UNIT-4

4. INFORMATION SECURITY: FUNDAMENTALS

The three fundamental principles of security are availability, integrity, and confidentiality
and are commonly referred to as CIA or AIC triad which also form the main objective of
any security program. ... All security controls, mechanisms, and safeguards are implemented
to provide one or more of these principles.

4.1.1 INFORMATION ASSETS

The foundation for security is assets that need to be protected (see e.g. Gollman, 1999).
Assets may be people, things created by people or parts of nature. In the area of information
security, the assets are often labelled as information assets, and enclose not only the
information itself but also resources that are in use to facilitate the management of
information (e.g. Bjorck, 2001; ISO/IEe 17799,2001), as depicted in Figure 1.

Figure 1. Information assets consist of information as well as resources to facilitate the

management of information

I claim that it is the information that is the primary asset, and IT and other resources are tools
to facilitate information management. Resources have hence an instrumental value in relation
to the information (of course, information may be highly integrated with resources that
manage the information, e.g. in a database). The term information security expresses
therefore a more holistic view than IT-security, which manifests a more technical view since
technical resources are focused (Oscarson, 2001). As it will be seen in Figure 2, I define IT as
digital tools for managing information. A more exhaustive definition of IT is (translated from
Oscarson, 2001, p 56):

Information technology (IT) is a concept that refers to digital technology, i.e. hard-
and software for creating, collecting, processing, storing, transmitting, presenting and
duplicating information. The information may be in the shape of e.g. sound, text,
image or video, and IT mean hence a merging of the traditional areas of computers,
telecom and media.

IT artefacts in the shape of e.g. personal computers, networks, operative systems and
applications constitute thus one of several types of supporting resources for manage

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

information. It is not only IT artefacts to be counted as resources when managing
information. Information may be managed manually, which make humans an important
resource. People are also indirectly an important resource because that is always people that
handle tools that manage information. Tools that help humans to manage information may be
electronic or non-electronic. Moreover, electronic tools may be divided into digital and
analogue tools. Figure 2 shows a simple classification of information-managing resources.
Non-electronic tools may be for example pens, papers, staplers and notice boards while
analogue tools are for example over-head devices, papershredders and telephones (which also
can be digital). Security mechanisms (safeguards) may also be counted as resources for
managing information. Security mechanisms may belong to all of the categories illustrated in
Figure 2 (more about security mechanisms in section 4).

Figure 2. A classification of resources for information management

Information as an asset in organizations is a wide domain of knowledge, and is not only about
information (represented by data) stored in IT-based information systems. A great amount of
an organization's information is non-formalized and is not digitalized or even on print.
Information that seems to be unimportant for one organization may be important to other
actors, e.g. competitors. Some information, e.g. negative publicity, may arise at the same
moment when an incident occurs. For example, the information that an information system
has been hacked may become very sensitive information at the same moment the incident
occurs. Moreover, information as an asset is not only about information that exists in an
organization - it is also important that an organization can obtain relevant and reliable
information when necessary

4.1.2 Confidentially, Integrity and Availability

Security concerning IT and information is normally defined by three aspects, or goals;

confidentiality, integrity and availability (see e.g. Gollman, 1999; Harris, 2002; Jonsson,
1995). The concepts can be seen as the objectives with security regarding IT and information
and are often referred to as the 'CIA triad' (Harris, 2002). Definitions of the CIA triad may
differ depending on what kind of assets that are focused, e.g. a specific computer/IT system,
information system or information assets as defined above. Regarding information assets, the
three concepts can be defined as follows: Confidentiality: Prevention of unauthorized
disclosure or use of information assets Integrity: Prevention of unauthorized modification of
information assets Availability: Ensuring of authorized access of information assets when
required The definitions are influenced by Gollman (1999) and Harris (2002), but are revised
in the following way: Gollman and Harris use 'information' and/or 'systems' for the three
concepts, while I claim that all three concepts should concern both information and resources

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

for managing information, i.e. information assets. The objective is that both information and
resources will stay confidential, unmodified and available. For example, weaknesses in
confidentiality may be caused both by disclosure of sensitive information and by
unauthorized use of a computer system. Integrity can be seen as a quality characteristic of
information assets, while confidentiality and availability are characteristics of the relations
between information assets and an authorized user (availability) and an unauthorized user
(confidentiality), as depicted in Figure 3.

Figure 3. A graphical description of the CIA triad - Confidentiality, Integrity and Availability
(influenced by Jonsson, 1995; Olovsson, 1992)

For simplifying reasons, the CIA triad will henceforth in the paper be treated as
characteristics of information assets, even if correct definitions in two cases are
characteristics between information assets and users (which may be authorized or
unauthorized).

