Introduction

The devices, networks, apps, and data are protected by a system called cyber security from
hacker attacks and unauthorized access. Due to the recent increase in cyberattacks, everyone in
the current climate must prioritize cyber security. Ordinary individuals like you and me can be
protected by cyber security against identity theft and the loss of sensitive data, including contact
information, family photos, and other personal information. Lack of cyber security in the case of
organizations could provide hackers access to important data. Therefore, it is imperative that
everyone use cyber-security in all situations. To protect everyone from such dangers is the main
objective of cyber security.
TABLE of CONTENT

1. Understand the fundamentals of cyber security ........................................................................3

1.1 Describe the term “cyber security” ................................................................................3

1.2 Explain how cyber security risks are managed in an organisation ..................................4

1.3 Describe the laws and regulations associated with cyber security ..................................4

1.4 Summarise the historical development of cyber security................................................5

1.5 Explain the impact cyber security has on individuals and organisations .........................6

1.6 Explain how to keep up to date with the latest cyber security information. ....................9

2 Understand cyber security protection methods ................................................................... 11

2.1 Describe network security protection methods ............................................................ 11

2.2 2.2 Evaluate the impact of penetration and vulnerability testing has to an organisation 13

2.3 Describe end user device protection methods. ............................................................. 14

2.4 Describe the importance of implementing and reviewing access controls in an

organisation........................................................................................................................... 14

2.5 Explain how end users can be educated and aware of cyber security............................ 15

3 Understand how to manage a cyber-security attack ............................................................ 17

3.1 Evaluate the impact a cyber-attack has to an organisation............................................ 17

3.2 Describe the content of an organisational incident management plan ........................... 17

3.3 Explain the importance of internal and external communication when managing a
cyber-attack........................................................................................................................... 19

3.4 Describe the roles and responsibilities for incident management ................................. 19

3.5 Analyse the actions to take when responding to an incident. ........................................ 20

3.6 Explain the importance of post cyber-attack reviews. .................................................. 21

 ‘‘Training Session’’

1. Understand the fundamentals of cyber security

1.1 Describe the term “cyber security”
Cybersecurity is crucial for both individuals and corporations. To protect your networks,
devices, apps, and data using cyber security, you must abide by the following security
policies:
• Security: Anything that keeps you safe or shields you from harm is said to be secure.
Your devices, networks, apps, and information need to be protected from dangers like
viruses and targeted attacks in the internet world.

• Identity: An individual's distinct personality or character is referred to as their identity.

Identification is essential to cyber security since hackers, social engineers, or attackers
could steal a person's personal information and use it to commit crimes.

 • Confidentiality: Keeping something secret or private is referred to as

confidentiality. Businesses use confidentiality to protect sensitive data and ensure
that only a select group of individuals has access to it.
 • Integrity: In the field of information technology, integrity describes the standard
and thoroughness of data. It guarantees that information and software are changed or
modified in a specific way.
 • Availability: Also known as data accessibility, availability describes the degree to
which data is available to all authorized users. It guarantees that authorized users
always have access to all systems and data.

• Threat: In terms of cyber security, a threat is any unauthorized attempts to access, harm, or
interfere with data. Cyberattacks are typically conducted by private individuals, including
corporate spies, hackers, terrorist organizations, and criminal gangs. They carry out a variety of
attacks, including malware assaults, distributed denial-of-service (DDoS), distributed denial-of-
service (DoS), phishing, and others.
• Vulnerability: A security hole in your system is referred to by the term vulnerability.
Vulnerability can be equated to a hole in the fence, and security to a fence.

• Risks or hazards: A risk or hazard occurs when a corporation loses data from its systems or
networks as a result of cyberattacks or data breaches.

1.2 Explain how cyber security risks are managed in an organisation

Despite different techniques, a risk management program usually includes the following steps:

Consider each danger in light of your risk appetite (your predetermined level of acceptable risk).

Give the dangers top priority.

Choose your reaction to each peril. Typically, there are four choices:

By putting security measures in place, one can often treat risks by reducing their likelihood
and/or effects.

Tolerate means to consciously decide to keep the danger (e.g., it falls within the established risk
acceptance criteria).

