyber security is so important in what’s become a predominant
digital world:
• Cyber attacks can be extremely expensive for businesses to endure.

5
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

• In addition to financial damage suffered by the business, a data breach can also inflict
untold reputational damage.
• Cyber-attacks these days are becoming progressively destructive. Cybercriminals are
using more sophisticated ways to initiate cyber attacks.
• Regulations such as GDPR are forcing organizations into taking better care of the
personal data they hold.

Because of the above reasons, cyber security has become an important part of the business and
the focus now is on developing appropriate response plans that minimize the damage in the event
of a cyber attack.

But, an organization or an individual can develop a proper response plan only when he has a
good grip on cyber security fundamentals.

1.3 Cyber security Fundamentals

Confidentiality: Confidentiality is about preventing the disclosure of data to unauthorized

parties. It also means trying to keep the identity of authorized parties involved in sharing and
holding data private and anonymous. Often confidentiality is compromised by cracking poorly
encrypted data, Man-in-the-middle (MITM) attacks, disclosing sensitive data. Standard measures
to establish confidentiality include:

• Data encryption
• Two-factor authentication
• Biometric verification
• Security tokens

Integrity: Integrity refers to protecting information from being modified by unauthorized

parties. Standard measures to guarantee integrity include:

• Cryptographic checksums
• Using file permissions
• Uninterrupted power supplies
6
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

• Data backups

Availability: Availability is making sure that authorized parties are able to access the
information when needed. Standard measures to guarantee availability include:

• Backing up data to external drives

• Implementing firewalls
• Having backup power supplies
• Data redundancy

Authentication: is an inevitable requirement of each establishment because it enables

organizations to have their networks secured by permitting only authenticated users to access
its secure resources. These resources may include networks, computer systems, websites,
databases and other network-based applications or services
Authenticity: An authentication may be a process that certifies and confirms a user's identity
or applicable role that somebody has. Authentication is often accomplished in a number of
ways, but it's usually reinforced by a mix of something the user

- has (e.g. a smart card or a radio key for keeping secret keys),
- knows (e.g. a password),
- is (e.g. a human biometric, fingerprint).

Access Control:

Non-repudiation: is important to ensure that a party cannot deny having sent or received
a message or transaction. This includes protecting against message tampering and replay
attacks. Common techniques used to establish non-repudiation include digital signatures,
message authentication codes and timestamps.

Non-repudiation is a security concept that proves a person or entity took a specific action
at a specific time. Non-repudiation is often achieved through cryptography, such as
digital signatures, which ensure that a party cannot deny sending information or the
authenticity of their signature.

Fault-Tolerant Methodologies for Implementing Security: Fault-tolerant security

methodologies are crucial for ensuring the reliability and resilience of security systems in

7
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

the face of various failures, attacks, or disruptions. Here are some key methodologies to
consider:

a) Redundancy and Failover:

* Multiple Security Layers: Employing multiple security layers, such as firewalls, intrusion
detection systems (IDS), and intrusion prevention systems (IPS), provides redundancy and
increases the difficulty for attackers to bypass defenses.

* Load Balancing: Distributing traffic across multiple security devices or servers can improve
performance and fault tolerance. If one component fails, others can take over the load.

* Failover Mechanisms: Implementing failover mechanisms, such as redundant servers or

network devices, allows for automatic switching to backup systems in case of failures.

Continuous Monitoring and Error Detection:

* Real-time Monitoring: Continuously monitor security logs, system performance metrics, and
network traffic to detect anomalies and potential threats.

* Automated Alerts: Configure automated alerts to notify security teams of critical events or
security breaches.

* Intrusion Detection Systems (IDS): Utilize IDS to identify and log suspicious activity within
networks or systems.

b) Security Information and Event Management (SIEM):

* Centralized Logging: Collect and analyze security logs from various sources to gain a
comprehensive view of security events.

* Correlation and Analysis: Correlate events to identify patterns and potential threats.

* Incident Response Automation: Automate certain incident response tasks, such as blocking IP
addresses or isolating compromised systems.
8
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

c) Regular Security Assessments and Penetration Testing:

* Vulnerability Scanning: Identify and assess vulnerabilities in systems and applications.

* Penetration Testing: Simulate attacks to uncover weaknesses and improve security posture.

* Regular Security Audits: Conduct regular security audits to evaluate compliance with security
policies and standards.

d) Security Awareness and Training:

* Employee Training: Educate employees about security best practices, such as strong password
policies, phishing awareness, and social engineering tactics.

* Regular Security Awareness Campaigns: Conduct regular campaigns to reinforce security

awareness and promote a culture of security.

e) Incident Response Planning:

* Incident Response Plan: Develop a comprehensive incident response plan that outlines
procedures for detecting, responding to, and recovering from security incidents.

* Regular Testing and Updates: Regularly test and update the incident response plan to ensure
its effectiveness.

f) Additional Considerations:

* Diversity of Security Controls: Utilize a diverse set of security controls to reduce the risk of a
single point of failure.

* Regular Updates and Patching: Keep security software and systems up-to-date with the latest
patches and updates to address vulnerabilities.

* Third-Party Risk Management: Assess and manage the security risks associated with third-
party vendors and partners.

9
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

* Data Backup and Recovery: Implement robust data backup and recovery procedures to
minimize data loss in case of a security breach or system failure.

By combining these fault-tolerant security methodologies, organizations can significantly

enhance their security posture, reduce the risk of breaches, and minimize downtime in the event
of security incidents.

1.4 The Seven Layers of Cybersecurity

There are 7 layers of cyber security which center on the mission critical assets you are seeking to
protect.

1: Mission Critical Assets – This is the data you `need to protect

2: Data Security – Data security controls protect the storage and transfer of data.

3: Application Security – Applications security controls protect access to an application, an

application’s access to your mission critical assets, and the internal security of the application.

4: Endpoint Security – Endpoint security controls protect the connection between devices and the
network.

10
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

5: Network Security – Network security controls protect an organization’s network and prevent
unauthorized access of the network.

6: Perimeter Security – Perimeter security controls include both the physical and digital security
methodologies that protect the business overall.

7: The Human Layer – Humans are the weakest link in any cyber security posture. Human
security controls include phishing simulations and access management controls that protect
mission critical assets from a wide variety of human threats, including cyber criminals, malicious
insiders, and negligent users.

11
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON TWO

SECURITY POLICIES, BEST CURRENT PRACTICES, TESTING

SECURITY, AND INCIDENT RESPONSE

2.1 Security Policies

Security policies are a formal set of rules which is issued by an organization to ensure that the
user who are authorized to access company technology and information assets comply with rules
and guidelines related to the security of information. A security policy also considered to be a
"living document" which means that the document is never finished, but it is continuously
updated as requirements of the technology and employee changes. We use security policies to
manage our network security. Most types of security policies are automatically created during
the installation. We can also customize policies to suit our specific environment.

Need of Security policies

1) It increases efficiency.
2) It upholds discipline and accountability
3) It can make or break a business deal
4) It helps to educate employees on security literacy

Security policies also provide a formal framework to protect an organization's information and
IT infrastructure. They set expectations, guidelines, and procedures to mitigate security risks.
The key aspects of a good security policy include:

 Access Control: Defines how users are granted, modified, and revoked access to systems
and data. It should incorporate principles like least privilege and need-to-know.

 Data Protection: Policies that outline how to handle, store, and transfer sensitive data,
ensuring it remains confidential, integral, and accessible only to authorized users.

12
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Password Policy: Specifies requirements for creating strong passwords, including

length, complexity, and regular updates. It may also define multi-factor authentication
(MFA) requirements.

 Security Awareness: Requires training and continuous education for all staff to ensure
they understand threats like phishing, social engineering, and best practices for security.

 Incident Management: Outlines procedures for responding to security incidents,

including detection, investigation, mitigation, and reporting.

 Compliance: Ensures the organization follows relevant laws and regulations like GDPR,
HIPAA, or PCI-DSS.

2.2 Best Current Practices in Security

Some of the best security practices that are widely followed in the industry include:

 Zero Trust Security: A model that assumes no one, whether inside or outside the
organization, should automatically be trusted. It requires continuous verification of users,
devices, and systems.

 Encryption: Use encryption for data both in transit and at rest to ensure data
confidentiality and integrity.

 Multi-Factor Authentication (MFA): An additional layer of security beyond passwords

that require two or more verification factors, such as something the user knows
(password), something they have (phone or hardware token), or something they are
(biometrics).

 Regular Software Updates: Ensure that systems, applications, and software are
regularly patched and updated to protect against known vulnerabilities.

 Network Segmentation: Divide the network into smaller, isolated sections to limit the
scope of a potential breach and improve control over sensitive areas.

13
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Backup and Recovery: Implement regular backups and test recovery procedures to
ensure data can be restored quickly in case of a cyberattack, such as ransomware.

 Logging and Monitoring: Continuously monitor systems for unusual activity or security
events and keep detailed logs for incident investigations.

 Penetration Testing: Regularly test security by simulating attacks to identify

weaknesses in systems and processes.

2.3 Testing Security

Testing security measures is essential for ensuring the effectiveness of an organization’s

defenses. Types of security testing include:

 Vulnerability Scanning: Using automated tools to scan systems and networks for known
vulnerabilities. It’s a proactive approach to identifying weaknesses before they can be
exploited.

 Penetration Testing (Pen Testing): Simulating a cyberattack by ethical hackers to find

exploitable vulnerabilities. This is a more thorough and manual test compared to
automated scanning.

 Red Teaming: A more comprehensive and adversarial form of testing where a group of
security professionals tries to breach the system like a real-world attacker would,
providing valuable insights into both technical and operational weaknesses.

 Security Audits: Independent and formal reviews of an organization’s security policies,

controls, and practices to ensure compliance with internal standards and external
regulations.

14
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Application Security Testing (Static and Dynamic Analysis): Testing applications for
vulnerabilities by inspecting the source code (static analysis) or running the application in
an environment to see how it behaves under different conditions (dynamic analysis).

 Social Engineering Testing: Testing the organization’s human element by attempting to

manipulate employees into divulging information, clicking on malicious links, or
executing actions that undermine security.

2.4 Incident Response

Incident response (IR) refers to the actions taken to detect, investigate, contain, and recover from
security incidents. A structured incident response plan is critical for minimizing the impact of
security breaches. Key components of an incident response plan include:

 Preparation: Set up necessary tools, teams, and procedures to respond to incidents. This
includes creating an incident response team (IRT) and conducting regular training
exercises.

 Identification: Detecting the occurrence of an incident is the first critical step. This is
done through continuous monitoring, threat intelligence, and automated alerts.

 Containment: Once an incident is identified, the next goal is to limit its impact. There
are two levels of containment:
o Short-term containment: Isolate affected systems immediately to prevent the
incident from spreading.
o Long-term containment: Implement temporary fixes to keep operations running
while investigation continues.

 Eradication: After containment, the root cause of the incident should be removed. This
includes eliminating malware, closing exploited vulnerabilities, or disabling
compromised accounts.

15
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Recovery: This step focuses on restoring systems and services to normal operation while
monitoring for any signs of the incident recurring.

 Lessons Learned: After the incident, a post-mortem should be conducted to understand

what went wrong, how it was handled, and how to improve future responses. This
feedback loop helps to refine the incident response plan and security posture

16
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON THREE

RISK MANAGEMENT

Risk management is the process of identifying, assessing, and controlling risks to an

organization’s assets, resources, and operations. The goal is to minimize the impact of potential
threats and maximize opportunities while ensuring the organization can continue to meet its
objectives. In the context of information security, risk management involves understanding risks
to data, systems, and networks and implementing strategies to mitigate those risks.

3.1 Steps in Risk Management:

1. Risk Identification: Recognize potential risks that could affect the organization. These
may be external (e.g., cyberattacks, natural disasters) or internal (e.g., human errors,
system failures).
2. Risk Assessment: Analyze the likelihood and potential impact of identified risks. This
involves evaluating the severity of each risk and its potential consequences.
3. Risk Mitigation: Implement strategies to reduce the likelihood or impact of risks. This
may include deploying security measures, training employees, or purchasing insurance.
4. Risk Monitoring: Continuously monitor risks and mitigation efforts to ensure they
remain effective over time.

3.1.1 Key Tools:

 Risk assessment frameworks (e.g., ISO 31000, NIST)

 Threat modeling
 Vulnerability assessments

3.2 Disaster Recovery (DR)

Disaster recovery refers to the strategies and measures an organization uses to recover from a
catastrophic event or disruption that causes significant operational downtime. The focus of
disaster recovery is ensuring that critical business operations can be resumed with minimal
17
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

downtime and data loss, typically following events like hardware failures, cyberattacks, or
natural disasters.

3.2.1 Key Components of a Disaster Recovery Plan (DRP):

1. Business Impact Analysis (BIA): Identify the most critical business functions and the
impact of their disruption.
2. Recovery Time Objective (RTO): Define the maximum allowable downtime for critical
systems and services.
3. Recovery Point Objective (RPO): Establish the maximum data loss acceptable, which
guides how frequently data backups should occur.
4. Disaster Recovery Strategies:
o Backup Systems: Regular data backups, either on-site or in the cloud.
o Failover Mechanisms: Redundant systems that can take over in case the primary
systems fail.
o Data Replication: Real-time or near-real-time copying of data to a secure
location.
o Cloud-based Recovery: Use of cloud providers for rapid scalability and recovery
after disaster.

3.2.2 Testing and Documentation:

 Regular testing and drills to ensure the DRP works in real scenarios.
 Comprehensive documentation of recovery procedures for all critical systems.

3.3 Access Control

Access control is the practice of regulating who can view or use resources in a computing
environment. It is a fundamental aspect of security, ensuring that only authorized users or
systems can access sensitive information, networks, or applications. Access control mechanisms
are vital to protecting the confidentiality, integrity, and availability of information.

