Sesión 6

Sesión 6

Introducción a la Ciberseguridad

La Importancia de la Ciberseguridad

  • La ciberseguridad es un tema relevante para todos los ciudadanos digitales, no solo para expertos en tecnología.
  • Se considera que la información es el nuevo oro y un activo crucial para las empresas, lo que hace que la ciberseguridad sea una responsabilidad compartida.
  • En esta sesión se abordarán temas importantes sobre el panorama digital y cómo mantener la ciberseguridad.

Definición de Ciberseguridad

  • La ciberseguridad se define como un conjunto de prácticas, tecnologías y procesos diseñados para proteger redes, dispositivos, programas y datos de ataques o accesos no autorizados.
  • No solo se trata de proteger dispositivos, sino también redes y sistemas completos contra infiltraciones.

Principios Fundamentales de Ciberseguridad

La Triada CIA

  • Los principios fundamentales son: Confidencialidad, Integridad y Disponibilidad (CIA).
  • Confidencialidad: Solo personas autorizadas pueden acceder a la información. Ejemplo: confianza al compartir datos personales.
  • Integridad: Asegura que la información no sea alterada sin autorización; vital en contextos médicos donde los diagnósticos deben ser precisos.
  • Disponibilidad: Garantiza que la información esté accesible cuando se necesita; esencial en situaciones críticas como atención médica.

Amenazas Comunes en Ciberseguridad

Tipos de Amenazas

  • El malware incluye virus, gusanos y troyanos que pueden dañar sistemas operativos o robar información.
  • El phishing implica suplantación de identidad a través de correos o sitios web falsos para robar datos personales.
  • La ingeniería social manipula psicológicamente a las personas para revelar información confidencial mediante engaños directos.

Otros Riesgos

  • Ransomware secuestra datos cifrando archivos hasta recibir un rescate económico; afecta tanto a grandes corporaciones como a pequeños negocios.
  • Ataques por fuerza bruta intentan adivinar contraseñas mediante combinaciones automatizadas; resalta la importancia de crear contraseñas seguras.

Protección del Sistema Operativo

Estrategias Clave

  • Proteger el sistema operativo es fundamental ya que actúa como intermediario entre hardware y usuario; debe gestionarse adecuadamente.
  • Mantener actualizaciones regulares (parches de seguridad), similar a cerrar ventanas abiertas en una casa para evitar intrusiones.

Herramientas Esenciales

  • Instalar antivirus actualizado actúa como un sistema inmunológico digital; debe ejecutarse periódicamente para detectar nuevas amenazas.
  • Un firewall supervisa el tráfico entrante y saliente del sistema operativo, bloqueando conexiones inseguras según reglas predefinidas.

Seguridad en Dispositivos Móviles

Importancia del Dispositivo Móvil

  • Con el 80% de la población usando teléfonos móviles, proteger estos dispositivos es crucial debido a su contenido sensible (información bancaria, fotos privadas).

Métodos de Protección

  • El cifrado asegura que los datos sean ilegibles para atacantes potenciales durante su transmisión por redes públicas o aplicaciones bancarias.

Autenticación Multifactor (MFA)

  • Implementar MFA añade capas adicionales de seguridad al requerir más que solo una contraseña para acceder a cuentas sensibles.

Normativas sobre Protección de Datos

Regulaciones Clave

  • Existen reglamentos como ISO 27001 diseñados para establecer estándares internacionales sobre cómo proteger datos sensibles frente al robo e intrusiones.

Importance of Information Protection Standards

Identifying What Needs Protection

  • It is crucial to specify what information requires protection, including personal data and critical files. This includes patient information such as names, addresses, medical diagnoses, and genetic history.

Techniques for Maintaining Confidentiality

  • Implementing techniques to ensure the confidentiality, integrity, and availability of sensitive information is essential. This involves protecting access to medical histories and ensuring data accuracy without duplication.

Continuous Review and Adaptation

  • Regularly reviewing security controls helps identify vulnerabilities and adapt to new threats. Continuous updates are necessary for maintaining system security against evolving risks.

