DATA4300

Data Security and Ethics

Lesson week 2
Risk Management
 COMMONWEALTH OF AUSTRALIA
Copyright Regulations 1969

WARNING

This material has been reproduced and communicated to you by or on behalf of

Kaplan Business School pursuant to Part VB of the Copyright Act 1968 (the Act).

The material in this communication may be subject to copyright under the Act. Any
further reproduction or communication of this material by you may be the subject of
copyright protection under the Act.

Do not remove this notice.

 DATA4300 Roadmap
Week 1 Week 2 Week 3 Week 4

Overview of Risk management Business Businesses and

Cybersecurity, Applications of Risk Data Monetisation
Ethics and Privacy Mitigation
Concepts

Week 5 Week 6 Week 7 Week 8

Internet protocols, Using Generative AI

Assessment 1 Privacy protection
social media ethics Workshop
and privacy

Week 9 Week 10 Week 11 Week 12

Society, Technology, Data, Government, Assessment 3

Encryption and New
and Data Ethics Privacy, National
Technologies for
Security and Ethics
Data Security
Assessment 2
Data, Government,
and National
Security
 Lesson Learning Outcomes

1 Review common Cyberattacks

2 Investigate cybersecurity risk mitigation in context

3 Form a simple plan for managing common attack

vectors
4 Review DDoS attacks and solutions
Cyber Attacks Growing Trend

*Past cyber-attacks – WEF by @mikequindazi

Cyber Risks are a Top CEO Concern
Question: How exposed do you believe your company
will be to the following key threats in:
a: The next 12 months?
b: The next five years?
 Review of common cyberattacks1

Malware = any malicious software designed to disrupt or

damage a digital device, computer network or server

Subtypes are
• Ransomware - data is encrypted by an unauthorised
person and the owner has to pay to get the decryption key

• Spyware - software downloaded on a

computer and gathers information about the user's web
activity

• Trojan - software that appears to be legitimate is

downloaded with the aim of gathering personal data such
as financial data
This Photo by Unknown Author is
licensed under CC BY-SA

• Botnet - an infected computer network manipulated to

perform attacks on other networks

https://www.crowdstrike.com/cybersecurity-101/cyberattacks/most-common-types-of-cyberattacks/
 Review of common cyberattacks 2
Social Engineering = Psychological methods such as fear,
trust, offers of money or services, friendship, etc. are used to
manipulate computer users into action

Subtypes are

• Pretexting involves attackers try to gain information by

pretending to be someone that you would normally trust
and creating a fake scenario, eg. IT staff, HR staff, a friend
with a fake story

• Honeytrap is where a person looking for love or friendship

online is tricked into thinking another individual is interested
in them, however they just want to extract money or
information from them

https://www.crowdstrike.com/cybersecurity-101/cyberattacks/most-common-types-of-cyberattacks/
 Review of common cyberattacks 3
Denial of Service (DoS) attacks = a “malicious” attack which may overwhelm a
computer network to the point where users are unable to perform normal operations

For example,
• Unable to access email
• Can’t open websites or online accounts
• False requests clog up the network

Similar attack is called a Distributed Denial of Service (DDoS) attack. In this case,
there are many sources (systems) of attack and that makes it more difficult to block

This Photo by Unknown

Author is licensed under
CC BY-NC

https://www.crowdstrike.com/cybersecurity-101/cyberattacks/most-common-types-of-cyberattacks/
 Activity: Quick Quiz

Which types of cyberattacks are these

A. A person pretending to be a contact claims that a friend of yours is

in hospital and didn’t get paid. They ask you for money?

B. You download a game and realise later that someone has your
personal details

C. You go to work and notice that the network is running slow that not
a lot is happening, memory seems to be used up and you can’t
access Outlook. Your colleagues have the same problem.
 Activity: Business Scenario
Suppose that you are working as a new IT project manager at the South Australian
Police Department (SAPOL). The project you have been given is to assess and
improve the cybersecurity as part of SAPOL’s strategic plan.

Their website is https://www.police.sa.gov.au/about-us/crime-statistics-map

Take a look at their services and the data they may have, e.g. crime and traffic
statistics, employee data, branch location data, reports and other information.

So you will need to assess what their vulnerabilities are and create a risk mitigation
plan.

How might this be done? What is the right terminology to use in the report of your
plan?

Let’s make a start on this today.

This Photo by Unknown Author is licensed under CC BY-NC-ND

 Glossary re cyberattack mitigation
An attack vector is a way (entry point) used to gain unauthorised access to a
device or computer network

A software patch is a piece of code designed to protect software, improve the

functioning of it or add some feature. It is a ‘quick” fix.

