Cyber Security Tutorial

Cyber Security Tutorial

Cybersecurity is the protection of Internet-connected systems, including hardware, software, and

data from cyber attackers. It is primarily about people, processes, and technologies working
together to encompass the full range of threat reduction, vulnerability reduction, deterrence,
international engagement, and recovery policies and activities, including computer network
operations, information assurance, law enforcement, etc.

It is the body of technologies, processes, and practices designed to protect networks, devices,
programs, and data from attack, theft, damage, modification, or unauthorized access. Therefore,
it may also be referred to as information technology security.

Cyber-attack is now an international concern. It has given many concerns that could endanger the
global economy. As the volume of cyber-attacks grows, companies and organizations, especially
those that deal with information related to national security, health, or financial records, need to
take steps to protect their sensitive business and personal information.

This Cyber Security tutorial provides basic and advanced concepts of Cyber Security technology.
It will cover the most popular concept of Cyber Security, such as what is Cyber Security, Cyber
Security goals, types of cyber-attacks, types of cyber attackers, policies, digital signature, Cyber
Security tools, security risk analysis, challenges, etc.

Backward Skip 10s

Play Video
Forward Skip 10s

Prerequisites

It is a basic tutorial where we can quickly understand the topics discussed if we have a basic
understanding of how a firm or organization handles computer security. It is also helpful for us to
have some prior experience with computer updates, firewalls, antiviruses, and other security
measures.

Audience

Our Cyber Security tutorial is designed to help beginners and professionals.

What is Cyber Security?

The technique of protecting internet-connected systems such as computers, servers, mobile

devices, electronic systems, networks, and data from malicious attacks is known as
cybersecurity. We can divide cybersecurity into two parts one is cyber, and the other is security.
Cyber refers to the technology that includes systems, networks, programs, and data. And security
is concerned with the protection of systems, networks, applications, and information. In some
cases, it is also called electronic information security or information technology security.

What is Cyber Security

Some other definitions of cybersecurity are:

"Cyber Security is the body of technologies, processes, and practices designed to protect
networks, devices, programs, and data from attack, theft, damage, modification or unauthorized
access."

"Cyber Security is the set of principles and practices designed to protect our computing resources
and online information against threats."

Types of Cyber Security

Every organization's assets are the combinations of a variety of different systems. These systems
have a strong cybersecurity posture that requires coordinated efforts across all of its systems.
Therefore, we can categorize cybersecurity in the following sub-domains:

o Network Security: It involves implementing the hardware and software to secure a

computer network from unauthorized access, intruders, attacks, disruption, and misuse.
This security helps an organization to protect its assets against external and internal
threats.

o Application Security: It involves protecting the software and devices from unwanted
threats. This protection can be done by constantly updating the apps to ensure they are
secure from attacks. Successful security begins in the design stage, writing source code,
validation, threat modeling, etc., before a program or device is deployed.

o Information or Data Security: It involves implementing a strong data storage

mechanism to maintain the integrity and privacy of data, both in storage and in transit.

o Identity management: It deals with the procedure for determining the level of access
that each individual has within an organization.

o Operational Security: It involves processing and making decisions on handling and

securing data assets.

o Mobile Security: It involves securing the organizational and personal data stored on
mobile devices such as cell phones, computers, tablets, and other similar devices against
 various malicious threats. These threats are unauthorized access, device loss or theft,
malware, etc.

o Cloud Security: It involves in protecting the information stored in the digital

environment or cloud architectures for the organization. It uses various cloud service
providers such as AWS, Azure, Google, etc., to ensure security against multiple threats.

o Disaster Recovery and Business Continuity Planning: It deals with the processes,
monitoring, alerts, and plans to how an organization responds when any malicious
activity is causing the loss of operations or data. Its policies dictate resuming the lost
operations after any disaster happens to the same operating capacity as before the event.

o User Education: It deals with the processes, monitoring, alerts, and plans to how an
organization responds when any malicious activity is causing the loss of operations or
data. Its policies dictate resuming the lost operations after any disaster happens to the
same operating capacity as before the event.

Importance of Cyber Security

Today we live in a digital era where all aspects of our lives depend on the network, computer and
other electronic devices, and software applications. All critical infrastructure such as the banking
system, healthcare, financial institutions, governments, and manufacturing industries use devices
connected to the Internet as a core part of their operations. Some of their information, such as
intellectual property, financial data, and personal data, can be sensitive for unauthorized access
or exposure that could have negative consequences. This information gives intruders and threat
actors to infiltrate them for financial gain, extortion, political or social motives, or just
vandalism.

Cyber-attack is now an international concern that hacks the system, and other security attacks
could endanger the global economy. Therefore, it is essential to have an excellent cybersecurity
strategy to protect sensitive information from high-profile security breaches. Furthermore, as the
volume of cyber-attacks grows, companies and organizations, especially those that deal with
information related to national security, health, or financial records, need to use strong
cybersecurity measures and processes to protect their sensitive business and personal
information.
Cyber Security Goals

Cyber Security's main objective is to ensure data protection. The security community provides
a triangle of three related principles to protect the data from cyber-attacks. This principle is
called the CIA triad. The CIA model is designed to guide policies for an organization's
information security infrastructure. When any security breaches are found, one or more of these
principles has been violated.

We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is
actually a security model that helps people to think about various parts of IT security. Let us
discuss each part in detail.

Confidentiality

Confidentiality is equivalent to privacy that avoids unauthorized access of information. It

involves ensuring the data is accessible by those who are allowed to use it and blocking access to
others. It prevents essential information from reaching the wrong people. Data encryption is an
excellent example of ensuring confidentiality.

Integrity

This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized
modification by threat actors or accidental user modification. If any modifications occur, certain
measures should be taken to protect the sensitive data from corruption or loss and speedily
recover from such an event. In addition, it indicates to make the source of information genuine.

Availability

This principle makes the information to be available and useful for its authorized people always.
It ensures that these accesses are not hindered by system malfunction or cyber-attacks.

