Module 1: Launching into Cyber Security

A 12-Unit Module that Started on March 2022 and was Covered in 12 Weeks by Stelios Sotiriadis

Summary

This Module provided a high-level Introduction/Overview of the topics covered in the other Modules of the Master's programme.

It also covered the concepts and principles in the field of Cyber Security, the governance and ethical frameworks and competencies required as a Cyber Security professional.

Skills Acquired

Awareness of the Ethical and Professional Responsibilities as a Cyber Security Professional.

Gained Knowledge of the Cyber Security-based Challenges and its Solutions: MFA, Firewalls, etc.

Using Python programming so as to create Cyber Security code solutions: Input and Password validator, Code and Password generator, etc.

Gained Knowledge of the effects of Cyber Attacks in an organisation or society: loss of trust, financial loss, data loss, etc.

Gained Knowledge of the Cyber Attacks and Techniques: Malwares, Denial of Service, Keylogging, etc.

Gained the ability to Design appropriate Cyber Security Solutions: by using threat models like Attack trees, OWASP, STRIDE,DREAD, etc

It provided me with Aspects that I would likely encounter in Cyber Security professionalism.

I was able to engage, experience and envision the current as well as the future development of Cyber Security discipline.

Gained knowledge on secure web development and also web development using HTML,CSS.

References Used

Below is a list of all the Sources (articles, books, reports, whitepapers, websites, etc) that I used throughout this module (Using Harvard Referencing style).

World Bank Blogs. 2022. Cybersecurity risks are global. We must address them with a coordinated, collaborative approach. [online] Available at: [Accessed 11 March 2022].

World Economic Forum. 2022. These are the top cybersecurity challenges of 2021. [online] Available at: [Accessed 11 March 2022].

Newman, R., 2009. Security and Access Control Using Biometric Technologies. Canada: Cengage Learning.

Anon, N.D. What Is Endpoint Protection Software. [Online] Available at: https://www.mcafee.com/enterprise/en-us/security-awareness/endpoint/what-is-endpoint-protection-software.html [Accessed 15 April 2022].

Satyabrata, J., 2020. Difference between Endpoint Security and Antivirus Software. [Online] Available at: https://www.geeksforgeeks.org/difference-between-endpoint-security-and-antivirus-software/?ref=rp [Accessed 15 April 2022].

Anderson, R., 2020. Security Engineering: A Guide to Building Dependable Distributed Systems. 3rd ed. Indianapolis, USA: Wiley.

CyBOK, 2021. Knowledgebase1_1. [Online] Available at: https://www.cybok.org/knowledgebase1_1/ [Accessed 27 March 2022].

Vaidya, R., 2019. Cyber Security Breaches Survey 2019. [Online] Available at: https://assets.publishing.service.gov.uk/
government/uploads/system/uploads/
attachment_data/file/950063/Cyber_Security_
Breaches_Survey_2019_-_Main_Report_-_revised_V2.pdf [Accessed 16 March 2022].

VanSyckel, L., 2018. White Paper: Introducing Cybersecurity. [Online] Available at: https://www.sealevel.com/support/white-paper-introducing-cybersecurity/ [Accessed 26 February 2022].

Shacklett, , M. . E., N.D. Authentication. [Online] Available at: https://www.techtarget.com/searchsecurity/
definition/authentication [Accessed 30 April 2022].

Synopsys Editorial Team , 2015. Abuse cases can drive security requirements. [Online] Available at: https://www.synopsys.com/blogs/software-security/abuse-cases-can-drive-security-requirements/ [Accessed 9 May 2022].

Anon, N.D. What is SQL Injection? [Online] Available at: https://www.kaspersky.com/resource-center/definitions/sql-injection [Accessed 5 20 2022].

Anon, N.D. Security Awareness Training Healthcare Sector. [Online] Available at: https://www.metacompliance.com/security-awareness-training-healthcare-sector/ [Accessed 6 May 2022].

Anwar, R. W., Abdullah, T. & Pastore, F., 2021. Firewall Best Practices for Securing Smart Healthcare Environment: A Review. Applied Sciences, 11(9).

BOX COMMUNICATIONS, 2021. What is data privacy in healthcare? [Online] Available at: https://blog.box.com/what-is-data-privacy-healthcare [Accessed 6 May 2022].

DocASAP , 2022. How Cyber Attacks Disrupt the Patient Access Journey. [Online] Available at: https://martech.health/articles/how-cyber-attacks-disrupt-the-patient-access-journey [Accessed 5 May 2022].

