assignment on cyber security pdf

Committed to connecting the world

• Media Centre
• Publications
• Areas of Action
• Regional Presence
• General Secretariat
• Radiocommunication
• Standardization
• Development
• Members' Zone

ITU: Committed to connecting the world

Advancing AI for hazard resilience

​Artificial intelligence (AI) can help countries tackle climate volatility and reduce disaster risks. A new global initiative explores how.

Learn more ​

Future of satellite communications

​The latest ITU Journal explores the shift from traditional geostationary satellite services to multilayered space networks. Learn more​

Robust radio frequency planning

From mobile and broadcasting to aeronautical and maritime safety, the radio spectrum is the backbone of modern society. Read how it's managed​ ​

Key findings on global AI governance

​​​​​​​​​The AI Governance Day Report aims to guide stakeholders in developing effective AI governance strategies.

Machine translation by ITU Translate. See full disclaimer . Provide feedback .​​

News and views ​ ​

Standardization takes centre stage​​

​​​CIS regulatory concerns addressed​

​​ Giga Connectivity Forum highlights​ ​

In depth​​​

United Nations Activities on Artificial Intelligence (AI)​​

​ ITU Council 2024 snapshot report ​

Space Sustainability Forum 2024

SDG Digital

• ​ Who we are ​
• Our regional presence
• ITU Strategic Plan​​
• ​ Connect 2030 Agenda: Progress towards the Targets in the Strategic Plan​​​​
• ITU Activities 2023-2024​ (PDF version)
• ​​World Telecommunication & Information Society Day​​ | ITU's 160th anniversary
• Gender equality ​
• ​ History of ITU ​
• ITU Headquarters: New Building Project
• Procurement
• ​ Ethics Office​
• ITU Plenipotentiary Conference
• ITU Council ​​
• ​ Basic Texts​ of the Union
• ITU Information/Document Access Policy
• Regional Telecommunication Organizations
• C​onferences ​​

© ITU All Rights Reserved

• Privacy notice
• Accessibility
• Report misconduct

Introduction to Cybersecurity

• First Online: 05 August 2021

Cite this chapter

• Gurdip Kaur 3 ,
• Ziba Habibi Lashkari 4 &
• Arash Habibi Lashkari 3  

Part of the book series: Future of Business and Finance ((FBF))

1887 Accesses

4 Citations

In this chapter, cybersecurity principles to protect digital information against cyber threats and cyber threat actors are discussed. Three fundamental principles to protect data include confidentiality, integrity, and availability. These principles are extended by adding two more principles of accountability and authenticity. The main motivations behind launching cyber threats are data breaches, financial instability, service disruption, and politics. These motivations pave the way for securing critical organizational assets by following the CIAAA principle. Surprisingly, the world’s biggest data breaches have exposed several businesses including communication, social networking, aviation industry, financial sector, government databases, health care, media, and transportation. These breaches emphasize the need for a data-centric security management system that includes data protection, transfer, control, access, and measurement. The data-centric security management process gathers meticulous information about an organization to understand how an attacker can exploit the vulnerabilities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save.

• Get 10 units per month
• Download Article/Chapter or eBook
• 1 Unit = 1 Article or 1 Chapter
• Cancel anytime
• Available as PDF
• Read on any device
• Instant download
• Own it forever
• Available as EPUB and PDF
• Compact, lightweight edition
• Dispatched in 3 to 5 business days
• Free shipping worldwide - see info
• Durable hardcover edition

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

134 Cybersecurity Statistics and Trends for 2021. (2021). https://www.varonis.com/blog/cybersecurity-statistics/ .

Armoni, A. (2002). Data security management in distributed computer systems. Informing Science, 5 (1), 19–27.

Article   Google Scholar  

Boer, M., & Vazquez, J. (2017). Cyber security & financial stability: How cyber-attacks could materially impact the global financial system, Institute of International Finance , pp. 1–9.

Google Scholar  

Cyber Security Statistics. (2020). https://purplesec.us/resources/cyber-security-statistics/ .

Information is Beautiful: Data Breaches (public). (2018). bit.ly/bigdatabreaches .

Johnson, B. C. (2004). National Security Agency (NSA) INFOSEC Assessment Methodology (IAM) (pp. 1–6). https://systemexperts.com/pdf/NSAIAM.pdf

Miles, G., Rogers, R., Fuller, E., Hoagberg, M. P., & Dykstra, T. (2004). Security assessment: Case studies for implementing NSA IAM . Rockland: Syngress.