3.3.1 Types of Access Control:

18
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

1. Discretionary Access Control (DAC): The owner of a resource decides who can access
it. Typically used in smaller or less formal systems.
2. Mandatory Access Control (MAC): Access is granted or denied based on policies set
by the system administrator, often used in high-security environments like government
agencies.
3. Role-Based Access Control (RBAC): Access is granted based on the role a user holds
within an organization, ensuring that users have access only to the information necessary
for their job.
4. Attribute-Based Access Control (ABAC): Access is determined based on the attributes
of the user, the resource, and the environment (e.g., time of day, location).

3.3.2 Access Control Models:

 Authentication: Verifying the identity of a user or system (e.g., username/password,

biometrics, multifactor authentication).
 Authorization: Determining what an authenticated user is allowed to do (e.g., read,
write, delete permissions).
 Audit: Recording user activities to detect unauthorized actions or potential security
breaches.

3.3.3 Access Control Mechanisms:

 User Permissions: Assigning rights to users based on their roles or needs.

 Least Privilege Principle: Ensuring users only have the minimum access necessary to
perform their job functions.
 Separation of Duties (SoD): Ensuring that no single user has control over all aspects of
a critical process, to prevent fraud or errors.

How These Concepts Interrelate:

 Risk Management and Disaster Recovery: Risk management informs disaster recovery
planning by identifying potential threats and assessing their impact. Effective risk
management helps prioritize disaster recovery efforts and allocate resources accordingly.
19
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Risk Management and Access Control: Access control is a critical component of risk
management. By implementing proper access control measures, an organization can
reduce the risk of unauthorized access, data breaches, and insider threats. Risk
management helps determine the level of access required for different roles, ensuring that
the organization’s assets are protected while allowing employees to perform their duties.

 Disaster Recovery and Access Control: Access control plays a key role in disaster
recovery by ensuring that, during a disaster or recovery event, only authorized personnel
can access recovery systems or backup data. Proper access control mechanisms protect
the recovery process from unauthorized interference or exploitation.

Integrated Approach Example: A company might use risk management to identify the need for
more robust disaster recovery measures, such as offsite data backups. As part of disaster
recovery, it will also need strong access control mechanisms to ensure that only authorized
employees can recover sensitive data in the event of an outage or attack. Access control policies
must be reviewed regularly to align with the company’s evolving risk management and recovery
plans.

In summary all three elements—risk management, disaster recovery, and access control—are
interrelated components of an effective information security strategy. Managing risks, preparing
for disruptions, and controlling access to resources ensures that organizations can maintain
business continuity and protect against both internal and external threats.

20
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON FOUR

BASIC CRYPTOGRAPHY AND SOFTWARE APPLICATION VULNERABILITIES

4.1 Basic Cryptography

Cryptography is a vital field in securing digital information and communications. It involves

mathematical algorithms designed to protect confidentiality, integrity, authentication, and non-
repudiation in digital systems.

Here are some of the key concepts:

1. Encryption and Decryption

o Encryption is the process of converting plaintext (readable data) into ciphertext
(unreadable data) using an algorithm and a key.
o Decryption reverses the encryption process, converting ciphertext back into
plaintext using a decryption key.
o Symmetric Encryption: The same key is used for both encryption and
decryption. Examples include AES (Advanced Encryption Standard) and DES
(Data Encryption Standard).
o Asymmetric Encryption: This uses a pair of keys: a public key for encryption
and a private key for decryption. RSA and Elliptic Curve Cryptography (ECC)
are common examples.

2. Hash Functions
o A hash function takes an input (or "message") and produces a fixed-length string,
typically a hash value, which appears random.
o The hash function is one-way: it's computationally infeasible to reverse the
process and obtain the original input.
o Common cryptographic hash functions: SHA-256, MD5 (now considered
insecure), SHA-3.
o Hashing is used for checking data integrity (e.g., verifying file downloads) and
storing passwords securely (via hashed values).
21
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

3. Digital Signatures
o A digital signature uses public-key cryptography to validate the authenticity and
integrity of a message or document.
o The process involves creating a hash of the message and encrypting it with the
sender’s private key. The recipient can verify the signature by decrypting it with
the sender's public key.
o Use case: Digital signatures are commonly used in email security, software
distribution, and contract signing.

4. Key Exchange
o The Diffie-Hellman Key Exchange is a method for securely exchanging
cryptographic keys over an insecure communication channel.
o It allows two parties to generate a shared secret key without the need to transmit it
directly, ensuring that the key cannot be intercepted.

5. Public Key Infrastructure (PKI)

o PKI is a framework that manages digital keys and certificates used in asymmetric
cryptography.
o It includes Certificate Authorities (CAs) that issue and validate digital
certificates, allowing parties to trust each other’s public keys.

6. Symmetric vs. Asymmetric Cryptography

o Symmetric: Fast and efficient but requires secure key distribution (e.g., AES,
DES).
o Asymmetric: More secure for exchanging keys over an insecure channel but
computationally slower (e.g., RSA, ECC).

7. Common Cryptographic Attacks

o Man-in-the-Middle (MitM) Attack: An attacker intercepts and potentially alters
the communication between two parties.
o Brute Force Attacks: Trying every possible key combination until the correct
one is found.
22
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

o Side-Channel Attacks: Exploiting physical aspects of the system, such as timing

or power consumption, to extract cryptographic keys.

4.2 Common Software Application Vulnerabilities

Software vulnerabilities are weaknesses in applications that could be exploited by attackers to

compromise the confidentiality, integrity, or availability of systems and data.

1. Buffer Overflow
o Definition: A buffer overflow occurs when data exceeds the allocated memory
buffer's boundaries, causing data to overwrite adjacent memory locations. This
can lead to crashes or allow attackers to inject malicious code that is executed by
the system.
o Prevention: Proper bounds checking, using safe functions (e.g., strncpy() instead
of strcpy()), and using languages with built-in memory safety (e.g., Java, Python).

2. SQL Injection
o Definition: A vulnerability in web applications where an attacker can inject
malicious SQL code into input fields, potentially giving them access to a
database, modifying data, or exfiltrating sensitive information.
o Prevention: Use parameterized queries or prepared statements to safely
handle user input. Always sanitize user inputs.

3. Cross-Site Scripting (XSS)

o Definition: XSS attacks occur when attackers inject malicious scripts (usually
JavaScript) into web pages that are then executed in the browsers of users who
view those pages. The injected script can steal session cookies, redirect users, or
perform other malicious actions.
o Types:
 Stored XSS: The malicious script is stored on the server (e.g., in a
database) and delivered to all users.

23
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Reflected XSS: The script is reflected off the web server via a URL and
executed immediately.
 DOM-based XSS: The attack manipulates the Document Object Model
(DOM) in the victim’s browser.
o Prevention: Sanitize and escape user inputs, use Content Security Policy (CSP),
and employ secure coding practices.

4. Cross-Site Request Forgery (CSRF)

o Definition: In CSRF attacks, a malicious actor tricks an authenticated user into
submitting a request that performs an action on a web application, like changing
their password, without the user's consent.
o Prevention: Use anti-CSRF tokens, ensure that actions are only performed
through POST requests, and check the Referer header or use custom request
headers for state-changing operations.

5. Insecure Deserialization
o Definition: This vulnerability arises when an application deserializes untrusted
data, allowing an attacker to manipulate or execute malicious code when the data
is deserialized (converted back into objects).
o Prevention: Avoid deserializing data from untrusted sources, use signed or
encrypted data for serialization, and perform strict validation of serialized data.

6. Privilege Escalation
o Definition: This occurs when a user gains higher privileges than they are
authorized to have, often by exploiting flaws in the software or misconfigurations.
o Prevention: Implement least privilege access controls, properly configure user
roles, and regularly audit permissions.

7. Security Misconfiguration
o Definition: Security misconfigurations occur when an application, server, or
database is not securely configured, such as leaving default credentials, enabling
unnecessary services, or exposing sensitive information.
24
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

o Prevention: Regularly update and patch software, remove unnecessary services,

and implement secure configurations for all components.

8. Race Conditions
o Definition: A race condition happens when the system’s behavior depends on the
timing or order of events, which can be exploited by attackers to cause unintended
behavior or security vulnerabilities.
o Prevention: Use proper synchronization and locking mechanisms to prevent
conflicts between competing processes or threads.

9. Broken Authentication
o Definition: A vulnerability where the authentication mechanisms (e.g., login
forms, password management) are weak or improperly implemented, allowing
attackers to bypass authentication.
o Prevention: Use multi-factor authentication (MFA), enforce strong password
policies, and use secure session management practices (e.g., regenerating session
IDs after login).

10. Sensitive Data Exposure

o Definition: Sensitive data exposure occurs when sensitive data (e.g., passwords,
credit card numbers) is stored, transmitted, or logged in an insecure manner.
o Prevention: Use encryption (e.g., AES, TLS) for data in transit and at rest, store
passwords securely using salted hashes (e.g., bcrypt), and avoid storing sensitive
data unnecessarily.

4.3 How Cryptography and Application Vulnerabilities Relate

1. Cryptography Protecting Data from Exploits:

o Cryptography helps mitigate vulnerabilities like Sensitive Data Exposure by
encrypting sensitive data both at rest and in transit. It ensures that even if an
attacker gains unauthorized access to the data, they cannot easily read it without
the correct keys.

25
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

2. SQL Injection and Cryptography:

o While SQL injection targets a flaw in an application's handling of user input,
cryptography can help protect database contents by using encryption or hashing.
For example, sensitive data in the database can be stored as hashed passwords or
encrypted fields, preventing unauthorized access even if the database is
compromised.

3. Authentication and Cryptography:

o Broken Authentication can be mitigated by using cryptographic techniques such
as digital signatures or password hashing. By securely storing and verifying
passwords (e.g., using bcrypt) and implementing MFA, systems can prevent
attackers from exploiting authentication vulnerabilities.

4. Session Hijacking and Cryptography:

o If an attacker can hijack a session, they can impersonate the user. Cryptography
plays a key role in preventing this by securing session tokens with strong
encryption and signing mechanisms.

In summary, cryptography and secure software development practices are both fundamental to
ensuring the integrity and security of modern applications. While cryptography offers tools for
protecting data and communication, software application vulnerabilities like SQL injection,
XSS, and buffer overflows need to be managed through secure coding practices, input
validation, and proper access controls. By understanding both cryptographic techniques and
common software vulnerabilities, developers can build more secure systems that are less prone to
exploitation.

26
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON FIVE

EVOLUTION OF CYBER ATTACKS

5.1 What is a cyberattack?

A cyberattack is an attempt to steal, alter, destroy, disrupt, or disable information resources and
systems found in computer networks and systems. Cyberattacks can fit into two forms:

a) An insider threats: This stem from individuals with legitimate access to the systems they
target, using their access to exploit vulnerabilities intentionally or inadvertently. They
could be committed by a dissatisfied or angry employee or a contractor with access to the
organization’s systems.
b) An outsider threats: Is from someone who doesn’t have any affiliation with the system
they’re attacking, such as criminal organizations or hackers.

5.2 Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to

alter computer code, logic or data and lead to cybercrimes, such as information and identity theft.
Cyber-attacks can be classified into the following categories:

a) Web-based attacks: These are the attacks which occur on a website or web applications.
Some of the important web-based attacks are as follows

1. Injection attacks: It is the attack in which some data will be injected into a web application
to manipulate the application and fetch the required information. Example- SQL Injection,
code Injection, log Injection, XML Injection etc.

2. DNS Spoofing: DNS Spoofing is a type of computer security hacking. Whereby a data is
introduced into a DNS resolver's cache causing the name server to return an incorrect IP
address, diverting traffic to the attackers computer or any other computer. The DNS spoofing

27
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

attacks can go on for a long period of time without being detected and can cause serious
security issues.

3. Session Hijacking: It is a security attack on a user session over a protected network. Web
applications create cookies to store the state and user sessions. By stealing the cookies, an
attacker can have access to all of the user data.

4. Phishing: Phishing is a type of attack which attempts to steal sensitive information like
user login credentials and credit card number. It occurs when an attacker is masquerading as
a trustworthy entity in electronic communication.

5. Brute force: It is a type of attack which uses a trial and error method. This attack generates
a large number of guesses and validates them to obtain actual data like user password and
personal identification number. This attack may be used by criminals to crack encrypted data,
or by security, analysts to test an organization's network security.

6. Denial of Service: It is an attack which meant to make a server or network resource

unavailable to the users. It accomplishes this by flooding the target with traffic or sending it
information that triggers a crash. It uses the single system and single internet connection to
attack a server. It can be classified into the followingVolume-based attacks- Its goal is to
saturate the bandwidth of the attacked site, and is measured in bit per second. Protocol
attacks- It consumes actual server resources, and is measured in a packet. Application layer
attacks- Its goal is to crash the web server and is measured in request per second.

7. Dictionary attacks: This type of attack stored the list of a commonly used password and
validated them to get original password.

8. URL Interpretation It is a type of attack where we can change the certain parts of a URL,
and one can make a web server to deliver web pages for which he is not authorized to
browse.

28
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

9. File Inclusion attacks: It is a type of attack that allows an attacker to access unauthorized
or essential files which is available on the web server or to execute malicious files on the web
server by making use of the include functionality.

10. Man in the middle attacks: It is a type of attack that allows an attacker to intercepts the
connection between client and server and acts as a bridge between them. Due to this, an
attacker will be able to read, insert and modify the data in the intercepted connection.

b) System-based attacks: These are the attacks which are intended to compromise a computer or
a computer network. Some of the important system-based attacks are as follows:
1. Virus: It is a type of malicious software program that spread throughout the computer
files without the knowledge of a user. It is a self-replicating malicious computer program
that replicates by inserting copies of itself into other computer programs when executed.
It can also execute instructions that cause harm to the system.
2. Worm: It is a type of malware whose primary function is to replicate itself to spread to
uninfected computers. It works same as the computer virus. Worms often originate from
email attachments that appear to be from trusted senders.
3. Trojan horse: It is a malicious program that occurs unexpected changes to computer
setting and unusual activity, even when the computer should be idle. It misleads the user
of its true intent. It appears to be a normal application but when opened/executed some
malicious code will run in the background.
4. Backdoors: It is a method that bypasses the normal authentication process. A developer
may create a backdoor so that an application or operating system can be accessed for
troubleshooting or other purposes.
5. Bots: A bot (short for "robot") is an automated process that interacts with other network
services. Some bots program run automatically, while others only execute commands
when they receive specific input. Common examples of bots program are the crawler,
chatroom bots, and malicious bots.