Risk Management Strategies

Inventory of Assets

  • Conducting an inventory of all valuable assets within an organization—including data, software, hardware, and personnel—is vital for identifying potential threats and vulnerabilities. Understanding what needs protection is the first step in risk management.

Assessing Threat Probability

  • Evaluating how likely it is that someone could access sensitive information or hack a system helps in understanding potential impacts on the organization. Risk mitigation strategies can then be developed accordingly.

Cybersecurity Measures

Technical Solutions for Risk Reduction

  • Utilizing technical tools like firewalls can help control network traffic by minimizing unauthorized access while implementing intrusion detection systems enhances monitoring capabilities over who accesses the network.

Data Encryption Practices

  • Encrypting data during transit ensures that sensitive information remains secure from unauthorized access while being transmitted across networks—similar to packaging items securely before shipping them out.

Incident Monitoring and Response

Definition of Security Incidents

  • Any event compromising the confidentiality, integrity, or availability of information qualifies as a cybersecurity incident; thus monitoring systems continuously is essential for early detection and response planning.

Importance of Continuous Observation

  • Regular observation allows organizations to detect unusual activities that may indicate a cyber attack or breach; this proactive approach enables timely responses to mitigate damage effectively.

Best Practices in Cybersecurity

Protecting Medical Devices

  • Ensuring that devices used in healthcare settings (like tablets) are secured through robust authentication methods prevents unauthorized access to sensitive patient data stored within these devices or networks they connect to.

Shared Responsibility in Cybersecurity

  • Cybersecurity should not solely rest with IT departments; it requires shared responsibility among all employees within an organization to adopt safe practices daily while being informed about potential risks associated with their roles.

This structured summary captures key insights from the transcript regarding the importance of protecting sensitive information through various standards and practices while emphasizing continuous improvement in cybersecurity measures.

Understanding Immutable Backups and Cybersecurity

The Concept of Immutable Backups

  • The term "immutable backups" refers to unchangeable copies of data that ensure the integrity of information over time.
  • An immutable backup guarantees that once data is saved, it cannot be altered or deleted, preserving its original state for future reference.
  • For example, a bank transaction recorded on a specific date must remain unchanged; if a deposit was made on July 10th, it should not be modified to reflect another date.
  • This concept emphasizes the importance of maintaining accurate records without alterations, ensuring reliability in data management.

Continuous Nature of Cybersecurity

  • Cybersecurity is described as an ongoing process rather than a fixed state; threats are constantly evolving and require regular updates to security measures.
  • It’s crucial to recognize that the question isn't whether one will be attacked but when such an attack might occur, highlighting the need for vigilance.
  • Preparedness involves securing all aspects of technology—data, networks, servers—and fostering a culture of cybersecurity awareness among all users involved.

Shared Responsibility in Cybersecurity

  • Cybersecurity is not solely the responsibility of IT departments; it requires participation from everyone within an organization or household.
  • Individuals must understand their role in protecting devices and networks at home and work, emphasizing collective responsibility for security practices.

Protecting Personal Devices and Networks

  • Security extends beyond organizational boundaries into personal technology use; individuals should secure smart devices integrated into their homes.
  • Examples include programming smart appliances while ensuring they are protected against unauthorized access through proper network security measures.

Awareness of Public Network Risks

  • Users must be cautious when connecting to public Wi-Fi networks in places like parks or cafes; understanding how to protect personal information is essential.
  • Strategies for safeguarding oneself while using public networks include being aware of potential vulnerabilities associated with these connections.

Conclusion and Further Learning Opportunities

  • Participants are encouraged to engage further with cybersecurity topics through synchronous sessions available via QR codes provided during discussions.
  • Continuous learning about technology and cybersecurity is vital for both personal safety and professional development.
Video description

Espacio de formación académica correspondiente a la especialidad de Ciberseguridad, sesión dirigida por la docente, Mónica Ruiz Martínez. Aviso importante: Les recordamos que el espacio del foro está destinado exclusivamente para resolver dudas y preguntas relacionadas con los temas de la sesión. Asimismo, les informamos que no se realizará ningún pase de lista durante ninguna de las 11 sesiones de este curso propedéutico.