Nicho, M., & Advani, A. (2012). A data centric Security cycle model for data loss prevention of custodial data and company intellectual property. SECURWARE 2012: The sixth international conference on emerging security information, systems and technologies (pp. 134–141).

PKWARE. (2020). A blueprint for data-centric security, whitepaper . PKWARE. https://www.pkware.com/data-centric-security-whitepaper

Statista. (2020). Annual number of data breaches and exposed records in the United States from 2005 to 1st half 2020 , Statista. https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/ .

Vaidya, T. (2015). 2001–2013: Survey and analysis of major cyberattacks (pp. 1–25). https://arxiv.org/abs/1507.06673 .

Yahoo Finance. (2021). Over 50% increase of unique cyber threats in the wild in 2020, cymulate’s continuous security testing report reveals . New York: Yahoo Finance. https://finance.yahoo.com/news/over-50-increase-unique-cyber-130000675.html .

Download references

Author information

Authors and affiliations.

Canadian Institute for Cybersecurity (CIC), Faculty of Computer Science, University of New Brunswick, Fredericton, NB, Canada

Gurdip Kaur & Arash Habibi Lashkari

Universidad Politécnica De Madrid, Escuela Técnica Superior de Ingenieros Informáticos, Madrid, Spain

Ziba Habibi Lashkari

You can also search for this author in PubMed   Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Kaur, G., Habibi Lashkari, Z., Habibi Lashkari, A. (2021). Introduction to Cybersecurity. In: Understanding Cybersecurity Management in FinTech. Future of Business and Finance. Springer, Cham. https://doi.org/10.1007/978-3-030-79915-1_2

Download citation

DOI : https://doi.org/10.1007/978-3-030-79915-1_2

Published : 05 August 2021

Publisher Name : Springer, Cham

Print ISBN : 978-3-030-79914-4

Online ISBN : 978-3-030-79915-1

eBook Packages : Business and Management Business and Management (R0)

Share this chapter

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Publish with us

Policies and ethics

• Find a journal
• Track your research

Interested in a verified certificate or transfer credit and accreditation ?

Securing Data

One-way hash functions, cryptanalysis, public-key cryptography, key exchange, digital signatures, encryption in transit, full-disk encryption, quantum computing.