4.2 EMPLOYEE RESPONSIBILITIES

As discussed, senior management has the ultimate responsibility for protecting the
organization’s information assets. One of these responsibilities is the establishment of the
function of Corporate Information Officer (CIO). The CIO directs the organization’s day-to-
day management of information assets. The ISSO and Security Administrator should report
directly to the CIO and are responsible for the day-to-day administration of the information
protection program. Supporting roles are performed by the service providers and include
Systems Operations, whose personnel design and operate the computer systems. They are
responsible for implementing technical security on the systems. Telecommunications is
responsible for providing communication services, including voice, data, video, and fax. The
information protection professional must also establish strong working relationships with the
audit staff. If the only time you see the audit staff is when they are in for a formal audit, then
you probably do not have a good working relationship. It is vitally important that this liaison
be established and that you meet to discuss common problems at least each quarter. Other
groups include the physical security staff and the contingency planning group. These groups
are responsible for establishing and implementing controls and can form a peer group to
review and discuss controls. The group responsible for application development methodology
will assist in the implementation of information protection requirements in the application
system development life cycle. Quality Assurance can assist in ensuring that information
protection requirements are included in all development projects prior to movement to
production. The Procurement group can work to get the language of the information
protection policies included in the purchase agreements for contract personnel. Education and
Training can assist in developing and conducting information protection awareness programs
and in training supervisors in the responsibility to monitor employee activities. Human
Resources will be the organization responsible for taking appropriate action for any violations

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

of the organization’s information protection policy. An example of a typical job description
for an information security professional is as follows:
Director, Design and Strategy
Location: Anywhere, World
Practice Area: Corporate Global Security Practice
Grade:
Purpose: To create an information security design and strategy practice that defines the
technology structure
needed to address the security needs of its clients. The information security design and
strategy will complement security and network services developed by the other Global
Practice areas. The design and strategy practice will support the clients’ information
technology and architecture and integrate with each enterprise’s business architecture. This
security framework will provide for the secure operation of computing platforms, operating
systems, and networks, both voice And data, to ensure the integrity of the clients’
information assets. To work on corporate initiatives to develop and implement the highest
quality security services and ensure that industry best practices are followed in their
implementation.
Working Relationships:
This position reports in the Global Security Practice to the Vice President, Global
ecurity. Internal contacts are primarily Executive Management, Practice Directors, Regional
anagement, as well as mentoring and collaborating with consultants. This position will
directly manage two professional positions:
Manager, Service Provider Security Integration; and Service Provider Security
Specialist. Frequent external contacts include building relationships with clients, professional
information security organizations, other information security consultants; vendors of
hardware, software, and security services; and various regulatory and legal authorities.
Principle Duties and Responsibilities:
The responsibilities of the Director, Design and Strategy include, but are not limited to, the
following:
Develop global information security services that will provide the security functionality
required to protect clients’ information assets against unauthorized disclosure, modification,
and destruction. Particular focus areas include:
Virtual private networks
Data privacy
Virus prevention
Secure application architecture
Service provider security solutions

4.3 INFORMATION CLASSIFICATION

Information classification is the process of assigning value to information in order to organize

it according to its risk to loss or harm from disclosure.

INFORMATION SECURITY CLASSIFICATION

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

If your organization is missing an Information Security Classification Policy or not
using one effectively for making decisions about risk and cyber defence measures, then
read on. Why? Because since a well-defined information security classification policy
underpins most cyber security, not having one strongly suggests that your organization
is simply not spending its security budget wisely, because it is not optimizing risk or
resources.
IT DOESN'T EXIST
How many times have we heard that? Unfortunately, more often than not. When we ask
organisations to provide us with a copy of their information security classification, we
frequently discover there isn’t one. Which is precisely why we thought it important to
persuade readers to develop one if it’s their responsibility. And if it’s not, then to
encourage whoever is responsible to do it asap.
As Information classification is an iterative, ongoing process, good governance requires
that it is under continual review and constantly improved to maintain its effectiveness.
So, if you’re thinking, “We already have one,” but you haven’t reviewed it for 12
months or more, you’d be well-advised to do so.
Organizations have a lot to gain from data identification and classification. So, before
we drill into the process and classification levels, it is of the utmost importance to
appreciate the benefits of having information classified, as this will help in justifying
the time and effort necessary to complete Information Security Classification within
your organization.
BENEFITS

The following are the main benefits of classifying information with security levels:
1. Information Security Classification requires that information first be identified. An
initiative is therefore required to actively discover information that’s created, stored and
handled by different business groups within the organization. By discovering
information, you’re basically rediscovering your business. And this means you can take
a moment to review how information is empowering it or possibly operating
ineffectively.
2. By working with different business groups, the risk and/or information security team
connects face-to-face with business owners and asks them to think – sometimes for the
first time – about information security and how it could impact their business. This
gives the owners a direct contact point they can reach out to if they have questions or
need help managing cyber risks or incidents. Working with the business raises
awareness of cyber risk and information security management to realistic levels,
because it is finally being discussed and taken seriously at all levels within the
organization.
3. Defining and using security information classification optimizes risk and resources,
protecting information both effectively and efficiently. By categorising information
according to its sensitivity and levels of business impact, you are informing your risk
and information security practice of the priority with which information must be

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

protected and therefore where your organization’s information security budgets should
be spent.
4. Correctly classifying information that’s governed by laws and regulations allows an
organization to limit its dissemination on a need-to-know basis. This minimizes the risk
of theft or loss, which helps avoid or minimize monitory penalties associated with non-
compliance. This includes laws that govern personal and health records and regulations
such as PCI-DSS and GLBA that protect the financial industry.
5. It informs access control and data loss policies used to implement technical controls.
By classifying information with a security label, this information can be used to help
map out your organization’s access control matrix. Authorized individuals with a need -
to-know can be granted access to the information required to complete their job
function; all other access can be restricted and the information protected against
accidental data loss, compromise and insider threats.
PROCESS