5.3 Who do cyberattackers target?

29
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

Cyberattackers commonly target industries, including health care, government, non-profits, and
finance companies. The health care industry has been especially susceptible to attack because
health care organizations have access to many people's personal data. Since health care
infrastructure is so critical, ransomware attackers understand that these organizations will likely
pay their demands quickly.

Confidential information, such as social security numbers, cause government organizations to fall
victim to hackers as well. Nonprofits are unique in that they possess financial data from donors
and fundraising efforts, making them ideal targets for cyberattacks. In the finance industry,
institutions like banks and insurance companies are common targets for extortion and theft due to
their access to significant amounts of money.

5.4 Common types of cyberattacks

Cyberattacks can have motives other than financial gain. Some cyberattacks focus on destroying
or gaining access to critical data.

Organizations and individuals face the following types of typical cyberattacks:

1. Malware: Cyberattackers use harmful software such as spyware, viruses, ransomware, and
worms known as malware to access your system's data. When you click on a malicious
attachment or link, the malware can install itself and become active on your device.

2. Phishing: Phishing attacks rely on communication methods like email to convince you to open
the message and follow the instructions inside. If you follow the attackers’ instructions, they gain
access to personal data, such as credit cards, and can install malware on your device.

3. Spoofing: Cyber attackers will sometimes imitate people or companies to trick you into giving
up personal information. This can happen in different ways. A common spoofing strategy
involves using a fake caller ID, where the person receiving the call doesn’t see that the number is
falsified. Other spoofing methods include subverting facial recognition systems, using a fake
domain name, or creating a fake website.

30
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

4. Backdoor Trojan: Backdoor Trojan attacks involve malicious programs that can deceptively
install malware or data and open up what’s referred to as the “backdoor” to your computer
system. When attackers gain access to the backdoor, they can hijack the device without it being
known to the user.

5. Ransomware: Ransomware is malicious software that cyberattackers can install on your

device, allowing them to block your access until you pay the attackers a ransom. However, paying
the ransom doesn’t guarantee the removal of the software, so experts often advise individuals not
to pay the ransom if possible.

31
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

6. Password attacks: Password attacks can be as simple as someone correctly guessing your
password or other methods such as keylogging, where attackers can monitor the information you
type and then identify passwords. An attacker can also use the aforementioned phishing approach
to masquerade as a trusted site and try to fool you into revealing your account credentials.

7. Internet of Things attack: Communication channels between connected IoT components can
be susceptible to cyberattacks and the applications and software found on IoT devices. Since IoT
devices are in connection with one another through the internet and may have limited security
features, there is a larger attack surface that attackers can target.

8. Cryptojacking: Cryptojacking involves gaining unauthorized use of a computer system,

usually through malware that allows the attacker to use the computer's resources for mining
cryptocurrency. Mining cryptocurrency can come with significant operational costs, so
cryptojacking provides attackers with a way to avoid these expenses.

9. Drive-by download: Drive-by download attacks occur when you download malicious code to
your device through an app, website, or operating system with flawed security systems. This
means you could do nothing wrong and still be a victim of a drive-by download since it can occur
due to a lack of security measures on a site you believe to be safe.

10. Denial-of-service attack: A denial-of-service attack causes an entire device or operating

system to shut down by overwhelming it with traffic, causing it to crash. Attackers don’t often use
this method to steal information. Instead, it costs the victim time and money to get their systems
up and running again. Cybercriminals typically use this method when the target is a trade
organization or government entity.

5.5 How to prevent cyberattacks

An important first step in preventing cyberattacks is ensuring you and other employees at your
organization know of the potential of cyberattacks. Being mindful before clicking links and
checking the email address to ensure it appears legitimate can go a long way in ensuring your data
and systems are kept safe. Here are some useful tips to prevent cyberattacks:

32
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

Update your software:- Up-to-date software systems are more resilient than outdated versions,
which may be prone to having weaknesses. Updates can correct any flaws and weaknesses in the
software, so having the latest version is optimal. Additionally, consider keeping software systems
updated by investing in a patch management system.

Install a firewall:- Firewalls are helpful in preventing a variety of attacks, such as backdoors and
denial-of-service attacks. They work by controlling the network traffic moving through your
system. A firewall will also stop any suspicious activity it deems potentially harmful to the
computer.

Back up data:- When you back up data, you move it to a different, secure location for storage.
This might involve using cloud storage or a physical device like a hard drive. In case of an attack,
backing up your data allows you to recover any lost data.

Encrypt data:- Data encryption is a popular way to prevent cyberattacks, and it ensures data is
only accessible to those who have the decryption key. To successfully attack encrypted data,
attackers often have to rely on the brute force method of trying different keys until they can guess
the right one, making breaking the encryption challenging.
Use strong passwords:- You should have strong passwords to prevent attacks and avoid using
the same passwords for different accounts and systems. Using the same password repeatedly
increases the risk of giving attackers access to all your information. Regularly updating your
passwords and using passwords that combine special characters, upper and lowercase letters, and
numbers can help protect your accounts.

5.6 Cyber Security Threat Actors

In the world of cyber security, who exactly are we trying to protect against? We can split the
threat actors into three groups:

 Data thieves: Names, email and postal addresses, bank details, and confidential business
information — these are prime examples of valuable data. Many threat actors specialize
in extracting this information, to use themselves or to sell on to others.

33
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Wreckers: These people are focused on disabling devices, services, and organizations.
Sometimes, it’s for political reasons, in other cases, they do it just because they can.
 Cyberwarfare agents: When a new cyber threat hits the news, people are keen to know
where it came from. Common culprits include government actors. State-backed groups
deliberately create threats to target rival states and destabilize their infrastructure.
Citizens and private businesses can be caught in the cross-fire.

34
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON SIX

Operating System Protection Mechanisms, Intrusion Detection Systems, Basic

Formal Models of Security, Cryptography, Steganography, Network and
Distributed System Security, Denial of Service (and Other) Attack Strategies,
Worms, Viruses, Transfer of Funds/Value Across Networks, Electronic Voting,
Secure Applications

6.1 Operating System Protection Mechanisms

Operating systems (OS) are designed to provide security through various protection mechanisms
to ensure confidentiality, integrity, and availability of system resources. These mechanisms help
defend against unauthorized access, misuse, and malicious activity.

 Access Control: OS controls access to system resources (files, devices, etc.) using
permissions and security policies. Mechanisms like Discretionary Access Control (DAC),
Mandatory Access Control (MAC), and Role-Based Access Control (RBAC) define user
permissions and system interactions.
 Sandboxing: Running applications in isolated environments (sandboxes) limits their
access to system resources, preventing potential harm to the OS or other applications.
 Memory Protection: Protects the memory space of each process, preventing one process
from reading or modifying the memory of another.
 User Authentication: Ensures that only authorized users can access the system, using
passwords, biometrics, or multifactor authentication (MFA).
 File Systems Security: OSs can secure files through encryption, ensuring that sensitive
data is protected even if unauthorized access occurs.

6.2 Intrusion Detection Systems (IDS)

Intrusion Detection Systems monitor network or system activities for malicious actions or policy
violations. They help detect unauthorized access and anomalous behavior.

 Network-Based IDS (NIDS): Monitors network traffic for signs of intrusion or

malicious activity.
 Host-Based IDS (HIDS): Analyzes activity on a particular host or device, detecting
issues like malware installation or unauthorized access.
 Signature-Based IDS: Detects known patterns of malicious activity (signatures), often
used for virus or malware detection.
 Anomaly-Based IDS: Establishes a baseline of normal activity and flags deviations as
potential threats.
 Hybrid IDS: Combines signature-based and anomaly-based detection methods to
improve accuracy.

35
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

6.3 Basic Formal Models of Security

Formal security models provide mathematical frameworks to define and enforce security policies
within systems.

 Bell-LaPadula Model (BLP): Focuses on data confidentiality, using the "no read up, no
write down" principle. It prevents users from accessing sensitive data at higher security
levels.
 Biba Model: Focuses on data integrity. It enforces "no write up, no read down" policies
to prevent data corruption.
 Clark-Wilson Model: Ensures data integrity through well-formed transaction rules and
separation of duties.
 Lattice-Based Models: Use a hierarchical structure (lattice) where objects and users are
assigned security labels, and access is granted based on a user's position in the lattice.

6.4 Cryptography

Cryptography is used to protect data from unauthorized access and tampering by transforming
readable data into an unreadable format.

 Symmetric Encryption: Uses the same key for both encryption and decryption (e.g.,
AES, DES).
 Asymmetric Encryption: Uses a public key for encryption and a private key for
decryption (e.g., RSA, ECC).
 Hash Functions: Converts data into a fixed-size hash value (e.g., SHA-256) used for
integrity checking.
 Digital Signatures: Used to verify the authenticity of a message, ensuring it comes from
a trusted source and hasn't been altered.
 Key Exchange Protocols: Methods like Diffie-Hellman allow two parties to securely
exchange encryption keys over an insecure channel.

6.5 Steganography

Steganography is the practice of hiding data within other non-suspicious data, such as embedding
secret messages in images or audio files.

 Image Steganography: Data is hidden in the least significant bits of pixel values in an
image file.
 Audio Steganography: Hides data in audio files, altering frequencies or amplitude to
store hidden messages.
 Text Steganography: Embeds information in plain text using specific formatting,
spacing, or word patterns that are not immediately noticeable.

36
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

6.6 Network and Distributed System Security

Securing network and distributed systems ensures that data transmission and system processes
are protected from unauthorized access, tampering, and attacks.

 Firewalls: Network security devices that monitor and filter incoming and outgoing traffic
based on predefined security rules.
 Virtual Private Networks (VPNs): Create encrypted tunnels over the internet to secure
communication between remote users and a network.
 Secure Sockets Layer (SSL)/Transport Layer Security (TLS): Protocols used to
encrypt communication over a network, such as in HTTPS.
 Distributed Denial of Service (DDoS) Mitigation: Techniques like traffic filtering, rate
limiting, and the use of Content Delivery Networks (CDNs) to absorb and mitigate large-
scale attack traffic.

6.7 Denial of Service (DoS) and Other Attack Strategies

Denial of Service (DoS) attacks aim to disrupt the availability of a network or service.

 DoS and DDoS Attacks: The attacker sends excessive traffic or requests to exhaust
system resources, making the service unavailable to legitimate users.
 Botnets: A network of compromised computers used to launch DDoS attacks, often
controlled remotely by cybercriminals.
 Flooding Attacks: Overloading a system with traffic (e.g., SYN flood, UDP flood) to
disrupt its functionality.
 Amplification Attacks: The attacker exploits the response behavior of a vulnerable
server to amplify the volume of attack traffic.

6.8 Worms and Viruses

Worms and viruses are types of malicious software that spread across systems, often causing
harm or stealing data.

 Viruses: Malware that attaches itself to a legitimate program and spreads when the
program is executed. It often requires human intervention to propagate.
 Worms: Self-replicating malware that spreads automatically across networks without
needing human interaction.
 Ransomware: A type of malware that encrypts files or systems and demands payment
for their release.
 Trojan Horses: Malware disguised as legitimate software or files, tricking users into
executing it.

37
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

6.9 Transfer of Funds/Value Across Networks

Securing financial transactions over the internet is crucial for preventing fraud, theft, and
unauthorized access.

 Payment Gateways: Secure platforms used to facilitate online payments, ensuring that
sensitive information like credit card details is encrypted.
 Blockchain Technology: A decentralized ledger used for secure transactions, primarily
in cryptocurrency networks.
 Digital Wallets: Securely store payment information for easy transactions, using
encryption to protect user data.
 Secure Transfer Protocols: Protocols like SSL/TLS ensure secure communication for
financial transfers, preventing eavesdropping or tampering.

6.10 Electronic Voting

Electronic voting systems allow citizens to vote digitally, but they must be secure to ensure the
integrity and confidentiality of the vote.

 Voter Authentication: Ensuring that only eligible voters can cast their votes using multi-
factor authentication (MFA).
 End-to-End Encryption: Protecting votes from being tampered with or intercepted
during transmission.
 Verifiability and Transparency: Allowing voters to verify that their vote was cast and
counted correctly without compromising privacy.
 Blockchain for Voting: Some systems use blockchain to create tamper-resistant logs of
votes, ensuring transparency and integrity.

6.11 Secure Applications

Designing secure applications involves applying security principles to protect data and ensure
reliability.

 Secure Software Development Lifecycle (SDLC): Incorporating security at every stage

of the development process, from planning to maintenance.
 Input Validation: Ensuring that all user input is validated to prevent injection attacks
(e.g., SQL injection, Cross-Site Scripting).
 Encryption: Encrypting sensitive data both at rest and in transit to prevent unauthorized
access.
 Patch Management: Regularly updating and patching software to close security
vulnerabilities and mitigate exploits.
 Access Control: Ensuring that only authorized users can access specific features or data
within the application.

38
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON SEVEN

Cybersecurity Policy and Guidelines

A Cybersecurity Policy is a set of rules and guidelines designed to protect an organization’s

information systems, networks, and data from unauthorized access, theft, and damage. A
comprehensive cybersecurity policy outlines the security measures, acceptable practices, and
responsibilities of employees to prevent cyberattacks and data breaches.

Cybersecurity Guidelines are more specific recommendations or instructions that help

individuals or organizations comply with the broader cybersecurity policies. These guidelines
ensure that the policy is put into practice.