Genovese, M., 2019. Top 5 Cyberattacks Against the Health Care Industry. [Online] Available at: https://www.stormshield.com/news/top-5-cyberattacks-against-the-health-care-industry/ [Accessed 5 May 2022].

Gonzalez, C., 2022. Top 8 Threat Modeling Methodologies and Techniques. [Online] Available at: https://www.exabeam.com/information-security/threat-modeling/#:~:text=A%20typical%20threat%
20modeling%20process,visibility%20into%20
your%20security%20posture [Accessed 8 May 2022].

Johns, E., 2021. Cyber Security Breaches Survey 2021. [Online] Available at: https://assets.publishing.service.gov.uk/
government/uploads/system/uploads/
attachment_data/file/972399/Cyber_Security_
Breaches_Survey_2021_Statistical_Release.pdf [Accessed 5 May 2022].

McAfee, N.D. Data Loss Prevention Best Practices for Healthcare. [Online] Available at: https://www.mcafee.com/enterprise/en-us/assets/white-papers/wp-dlp-best-practices-healthcare.pdf [Accessed 6 May 2022].

McGee, M. K., 2022. Big Hacks: 5 Health Data Breaches Affect 1.2 Million. [Online] Available at: https://www.govinfosecurity.com/big-hacks-5-health-data-breaches-affect-12-million-a-18873 [Accessed 4 January 2022].

McKeon, J., 2021. The Threat of Distributed Denial-Of-Service Attacks in Healthcare. [Online] Available at: https://healthitsecurity.com/features/the-threat-of-distributed-denial-of-service-attacks-in-healthcare [Accessed 5 May 2022].

Rosenthal, M., 2021. At a Glance: Data Loss Prevention in Healthcare. [Online] Available at: https://www.tessian.com/blog/data-loss-prevention-in-healthcare/#:~:text=Data%20Loss%20
Prevention%20(DLP)%20is,laws%20like%
20HIPAA%20and%20HITECH. [Accessed 6 May 2022].

SafetyDetectives Cybersecurity Team, 2021. Healthcare Cybersecurity: The Biggest Stats & Trends in 2022. [Online] Available at: https://www.safetydetectives.com/blog/
healthcare-cybersecurity-statistics/ [Accessed 04 May 2022].

SHEVCHENKO, N., 2018. Threat Modeling: 12 Available Methods. [Online] Available at: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ [Accessed 9 May 2022].

Smith, R., 2021. 5 Things to Know About DDoS Attacks in Healthcare. [Online] Available at: https://healthtechmagazine.net/article/2021/
09/5-things-know-about-ddos-attacks-healthcare [Accessed 5 May 2022].

SOPHOS, 2021. The State of Ransomware in Healthcare 2021, England: SOPHOS. Sweeney, E., 2018. Independence Blue Cross reports data breach affecting 17,000 members. [Online] Available at: https://www.fiercehealthcare.com/payer/
independence-blue-cross-data-breach-cybersecurity-privacy [Accessed 5 May 2022].

threatmodeler1 , 2019. Identifying security bjectives. [Online] Available at: https://threatmodeler.com/identifying-security-objectives/ [Accessed 9 May 2022].

Wagenen, J. V., 2018. The Benefits of Multifactor Authentication in Healthcare. [Online] Available at: https://healthtechmagazine.net/article/2018/
12/benefits-multifactor-authentication-healthcare-perfcon#:~:text=As%20data%20breaches%
20in%20healthcare,other%20cyber%20
security%20best%20practices [Accessed 6 May 2022].

Anon, N.D. Write a Python program to generate a One Time Password OTP. [Online] Available at: https://codedec.com/tutorials/write-a-python-program-to-generate-a-one-time-password-otp/ [Accessed 28 May 2022].

Campbell, S., 2022. Python Loops While For Break, Continue Enumerate. [Online] Available at: https://www.guru99.com/python-loops-while-for-break-continue-enumerate.html [Accessed 29 May 2022].

Lenka, C., 2020. Python program check validity Password. [Online] Available at: https://www.geeksforgeeks.org/python-program-check-validity-password/ [Accessed 28 May 2022].

Novak, N., 2019. Python if statements. [Online] Available at: https://academicworks.cuny.edu/cgi/viewcontent.cgi?article=1036&context=bx_oers [Accessed 29 May 2022].