The Cyberattack types we have discussed (Malware, etc) are attack vectors.
Two others include
• weak encryption
• unpatched software (apps with known vulnerabilities)

under CC BY
This Photo by Unknown Author is licensed
• Other common attack vectors will be discussed in TECH2400

https://www.fortinet.com/resources/cyberglossary/attack-surface
 Activity: Attack surface and risk mitigation

• Watch the video on attack surfaces, weaknesses and

introduction to risk mitigation
https://www.youtube.com/watch?v=3KcPLJzB1Xc

Q1. What appears to be some of the weaknesses of a

company’s attack surface, i.e. what are easy targets for attack?

Q2. What are potential risk

mitigation methods?
 Cyberattack mitigation concepts
An attack surface is the total number of points (attack vectors) that an
unauthorised user can access in order to manipulate a network or device and/or
extract data.

Can include physical and virtual (digital) devices, i.e. firewalls, PCs, tablets and
laptops, printers

1. The first step in protecting your attack surface is to define and map it

2. Identify all devices, users, permissions and connections

3. Identify all company data storage locations and who currently has permission
to access the data

4. Categorise the resources in terms of risk

This Photo by Unknown Author is licensed under CC BY-SA

https://www.fortinet.com/resources/cyberglossary/attack-surface
 Activity: Attack surface for SAPOL

Define the attack surface for SAPOL

This Photo by Unknown Author is licensed under CC

– Who are the users of the system? BY-SA

– Where might the data, e.g. licence data, criminal stats, details of
crimes/incident, staff payroll data, be stored?

– Reflecting on the services on the SAPOL website, what

systems/departments might be connected?
 Risk assessment and matrix
After defining the attack surface, part of your cybersecurity preparation, and
mitigation would involve the creation of a risk matrix as part of a risk assessment.
A risk assessment checklist exists at

https://www.netwrix.com/information_security_risk_assessment_checklist.html

Observe that the components listed are

• Asset identification and classification

• Potential threat Identification
• Assess vulnerabilities
• Analyse the impact of probable threats
• Perform risk scoring

▪ Risk categorised as high, medium, low for asset, threat, vulnerability

• Common risk scoring formulae

Risk level = probability of occurring x impact

Let’s consider risk categorisation

 Activity: Risk assessment matrix
Stage 1
• Probability versus impact (Likelihood versus severity) risk levels
formed

This Photo by Unknown Author is licensed under CC BY

• Observe how the levels vary

 Activity: Risk scores for threats
Stage 2
Form groups and create two potential entries for SAPOL, as we have below

Threat Vulnerability Asset and Impact Solution

consequences
DoS attack Firewall No access to Financial loss Monitor
High configured some resources Medium Firewall
correctly (critical
Low consequence)
Spyware Crime reporting Private citizen Personal Install anti-
Low on laptops by information safety and spyware
police exposure (critical reputation program
Medium consequence) loss
High

https://www.netwrix.com/information_security_risk_assessment_checklist.html
 Risk mitigation methods
Develop a zero trust framework

Network Segmentation

Uncover security flaws

Scan for threats

Train employees

Streamline processes

• We expand on some of the more complex methods in the

next few slides
https://www.fortinet.com/resources/cyberglossary/attack-surface
https://www.youtube.com/watch?v=3KcPLJzB1Xc
 Glossary: Zero trust framework
• Zero trust philosophy = No user inside or outside a computer network
can be trusted until their identity is verified (checked)

• The assumption is that potential threats are everywhere

• Implementation: Strict identity verification has to occur for all

users/devices trying to access a computer network or app. Also, other
access control measures.

This Photo by Unknown Author is licensed under CC BY-SA

• For example, the use of multifactor authentication, and have user
request forms

https://www.fortinet.com/resources/cyberglossary/what-is-the-zero-trust-network-security-model
 Zero Trust contd…
• Another way of looking at the problem. Instead of trying to guard
the attack surface, imagine a “protect surface” made up of

• Data – what data do you want to protect?

• Apps – which apps hold “sensitive information”?
• Assets – what are the most vulnerable assets?
• Services – which services need to be protected so that
This Photo by Unknown Author is licensed under CC BY
operations run as usual?

https://www.fortinet.com/resources/cyberglossary/what-is-the-zero-trust-network-security-model
 Activity: Protect surface assessment

Form groups and answer the following with reference to your

SAPOL project

1. What data do you want to protect?

2. Which apps hold “sensitive information”?

3. What are the most vulnerable assets? This Photo by Unknown Author is
licensed under CC BY-SA-NC

4. Which services need to be protected so that operations run

as usual?
 Scan for threats and uncover
cybersecurity flaws
• Perform regular network scans with up-to-date software

• Look for cybersecurity flaws, for example police computers systems

could be outdated, hence somewhat more difficult to protect from
cybercrime

• Case Study: “In December 2016, a law enforcement agency near

Dallas, Texas, was the victim of a ransomware attack when an
employee clicked on a link in a phishing email that appeared to be
from another law enforcement agency. “

Source: https://www.policechiefmagazine.org/the-emerging-cyberthreat-cybersecurity/

This Photo by
Unknown Author
is licensed under
CC BY-NC-ND

https://www.centerpointit.com/compromised-cops-the-risk-of-poor-police-
cybersecurity/#:~:text=Police%20departments%20store%20sensitive%20crimi
nal,develop%20strategies%20to%20reduce%20crime.
 Activity: Potential cybersecurity
threats
Form groups and answer the following with reference to
your SAPOL project

Q. Can you think of any potential cybersecurity threats and

possible security flaws due to the nature of law
enforcement?

