cyber security power point presentation, Cheat Sheet of Information Systems

Download cyber security power point presentation and more Cheat Sheet Information Systems in PDF only on Docsity! Humaines de Tunis Cybersecurity Projet by : Eya Hichri UNIVERSITE DE TUNIS EL MANAR Summary :  Definition  Types of cybersecurity  Importance of cybersecurity  Cybersecurity threats and its types  Sources of cybersecurity  ,  Conclusion Types of cybersecurity : 1) Critical infrastructure security. 2) Application security. 3) Network security. 4) Cloud security. 5) Internet of Things (IoT) security. Application Information Network Operational — Encryption a End-user education Disaster recovery Importance of cybersecurity : • Cybersecurity is important because it protects all categories of data from theft and damage. This includes sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems. Cybersecurity threats : • A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include computer viruses, data breaches , Denial of Service (DoS) attacks, and other attack vectors . • It also refer to the possibility of a successful cyber attack that aims to gain unauthorized access, damage, disrupt, or steal an information technology asset, computer network, intellectual property or any other form of sensitive data. Cyber threats can come from within an organization by trusted users or from remote locations by unknown parties. Types of cybersecurity threats : • 1 Malware The term “malware” encompasses various types of attacks including spyware, viruses, and worms. Malware uses a vulnerability to breach a network when a user clicks a “planted” dangerous link or email attachment, which is used to install malicious software inside the system. • 2 Phishing Phishing attacks are extremely common and involve sending mass amounts of fraudulent emails to unsuspecting users, disguised as coming from a reliable source. The fraudulent emails often have the appearance of being legitimate, but link the recipient to a malicious file or script designed to grant attackers access to your device to control it or gather recon, install malicious scripts/files, or to extract data such as user information, financial info, and more • 3 Man-in-the-Middle (MitM) Attacks Occurs when an attacker intercepts a two-party transaction, inserting themselves in the middle. From there, cyber attackers can steal and manipulate data by interrupting traffic. 4. Denial-of-Service (DOS) Attack • DoS attacks work by flooding systems, servers, and/or networks with traffic to overload resources and bandwidth. The result is rendering the system unable to process and fulfill legitimate requests. In addition to denial-of-service (DoS) attacks, there are also distributed denial-of-service (DDoS) attacks. • 5. SQL Injections • This occurs when an attacker inserts malicious code into a server using server query language (SQL) forcing the server to deliver protected information. This type of attack usually involves submitting malicious code into an unprotected website comment or search box. Secure coding practices such as using prepared statements with parameterized queries is an effective way to prevent SQL injections. • 6. Zero-day Exploit • A Zero-day Exploit refers to exploiting a network vulnerability when it is new and recently announced — before a patch is released and/or implemented. Zero-day attackers jump at the disclosed vulnerability in the small window of time where no solution/preventative measures exist. Thus, preventing zero-day attacks requires constant monitoring, proactive detection, and agile threat management practices. • 7. Password Attack • Passwords are the most widespread method of authenticating access to a secure information system, making them an attractive target for cyber attackers. By accessing a person’s password, an attacker can gain entry to confidential or critical data and systems, including the ability to manipulate and control said data/systems. Conclusion : THANKS FOR YOUR ATTENTION