Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
ExcellenceFoundation
214 views
36 slides
Jun 23, 2024
Slide 1 of 36
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
About This Presentation
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips is a presentation by Richard Mawa Michael in a session organised by the Excellence Foundation for South Sudan.
Slide Content
CYBERSECURITY BASICS
By
Richard Mawa Michael
By
Richard Mawa Michael
Training Days: Saturday 22nd and
Sunday 23rd June 2024.
Training Objectives;
●To educate digital citizens on how to protect there accounts and
computing devices.
●To promote cyber hygiene practices in the community.
Sunday 23rd June 2024.
Training Objectives;
●To educate digital citizens on how to protect there accounts and
computing devices.
●To promote cyber hygiene practices in the community.
TRAINING TOPICS FOR DAY 1 & 2
●Day 1: Online Safety tips.
●Day 2: Information security.
●Day 1: Online Safety tips.
●Day 2: Information security.
ONLINE SAFETY.
Walking through the tips, best practices, and
countermeasures
●Definition of Cybersecurity.
●Protecting our personal accounts and
devices.
●Malicious Software (Malware).
●Online attacks and types of attackers.
Walking through the tips, best practices, and
countermeasures
●Definition of Cybersecurity.
●Protecting our personal accounts and
devices.
●Malicious Software (Malware).
●Online attacks and types of attackers.
1- What is Cybersecurity? and why do we
need Cybersecurity?
Cybersecurity is the ongoing effort to protect these networked
systems and all of the data from unauthorized use or harm.
●On a personal level, you need to safeguard your identity, your
data, and your computing devices.
●At the corporate level, it is everyone’s responsibility to protect
the organization’s reputation, data, and customers.
●At the state level, national security, and the safety and
well-being of the citizens are at stake.
need Cybersecurity?
Cybersecurity is the ongoing effort to protect these networked
systems and all of the data from unauthorized use or harm.
●On a personal level, you need to safeguard your identity, your
data, and your computing devices.
●At the corporate level, it is everyone’s responsibility to protect
the organization’s reputation, data, and customers.
●At the state level, national security, and the safety and
well-being of the citizens are at stake.
Why do we need Cybersecurity?
As more time is spent online, your identity, both online
and offline, can affect your life. Your online identity is
who you are in the digital space. So, your online safety is
important because you have;
●Personal information,
●Education information,
●Medical records,
●Financial records
●Employment records etc
As more time is spent online, your identity, both online
and offline, can affect your life. Your online identity is
who you are in the digital space. So, your online safety is
important because you have;
●Personal information,
●Education information,
●Medical records,
●Financial records
●Employment records etc
2- Protecting accounts and devices.
●Use strong passwords.
●Enable 2FA or MFA
●Update your OS and applications.
●Recognize phishing attacks.
●Use strong passwords.
●Enable 2FA or MFA
●Update your OS and applications.
●Recognize phishing attacks.
●PASSWORDS; (Importance & Creating
strong passwords)
Importance;
Passwords serve as the initial defense
against unauthorized access to your
personal computer or mobile device. The
strength of a password directly correlates
with the level of protection it offers
against malicious software and hackers—
and it’s crucial to understand that this
security method applies to every account
you access, whether personal or
professional.
Strong password should;
● Be a minimum of 8 characters in length.
●It must not contain any personal
information, such as your real name,
username or company name.
●It should differ significantly from previous
passwords
●Avoid using complete words.
●A strong password should incorporate
various character types, including uppercase
letters, lowercase letters, numbers and
special characters
strong passwords)
Importance;
Passwords serve as the initial defense
against unauthorized access to your
personal computer or mobile device. The
strength of a password directly correlates
with the level of protection it offers
against malicious software and hackers—
and it’s crucial to understand that this
security method applies to every account
you access, whether personal or
professional.
Strong password should;
● Be a minimum of 8 characters in length.
●It must not contain any personal
information, such as your real name,
username or company name.
●It should differ significantly from previous
passwords
●Avoid using complete words.