7.1 Purpose of a Cybersecurity Policy

The main goals of a cybersecurity policy include:

 Protecting confidential information: Ensuring that sensitive data such as personal,

financial, and business-critical information remains private and secure.
 Reducing risk: Preventing unauthorized access to IT systems, which could lead to data
loss, system damage, or operational disruption.
 Compliance: Meeting legal and regulatory requirements related to cybersecurity.
 Ensuring business continuity: Maintaining operations in the event of a cyber incident,
including disaster recovery procedures.

7.2 Key Components of a Cybersecurity Policy

Here are some key components that are generally included in an organization's cybersecurity
policy:

a) Information Security Policy

Defines how an organization will protect its data and information assets, including personal,
financial, and business information. This includes the use of encryption, secure storage, and
controlled access.

b) Acceptable Use Policy (AUP)

Outlines the acceptable and unacceptable uses of the organization's IT resources, such as
computers, networks, and internet access. It may include restrictions on accessing certain
websites, downloading unauthorized software, or sharing sensitive information.

39
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

c) Access Control Policy

Defines the rules for granting, modifying, and revoking access to the organization’s systems and
data. This includes user authentication methods (e.g., passwords, biometrics), role-based access
control, and minimum privilege principles.

d) Incident Response Policy

Details the steps to follow in the event of a cyberattack, such as identifying and containing the
breach, notifying stakeholders, and restoring normal operations. This includes an incident
response team and clear communication protocols.

e) Data Protection and Privacy Policy

Outlines how personal and sensitive data will be protected according to privacy regulations (e.g.,
GDPR, HIPAA). It includes procedures for data encryption, storage, retention, and deletion.

f) Password Policy

Specifies requirements for creating and managing passwords to ensure they are strong and
secure. It may include guidelines on password length, complexity, expiration, and multi-factor
authentication.

g) Mobile Device Security Policy

Outlines how mobile devices (smartphones, tablets, laptops) will be secured when used for work
purposes, including encryption, remote wipe capabilities, and restrictions on app installation.

h) Network Security Policy

Details the measures taken to protect the organization's network from unauthorized access or
attacks, such as firewalls, intrusion detection systems (IDS), Virtual Private Networks (VPNs),
and secure Wi-Fi practices.

i) Email Security Policy

Sets guidelines for the secure use of email systems, including rules for handling attachments,
identifying phishing emails, and preventing malware. It may also include encryption of sensitive
email communications.

j) Backup and Disaster Recovery Policy

Outlines how data will be regularly backed up and how systems will be restored in the event of a
cyberattack, natural disaster, or hardware failure. This policy is critical for maintaining business
continuity.
40
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

k) Vendor Security Policy

Establishes expectations and requirements for third-party vendors that may have access to
organizational data or systems. This includes ensuring that vendors adhere to the same security
standards and practices.

7.3 Cybersecurity Guidelines

Cybersecurity guidelines provide detailed instructions to support the implementation of the

cybersecurity policy. Here are some key cybersecurity guidelines:

a) User Training and Awareness

 Regular Training: Ensure that all employees receive regular training on security best
practices, phishing prevention, and identifying malicious software.
 Security Awareness Campaigns: Use posters, newsletters, and other media to keep
employees aware of the latest cybersecurity threats.
 Social Engineering Tests: Simulate phishing attacks or social engineering attempts to
test employee awareness.

b) Device Security

 Encrypt Devices: All laptops, smartphones, and other mobile devices should have
encryption enabled to prevent unauthorized access.
 Remote Wipe: In case a device is lost or stolen, remote wipe capabilities should be
enabled to erase sensitive data remotely.
 Lock Devices: Require users to lock their devices when not in use, with password or
biometric authentication.

c) Password Management

 Use Strong Passwords: Passwords should be at least 8-12 characters long, containing a
mix of uppercase letters, lowercase letters, numbers, and special characters.
 Multi-factor Authentication (MFA): Use MFA for accessing critical systems, requiring
something the user knows (password), something the user has (token or phone), and
something the user is (biometric verification).
 Change Passwords Regularly: Enforce regular password changes, such as every 90
days.

d) Network Security

 Segment Networks: Segment networks to prevent attackers from gaining full access to
all systems in case of a breach. Separate networks should be created for guest users,
servers, and critical systems.

41
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Firewalls and IDS: Implement firewalls to control incoming and outgoing traffic. Use
Intrusion Detection Systems (IDS) to detect unusual network activity.
 Use VPNs: Ensure that employees access internal systems remotely via Virtual Private
Networks (VPNs) for encrypted communication.

e) Data Security

 Encrypt Sensitive Data: Use strong encryption protocols for data in transit (e.g., TLS)
and data at rest (e.g., AES-256).
 Limit Data Access: Apply the principle of least privilege by only allowing access to data
on a need-to-know basis.
 Data Retention and Disposal: Implement procedures for securely deleting or destroying
sensitive data that is no longer needed.

f) Incident Response

 Clear Reporting Channels: Provide employees with a clear process for reporting
security incidents, including a dedicated contact for cybersecurity concerns.
 Incident Response Plan: Develop and test an incident response plan that includes
identifying the type of attack, containing the attack, eradicating the threat, and recovering
systems.
 Post-Incident Analysis: After an incident, conduct a post-mortem analysis to understand
the cause of the breach and improve future responses.

g) Vendor Management

 Vendor Security Reviews: Regularly review the security posture of third-party vendors
who have access to your systems or data.
 Ensure Compliance: Require vendors to comply with relevant cybersecurity policies,
including the use of encryption and data protection standards.

h) Patch Management

 Regular Software Updates: Ensure that all software, including operating systems and
applications, is up-to-date with the latest security patches.
 Automated Patch Management: Use automated tools to apply patches and updates as
soon as they are released to reduce the risk of vulnerabilities being exploited.

7.4 Monitoring and Auditing

 Continuous Monitoring: Implement continuous monitoring of network traffic, system

logs, and user activity to detect suspicious behavior.
 Regular Audits: Conduct periodic security audits to ensure compliance with the
cybersecurity policy and identify potential vulnerabilities.
 Use Security Information and Event Management (SIEM): Use SIEM systems to
collect and analyze security event data for real-time threat detection.
42
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

7.5 Compliance and Legal Considerations

 Legal Compliance: Ensure that the cybersecurity policy and guidelines comply with
relevant laws and regulations, such as the General Data Protection Regulation (GDPR),
Health Insurance Portability and Accountability Act (HIPAA), and Payment Card
Industry Data Security Standard (PCI DSS).
 Privacy Policies: Include provisions for respecting user privacy and handling personal
data in compliance with privacy regulations.

A robust Cybersecurity Policy and Guidelines framework is essential to protect an

organization from cyber threats and ensure the confidentiality, integrity, and availability of data.
By adopting a proactive approach to cybersecurity, training employees, and ensuring compliance
with legal and regulatory requirements, organizations can minimize the risks associated with
cyber threats.

43
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON EIGHT

Government Regulation of Information Technology

Government regulation of information technology (IT) refers to the creation and enforcement of
laws, policies, and frameworks designed to govern the development, use, and dissemination of
IT. This regulation is crucial due to the growing influence of technology in society, business, and
politics, and the need to balance innovation with security, privacy, and ethical concerns. Below
are key aspects of government regulation of IT:

8.1 Data Privacy and Protection

Governments regulate how personal data is collected, stored, used, and shared. These regulations
are crucial to protecting citizens' privacy and ensuring that companies handle sensitive data
responsibly. Examples include:

 General Data Protection Regulation (GDPR): A European Union law that protects
personal data and privacy for EU citizens.
 California Consumer Privacy Act (CCPA): A state law in California that gives
residents more control over their personal information.

8.2 Cybersecurity Regulations

As cyber threats grow, governments impose regulations on organizations to ensure they have
adequate security measures in place to protect sensitive information from cyber-attacks. Some
examples include:

 Cybersecurity Information Sharing Act (CISA) in the U.S. encourages information

sharing between private companies and the government to help defend against cyber
threats.
 NIST Cybersecurity Framework provides a structured approach for businesses to
manage cybersecurity risks.

8.3 Intellectual Property (IP) and Software Licensing

Governments regulate the use and protection of intellectual property to encourage innovation
while ensuring fair use. This includes:

 Copyright and patents for software, inventions, and designs.

 Laws governing software piracy and illegal distribution.

44
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

8.4 Telecommunications and Net Neutrality

Governments regulate telecommunications infrastructure and the internet to ensure fair access,
competition, and prevent monopolistic practices. Net neutrality is a key issue, ensuring that
internet service providers (ISPs) treat all data on the internet equally, without discriminating or
charging differently based on content, user, or website.

 Net Neutrality Regulations: The Federal Communications Commission (FCC) in the

U.S. has regulations to ensure that ISPs cannot block or slow down access to legal
content or prioritize certain traffic.

8.5 Content Regulation and Online Platforms

Governments impose regulations on online content and platforms to address issues like hate
speech, misinformation, cyberbullying, and online harassment. These regulations also target the
responsibility of platforms in moderating user-generated content.

 Section 230 of the Communications Decency Act (CDA) in the U.S. gives internet
platforms immunity from liability for user-generated content, although there's ongoing
debate about reforming this law.
 European Union's Digital Services Act (DSA) holds platforms accountable for removing
harmful content.

8.6 Antitrust and Competition Laws

Governments regulate IT companies to prevent monopolistic practices and ensure healthy

competition. Regulatory bodies may intervene if they believe that tech giants (e.g., Google,
Apple, Amazon) are engaging in anti-competitive behavior.

 European Commission's Investigation into Google: For instance, the EU has fined
Google for abusing its market dominance in areas like online search and advertising.

8.7 Artificial Intelligence (AI) and Emerging Technologies

Governments are starting to regulate AI and other emerging technologies due to their profound
implications on privacy, security, ethics, and jobs. Regulations address issues like transparency,
accountability, fairness, and non-discrimination in AI systems.

 EU Artificial Intelligence Act: The EU has proposed comprehensive legislation to

regulate AI systems based on their risk level, with stricter requirements for high-risk AI
applications.

45
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

8.8 E-Commerce and Digital Trade Regulations

With the rise of online shopping, digital currencies, and e-commerce, governments regulate
digital transactions, cross-border trade, and consumer protection in online environments.

 Electronic Transactions Act: A law that regulates digital signatures and online
contracts.
 Cross-Border Data Flow: Governments have different laws about how data can be
transferred across borders, as seen in the EU-U.S. Privacy Shield Framework.

8.9 Digital Infrastructure and Access

Governments often regulate the construction and deployment of digital infrastructure like
broadband networks to ensure equitable access to technology. This includes efforts to expand
internet access to underserved regions and ensuring that tech development benefits society at
large.

 Rural Broadband Initiatives: U.S. initiatives aim to expand high-speed internet access
to rural areas.

8.10 Ethical and Social Impact

Governments may introduce regulations focusing on the ethical implications of technology. This
includes issues related to AI ethics, surveillance technologies, and the environmental impact of
technology.

 Algorithmic Accountability: Efforts to regulate the ethical use of algorithms in

decision-making, such as in criminal justice or hiring practices.

8.11 Technology Standards and Interoperability

Governments sometimes regulate technology standards to ensure that products and services are
compatible and that there is sufficient competition. This may include regulating common
standards for internet protocols or ensuring that devices can work together seamlessly.

In conclusion, regulation of IT is an ongoing and complex process that aims to strike a balance
between fostering innovation and ensuring the protection of public interests, privacy, security,
and fairness. As technology continues to evolve, regulations will likely evolve as well, with
governments needing to adapt to new challenges in a rapidly changing digital landscape.

46
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON NINE

Main Actors of Cyberspace and Cyber Operations

The main actors of cyberspace and cyber operations are diverse and include both state and non-
state entities. These actors play significant roles in shaping the digital environment, influencing
cybersecurity, and conducting cyber operations. Here is an overview of the main categories of
actors in cyberspace:

9.1 Nation-States (Governments)

Governments are perhaps the most influential actors in cyberspace and cyber operations, as they
are responsible for creating policies, enforcing laws, and sometimes engaging in offensive and
defensive cyber operations. Nation-states typically operate through intelligence agencies,
military units, and diplomatic channels.

Key State Actors:

 Cyber Militaries: Many countries have developed cyber military units to carry out
offensive and defensive cyber operations, ranging from cyberattacks to cybersecurity
defense.
o Examples:
 U.S. Cyber Command (USCYBERCOM): Part of the U.S. Department
of Defense, responsible for cyberspace operations.
 Russia's Main Intelligence Agency (GRU): Known for conducting
offensive cyber operations, including the 2016 U.S. elections interference.
 China's PLA Strategic Support Force: Focuses on cyber operations as
part of military strategy.
 Intelligence Agencies: Intelligence services gather cyber intelligence and may conduct
cyber espionage operations.
o Examples:
 NSA (National Security Agency, USA): Responsible for signals
intelligence and cybersecurity.
 MI6 (Secret Intelligence Service, UK): Engaged in cyber intelligence
and counterintelligence.
 National Cybersecurity Agencies: These are government agencies tasked with
protecting national infrastructure and responding to cyber threats.
o Examples:
 CISA (Cybersecurity and Infrastructure Security Agency, USA):
Focuses on securing the nation’s critical infrastructure.

47
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

9.2 Hackers and Cybercriminals

Cybercriminals engage in activities that exploit vulnerabilities for personal, financial, or political
gain. They can range from lone individuals to organized groups or even transnational criminal
organizations.

Types of Cybercriminals:

 Cybercriminal Organizations: Groups that engage in activities such as ransomware

attacks, data theft, fraud, and financial crimes.
o Example: REvil (a ransomware group) or Lazarus Group (linked to North
Korea, suspected of financial theft and cyber espionage).
 Hacktivists: Groups or individuals that use cyber operations for political, social, or
ideological causes. They may deface websites, leak information, or conduct denial-of-
service attacks to promote their causes.
o Example: Anonymous, an activist hacking collective that has targeted
government and corporate websites.