Types of Cyber Security Threats

A threat in cybersecurity is a malicious activity by an individual or organization to corrupt or

steal data, gain access to a network, or disrupts digital life in general. The cyber community
defines the following threats available today:

Malware

Malware means malicious software, which is the most common cyber attacking tool. It is used
by the cybercriminal or hacker to disrupt or damage a legitimate user's system. The following are
the important types of malware created by the hacker:

o Virus: It is a malicious piece of code that spreads from one device to another. It can clean
files and spreads throughout a computer system, infecting files, stoles information, or
damage device.
 o Spyware: It is a software that secretly records information about user activities on their
system. For example, spyware could capture credit card details that can be used by the
cybercriminals for unauthorized shopping, money withdrawing, etc.

o Trojans: It is a type of malware or code that appears as legitimate software or file to fool
us into downloading and running. Its primary purpose is to corrupt or steal data from our
device or do other harmful activities on our network.

o Ransomware: It's a piece of software that encrypts a user's files and data on a device,
rendering them unusable or erasing. Then, a monetary ransom is demanded by malicious
actors for decryption.

o Worms: It is a piece of software that spreads copies of itself from device to device
without human interaction. It does not require them to attach themselves to any program
to steal or damage the data.

o Adware: It is an advertising software used to spread malware and displays

advertisements on our device. It is an unwanted program that is installed without the
user's permission. The main objective of this program is to generate revenue for its
developer by showing the ads on their browser.

o Botnets: It is a collection of internet-connected malware-infected devices that allow

cybercriminals to control them. It enables cybercriminals to get credentials leaks,
unauthorized access, and data theft without the user's permission.

Phishing

Phishing is a type of cybercrime in which a sender seems to come from a genuine

organization like PayPal, eBay, financial institutions, or friends and co-workers. They contact a
target or targets via email, phone, or text message with a link to persuade them to click on that
links. This link will redirect them to fraudulent websites to provide sensitive data such as
personal information, banking and credit card information, social security numbers, usernames,
and passwords. Clicking on the link will also install malware on the target devices that allow
hackers to control devices remotely.

Man-in-the-middle (MITM) attack

A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a
cybercriminal intercepts a conversation or data transfer between two individuals. Once the
cybercriminal places themselves in the middle of a two-party communication, they seem like
genuine participants and can get sensitive information and return different responses. The main
objective of this type of attack is to gain access to our business or customer data. For example, a
cybercriminal could intercept data passing between the target device and the network on an
unprotected Wi-Fi network.

Distributed denial of service (DDoS)

It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers,
services, or network's regular traffic by fulfilling legitimate requests to the target or its
surrounding infrastructure with Internet traffic. Here the requests come from several IP addresses
that can make the system unusable, overload their servers, slowing down significantly or
temporarily taking them offline, or preventing an organization from carrying out its vital
functions.

Brute Force

A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all
possible combinations until the correct information is discovered. Cybercriminals usually use
this attack to obtain personal information about targeted passwords, login info, encryption keys,
and Personal Identification Numbers (PINS).

SQL Injection (SQLI)

SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for
backend database manipulation to access sensitive information. Once the attack is successful, the
malicious actor can view, change, or delete sensitive company data, user lists, or private
customer details stored in the SQL database.

Domain Name System (DNS) attack

ADVERTISEMENT

ADVERTISEMENT
A DNS attack is a type of cyberattack in which cyber criminals take advantage of flaws in the
Domain Name System to redirect site users to malicious websites (DNS hijacking) and steal data
from affected computers. It is a severe cybersecurity risk because the DNS system is an essential
element of the internet infrastructure.

Latest Cyber Threats

The following are the latest cyber threats reported by the U.K., U.S., and Australian
governments:

Romance Scams

The U.S. government found this cyber threat in February 2020. Cybercriminals used this threat
through dating sites, chat rooms, and apps. They attack people who are seeking a new partner
and duping them into giving away personal data.

Dridex Malware

It is a type of financial Trojan malware identifies by the U.S. in December 2019 that affects the
public, government, infrastructure, and business worldwide. It infects computers through
phishing emails or existing malware to steal sensitive information such as passwords, banking
details, and personal data for fraudulent transactions. The National Cyber Security Centre of the
United Kingdom encourages people to make sure their devices are patched, anti-virus is turned
on and up to date, and files are backed up to protect sensitive data against this attack.

Emotet Malware

Emotet is a type of cyber-attack that steals sensitive data and also installs other malware on our
device. The Australian Cyber Security Centre warned national organizations about this global
cyber threat in 2019.

The following are the system that can be affected by security breaches and attacks:

o Communication: Cyber attackers can use phone calls, emails, text messages, and
messaging apps for cyberattacks.

o Finance: This system deals with the risk of financial information like bank and credit
card detail. This information is naturally a primary target for cyber attackers.
 o Governments: The cybercriminal generally targets the government institutions to get
confidential public data or private citizen information.

o Transportation: In this system, cybercriminals generally target connected cars, traffic

control systems, and smart road infrastructure.

o Healthcare: A cybercriminal targets the healthcare system to get the information stored
at a local clinic to critical care systems at a national hospital.

o Education: A cybercriminals target educational institutions to get their confidential

research data and information of students and employees.

Benefits of Cyber Security

The following are the benefits of implementing and maintaining cybersecurity:

o Cyberattacks and data breach protection for businesses.

o Data and network security are both protected.

o Unauthorized user access is avoided.

o After a breach, there is a faster recovery time.

o End-user and endpoint device protection.

o Regulatory adherence.

o Continuity of operations.

o Developers, partners, consumers, stakeholders, and workers have more faith in the
company's reputation and trust.

Cyber Safety Tips

Let us see how to protect ourselves when any cyberattacks happen. The following are the popular
cyber safety tips:
Conduct cybersecurity training and awareness: Every organization must train their staffs on
cybersecurity, company policies, and incident reporting for a strong cybersecurity policy to be
successful. If the staff does unintentional or intentional malicious activities, it may fail the best
technical safeguards that result in an expensive security breach. Therefore, it is useful to conduct
security training and awareness for staff through seminars, classes, and online courses that
reduce security violations.