●A strong password should incorporate
various character types, including uppercase
letters, lowercase letters, numbers and
special characters
Examples of passwords
Tell 4 differences you have
observed from this 2
different passwords.
Tell 4 differences you have
observed from this 2
different passwords.
●Enabling 2FA
2FA ;
Two-factor authentication (2FA)
is a security layer that requires
two separate, and distinct
forms of identification to access
something. For example; Having
a password and another
security layer like biometric
scan.
2FA ;
Two-factor authentication (2FA)
is a security layer that requires
two separate, and distinct
forms of identification to access
something. For example; Having
a password and another
security layer like biometric
scan.
●Multi factor authentication (MFA)
Why MFA?
The goal of multi-factor authentication
(MFA) is to establish a layered defense
strategy by incorporating two or more
credentials:
For Example; something you know (like
a password), something you possess
(like a security token) and something
unique to you (like biometric
verification).
Why MFA?
The goal of multi-factor authentication
(MFA) is to establish a layered defense
strategy by incorporating two or more
credentials:
For Example; something you know (like
a password), something you possess
(like a security token) and something
unique to you (like biometric
verification).
●Updating Software.(Operating System and
applications)
Why do we need to update our software;
Software updates play a critical role in
safeguarding your system against existing
vulnerabilities. Developers frequently
release updates to address known
weaknesses, making it advisable to
promptly install them before potential
attackers exploit these flaws
applications)
Why do we need to update our software;
Software updates play a critical role in
safeguarding your system against existing
vulnerabilities. Developers frequently
release updates to address known
weaknesses, making it advisable to
promptly install them before potential
attackers exploit these flaws
●Recognizing Phishing emails/attacks.
Definition;
Phishing is a type of social engineering
attack that manipulates the appearance
of web pages, text messages, social
media direct messages and emails to
deceive users into believing they are
engaged in a legitimate and secure online
interaction with a trusted entity.
Brief Explanation:
Typically, phishing emails include
links to these deceptive websites,
which convincingly mimic real
ones. However, phishing sites are
crafted with the intent to either
install malicious software or
collect sensitive personal
information.
See the example in the next slide.
Definition;
Phishing is a type of social engineering
attack that manipulates the appearance
of web pages, text messages, social
media direct messages and emails to
deceive users into believing they are
engaged in a legitimate and secure online
interaction with a trusted entity.
Brief Explanation:
Typically, phishing emails include
links to these deceptive websites,
which convincingly mimic real
ones. However, phishing sites are
crafted with the intent to either
install malicious software or
collect sensitive personal
information.
See the example in the next slide.
3- Malicious Software.(Malware)
Definition of malware;
malware is any code that
can be used to steal data,
bypass access controls, or
cause harm to, or
compromise a system.
Examples include;
●Spyware.
●Scareware.
●Adware.
●Ransomware.
●Virus etc
Definition of malware;
malware is any code that
can be used to steal data,
bypass access controls, or
cause harm to, or
compromise a system.
Examples include;
●Spyware.
●Scareware.
●Adware.
●Ransomware.
●Virus etc
●Spyware.
Spyware –
This malware is design to track and spy on the user.
Spyware often includes activity trackers, keystroke
collection, and data capture. In an attempt to
overcome security measures, spyware often modifies
security settings.
Spyware –
This malware is design to track and spy on the user.
Spyware often includes activity trackers, keystroke
collection, and data capture. In an attempt to
overcome security measures, spyware often modifies
security settings.
●Scareware.
Scareware –
This is a type of malware designed to persuade the user to take a
specific action based on fear. Scareware forges pop-up windows
that resemble operating system dialogue windows.
These windows convey forged messages stating the system is at
risk or needs the execution of a specific program to return to
normal operation. In reality, no problems were assessed or
detected and if the user agrees and clears the mentioned program
to execute, his or her system will be infected with malware.
Scareware –
This is a type of malware designed to persuade the user to take a
specific action based on fear. Scareware forges pop-up windows
that resemble operating system dialogue windows.