Terminate - fully avoid the risk by stopping or altering the action that is posing it.

Share the risk with a different party by outsourcing or purchasing insurance, for example.

The importance of risk management

Many information security frameworks and standards, as well as regulations like the
GDPR (General Data Protection Regulation) and NIS Regulations, place a strong emphasis
on risk management (Network and Information Systems Regulations 2018).

1.3 Describe the laws and regulations associated with cyber security
What is Cyber Law?

Cyber laws, also referred to as internet laws, are legal informatics rules that govern software, e-
commerce, and information security as well as the digital transfer of information.
Why Have Cyber Crime Laws?

The usage of the internet raises numerous security and privacy concerns. Intelligent criminals
have been reported to carry out unauthorized operations and potential fraud using cutting-edge
tactics.

Cyberlaws' Function in Cybersecurity

Cyber rules are essential to using the internet and have several functions. These three key areas
are covered by cyberlaws:

Fraud: Users are shielded against online fraud by cyber laws. They are around to stop crimes like
identity and credit card theft.

Copyright: In addition to outlawing copyright infringement, cyber laws also enforce

copyright protection. They grant people and organizations the right to safeguard and
benefit from their creative creations.
Defamation: Cyber laws are also enforced in cases of online slander, which offers people
and companies protection from untrue claims made online that could hurt their
reputations.
Security laws
Cybersecurity or cybercrime laws are regulations that protect information technology
with the aim of requiring businesses and organizations to use a variety of defenses to
protect their systems and data against intrusions.

1.4 Summarise the historical development of cyber security

Due to the growing reliance on computer systems, the Internet, and wireless network
standards like Bluetooth and Wi-Fi, as well as the expansion of smart gadgets and the
myriad devices that make up the "Internet of things," cyber security is becoming more
and more important.

1970s: The Creeper and ARAPNET

 When researcher Bob Thomas developed the computer software Creeper in the 1970s, it
marked its path by leaving a breadcrumb trail as it moved throughout the ARPANET
network.

emergence of commercial antiviral in the 1980s

Commercial antivirus initially appeared in 1987, despite conflicting claims over who
invented the first antivirus product.

90s: Globalization of the internet

More people started posting their personal information online as the internet became
more widely used.

Threats diversify and increase in the 2000s.

Beginning in the early 2000s, organized crime groups began to heavily invest in funding
professional cyberattacks, while governments started to crack down on the illegality of
hacking by handing out increasingly harsher punishments to those responsible.

Next generation in 2021

The cybersecurity market is still expanding at a breakneck pace. According to Statista,
the size of the worldwide cybersecurity market is expected to increase to $345.4 billion
by 2026.

1.5 Explain the impact cyber security has on individuals and organisations

Some of the most prominent ways that modern cybercrime can hurt businesses are listed
below:
1. Cost increases
To protect themselves from online thieves, businesses must pull out their wallets.
Businesses may invest money in a wide range of items, including:
Ransomware, which prevents employees from accessing IT systems unless a corporation
pays a hacker, may also put a substantial strain on finances. According to Hiscox, 6% of
businesses reportedly paid a ransom in 2019, resulting in $381 million in losses.
This was learned the hard way by one of the big three credit bureaus, Equifax, in 2017
when the personal data of 147 million people was exposed. After a court case, the
corporation agreed to pay up to $425.

2. Disruption of Operations
Companies frequently incur indirect costs from cyberattacks in addition to direct
financial losses, such as the potential for a significant interruption in business operations
and associated revenue loss.

For instance, in 2010, WikiLeaks-supporting hackers launched assaults against

Mastercard and Visa that briefly brought down their websites as payback.

3. Modified Business Procedures

Cybercrime can have an effect on businesses beyond just financial ones. To prevent the
exposure of sensitive data, businesses must reconsider how they gather and retain data.

