week 1

Welcome to Cyber Security

Unit introduction Our increasing reliance on computer systems and the data they contain makes us vulnerable to attacks from cyber criminals, and also to the loss of these systems if there is an accident or a natural disaster. As IT system security is improved, more sophisticated methods of attack are developed, and it is important that organisations have robust plans in place to deal with a cyber security incident before it occurs. All IT professionals require a good understanding of the current threats to systems, how to apply appropriate and effective protection methods and how to manage a cyber security incident.

In this unit, you will examine the many different types of cyber security attacks, the vulnerabilities that exist in networked systems and the techniques that can be used to defend an organisation’s networked systems. You will investigate the techniques used to assess risks and ways of planning to deal with the results of a cyber security incident and recover systems following an incident. You will examine scenarios, carry out risk assessments and prepare protection plans before protecting networked systems. You will also examine evidence from cyber security incidents and relevant security documentation, using the evidence to make recommendations for improvement. To complete the assessment tasks within this unit, you will need to draw on your learning from across your programme.

As IT systems evolve, there is an increasing need for IT professionals to protect networked systems and the information they contain, while providing enhanced features and benefits for organisations, customers and individuals. This unit will help prepare you for IT courses in higher education and for technician-level roles and apprenticeships in a variety of related areas.

 

Summary of assessment

This unit is externally assessed by a task set and marked by Pearson. The set task will be completed under supervised conditions in sessions:

Part A is five hours and Part B is four hours.

Part A must be completed before Part B and both parts need to be completed during the three-week assessment period set by Pearson. The set task will assess learners’ ability to design appropriate cyber security measures for networked systems and to analyse a security incident. The number of marks for the unit is 80.

The tasks will be marked using a levels-based mark scheme that is located in the sample assessment materials.

The availability of the task is December/January and May/June each year. The first assessment availability is May/June 2018. Sample assessment materials will be available to help centres prepare learners for assessment.

 

Assessment outcomes

AO1 Demonstrate knowledge and understanding of technical language, security threats, system vulnerabilities and security protection methods, and implications resulting from successful threats

AO2 Apply knowledge and understanding of security threats, system vulnerabilities, and security protection methods and implications in order to risk assess systems and select appropriate tools to secure them

AO3 Analyse forensic evidence data and information to identify security breaches and manage security incidents

AO4 Evaluate protection methods and security documentation to make reasoned judgments and draw conclusions about their efficacy

AO5 Be able to plan a secure computer network and manage security incidents with appropriate justification

 

A1 Cybersecurity threats All systems are vulnerable to attack from external and internal threats.

Scale of the cyber threat

2017 was punctuated by cyber attacks on a scale and boldness not seen before. This included the largest recorded cyber heist, the largest DDoS attack and the biggest data breach ever being revealed (2 NCSC/NCA – The Threat to UK Business report 2016/2017)  .

 

  • 1.6 Million Cyber Crime Incidents in past year (ONS, Crime Survey for England and Wales 2017)
  • Average loss £1380 for small companies (The Government’s 2017 Cyber Security Breaches Survey)
  • 46% of UK businesses identified at least one cybersecurity breach or attack in the last 12 months  (The Government’s 2017 Cyber Security Breaches Survey)
  • 89% of small business victims also saw an impact on their reputation after an incident – the impact is not just financial (Small Business Reputation research – RICU and KPMG (2016))
  • 27% of small to medium-sized enterprises believe they are ‘too small’ to be of interest to cybercriminals (The Government’s 2017 Cyber Security Breaches Survey)
  • Only 52% of people are following HMG’s advice on installing the latest software and app updates (National Cyber Security Tracker, 2016)

 

For more information about the cyber threat or for news on the latest cyber incidents, visit

ncsc.gov.uk/index/report

twitter.com/ncsc (@NCSC)

nationalcrimeagency.gov.uk/news

nationalcrimeagency.gov.uk/publications

twitter.com/NCA_UK (@NCA_UK)

twitter.com/CyberProtectUK (@cyberprotectUK)

actionfraud.police.uk/news

 

How internal threats occur, including:

Employee sabotage and theft, including of physical equipment or data, and damage such as fire, flood, power loss, terrorism or other disasters

 

Case study - a 37-year-old former IT staff member for the U.S. subsidiary of Japanese drug company, Shionogi, pleaded guilty to remotely infiltrating and sabotaging the company's IT infrastructure this past February. The damage scrambled the company's operations for days and cost Shionogi more than $800,000 in damages, according to IDG News Service. The former employee, Jason Cornish, logged in to the network using a hidden virtual server he had previously created, then wiped out the company's virtual servers one by one, taking out e-mail, order tracking, financial and other services, according to IDGNS and court filings. IDGNS also reported that Cronish's former boss at Shionogi refused to turn over network passwords and was eventually fired.

