Enterprise Computing Preliminary Course Unit 3: Principals Of Cybersecurity
Summary
TLDRThe video outlines principles of cyber security for enterprise systems containing sensitive user data. It emphasizes the importance of privacy, trust and legal protections. Potential system vulnerabilities are explored, like hacking, phishing, and human error. Recommended security measures are multifaceted: ongoing staff training, risk assessment procedures, physical/technological access controls, backups, antivirus software and more. Ultimately, vigilant cybersecurity is vital for enterprises to avoid crippling financial losses, reputational damage, work disruptions and legal consequences in the event of data breaches by malicious parties.
Takeaways
- 😀 Privacy, trust and freedom of information are key principles - people's data is sensitive and systems must protect it
- 🔒 Access rights and permissions for data control who can view sensitive information within an organization
- 🙈 People must be careful what personal data they upload online to maintain privacy
- 😖 Social networking provides vulnerabilities for identity theft through account access, fake websites (phishing) and fake WiFi (evil twin)
- ❗ Confidentiality, integrity, availability and privacy are attributes affected during a cyber breach
- 📁 Data, people's personal information, organizational processes and technology get exploited in a breach
- 👮♂️ Key cyber crime threats include hacking, phishing, smishing, scamming, bots and employees causing vulnerabilities
- 🛡 Security awareness and risk management through ongoing staff training and procedures are needed
- 🔒 Protection methods include isolation, physical/network security, backups and software protections
- 📜 Cyber breaches have major financial, reputational, disruption, threat and legal impacts for enterprises
Q & A
What is cyber security and what does it aim to protect?
-Cyber security refers to measures and practices put in place to protect data and user accounts on enterprise systems from unauthorized access or hacking. It aims to make systems more secure and identify any vulnerabilities that could allow data breaches.
What legislation relates to privacy and data protection?
-Key legislation includes the Privacy Act 1988 which governs the handling of personal information, and the Freedom of Information Act which gives people the right to access information held about them.
How can social networking lead to cyber security vulnerabilities?
-Social networks can be infiltrated by hackers who can then access user accounts and data. Things like phishing emails can also trick users into handing over login details to hackers.
What are some common cyber crime threats?
-Common threats include hacking, phishing, smishing, AI bots and botnets, and social engineering where employees are tricked into giving away passwords or access.
What are some methods used to protect systems and data?
-Methods include access controls, physical security, backups, encryption, firewalls, multi-factor authentication, antivirus software etc.
Why is training important for cyber security?
-Ongoing staff training builds awareness of threats and vulnerabilities. It teaches employees secure practices to help protect systems.
What impacts can a cyber security breach have on a business?
-Impacts include financial losses, damage to reputation, work disruptions, legal issues, and potentially going out of business.
What laws apply to the handling of personal data?
-Key laws are the Privacy Act 1988 and Freedom of Information Act. These require proper data handling and give people rights to their data.
Why must businesses keep up with emerging cyber threats?
-The threat landscape keeps evolving so by knowing about new attack methods, businesses can prepare defenses to protect themselves.
What should someone do if their account is compromised?
-They should change their password immediately, enable multi-factor authentication if available, notify contacts, and monitor for suspicious activity.
Outlines
😀Privacy, Trust and Data in Enterprise Systems
This paragraph introduces the key concepts of privacy, trust and freedom of information in enterprise computing systems. It discusses how user data is sensitive and private, requiring security measures for protection. Laws also enable users to access data stored about them to ensure integrity.
😖Data Access, Storage and Protecting Privacy
This paragraph covers managing access rights and permissions for user data in enterprise systems. It emphasizes limiting data access to only essential personnel to minimize vulnerabilities. Users are also responsible for being mindful of what personal data they upload online.
😣Social Media Dangers and Cybersecurity Breaches
This paragraph examines vulnerabilities through social media, including account hijacking, phishing schemes, and evil twin wireless access points used for identity theft. It also covers attributes of cybersecurity breaches like confidentiality, integrity and availability of information.
