CYBER SECURITY

Muhammad Ayaz Khan

PhD in Cyber Security (progress)
Air University, Islamabad.

Email: ayaz.khan@students.au.edu.pk
ayaz.khan@mail.au.edu.pk

Room#, 501, 5th Floor FMC building AU Islamabad

DEPARTMENT OF
Computer science
Air University, ISLAMABAD Campus
1
 COURSE OBJECTIVE

Course Learning Outcomes (CLOs)

Explain key concepts of information security such as

1 design principles, cryptography, risk management, and
ethics

Discuss legal, ethical, and professional issues in

2 information security.

Apply various security and risk management techniques and tools for achieving
3 information security and privacy.

Identify appropriate techniques to tackle and solve

4 problems in the discipline of information security.

2
COURSE INFORMATION

Credit Hours: 2.0

Duration: 16 Weeks
Assessment:

Theory (100)
Evaluation Method
Distribution Marks
Quizzes (3) 10% 10
Assignments (3) 10 % 10
Practical Task / Semester
10% 10
Projects / Presentations
Midterm Exam 25% 25
Final Exam 45 % 45
Total 100 % 100

3
COURSE INFORMATION

Semester Project (if any)

Students will be engaged in a group project in this course. Two types of
semester projects will be conducted in this course. A programming (or
experimentation based) project related to a specific security topic or
research paper readings.
In the latter case, each group member will be provided a few research
articles related to a particular topic that will constitute their semester
project. Each group will be required to present its topic in mid of the
semester and will also submit a short progress report. At the end of the
semester, they will showcase and present their work.

4
 COURSE RESOURCES

Reference Books:
 Michael E. Whitman, Herbert J.
Mattord, “Principal of information
security”
 Bruce Schneier, “Applied
Cryptography”, 2nd Edition or Latest
 C.P. Pfleeger, “Security in
Computing”, Prentice-Hall, 4th Edition
or Latest

5
WHY IS SECURITY?

• Now tech is every where

• There are some threats we are going to live with
• The global cyber security market was valued at US$176.4 billion in
2021 and is estimated to grow at a compound annual growth rate
(CAGR) of 10.2% between 2022 and 2029, mainly driven by
increasing number of data breaches and advanced malware
threats.

6
WHY IS SECURITY?

Cyber crimes are increasing,

its growing industry,
its beneficial for the attackers
and
risks are extremely high
Annual global cyber security cost is $600
billion

7
WHY IS SECURITY?

Top tech companies revenue is less than

$600 billion
Cyber Crime victims per year 600 million
if we break that down
 1.5 or 1.6 million per day victims

8
WHY IS SECURITY?

In 2016 over 657 Million Identities were

exposed
Majority of which were stolen
40 million from US
54 million from turkey
20 million from Korea

9
SECURITY THREATS

10
SPECIALIZED AREAS OF SECURITY

11
 System Components

• Information system (IS) is the entire set of people,

procedures, and technology that enable business to use information.

– Software
– Hardware
– Data
– People
– Procedures
– Networks
WHY IS
SECURITY
DIFFICULT?

Users don’t care about security

Users don’t know what they don’t

know
Why is Information Security
important
Threat Landscape of Pakistan
 Threat Landscape of Pakistan

BankIslami
 BankIslami reported that the attack caused over $6 million in losses to the bank, including suspension
of the specific operations, particularly the online banking service.

 Ref: https://propakistani.pk/2021/08/23/heres-a-recap-of-major-recent-cyber-attacks-in-pakistan/
Threat Landscape Elsewhere
PAKISTAN HIT BY NATIONWIDE POWER OUTAGE AFTER
GRID FAILURE

18
PAKISTAN HIT BY NATIONWIDE POWER OUTAGE AFTER
GRID FAILURE

26 (Thursday)
January 2023
1004hrs
(10:04 AM)

Social Media User

shared news claiming
that a state-sponsored
group (APT) launched
Cyber-attack on
National Transmission
& Despatch Company
(NTDC)
26 Jan, 23 at 1846hrs
(6:46 PM)

19
PAKISTAN HIT BY NATIONWIDE POWER OUTAGE AFTER
GRID FAILURE

• Frequency variation in complete

Indian APT Group 'SideWinder Telegram Channel i.e.
power grid GSIS system (grid stations
“PKG telegram group”
information system) result in natation
Shared images of NTDC Server (27 Jan, 23 at 2053 Hrs)
wide power outage
(8:53 PM)
• Analysis of the leaked data revealed
that it contains important tripping
application details, which controls the
tripping of grid stations

• APT Post critical data set on Darkweb

i.e User IDs, Passwords Crictcal
Diagrams,sub domains, Source Code
and 681 files

• Sidewinders last attack on Nepal

Bansking systems on (10 January
2023)

https://www.zscaler.com/blogs/secur
ity-research/warhawk-new-backdoor-
arsenal-sidewinder-apt-group-0
20
CYBER SECURITY ATTACKS ON PAKISTAN MILITARY
ORGANISATIONS