These windows convey forged messages stating the system is at
risk or needs the execution of a specific program to return to
normal operation. In reality, no problems were assessed or
detected and if the user agrees and clears the mentioned program
to execute, his or her system will be infected with malware.
●Adware.
Adware –
Advertising supported software is designed to
automatically deliver advertisements. Adware is
often installed with some versions of software.
Some adware is designed to only deliver
advertisements but it is also common for adware
to come with spyware.
Adware –
Advertising supported software is designed to
automatically deliver advertisements. Adware is
often installed with some versions of software.
Some adware is designed to only deliver
advertisements but it is also common for adware
to come with spyware.
●Ransomware
Ransomware –
This malware is designed to hold a computer system or the
data it contains captive until a payment is made.
Ransomware usually works by encrypting data in the computer
with a key unknown to the user. Some other versions of
ransomware can take advantage of specific system
vulnerabilities to lock down the system. Ransomware is spread
by a downloaded file or some software vulnerability.
Ransomware –
This malware is designed to hold a computer system or the
data it contains captive until a payment is made.
Ransomware usually works by encrypting data in the computer
with a key unknown to the user. Some other versions of
ransomware can take advantage of specific system
vulnerabilities to lock down the system. Ransomware is spread
by a downloaded file or some software vulnerability.
●Virus
Virus -
A virus is malicious executable code that is attached to other
executable files, often legitimate programs. Most viruses
require end-user activation and can activate at a specific time
or date. Viruses can be harmless and Simply display a picture
or they can be destructive, such as those that modify or
delete data. Viruses can also be programmed to mutate to
avoid detection. Most viruses are now spread by USB drives,
optical disks, network shares, or email.
Virus -
A virus is malicious executable code that is attached to other
executable files, often legitimate programs. Most viruses
require end-user activation and can activate at a specific time
or date. Viruses can be harmless and Simply display a picture
or they can be destructive, such as those that modify or
delete data. Viruses can also be programmed to mutate to
avoid detection. Most viruses are now spread by USB drives,
optical disks, network shares, or email.
4- Types of attackers.
Attackers–
This group of attackers break
into computers or networks to
gain access. Depending on the
intent of the break-in, these
attackers are classified as
white, gray, or black hats.
Some examples include;
●White hat hackers.
●Gray hat hackers.
●Black hat hackers.
Attackers–
This group of attackers break
into computers or networks to
gain access. Depending on the
intent of the break-in, these
attackers are classified as
white, gray, or black hats.
Some examples include;
●White hat hackers.
●Gray hat hackers.
●Black hat hackers.
●White hat hackers.
White Hat Hacker –
These are ethical hackers who use their programming skills for
good, ethical and legal purposes. White-Hat hackers may perform
network penetration tests in an attempt to compromise networks
and systems by using their knowledge of computer security
systems to discover network vulnerabilities. Security
vulnerabilities are reported to developers for them to fix before
the vulnerabilities can be threatened. Some organizations award
prizes or bounties to white hat hackers when they inform them of
a vulnerability.
White Hat Hacker –
These are ethical hackers who use their programming skills for
good, ethical and legal purposes. White-Hat hackers may perform
network penetration tests in an attempt to compromise networks
and systems by using their knowledge of computer security
systems to discover network vulnerabilities. Security
vulnerabilities are reported to developers for them to fix before
the vulnerabilities can be threatened. Some organizations award
prizes or bounties to white hat hackers when they inform them of
a vulnerability.
●Gray hat hackers.
Grey Hat Hacker –
These are individuals who commit crimes and do
arguably unethical things, but not for personal gain or to
cause damage. an example would be someone who
compromises a network wiithout permission and then
discloses the vulnerability publicly.
A grey hat hacker may disclose a vulnerability to the
affected organization after having compromised their
network. This allows the organization to fix the problem.
Grey Hat Hacker –
These are individuals who commit crimes and do
arguably unethical things, but not for personal gain or to
cause damage. an example would be someone who
compromises a network wiithout permission and then
discloses the vulnerability publicly.
A grey hat hacker may disclose a vulnerability to the
affected organization after having compromised their
network. This allows the organization to fix the problem.