🔒Securing Enterprise Systems
This final paragraph looks at protection methods for enterprise security like isolation of malware, physical/network access controls, encryption, backups and more. It concludes by stressing the importance of vigilance against emerging cyber threats.
Mindmap
Keywords
💡Privacy
💡Data breach
💡Access controls
💡Encryption
💡Antivirus software
💡Multi-factor authentication
💡Cyber threats
💡Risk management
💡Vulnerability
💡Legislation
Highlights
Privacy, trust and freedom of information are key principles of cyber security
Access rights and permissions restrict data access to authorized users based on their roles
Users must be mindful of what personal data they share online to maintain privacy
Social networking provides vulnerabilities that can lead to identity theft
Understanding cyber security threats like hacking, phishing and scams is key for protection
Ongoing staff training builds awareness on managing vulnerabilities and breaches
Assessing cyber risk and implementing risk management protects systems
Data isolation, physical security and backups help safeguard information
Encryption, firewalls and multi-factor authentication secure access
Antivirus software blocks malware infiltration into systems
Cyber breaches cause financial losses, reputation damage and work disruption
Laws like the Privacy Act 1988 mandate protection of users' data privacy
Knowing current and emerging cyber threats helps prevent attacks
Protecting systems is vital for enterprise survival
We are in an era with many cyber threats requiring ongoing vigilance
Transcripts
Enterprise Computing preliminary course
unit 3 principles of cyber security so
as the name suggests here now we're
looking at Enterprise systems in the
context of they have lots of information
a lot of user accounts signed up to it
we need measures in place to protect
that data and that's what cyber security
is all about and so what we're going to
look at this unit is the different
principles that can help make our
systems more secure but also identify
vulnerabilities that might leave our
system open to people potentially
accessing information and identify them
so we can put structures in place in
order to protect that data so the first
area of this is obviously understand is
in privacy and security privacy being
that information about people is private
it is their information they voluntarily
given it up to a system but they don't
want everyone seeing it okay and there
are laws in place that support that and
then the security side of it are the
measures we put in place to protect that
privacy different types of things such
as passwords Biometrics okay okay a
two-factor authentication all of that is
put in place to keep data private on
systems that are online
so going through this the first areas
that of privacy trust and freedom
information so we've said privacy
relates to being acknowledging that
information related to people is
sensitive and we've got to keep that
private
trust relates to the fact that people
trust our system that when they upload
their data to our system that things
will be in place to protect that data
those aforementioned security areas and
then we have this notion of freedom
information and this is a legislation
that's in place that means that
basically when someone puts their data
on the system they have a right to see
data that is about them on a system now
it might be directly or indirectly that
data has gone into a system such as
governments record specific data about
people when they sign up for services
such as their driver's license and
Medicare and even our criminal records
data is kept about people on systems
freedom information means people have a
right to essentially check those systems
to ensure that the data's thought about
them is correct all right and thus
supporting the Integrity of that system
that has correct information about the
individual but also allowing people to
know what information is being stored
about them
the next area we'll look at is the
access storage and permissions related
to data on systems just because this
data has been uploaded to a specific
enterprise system doesn't mean everyone
within the Enterprise has that right to
view the data and that's why we put in
place access rights and permissions okay
based on users logins within that
organization they would be given
specific access rights to different
types of data usually pertaining to what
is their job within the organization
some people would have full rights and
can read everything but in reality
people only need rights to data that
pertain to their day-to-day work which
means they're not looking at the
personal information of every employee
or user that accesses this system and
permissions need to be in place because
the smaller the circle of people who
have access to data the smaller the
vulnerabilities because in many cases
people are the ones that open up
vulnerabilities that hackers get into
systems so we need our permissions in
place to protect the privacy of the
users that have uploaded the information
but also reduce the vulnerabilities
the next area is people acknowledging
they need to maintain their own data
privacy be careful what they upload okay
if you've put something online you're
pretty much saying here look at my
information so we need to be responsive
to this and understand and mindful that
I'm careful in what I put out there
online and data that is secure I'm
putting it in Secure places where I know
