Presentation is loading. Please wait.

Presentation is loading. Please wait.

Basics of Cybersecurity

Published byShannon Walters Modified over 6 years ago

Similar presentations

Presentation on theme: "Basics of Cybersecurity"— Presentation transcript:

1 Basics of Cybersecurity
Teacher PD

2 Introductions *Ashley Greeley
*NSA/CAE grant--Purdue University--Tippecanoe School Corp (IN) *15 years in classroom * 4 years working with the GenCyber program

3 Learning Outcomes Teachers will comprehend and apply cybersecurity vocabulary (including the CIA triad) to common platforms in order to better teach basic cybersecurity and online safety within the classroom. Teachers will brainstorm and develop ways in which the information can be incorporated into their class to better prepare students for a digital world.

4 Why teach cybersecurity?
The impact of new technologies is changing society at an alarming rate-we need to teach students basic skills! It’s our duty. It’s fun and engaging! Jobs, jobs, jobs!

5 https://k12cs.org/framework-statements-by-grade-band/
Standards *The information sent and received across networks can be protected from unauthorized access and modification in a variety of ways, such as encryption to maintain its confidentiality and restricted access to maintain its integrity. Security measures to safeguard online information proactively address the threat of breaches to personal and private data. (Grades 6-8) *Security measures may include physical security tokens, two-factor authentication, and biometric verification, but every security measure involves tradeoffs between the accessibility and security of the system. Potential security problems, such as denial-of-service attacks, ransomware, viruses, worms, spyware, and phishing, exemplify why sensitive data should be securely stored and transmitted. The timely and reliable access to data and information services by authorized users, referred to as availability, is ensured through adequate bandwidth, backups, and other measures. (Grades 9-12)

6 Make a list of all the items that a “Smartphone” has replaced...
Bell Ringer Make a list of all the items that a “Smartphone” has replaced... This is just a “Wake up” exercise to get teachers engaged...

7 -Underline those things that you feel are a need
Security... Look at your list... -Underline those things that you feel are a need * Items that contain a known vulnerability Examples?? Allow teachers to share responses. Efficiency has replaced security. Security has become an afterthought...or we respond when it’s too late and we have already been a victim. Before we get started...a disclaimer. I am not anti-technology. When I speak to students, teachers, parents, admin, my goal is to educate so that people can make educated decisions about their behaviors. Changing behavior is a 3 step process (simply put) I’m not trying to scare anyone because that doesn’t work anyway, you’ll just think “that won’t happen to me…” Instead, I hope to show you the benefits in changing your behavior and help you change your students mindset.

8 Foundational Principles of Cybersecurity

9 Definition Cybersecurity is the practice of protecting the confidentiality, integrity, and availability (CIA) of digital information from threats. Not all damage to CIA is targeted attacks but we still use cybersecurity to mitigate against those threats.

10 Basic Properties of Cybersecurity-CIA triad
Confidentiality Integrity Availability The sequence is (1) a threat or risk exists then (2) C, I, or A are lost OR (3) security mitigates / defends against threat so that CIA is retained. If it’s #2, then there is an impact Visual source: Brink Infosec Technology

11 School Example Using the CIA triad, develop a list of items within the school that network security specialists and school staff would want to protect Confidentiality: Integrity: Availability:

12 Basic Cybersecurity Vocabulary
Attack Surface: Threats/Risks Vulnerabilities Controls Impacts -All the different points that a bad actor/hacker could infiltrate a system and retrieve data (software + hardware) -circumstance, event, or person with the potential to adversely impact operations, assets, individuals or other entities via unauthorized access, destruction, disclosure, modification, or denial of service. -Weakness in an information system, network, or system security procedure that can be exploited by a threat source -Anything put into place or actions taken for prevention Loss to me AND Loss to others (C, I, A) Threat/threat source: circumstance, event, or person with the potential to adversely impact operations, assets, individuals or other entities via unauthorized access, destruction, disclosure, modification, or denial of service. Threat events are caused by threat sources (cyber or physical attack, human error) Impacts: Loss to me Loss to others If you make a choice to ignore security issues, you become part of the vulnerability/problem.r, hardware/software issues, and/or natural/manmade disasters) Example: DDoS is a threat event; threat source is the hacker/adversary who carries out the attack Vulnerability: weakness in an information system, network, system security procedures, internal controls, or implementation that can be exploited by a threat source. Example: not running an IOS update leaves the Apple device vulnerable to harm Source Credit:NIST Special Publication