Oliphant, T. E., 2007. Python for Scientific Computing. Computing in Science and Engineering, 9(3), pp. 10-20.

Rawat, A., 2020. Create a Random Password Generator using Python. [Online] Available at: https://medium.com/analytics-vidhya/create-a-random-password-generator-using-python-2fea485e9da9 [Accessed 29 May 2022].

Wind, A. & R., 2021. Block login if too many login attempts. [Online] Available at: https://stackoverflow.com/questions/69892361/
block-login-if-too-manylogin-attempts [Accessed 29 May 2022]

Overview of Key Tasks and Projects Completed

During this module, I completed a series of tasks and assignments that equipped me with practical skills in cybersecurity and software development.
Below is a summary of the projects, techniques, and security solutions learned throughout the course.

Cyber Security Foundations

Introduction to Cyber Security: Gained foundational knowledge in cybersecurity concepts, including the importance of security in the digital world, governance frameworks, and ethical issues.

Cyber Security Issues for Businesses: Studied the implications of security breaches, data protection legislation, and the need for secure frameworks and privacy practices in global companies.

Cyber Security Design and Implementation

Approaches to Cyber Security Design: Learned various design methods for creating robust security solutions by identifying vulnerabilities and threats.

Threat Identification and Modelling: Gained practical skills in identifying and mitigating vulnerabilities within software and networks, while developing security requirements for secure software development.

Object-Oriented Programming and UML

Object-Oriented Programming (OOP): Implemented security solutions using object-oriented design techniques, including UML modeling (Use-case, Sequence, Class diagrams) to design secure software.

Secure Software Design with UML: Applied UML diagrams to model software data flows and identified security issues.

Python Programming and MySQL

Python Programming: Developed practical skills in Python for security-related tasks, including writing code for password validation, OTP generation, and time-based login attempts.

MySQL Database Management: Practiced MySQL for secure database development and integration with security solutions.

Web Security Development

Secure Web Development: Gained expertise in securing web applications using industry-standard frameworks and techniques.

Django Framework: Implemented secure user authentication and access control mechanisms with Django, ensuring secure web application development.

Final Project and Case Study

Case Study and Essay: Applied cybersecurity techniques to a business case study, developing security solutions and writing a detailed essay outlining the applied methods and solutions.

Python-Based Security Solutions: Developed and tested Python-based security solutions such as password validators, OTP generators, and time-based login attempts. A detailed README and Python code were provided as part of the project deliverables.

Key Tasks and Projects Completed

The tasks, projects and assignments that equipped me with practical skills in cybersecurity and software development.

Creating UML diagrams

Using tools like Visual Paradigm UML tool, I learned how to create Use-case diagrams, Abuse-case diagrams, Sequence diagrams, Class diagrams, etc. Below is an assignment I did about it.

Download PDF

Summary Post 1

A Summary Post on "Why Cyber Security is now a global issue and why it is important for companies to invest in Cyber Security", that I shared in Collaborative Discussion 1.

Download PDF

Summary Post 2

A Summary Post on "Identify and discuss two security technologies and the context in which they can be employed (consider either network or/and software security issues)", that I shared in Collaborative Discussion.

Download PDF

Individual Essay on a Case Study

We were given a case study so that we can create an Individual essay which I was to apply the Cyber Security methods and techniques studied during the module and also develop a solution to the business problem (from the given case study). Below is the document that I created.

Download PDF

Python based security solution

Using my Individual Essayon the case study, I developed the cybersecurity solutions that I suggested. Below is the PDF of the Readme file and the Python code that I developed as a solution for the case study.

Download PDF

Below is screenshots of Tests and results of the Python Coded solutions on Codio

Testing Password Validator Code
The code is to validate that the password is 8 characters long and has atleast 1 Capital letter, Small letter, Symbol and Number.

Testing the Password Generating Code
This code generates Passwords and I coded it to first ask for the length of the password (which it should be between 8-20 characters long or else it will give an error). After it generates a password that has capital and small letters, numbers and symbols.

OTP Generator Results
A 6-character long One-Time Password/Pin (OTP) is generated successfully.

Testing of Time-Based Login Attempt Code
I set it to give the user only 3 attempts of entering the correct user credential (gives 5 seconds before the next attempt) .

Results of Time-Based Login Attempt Code
A successfully User Login has been achieved.

Raw Python Code from my Github account
A Github screenshot of the python code from module1-assessment repository.

E-Portfolio: Beatrice MUTEGI-ROYER