Four. Reputational harm

Although difficult to fully measure, businesses that are the target of more serious
cyberattacks may experience a significant decline in their brand equity. Customers and
even suppliers can feel less confident entrusting someone else with their critical
information.
After a 2013 data breach involving the credit card information of more than 40 million
consumers, retail behemoth Target (TGT) saw its reputation suffer. The security lapse
cost it $18.5 million to resolve.
4

2014 saw JPMorgan Chase & Co. (JPM) suffer a similar setback when thieves stole the
banking clients' data. Hackers have access to 7 million small company accounts and 76
million residential accounts, including names, addresses, phone numbers, and email
addresses.
5

Research indicates that publicly traded corporations are likely to have a short-term
decline in market value in addition to decreased institutional trust. Comparitech, a
security company, investigated 40 data breaches at 34 New York Stock Exchange-listed
organizations. They discovered that the share

5. Loss of Income
One of the worst effects of a cyberattack is a sudden decline in sales as wary clients go
somewhere else to avoid cybercrime. Companies may potentially suffer financial losses
as a result of extortion attempts by hackers.

As an illustration, in 2014, as Sony Pictures planned to distribute the comedy "The

Interview," which featured an attempt to kill North Korean leader Kim Jong Un, it came
under fire. Hackers stole private information, including embarrassing emails and staff
performance reviews.
 Although it refuted the accusations, North Korea is widely thought to have been
responsible for the strike.

6. Intellectual Property Theft

Products, technology, and go-to-market plans are frequently among a company's most
valuable assets. 87% of the assets were intangible.

1.6 Explain how to keep up to date with the latest cyber security information.
We can contribute by keeping your knowledge up-to-date and employing a few simple strategies
to capture the good information out there and weed out the bad.

1. Follow security professionals and influencers

In the information era, knowledge is digital, recorded and streamed for posterity, kept on
massive servers, and made accessible by typing a search word.

For instance, you can learn information from more conventional sources like news websites and
blogs written by security professionals, but you can also use social media, go to conferences and
webinars, or speak with an expert in the field directly.

2. Search for security-related subjects on social media

The majority of social media platforms are excellent tools for finding extra content, including
(actual) news pieces, videos, posts, and other types of posts. They also provide a wealth of
additional information on regional, national, and international events, job openings, the best
cybersecurity companies, and more. Twitter is really helpful.It allows you to see discussions
about current events in real time so you can be right there, in the moment, when things play out.

3. Observe live events

Unbelievable as it may seem, there is a sizable market for actual, live cybersecurity events. This
extends far beyond conferences or "cons."

4. Review the risk and vulnerability advisory feeds

The need of staying informed on security flaws found in both new and legacy technology cannot
be overstated, particularly for business owners. Your web browsers, applications, operating
systems, and a number of other personal and professional tools may have been attacked or
compromised.

5. Take in a podcast.

We all have busy lifestyles, so it's possible that you don't have time to read several articles. What
about the time you devote to walking, running, or traveling, though? Podcasts are a great way to
pass this time because you may multitask while listening to them while on the go.

6. Create personalized real-time alerts

You may create specific cybersecurity warnings using a service like IFTTT, which stands for If
This Then That.

Just keep eating.

Continue consuming content, whether it be reading, listening, chatting, watching videos, or

going to live events, if you want to stay as current with cybersecurity as you can.
Training Session 2

2 Understand cyber security protection methods

2.1 Describe network security protection methods
Types of Network Security Protections

Using pre-established security rules, firewalls manage the incoming and outgoing traffic on
networks.

a network's segments

When assets within a group share a common function, risk, or role within an organization,
network segmentation establishes boundaries between such groups of assets.

Access Control: What is it?

Access control limits unauthorized access and potential dangers by defining the individuals,
organizations, and devices that have access to network applications and systems.

Zero Trust VPN for Remote Access

Telecommuters, mobile users, and extranet users can all access a workplace network remotely
and securely with the use of a remote access VPN.

Network Access with Zero Trust (ZTNA)

According to the zero trust security paradigm, a user should only have the access and privileges
necessary to carry out their assigned responsibilities.

Email Security

Any procedures, items, and services aimed at keeping your email accounts and email content
safe from outside dangers are referred to as email security.
Data Loss Avoidance (DLP)

Data loss prevention (DLP) is a cybersecurity methodology that combines technology and best
practices to stop the exposure of sensitive data outside of an organization. This includes
regulated data, such as personally identifiable information (PII) and compliance-related data,
such as HIPAA, SOX, PCI DSS, etc., as well as data that is subject to regulation.