Prevention strategies;

1. Create and maintain good documentation for networks and resources.

2. Maintain "super administrator" access where possible a company can maintain the highest level of control over the systems to prevent infiltration. 

3. Have fast and clear change procedures for administrative passwords so that no worker can make system changes once they leave the company. 

4. Use IT tools that allow you to set thresholds and alerts when there are unexpected activities inside the network to aid in the detection of possible sabotage events.

 

Employees may remove data using USB or external devices to hold a company to ransom or sell it to competitors. 

Hardware equipment may also be vulnerable, this has the ability to be physically removed or deliberately damaged through a number of ways, fire, water.

 

Why might an employee commit sabotage or theft of a business’s computer systems or data?

 

Unauthorised access by employees and other users to secure areas and administration functions, including security levels and protocols

It is vital that companies consider the use of access levels and privileges that are provided to its staff and employees. Password policies must be put in to place to protect the system from brute force attacks where individuals can cycle through passwords to gain access. Systems can be put in to place to protect the company that for example locks out the users from the system after a sequence of wrong password attempts. 

 

Weak cyber security measures and unsafe practices, including security of computer equipment and storage devices, security vetting of visitors, visiting untrustworthy websites

When visiting a website or 

 

Accidental loss or disclosure of data, including poor staff training and monitoring.

Employees who aren’t aware of their cyber security obligations are prone to ignore relevant policies and procedures, which could lead to unintentional disclosures of data or successful cyber attacks.

There is also the threat of phishing and ransomware (which is often delivered through phishing emails). CyberEdge’s report found that spear phishing – sending malicious emails that claim to be from a legitimate source – dominates traditional phishing scams.

 

Create an information leaflet (A5) with examples for the following, employee sabotage and theft.

 

 

• Understand how external threats function, including:

Malicious software (malware), including spyware, adware, ransomware; viruses, including worms, rootkits and trojans o hacking, including commercial, government, individuals.

 

Ransomware

Classic case of ransomware hit the NHS in 2017 where almost all systems were hit. Any machine not affected was required to remain off until the issue was resolved, so to stop any further infection or spreading of the original error

Trojans

 

Sabotage, including commercial, government, terrorism, individuals.

 

Social-engineering techniques used to obtain secure information by deception.

What is social engineering?

Social engineers take advantage of human behavior to pull off a scam. If they want to gain entry to a building, they don't worry about a badge system. They'll just walk right in and confidently ask someone to help them get inside. And that firewall? It won't mean much if your users are tricked into clicking on a malicious link they think came from a Facebook friend or LinkedIn connection.

 

Getting a free dinner when being ‘stood up’

I’m not one to turn down a free dinner, but I wouldn’t go as far as Kyle Baldinger did to get one.

Kyle saw a tweet that said “If you go to dinner alone always ask for a table for two. Look sad as you eat and you almost always get a free dessert”.

So, he thought he’d give it a go, and live-tweeted what happened.

[Warning: long image]

jozAYin

If you’d rather not read the whole thing, the short version is that Kyle bagged himself a free dinner after fooling a restaurant into believing he was stood up.

Whilst this example is playful is demonstrates the ways in which social engineering can be used to gain an advantage. 

Social engineering has proven to be a very successful way for a criminal to "get inside" your organization. Once a social engineer has a trusted employee's password, he can simply log in and snoop around for sensitive data. With an access card or code in order to physically get inside a facility, the criminal can access data, steal assets or even harm people.

 

What are the ways in which an employee could give out information?

 

Understand that the impact of a credible threat is likely to result in some form of loss, such as:

Operational loss, including manufacturing output, service availability and service data

 

Financial loss, including organisational, compensation and legal liability

 

Reputation loss, including lack of service and employee or customer information

 

Intellectual property loss, including new product design or trade secret.

 

 

Understand that the impact level of a successful attack on an organisation is determined by the value of the loss, and that the value may not always be a monetary one.

 

Know that cyber security threats vary over time and cyber security organisations provide regular updates on the current and changing threat landscape.

 


Last Updated
2018-09-14 09:35:46

Links to Learning Outcomes

Links to Assessment criteria
 

English

0


Maths




How 2's Coverage

Just a Minute - At the end of the lesson teachers ask learners to summarise their learning. The comparison of these summaries against learning objectives informs planning.



0

Files that support this week

| | | | |
Week 1
PrevWeek 2
Prev
Next
Next
Webmaster Spelling Notifications