Update software and operating system: The most popular safety measure is to update the
software and O.S. to get the benefit of the latest security patches.

Use anti-virus software: It is also useful to use the anti-virus software that will detect and
removes unwanted threats from your device. This software is always updated to get the best level
of protection.

Perform periodic security reviews: Every organization ensures periodic security inspections of
all software and networks to identify security risks early in a secure environment. Some popular
examples of security reviews are application and network penetration testing, source code
reviews, architecture design reviews, and red team assessments. In addition, organizations should
prioritize and mitigate security vulnerabilities as quickly as possible after they are discovered.

Use strong passwords: It is recommended to always use long and various combinations of
characters and symbols in the password. It makes the passwords are not easily guessable.

Do not open email attachments from unknown senders: The cyber expert always advises not
to open or click the email attachment getting from unverified senders or unfamiliar websites
because it could be infected with malware.

Avoid using unsecured Wi-Fi networks in public places: It should also be advised not to use
insecure networks because they can leave you vulnerable to man-in-the-middle attacks.

Backup data: Every organization must periodically take backup of their data to ensure all
sensitive data is not lost or recovered after a security breach. In addition, backups can help
maintain data integrity in cyber-attack such as SQL injections, phishing, and ransomware.

History of Cyber Security

The origin of cybersecurity began with a research project. It only came into existence because of
the development of viruses.

How did we get here?

In 1969, Leonard Kleinrock, professor of UCLA and student, Charley Kline, sent the first
electronic message from the UCLA SDS Sigma 7 Host computer to Bill Duvall, a programmer,
at the Stanford Research Institute. This is a well-known story and a moment in the history of a
digital world. The sent message from the UCLA was the word "login." The system crashed after
they typed the first two letters "lo." Since then, this story has been a belief that the programmers
typed the beginning message "lo and behold." While factually believed that "login" was the
intended message. Those two letters of messages were changed the way we communicate with
one another.

In 1970's, Robert (Bob) Thomas who was a researcher for BBN Technologies in Cambridge,
Massachusetts created the first computer worm (virus). He realized that it was possible for a
computer program to move across a network, leaving a small trail (series of signs) wherever it
went. He named the program Creeper, and designed it to travel between Tenex terminals on the
early ARPANET, printing the message "I'M THE CREEPER: CATCH ME IF YOU CAN."
An American computer programmer named Ray Tomlinson, the inventor of email, was also
working for BBN Technologies at the time. He saw this idea and liked it. He tinkered (an act of
attempting to repair something) with the program and made it self-replicating "the first computer
worm." He named the program Reaper, the first antivirus software which would found copies
of The Creeper and delete it.

Where are we now?

After Creeper and Reaper, cyber-crimes became more powerful. As computer software and
hardware developed, security breaches also increase. With every new development came an
aspect of vulnerability, or a way for hackers to work around methods of protection. In 1986, the
Russians were the first who implement the cyber power as a weapon. Marcus Hess, a German
citizen, hacked into 400 military computers, including processors at the Pentagon. He intended to
sell secrets to the KGB, but an American astronomer, Clifford Stoll, caught him before that could
happen.

In 1988, an American computer scientist, Robert Morris, wanted to check the size of the
internet. He wrote a program for testing the size of the internet. This program went through
networks, invaded Unix terminals, and copied itself. The program became the first famous
network virus and named as Moris worm or internet worm. The Morris worm could be infected a
computer multiple times, and each additional process would slow the machine down, eventually
to the point of being damaged. Robert Morris was charged under the Computer Fraud and
Abuse Act. The act itself led to the founding of the Computer Emergency Response Team. This is
a non-profit research centre for issues that could endanger the internet as a whole.

Nowadays, viruses were deadlier, more invasive, and harder to control. We have already
experienced cyber incidents on a massive scale, and 2018 isn't close to over. The above is to
name a few, but these attacks are enough to prove that cybersecurity is a necessity for
corporations and small businesses alike.

Cyber Security Goals

The objective of Cybersecurity is to protect information from being stolen, compromised or
attacked. Cybersecurity can be measured by at least one of three goals-

1. Protect the confidentiality of data.

2. Preserve the integrity of data.

3. Promote the availability of data for authorized users.

These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security
programs. The CIA triad is a security model that is designed to guide policies for information
security within the premises of an organization or company. This model is also referred to as
the AIC (Availability, Integrity, and Confidentiality) triad to avoid the confusion with the
Central Intelligence Agency. The elements of the triad are considered the three most crucial
components of security.

The CIA criteria are one that most of the organizations and companies use when they have
installed a new application, creates a database or when guaranteeing access to some data. For
data to be completely secure, all of these security goals must come into effect. These are security
policies that all work together, and therefore it can be wrong to overlook one policy.

The CIA triad are-

1. Confidentiality

Confidentiality is roughly equivalent to privacy and avoids the unauthorized disclosure of

information. It involves the protection of data, providing access for those who are allowed to see
it while disallowing others from learning anything about its content. It prevents essential
information from reaching the wrong people while making sure that the right people can get it.
Data encryption is a good example to ensure confidentiality.

Tools for Confidentiality

Encryption

Encryption is a method of transforming information to make it unreadable for unauthorized users

by using an algorithm. The transformation of data uses a secret key (an encryption key) so that
the transformed data can only be read by using another secret key (decryption key). It protects
sensitive data such as credit card numbers by encoding and transforming data into unreadable
cipher text. This encrypted data can only be read by decrypting it. Asymmetric-key and
symmetric-key are the two primary types of encryption.

Access control

Access control defines rules and policies for limiting access to a system or to physical or virtual
resources. It is a process by which users are granted access and certain privileges to systems,
resources or information. In access control systems, users need to present credentials before they
can be granted access such as a person's name or a computer's serial number. In physical
systems, these credentials may come in many forms, but credentials that can't be transferred
provide the most security.
Authentication

An authentication is a process that ensures and confirms a user's identity or role that someone
has. It can be done in a number of different ways, but it is usually based on a combination of-

ADVERTISEMENT

ADVERTISEMENT

o something the person has (like a smart card or a radio key for storing secret keys),

o something the person knows (like a password),

o something the person is (like a human with a fingerprint).