With the main benefits covered, we turn our attention to the process of classifying
information with security labels.
The standard process to classify information is :
1. Identify Information
Use manual methods (workshops, etc.) and automated discovery tools as required.
2. Classify the Information
Assess its business value, impact and sensitivity.
3. Label the Information
Microsoft Document Labels, Office365 Labels, Email Marking, etc
4. Implement Controls
The controls need to be proportional to the information value, importance and
sensitivity.
These include, but are not limited to. security controls that need to be implemented
when the information is stored, shared, disposed of and declassified.
5. Communicate Policy
Appropriately communicate details of the information security classification scheme
within your organization.
Business team should know understand and use the information security classification
schemed correctly.
6. Train on Procedures
Provide training on the information security classification procedure.
Your leadership team should know how to identify and classify new information
moving forward or, at the very minimum, request that the new information be classified
by the responsible team within your organization.
CHALLENGES

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

As every organization is different, there will be different challenges to overcome when
trying to classify information. At this point, it’s important to outline the challenges you
can expect to face and provide advice on ways you could overcome them.
1. Multiple Classifications
One of the first steps in deciding what information security levels to use within an
organization is to understand the laws and regulations that govern your business. The
challenge becomes evident when an organization is required to comply with multiple
laws and regulations or when an organization has different business groups, each
governed by a different law or regulation. This may be the case if it conducts business
in multiple regions and countries or simply because it handles different types of
information. Many organizations tend to assign multiple classifications to the same
information. This approach is practically ineffective because it creates management
overhead and increases the challenge of using information security classification labels
to protect information. The goal should be to have a single and consistent classification
schemed across the board. The advice is to standardize on a single information security
classification scheme then, if required, map these out to other classification schemes
governed by laws and regulations as needed.
2. Internal Resistance
To classify information, you first need to discover it. You could sift through company
databases, your intranet, file directory, and so forth, but my advice is to directly engage
with business units and simply ask them these three questions:

Other good means for discovering information are:

1. Refer to the Business Impact Analysis (BIA) if one exists. Services and the assets
supporting them should already have been identified in the BIA. You could find out
what information is processed and stored on those assets by asking your IT team to
provide the details. Similarly, refer to the assets in your asset management system and
discover what information they process or store.
2. Refer to past risk analysis. Assets should have been identified to conduct risk
analysis. Those assets should also have included digital information assets.
You will likely face internal resistance from some individuals when you engage
them to begin your discovery. To put everyone at ease, remember to:
1. Explain the initiative, its benefits and why the board and executives endorse it.
2. Let them know that you’re only conducting a discovery process at this stage and that
it’s the information asset owners who would still be ultimately responsible for deciding
who can have access to the information, that’s unless that information is protected by a
law or a regulation on which legal advice should be taken.
The tasks can be somewhat challenging for certain individuals who believe:

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

To summarize, to overcome such resistance, it’s important to first and foremost receive
the endorsement of your information security classification policy by the board of
directors and/or executive team. Ask the CEO to set the tone at the top with the
leadership team and to explain that the initiative is important to the organization
because of the benefits described above. The thing to avoid is defining access-controls
during the information discovery phase. If you try and complete the access-controls
matrix at the same time as you’re engaging with business stakeholders to discover it,
you will find that some stakeholders may want more access than they require which
can’t be justified. Avoid this dilemma and headache by simply discovering and
classifying information first. If business impact levels are well defined within your
organization, then classifying information is not such a challenge either and can be
completed at a later stage by a smaller group of stakeholders.
3. Over-Classification
Keep it simple as can be! That should be your top priority when you’re working through
this process. Over-classification occurs when security classification is mapped to access
controls, which mustn’t happen when you’re only classifying information assets.
Security classification serves a higher-order purpose, with the main goal of keeping
information internal, approved for public release or restricted to particular groups or
individuals with a need-to-know. Information security classifications that map to
business roles, locations or data types, have all proven to be ineffective because they
are:

Keep the number of information security levels to a minimum. If you’re finding that
you’re using any more than 3 or 4 classification levels, then you’re not keeping it
simple. You’re probably falling into the trap of mapping classification levels to business
groups, locations or data types, or you’re trying to align with multiple standards.
4. Coverage
One of the greatest risks when discovering information to be classified, is that you
never really know whether or not you have actually discovered all of the information
assets. Even when applying a default classification to “all other information”, if you
haven’t discovered any particular information that’s highly sensitive, then there’s a risk
of under-classifying it and therefore leaving it exposed. The problem is more apparent
today as information is dispersed into the cloud, streamed from IoT devices, roaming
around on personal handheld devices and flowing between integrated systems. To
mitigate this risk, refer to your org-chart. Identify all the business units and their
managers, and seek to work with them to conduct information discovery. Don’t despair!