Intrusion Prevention Systems (IPS) IPS solutions are able to recognize and stop network security
assaults including brute force, DoS, and exploits of known flaws.

Sandboxing

Sandboxing is a cybersecurity technique that allows you to run programs or access files on a host
computer in a secure, isolated environment that closely resembles end-user operating
environments.

Network Security at Scale

Hyperscale refers to an architecture's capacity to scale effectively as the system is subjected to

rising demand. Rapid deployment and scaling up or down are features of this system that can
adapt to shifting network security requirements.

Secure Cloud Networks

Applications and workloads are no longer only housed locally in a data center on-site.

Virus: A harmful downloaded file that can go dormant and spread itself by modifying other
computer programs with its own code is known as a virus.

Worms: Worms can slow down computer networks by consuming bandwidth and reduce the
speed at which your computer processes data.
Trojan: A trojan is a backdoor program that lets malicious users enter a computer system through
what initially appears to be a legitimate program but quickly turns out to be dangerous.

Spyware: True to its name, spyware is a computer virus that secretly collects data on a person or
organization and may share that data with a third party without the user's knowledge or consent.

Adware: Can lead your search requests to commercial websites while also gathering marketing
information about you in order to display tailored advertisements based on your search and
purchase history.

Ransomware is a sort of trojan cyberware intended to steal money from the computer of the
victim or target organization.

With Check Point, secure your network.

Network security is essential for safeguarding client information and data. It also keeps shared
data secure, guards against viruses, and improves network performance by lowering overhead
costs and expensive losses from data breaches. Since there will be less downtime due to
malicious users or viruses, it can also help businesses save money over the long term.

2.2 2.2 Evaluate the impact of penetration and vulnerability testing has to an
organisation
What is a Penetration Test?

A penetration test (pen test) simulates an assault against your network, online applications, staff,
and/or any other system or media that could be weak. A pen test's goal is to find exploitable
holes in your environment so that risks and weaknesses already there can be identified and
reduced.

The Advantages of Penetration Testing

An organization can anticipate receiving a thorough report outlining points of entry and
organizational weaknesses following the completion of a penetration test. Additionally, the
report needs to outline prioritized, explicit activities that can be taken to address any flaws that
are found. Igor Tkach, CTO at Daxx, elaborates on the general advantages of pen testing:
Testing with tripwires and penetration

Organizations that are convinced of the benefits of penetration testing don't need to look any
further for their needs' fulfillment than Tripwire. This is due to the fact that Tripwire's
Professional Services division now provides enterprises in North America with reliable
penetration testing services.

2.3 Describe end user device protection methods.

END USER DEVICE SECURITY GUIDANCE

In order to conform to a desired End-User Device Security Framework, devices (such as

smartphones, laptops, and tablets) are designed in accordance with End-User Device Security
Guidance. In order to deploy End User devices (EUDs) effectively, system administrators must
take into account a number of variables. By doing so, they can increase user awareness of the
potential overall risks to their networks and make informed decisions about the configuration,
management, and usage of EUDs.

GUIDANCE CONSIDERATIONS FOR SECURITY

In order to increase security, a company must take into account a number of variables when
developing or deploying end-user computer equipment, including but not limited to:

Reduce the likelihood of successful assaults using harmful software and content-based threats
with antivirus and anti-malware protection. Most businesses handle this by using antivirus or
anti-malware software that is provided by a third party.

All 3G/4G mobile data exiting a device is collected by a private Access Point Name (APN),
which then directs the traffic back to an IP endpoint on a company network.

There are several advantages to using an APN, some of them are as follows:

• Instead of using the internet, only authorized end-user devices can access external enterprise
infrastructure (VPN).
• Because only authorized devices on the APN are allowed to access and direct traffic, the end-
user computing device is protected from assaults by other cellular network users.

• Since low-level malware cannot circumvent the APN, business monitoring services and IT
resource teams can quickly identify them.

changes to security

Updates and patches for security are often released by manufacturers. Utilize these updates
immediately and frequently to safeguard devices from known threats.

2.4 Describe the importance of implementing and reviewing access controls

in an organisation

The important of access control

Because it is a useful security approach that may be used to limit who or what can view or utilize
a specific resource, access control is significant. This may refer to who has access to modify a
certain file, what equipment can be utilized, or who has access to particular devices in an I.T.
security context.