Authentication is the necessity of every organizations because it enables organizations to keep

their networks secure by permitting only authenticated users to access its protected resources.
These resources may include computer systems, networks, databases, websites and other
network-based applications or services.

Authorization

Authorization is a security mechanism which gives permission to do or have something. It is

used to determine a person or system is allowed access to resources, based on an access control
policy, including computer programs, files, services, data and application features. It is normally
preceded by authentication for user identity verification. System administrators are typically
assigned permission levels covering all system and user resources. During authorization, a
system verifies an authenticated user's access rules and either grants or refuses resource access.

Physical Security

Physical security describes measures designed to deny the unauthorized access of IT assets like
facilities, equipment, personnel, resources and other properties from damage. It protects these
assets from physical threats including theft, vandalism, fire and natural disasters.

2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and safeguarded from
unauthorized user modification. It is the property that information has not be altered in an
unauthorized way, and that source of the information is genuine.

Tools for Integrity

Backups

Backup is the periodic archiving of data. It is a process of making copies of data or data files to
use in the event when the original data or data files are lost or destroyed. It is also used to make
copies for historical purposes, such as for longitudinal studies, statistics or for historical records
or to meet the requirements of a data retention policy. Many applications especially in a
Windows environment, produce backup files using the .BAK file extension.

Checksums

A checksum is a numerical value used to verify the integrity of a file or a data transfer. In other
words, it is the computation of a function that maps the contents of a file to a numerical value.
They are typically used to compare two sets of data to make sure that they are the same. A
checksum function depends on the entire contents of a file. It is designed in a way that even a
small change to the input file (such as flipping a single bit) likely to results in different output
value.

Data Correcting Codes

It is a method for storing data in such a way that small changes can be easily detected and
automatically corrected.

3. Availability

Availability is the property in which information is accessible and modifiable in a timely fashion
by those authorized to do so. It is the guarantee of reliable and constant access to our sensitive
data by authorized people.

Tools for Availability

o Physical Protections

o Computational Redundancies

Physical Protections

Physical safeguard means to keep information available even in the event of physical challenges.
It ensure sensitive information and critical information technology are housed in secure areas.

Computational redundancies

It is applied as fault tolerant against accidental faults. It protects computers and storage devices
that serve as fallbacks in the case of failures.

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to

alter computer code, logic or data and lead to cybercrimes, such as information and identity theft.
We are living in a digital era. Now a day, most of the people use computer and internet. Due to
the dependency on digital things, the illegal computer activity is growing and changing like any
type of crime.

Cyber-attacks can be classified into the following categories:

Web-based attacks

These are the attacks which occur on a website or web applications. Some of the important web-
based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS
resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the
attacker?s computer or any other computer. The DNS spoofing attacks can go on for a long
period of time without being detected and can cause serious security issues.

3. Session Hijacking

ADVERTISEMENT
It is a security attack on a user session over a protected network. Web applications create cookies
to store the state and user sessions. By stealing the cookies, an attacker can have access to all of
the user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy
entity in electronic communication.

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large number of
guesses and validates them to obtain actual data like user password and personal identification
number. This attack may be used by criminals to crack encrypted data, or by security, analysts to
test an organization's network security.

6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured
in bit per second.

Protocol attacks- It consumes actual server resources, and is measured in a packet.

Application layer attacks- Its goal is to crash the web server and is measured in request per
second.

7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get
original password.

ADVERTISEMENT
ADVERTISEMENT

8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can make a web
server to deliver web pages for which he is not authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of the
include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and server
and acts as a bridge between them. Due to this, an attacker will be able to read, insert and modify
the data in the intercepted connection.

System-based attacks

These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-

1. Virus

It is a type of malicious software program that spread throughout the computer files without the
knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected

computers. It works same as the computer virus. Worms often originate from email attachments
that appear to be from trusted senders.

3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It appears
to be a normal application but when opened/executed some malicious code will run in the
background.

ADVERTISEMENT

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or other
purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network services. Some
bots program run automatically, while others only execute commands when they receive specific
input. Common examples of bot’s program are the crawler, chatroom bots, and malicious bots.

Types of Cyber Attackers

In computer and computer networks, an attacker is the individual or organization who performs
the malicious activities to destroy, expose, alter, disable, steal or gain unauthorized access to or
make unauthorized use of an asset.

As the Internet access becomes more pervasive across the world, and each of us spends more
time on the web, there is also an attacker grows as well. Attackers use every tools and techniques
they would try and attack us to get unauthorized access.

There are four types of attackers which are described below-

Cyber Criminals

Cybercriminals are individual or group of people who use technology to commit cybercrime with
the intention of stealing sensitive company information or personal data and generating profits.
In today's, they are the most prominent and most active type of attacker.

Cybercriminals use computers in three broad ways to do cybercrimes-

ADVERTISEMENT

ADVERTISEMENT

o Select computer as their target- In this, they attack other people's computers to do
cybercrime, such as spreading viruses, data theft, identity theft, etc.

o Uses the computer as their weapon- In this, they use the computer to do conventional
crime such as spam, fraud, illegal gambling, etc.

o Uses the computer as their accessory- In this, they use the computer to steal data
illegally.

Hacktivists
Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a
political agenda, religious belief, or social ideology. According to Dan Lohrmann, chief security
officer for Security Mentor, a national security training firm that works with states said
"Hacktivism is a digital disobedience. It's hacking for a cause." Hacktivists are not like
cybercriminals who hack computer networks to steal data for the cash. They are individuals or
groups of hackers who work together and see themselves as fighting injustice.

State-sponsored Attacker

State-sponsored attackers have particular objectives aligned with either the political, commercial
or military interests of their country of origin. These type of attackers are not in a hurry. The
government organizations have highly skilled hackers and specialize in detecting vulnerabilities
and exploiting these before the holes are patched. It is very challenging to defeat these attackers
due to the vast resources at their disposal.