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

Usually, if the information is important enough, someone will call it out, and even if it’s
left undiscovered, information security is about risk reduction, and by discovering most
of the information, you can be assured that you’re on the right track.
We’ve now covered the main benefits and challenges of information security
classification, so we will now provide some practical advice on what information
classification schemes to adopt. To do so, we will distinguish between government
(local, state and federal) with corporate organizations because government already has
well-defined Information security classification labelling guidelines that can be used
and business impact levels that are fairly detailed.
INFORMATION SECURITY CLASSIFICATION

For Corporate Organizations

I’ve provided the following example of an Info jrmation Security Classification schemes
because it can be used within most corporate organizations:

For Governments
Refer to the particular framework used within federal or state governments in your own
country. Local governments should follow the guidelines of their state government. In
Australia, the Australia Government Protective Security Policy Framework is to be used
by the Australian government and its agencies and in the state of New South Wales, for
example, the NSW Government Information Classification, Labelling and Handling
Guidelines should be used. While these two generally align, there are a few dif ferences
(noted below) that need to considered.
It’s also important to define Dissemination Limiting Markers (DLMs) and how they
differ from security classifications. While security classifications are defined by
business impact levels that can damage national security, DLMs are defined by

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

sensitivity levels, type of information and can cause limited damage to non-national
security interests.

Below are the classification levels defined for both Federal and NSW State
Government
Australian Government
It’s important that we firstly respect the objective of the Australian Government
Information (Public Access) Act 2009 (GIPA Act), which is to open government
information to the public by:

A public interest test, which requires balancing factors for and against disclosure of
each piece of government information, must be conducted using the guidelines
provided here. You should also obtain advice from your risk management team and your
legal team if you’re unsure whether or not information is to be release or restricted to
public.
Australian Government Information Security Classifications

The referenced table below shows the information security classifications and
sensitivity levels used by the Australian government:

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

NSW Government
The NSW government security classification system and DLMs aligns with the
Australian government system which include four security classifications; however,
NSW government uses an additional four DLMs (noted below) from numbers 6 through
to 9:

4.4 INFORMATION HANDLING

Information handling includes the functions of receipt of information from collection

sources, dissemination, transformation, indexing, categorization, storage, retrieval and
presentation, automatic data processing, telecommunications, and teleprocessing related
thereto.

1. Mission

The Committee will advise the Director of Central Intelligence (DCI) on the
establishment of common objectives for Intelligence Community information handling
and coordinate the achievement of these objectives through improvement and
integration of Intelligence Community information handling systems.

2. Definition

Information handling includes the funct ions of receipt of information from collection
sources, dissemination, transformation, indexing, categorization, storage, retrieval and
presentation, automatic data processing, telecommunications, and teleprocessing related
thereto.

3. Functions

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

Under the general guidance of the Deputy Director of Central Intelligence, the
Committee will

a. formulate and recommend to the DCI policies and programs for the
establishment of an Intelligence Community information handling system;

b. monitor and coordinate implementation of plans and programs approved by

the DCI;

c. recommend to the Intelligence Community improvements in methods and

facilities for information handling that will eliminate unwarranted duplication of
files;

d. develop and promulgate within the Intelligence Community standards,

procedures, and formats for the representation of information to facilitate its
exchange among Intelligence Community components and establish procedures
to promote Intelligence Community compliance with applicable Federal
Government data standardization programs;2

e. monitor and report on research and development efforts in the scientific,

academic, and industrial communities in information science to ensure o ptimum
use of this research by the Intelligence Community;

f. identify Intelligence Community research and development needs and promote

interagency exchanges of information and cooperation in research and
development of information processing;

g. in coordination with the DCI SCI Forum3, ensure that the security aspects of
information handling systems are given appropriate consideration; and

h. promote the estab!ishment of education and training programs in information

science.

4. Intelligence Community Responsibilities

Upon request of the Committee Chairman, Intelligence Community components shall,

within established security safeguards, provide information pertinent to the Committee's
mission and functions.

5. Composition and Organization

The Committee Chairman will be appointed by the Director of Central Intelligence.

The members of the Committee will be representatives designated by intelligence

Community principals.

The Chairman will establish subcommittees, working groups, and advisory bodies as
necessary to support the work of the Committee.

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

With the approval of the DCI, the Committee Chairman may invite representatives of
relevant United States Government entities with national security interests to participate
as appropriate.

The Committee will be supported by an Executive Secretariat.

4.4. TOOLS OF INFORMATION SECURITY

4.4.1 information Security Tools

Following is a list of top 10 Information Security tools that are practiced and used globally;

1. John the Ripper

This is the most promising tool for password cracking and testing the
strength of various passwords and credentials, as well. This tool uses the
brute force technology to decipher or break password security and to be used
as an InfoSec tool. This is an open-source tool, which means anyone can use
it and tweak it to the best of their use. This tools is compatible and can be
used with multiple operating systems such as Linux, Windows, Mac, and or
Android.