• This is CS50’s Introduction to Cybersecurity.
• Last week, recall we focused on accounts.
• We focused on our responsibility to keep our data secure.
• However, a third party is always involved in the storing of our data.
• You can imagine how a system may store usernames and passwords within a text file.
• You can also imagine how an adversary may get access to such a text file.
• Could we minimize the risk of storing passwords in plain text?
• Hashing is a method by which we convert some plain text and output it as a hashed value that is less readable.
• Therefore, a hash function creates a hash value. A password is provided to a hash function and then is outputted as a hashed value.
• Without access to the precise hash function, an adversary cannot output the correct password.
• Generally, we want the hash function to output something very cryptic and lacking a pattern. Accordingly, adversaries cannot guess what the algorithm is doing.
• With the username and hash values stored in the server, an adversary cannot easily access the accounts on that server.
• When a user now inputs their password to log in, the password is passed to the hash algorithm again and compares the hash value created with the hash value stored.
• Hence, we have increased the cost, time, and resources required for an adversary to access protected data.
• Still, a dictionary attack could input one value after another from a dictionary into a hash function as a way by which to break it.
• Further, a brute-force attack could attempt to sequentially feed one character after another to attempt to break the password.
• Hypothetically, rainbow tables are another threat, whereby the adversary has a table of all the potential hashed values in a hash table. This, however, would take terabytes, if not petabytes, of storage capacity to accomplish.
• Finally, a problem arises when users utilize the same password and the hashed value of these passwords is exactly the same. How could we solve this problem?
• Salting is a process by which an added value is “sprinkled” into the hash function, such that a hash value changes.
• The utilization of a salt value nearly guarantees that the hash values provided by users, even those that have the same passwords, receive a different hashed password.
• Therefore, again, the cost for adversaries to crack these passwords is quite costly.
• NIST recommends that memorized secrets be both hashed and salted.
• One-way hash functions are written in code and take in a string of arbitrary length and output a hash of a fixed length.
• Utilizing such a function, the holder of the hash value and hash function will never know the original password.
• Indeed, in some systems utilizing a one-way hash function, certain passwords may map to the same hash value.
• Cryptography is the study of transmitting secure data from one party to another.
• One way we can secure data is through codes.
• Codes convert the words we want to say into a less understandable string of words.
• Encoding involves taking plaintext and converting them into codetext.
• Decoding is the opposite, converting codetext into plaintext.
• Ciphering involves taking plaintext and enciphering them into ciphertext.
• This process of ciphering is called encryption . The process of deciphering them is called decryption .
• Keys are really big strings. These keys are used in encryption and decryption.
• Secret-key cryptography involves the passing of a key and plaintext into an encryption algorithm, where ciphertext is outputted.
• In this scenario, both the sender and receiver have a shared secret with one another in that they both have access to the encryption and decryption algorithm.
• Cryptanalysis is the field of study and practice where individuals study how to encrypt and decrypt data.
• By evidence of your being part of this course, you, too, may be interested in cryptanalysis.
• You can imagine a scenario where the sender and receiver of secure data may have never personally met. How can one establish a shared secret between two such parties?
• Public-key encryption or asymmetric-key encryption solves this problem.
• First, the sender uses a public key and plaintext and feeds these into an algorithm. This results in ciphertext.
• Second, the receiver uses their secret key, feeding in both this secret key and ciphertext into the algorithm. This results in deciphered text.
• RSA is a standard of encryption that describes this process.
• An alternative algorithm is called Diffie-Hellman , the goal of which is key exchange.
• An agreed upon value g and a prime value p are used.
• Party A and Party B have a shared secret value called s .
• Both Party A and Party B have their own private keys.
• Using the building blocks of public keys and private keys, you can use these to sign documents.
• One can sign a document through a two-step process.
• First, a message, the content of a document, is passed to a hash function, resulting in a hash value.
• Second, a private key and a hash are passed to a digital signature algorithm, which results in a digital signature.
• The recipient is able to verify your digital signature by passing the message, the content of the document, to the hash function and receiving a hash. Then, the recipient passes the public key and the signature provided to the decryption algorithm, resulting in a hash value that should match the hash value previously calculated.
• Passkeys or WebAuthn are a more and more widely available technology.
• Soon, usernames and passwords will become less frequent.
• Passkeys will be device-dependent. For example, when visiting a website on your phone that prompts you to create an account, your phone will generate a public key and a private key.
• Then, you will send your public key to the website.
• From that point forward, to log into the website using that device, or a service that synchronises your passkeys across devices, you will pass a private key paired with a challenge value. An algorithm will produce a signature.
• Encryption in transit relates to securing data as it moves back and forth through data networks.
• Imagine a scenario where two parties want to communicate with one another.
• We want to prevent a third party from intercepting data in between.
• Third-party services–like email providers–that function as intermediaries may indeed be reading your emails or viewing your messages.
• End-to-end encryption is a way by which users can guarantee that no third party in between can read the data.
• Let’s now consider a fairly mundane scenario, like deleting a file.
• Once files are deleted on a computer, a fingerprint of those deleted files may still be on your computer.
• Operating systems often delete files by simply forgetting where they exist. Hence, the computer may overwrite previous files with new files.
• However, there is no guarantee that the free space on your hard drive is entirely wiped off the fingerprints of old files.
• Secure deletion is a process by which all the remnants of deleted files are changed to zeroes, ones, or a random sequence of zeros and ones.
• Full-disk encryption or encryption at rest entirely encrypts the content of your hard drive.
• If your device is stolen or you sell your device, no one will have access to your encrypted data.
• However, a downside is that if you lose your password or your face changes enough, you will not have access to your data.
• Another downside is that hackers may use this same type of technology through ransomware to encrypt your hard drive and hold it hostage.
• Quantum computing is an emerging computer technology that may be able to provide exponential computing power to adversaries.
• This technology may be used by adversaries to cut down on the time required to guess passwords and break encryption.
• Hopefully, we will have access to such computing power before bad actors do.

In this lesson, you learned about securing data. You learned…

• How websites and services store passwords;
• How text values can be hashed to ensure secrecy;
• About the roles of salting, one-way hash functions, keys, encryption, and decryption in securely storing data;
• About public and private keys;
• How technologies leverage public and private keys to keep data secure;
• How to secure your own hardware;
• Emerging benefits and threats posed by quantum computing.

See you next time!