Insider Threats

The insider threat is a threat to an organization's security or data that comes from within. These
type of threats are usually occurred from employees or former employees, but may also arise
from third parties, including contractors, temporary workers, employees or customers.

Insider threats can be categorized below-

Malicious-
Malicious threats are attempts by an insider to access and potentially harm an organization's data,
systems or IT infrastructure. These insider threats are often attributed to dissatisfied employees
or ex-employees who believe that the organization was doing something wrong with them in
some way, and they feel justified in seeking revenge.

Insiders may also become threats when they are disguised by malicious outsiders, either through
financial incentives or extortion.

Accidental-

Accidental threats are threats which are accidently done by insider employees. In this type of
threats, an employee might accidentally delete an important file or inadvertently share
confidential data with a business partner going beyond company?s policy or legal requirements.

Negligent-

These are the threats in which employees try to avoid the policies of an organization put in place
to protect endpoints and valuable data. For example, if the organization have strict policies for
external file sharing, employees might try to share work on public cloud applications so that they
can work at home. There is nothing wrong with these acts, but they can open up to dangerous
threats nonetheless.

Cyber Security Principles

The UK internet industry and Government recognized the need to develop a series of Guiding
Principles for improving the online security of the ISPs' customers and limit the rise in cyber-
attacks. Cybersecurity for these purposes encompasses the protection of essential information,
processes, and systems, connected or stored online, with a broad view across the people,
technical, and physical domains.

These Principles recognize that the ISPs (and other service providers), internet users, and UK
Government all have a role in minimizing and mitigating the cyber threats inherent in using the
internet.
These Guiding Principles have been developed to respond to this challenge by providing a
consistent approach to help, inform, educate, and protect ISPs' (Internet Service Provider's)
customers from online crimes. These Guiding Principles are aspirational, developed and
delivered as a partnership between Government and ISPs. They recognize that ISPs have
different sets of customers, offer different levels of support and services to protect those
customers from cyber threats.

Some of the essential cybersecurity principles are described below-

1. Economy of mechanism

2. Fail-safe defaults
 3. Least Privilege

4. Open Design

5. Complete mediation

6. Separation of Privilege

7. Least Common Mechanism

8. Psychological acceptability

9. Work Factor

10. Compromise Recording

1. Economy of mechanism

This principle states that Security mechanisms should be as simple and small as possible. The
Economy of mechanism principle simplifies the design and implementation of security
mechanisms. If the design and implementation are simple and small, fewer possibilities exist for
errors. The checking and testing process is less complicated so that fewer components need to be
tested.

Interfaces between security modules are the suspect area which should be as simple as possible.
Because Interface modules often make implicit assumptions about input or output parameters or
the current system state. If the any of these assumptions are wrong, the module's actions may
produce unexpected results. Simple security framework facilitates its understanding by
developers and users and enables the efficient development and verification of enforcement
methods for it.

2. Fail-safe defaults

The Fail-safe defaults principle states that the default configuration of a system should have a
conservative protection scheme. This principle also restricts how privileges are initialized when a
subject or object is created. Whenever access, privileges/rights, or some security-related attribute
is not explicitly granted, it should not be grant access to that object.

Example: If we will add a new user to an operating system, the default group of the user should
have fewer access rights to files and services.

3. Least Privilege

This principle states that a user should only have those privileges that need to complete his task.
Its primary function is to control the assignment of rights granted to the user, not the identity of
the user. This means that if the boss demands root access to a UNIX system that you administer,
he/she should not be given that right unless he/she has a task that requires such level of access. If
possible, the elevated rights of a user identity should be removed as soon as those rights are no
longer needed.

4. Open Design

This principle states that the security of a mechanism should not depend on the secrecy of its
design or implementation. It suggests that complexity does not add security. This principle is the
opposite of the approach known as "security through obscurity." This principle not only applies
to information such as passwords or cryptographic systems but also to other computer security
related operations.

ADVERTISEMENT

Example: DVD player & Content Scrambling System (CSS) protection. The CSS is a
cryptographic algorithm that protects the DVD movie disks from unauthorized copying.

5. Complete mediation

The principle of complete mediation restricts the caching of information, which often leads to
simpler implementations of mechanisms. The idea of this principle is that access to every object
must be checked for compliance with a protection scheme to ensure that they are allowed. As a
consequence, there should be wary of performance improvement techniques which save the
details of previous authorization checks, since the permissions can change over time.
Whenever someone tries to access an object, the system should authenticate the access rights
associated with that subject. The subject's access rights are verified once at the initial access, and
for subsequent accesses, the system assumes that the same access rights should be accepted for
that subject and object. The operating system should mediate all and every access to an object.

Example: An online banking website should require users to sign-in again after a certain period
like we can say, twenty minutes has elapsed.

6. Separation of Privilege

This principle states that a system should grant access permission based on more than one
condition being satisfied. This principle may also be restrictive because it limits access to system
entities. Thus before privilege is granted more than two verification should be performed.

Example: To su (change) to root, two conditions must be met-

o The user must know the root password.

o The user must be in the right group (wheel).

7. Least Common Mechanism

This principle states that in systems with multiple users, the mechanisms allowing resources
shared by more than one user should be minimized as much as possible. This principle may also
be restrictive because it limits the sharing of resources.

Example: If there is a need to be accessed a file or application by more than one user, then these
users should use separate channels to access these resources, which helps to prevent from
unforeseen consequences that could cause security problems.

8. Psychological acceptability

This principle states that a security mechanism should not make the resource more complicated
to access if the security mechanisms were not present. The psychological acceptability principle
recognizes the human element in computer security. If security-related software or computer
systems are too complicated to configure, maintain, or operate, the user will not employ the
necessary security mechanisms. For example, if a password is matched during a password
change process, the password changing program should state why it was denied rather than
giving a cryptic error message. At the same time, applications should not impart unnecessary
information that may lead to a compromise in security.

Example: When we enter a wrong password, the system should only tell us that the user id or
password was incorrect. It should not tell us that only the password was wrong as this gives the
attacker information.

