introduction cyber security and CIA Triad
shaunakkulkarni2005
42 views
13 slides
Sep 15, 2025
Slide 1 of 13
1
2
3
4
5
6
7
8
9
10
11
12
13
About This Presentation
Cybersecurity is the practice of protecting computer systems, networks, programs, and data from digital attacks, damage, or unauthorized access. It involves using a combination of technologies, processes, and best practices to prevent unauthorized access, theft, or destruction of information. The co...
Slide Content
Introduction to Cyber Security & Ethical Hacking
Module 1: Fundamentals and Key Concepts
September 6, 2025
September 6, 2025 1 / 13
Module 1: Fundamentals and Key Concepts
September 6, 2025
September 6, 2025 1 / 13
Definition and Importance of Cyber Security
Definition:Cyber security is the practice of protecting computers, servers, mobile devices,
networks, and data from unauthorized access, attacks, or damage. It ensures the safety of
sensitive information and system reliability.
Why is Cyber Security Important?
Protects sensitive data (e.g., personal, financial, or business information).
Prevents disruptions to critical services like healthcare, banking, or utilities.
Safeguards organizational reputation and builds user trust.
Reduces financial losses from cyber attacks.
Ensures compliance with laws and regulations.
Supports national security by securing critical infrastructure.
September 6, 2025 2 / 13
Definition:Cyber security is the practice of protecting computers, servers, mobile devices,
networks, and data from unauthorized access, attacks, or damage. It ensures the safety of
sensitive information and system reliability.
Why is Cyber Security Important?
Protects sensitive data (e.g., personal, financial, or business information).
Prevents disruptions to critical services like healthcare, banking, or utilities.
Safeguards organizational reputation and builds user trust.
Reduces financial losses from cyber attacks.
Ensures compliance with laws and regulations.
Supports national security by securing critical infrastructure.
September 6, 2025 2 / 13
Security Goals: CIA Triad
TheCIA Triadis a core model for cyber security, focusing on three principles:
Confidentiality: Restricts data access to authorized users only.
Example: Encryption protects passwords or credit card details.
Tools: Access controls, data encryption.
Integrity: Ensures data accuracy and prevents unauthorized changes.
Example: Checksums verify file integrity.
Tools: Hashing, version control.
Availability: Guarantees access to systems and data when needed.
Example: Backups and DoS protection ensure uptime.
Tools: Redundant systems, firewalls.
September 6, 2025 3 / 13
TheCIA Triadis a core model for cyber security, focusing on three principles:
Confidentiality: Restricts data access to authorized users only.
Example: Encryption protects passwords or credit card details.
Tools: Access controls, data encryption.
Integrity: Ensures data accuracy and prevents unauthorized changes.
Example: Checksums verify file integrity.
Tools: Hashing, version control.
Availability: Guarantees access to systems and data when needed.
Example: Backups and DoS protection ensure uptime.
Tools: Redundant systems, firewalls.
September 6, 2025 3 / 13
CIA Triad Components
Table:CIA Triad Overview
Component Description
ConfidentialityRestricts access to authorized users
only.
Integrity Ensures data accuracy and prevents
unauthorized changes.
AvailabilityGuarantees access to data and sys-
tems when needed.
September 6, 2025 4 / 13
Table:CIA Triad Overview
Component Description
ConfidentialityRestricts access to authorized users
only.
Integrity Ensures data accuracy and prevents
unauthorized changes.
AvailabilityGuarantees access to data and sys-
tems when needed.
September 6, 2025 4 / 13
Types of Cyber Threats
Cyber threats are malicious attempts to harm or steal digital assets. Common types include:
Malware: Malicious software (e.g., viruses, worms, trojans) designed to damage systems,
steal data, or disrupt operations.
Phishing: Fraudulent emails or messages tricking users into sharing sensitive information like
login credentials or financial details.
Ransomware: Malware that encrypts data and demands payment (e.g., in cryptocurrency) for
decryption, locking users out of systems.
Insider Threats: Risks from employees or insiders who intentionally or accidentally misuse
access to harm systems or data.
Denial-of-Service (DoS): Attacks that overload systems to disrupt availability.
Social Engineering: Psychological manipulation to trick users into revealing sensitive
information or compromising security.