This Photo by Unknown Author is licensed under CC BY-NC This Photo by Unknown Author is licensed under CC
BY-SA
 Network Concepts
• Before we explain Network segmentation
concepts, let’s review the idea of networks

• Nodes are connection points to send, receive and

store data. Each node has an ID on the network.

• Computer devices include PCs, Laptops,

printers, routers (a device which send information
between networks), switches (manage
communication within networks)

• Computer networks are made up of computer

devices (nodes) and connections (links for
transferring information)

https://www.ibm.com/topics/networking#:~:text=It's%20essentially%20any%20network%20device,receive
%20access%20to%20the%20network.
 Network Concepts

• Circuit switching establishes a connection between specific nodes

• Packet switching is about breaking down of data to enable it to travel

through the network more easily

• Gateways are hardware devices designed to control communication between

networks

This Photo by Unknown Author is licensed under CC BY-NC-ND

https://www.ibm.com/topics/networking#:~:text=It's%20essentially%20any%20network%20device,receive%20acc
ess%20to%20the%20network.
 Activity: Network Topologies
(shapes)

Typical
arrangements of
computer
networks

This Photo by Unknown Author is licensed under CC BY-SA-NC

For more topologies see https://www.geeksforgeeks.org/types-of-network-topology/

 Activity: Network concepts
• To help you remember some of the concepts about networks

• Form pairs

• Construct a network(s) diagram with components in any shape you want

for your SAPOL project

Perhaps think about

what you have set
up at home or work
first

This Photo by Unknown Author is licensed under CC BY-NC

 Segment the network
• Network segmentation is about dividing the network into smaller parts
(partitions), to ensure
This Photo by Unknown Author is
licensed under CC BY-SA

• an entire system is less likely to fail if attacked, thus improving

security
• performance can be managed better
• network monitoring is easier
• operations improve due to limiting network traffic congestion
• parts of the network accessed only when needed

• makes it easier to be compliant – regulated data gets separated from

other data

Examples are on the next slide

https://www.cisco.com/c/en/us/products/security/what-is-network-
segmentation.html#:~:text=Segmentation%20divides%20a%20computer%20network,network%20p
artitioning%2C%20and%20network%20isolation.
 Segment the network contd…
Examples:

• Networks divided using Virtual Local Area Networks (VLANS) which operate
independently within the larger network (behaves like a switch)

• Firewall-based segmentation (creates internal separate zones)

• Software-defined networking
(SDN) segmentation separates
the control functions of the
network (“brains”) from the
infrastructure (switchers and
routers), and applications on the
network

This Photo by Unknown Author is licensed under CC BY

https://www.cisco.com/c/en/us/products/security/what-is-network-
segmentation.html#:~:text=Segmentation%20divides%20a%20computer%20network,network%20partitioning%2C%20and%20net
work%20isolation.
https://www.sdxcentral.com/networking/sdn/definitions/what-the-definition-of-software-defined-networking-sdn/
 Activity: Network segmentation
• Form groups and answer the following with reference to your SAPOL
project,

Q. Consider the VLAN segmentation method, what systems (users)

might you want to separate regarding police information networks?

• For example, staff working with the police payroll system, crime
stats data system and infringement notice system, may want to
keep their network traffic and communications isolated.

This Photo by Unknown Author is licensed under CC BY-ND

 Security Incident management
1. Prepare – create an incident response team and make their roles
clear, have tracking and reporting mechanisms

2. Detection and Analysis of threat type, and notify relevant

stakeholders

3. Contain and remove threat – clean software, networks, etc.

4. Implement your recovery plan – running usual operations

5. Hold a post incident review

This Photo by Unknown Author is licensed under CC BY-ND

Source: Based on KBS Security management processes

 Activity: Security Incident
management
Recall our case study: “In December 2016, a law enforcement agency
near Dallas, Texas, was the victim of a ransomware attack when an
employee clicked on a link in a phishing email that appeared to be from
another law enforcement agency. “

Source: https://www.policechiefmagazine.org/the-emerging-cyberthreat-cybersecurity/

Form groups and answer the following,

Q. How would you apply the five steps below to the case study?

(Preparation, detection and analysis, contain and remove threat,

implement a recovery plan, hold a review after the incident)
 Review of DDoS

This Photo by Unknown Author is licensed under CC BY

• Glossary: Internet protocol (IP) address is a set of numbers and

letters which allow any device connected to the internet to be
identified.
• Example: ‘2001:0db8:85a3:0000:0000:8a2e:0370:7334’.