The Importance Of Access Control For Business Owners

Owners and IT managers should carefully examine access control as part of their IT and business
management strategy due to the volume of data firms have under their control and the risk that it
will end up in the wrong hands.

2.5 Explain how end users can be educated and aware of cyber security.
What is End User Education?

Employee awareness is increased by end-user education, which provides them with the
knowledge and abilities to safeguard their own data and that of the firm from theft or attack.
The importance of end user education

The personnel must be informed of organizational shortcomings, system weaknesses, and

security vulnerabilities on a regular basis through end-user education and evaluations.

TAV Technologies Cybersecurity End User Education

The three fundamentals are the emphasis of TAV Technologies' end-user education.

• Increase employee cyber literacy: Arm employees with the necessary "KNOWLEDGE" to
identify and understand cyber threats, as well as the abilities to appropriately respond to and
escalate problems.

• Expert-driven: With the correct mix of technical know-how and experience, we can offer
current, useful guidance on how to avoid, identify, and counter risks.

• Personalized instruction: TAV Technologies training can be tailored to the requirements of our
clients and include real-world examples.
Training Session 3

3 Understand how to manage a cyber-security attack

3.1 Evaluate the impact a cyber-attack has to an organisation
Businesses can be alerted to emerging threats and prevent attacks on their networks using cyber
threat information.

The following sources are used to gather threat intelligence:

• Deep or Dark Web Intelligence/Technical Intelligence • Human Intelligence • Open Source

Intelligence • Social Media Intelligence

Open Source Intelligence: Open source intelligence is the process of compiling, analyzing, and
passing verdicts based on information that is readily accessible to the general public. Material
that is accessible to the whole public is referred to as "open source."

Social media intelligence is the process of drawing conclusions that can be put into practice from
information that is available on social media networks. Experts use social media tools like
browsing, searching, and phrase filtering to spot patterns in activity and spot potentially risky
actions.

Human intelligence: Mental skills like adjusting to new situations, learning from experience, and
understanding complex concepts are referred to as human intelligence. Experts utilize human
intelligence to influence people to perform tasks or divulge classified information.

Technical intelligence, also referred to as deep or dark web intelligence, is the gathering,
assessment, and formulation of conclusions based on data found on the deep or dark web. Black
websites and dark marketplaces are frequented by criminals and contain enormous caches of
stolen data, attack tools, and threat tactics. Experts can foresee and avert risks using these data.

3.2 Describe the content of an organisational incident management plan

Threats:

 A threat, also referred to as a cyber threat, is an undesirable action done with the intention
of stealing data, corrupting data, or interfering with digital life in general. Cyber threats
 are substantial because hackers could get extremely private and sensitive information to
pose as you or your business and commit fraud. Cyber dangers from both the inside and
outside are also potential. Among the most common cyber threats are malware, spyware,
phishing attacks, distributed denial of service (DDoS) attacks, ransomware, Trojans, and
others.
 Exploits:
 Exploits are little, inconspicuous pieces of code or programs that use a system or network
vulnerability to gain access to it. There are many different types of exploits, however the
following two are the most common:

Re Remote exploits don't require attackers to be physically present near the systems they're
attempting to access because they function across a network.

• Local Exploit: A local exploit requires prior access to the system, in contrast to a remote
exploit. By employing this tactic, the attacker acquires more rights than the system administrator.

Vulnerabilities: A computer system vulnerability is a weakness that can be used by attackers to

gain unauthorized access. Attackers or threat actors often install software, steal data, or damage
data on a system after exploiting vulnerabilities. Attackers use a variety of methods to take
advantage of the flaws, including open source exploit kits, cross-site scripting (XSS), SQL
injection, and buffer overflows. By taking advantage of weaknesses, attackers could gain access
to your sensitive data.

 Risk:

A cyber-attack increases the risk of monetary loss, business interruption, or reputational harm to
a company. Threats from the inside and the outside can be intentional or accidental. Attackers of
cyber risks use a range of strategies to target an organization, such as:

Shoulder surfing, social engineering, ransomware involving cryptocurrency, and phishing

A sort of distributed denial of service is DDoS (Distributed Denial of Service).