●Black hat hackers.
Black Hat Hacker –
These are unethical criminals who violate computer
and network security for personal gain, or for
malicious reasons such as attacking networks.
Black-hat hackers exploit vulnerabilities to
compromise computer and network systems.
Black Hat Hacker –
These are unethical criminals who violate computer
and network security for personal gain, or for
malicious reasons such as attacking networks.
Black-hat hackers exploit vulnerabilities to
compromise computer and network systems.
Wish you all the best
CYBERSECURITY
BASICS
By Richard Mawa Michael
DAY 2: INFORMATION SECURITY
BASICS
By Richard Mawa Michael
DAY 2: INFORMATION SECURITY
DAY 1 REFLECTION.
Few participants to share;
●Comments
●Concerns
●Contribution
Few participants to share;
●Comments
●Concerns
●Contribution
Day 2 Topics on information security
The CIA Traid (The three security principles);
-Confidentiality
-Integrity
-Availability.
NB: the CIA Traid forms the fundamental
framework of information security.
The CIA Traid (The three security principles);
-Confidentiality
-Integrity
-Availability.
NB: the CIA Traid forms the fundamental
framework of information security.
Definition of information and information
security.
What is information?
In the field of ICT, information is the result
of processing, manipulating and organizing
data, which is simply a collection of facts.
In the field of Information Security,
information is defined as an “asset”; it is
something that has value and should
therefore be protected.
What is information security?
Information security is defined as the
preservation of confidentiality, integrity
and availability of information.
It typically involves preventing or at least
reducing the probability of
unauthorized/inappropriate access, use,
disclosure, disruption,
deletion/destruction, corruption,
modification, inspection, or recording.
security.
What is information?
In the field of ICT, information is the result
of processing, manipulating and organizing
data, which is simply a collection of facts.
In the field of Information Security,
information is defined as an “asset”; it is
something that has value and should
therefore be protected.
What is information security?
Information security is defined as the
preservation of confidentiality, integrity
and availability of information.
It typically involves preventing or at least
reducing the probability of
unauthorized/inappropriate access, use,
disclosure, disruption,
deletion/destruction, corruption,
modification, inspection, or recording.
The 4 Rs of information security.
The 4Rs of information security are;
●“Right Information” refers to the accuracy and completeness of information, which
guarantees the integrity of information.
●“Right People” means that information is available only to authorized individuals,
which guarantees confidentiality.
●“Right Time” refers to the accessibility of information and its usability upon demand
by an authorized entity. This guarantees availability.
●“Right Form” refers to providing information in the right format.
To safeguard information security, the 4Rs have to be applied properly. This means
that confidentiality, integrity and availability should be observed when handling
information.
The 4Rs of information security are;
●“Right Information” refers to the accuracy and completeness of information, which
guarantees the integrity of information.
●“Right People” means that information is available only to authorized individuals,
which guarantees confidentiality.
●“Right Time” refers to the accessibility of information and its usability upon demand
by an authorized entity. This guarantees availability.
●“Right Form” refers to providing information in the right format.
To safeguard information security, the 4Rs have to be applied properly. This means
that confidentiality, integrity and availability should be observed when handling
information.
The art of protecting secrets (confidentiality)
The first principle of the CIA Triad is confidentiality. If a security mechanism offers confidentiality,
it offers a high level of assurance that data, objects, or resources are restricted from unauthorized
subjects. If a threat exists against confidentiality, unauthorized disclosure could take place.
In general, for confidentiality to be maintained on a network, data must be protected from
unauthorized access, use, or disclosure while in storage, in process, and in transit. Unique and
specific security controls are required for each of these states of data, resources, and objects to
maintain confidentiality.
Numerous attacks focus on the violation of confidentiality. These include capturing network
traffic and stealing password files as well as social engineering, port scanning, and so on.
Methods to ensure confidentiality include data encryption, username ID and password, two
factor authentication, and minimizing exposure of sensitive information as well as training of
employees.