• Denial of service (DoS) attacks are common of computers and IoT

devices

• How do they work?

• Networks of malware - infected devices (so-called “bots” or
“zombies”) are able to be controlled remotely by attackers.
• An attacker instructs the group of bots (botnet) to send requests to
the victim’s IP address.
• The many requests (increased traffic) can overwhelm a server or
network
https://www.cloudflare.com/en-gb/learning/ddos/what-is-a-ddos-attack/
 Identifying a DoS
Q. How do we mitigate a DDoS attack?

• Firstly, identify it as a DDoS attack, via symptoms such as

▪ Slowing of the system

▪ An unusual amount of internet traffic coming form one IP address

▪ A large amount of internet traffic coming from users with a similar

profile, e.g. device type or location

▪ A radical change in normal internet activity through the day

▪ Particular types of attack may be covered in the TECH subjects,

e.g. Application layer attacks, HTTP flood, protocol attacks (see
notes for brief summary)

https://www.cloudflare.com/en-gb/learning/ddos/what-is-a-ddos-attack/
 Mitigating a DoS
is licensed under CC BY-SA-NC
This Photo by Unknown Author

Q. What is the process for mitigating a DDoS attack?

Solution 1.
• Blackhole routing: Create a so-called blackhole route and filter the
malicious traffic down that route. This is a simple way to clear the
network.

Solution 2.
• Rate limiting: Limit the number of requests a server can accept over a
specified timeframe, and hence, limit the total traffic on the network

https://www.cloudflare.com/en-gb/learning/ddos/what-is-a-ddos-attack/
 Mitigating a DoS contd..
Solution 3.
Web app firewall (WAF): WAF sits between the internet and server,
and therefore acts as a barrier to threats

Solution 4.
Anycast network diffusion: Network traffic is spread across many
servers and so the system absorbs any flood of requests

This Photo by Unknown

Author is licensed under CC
BY-SA-NC

https://www.cloudflare.com/en-gb/learning/ddos/what-is-a-ddos-attack/
 DDoS Cases in 2024

French state services – “During almost an entire day, over

300 web domains and 177,000 IP addresses associated with
the government were impacted, including severe disruptions
to major public service websites.”
Source: https://techmonitor.ai/technology/cybersecurity/biggest-cyberattacks-of-2024

Cyber magazine reported that Romania suffered more than

1000 DDoS attacks in one day.
Source: https://cybermagazine.com/articles/ddos-attacks-threatening-operation-of-paris-
olympics
 Activity: Reflection

As individuals reflect on today’s lesson

Write a simple risk mitigation summary (using dot points)

based on what you have learnt today

This Photo by Unknown Author is licensed under CC BY

 Ref and links
WEF by @mikequindazi*Past cyber-attacks – WEF by @mikequindazi
https://www.crowdstrike.com/cybersecurity-101/cyberattacks/most-common-types-of-cyberattacks/
https://www.police.sa.gov.au/about-us/crime-statistics-map
https://www.upguard.com/glossary/attack-vector
https://www.youtube.com/watch?v=3KcPLJzB1Xc
https://www.fortinet.com/resources/cyberglossary/attack-surface
https://www.netwrix.com/information_security_risk_assessment_checklist.html
https://www.fortinet.com/resources/cyberglossary/attack-surface
https://www.youtube.com/watch?v=3KcPLJzB1Xc
https://www.fortinet.com/resources/cyberglossary/what-is-the-zero-trust-network-security-model
Source: https://www.policechiefmagazine.org/the-emerging-cyberthreat-cybersecurity/
https://www.centerpointit.com/compromised-cops-the-risk-of-poor-police-
cybersecurity/#:~:text=Police%20departments%20store%20sensitive%20criminal,develop%20strategies%20to
%20reduce%20crime.
https://www.cisco.com/c/en/us/products/security/what-is-network-
segmentation.html#:~:text=Segmentation%20divides%20a%20computer%20network,network%20partitioning
%2C%20and%20network%20isolation.
https://www.sdxcentral.com/networking/sdn/definitions/what-the-definition-of-software-defined-networking-sdn/
: https://www.policechiefmagazine.org/the-emerging-cyberthreat-cybersecurity/

https://www.cloudflare.com/en-gb/learning/ddos/what-is-a-ddos-attack/
https://techmonitor.ai/technology/cybersecurity/biggest-cyberattacks-of-2024
https://cybermagazine.com/articles/ddos-attacks-threatening-operation-of-paris-olympics