Fall 2016/2017

Information Security
Name: Ahmad Fayad El Balbissi
ID: U00042088
Supervised by: Dr. Saadat Alhashmi

Cyber Security
Cyber security standards are security standards which certify
organizations to train safe security techniques to lessen the number of
successful cyber security attacks. These guides show general outlines
as well as persistent techniques for implementing cyber security. For
certain specific standards, cyber security certification by an accredited
body can be obtained. There are multiple advantages to obtaining
certification including the opportunity to get cyber security insurance.

History:
Cyber security standards have been created recently because
confidential information is now frequently collected on computers that
are attached to the Internet. Also multiple tasks that were lately done
by hand are carried out by computer; therefore, there is a need for
Information Assurance (IA) and security. Cyber security is significant in
order to guard against identity theft. Businesses besides having the
need for cyber security because they choose to keep their trade
secrets, proprietary information, and personally identifiable information
(PII) of their customers or employees. The government also has the
requirements to secure its information. This is particularly critical as
some terrorism acts are organized and facilitated by using the Internet.
(citation needed) One of the most widely used security standards
today is ISO/IEC 27002 which started in 1995. These standard consists
of two fundamental parts. BS 7799 part 1 and BS 7799 part 2 both of
which were created by (British Standards Institute) BSI. Recently this
standard has become ISO 27001. The National Institute of Standards
and Technology (NIST) has declared several special publications
addressing cyber security. Three of these special papers are literally
relevant to cyber security: the 800-12 titled Computer Security
Handbook; 800-14 titled Generally Accepted Principles and Practices
for Securing Information Technology; and the 800-26 titled Security

Self-Assessment Guide for Information Technology Systems. The

International Society of Automation (ISA) developed cyber security
standards for industrial automation control systems (IACS) that are
broadly compatible across manufacturing industries. The series of ISA
industrial cyber security standards are experienced as ISA-99 and are
being expanded to address new areas of concern.

Why is cyber security so important?

Governments, armed forces, corporations, financial institutions,
hospitals and various businesses collect, process and store a great
accord of confidential information on computers and transmit that data
across networks to various computers. With the growing volume and
sophistication of cyber-attacks, continuous attention is required to
protect sensitive business and personal information, as readily as
safeguard national security.

During a Senate hearing in March 2013, the nation's top intelligence

officials warned that cyber-attacks and digital spying are the overtake
threat to national security, eclipsing terrorism.

Most recent cyber-attacks of 2016:

Blizzard's Battle.net knocked offline by DDoS
attack claimed by PoodleCorp
Blizzard's Battle.net servers were knocked offline by yet another
denial-of-service (DDoS) attack on 18 September claimed by hacking
group PoodleCorp. The latest interruption marks the third time the
servers have gone offline this week, causing latency and connectivity
issues across popular games such as Overwatch, World of Warcraft,
Hearthstone: Heroes of Warcraft and Diablo 3.

Top US Universities Hacked and

Injected with SEO Spam
An investigation has revealed that over 100 top US universities have been hacked
and injected with SEO spam with the purpose of boosting the search engine
ranking of an online gambling site.
The infections are still active on many sites, even today, and consist of just twothree words inserted inside the page's text, linking back to the online gambling
portal.
Whoever has done this has been very careful not to attract the user and
webmaster's attention. All links inserted on these sites are disguised to use the
same text foreground and background color, and hide the link's underline.
As such, the links blend in the page's background, but search engines will detect it
and use it to calculate a better search engine ranking for the linked site, in this
case, the online gambling portal.

UAE: Al Zahra Private Medical Centre

hacked
The web site of Al Zahra Private Medical Centre in the United
Arab Emirates was reportedly hacked last month by the individual calling
himself websites-hunter (@websiteshunter on Twitter). The hack was
announced on Twitter on August 31 and on Pastebin on the same day.
The Al Zahra Private Medical Centre is part of the health services network of
the Gulf Medical Projects Company and provides outpatient services.

3 types of cyber-attacks that must

be avoided:
1.

Malware

What is it? Malware is an all-encompassing term for a

diversity of cyber threats including Trojans, viruses and
worms. Malware is just defined as code with malicious
intent that virtually steals data or destroys something
on the computer.
How does it work? Malware is practically often
introduced to a system through email attachments,
software downloads or operating system
vulnerabilities.
How can I prevent it? The superb way to stop malware is to dodge clicking
on links or downloading attachments from unknown senders. This is
generally done by deploying robust and updated firewalls, which prevent the
transfer of large data files during the network in a hope to weed out
attachments that may contain malware.
Its also proper to make sure your computer's operating system (e.g.
Windows, Mac OS X, Linux) uses the closely up-to-date security updates.
Software programmers update programs regularly to commit any holes or
weak points. Its important to install these updates as well to decrease your
own systems weaknesses.

2.

Phishing

What is it? Often perform a request for data from a trusted third party,
phishing attacks are sent by e-mail and convene users to click on a link and
enter their personal data. Phishing emails have gotten roughly more
sophisticated in recent years, making it difficult for some people to witness a
legitimate request for information from a false one. Phishing emails
constantly fall into the same category as spam, nonetheless are more
harmful than just a simple ad.

How does it work? Phishing emails include a link that directs the user to a
dummy site that will steal a user's information. In some
cases, all a user has to do is click on the link.
How can I prevent it? Verify any requests from
institutions that arrive by email during the
phone. If the email itself has a call number, dont
request that number, but rather one you find
fundamentally online or within documentation
youve received from that company.
Most companies are unwavering that they will not ask
for personal information via email. At the same time,
practically companies strongly recommend that users not make
sensitive information available. While it might seem like a pain to derive a
phone call to find out if something is legitimate, the hassle of having your
Social Security number or EIN stolen is worse.

3.

Denial-of-Service (DoS) Attacks

What is it? A DoS attack focuses on disrupting the service to a network.

Attackers send valuable volumes of data or traffic over the network (i.e.
making lots of connection requests), simultaneously the network becomes
overloaded and can no longer function.

How does it work? There are a few different

ways attackers can get ahead DoS attacks, yet the
most common is the distributed-denial-of-service
(DDoS) attack. This involves the attacker using
multiple computers to send the traffic or data that
will overwork the system. In multiple instances, a
person may not eventually realize that his or her
computer has been hijacked and is contributing to the DDoS attack.

Disrupting service can have genuine consequences relating to security and

online access. Many instances of large scale DoS attacks have been

implemented as a sign of protest toward governments or individuals and

have influenced to severe punishment, including jail time

Conclusion:
As our lives have become more and more dependent on computers and com
puter networks, itwas inevitable for criminal activities to also appear. As a
result, cyber security has become an important challenge for every state.
The increasing importance of cyber security in our societies also creates the
need for new tools for managing cyber vulnerabilities, especially when we
examine the exponential growth in users of the Internet worldwide.

References:
1: https://www.databreaches.net/uae-al-zahra-private-medical-centre-hacked/
2: http://cyber-topic.blogspot.com/
3: https://cyber4security.wordpress.com/
4: http://quickbooks.intuit.com/r/technology-and-security/8-types-of-cyberattacks-your-business-needs-to-avoid/
5: http://www.hackmageddon.com/2016/09/28/1-15-september-2016-cyberattacks-timeline/
6: http://quickbooks.intuit.com/r/technology-and-security/8-types-of-cyberattacks-your-business-needs-to-avoid/