where the security is if it has to be in
digital form I'm keeping it maybe only
stored locally on my system as opposed
to online or at an offline system
something's in place but I'm conscious
that I need to protect my own privacy as
well
the next area is that of the
vulnerabilities okay and specifically
through social networking okay and how
we are at the mercy sometimes of the
social network and if someone's
infiltrated that social network we can
put ourselves in a dangerous situation
where unknowingly we're giving data to a
malicious party so it could be through
account access when I log in and I enter
in my login and password if someone's
there and um they're viewing that data
they'll get my login details and they
can potentially use it and if my
passwords are the same across multiple
platforms they'll know it
if the account is behaving funny or has
been compromised that may be confusing
and maybe cause me to give data
unknowingly to a specific malicious
party okay so we're really counting on
the actual platform that I'm using that
they have Security in place and
different platforms have different
Securities got to remember these
platforms are also internationally based
okay so different countries have
different rules although they are bound
by International laws but they've got
different National laws themselves and
so that provides a gray area with a
degree of security and you've really got
to trust the networks you can meet your
data to in that they'll take your
securities uh seriously a result of this
can be if people get your data it can
lead to identity theft so if once they
get your bank account data is if you
write your account details to purchase
an item from an unreliable website bang
they've got your bank number your uh
your name and your CVC they can use that
data then to purchase things for their
own behalf on other websites using your
money okay and that's what happens with
identity theft so you've got to only
purchase from trusted websites then we
have things such as fishing where people
send you an email saying their your
website your trusted uh platform your
social media or your bank but it's
taking you to a fake website that
emulates the real website and then you
put in your real login and password get
nowhere but on their end they got your
login in password they go to the real
site and start using your information
and then also we've got something that's
risen in the last few years known as an
evil twin this is a wireless access
point that is legitimate it's set up and
it does work for users to connect to but
the people that have set it up are
monitoring what you're doing and they're
registering your logins passwords and uh
sensitive information that you're
putting in for the purposes of identity
theft and gain your data to do malicious
things with it so some really cool
stuffs out there and we've got to be
aware of these vulnerabilities
now the next area then is what are the
attributes of when a cyber security
breach takes place well firstly this
confidentially of information has it
been retained did they get into
information did they see things if they
did we need to change things such as our
passwords so that the people that know
our passwords it's changed now they
can't get into our things so we've got
to know that and we've got to let our
users know that our system's been
compromised okay so they can do changes
on their end too but ensuring that
information is stayed confidential
we've also got to check the Integrity of
our information on our system did the
malicious party that got into our system
change any of our information we need to
go through it to see if anything's
changed because our users on their end
who rely on our information may start
getting incorrect or offensive data that
could be damaging to our Enterprise
some people as well when they hack into
a system might try to take a system out
from functioning so that's when the
availability of information gets
affected okay there are things such as
ddosing where they overwhelm the website
causing it to crash okay and that takes
information offline so is our
information still available to ourselves
and to our users and then finally bring
it home back to those privacy
implications has people's privacy been
breached what other measures they need
to go through in order to protect their
data or change their data so that they
stay secure in their own way
all right and then into the next area
what are things that specifically get
exploited the vulnerabilities during a
breach our data gets exploited that's
stored in our system
people's data about themselves gets
exploited okay when the data's being
accessed in a breach the processes of
our organization and how we do tasks get
viewed and people know our inner
workings of our system so they may need
to be changed or modified so that these
people can't see that vulnerability
again to get into our system and then
obviously what technology are we using
gets exploited okay our IP addresses and
devices okay provide an opening and so
modifications may need to be made there
okay and obviously updated to prevent
further exploitation
okay the next area is security awareness
okay that we are aware that we need to
have security measures in place in order
to protect data so the first area is
knowing the cyber crime threat so
traditional hacking where people try to
get into our system uh through um unfair
uh authorized means through using IP