Trending now

Top ethical hacking tools in 2024, is a cisco certification worth it, cybersecurity trends: where the industry is heading in an uncertain 2024, becoming an it security architect - learning paths explored, cobit 5, course, introduction, simplilearn, how to become an ethical hacker, what is des understanding des algorithm and operation, what is kerberos, how does it work, and what is it used for, top 8 vulnerable cyber security risks in the todays era of digitalization, data encryption: methods, techniques, types and algorithms, an introduction to cyber security: a beginner's guide.

• Overview and Introduction to Cyber Security
• Cyber Security Industry Applications, Trends and Predictions
• Cyber Security Key Terminologies and Next Steps

About the ebook

The belief that "it will not affect us" is the biggest blunder that a modern-day organization can make on the issue of cybersecurity. The cybersecurity threat is real, and it is, now, a worldwide problem. In this digital era, every organization, be it SMEs or large corporations, governments or banks, faces the threat of a system hack, ransomware attack, data breach, or malware. Cyber-criminals of today are not old-time lone hackers. They run organized crime networks and often operate like startup companies, hiring highly-trained programmers to innovate new online attacks.

With organizations having to secure an increasing amount of sensitive data, cybersecurity is becoming relevant and essential for businesses of all sizes. As the scale and scope of threats continue to rise at a fast pace, fresh opportunities are opening up for qualified data professionals in diverse sectors. As technology advances and more businesses move online, the risk of cyber attacks and data breaches increases. It is essential for individuals and businesses to understand the basics of cyber security and take measures to protect themselves.

Become an Expert in the Cyber Security Field

Our Introduction to Cybersecurity pdf provides a comprehensive overview of the fundamentals of cyber security, including common threats, best practices for securing devices and networks, and tips for staying safe online. This Introduction to cybersecurity pdf is perfect for beginners who are new to the field or anyone who wants to brush up on their cyber security knowledge.

If you are enthusiastic about securing organizational digital assets but are unsure if a cyber security career is right for you, this cybersecurity pdf guide can be your starting point. On the other hand you can explore our most popular courses, and choose the right learning journey for yourself. Our top courses include:

1. Advanced Executive Program In Cybersecurity

This comprehensive course is designed for experienced professionals who want to advance their career in the field of cyber security. This program covers a wide range of topics, including information security management, ethical hacking, digital forensics, risk management, and more. With over 300 hours of interactive online training, hands-on projects, and industry-relevant case studies, participants will gain practical experience and develop the expertise needed to excel in this field.

Clear CompTIA, CEH, and CISSP Certifications!

2. Cyber Security Expert Master's Program

This  is a comprehensive training course designed to equip professionals with the skills and knowledge needed to succeed in the fast-growing field of cyber security. This program covers a wide range of topics, including network security, threat intelligence, cryptography, ethical hacking, and more. With over 180 hours of training, hands-on projects, and real-world case studies, participants will gain practical experience and develop the expertise needed to excel in this field. Graduates of this program will be prepared to take on high-demand roles in cyber security and advance their careers in this exciting and lucrative industry.

3. Professional Certificate Program In Ethical Hacking And Penetration Testing

This comprehensive course is designed to equip professionals with the skills and knowledge needed to assess and secure vulnerabilities in an organization's network and applications. The program covers a wide range of topics, including web application attacks, network infrastructure attacks, wireless network attacks, and more. With hands-on labs, practical demonstrations, and real-world case studies, participants will gain practical experience and develop the expertise needed to excel in VAPT roles. Upon completion of this course, participants will be able to identify vulnerabilities and perform penetration testing to mitigate those vulnerabilities. This course is ideal for IT professionals, security consultants, network administrators, and anyone interested in advancing their career in the field of Ethical Hacking And Penetration Testing

So, what are you waiting for? Download our introduction to cybersecurity pdf a.k.a. beginner’s guide introduction to cybersecurity pdf today and take the first step towards protecting yourself and your business from cyber threats, and scale up your cybersecurity career today.

Recommended Programs

Cybersecurity Expert Masters Program

Cyber Security

*Lifetime access to high-quality, self-paced e-learning content.

Recommended Resources

How to Build an Enterprise Cyber Security Framework

Cyber Security Salary in the US

Introduction to Artificial Intelligence: A Beginner's Guide

Cyber Security for Beginners

Introduction to Data Science: A Beginner's Guide

Cyber Security vs. Information Security: The Supreme Guide to Cyber Protection Policies

• PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Cyber Security Risk Analysis

Added on   2020-05-16

End of preview

Want to access all the pages? Upload your documents or become a member.