What is Security?

Dan Goldsmith

Introduction

What is Cyber Security

Cyber security is how individuals and organisations reduce the risk of cyber attack. Cyber security’s core function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access - both online and at work - from theft or damage. It’s also about preventing unauthorised access to the vast amounts of personal information we store on these devices, and online. Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks (NCSC)

But What does that Mean?

  • Protecting computing devices against attack
    • Devices themselves
    • The data on them.

Why

  • Moving to an increasingly online world
    • Everything has an online counterpart
  • Cybercrime is on the increase

Perspectives on Cyber security

The Hacker

  • Hacking for fun and profit!
    • Something to get in the way.
    • Poor security makes their job easier.

The Ethical Hacker

  • Hacking for fun, profit and good.
  • Active approach to security
    • How do people use the systems
    • What technical approaches get taken

The Developer

  • Often an afterthought (its the security teams problem)
  • Can be hard to implement.

The Boss

  • Can lose money if it isn’t done right
  • Can cost money to do right
  • The SAS problem.

The User

  • Need to Place trust in the systems that we use.
  • Data breach can effect peoples willingness to use the system

The Secure Code Problem

There is no such thing as secure code.

  • Number of Zero days.
  • Errors in Implementation or Design
  • Hacking is Research, it evolves.

Teaching Security

  • Part of the problem is the way we teach
  • Cant teach this as a set of “rules”
  • Understanding why things happen is needed.

GDPR, DPA and Friends

  • Several legal requirements to implement secure systems
    • GDPR sets out expectations for how users data is stored and processed.
    • DPA (2018) gives UK implications for GDPR

Discussion

Discussion

Answer the following questions. (#whatissecurity)

  • What does it mean to you as an individual (do you personally care)?
  • Why do you think it is important?
  • What do you think is going to be the biggest security challenge in the next 5 years?