September 6, 2025 5 / 13
Cyber threats are malicious attempts to harm or steal digital assets. Common types include:
Malware: Malicious software (e.g., viruses, worms, trojans) designed to damage systems,
steal data, or disrupt operations.
Phishing: Fraudulent emails or messages tricking users into sharing sensitive information like
login credentials or financial details.
Ransomware: Malware that encrypts data and demands payment (e.g., in cryptocurrency) for
decryption, locking users out of systems.
Insider Threats: Risks from employees or insiders who intentionally or accidentally misuse
access to harm systems or data.
Denial-of-Service (DoS): Attacks that overload systems to disrupt availability.
Social Engineering: Psychological manipulation to trick users into revealing sensitive
information or compromising security.
September 6, 2025 5 / 13
Key Cyber Threats
Table:Key Cyber Threats Definitions
Threat Definition
Malware Malicious software designed to harm
or exploit systems.
Phishing Fraudulent attempts to steal sensitive
information via deceptive messages.
Ransomware Malware that encrypts data and de-
mands payment for access.
Insider ThreatsRisks from individuals within an organi-
zation misusing access.
September 6, 2025 6 / 13
Table:Key Cyber Threats Definitions
Threat Definition
Malware Malicious software designed to harm
or exploit systems.
Phishing Fraudulent attempts to steal sensitive
information via deceptive messages.
Ransomware Malware that encrypts data and de-
mands payment for access.
Insider ThreatsRisks from individuals within an organi-
zation misusing access.
September 6, 2025 6 / 13
Cyber Threats, Attacks, and Vulnerabilities
Cyber Threats: Potential risks that could exploit system weaknesses (e.g., a new malware
strain).
Cyber Attacks: Deliberate actions to exploit vulnerabilities (e.g., hacking a database to steal
data).
Vulnerabilities: Weaknesses in systems or processes (e.g., unpatched software, weak
passwords).
Table:Threats, Attacks, and Vulnerabilities
Term Description
Threat Potential risk that could harm systems
or data.
Attack Deliberate attempt to exploit a vulnera-
bility.
VulnerabilityWeakness that can be exploited by a
threat.
September 6, 2025 7 / 13
Cyber Threats: Potential risks that could exploit system weaknesses (e.g., a new malware
strain).
Cyber Attacks: Deliberate actions to exploit vulnerabilities (e.g., hacking a database to steal
data).
Vulnerabilities: Weaknesses in systems or processes (e.g., unpatched software, weak
passwords).
Table:Threats, Attacks, and Vulnerabilities
Term Description
Threat Potential risk that could harm systems
or data.
Attack Deliberate attempt to exploit a vulnera-
bility.
VulnerabilityWeakness that can be exploited by a
threat.
September 6, 2025 7 / 13
Hacking, Ethical Hacking, and Penetration Testing
Hacking: Unauthorized access to systems with malicious intent (e.g., data theft, system
damage).
Ethical Hacking: Authorized hacking by professionals to identify and fix vulnerabilities, with
owners consent.
Penetration Testing: Structured process where ethical hackers simulate real-world attacks to
test system defenses.
Table:Hacking Comparison
Aspect Hacking Ethical Hacking & Pen
Testing
Intent Malicious, illegal Protective, authorized
PermissionNone Explicit permission
Outcome Harm or theft Improved security
September 6, 2025 8 / 13
Hacking: Unauthorized access to systems with malicious intent (e.g., data theft, system
damage).
Ethical Hacking: Authorized hacking by professionals to identify and fix vulnerabilities, with
owners consent.
Penetration Testing: Structured process where ethical hackers simulate real-world attacks to
test system defenses.
Table:Hacking Comparison
Aspect Hacking Ethical Hacking & Pen
Testing
Intent Malicious, illegal Protective, authorized
PermissionNone Explicit permission
Outcome Harm or theft Improved security
September 6, 2025 8 / 13
Legal and Ethical Aspects of Cyber Security
Legal Aspects:
Laws regulate data protection and cyber activities (e.g., IT Act, GDPR, HIPAA).
Non-compliance can lead to fines, lawsuits, or reputational damage.
Ethical Aspects:
Ethical hackers must:
Obtain explicit permission before testing.
Respect user privacy and confidentiality.
Report findings responsibly without causing harm.
Adhere to ethical codes like those from EC-Council or (ISC)š.