2. Nmap

Nmap or otherwise known as network mapper I an auditing tool used by

InfoSec professionals to perform an audit of various OS-based network
systems. This is among the most oldest InfoSec tool in existence and still
receive yearly updates consistently. It can help you with any network-based
IT investigation and provide the fastest results possible. Following tasks can
be well executed with Nmap;

 Audit device security

 Detects or investigate remote hosts, i.e., open ports on remote hosts
 Network mapping
 Finding potential vulnerabilities and weaknesses among a network
 Launching DNS based queries among domains and subdomains

3. Kali Linux

Kali Linux is not an overtly covered or hidden operating system from the
InfoSec professionals, but it is still an operating system for the most part.
Although it favors the presence of various penetration and InfoSec security
tools within its framework that can be sued for investigation among forensics
and different types of security systems as well. You can track, deploy,
configure, search for potential weaknesses, and find other vulnerabilities
among networking, auditing, and various operating systems. The various
tools used from the Kali Linux operating system include;

 Aircrack-ng
 Hydra

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

  Wireshark
 Skipfish
 Nessus

4. NetSparker

Netsparker is the most accurate automated tool that can be used to find
various vulnerabilities in various networking and operating systems. The
vulnerabilities usually unearthed consist of Cross-site scripting and SQL
injections. The devices will provide you with accurate results every time and
not the false positive so that you won't have plenty of hours wasted just like
that using manual testing methods. Although it is only available to be used on
the Windows platform or through online web sources.

5. Retina

The retina is not just your simple web application tool through which you can
find a list of potential vulnerabilities in security networks and related
systems. It provides with something more than that; it can carry out a series
of Pentesting assessments and routine tests to make sure that there aren't any
vulnerabilities and or weaknesses in your system lurking around. It comes out
or is available as a retina community tool or package; it is a commercial
product that requires little to no maintenance and is fully automated, which
means you won't have to regulate its functioning manually. Available at
various operating systems such as Windows, Kali Linux, and Mac or
Android.

6. Social Engineer Toolkit

Social engineering attacks are the most complicated and technical cyber-
attacks that are not only difficult to identify but also, it is tough to
comprehend their execution. But with the help of the social engineering
toolkit, the identification and or processing of these attacks that target human
behavior becomes very easy. Although it should be mentioned that the tool
should be used for Ethical or White hat hacking purposes purely otherwise,
there can be unsegmented consequences.

7. Nessus

Nessus is not only a complete cybersecurity suite that helps in the

identification of various vulnerabilities present taming systems but can also
work as a scanner for virus/malware protection and other known security
breaches. It can help with IP scanning, sensitive data breaches, scanning
various components of the websites, and finding out vulnerabilities and weak
spots in real-time. The software is also compatible with various operating
systems, including Kali Linux, Windows, Mac, and or android systems.

8. Metasploit

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

 The most advanced cybersecurity testing tools that can create a favorable
Pentesting environment for professionals. It works on the concept of
exploiting the security systems by entering or bypassing the security. When
opened, it creates a payload that is a code that performs certain operations on
the targeted machine; this, in turn, creates a favorable Pentesting
environment for the professionals to work within.

It can be used with network servers, web applications, and other operating
systems. It can work perfectly with Windows, Kali Linux, Mac, and Android
systems.

9. Whitehat

Whitehat is a robust tool that brings into account the use of various tools,
Software, and other Pentesting fundamentals, all of which together can help
to create a safe working environment throughout the software development
lifecycle. Perform numerous scanning illustrations, check the integration of
various working systems, and provide accurate results in real-time.

If you want to learn information security tools, then the best way is to enroll
in the best information security courses aligned with those tools, practice
with them, how they operate, what are the various fundamentals that are
covered with these specified tools, and how you can use them to your
advantage or specific working?

10. AirCrack-ng

AirCrack.ng is a customized and secured network security suite that can work
around various security formats such as 802.11 WEP and or WPA-PSK
network systems. You can add particular layers of security to make your
networking systems are secure from cybercriminals and potential hackers
simultaneously. It works by capturing various network packets, which are
then properly analyzed and used to crack the Wi-Fi access. Aircrack-ng
consists of a fancy terminal-based interface that provides the users with
central control of various operations going through. It is only compatible
with Kali Linux systems, excluding Windows and other operating systems.

4.4.2 Cyber Security Tools

Protecting our IT environment is very critical. Every organization needs to take

cybersecurity very seriously. There are numbers of hacking attacks which affecting
businesses of all sizes. Hackers, malware, viruses are some of the real security threats in
the virtual world. It is essential that every company is aware of the dangerous security
attacks and it is necessary to keep themselves secure. There are many different aspects
of the cyber defence may need to be considered. Here are six essential tools and
services that every organization needs to consider to ensure their cybersecurity is as
strong as possible. They are described below:

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

 Fig. Cyber Security Tools

1. Firewalls

As we know, the firewall is the core of security tools, and it becomes one of the most
important security tools. Its job is to prevent unauthorized access to or from a private
network. It can be implemented as hardware, software, or a combination of both. The
firewalls are used to prevent unauthorized internet users from accessing private
networks connected to the Internet. All messages are entering or leaving the intranet
pass through the firewall. The firewall examines each message and blocks those
messages that do not meet the specified security criteria.

The Firewall is very useful, but it has limitations also. A skilled hacker knew how to
create data and programs that are believing like trusted firewalls. It means that we can
pass the program through the firewall without any problems. Despite these limitations,
firewalls are still very useful in the protection of less sophisticated malicious attacks on
our system.