addresses and different Nets to get
through and fake away into our system
sometimes hacking can be simple as they
know a user's password and they just got
in that way so it can even just be an
open door and they use it that way bang
they're in the system but it's pretty
much their unauthorized getting into a
system we've already mentioned phishing
before where we send out an email and it
takes you to a pretend site that looks
like your authentic platform that you do
actually use and you give information
willingly but then that's also evolved
into a new thing called smishing which
is the same thing but instead of email
it's using SMS so they're sending out
links through SMS saying oh your account
has been compromised click on this link
to fix up your details and through SMS
they click on it and then once again you
give your own details giving away your
information
this is all a part of scamming there are
many types of scamming too as well so
it's not always through phishing and
smashing could just be there saying
something like um these days it's Common
People message uh out saying oh mum and
dad I need help can you please wire me
some money but it's actually not from
their kids okay and they've clicked on
that link and they've willingly sent
money to this unauthorized party
thinking that it was their children so
there's many different scams out there
that are tricking people into believing
it's something authentic and then we
have the whole AI level the Bots and the
botnets trying to get into systems okay
and they're Relentless because they're
technology okay and obviously mapped
with AI trying to get through the
vulnerabilities of a system
finally as I mentioned a bit before one
of the biggest openings to getting to a
system can be employees within
Enterprise themselves causing
vulnerability forgetting to log out of
systems putting their passwords into
phishing websites or some sort of scam
giving away their information okay thus
leaving an opening for people to get
into a system and hack it in order to
conduct cyber crime so they are some of
the actual threats to Enterprise systems
now on the other side we've got to think
of security as an actual type of almost
like health and safety where there's a
risk management procedure in place so
that we can upskill the people within
our organization in what to do and have
an actual procedure to protect our
system so a foundation of this is our
staff need to have ongoing training so
that they know of potential threats and
how they can cause vulnerabilities okay
train them in how in cyber security so
that they use systems safely and prevent
these vulnerabilities
okay through training they learn about
identifying and managing these
vulnerabilities what things can they do
so changing their password regularly
ensuring they log out of systems not
sharing their information that kind of
stuff in order to protect the data of
the system when a breach takes place how
to assess what was the impact what got
viewed who do we need to contact what
data on our end needs to change
and then with that controlling the
damage and loss of data reverting to
backups modifying things that did get
changed letting our users know what
happens so we can hopefully keep a
decent Public Image even though we did
have a security Beach that's a worst
case scenario and we don't want to get
to that level
the next area is that of assessing the
Cyber risk and implementing risk
management so looking at the internal
and external implications So based on
the actual system itself has the system
been affected internally with its
structures functioning and employees of
the organization but also those outside
parties have our users been impacted has
the environment been impacted okay what
is the threat landscape out there of
what took place and how does it impact
our system okay and which leads to the
next Point what is the impact of the
actual exposure okay has data been
leaked are we being held for ransom
which is quite common out there these
days and they where they might link all
our data because they want a payment
being made to them okay and then we've
got to wave that up in what's the
likelihood our system will be exploited
and all our data will be out there this
is why it is so important we are
managing cyber security to have these
measures in place these things do happen
and it can destroy a business okay if
they leak data no one's going to trust
that business again it can lead to them
going out of business altogether
okay within our actual system then we
have the actual protection methods how
do we protect data with our it first is
the notion of isolation when malicious
software gets caught by antivirus
software it puts it into isolation for
the actual administrators to review is
this actual software malicious in many
cases it might be based on its virus
signatures and thus before it even gets
to the system we can eliminate it and
delete it so it didn't impact on the
wider system there
physical security within our
organization that data is stored within
locked rooms okay we have cameras in
place and Technology physical components
that protect the actual data on our
systems other backup locations physical
hard drives and network locations and
servers for storing data in multiple
places in case we do lose data and then
we have those network access methods of
Biometrics checking people's biology
such as their facial recognition scans
and thumb prints give them access to a