Pakistan International Maritime Expo &

Conference (PIMEC 10-12 February-
2023)

•Participants:133 exhibitors including 21

international firms and 112 local firms
participated in the exhibition

•Attack Date: Before 10 February 2023

•APT: NewsPenguin

•Target: Pakistan Forces (Pakistan Navy)

21
Communities of interest

Information security involves

3 distinct communities of interest:

Information security
managers & professionals

Information technology
managers & professionals

Non-technical business
managers & professionals
 WORLD'S BIGGEST DATA BREACHES

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
23
COMMON SECURITY THREATS

24
 GLOBAL CYBER SPACE ENVMT

Approx 80 % of world population is an active user of internet and related

technologies, and almost 100% are the effected 25
PAK CYBER SPACE ENVMT

• Fastest growing cellular market

• Well develop IT Industry

• Major portion of internet trafic routed through India

(Submarine cables)
• Ltd monitoring mechanism for ISPs

• Absence of state owned Telecom

• Absence of National level CERT ( computer emergency

response team)
• High reliance on foreign eqpt / tech

26
 CYBERSECURITY EFFORTS AT
NATIONAL LVL
Prevention of Electronic Crime Act 2016
National Telecom and Info Security Bd (NTISB) Cabinet Div
National Response Cen for Cyber Crime (NR3C) at FIA Isb
Cybercrime Hotline (9911) and SMS Alert Svc

27
 CYBERSECURITY EFFORTS AT
NATIONAL LVL
Act for Website Monitoring - 2015
Forensic Unit at Punjab Forensic Science Agency, 2011
Digital Forensic Lab at Sind Police Forensics Div, 2012
Pakistan Research Center for Cyber Security (PRCCS)

28
 CYBERSECURITY EFFORTS AT
NATIONAL LVL
Policy for Internet, Website, Email for Government – 2009/11
Act for Protection from Spam – 2009
NCCS June 2018 (Head quarter At AU)
Pakistan’s National Cyber Security Policy
National Cyber Security Academy(NCSA) 2023 (Head quarter At AU)
Soon…

29
PREVENTION OF ELECTRONIC CRIME
ACT – 2016

30
 NATIONAL CYBER SECURITY CHALLENGES

Implementation of Cyber Security laws / regs

Absence of National level CERT
Absence of adequate disaster recovery mechanism
Critical national networks are prone to cyber threats

31
 NATIONAL CYBER SECURITY CHALLENGES

Lack of qualified Cyber Security workforce both in

public and private sectors
Less emphasis on Cyber Security awareness at all
levels

32
CONCEPTS

33
WHAT IS SECURITY?
A state of being secure and free from
danger or harm; the actions taken to
make someone or something secure

34
WHAT IS CYBER SECURITY?

Protecting data / information from

Unauthorized Access, Use, Disclosure,
Destruction, Modification, or
Disruption
Resident or in Transit
over the Internet

35
WHAT IS CYBER SECURITY?

Protection of the confidentiality,

integrity, and availability of
information assets, whether in
storage, processing, or
transmission, via the application
of policy, education, training and
awareness, and technology.
36
WHAT IS CYBER SECURITY?

The protection of
information and its critical
elements, including systems
and hardware that use, store,
and transmit that information
Committee of National Security Systems (CNSS)

37
WHAT IS INFORMATION SECURITY?

Information Security, sometimes shortened to

InfoSec, is the practice of protecting information by
mitigating information risks.

38
 WHAT IS INFORMATION SECURITY?

Information Security refers to the processes and methodologies which

are designed and implemented to protect print, electronic, or any
other form of confidential, private and sensitive information or data from
unauthorized access, use, misuse, disclosure, destruction, modification,
or disruption.

39
LIFE CYCLE INFORMATION SECURITY?

40
COMPONENTS OF INFOSEC

41
CYBER SECURITY INFORMATION SECURITY

It is the practice of protecting the data from outside the It is all about protecting information from unauthorized user,
resource on the internet. access and data modification or removal in order to provide
confidentiality, integrity, and availability.
It is about the ability to protect the use of cyberspace from It deals with protection of data from any form of threat.
cyber attacks.
Cybersecurity to protect anything in the cyber realm. Information security is for information irrespective of the
realm.
Cybersecurity deals with danger against cyberspace. Information security deals with the protection of data from
any form of threat.
Cybersecurity strikes against Cyber crimes, cyber frauds and Information security strives against unauthorized access,
law enforcement. disclosure modification and disruption.
On the other hand cyber security professionals with cyber Information security professionals is the foundation of data
security deals with advanced persistent threat. security and security professionals associated with it
prioritize resources first before dealing with threats.
It deals with threats that may or may not exist in the cyber It deals with information Assets and integrity confidentiality
realm such as a protecting your social media account, and availability.
personal information, etc.
https://www.geeksforgeeks.org/difference-between-cyber-security-and-information-security/

42
ANY QUESTION

43