2. Antivirus Software

Antivirus software is a program which is designed to prevent, detect, and remove

viruses and other malware attacks on the individual computer, networks, and IT
systems. It also protects our computers and networks from the variety of threats and

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

viruses such as Trojan horses, worms, keyloggers, browser hijackers, rootkits, spyware,
botnets, adware, and ransomware. Most antivirus program comes with an auto -update
feature and enabling the system to check for new viruses and threats regularly. It
provides some additional services such as scanning emails to ensure that they are free
from malicious attachments and web links.

3. PKI Services

PKI stands for Public Key Infrastructure. This tool supports the distribution and
identification of public encryption keys. It enables users and computer systems to
securely exchange data over the internet and verify the identity of the other party. We
can also exchange sensitive information without PKI, but in that case, there would be no
assurance of the authentication of the other party.

People associate PKI with SSL or TLS. It is the technology which encrypts the server
communication and is responsible for HTTPS and padlock that we can see in our
browser address bar. PKI solve many numbers of cybersecurity problems and deserves a
place in the organization security suite.

PKI can also be used to:

Enable Multi-Factor Authentication and access control

Create compliant, Trusted Digital Signatures.

Encrypt email communications and authenticate the sender's identity.

Digitally sign and protect the code.

Build identity and trust into IoT ecosystems.

4. Managed Detection and Response Service (MDR)

Today's cybercriminals and hackers used more advanced techniques and software to
breach organization security So, there is a necessity for every businesses to be used
more powerful forms of defences of cybersecurity. MDR is an advanced security service
that provides threat hunting, threat intelligence, security monitoring, incident analysis,
and incident response. It is a service that arises from the need for organizations (who
has a lack of resources) to be more aware of risks and improve their ability to detect and
respond to threats. MDR also uses Artificial Intelligence and machine learning to
investigate, auto detect threats, and orchestrate response for faster result.

The managed detection and response has the following characteristics:

Managed detection and response is focused on threat detection, rather than compliance.

MDR relies heavily on security event management and advanced analytics.

While some automation is used, MDR also involves humans to monitor our network.

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

MDR service providers also perform incident validation and remote response.

5. Penetration Testing

Penetration testing, or pen-test, is an important way to evaluate our business's security

systems and security of an IT infrastructure by safely trying to exploit vulnerabilities.
These vulnerabilities exist in operating systems, services and applic ation, improper
configurations or risky end-user behavior. In Penetration testing, cybersecurity
professionals will use the same techniques and processes utilized by criminal hackers to
check for potential threats and areas of weakness.

A pen test attempts the kind of attack a business might face from criminal hackers such
as password cracking, code injection, and phishing. It involves a simulated real-world
attack on a network or application. This tests can be performed by using manual or
automated technologies to systematically evaluate servers, web applications, network
devices, endpoints, wireless networks, mobile devices and other potential points of
vulnerabilities. Once the pen test has successfully taken place, the testers will present us
with their findings threats and can help by recommending potential changes to our
system.

6. Staff Training

Staff training is not a 'cybersecurity tool' but ultimately, having knowledgeable

employees who understand the cybersecurity which is one of the strongest forms of
defence against cyber-attacks. Today's many training tools available that can educate
company's staff about the best cybersecurity practices. Every business can organize
these training tools to educate their employee who can understand their role in
cybersecurity.

We know that cyber-criminals continue to expand their techniques and level of

sophistication to breach businesses security, it has made it essential for organizations to
invest in these training tools and services. Failing to do this, they can leave the
organization in a position where hackers would be easily targeted their security system.
So, the expense of the investment on these training tools might put a reward for the
business organization with long-term security and protection.

4.5 INFORMATION PROCESSING

Information processing is the change (processing) of information in any manner

detectable by an observer. As such, it is a process that describes everything that happens
(changes) in the universe, from the falling of a rock (a change in position) to the
printing of a text file from a digital computer system.

In popular usage, the term information refers to facts and opinions provided and
received during the course of daily life: one obtains information directly from other
living beings, from mass media, from electronic data banks, and from all sorts of
observable phenomena in the surrounding environment. A person using such facts and

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

opinions generates more information, some of which is communicated to others during
discourse, by instructions, in letters and documents, and through other media.
Information organized according to some logical relationships is referred to as a body of
knowledge, to be acquired by systematic exposure or study. Application of knowledge
(or skills) yields expertise, and additional analytic or experiential insights are said
to constitute instances of wisdom. Use of the term information is not restricted
exclusively to its communication via natural language. Information is also registered
and communicated through art and by facial expressions and gestures or by such other
physical responses as shivering. Moreover, every living entity is endowed with
information in the form of a genetic code. These information phenomena permeate the
physical and mental world, and their variety is such that it has defied so far all attempts
at a unified definition of information.

Interest in information phenomena increased dramatically in the 20th century, and today
they are the objects of study in a number of disciplines, including philosophy, physics,
biology, linguistics, information and computer science, electronic and
communications engineering, management science, and the social sciences. On the
commercial side, the information service industry has become one of the newer
industries worldwide. Almost all other industries—manufacturing and service—are
increasingly concerned with information and its handling. The different, though often
overlapping, viewpoints and phenomena of these fields lead to different (and sometimes
conflicting) concepts and “definitions” of information.

This article touches on such concepts as they relate to information processing. In

treating the basic elements of information processing, it distinguishes between
information in analog and digital form, and it describes its acquisition, recording,
organization, retrieval, display, and techniques of dissemination. A separate
article, information system, covers methods for organizational control and
dissemination of information.

