This lab introduces you to a number of resources that can be used for daily updates, some provide education material, and others, dates for local gatherings of IT Security professionals. You also get an opportunity to analyze some data breaches posted on the Internet. What you will do is try to break the stories into component parts so you can see what happened, what was lost, etc.

At the end of the lab, you have the opportunity to play a simple cyber security game. While it is simple, it does introduce some basic IT security concepts.

Objective:

1. Investigate and assess online resources2. Analyze breaches that have been in the press3. Defend a company with cyber security techniques4. Play a game to enhance your knowledge5. Develop team skills by working with your team members- to be done in groups

The Lab Activities

Part One: Website and Resources

This part is all about getting to know some of the resources available to you as an IT security professional in training. Security news is widely available today. Nearly all the major general news sites have a section on "technology". Computing news sites usually have a section on IT Security and there are specialist IT Security sites.Take your time and look at the resources below.

From the "Resources: News and Blogs" section below, do the following:

1. Identify what you consider to be the top 3 general sites and top 3 specialized sites, in ranked order i.e., list themas 1, 2, 3, with 1 being what you consider the best site. a. List the top 3 general sites with an explanation of why you picked those sites and why you ranked them in that order - use the provided template to fill in your responsesb. List the top 3 specialized sites with an explanation of why you picked those sites and why you ranked them in that order - create a template to fill in your responses

Resources: News & Blogs

General Sites 1. Wired 2. Tech News World 3. Computer Weekly 4. The Register 5. Computer World 6. SC Magazine 7. ZD Net 8. PC Magazine

Specialized Sites 1. Krebs on Security 2. The Hacker News 3. Dark Reading 4. Threat Post 5. Security Weekly 6. Security Affairs 7. Naked Security

2. Provide a description of each of the Security Conferences and Local Groups - see below. In your description of each, ensure that you address: What is their focus? Who is their audience? What is interesting about each? Find interesting videos of some talks at these conferences - at least two videos.

Security Conferences

Conferences are great to attend. The local conference, SECTOR, offers a limited number of student tickets. Many of these conferences provide their presentations online after the conference.

1. DEF CON

2. black hat

3. SECTOR

4. BSides (Toronto)

5. BSides (Las Vegas)

6. Hackfest7. CanSecWest

Local Groups

There are also free local special interest groups that you can attend. They provide an opportunity for students to network within the industry.

1. TASK

2. OWASP (Toronto)

3. DEFCON416

Part 2: Breaches

The purpose of this part of the lab is to analyze some of the privacy breaches that have been in the press. Doing so will allow you to create a comprehensive picture of these breaches and their implications for the companies and their customers.

3. Search the Internet and identify one (1) security breach. Try to find several references for the breach, as this will give you more information about what happened and the outcomes. Identify and include the following data for the breach:

Data	Description
Company:	Company attacked
Method:	Method of breach i.e. how was it done
Attack Type	What type of attack was used in the breach (Lo, 2021)
Attacker(s)	Who was/were the attacker(s)
Data Lost (volume)	Amount of data lost
Data Lost (types)	Types of data lost e.g. names, addresses, credit card details etc.
Company Impact	Known or likely impact on the company e.g. will the company lose $$$, customers?
Customer Impact	Known or likely impact on those parties who have had their data lost
Remedial Action (data loss)	Steps taken by the breached company to address the data loss i.e. are they doing anything for their customers?
Remedial Action (breach)	Steps taken by the breached company to stop the breach from happening again

NB: Aim to get as much data about the breach as possible.

a. Use the table format in the provided template andthe topics in the Data column to write up your identified breach.

Part 3: Games

Game 1 (not challenging): Cyber Attack

In this section of the lab, you get to play a cyber security game using the PBS NovaLab Cybersecurity website: 'http://www.pbs.org/wgbh/nova/labs/lab/cyber/'. It provides an enjoyable introduction to cyber-attacks, cyber defense,and cyber budgets.

Through the lab you'll receive a basic introduction to cyber-attacks including password cracking and social engineering. Your goal will be to complete all 3 levels of the Cybersecurity Lab.

1. Navigate to the website: 'http://www.pbs.org/wgbh/nova/labs/lab/cyber/'2. Click on 'PLAY GAME'3. Sign into that game as a 'Guest'4. Successfully complete all three (3) levels of challenges.5. Take a screen shot of the Level 3 page showing all challenges complete6. take the screenshot into the provided templateand include at least one relevant take away from the game.

Game 2 (challenging): War Game

In this section of the lab, you get to play a type of computer war game known as Capture the Flag (CTF). There are many CTF games available on the Internet and at security conferences. The one we will start with is named Bandit, available at 'http://overthewire.org/wargames/'. The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.

1. Navigate to the website: 'http://overthewire.org/wargames/'2. Click on the link named 'Bandit' in the left hand column3. Read the instructions and start playing the game4. Successfully complete as many levels as you can before the due date. Document the steps you took to achieve success on each level. Include this documentation here.5. Take a screen shot (with personally identifiable information) of the final login challenges completed6. take the screenshot into the provided template and include at least one relevant take away from the game