The first principle of the CIA Triad is confidentiality. If a security mechanism offers confidentiality,
it offers a high level of assurance that data, objects, or resources are restricted from unauthorized
subjects. If a threat exists against confidentiality, unauthorized disclosure could take place.
In general, for confidentiality to be maintained on a network, data must be protected from
unauthorized access, use, or disclosure while in storage, in process, and in transit. Unique and
specific security controls are required for each of these states of data, resources, and objects to
maintain confidentiality.
Numerous attacks focus on the violation of confidentiality. These include capturing network
traffic and stealing password files as well as social engineering, port scanning, and so on.
Methods to ensure confidentiality include data encryption, username ID and password, two
factor authentication, and minimizing exposure of sensitive information as well as training of
employees.
Counter measures of confidentiality.
● Encrypting data as it is stored and transmitted.
● By using network padding.
● Implementing strict access control mechanisms and data
classificatio
● Encrypting data as it is stored and transmitted.
● By using network padding.
● Implementing strict access control mechanisms and data
classificatio
The art of ensuring integrity (Integrity)
The second principle of the CIA Triad is integrity. For integrity to be maintained, objects must retain their
veracity and be intentionally modified by only authorized subjects. If a security mechanism offers integrity, it
offers a high level of assurance that the data, objects, and resources are unaltered from their original protected
state. Alterations should not occur while the object is in storage, in transit, or in process. Thus, maintaining
integrity means the object itself is not altered and the operating system and programming entities that manage
and manipulate the object are not compromised.
Numerous attacks focus on the violation of integrity. These include viruses, logic bombs, unauthorized access,
errors in coding and applications, malicious modification, intentional replacement, and system back doors.
Numerous countermeasures can ensure integrity against possible threats. These include strict access control,
rigorous authentication procedures, intrusion detection systems, object/data encryption, hash total
verifications, and extensive personnel training.
The second principle of the CIA Triad is integrity. For integrity to be maintained, objects must retain their
veracity and be intentionally modified by only authorized subjects. If a security mechanism offers integrity, it
offers a high level of assurance that the data, objects, and resources are unaltered from their original protected
state. Alterations should not occur while the object is in storage, in transit, or in process. Thus, maintaining
integrity means the object itself is not altered and the operating system and programming entities that manage
and manipulate the object are not compromised.
Numerous attacks focus on the violation of integrity. These include viruses, logic bombs, unauthorized access,
errors in coding and applications, malicious modification, intentional replacement, and system back doors.
Numerous countermeasures can ensure integrity against possible threats. These include strict access control,
rigorous authentication procedures, intrusion detection systems, object/data encryption, hash total
verifications, and extensive personnel training.
Counter measures of Integrity.
● Strict Access Control.
● Intrusion Detection.
●Hashing.
● Strict Access Control.
● Intrusion Detection.
●Hashing.
The concept of five nines (Availability)
The third principle of the CIA Triad is availability, which means authorized subjects are granted timely and
uninterrupted access to objects. If a security mechanism offers availability, it offers a high level of assurance that
the data, objects, and resources are accessible to authorized subjects.
Meaning of five nines (99.999%);
Five nines mean that systems and services are available 99.999% of the time. It also means that both planned
and unplanned downtime is less than 5.26 minutes per year. High availability refers to a system or component
that is continuously operational for a given length of time.
To help ensure high Availability;
●Eliminate single points of failure.
●Design for reliability.
●Detect failures as they occur.
The third principle of the CIA Triad is availability, which means authorized subjects are granted timely and
uninterrupted access to objects. If a security mechanism offers availability, it offers a high level of assurance that
the data, objects, and resources are accessible to authorized subjects.
Meaning of five nines (99.999%);
Five nines mean that systems and services are available 99.999% of the time. It also means that both planned
and unplanned downtime is less than 5.26 minutes per year. High availability refers to a system or component
that is continuously operational for a given length of time.
To help ensure high Availability;
●Eliminate single points of failure.
●Design for reliability.
●Detect failures as they occur.
Thanks for attending!
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 214
- Slides 36
- Age 525 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views