9.3 Private Sector and Technology Companies

The private sector plays a vital role in cyberspace by providing critical infrastructure, tools,
services, and expertise. Technology companies, internet service providers, and cybersecurity
firms often collaborate with governments and international organizations on issues related to
cybersecurity and cyber operations.

Private Sector Players:

 Tech Giants: Large corporations such as Google, Microsoft, Apple, and Facebook are
key actors in cyberspace, as they control vast amounts of data, provide internet
infrastructure, and are often targets of cyber operations.
o Example: Microsoft has a dedicated cybersecurity division and is involved in
defending against cyber threats.
 Cybersecurity Firms: These companies specialize in protecting organizations from
cyber threats and detecting cyberattacks.
o Example: FireEye, CrowdStrike, and Palo Alto Networks provide threat
intelligence, incident response, and cybersecurity solutions.
 Telecommunications Providers: These entities manage the infrastructure that allows the
internet and communication systems to function. They are integral in securing the flow of
data and in the event of a cyberattack.
o Example: Verizon and AT&T play critical roles in internet infrastructure.

9.4 Non-Governmental Organizations (NGOs) and Think Tanks

NGOs, think tanks, and civil society groups play an essential role in shaping cybersecurity
policy, promoting internet freedom, and advocating for human rights in cyberspace.
48
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

Key Examples:

 The Electronic Frontier Foundation (EFF): Advocates for digital rights, including
privacy, freedom of expression, and the protection of internet users.
 The Center for Strategic and International Studies (CSIS): Conducts research on
cybersecurity issues and provides policy recommendations.
 The Open Technology Fund (OTF): Supports the development of open-source software
tools to improve security and privacy.

9.5 International Organizations

These are organizations that facilitate international cooperation on cybersecurity issues, develop
norms and guidelines, and provide a platform for dialogue between states and other actors.

Key Examples:

 United Nations (UN): The UN has a Group of Governmental Experts (GGE) that
addresses the development of international norms and laws governing cyberspace.
 European Union (EU): Through bodies like ENISA (European Union Agency for
Cybersecurity), the EU plays an essential role in shaping cyber policy within Europe.
 The International Telecommunication Union (ITU): A UN agency that focuses on
issues related to the development of international telecommunications and cybersecurity.
 The Organization of American States (OAS): Promotes cooperation in cybersecurity
across the Americas, including through the Inter-American Committee against
Terrorism (CICTE).

9.6 Cyber Espionage and State-Sponsored Groups

Many nation-states engage in cyber espionage to obtain sensitive information for political,
military, or economic advantage. State-sponsored groups often operate under the guise of official
government agencies or military branches.

Key Examples:

 APT (Advanced Persistent Threat) Groups: These are sophisticated, state-sponsored

hacker groups, often associated with a particular country’s intelligence services.
Examples include:
o APT28 (Fancy Bear): Linked to Russia and known for targeting political entities,
including the DNC during the 2016 U.S. election.
o APT10 (Stone Panda): Associated with China and known for stealing intellectual
property from global companies.
o APT34: A suspected Iranian cyber-espionage group.

49
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

9.7 Cybersecurity Researchers and White-Hat Hackers

These individuals or organizations focus on identifying vulnerabilities in systems, conducting

penetration testing, and helping to secure systems before malicious actors can exploit them.
Often, they collaborate with private companies or government agencies to improve overall
cybersecurity.

Key Examples:

 Independent Security Researchers: Individuals who discover security flaws and report
them responsibly, often in exchange for bug bounties.
 Bug Bounty Programs: Programs run by companies like Google or Facebook, where
security experts are rewarded for finding vulnerabilities in their systems.

9.8 Criminal Cartels and Terrorist Organizations

Some criminal and terrorist organizations use cyber operations to fund their activities, spread
propaganda, or disrupt state operations. These groups might engage in cybercrime, hacktivism,
or cyber terrorism.

Key Examples:

 ISIS (Islamic State): Known to use social media and other digital platforms to spread
propaganda, recruit followers, and sometimes organize cyberattacks.
 Cybercrime Syndicates: Organized groups engaging in large-scale cybercrime,
including ransomware, identity theft, and fraud.

Summarily, the actors in cyberspace and cyber operations are diverse, ranging from nation-states
and large corporations to cybercriminals, activists, and terrorists. These actors engage in various
activities, from defending and securing the digital space to exploiting it for malicious purposes.
The complexity of the cybersecurity landscape necessitates international cooperation, private-
sector involvement, and ongoing efforts to build robust defenses against cyber threats.

50
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON TEN

Impact of Cybersecurity on Civil and Military Institutions, Privacy, Business

and Government Applications; Examination of the Dimensions of Networks,
Protocols, Operating Systems, and Associated Applications

Cybersecurity has a profound impact on civil and military institutions, privacy, business, and
government applications. As more critical functions rely on digital technologies, ensuring the
integrity, confidentiality, and availability of information and systems becomes essential for these
sectors. Below is an examination of the impact of cybersecurity across various domains,
including the dimensions of networks, protocols, operating systems, and associated applications.

10.1 Impact of Cybersecurity on Civil and Military Institutions

Civil Institutions

Cybersecurity is critical in safeguarding civil institutions, including educational systems,

healthcare, infrastructure, and private citizens' data. The impact of cyber threats on these sectors
is multifaceted:

 Healthcare: Cyberattacks can jeopardize sensitive health records and disrupt services.
Ransomware attacks on hospitals can lead to data breaches, delays in treatments, and loss
of public trust.
o Example: The WannaCry ransomware attack in 2017 affected the UK's NHS,
causing disruptions in hospital operations.

 Education: Cyberattacks on universities and research institutions can result in the loss of
intellectual property, research data, and personal information of students and staff.
o Example: Universities have been frequent targets of cyberattacks, with sensitive
research data and intellectual property being stolen.

 Infrastructure: Attacks on critical infrastructure (e.g., water supply, electricity,

transportation) can have far-reaching consequences on public safety and daily life.
o Example: The Ukraine power grid attack in 2015 left over 200,000 people
without electricity for several hours.

 Privacy: Increasing reliance on digital platforms has heightened concerns about privacy.
Data breaches and surveillance expose individuals' personal information, raising ethical
concerns about consent and data control.
o Example: The Cambridge Analytica scandal revealed how personal data was
exploited for political purposes, raising concerns about digital privacy.

51
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

Military Institutions

In the military context, cybersecurity is integral to national defense, intelligence gathering, and
the security of military operations. Cyberattacks on military institutions can have disastrous
effects on operational security, command and control, and public safety.

 Cyberwarfare: Nation-states and non-state actors may use cyberattacks as part of their
military strategy, disrupting military operations, stealing classified information, or
disabling critical infrastructure.
o Example: Stuxnet, a cyberweapon allegedly developed by the U.S. and Israel,
was used to sabotage Iran’s nuclear enrichment program by infecting industrial
control systems.

 Defense Systems: Modern militaries rely heavily on digital systems for communications,
intelligence, and weaponry. A successful cyberattack could compromise these systems,
rendering them ineffective or even causing them to malfunction in battle.
o Example: Russia's interference in the 2007 cyberattacks on Estonia
demonstrated the potential impact of cyberattacks on a nation’s defense
infrastructure.

10.2 Impact on Privacy

Cybersecurity is essential to safeguarding personal privacy in the digital age. With the increasing
amount of data generated and stored online, breaches of privacy have become a significant
concern. Cybersecurity plays a vital role in preventing unauthorized access to personal
information, including sensitive financial, health, and social data.

 Data Protection: Regulatory frameworks like the General Data Protection Regulation
(GDPR) in the European Union aim to protect individuals' personal data by enforcing
strict rules on how data is collected, processed, and stored.
o Example: Companies must obtain explicit consent before collecting personal data
and allow users to access, rectify, or erase their data.

 Surveillance and Tracking: Governments and corporations can use digital tools to track
individuals' movements and activities online. Cybersecurity measures must ensure that
surveillance is conducted ethically and within the boundaries of the law, balancing
security with personal freedoms.
o Example: China's social credit system utilizes extensive data to monitor citizens'
behavior, raising concerns about mass surveillance.

 End-to-End Encryption: Privacy concerns have led to the adoption of encryption

technologies that secure communications and prevent unauthorized access to messages.
o Example: WhatsApp and Signal use end-to-end encryption to ensure private
communication between users.

52
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

10.3 Impact on Business

Cybersecurity is crucial for businesses, as cyber threats can result in financial losses, reputational
damage, and legal consequences. The importance of cybersecurity for businesses can be seen
across the following areas:

 Intellectual Property (IP) Protection: Companies rely on strong cybersecurity to

protect their intellectual property, trade secrets, and proprietary data. A breach can lead to
significant financial losses or give competitors an unfair advantage.
o Example: Sony Pictures Entertainment was hacked in 2014, leading to the
exposure of confidential information and intellectual property.

 Financial Security: Businesses need robust cybersecurity measures to protect sensitive

financial data and prevent cyber fraud. Cyberattacks like phishing, ransomware, and
identity theft can cause direct financial losses.
o Example: Target’s 2013 data breach compromised credit card information for
millions of customers, leading to financial losses and damage to the company’s
reputation.

 Business Continuity: Cybersecurity ensures the continuity of business operations by

preventing service disruptions caused by cyberattacks. Downtime, especially for e-
commerce platforms or cloud services, can be costly.
o Example: Amazon Web Services (AWS) has faced outages that disrupted
services for businesses relying on cloud infrastructure.

 Regulatory Compliance: Businesses are required to adhere to cybersecurity regulations

that govern data privacy, security, and reporting. Failing to comply can result in fines and
legal action.
o Example: GDPR compliance is mandatory for businesses operating in the EU,
ensuring that personal data is protected and privacy rights are upheld.

10.4 Impact on Government Applications

Governments must ensure that their digital systems, which manage critical functions such as
elections, national defense, law enforcement, and public services, are secure from cyber threats.

 National Security: Government institutions manage sensitive information regarding

national defense, diplomacy, and intelligence. Cyberattacks targeting these systems can
compromise national security.
o Example: The Office of Personnel Management (OPM) breach in 2015
exposed the personal data of millions of federal employees, including sensitive
information related to security clearances.

53
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 E-Government Services: Governments increasingly provide public services online, such

as tax filing, social security benefits, and voting. Cybersecurity is essential to ensure that
these services are not compromised by malicious actors.
o Example: Election security is a major concern, as cyberattacks on voting
infrastructure can undermine public trust in democratic processes.

 Cyber Diplomacy: Governments must engage in international cooperation to establish

norms and regulations that govern cyberspace. Treaties and agreements regarding cyber
warfare, cybercrime, and international cybersecurity efforts are vital to maintaining
global peace.
o Example: The U.N. Group of Governmental Experts (GGE) works to establish
norms on cyber activities to reduce the risk of cyber conflicts between states.

10.5 Examination of the Dimensions of Networks, Protocols, Operating Systems, and

Associated Applications

Networks

Networks are the backbone of cyberspace, enabling communication and data exchange.
Cybersecurity at the network level involves protecting against threats such as data interception,
denial-of-service (DoS) attacks, and network intrusions.

 Firewalls, Intrusion Detection Systems (IDS), and Virtual Private Networks (VPNs)
are commonly used to secure networks.
 Network Protocols: Protocols such as Transmission Control Protocol (TCP/IP) and
Hypertext Transfer Protocol (HTTP) define how data is transmitted across networks.
Secure versions like HTTPS (secure HTTP) are essential for encrypted communication.

Protocols

Cybersecurity protocols aim to secure data exchanges over networks. Protocols like Transport
Layer Security (TLS) and Secure Sockets Layer (SSL) ensure that data in transit is encrypted
and protected from tampering.

 IPSec (Internet Protocol Security) and SSL/TLS are widely used to secure data
transmission in networks.

Operating Systems

Operating systems (OS) serve as a platform for running applications and managing hardware
resources. The security of the OS is crucial to prevent unauthorized access, privilege escalation,
and malware infections.

 Patch Management: Regular updates to OS software are critical in preventing

vulnerabilities that attackers may exploit.
54
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Access Control: OSs implement mechanisms like user authentication, role-based access
control (RBAC), and multi-factor authentication (MFA) to restrict access.

Applications

Applications are built on top of the OS and communicate over networks. Securing applications is
key to preventing exploits such as SQL injection, cross-site scripting (XSS), and buffer
overflows.

 Application Security: Secure coding practices, regular vulnerability assessments, and

the use of security tools like Web Application Firewalls (WAFs) can help mitigate
risks.
 Zero Trust Models: This approach assumes that all users and systems are untrusted until
verified and continuously monitored, strengthening application security.

Cybersecurity impacts various sectors, ranging from government and military institutions to
businesses, civil organizations, and privacy protection. In a world increasingly dependent on
digital infrastructure, effective cybersecurity measures are essential for protecting sensitive data,
maintaining trust, and ensuring the proper functioning of systems. Understanding the interplay
between networks, protocols, operating systems, and applications is crucial to building a secure
digital environment.

55
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON ELEVEN

Methods and Motives of Cybersecurity Incident Perpetrators

11.1 Methods of Cyberattack Perpetrators

Cyberattackers use various techniques to breach systems, compromise data, or disrupt services.
Some of the common methods include:

a. Phishing and Social Engineering

 Phishing involves sending fraudulent emails, texts, or calls to trick individuals into
revealing sensitive information (e.g., passwords, credit card details).
 Social Engineering exploits human psychology to manipulate individuals into breaking
normal security protocols.

b. Malware (Malicious Software)

 Viruses and worms self-replicate and spread through networks, infecting multiple
systems.
 Ransomware locks data and demands a ransom for its release, often causing financial
damage and reputation harm.
 Trojans masquerade as legitimate software to gain unauthorized access to systems.
 Spyware and keyloggers capture sensitive information, often for espionage or identity
theft.

c. Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

 DoS and DDoS overwhelm a network or server with traffic, causing a denial of service to
legitimate users. DDoS uses a network of compromised devices (botnets) to execute the
attack.

d. SQL Injection

 Attackers exploit vulnerabilities in web applications to execute malicious SQL queries

against the database, allowing unauthorized access or modification of data.

e. Man-in-the-Middle (MITM) Attacks

 Cybercriminals intercept and manipulate communication between two parties without

their knowledge, often to steal sensitive information like login credentials.

f. Zero-Day Exploits

56
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Zero-day attacks take advantage of vulnerabilities in software or hardware that are

unknown to the vendor and, therefore, unpatched.

g. Credential Stuffing

 Attackers use previously stolen usernames and passwords from one breach to attempt to
access accounts on other sites, often exploiting users who reuse passwords.