ADVERTISEMENT

9. Work Factor

This principle states that the cost of circumventing a security mechanism should be compared
with the resources of a potential attacker when designing a security scheme. In some cases, the
cost of circumventing ("known as work factor") can be easily calculated. In other words, the
work factor is a common cryptographic measure which is used to determine the strength of a
given cipher. It does not map directly to cybersecurity, but the overall concept does apply.

Example: Suppose the number of experiments needed to try all possible four character
passwords is 244 = 331776. If the potential attacker must try each experimental password at a
terminal, one might consider a four-character password to be satisfactory. On the other hand, if
the potential attacker could use an astronomical computer capable of trying a million passwords
per second, a four-letter password would be a minor barrier for a potential intruder.

10. Compromise Recording

ADVERTISEMENT

ADVERTISEMENT

The Compromise Recording principle states that sometimes it is more desirable to record the
details of intrusion that to adopt a more sophisticated measure to prevent it.

Example: The servers in an office network may keep logs for all accesses to files, all emails sent
and received, and all browsing sessions on the web. Another example is that Internet-connected
surveillance cameras are a typical example of a compromise recording system that can be placed
to protect a building.
Data Security Consideration

Data security is the protection of programs and data in computers and communication systems
against unauthorized access, modification, destruction, disclosure or transfer whether accidental
or intentional by building physical arrangements and software checks. It refers to the right of
individuals or organizations to deny or restrict the collection and use of information about
unauthorized access. Data security requires system managers to reduce unauthorized access to
the systems by building physical arrangements and software checks.

Data security uses various methods to make sure that the data is correct, original, kept
confidentially and is safe. It includes-

o Ensuring the integrity of data.

o Ensuring the privacy of the data.

o Prevent the loss or destruction of data.

Data security consideration involves the protection of data against unauthorized access,
modification, destruction, loss, disclosure or transfer whether accidental or intentional. Some of
the important data security consideration are described below:

Backups
Data backup refers to save additional copies of our data in separate physical or cloud locations
from data files in storage. It is essential for us to keep secure, store, and backup our data on a
regular basis. Securing of the data will help us to prevent from-

o Accidental or malicious damage/modification to data.

o Theft of valuable information.

o Breach of confidentiality agreements and privacy laws.

o Premature release of data which can avoid intellectual properties claims.

o Release before data have been checked for authenticity and accuracy.

Keeping reliable and regular backups of our data protects against the risk of damage or loss due
to power failure, hardware failure, software or media faults, viruses or hacking, or even human
errors.

To use the Backup 3-2-1 Rule is very popular. This rule includes:

o Three copies of our data

o Two different formats, i.e., hard drive+tape backup or DVD (short term)+flash drive

o One off-site backup, i.e., have two physical backups and one in the cloud

Some important backup options are as follows-

1. Hard drives - personal or work computer

2. Departmental or institution server

3. External hard drives

4. Tape backups

5. Discipline-specific repositories

6. University Archives

7. Cloud storage

Some of the top considerations for implementing secure backup and recovery are-
 1. Authentication of the users and backup clients to the backup server.

2. Role-based access control lists for all backup and recovery operations.

3. Data encryption options for both transmission and the storage.

4. Flexibility in choosing encryption and authentication algorithms.

5. Backup of a remote client to the centralized location behind firewalls.

6. Backup and recovery of a client running Security-Enhanced Linux (SELinux).

7. Using best practices to write secure software.

Archival Storage

Data archiving is the process of retaining or keeping of data at a secure place for long-term
storage. The data might be stored in safe locations so that it can be used whenever it is required.
The archive data is still essential to the organization and may be needed for future reference.
Also, data archives are indexed and have search capabilities so that the files and parts of files can
be easily located and retrieved. The Data archival serve as a way of reducing primary storage
consumption of data and its related costs.

Data archival is different from data backup in the sense that data backups created copies of data
and used as a data recovery mechanism to restore data in the event when it is corrupted or
destroyed. On the other hand, data archives protect the older information that is not needed in
day to day operations but may have to be accessed occasionally.

Data archives may have many different forms. It can be stored as Online, offline, or cloud
storage-

o Online data storage places archive data onto disk systems where it is readily accessible.

o Offline data storage places archive data onto the tape or other removable media using
data archiving software. Because tape can be removed and consumes less power than disk
systems.
 o Cloud storage is also another possible archive target. For example, Amazon Glacier is
designed for data archiving. Cloud storage is inexpensive, but its costs can grow over
time as more data is added to the cloud archive.

The following list of considerations will help us to improve the long-term usefulness of our
archives:

1. Storage medium

2. Storage device

3. Revisiting old archives

4. Data usability

5. Selective archiving

6. Space considerations

7. Online vs. offline storage

Storage medium

The first thing is to what storage medium we use for archives. The archived data will be stored
for long periods of time, so we must need to choose the type of media that will be lost as long as
our retention policy dictates.

Storage device

This consideration takes into account about the storage device we are using for our archives
which will be accessible in a few years. There is no way to predict which types of storage
devices will stand the best. So, it is essential to try to pick those devices that have the best chance
of being supported over the long term.

Revisiting old archives

Since we know our archive policies and the storage mechanisms we use for archiving data would
change over time. So we have to review our archived data at least once a year to see that if
anything needs to be migrated into a different storage medium.
For example, about ten years ago, we used Zip drives for archival then we had transferred all of
my archives to CD. But in today?s, we store most of our archives on DVD. Since modern DVD
drives can also read CDs, so we haven't needed to move our extremely old archives off CD onto
DVD.

Data usability

ADVERTISEMENT

In this consideration, we have seen one major problem in the real world is archived data which is
in an obsolete format.

For example, a few years ago, document files that had been archived in the early 1990s were
created by an application known as PFS Write. The PFS Write file format was supported in the
late 80s and early 90s, but today, there are not any applications that can read that files. To avoid
this situation, it might be helpful to archive not only the data but also copies the installation
media for the applications that created the data.