13 Application to Online Safety-Examples
Social Engineering Public Wi-Fi E-commerce Social Media

14 Social Engineering Attack Surface: Threats Vulnerabilities Controls
Impacts (Phishing) 1. with a link or attachment. Threat source: social engineer 2. Group of malicious Russians who spear phish CEOs of major US companies to steal intellectual property Threat source:? 1. Clicking on the link because the person is hurried, uneducated, or fails to check “red flags” 2. CEOs download compromised PDF because.... User awareness; training on “red flags” embedded warnings within system 1. Individual: confidentiality-give access to info or devices 2. Group: confidentiality, integrity, or availability all could be compromised (ransomware, malware, harm to network, etc) This is great, good example.

15 Public Wi-Fi Attack surface: Threats Vulnerabilities Controls Impacts
? User awareness Use of VPN Lack of entering confidential data while on open network Loss of confidentiality in personal data Exchange of encrypted data like credit cards is not secure May be able to act as you in a logged on website. Allow teachers to fill in threat possibilities as well as vulnerabilities. Threats: eavesdropping or session hijacking Vulnerabilities: (1) weak or no key to join WiFi (2) may be a fake router set up to look like the authentic one. Example: Starbuck_Wifi or JFK_Airport_Wifi - just because they have the name doesn’t mean it’s them.

16 E-Commerce Your turn... Attack Surface: Threats Vulnerabilities
Controls Impacts Best Buy online 1. 2. Using Best Buy as the platform, allow teachers to fill in the information in the chart. I changed from Amazon because they are ULTRA secure - least likely ecommerce site to have a data breach. But Best Buy Threats: data breach Vulnerability: might not be the actual vendor website; server OS not updated; insider not trustworthy; data not stored securely on server;3rd-party vendor website add-on vulnerable; Controls: update your browser to make sure you are using the latest version of HTTPS; if you get a message saying the Certificate is not authentic, then don’t to to website; only shop online with very well established companies; use a unique credit card for online shopping; don’t reuse username and password Impacts: leading to stolen credit info; stolen login credentials -- note that people often use the same username/password on different sites so this can impact more than just your account at Best Buy In the case of E-commerce you really can’t know or control how secure they are - but you can control how badly you will be damaged if they are breached.

17 Social Media Attack Surface: Threats Vulnerabilities Controls Impacts
Attack surface: social media Threats: 1. Child predators posing as children (integrity) Vulnerabilities: Lack of integrity in access control (anonymity in users); lack of confidentiality (location services are opt-out feature) Controls: Opt out of location services; user awareness; parental education; safe user practice Impacts: 1. Harassment, bullying, discomfort, victimized, low self esteem 2.Fear, need to legislate to protect children, distrust

18 Discuss/Share How can you apply this knowledge to your course? Students?

19 Resources for Activities/Information
Common Sense Education /digital-citizenship FTC ONGuardOnline (Stop. Think. Connect): ature-0038-onguardonline Netsmartz (The Center for Missing and Exploited Children) (Teens) NICERC (A project of the Department of Homeland Security) NSA GenCyber First Principles mp/0-GenCyber-First-Principles.pdf TeachCyber.org

Download ppt "Basics of Cybersecurity"

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
INTERNET SAFETY FOR STUDENTS

INTERNET SAFETY FOR STUDENTS
A First Course in Information Security

A First Course in Information Security
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
Data Security.

Data Security.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Day 3 Cybersafety Presented by FJUHSD Teacher Librarian.

Day 3 Cybersafety Presented by FJUHSD Teacher Librarian.
Online Safety and Awareness. Introductions We are students at UNM We are taking an Information Security course this semester. It is our mission to teach.

Online Safety and Awareness. Introductions We are students at UNM We are taking an Information Security course this semester. It is our mission to teach.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.

The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.
Chap1: Is there a Security Problem in Computing?.

Chap1: Is there a Security Problem in Computing?.

Similar presentations

Ads by Google