Fig Information Processing

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

4.5.1 INFORMATION PROCESSING THEORY

 That attempts to categorize the way information is recognized, utilized, and stored in
the memory.
 This theory recognizes the ability for a person to control what information is
processed and the changes and developments of these abilities

The Are Four Pillars Of The Information Processing Model

1. Thinking
2. Analysis Of Stimuli
3. Situational Modification
4. Obstacle Evaluation
1. Thinking
The process of thinking includes the activities of perception of external stimuli,
encoding the same and storing the data so perceived and encoded in one's mental
recesses
2. Analysis Of Stimuli
This is the process by which the encoded stimuli are altered to suit the brain's
cognition and interpretation process to enable decision making. There are four distinct
sub-processes that form a favourable alliance to make the brain arrive at a conclusion
regarding the encoded stimuli it has received and kept stored. These four sub-
processes are encoding, strategization, generalization and automatization
3. Situational Modification
This is the process by which an individual uses his experience, which is nothing other
than a collection of stored memories, to handle a similar situation in future. In case of
certain differences in both situations, the individual modifies the decisions they took
during their previous experience to come up with solutions for the somewhat different
problem
4. Obstacle Evaluation
This step maintains that besides the subject's individual development level, the nature
of the obstacle or problem should also be taken into consideration while evaluating
the subject's intellectual, problem solving and cognitive acumen. Sometimes,
unnecessary and misleading information can confuse the subject and he / she may
show signs of confusion while dealing with a situation which is similar to one he / she
was exposed to before, which he / she was able to handle

Structure of the information processing system

1. Sensory Memory

2. Working Memory

3. Long-term Memory

1. Sensory Memory

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

 Information is received through a person's senses, it comes from the environment around
you (McDevitt & Ormrod, 2004)2.Working Memory
 Holds information associated with the senses (e.g., vision, hearing) just long enough for
the information to be processed further (mere seconds).
Sensory Register
 Detects visual, auditory, haptic (touch), smell, taste, temperature, pain, body
position information.
 Filters out much of the world's potential
 Information
 Limited capacity
 Seconds before decay
 Unconscious

2. Working Memory

 STM functions as a temporary working memory, whereby further processing is carried

out to make information ready for long-term storage or for a response.
 Working memory holds information for a limited amount of time and holds a limited
amount of information.
 Where information is processed and "problem solving" occurs; the working memory
usually only processes things for a short period of time.

Encoding: recasts sensory

 information into meaningful representations suitable for manipulation, using

strategies
 like rehearsal
 organization
 elaboration
 Limited in capacity

Encoding/Learning Strategies

Rehearsal – attempting to learn something by repeating it over and over; repetition

Organization – attempting to learn something by identifying relationships among pieces of

information as a way of categorizing them

Elaboration – embellishing on new information based on what you already know (using
prior knowledge)

 Environmental factors, e.g., culture, affect the kinds of strategies that children
develop Children are more likely to use effective learning strategies when
teachers and other adults encourage their use, or when it is culturally meaningful

3. Long-term Memory

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

  Where the information remembered over time is kept; there are many ways that
information is moved from working memory into long term memory
 represents our permanent storehouse of information, capable of retaining an
unlimited amount and variety of information.
 The ability to remember information in LTM appears very early and improves
with age
 Children increasingly have conscious awareness of the past
 Infantile amnesia – general inability to recall past events during the early
years of life
 The amount of knowledge stored in LTM increases many times over
 Knowledge base – one’s knowledge about specific topics and the world in
general
 Children’s knowledge about the world becomes increasingly integrated
 Schemas – tightly integrated set of ideas about a specific object or
situation
 Scripts – schema that involves a predictable sequence of events related to a
common activity
 Children’s growing knowledge base facilitates learning

Thinking and Reasoning

Thought increasingly makes use of symbols

 Symbols – mental entity that represents an external object or event, often without
reflecting its perceptual and behavioral qualities
 Logical thinking abilities improve with age
 Some logical thinking is evident in infancy
 Perceive cause and effect relationships as young
 As 6 months old Reasoning is still influenced by personal motives and Biases

Divisions of Long Term Memory

 Explicit Memory (declarative memory)

 Episodic Memory
 Semantic Memory
 Autobiographical Memory
 Implicit Memory (Procedural memory)
 Priming

Explicit Memory (declarative)

 Includes all of the memories that are available in consciousness.

 These are encoded by the hippocampus, entorhinal cortex, and perirhinal cortex, but
consolidated and stored elsewhere refers to memory for specific events in time, as
well as supporting their formation and retrieval. Some examples of episodic memory

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

 would be remembering someone's name and what happened at your last interaction
with each other.

Semantic Memory

 Refers to knowledge about factual information, such as the meaning of words.