ADVERTISEMENT

ADVERTISEMENT

Selective archiving

In this consideration, we have to sure about what should be archived. That means we will archive
only a selective part of data because not all data is equally important.

Space considerations

If our archives become huge, we must plan for the long-term retention of all our data. If we are
archiving our data to removable media, capacity planning might be simple which makes sure that
there is a free space in the vault to hold all of those tapes, and it makes sure that there is a room
in our IT budget to continue purchasing tapes.

Online vs. offline storage

In this consideration, we have to decide whether to store our archives online (on a dedicated
archive server) or offline (on removable media). Both methods of archival contain advantages
and disadvantages. Storing of data online keeps the data easily accessible. But keeping data
online may be vulnerable to theft, tampering, corruption, etc. Offline storage enables us to store
an unlimited amount of data, but it is not readily accessible.

Disposal of Data

ADVERTISEMENT

Data destruction or disposal of data is the method of destroying data which is stored on tapes,
hard disks and other electronic media so that it is completely unreadable, unusable and
inaccessible for unauthorized purposes. It also ensures that the organization retains records of
data for as long as they are needed. When it is no longer required, appropriately destroys them or
disposes of that data in some other way, for example, by transfer to an archives service.

The managed process of data disposal has some essential benefits-

o It avoids the unnecessary storage costs incurred by using office or server space in
maintaining records which is no longer needed by the organization.

o Finding and retrieving information is easier and quicker because there is less to search.

The disposal of data usually takes place as part of the normal records management process.
There are two essential circumstances in which the destruction of data need to be handled as an
addition to this process-

o The quantity of a legacy record requires attention.

o The functions are being transferred to another authority and disposal of data records
becomes part of the change process.

The following list of considerations will help us for the secure disposal of data-

1. Eliminate access

2. Destroy the data

3. Destroy the device

4. Keep the record of which systems have been decommissioned

 5. Keep careful records

6. Eliminate potential clues

7. Keep systems secure until disposal

Eliminate access

In this consideration, we have to ensure that eliminating access account does not have any rights
to re access the disposed of data again.

Destroy the Data

In this consideration, there is not necessary to remove data from storage media will be safe. Even
these days reformatting or repartitioning a drive to "erase" the data that it stores is not good
enough. Today's many tools available which can help us to delete files more securely. To encrypt
the data on the drive before performing any deletion can help us to make data more difficult to
recover later.

Destroy the device

In the most cases, storage media need to be physically destroyed to ensure that our sensitive data
is not leaked to whoever gets the drives next. In such cases, we should not destroy them itself. To
do this, there should be experts who can make probably a lot better at safely and effectively
rendering any data on our drives unrecoverable. If we can't trust this to an outsider agency that
specializes in the secure destruction of storage devices, we should have a specialized team within
our organization who has the same equipment and skills as outside contractors.

Keep the record of which systems have been decommissioned

In this, we have to make sure that the storage media has been fully decommissioned securely and
they do not consist of something easily misplaced or overlooked. It is best if storage media that
have not been fully decommissioned are kept in a specific location, while decommissioned
equipment placed somewhere else so that it will help us to avoid making mistakes.

Keep careful records

ADVERTISEMENT
In this consideration, it is necessary to keep the record of whoever is responsible for
decommissioning a storage media. If more than one person is assigned for such responsibility, he
should sign off after the completion of the decommissioning process. So that, if something
happened wrong, we know who to talk to find out what happened and how bad the mistake is.

Eliminate potential clues

In this consideration, we have to clear the configuration settings from networking equipment. We
do this because it can provide crucial clues to a security cracker to break into our network and
the systems that reside on it.

Keep system secure until disposal of data

In this consideration, we should have to make clear guidelines for who should have access to the
equipment in need of secure disposal. It will be better to ensure that nobody should have access
authentication to it before disposal of data won't get his or her hands on it.

Security Technologies

With the rapid growth in the Internet, cybersecurity has become a major concern to organizations
throughout the world. The fact that the information and tools & technologies needed to penetrate
the security of corporate organization networks are widely available has increased that security
concern.

Today, the fundamental problem is that much of the security technology aims to keep the attacker
out, and when that fails, the defences have failed. Every organization who uses internet needed
security technologies to cover the three primary control types - preventive, detective, and
corrective as well as provide auditing and reporting. Most security is based on one of these types
of things: something we have (like a key or an ID card), something we know (like a PIN or a
password), or something we are (like a fingerprint).

Some of the important security technologies used in the cybersecurity are described below-
Cyber Security Technologies

Firewall

Firewall is a computer network security system designed to prevent unauthorized access to or

from a private network. It can be implemented as hardware, software, or a combination of both.
Firewalls are used to prevent unauthorized Internet users from accessing private networks
connected to the Internet. All messages are entering or leaving the intranet pass through the
firewall. The firewall examines each message and blocks those that do not meet the specified
security criteria.

Categories of Firewalls

Firewall can be categorised into the following types-

Cyber Security Technologies

1. Processing mode:

The five processing modes that firewalls can be categorised are-

Cyber Security Technologies

Packet filtering

Packet filtering firewalls examine header information of a data packets that come into a network.
This firewall installed on TCP/IP network and determine whether to forward it to the next
network connection or drop a packet based on the rules programmed in the firewall. It scans
network data packets looking for a violation of the rules of the firewalls database. Most firewall
often based on a combination of:
Internet Protocol (IP) source and destination address.

Direction (inbound or outbound).

Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) source and destination
port requests.

Packet filtering firewalls can be categorized into three types-

1. Static filtering: The system administrator set a rule for the firewall. These filtering rules
governing how the firewall decides which packets are allowed and which are denied are
developed and installed.

2. Dynamic filtering: It allows the firewall to set some rules for itself, such as dropping packets
from an address that is sending many bad packets.

3. Stateful inspection: A stateful firewalls keep track of each network connection between
internal and external systems using a state table.

