Cybersecurity Book Notes
Chapter 1

Dr. Greg Bernstein

January 12th, 2021

Chap 1: Intro to Computer Security

Personal/Proprietary Information (Privacy)

Stored and transported across the net

  • Personally Identifiable Information (PII)
  • Personal Health Information (PHI)
  • Organizational “Sensitive” Information

Basic Questions

  • How is the data safeguarded?
  • What are the vulnerabilities of the systems that store and transport the data?
  • How to ensure that these systems and data are safe?
  • Who can access my (or any) data?

Ensure, Assure, Insure

From Merriam-Webster

ensure, insure, assure, secure mean to make a thing or person sure. ensure, insure, and assure are interchangeable in many contexts where they indicate the making certain or inevitable of an outcome, but ensure may imply a virtual guarantee, while insure sometimes stresses the taking of necessary measures beforehand, and assure distinctively implies the removal of doubt and suspense from a person’s mind.

Costs of Cybercrime 1

From Center for Strategic and International Studies: Costs of Cybercrime

The Center for Strategic and International Studies (CSIS), in partnership with McAfee, presents The Hidden Costs of Cybercrime. As the global losses from cybercrime approach $1 trillion, this report focuses on the costs of cybercrime that organizations may be less aware of, such as opportunity costs, downtime and damaged staff morale.

Costs of Cybercrime 2

From Center for Strategic and International Studies: Costs of Cybercrime

Cost of Cybercrime

Costs Other Than Cash 1

From Center for Strategic and International Studies: Costs of Cybercrime

  1. Opportunity costs
  2. System downtime
  3. Reduced efficiency
  4. Brand damage and loss of trust
  5. IP theft

Costs Other Than Cash 2

From Center for Strategic and International Studies: Costs of Cybercrime

  1. Incident response costs
  2. Outside assistance
  3. Cyber risk insurance
  4. Damage to employee morale

Most Costly 1

From Center for Strategic and International Studies: Costs of Cybercrime

  1. Malware and spyware
  2. Data breaches
  3. Phishing
  4. Ransomware

Most Costly 2

From Center for Strategic and International Studies: Costs of Cybercrime

  1. Financial cybercrime
  2. Business email compromise
  3. Cryptocurrency theft
  4. The use of emerging technical and synthetic media for cybercrime

Privacy in General

Resources

Three classical ways to interpret privacy

From NCyTE

  • Privacy is control over the kind and amount of personal information you share with others.
  • Privacy is the right to be left alone.
  • Privacy is having the ability to have an appropriate reputation.

This work is licensed under a Creative Commons Attribution 4.0 International License.

Control Over Personal Info

Derived from NCyTE

Privacy is control over the kind and amount of personal information you share with others.

  • This kind of control enables you to engage in and maintain different kinds of relationships.

  • Think about this: how does the type of relationship you have with someone or something (like a company) determine what personal data you share with them?

  • How much control do you have out on the web? Do you know what they know about you?

This work is licensed under a Creative Commons Attribution 4.0 International License.

Leave me alone!

Derived from NCyTE

  • U.S. Supreme Court Justice Louis Brandeis, in his dissenting opinion on Olmstead v. U.S., 277 U.S. 438 (1928), described “the right to be let alone” as a right guaranteed by the Fourth Amendment.
  • Do you agree?
  • What technologies, apps, etc… would you like to see this applied to?

This work is licensed under a Creative Commons Attribution 4.0 International License.

Your Reputation

Derived from NCyTE

Privacy is having the ability to have an appropriate reputation.

  • What and where is your “online” reputation
  • What can affect your online reputation?
  • Are there any laws or rules that can help?

This work is licensed under a Creative Commons Attribution 4.0 International License.

Cybercriminals

Hacker Types

From Learn Kali Linux 2019

  1. Black hat, White hat, Gray hat
  2. Suicide
  3. State-sponsored
  4. Script kiddie
  5. Cyber terrorist

Black Hat

From Learn Kali Linux 2019

Black hat hackers typically have a strong understanding of systems, networks, and application programming, which they use for malicious and/or criminal purposes. This type of hacker typically has a deep understanding of evasion and indemnification tactics, which they use to avoid imprisonment as a result of their actions.

Indemnity

From Merriam-Webster

Definition of indemnity

  • security against hurt, loss, or damage
  • exemption from incurred penalties or liabilities

White hat hacker

From Learn Kali Linux 2019

possess a strong understanding of systems, networks, and application programming. However, unlike black hats, they use their knowledge and skills to test systems, applications, and networks for security vulnerabilities. This testing is conducted with the permission of the target and is used to find weaknesses in security before unethical hackers exploit them. The motivation to safeguard systems and entities, while staying within the confines of the law and ethics, leads to white hats being called ethical hackers.

Gray hat hacker

From Learn Kali Linux 2019

Gray hat hackers are similar to white hats but often conduct vulnerability research on their own, and then disclose these vulnerabilities to force vendors to remediate the issue by issuing a software patch. Their skills typically have a heavier emphasis on vulnerability research tactics, such as fuzzing, debugging, and reverse engineering.

At times, being a gray hat can be difficult as the balance and definition of ethical and unethical actions keep changing. Despite the difficult place that they occupy in the community, they share valuable information about security flaws, and are therefore important members of the cybersecurity community.

Suicide hacker

From Learn Kali Linux 2019

Suicide hackers are typically less-skilled hackers who are just about capable enough to gain access to systems but are not able to evade detection. These hackers have no concern for being caught or imprisoned—they are happy as long as they succeed in entering and disrupting a system. Their actions are motivated by revenge, political ideologies, and so on. This type of hacker doesn’t care whether they are caught or arrested, so long as the job is done.

State-sponsored hacker

From Learn Kali Linux 2019

The state-sponsored hacker is usually employed by a national government to spy and launch cyberattacks against another nation. These hackers have dominated conversations about hacking in society.

Script kiddie

From Learn Kali Linux 2019

A script kiddie is a type of hacker that does not fully understand the technical background of hacking. They use scripts and tools created by other hackers to perform their dirty work. However, even though script kiddies lack the technical knowledge of a real hacker, their actions can still cause a lot of damage in the digital world.

Other Sections

Risk

  • Cavalier attitude: “We haven’t been breached so we must be secure…”

  • Overly paranoid: “They are all super hackers and they are all out to get me…”

  • See separate risk slide set.

Threat Types

  • See separate threat types slide set.

Concepts and Approaches

  • See separate slide set
// reveal.js plugins