11.2 Motives of Cyberattack Perpetrators

The reasons behind cyberattacks vary significantly, but they can generally be grouped into the
following categories:

a. Financial Gain

 Ransomware attacks demand payments for restoring access to systems or data.

 Data Theft often aims to sell stolen personal or financial data on the black market.
 Bank Fraud or Credit Card Fraud uses stolen financial details for monetary gain.

b. Espionage

 Nation-state actors or corporate competitors engage in cyber espionage to gather

intelligence, steal trade secrets, or sabotage rivals.
 State-sponsored actors may target critical infrastructure, government institutions, or
defense contractors.

c. Hacktivism

 Cyberattacks motivated by political or social causes are designed to make a statement or

disrupt operations. Activist hackers might target government websites or corporations
they view as unethical.

d. Personal Vendettas

 Some attackers may target individuals or organizations due to personal grievances or as a

form of retaliation.

e. Cyberwarfare

 Nation-states may launch cyberattacks on foreign governments or entities as part of

broader geopolitical conflicts, aiming to disrupt operations or destabilize economies.

f. Opportunistic Attacks

 These attackers look for easy targets, often exploiting known vulnerabilities in widely-
used software or systems to gain access without a specific target in mind.
57
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

11.3 Countermeasures Employed by Organizations and Agencies

To defend against these methods and reduce the risk of cybersecurity incidents, organizations
and agencies employ a combination of preventive, detective, and corrective measures.

11.3.1 Preventive Measures

a. Security Training and Awareness

 Regular cybersecurity awareness training for employees helps them recognize phishing
attempts and social engineering tactics, reducing human errors that lead to security
breaches.

b. Firewalls and Intrusion Prevention Systems (IPS)

 Firewalls act as barriers between internal networks and external traffic, filtering out
malicious content.
 Intrusion Prevention Systems (IPS) monitor network traffic for signs of suspicious
activity, blocking threats before they cause harm.

c. Endpoint Protection

 Installing antivirus software and anti-malware programs on all endpoints (e.g.,

desktops, laptops, mobile devices) helps detect and block known threats.
 Endpoint Detection and Response (EDR) systems provide real-time monitoring of
devices to identify and contain threats.

d. Encryption

 Encrypting sensitive data ensures that even if attackers gain access to the data, they
cannot read or use it without the decryption keys.

e. Multi-Factor Authentication (MFA)

 MFA adds an extra layer of protection by requiring more than just a password (e.g., a
code sent to a mobile device) to access systems or data.

f. Patch Management

 Keeping software and systems up to date with the latest patches ensures that
vulnerabilities exploited in zero-day attacks are fixed promptly.

g. Network Segmentation

58
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Dividing the network into smaller, isolated sections limits an attacker’s ability to move
laterally through the organization’s infrastructure once they breach one segment.

11.3.2 Detective Measures

a. Security Information and Event Management (SIEM)

 SIEM systems aggregate and analyze data from various sources, including logs from
firewalls, servers, and endpoints. They help detect suspicious activities by identifying
anomalies that may indicate a breach.

b. Behavioral Analytics

 Advanced systems use behavioral analytics to track user behavior patterns and flag
activities that deviate from normal usage, such as logging in at odd hours or accessing
unusual data.

c. Continuous Monitoring

 Real-time monitoring of networks, systems, and applications enables organizations to

detect and respond to potential threats quickly.

d. Threat Intelligence Sharing

 Collaborating with external organizations, government agencies, and cybersecurity

experts helps gather actionable threat intelligence to anticipate and mitigate attacks.

11.3.3 Corrective Measures

a. Incident Response Plans (IRP)

 A well-defined incident response plan helps organizations contain and recover from
attacks quickly. This plan includes identification, containment, eradication, and recovery
procedures.

b. Data Backups

 Regular data backups ensure that in the event of a ransomware attack or data loss,
critical data can be restored, minimizing downtime and damage.

c. Forensics and Root Cause Analysis

 Post-incident forensic analysis helps organizations understand how an attack occurred

and what vulnerabilities were exploited, ensuring similar attacks can be prevented in the
future.

59
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

d. Legal and Regulatory Compliance

 Ensuring compliance with legal frameworks such as GDPR, HIPAA, and PCI-DSS
helps organizations maintain security best practices and avoid legal penalties after a
breach.

Cybersecurity incidents are becoming increasingly sophisticated, driven by a variety of motives

from financial gain to political or personal grievances. To mitigate the risks posed by these
cyberattackers, organizations and agencies must implement a multi-layered approach that
combines preventive, detective, and corrective measures. Regular training, advanced security
tools, incident response plans, and continuous monitoring are all essential components in
securing systems and data against potential cyber threats.

60
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON TWELVE

Ethical Obligations of Security Professionals

Security professionals have significant responsibilities when it comes to protecting data, systems,
and individuals' privacy. Their work involves balancing technical expertise with ethical standards
to ensure the integrity of cybersecurity practices. Below are key ethical obligations that security
professionals must uphold:

1. Confidentiality

 Duty to Protect Sensitive Information: Security professionals must maintain the

confidentiality of sensitive information that they are entrusted with, whether it pertains to
corporate data, client information, or user privacy. They should never disclose, misuse, or
share confidential information without proper authorization.
 Protecting Data in Transit and Storage: Ensuring that data is encrypted and secure
from unauthorized access, whether it's being stored on a device, transmitted over the
network, or backed up, is a core ethical responsibility.

2. Integrity

 Accurate Reporting and Documentation: Security professionals must ensure that their
findings, reports, and actions are accurate and truthful. Misrepresenting data or hiding
security vulnerabilities can have disastrous consequences for the organization and its
stakeholders.
 Avoiding Conflicts of Interest: Security professionals should avoid situations where
personal interests or external pressures might influence their professional decisions. They
must act with integrity, making decisions based solely on ethical considerations and the
best interests of their clients or employers.

3. Accountability

 Responsibility for Actions: Security professionals are accountable for their actions in
safeguarding systems and data. If they make mistakes, they must take responsibility,
report them, and work toward a solution. Accountability also means being transparent
about the security measures they take and the risks involved.
 Responding to Incidents: In the event of a breach or attack, security professionals are
ethically obligated to respond promptly, ensuring that any damage is contained and the
appropriate authorities are notified as necessary.

61
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

4. Protection of Privacy

 Respecting Individual Privacy: Security professionals must protect users' privacy by

ensuring that data collection, processing, and sharing practices comply with privacy laws
(e.g., GDPR, HIPAA). They should avoid accessing or sharing personal data without
explicit consent unless required by law or in emergency situations.
 Minimizing Data Collection: They must follow the principle of "data minimization,"
collecting only the data necessary for legitimate purposes and ensuring that it is securely
stored and handled.

5. Avoiding Harm

 Minimizing Harm to Systems and Users: Security professionals must ensure that their
actions do not harm the systems, data, or users they are working to protect. For instance,
during penetration testing, they must avoid causing unintended disruptions or damaging
the system. Ethical hacking should always be performed with permission and should
cause no harm.
 Balancing Security and Accessibility: Ensuring robust security measures are in place
should not unduly impede the usability of systems or services. Security professionals
need to find the right balance between keeping systems secure and maintaining usability
for end users.

6. Compliance with Legal and Regulatory Standards

 Adherence to Laws and Regulations: Security professionals must stay informed about
relevant laws and regulations related to cybersecurity and data privacy. They should
ensure their actions comply with these legal requirements, such as data protection laws,
intellectual property rights, and industry-specific standards.
 Reporting Violations: If a security professional is aware of illegal activities (e.g., data
breaches, fraud, or unauthorized access) within their organization, they have an ethical
obligation to report it to the appropriate authorities, even if it may harm their employer’s
reputation.

7. Respect for Professional Standards and Best Practices

 Continuous Professional Development: Security professionals must commit to ongoing

education and stay updated with emerging technologies, vulnerabilities, and security
practices. This ensures they can effectively mitigate current threats and respond to new
challenges.
 Adherence to Ethical Codes and Frameworks: Many security professionals adhere to
ethical codes such as those provided by organizations like (ISC)², ISACA, or the EC-
Council. These codes outline the principles and ethical behavior expected of security
professionals and guide their conduct.

62
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

8. Non-Discrimination and Fairness

 Equal Treatment: Security professionals should ensure their actions do not discriminate
against individuals or groups. This includes fair treatment of all users, regardless of their
background, and ensuring that security measures are applied consistently across all
stakeholders.
 Fair Access: Security measures and tools should be designed to ensure that all users and
stakeholders have fair access to systems, without unnecessary barriers or undue
surveillance.

9. Responsibility to the Public

 Security in the Public Interest: Security professionals should consider the broader
impact of their work on the community, public safety, and society at large. They should
be aware of how their actions or the systems they protect can affect not only the
immediate organization but also the public.
 Preventing Abuse: Security professionals must be vigilant against the potential for their
tools and knowledge to be misused for malicious purposes. They should avoid creating or
contributing to systems that can be used to violate rights or harm others.

10. Collaboration and Transparency

 Working with Colleagues: Ethical cybersecurity professionals collaborate with others,

whether within their organization or with external entities such as law enforcement,
vendors, or regulatory bodies. Information sharing and collaboration help ensure that
security threats are addressed promptly and effectively.
 Transparency with Clients and Stakeholders: When making decisions that may affect
the security of systems, a security professional should be transparent and communicate
clearly with clients, ensuring that they understand the risks, potential consequences, and
proposed solutions.

Ethical obligations in cybersecurity are essential for maintaining trust, privacy, and security in an
increasingly digital world. Security professionals must operate with high standards of integrity,
confidentiality, and accountability to protect sensitive data and systems. By adhering to ethical
guidelines, staying updated on best practices, and ensuring their actions align with both legal and
moral frameworks, security professionals can contribute to the safety and trustworthiness of
digital environments.

63
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON THIRTEEN

Trends and Development in Cybersecurity

Cybersecurity is a constantly evolving field as new technologies, threats, and challenges emerge.
To stay ahead, organizations and security professionals must adapt to these changes and adopt
new practices and solutions. Below are some of the key trends and developments in
cybersecurity:

1. Rise of Artificial Intelligence (AI) and Machine Learning (ML) in Cybersecurity

 Threat Detection and Response: AI and ML are increasingly being used to identify
threats more effectively by analyzing large volumes of data in real-time. AI can detect
anomalies, unusual patterns, and behavior that may indicate an attack, enabling faster
responses.
 Predictive Analytics: Machine learning algorithms can help predict potential
vulnerabilities or attack vectors by analyzing past incidents, system behaviors, and attack
trends. This proactive approach enhances early detection and mitigation strategies.
 Automated Incident Response: AI-driven automation helps organizations respond to
threats faster by reducing the time between detecting and mitigating attacks. Automated
systems can isolate compromised systems, block malicious IPs, and apply patches
without human intervention.

2. Zero Trust Security Model

 Assume Breach Approach: The Zero Trust model operates on the principle of "never
trust, always verify." Every user, device, and application, regardless of location, must be
continuously authenticated and authorized before gaining access to any system or data.
 Granular Access Control: Zero Trust involves segmenting networks and applying the
principle of least privilege (POLP), where users and systems are granted the minimum
access necessary for their tasks. This limits the potential impact of a breach.
 Identity and Access Management (IAM): Implementing strong IAM systems, including
multi-factor authentication (MFA) and adaptive authentication, is central to Zero Trust,
ensuring that access to resources is controlled and verified at all levels.

3. Cloud Security Evolution

 Cloud Adoption and Multi-Cloud Environments: As more businesses migrate to cloud

platforms, cloud security becomes increasingly important. The rise of hybrid and multi-
cloud environments introduces complexities in managing security across multiple
providers.

64
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Cloud-native Security Solutions: Cloud service providers and third-party vendors are
offering security tools tailored for cloud environments, including advanced threat
detection, data encryption, and access control systems.
 Shared Responsibility Model: In cloud computing, security is a shared responsibility
between the cloud provider and the customer. While the cloud provider secures the
infrastructure, the customer is responsible for securing their data, applications, and access
control.

4. Ransomware Evolution and Response

 Increase in Sophistication: Ransomware attacks are becoming more targeted,

sophisticated, and disruptive. Attackers often employ double extortion tactics, where
they not only encrypt data but also threaten to release sensitive data publicly unless the
ransom is paid.
 Ransomware-as-a-Service: The rise of Ransomware-as-a-Service (RaaS) has lowered
the barrier to entry for cybercriminals, enabling even less skilled attackers to deploy
ransomware campaigns using ready-made tools.
 Enhanced Detection and Backup Strategies: Organizations are investing in better
backup strategies, network segmentation, and multi-layered defenses to reduce the
risk and impact of ransomware. Incident response plans are also evolving to deal with
ransomware-specific threats.

5. Privacy Concerns and Data Protection

 Data Privacy Regulations: The implementation of global data protection laws such as
the General Data Protection Regulation (GDPR), California Consumer Privacy Act
(CCPA), and Brazil’s LGPD is forcing organizations to adopt stricter data protection
practices.
 Privacy by Design: As privacy becomes a central concern, organizations are adopting
"privacy by design" principles, integrating privacy measures into the development and
deployment of technologies and business processes.
 Consumer Data Protection: The growing awareness of data privacy issues among
consumers has led to a push for organizations to adopt stronger data protection practices,
including better encryption, anonymization, and user consent management.