system as well as passwords for the
typing in of strings of characters that
people use to identify themselves in
conjunction with their logins the use of
encryption for scrambling data during
transmission obviously done prior to
transmission so that if it is in
transmission gets intercepted it comes
up scrambled but the receiver on the
other end of the data has the encryption
key to revert that symbol scrambled data
back into readable form firewalls that
check data coming in from various
sources and if it's an untrusted sources
it will block the entry of that data
into the system the use of multi-factor
authentication which is very big at the
moment which means you log into a system
and then once you've logged in as it
says multi-factor a secondary alert gets
sent out to that user for them to
authenticate themselves again which may
come through either SMS or through their
email a message saying you're trying to
log into this system here's a
verification code enter this now and
then they've used another way to get
into the system as well the hence why
it's multi-factor they've used their
pass login and password and then they've
used in the pin prompt that was sent to
their email or SMS gaining the access to
the system
our use of backup to protect data from
loss okay that we have multiple servers
and offline servers for storing data
that way if our main servers go down we
can recover the data from our backed up
sources to keep the sync the system
functioning and as mentioned before the
use of antivirus and anti-malware
software which keeps up to date with
specific virus signatures and common
threats out there and then through its
catalog is able to intercept them and
put them into isolation when that data
tries to infiltrate the network
the final areas of cyberlore and ethics
and with that we obviously are looking
at the impact of cyber breaches and I
said before it can lead to a company
going out of business for these reasons
the fact that Financial loss it costs
money they could steal money from the
organization or hold them to Ransom the
reputational damage which is sometimes
even worse in that the public know that
this business was the victim of a Cyber
attack and do I trust my data with this
business okay it leads to massive
disruptions in work especially in areas
where the system's either been taken
down or you need to go through all your
data and assess the damage level the
Cyber threat which takes away from your
main business and isolates certain uh
data that people need to use as a part
of their jobs okay so it brings work to
a halt which obviously costs money in
the long term as well and the legal and
Regulatory ramifications you've got to
say uh commit it to the government that
we did have a cyber breach and you've
got to comply with what measures are are
known for Less your users know that you
didn't have that cyber breach and
telling them the regulations that they
should need to follow to ensure that
their data is safe or what passwords
they may need to change so it says
structures that need to be followed in
to ensure that all parties are safe not
just the Enterprise itself but all users
suppliers other organizations are aware
that you had a data breach data was
potentially leaked and giving them
advice on what they need to do to keep
their own data safe because it has been
infiltrated through your system it's not
nice and a business does not want to go
through this
the next areas of specific laws and
legislation laws exist at a state
federal and international level and one
of the most common laws known as the
Privacy Act 1988 okay as well as I
mentioned before the Freedom of
Information Act Two which obviously
highlights how businesses need to take
the acquisition and storage of people's
data seriously and have these cyber
security measures in place to ensure
that that data does stay safe but then
also knowing too who can view data
putting access rights and permissions on
the data so it's only being used for
specific purposes but people need to
access that data all of that is bound by
law and we need to follow that and then
the final area is a knowledge of current
and emerging cyber crime threats okay
and we are in an era where this is a
booming industry of cyber security
because there are so many cyber threats
out there okay there have been ones that
have infiltrated Banks Health Systems uh
gaming platforms and their online stores
many have happened in previous years
with people's data being exposed so
we've learned through seeing what our
current ones happening by having a
knowledge understanding of current
threats hopefully we can put measures in
place to protect ourselves against it if
we are going to go into that industry
and Enterprises can protect themselves
so I hope this video has given you
understanding of this third unit of the
preliminary course of principles of
cyber security and really it's so
important that we protect our systems
and why it is so important because
really it could mean the life and death
of an Enterprise if they can or cannot
protect the data of the users who
interact with their systems
تصفح المزيد من مقاطع الفيديو ذات الصلة
37. OCR GCSE (J277) 1.4 Preventing vulnerabilities
Malicious Software
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
أنا مكتشف ثغرات...
GUIA completo sobre aplicação da LGPD nos estabelecimentos de saúde!
CompTIA Security+ SY0-701 Course - 2.5 Mitigation Techniques Used to Secure the Enterprise
5.0 / 5 (0 votes)