12COMP CAT

computer security

12COMP

External CAT

assessment

encryption

error control

complexity and tractability

artificial intelligence

Level 2 CAT

12COMP & 12DTEC

Date: Wednesday, 18th of October

Time: TBA

DURATION : 3hrs to complete: AS91899 (DTEC) AND/OR AS91898 (COMP)

ROOM: Students will be allocated a room to go to sit the exam (not necessarily with their class).

What is 'computer security'?

From Canterbury University's Computer Science Field Guide (CSFG):

The goal of computer security is to ensure that online systems can be accessed easily - but only by those who should be using them! . . .

Computer security is referred to using several names; it’s also known as cybersecurity or information technology security (IT security), and many people also say “infosec” or “cyber” for short. It is about protecting the information files and computer systems from harm, theft, and unauthorised access.

From UK Government site on Cyber Security:

Cyber security is the application of technologies, processes, and controls to protect systems, networks, programs, devices and data from cyber attacks.

It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks, and technologies.

a funny song on ransomware...

How big a deal is computer security?

from Computer Weekly

ISSUE DATE: 24 August 2021

from McAfee a leading online protection company :

We estimated the monetary loss from cybercrime at approximately $945 billion. Added to this was global spending on cybersecurity, which was expected to exceed $145 billion in 2020. Today, this is $1 trillion dollar drag on the global economy.

Political, ethical, and social incentives can also drive attackers.

NZ Governments Computer Emergency Response Team (CERT)

Highlights for Q2 2022

Breakdown by incident category for Q2 2022

Cert's latest advisories on computer security

Questions may cover

Common issues
Ways to protect individual devices and devices managed by an organisation
Policies or practices of a New Zealand-based* organisation that has had issues with computer security.
There will be a question on “impacts” in relation to future-proofing or human factors.

* This must be a particular New Zealand-based organisation or entity specified by the candidate. For example, Countdown (but not “supermarkets”), the Auckland DHB (but not “hospitals”), Westpac (but not “banks”), or “my school”.

Resources & topics to explore

Canterbury University's Computer Science Field Guide (CSFG)

Network 4 Learning

Topics you could research

The CIA Triad...

Confidentiality, Integrity & Availability (CIA).

You need the right mix of all three to get security right

Hacking; Good vs Bad

Is all hacking bad?

Defense vs Offence

From Huntress:

Defensive cybersecurity is all about blocking. This could come in the form of both tools and actions. You have your defensive tools that are designed to prevent or mitigate the effects of a cyberattack—such as antivirus software, firewalls, etc. And then you have your defensive actions, which include things like patching software and fixing system vulnerabilities.

Offensive cybersecurity, on the other hand, is all about tackling and outmaneuvering. The focus here is on seeking out the hackers, and in some cases, attempting to disable or “hack back” to disrupt their operations.

No matter which side of the field you’re on, the goal of any cybersecurity strategy should always be preventing the hackers (a.k.a. the opponent) from winning. But that brings us back to our original question: should we be playing offense or defense in cybersecurity?

The answer is both.

The best teams know how to block and tackle. In cybersecurity, building the best possible defense means folding in some offensive strategies to gain intel on attackers and how they’re trying to penetrate your systems.

Although it is the police and Government agencies that are best placed to partake in the offensive cybersecurity