6. Security in the Internet of Things (IoT)

 Proliferation of IoT Devices: The widespread adoption of IoT devices in sectors like
healthcare, manufacturing, and smart homes increases the number of attack vectors.
These devices often lack robust security, making them prime targets for attackers.
 IoT Security Frameworks: Security measures, such as device authentication, encrypted
communication, and vulnerability patching, are being developed to secure IoT devices
and networks.

65
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Edge Computing and Security: As edge computing grows, IoT devices are increasingly
processing data locally. Ensuring the security of data and devices at the edge of networks
is crucial, as these devices may not be protected by traditional perimeter security.

7. Cybersecurity Mesh Architecture (CSMA)

 Decentralized Security Approach: Cybersecurity Mesh Architecture provides a flexible

and scalable security approach by ensuring security controls are applied to individual
devices and assets, regardless of location. This decentralizes security enforcement and
allows organizations to adopt a more modular and adaptive approach to securing their
networks.
 Dynamic Perimeter: With CSMA, the security perimeter is dynamic and can be adjusted
based on device, user, and context. It allows security measures to follow users and data as
they move across different environments (cloud, on-premises, mobile, etc.).

8. Increased Focus on Supply Chain Security

 Third-Party Risks: Cyberattacks targeting third-party vendors and suppliers (e.g., the
SolarWinds attack) have highlighted the importance of securing supply chains.
Attackers exploit vulnerabilities in the software or services provided by third parties to
gain access to larger organizations.
 Vendor Risk Management: Companies are increasingly focusing on evaluating and
managing the security practices of their suppliers. This includes monitoring third-party
access to critical systems and requiring vendors to meet specific security standards.
 Supply Chain Attack Prevention: Enhanced security assessments, auditing procedures,
and real-time monitoring are being implemented to detect and prevent supply chain
attacks before they reach critical infrastructure.

9. Cybersecurity Skills Gap

 Talent Shortage: There is a growing shortage of skilled cybersecurity professionals,

which has led to an increase in demand for security experts and training programs.
 Automation to Fill Gaps: Many organizations are turning to automation, AI, and
machine learning to help alleviate the skills gap. These technologies can assist in threat
detection, incident response, and system monitoring, reducing the need for human
intervention in routine tasks.
 Focus on Education and Certifications: As the demand for cybersecurity professionals
continues to rise, there is a strong focus on certifications and educational programs to
equip the next generation of security experts.

10. Cybersecurity for Critical Infrastructure

 Protection of Critical Systems: As critical infrastructure (e.g., energy grids, healthcare

systems, transportation) becomes increasingly digitized, protecting these systems from
cyberattacks has become a top priority for governments and organizations.
66
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Government Initiatives: Governments are investing in protecting critical infrastructure

through legislation, partnerships, and enhanced cyber defense capabilities. The
Cybersecurity and Infrastructure Security Agency (CISA), for example, works to
secure critical sectors in the U.S.
 Resilience and Recovery: Organizations are investing in ensuring the resilience of
critical infrastructure systems, focusing on rapid recovery mechanisms in the event of an
attack, and ensuring that backup systems can take over in case of disruption.

11. Cyber Insurance Growth

 Increasing Demand for Cyber Insurance: As cyber threats grow, companies are
increasingly turning to cyber insurance to mitigate financial losses from data breaches,
ransomware attacks, and other security incidents.
 Underwriting Challenges: Insurance providers are becoming more stringent in
underwriting policies, requiring businesses to demonstrate robust cybersecurity measures
before coverage is provided. This is pushing organizations to adopt stronger security
frameworks.
 Policy Evolution: Cyber insurance policies are evolving to cover a wider range of
threats, including business interruption due to ransomware, data breach liabilities, and
regulatory fines.

Cybersecurity is adapting to the evolving threat landscape by incorporating advanced

technologies, improving response frameworks, and addressing emerging risks. Key
developments like AI, Zero Trust, cloud security, and IoT security are transforming how
organizations protect data, systems, and networks. To stay ahead of adversaries, businesses must
embrace a proactive, multi-layered cybersecurity strategy that incorporates both technology and
a commitment to continuous learning and adaptation.

67
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON FOURTEEN

Software Application Vulnerabilities

Software application vulnerabilities are flaws or weaknesses in a software system that can be
exploited by attackers to gain unauthorized access, disrupt functionality, or compromise sensitive
data. These vulnerabilities can arise due to coding errors, design flaws, or improper
configuration. Understanding and addressing these vulnerabilities is critical for securing software
applications.

Here are some of the most common types of software application vulnerabilities:

1. Buffer Overflow

 Description: A buffer overflow occurs when a program writes more data to a buffer (a
temporary data storage area) than it can hold, causing the overflow to overwrite adjacent
memory. This can lead to unexpected behavior, crashes, or malicious code execution.
 Exploitation: Attackers can exploit buffer overflows to execute arbitrary code or gain
control of the system by injecting malicious code into the application’s memory space.
 Prevention: Using bounds checking, input validation, and modern languages that
automatically manage memory (like Java or Python) can mitigate this risk. Additionally,
stack protection mechanisms (like StackGuard) and DEP (Data Execution Prevention)
can help.

2. SQL Injection

 Description: SQL injection occurs when an attacker inserts or manipulates SQL queries
through unsanitized input fields in an application. This allows attackers to execute
arbitrary SQL commands against the database.
 Exploitation: Attackers can retrieve, modify, or delete data from the database, escalate
privileges, or even execute system commands if the application is not properly secured.
 Prevention: To prevent SQL injection, developers should use parameterized queries or
prepared statements, employ ORM (Object-Relational Mapping) frameworks, and
sanitize all user inputs to ensure only valid data is processed.

3. Cross-Site Scripting (XSS)

 Description: XSS vulnerabilities occur when an application allows attackers to inject

malicious scripts (often JavaScript) into web pages viewed by other users. These scripts
can be executed in a user’s browser, potentially stealing cookies, session tokens, or other
sensitive information.
 Exploitation: Attackers can hijack user sessions, redirect users to malicious websites, or
deface web pages.

68
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Prevention: Implementing input sanitization, escaping output, using HTTP-only cookies,

and employing Content Security Policies (CSP) can help mitigate XSS vulnerabilities.
Additionally, using frameworks that automatically sanitize user input, like React or
Angular, can reduce risks.

4. Cross-Site Request Forgery (CSRF)

 Description: CSRF exploits the trust that a website has in a user's browser. An attacker
can trick a logged-in user into performing unwanted actions on a website (e.g., changing
account settings, making transactions) without their consent.
 Exploitation: If a user is authenticated on a website, an attacker can send a request that
the website treats as legitimate, potentially compromising user accounts or data.
 Prevention: Use anti-CSRF tokens to validate requests and ensure that requests are
originating from legitimate sources. Implementing SameSite cookies also helps prevent
CSRF attacks by restricting cookie usage in cross-site requests.

5. Insecure Deserialization

 Description: Insecure deserialization occurs when an application deserializes untrusted

data from a client, allowing attackers to modify the data and execute arbitrary code or
perform other malicious actions.
 Exploitation: Attackers can manipulate serialized data to execute unauthorized actions,
gain control of the application, or escalate privileges.
 Prevention: Secure deserialization practices include validating and sanitizing input data,
using cryptographic signatures to validate serialized objects, and avoiding deserializing
objects from untrusted sources.

6. Improper Authentication and Session Management

 Description: This vulnerability arises when an application fails to properly authenticate

users or manage their sessions. It can lead to issues such as session hijacking, credential
stuffing, or unauthorized access.
 Exploitation: Attackers may bypass authentication mechanisms, take over user sessions,
or escalate privileges to gain unauthorized access to sensitive data.
 Prevention: Implement strong authentication protocols (e.g., multi-factor authentication),
use secure session management practices (e.g., secure cookies, session timeouts), and
avoid storing sensitive data (e.g., passwords) in an insecure manner (e.g., plain text).

7. Command Injection

 Description: Command injection vulnerabilities occur when an attacker is able to

execute arbitrary commands on the host operating system through an application by
injecting malicious input into a vulnerable system call.
 Exploitation: Attackers can gain control over the host system, steal or modify data, and
potentially launch further attacks.

69
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Prevention: Always validate and sanitize user input, avoid directly using user input in
system calls, and use safer methods for interacting with the system (e.g., using API calls
instead of shell commands).

8. Path Traversal

 Description: Path traversal vulnerabilities allow attackers to access files or directories

that are outside the intended directory scope, usually by manipulating file paths in user
input.
 Exploitation: Attackers can read or write sensitive files, such as configuration files, logs,
or other system files, potentially leading to information disclosure or system compromise.
 Prevention: Use proper input validation and restrict file access to specific directories.
Additionally, canonicalize file paths to prevent attackers from navigating outside the
intended directory.

9. Broken Access Control

 Description: Broken access control vulnerabilities occur when an application fails to

properly enforce security restrictions on user actions or resources. This can allow
unauthorized users to access or perform actions they shouldn't be able to.
 Exploitation: Attackers may escalate their privileges, access restricted resources, or
modify other users' data.
 Prevention: Implement role-based access control (RBAC), enforce least privilege
principles, and conduct regular access control reviews. Ensure that sensitive data is
protected with strong authentication and authorization mechanisms.

10. Security Misconfiguration

 Description: Security misconfigurations happen when an application, server, or database

is not securely configured, leaving it vulnerable to attack. This can include using default
passwords, exposing unnecessary services, or failing to patch vulnerabilities.
 Exploitation: Attackers can exploit misconfigurations to gain unauthorized access,
disrupt services, or extract sensitive data.
 Prevention: Follow secure configuration guidelines for all components of the application
stack. Regularly audit configurations, ensure that unnecessary services are disabled, and
patch vulnerabilities in a timely manner.

11. Weak Cryptography

 Description: Weak cryptography vulnerabilities occur when applications use outdated,

insecure, or weak cryptographic algorithms to protect sensitive data, such as passwords or
communication.
 Exploitation: Attackers can decrypt sensitive information or bypass encryption measures
entirely if weak algorithms are used, leading to data breaches.

70
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Prevention: Use modern, strong cryptographic algorithms (e.g., AES-256, RSA-2048),

implement proper key management, and use secure protocols (e.g., TLS) for
communication.

12. Race Conditions

 Description: A race condition occurs when the outcome of a program depends on the
order or timing of events, such as when two processes try to access shared resources
simultaneously.
 Exploitation: Attackers can exploit race conditions to gain unauthorized access, escalate
privileges, or cause denial-of-service conditions by manipulating the timing of events.
 Prevention: Ensure proper synchronization when accessing shared resources and validate
actions before they are executed. Use atomic operations or locks to prevent race
conditions.

In summary, software application vulnerabilities are a critical concern for developers,

organizations, and security professionals. These vulnerabilities can be exploited to compromise
data, steal sensitive information, disrupt services, or gain unauthorized access to systems. To
protect applications, it is essential to follow secure coding practices, conduct regular security
audits, apply proper input validation and sanitization, and implement security controls like
encryption, authentication, and access control. Additionally, staying informed about the latest
threats and vulnerabilities through resources like the OWASP Top 10 and industry updates is
crucial for mitigating risks effectively.

71
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON FIFTEEN

Evolution of Cybersecurity and National Security Strategies

The evolution of cybersecurity and national security strategies has been shaped by technological
advancements, the increasing dependency on digital infrastructure, and the emergence of
sophisticated cyber threats. As cyber threats have evolved, so too have the strategies and policies
employed by nations to secure their digital and physical infrastructures.

1. Early Stages of Cybersecurity and National Security

Initially, cybersecurity was viewed primarily as a technical issue, and it was mostly handled by
individual organizations, often focusing on securing specific systems or networks. The
relationship between cybersecurity and national security was less pronounced, with national
security focusing more on traditional physical threats and intelligence gathering.

 Pre-1990s: Early efforts in cybersecurity were focused on securing military and

government networks. The first concerns around cyberattacks arose with incidents like
the Morris Worm in 1988, but these were primarily seen as isolated technical issues.

 1990s - Early 2000s: As the internet became more widespread, the risks associated with
cyberattacks started to be recognized on a broader scale. However, cybersecurity was still
not prioritized in national security frameworks. Government entities like the NSA
began focusing on securing military systems, and private sector involvement in
cybersecurity started to grow.

2. Integration of Cybersecurity into National Security Strategies

As the internet and digital technologies continued to expand, vulnerabilities in critical

infrastructures (e.g., energy grids, financial institutions, healthcare systems) were exposed. These
vulnerabilities were increasingly seen as potential threats to national security. Consequently,
cybersecurity began to be viewed as an integral part of national defense.

 Post-9/11 Expansion: After the September 11 attacks, the United States, along with
many other nations, began prioritizing cybersecurity within national security strategies,
recognizing the potential for cyberattacks to cause significant disruption. The U.S.
Department of Homeland Security (DHS) created initiatives such as the National
Cyber Security Division (NCSD) in 2003 to help secure critical infrastructure and
respond to cyberattacks.

 2000s-2010s: During this period, numerous countries developed national cybersecurity

strategies. The U.S. National Strategy to Secure Cyberspace (2003) was one of the
first attempts to outline a coordinated effort to secure cyberspace. The growing

72
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

importance of the internet and digital technologies led to the recognition of cyber threats
as part of broader national security and defense strategies.

 Cyber Command & Cyber Warfare: In 2010, the U.S. Cyber Command
(USCYBERCOM) was established to protect military networks and conduct offensive
cyber operations as part of national defense. This reflects the shift in thinking, where
cybersecurity was seen not just as a tool for protecting data but as a critical component of
national security, on par with traditional military defense.

3. Current National Cybersecurity Strategies

Today, cybersecurity is an essential aspect of national security, with most countries developing
national cybersecurity strategies to address a range of threats—from cybercrime to state-
sponsored cyberattacks. The emphasis is on proactive defense, building cyber resilience, and
ensuring rapid response to minimize the impact of cyber incidents.