September 6, 2025 9 / 13
Legal Aspects:
Laws regulate data protection and cyber activities (e.g., IT Act, GDPR, HIPAA).
Non-compliance can lead to fines, lawsuits, or reputational damage.
Ethical Aspects:
Ethical hackers must:
Obtain explicit permission before testing.
Respect user privacy and confidentiality.
Report findings responsibly without causing harm.
Adhere to ethical codes like those from EC-Council or (ISC)š.
September 6, 2025 9 / 13
Cyber Security Laws and Regulations
Key laws ensure data protection and compliance:
IT Act, 2000 (India): Governs cyber crimes, data protection, and electronic transactions.
GDPR (EU): Mandates strict data privacy and user consent practices.
HIPAA (USA): Protects sensitive health information.
CCPA (California, USA): Enhances consumer data privacy rights.
PCI DSS: Standards for securing payment card data.
Table:Key Cyber Security Laws
Law Description
IT Act, 2000Governs cyber crimes and data protec-
tion in India.
GDPR Ensures data privacy and user consent
in the EU.
HIPAA Protects health information in the US.
CCPA Enhances consumer data privacy in
California.
September 6, 2025 10 / 13
Key laws ensure data protection and compliance:
IT Act, 2000 (India): Governs cyber crimes, data protection, and electronic transactions.
GDPR (EU): Mandates strict data privacy and user consent practices.
HIPAA (USA): Protects sensitive health information.
CCPA (California, USA): Enhances consumer data privacy rights.
PCI DSS: Standards for securing payment card data.
Table:Key Cyber Security Laws
Law Description
IT Act, 2000Governs cyber crimes and data protec-
tion in India.
GDPR Ensures data privacy and user consent
in the EU.
HIPAA Protects health information in the US.
CCPA Enhances consumer data privacy in
California.
September 6, 2025 10 / 13
Introduction to Cyber Security Frameworks
Frameworks provide structured guidelines for managing risks:
NIST Cyber Security Framework:
Five core functions: Identify, Protect, Detect, Respond, Recover.
Helps organizations manage and reduce cyber risks.
ISO/IEC 27001:
International standard for Information Security Management Systems (ISMS).
Focuses on establishing, implementing, and maintaining security practices.
September 6, 2025 11 / 13
Frameworks provide structured guidelines for managing risks:
NIST Cyber Security Framework:
Five core functions: Identify, Protect, Detect, Respond, Recover.
Helps organizations manage and reduce cyber risks.
ISO/IEC 27001:
International standard for Information Security Management Systems (ISMS).
Focuses on establishing, implementing, and maintaining security practices.
September 6, 2025 11 / 13
Cyber Security Frameworks
Table:Framework Overview
Framework Description
NIST Focuses on identifying, protecting, de-
tecting, responding, and recovering
from threats.
ISO/IEC 27001Standard for establishing and main-
taining an ISMS.
September 6, 2025 12 / 13
Table:Framework Overview
Framework Description
NIST Focuses on identifying, protecting, de-
tecting, responding, and recovering
from threats.
ISO/IEC 27001Standard for establishing and main-
taining an ISMS.
September 6, 2025 12 / 13
Cyber Security Domains
Cyber security covers multiple areas:
Network Security: Protects networks using firewalls, intrusion detection systems, and VPNs.
Web Security: Secures websites and applications from attacks like SQL injection or XSS.
Cloud Security: Ensures secure storage and access in cloud environments.
Mobile Security: Protects mobile devices and apps from malware or data leaks.
IoT Security: Secures Internet of Things devices (e.g., smart home systems) from attacks.
Application Security: Focuses on securing software during development and deployment.
September 6, 2025 13 / 13
Cyber security covers multiple areas:
Network Security: Protects networks using firewalls, intrusion detection systems, and VPNs.
Web Security: Secures websites and applications from attacks like SQL injection or XSS.
Cloud Security: Ensures secure storage and access in cloud environments.
Mobile Security: Protects mobile devices and apps from malware or data leaks.
IoT Security: Secures Internet of Things devices (e.g., smart home systems) from attacks.
Application Security: Focuses on securing software during development and deployment.
September 6, 2025 13 / 13
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 42
- Slides 13
- Age 79 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
21
Know for Certain
DaveSinNM
23 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views