Semantic memory is independent information such as information remembered for a
test
 Semantic Memory-- facts and generalized information (concepts, principles, rules;
problem-solving strategies; learning strategies)
 Schema / Schemata -- networks of connected ideas or relationships; data structures or
procedures for organizing the parts of a specific experience into a meaningful system
(like a standard or stereotype)
 Proposition -- interconnected set of concepts and relationships; if/then statements
(smallest unit of information that can be judged true or false)
 Script -- "declarative knowledge structure that captures general information about a
routine series of events or a recurrent type of social event, such as eating in a
restaurant or visiting the doctor" (Stillings et al., 1987)
 Frame -- complex organization including concepts and visualizations that provide a
reference within which stimuli and actions are judged (also called "Frame of
Reference")
 Scheme -- an organization of concepts, principles, rules, etc. that define a perspective
and presents specific action patterns to follow
 Program -- set of rules that define what to do in a particular situation
 Paradigm -- the basic way of perceiving, thinking, valuing, and doing associated with
a particular vision of reality (Harman, 1970)
 Model -- a set of propositions or equations describing in simplified form some aspects
of our experience. Every model is based upon a theory or paradigm, but the theory or
paradigm may not be stated in concise form

Autobiographical Memory

 Refers to knowledge about events and personal experiences from an individual's

own life

Implicit Memory (Procedural Memory)

 Procedural memory involves memories of body movement and how to use objects
in the environment. How to drive a car or use a computer are examples of
procedural memories
 Implicit memory - refers to the use of objects or movements of the body, such as
how exactly to use a pencil, drive a car, or ride a bicycle. This type of memory is
encoded and it is presumed stored by the striatum and other parts of the basal
ganglia. The basal ganglia is believed to mediate procedural memory and other
brain structures and is largely independent of the hippocampus. Research by

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

 Manelis, Hanson, and Hanson (2011) found that the reactivation of the parietal
and occipital regions was associated with implicit memory. Procedural memory is
considered non-declarative memory or unconscious memory which includes
priming and non-associative learning

Priming

 Priming is an implicit memory effect in which exposure to a stimulus

influences a response to a later stimulus. It can occur following perceptual,
semantic, or conceptual stimulus repetition. For example, if a person reads a
list of words including the word table, and is later asked to complete a word
starting with tab, the probability that he or she will answer table is greater than
if they are not primed. Another example is if people see an incomplete sketch
they are unable to identify and they are shown more of the sketch until they
recognize the picture.

Processes that keep information "alive" or help transfer it from one memory stage to
the next:

Attention
Rehearsal
Chunking
Encoding
Retrieval.
1. Attention
 Selective attention refers to the learner's ability to select and process certain
information while simultaneously ignoring other information.
 Several factors influence attention:
 The meaning that the task or information holds for the individual
 Similarity between competing tasks or sources of information
 Task complexity or difficulty (influenced also by prior
2. Rehearsal
 Rehearsal is the process where information is kept in short-term memory by
mentally repeating it.
 When the information is repeated each time, that information is reentered into the
short-term memory, thus keeping that information for another 15 to 20 seconds
(the average storage time for short-term memory)
3. Chunking
 Chunking is the process by which one can expand his/her ability to remember
things in the short term. Chunking is also a process by which a person organizes
material into meaningful groups.
4. Encoding
 Refers to the process of relating incoming information to concepts and ideas
already in memory in such a way that the new material is more memorable.
Various encoding schemes include:

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS

  Organization Eg: -grouping information into categories, outlines,
hierarchies, concept trees
5. Retrieval
 Retrieval of Information from Long-Term Memory The process of retrieval from
LTM involves bringing to mind previously learned information, to either (a)
understand some new input or (b) make a response. Making a response may
involve either recall or recognition.

4.6 SECURITY PROGRAM ADMINISTRATION

In today’s world, most business facilities require some level of site security. Whether to
due to theft prevention, hazardous chemicals or industrial processes on site, the
protection of business processes and trade secrets, limitation of liability, or threat of
terrorist attack, all organizations have something to protect. This protection can take
many forms, depending upon the asset(s) to be protected and other factors specific to
each organization. Some organizations elect to manage their security apparatus in-
house, while others recognize the benefit of having a professional security organization
assume that responsibility. Unfortunately, it only takes one significant breach of
security to cause an event that cripples an entire organization with potentially
catastrophic collateral consequences as well. Accordingly, the decision to manage
security responsibilities in-house, or the selection of an external security administration
partner, should be taken very seriously with those consequences in mind.

Trident Capabilities

As former ‘top tier’ Special Operations operators, TridentCMG personnel have spent
years in assisting governments, militaries, and business organizations the world over in
developing and managing security programs for all manner of individuals, facilities, and
other assets. Now, this level of expertise and proven experience can be yours when you
select TridentCMG as your security program administration (SPA) partner.

As your SPA partner, TridentCMG will review your existing security plan, if available,
and recommend a prioritized set of improvements for consideration. We will base these
recommendations on our understanding of the client’s security objectives, coupled with
our understanding of threat potentials affecting the client. TridentCMG will develop
budgets covering these prioritized security enhancements, cooperate in the procurement
process, and oversee implementation, as well as subsequent orientation, training, and
operation of the entire security apparatus on behalf of the client.

With respect to security forces, TridentCMG will train and manage a client -provided
security force, or we can provide our own force comprised of highly-trained and
seasoned security professionals, hand-selected by TridentCMG to ensure the client
receives the very best security services available. Wherever the location, whatever the
asset, TridentCMG can provide security to meet any challenge.

DEPARTMENT OF ECE CS6202OE - CYBER LAW & ETHICS