 Integrated Cybersecurity and National Defense: Countries like the U.S., UK, Russia,
and China have integrated cybersecurity into their national defense strategies,
recognizing that cyberattacks can be used in warfare, espionage, and sabotage. For
instance, U.S. Cyber Command focuses on defending the nation against cyberattacks
and executing offensive cyber operations against adversaries.

 Cyber Resilience and Recovery: Governments are increasingly focusing on cyber

resilience, which includes not only preventing cyberattacks but also ensuring that critical
systems can continue to function or be quickly restored in the event of a cyberattack.

 International Cooperation: There is also growing recognition of the need for

international cooperation in tackling global cyber threats. Organizations like NATO,
Europol, and the United Nations have frameworks for addressing cross-border cyber
threats. The Budapest Convention on Cybercrime is an example of an international
effort to foster cooperation in combating cybercrime.

Cyber-Attack Typologies and Policy Tools

As cyber threats have evolved, different types of cyberattacks have emerged, each requiring
tailored policy tools and domestic responses. These cyber-attack typologies can be broadly
classified into cybercrime, cyber espionage, cyber terrorism, and cyber warfare, with each
posing distinct challenges to national security.

1. Cyber Espionage

Cyber espionage refers to state-sponsored or politically motivated cyberattacks aimed at

stealing sensitive information such as trade secrets, military intelligence, or government data.

 Policy Tools:

73
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

o Cyber Defense Infrastructure: Strengthening national defenses and critical

infrastructure to prevent infiltration.
o Diplomatic Measures: Engaging in international diplomatic efforts to create
cyber norms and enforce consequences against nations or actors engaging in
espionage.
o Intelligence Sharing: Countries collaborate and share threat intelligence, such as
with Europol or the Five Eyes Alliance.

 Domestic Response:
o Intelligence Agencies: Employing national intelligence agencies (e.g., NSA,
GCHQ) to monitor and respond to cyber espionage threats.
o Cyber Incident Response: Developing capabilities for rapid response and
recovery from espionage incidents, such as securing stolen data and tracing the
perpetrators.

2. Cybercrime

Cybercrime involves illegal activities facilitated through cyberspace, including data theft,
financial fraud, and ransomware attacks.

 Policy Tools:
o Cybercrime Legislation: Implementing laws that criminalize online activities
like fraud, identity theft, and hacking (e.g., Computer Fraud and Abuse Act in
the U.S.).
o Public Awareness Campaigns: Educating citizens and organizations about the
risks of cybercrime and the need for strong cybersecurity measures.
o International Cooperation: Working with global law enforcement agencies like
Interpol and Europol to investigate and prosecute cybercriminals.

 Domestic Response:
o Law Enforcement Agencies: Agencies such as the FBI and Europol's
Cybercrime Centre handle investigations and collaboration on cybercrime cases.
o Ransomware and Cyber Fraud Task Forces: Specialized units to combat
ransomware and fraud in the digital space.

3. Cyber Terrorism

Cyber terrorism involves the use of digital tools to carry out attacks that cause fear, destruction,
or death, typically targeting critical infrastructure or government systems.

 Policy Tools:
o Anti-Terrorism Laws: Enacting legislation to combat cyber terrorism and
support counterterrorism operations in cyberspace.
o Cybersecurity and Critical Infrastructure Protection: Implementing strong
protections around critical sectors like energy, transportation, and finance.
74
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

o Counterterrorism Collaborations: Sharing intelligence between national and

international agencies to prevent and respond to cyberterrorism threats.

 Domestic Response:
o Crisis Management: Establishing procedures for responding to large-scale
cyberterrorist incidents, including national response teams and emergency
protocols.
o Military Cyber Operations: Many nations have dedicated military cyber units
(e.g., U.S. Cyber Command) to defend against and retaliate against cyber
terrorist attacks.

4. Cyber Warfare

Cyber warfare refers to the use of cyberattacks by one nation-state against another, with the goal
of disrupting or damaging the adversary’s military, economic, or societal infrastructure.

 Policy Tools:
o Cyber Defense Policies: National defense strategies must include cyber
capabilities as part of conventional defense forces, often under military
leadership.
o Cyber Deterrence: Establishing a deterrence policy to discourage adversaries
from launching cyberattacks by showcasing retaliatory capabilities.
o International Norms and Treaties: Efforts to establish international rules of
engagement for cyber warfare, including agreements on the protection of critical
infrastructure and the regulation of cyberattacks in conflict.

 Domestic Response:
o Cyber Warfare Units: Dedicated military cyber units (e.g., U.S. Cyber
Command) to defend against or launch offensive cyber operations.
o National Cybersecurity Incident Response: Ensuring the ability to respond
quickly and recover from cyberattacks on national defense or critical
infrastructure.

The evolution of cybersecurity has transformed it from a technical concern to a core aspect of
national security. As cyber threats become increasingly sophisticated, governments worldwide
have adapted their strategies to integrate cybersecurity into their broader defense and national
security frameworks. Understanding the typologies of cyberattacks—cyber espionage,
cybercrime, cyber terrorism, and cyber warfare—is critical for crafting appropriate policy tools
and domestic responses. Countries must continually enhance their cyber defense capabilities,
invest in cybersecurity research, and foster international cooperation to address the dynamic and
evolving nature of cyber threats.

75
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

LESSON SIXTEEN

Cybersecurity Strategies Evolving in the Face of Big Risks

As the digital landscape continues to evolve, so too do the cybersecurity threats that
organizations and nations face. The rapid adoption of new technologies such as the Internet of
Things (IoT), cloud computing, and artificial intelligence (AI), combined with the increasing
sophistication of cyberattacks, has made cybersecurity a major concern for businesses,
governments, and individuals alike. In response, cybersecurity strategies have had to adapt,
becoming more proactive, comprehensive, and resilient in order to address emerging risks. These
evolving strategies reflect the growing complexity of cybersecurity threats and the need to
protect not only data but also systems, processes, and human behavior.

Key Drivers of the Evolution of Cybersecurity Strategies:

1. Increased Threat Complexity and Sophistication:

o Cyber threats have evolved from basic malware and viruses to more complex
attacks, such as ransomware, Advanced Persistent Threats (APTs), and
nation-state-sponsored attacks. Attackers now employ sophisticated tactics,
including social engineering, zero-day vulnerabilities, and supply chain attacks.

2. Shift from Perimeter Defense to Layered Security:

o Traditional perimeter-based security models (e.g., firewalls and antivirus
software) are no longer sufficient. Modern cybersecurity strategies focus on a
multi-layered defense approach, incorporating encryption, identity and access
management (IAM), behavioral analytics, and zero-trust architectures.

3. Focus on Cyber Resilience:

o While prevention remains a key goal, cybersecurity strategies now emphasize
cyber resilience, which refers to the ability to prepare for, respond to, and recover
from cyber incidents. This shift recognizes that no system can be 100% secure, so
the ability to recover from attacks quickly is paramount.

4. Integration of Artificial Intelligence (AI) and Machine Learning (ML):

o AI and ML are being integrated into cybersecurity tools to detect threats faster
and more accurately. These technologies can analyze vast amounts of data,
identify patterns, and predict potential threats, enabling organizations to
proactively address security risks.

5. Cloud Security and the Rise of Remote Work:

o The shift to cloud computing and remote work has transformed the
cybersecurity landscape. Strategies must now account for distributed
environments, protecting data stored in the cloud and ensuring secure access for

76
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

remote workers. This has led to the adoption of technologies such as cloud access
security brokers (CASBs) and virtual private networks (VPNs).

6. Data Privacy and Regulatory Compliance:

o With the increasing amount of sensitive personal and organizational data being
stored digitally, protecting privacy has become a key element of cybersecurity
strategies. Compliance with regulations such as the General Data Protection
Regulation (GDPR), California Consumer Privacy Act (CCPA), and Health
Insurance Portability and Accountability Act (HIPAA) is now central to
organizations’ security planning.

7. Supply Chain Security:

o Attacks on third-party suppliers and partners (e.g., SolarWinds hack) have
highlighted the vulnerabilities in the global supply chain. Cybersecurity strategies
must now include third-party risk management and proactive security assessments
for suppliers, ensuring that partners’ cybersecurity practices align with
organizational standards.

8. Cybersecurity Skills Gap:

o The shortage of skilled cybersecurity professionals is another challenge facing
organizations. As a result, cybersecurity strategies increasingly emphasize
automation, outsourcing to Managed Security Service Providers (MSSPs), and
upskilling the existing workforce through training programs and certifications.

Role of Standards and Frameworks in Evolving Cybersecurity Strategies

As cybersecurity threats become more diverse and sophisticated, standards and frameworks
play a crucial role in guiding organizations toward developing effective cybersecurity strategies.
These standards provide best practices, guidelines, and procedures for identifying, protecting,
detecting, responding to, and recovering from cyber incidents. They ensure consistency,
accountability, and continuous improvement across the cybersecurity landscape.

Key Standards and Frameworks:

1. NIST Cybersecurity Framework (CSF)

o Developed by the National Institute of Standards and Technology (NIST), the

Cybersecurity Framework (CSF) is widely recognized as a comprehensive and
flexible approach to managing cybersecurity risks. It is designed to help
organizations of all sizes and industries improve their cybersecurity posture
through five core functions:
 Identify: Understand the organization's cybersecurity risks.
 Protect: Implement safeguards to protect critical assets.
 Detect: Develop capabilities to identify cybersecurity events in real-time.
 Respond: Respond to detected cybersecurity events.

77
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

 Recover: Implement measures to restore operations after an incident.

o The NIST CSF is especially valued for its ability to be customized for different
industries and its alignment with other standards, making it a cornerstone of
modern cybersecurity strategies.

2. ISO/IEC 27001 (Information Security Management Systems)

o ISO/IEC 27001 is an international standard for managing information security. It

provides a systematic approach to securing sensitive information through a set of
policies, procedures, and controls. Organizations that adopt this standard benefit
from a structured framework for assessing risk, setting up controls, and achieving
continuous improvement in their security posture.

o This standard is widely adopted globally and is recognized as a benchmark for

information security management systems (ISMS), making it vital for
organizations aiming to meet regulatory requirements and customer expectations.

3. General Data Protection Regulation (GDPR)

o The GDPR, enacted by the European Union, provides a comprehensive set of

rules for data privacy and security for organizations that handle EU citizens' data.
It mandates strict controls over data collection, processing, and storage, with
significant penalties for non-compliance.

o The GDPR influences cybersecurity strategies by requiring organizations to

implement robust data protection practices, such as encryption, data
anonymization, and data breach response plans.

4. COBIT (Control Objectives for Information and Related Technologies)

o COBIT is a framework for developing, implementing, and governing IT
governance and management practices. It focuses on aligning IT with business
goals while ensuring effective management of technology risks. COBIT helps
organizations ensure that their cybersecurity efforts are integrated into broader
corporate governance and risk management strategies.

5. Cybersecurity Maturity Model Certification (CMMC)

o The CMMC is a framework developed by the U.S. Department of Defense (DoD)
to assess the maturity and cybersecurity practices of contractors in the defense
industrial base. It establishes multiple levels of cybersecurity maturity, each with
specific practices and processes required for compliance.

6. Payment Card Industry Data Security Standard (PCI DSS)

o The PCI DSS is a security standard for organizations that handle credit card
information. It focuses on securing payment card data and maintaining robust

78
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

access control systems. PCI DSS plays a crucial role in ensuring that businesses
mitigate the risk of payment fraud and data breaches.

7. Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) Program
o The CSA STAR program is a certification designed to ensure that cloud service
providers meet a high standard of security practices. The program helps
organizations assess the security of cloud vendors and ensures that the use of
cloud services complies with security and privacy standards.

The Role of Standards and Frameworks in Evolving Cybersecurity Strategies:

1. Consistency and Best Practices:

o Standards like NIST CSF and ISO 27001 provide a consistent framework for
organizations to follow. These frameworks define a common language and set of
best practices that ensure security strategies are aligned with globally recognized
standards, reducing vulnerabilities and improving threat response.

2. Risk Management:
o Effective cybersecurity strategies are grounded in risk management. Frameworks
such as NIST CSF and COBIT offer tools for identifying, assessing, and
mitigating risks, ensuring that organizations can prioritize their security efforts
based on potential threats and impacts.

3. Regulatory Compliance:
o Many standards and frameworks are closely aligned with regulatory requirements.
For instance, GDPR and PCI DSS ensure that organizations meet the legal and
compliance standards related to data privacy and payment security. Adhering to
these frameworks helps organizations avoid costly fines and reputational damage.

4. Continuous Improvement:
o Frameworks emphasize the importance of continuous improvement. The Plan-
Do-Check-Act (PDCA) cycle in standards like ISO 27001 encourages
organizations to constantly assess and improve their security measures, keeping
pace with evolving cyber threats.

5. Collaboration and International Cooperation:

o Frameworks like NIST CSF and ISO/IEC 27001 are designed to be adaptable to
various industries and regions, promoting international cooperation and
consistency in cybersecurity practices. This helps organizations collaborate with
partners and vendors, particularly in cross-border operations.

6. Resilience and Recovery:

o Standards like NIST CSF emphasize the importance of resilience and recovery in
cybersecurity strategies. They ensure that organizations not only focus on

79
UNILESA, Department of Cybersecurity
UNILESA, Faculty of Computing

preventing attacks but also build plans for rapid recovery, minimizing downtime
and business impact in the event of a breach.

The evolving nature of cybersecurity risks requires organizations and nations to continuously
adapt their strategies, frameworks, and policies. By adopting internationally recognized
standards and frameworks such as NIST CSF, ISO 27001, and GDPR, organizations can
build effective cybersecurity strategies that align with global best practices, ensure regulatory
compliance, and foster resilience. As the cybersecurity landscape continues to grow in
complexity, the role of these frameworks will be essential in enabling organizations to stay ahead
of emerging threats and achieve long-term security and business success.

80
UNILESA, Department of Cybersecurity