3.3 Explain the importance of internal and external communication when
managing a cyber-attack

Communication within the Organization

Organizations can decide when it is best to notify the public about a breach by using internal
communication channels and well-defined policies for escalating cyber occurrences. Prior to an
assault, it is important to establish communication channels, define responsibilities and primary
points of contact, and create a plan for which organizations should be notified first and in what
order.

Speaking with the media

Organizational media and transparency policies must guide media communications. Even if an
occurrence is unusual, it is always in the best interest of the impacted company to adhere to
established processes.

conversing with others

A company needs to communicate with a lot of clients or consumers, it's critical .

3.4 Describe the roles and responsibilities for incident management

The lifecycle of all unanticipated hiccups, malfunctions, and quality declines in offered IT
services is managed by incident managers. Their key objectives are to adhere to incident
management procedures and swiftly return given IT services to regular functioning. They also
inform higher management of significant system problems.

The duties of an incident manager include keeping an eye on the team members working to solve
the issue and the incident response process.
investigating a reported service event to determine what went wrong and initiating the incident
management process.

arranging events according to their significance and the effects they have on the firm.

putting together documentation that describes incident protocols, such as how to handle
cybersecurity threats or fix server problems.

helping the incident management team ensure that all protocols are adhered to religiously.

tracking every event and its result to look for recurring problems

To sustain its effectiveness, the incident management process should be modified as needed.

communication with upper management if severe issues with the IT system are found.

rearranging non-urgent jobs' schedules and workloads in order to manage the incident team
members

3.5 Analyse the actions to take when responding to an incident.

Every cyberattack and every organization is different. However, it’s possible to outline a fairly
standard set of responses to cyber-incidents. Here they are.

1. Prevention

Implementing the lessons you've learned from the most recent incident back into your IR
strategy is the first step in responding to a successful cyberattack.

Additional reading With MSP360, avoid ransomware.

2. Delegation and Communication

The next step is to immediately let everyone on staff who needs to know know that an attack has
taken place. This should apply to your customer service teams as well, as they may have to
handle some challenging requests and complaints over the next several weeks. This will
undoubtedly include technical teams.
Three. Forensics

This IR team should investigate the attack or leak's origin. Technically referred to as "attack
forensics," this procedure can actually be far simpler than the word would imply.

a fresh call to action

4. Contain and Recover

Containing any more harm that could have been inflicted by a successful attack is the next step
in incident response.

5. Maintain All Your Security Systems Up To Date

It is useless to install a security system that you won't maintain. However, this is something we
encounter quite frequently.

6. Assess the Damage

Once the smoke starts to clear, it’s time to assess the damage. You should take a holistic
approach to this, in order to capture the full range of consequences of a successful attack.

3.6 Explain the importance of post cyber-attack reviews.

Post-incident review is a detailed retrospective that allows an enterprise to carefully understand

each part of an incident, from start to finish
Use a post-incident review to assess all the processes and people that were impacted by the
attack so that it never happens again.

SEE WEAKNESSES

Security teams can identify network flaws and vulnerabilities that have been breached by threat
actors by conducting a post-incident review. They should also note all IOCs and TTPs connected
to the attack, as well as any internal problems that the threat actor might have manipulated to get
inside.

HOW DOES GOOD APPEAR?

A thorough post-incident evaluation yields a list of doable steps that address each of the
problems that the threat actor was able to exploit. These steps should lessen the effects of an
attack and impart knowledge on how to stop, detect, and respond to a similar assault in the future
to the security team, the security tools, and the larger company.
Reference
https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security

https://www.cloudflare.com/en-gb/learning/ssl/what-is-encryption/

https://www.techfunnel.com/information-technology/importance-cyber-security-business/

https://www.cyber.gov.au/acsc/view-all-content/advice/cyber-security-terminology

https://www.cdnetworks.com/cloud-security-blog/the-5-industries-most-vulnerable-to-cyber-
attacks/

https://www.cisecurity.org/insights/blog/what-is-cyber-threat-
intelligence#:~:text=Cyber%20threat%20intelligence%20is%20what,access%20to%20all%2Dso
urce%20information.