Application gateways

It is a firewall proxy which frequently installed on a dedicated computer to provides network

security. This proxy firewall acts as an intermediary between the requester and the protected
device. This firewall proxy filters incoming node traffic to certain specifications that mean only
transmitted network application data is filtered. Such network applications include FTP, Telnet,
Real Time Streaming Protocol (RTSP), BitTorrent, etc.
Circuit gateways

A circuit-level gateway is a firewall that operates at the transport layer. It provides UDP and TCP
connection security which means it can reassemble, examine or block all the packets in a TCP or
UDP connection. It works between a transport layer and an application layers such as the session
layer. Unlike application gateways, it monitors TCP data packet handshaking and session
fulfilment of firewall rules and policies. It can also act as a Virtual Private Network (VPN) over
the Internet by doing encryption from firewall to firewall.

MAC layer firewalls

This firewall is designed to operate at the media access control layer of the OSI network model.
It is able to consider a specific host computer's identity in its filtering decisions. MAC addresses
of specific host computers are linked to the access control list (ACL) entries. This entry identifies
specific types of packets that can be sent to each host and all other traffic is blocked. It will also
check the MAC address of a requester to determine whether the device being used are able to
make the connection is authorized to access the data or not.

Hybrid firewalls

It is a type of firewalls which combine features of other four types of firewalls. These are
elements of packet filtering and proxy services, or of packet filtering and circuit gateways.

2. Development Era:

Firewall can be categorised on the basis of the generation type. These are-
First Generation

Second Generation

Third Generation

Fourth Generation

Fifth Generation

First Generation:

ADVERTISEMENT

ADVERTISEMENT

The first generation firewall comes with static packet filtering firewall. A static packet filter is
the simplest and least expensive forms of firewall protection. In this generation, each packet
entering and leaving the network is checked and will be either passed or rejected depends on the
user-defined rules. We can compare this security with the bouncer of the club who only allows
people over 21 to enter and below 21 will be disallowed.

Second Generation:

Second generation firewall comes with Application level or proxy servers. This generation of
firewall increases the security level between trusted and untrusted networks. An Application
level firewall uses software to intercept connections for each IP and to perform security
inspection. It involves proxy services which act as an interface between the user on the internal
trusted network and the Internet. Each computer communicates with each other by passing
network traffic through the proxy program. This program evaluates data sent from the client and
decides which to move on and which to drop.

Third Generation:

The third generation firewall comes with the stateful inspection firewalls. This generation of the
firewall has evolved to meet the major requirements demanded by corporate networks of
increased security while minimizing the impact on network performance. The needs of the third
generation firewalls will be even more demanding due to the growing support for VPNs, wireless
communication, and enhanced virus protection. The most challenging element of this evolution
is maintaining the firewall's simplicity (and hence its maintainability and security) without
compromising flexibility.

Fourth Generation:

The fourth generation firewall comes with dynamic packet filtering firewall. This firewall
monitors the state of active connections, and on the basis of this information, it determines which
network packets are allowed to pass through the firewall. By recording session information such
as IP addresses and port numbers, a dynamic packet filter can implement a much tighter security
posture than a static packet filter.

Fifth Generation:

The fifth generation firewall comes with kernel proxy firewall. This firewall works under the
kernel of Windows NT Executive. This firewall proxy operates at the application layer. In this,
when a packet arrives, a new virtual stack table is created which contains only the protocol
proxies needed to examine the specific packet. These packets investigated at each layer of the
stack, which involves evaluating the data link header along with the network header, transport
header, session layer information, and application layer data. This firewall works faster than all
the application-level firewalls because all evaluation takes place at the kernel layer and not at the
higher layers of the operating system.

3. Intended deployment structure:

Firewall can also be categorized based on the structure. These are-

Cyber Security Technologies

Commercial Appliances

It runs on a custom operating system. This firewall system consists of firewall application
software running on a general-purpose computer. It is designed to provide protection for a
medium-to-large business network. Most of the commercial firewalls are quite complex and
often require specialized training and certification to take full advantage of their features.

Small Office Home Office

The SOHO firewall is designed for small office or home office networks who need protection
from Internet security threats. A firewall for a SOHO (Small Office Home Office) is the first line
of defence and plays an essential role in an overall security strategy. SOHO firewall has limited
resources so that the firewall product they implement must be relatively easy to use and
maintain, and be cost-effective. This firewall connects a user's local area network or a specific
computer system to the Internetworking device.

Residential Software
Residential-grade firewall software is installed directly on a user's system. Some of these
applications combine firewall services with other protections such as antivirus or intrusion
detection. There are a limit to the level of configurability and protection that software firewalls
can provide.

4. Architectural Implementation

The firewall configuration that works best for a particular organization depends on three factors:
the objectives of the network, the organization's ability to develop and implement the
architectures, and the budget available for the function.

There are four common architectural implementations of firewalls:

Cyber Security Technologies

Packet-filtering routers

Packet filtering firewall is used to control the network access by monitoring the outgoing and
incoming packets. It allows them to pass or halt based on the source and destination IP addresses,
protocols and ports. During communication, a node transmits a packet; this packet is filtered and
matched with the predefined rules and policies. Once it is matched, a packet is considered secure
and verified and are able to be accepted otherwise blocked them.

Screened host firewalls

This firewall architecture combines the packet-filtering router with a separate and dedicated
firewall. The application gateway needs only one network interface. It is allowing the router to
pre-screen packets to minimize the network traffic and load on the internal proxy. The packet-
filtering router filters dangerous protocols from reaching the application gateway and site
systems.

Dual-homed host firewalls

The network architecture for the dual-homed host firewall is simple. Its architecture is built
around the dual-homed host computer, a computer that has at least two NICs. One NIC is to be
connected with the external network, and other is connected to the internal network which
provides an additional layer of protection. With these NICs, all traffic must go through the
firewall in order to move between the internal and external networks.

The Implementation of this architecture often makes use of NAT. NAT is a method of mapping
assigned IP addresses to special ranges of no routable internal IP addresses, thereby creating
another barrier to intrusion from external attackers.

Screened Subnet Firewalls

This architecture adds an extra layer (perimeter network) of security to the screened host
architecture by adding a perimeter network that further isolates the internal network from the
Internet. In this architecture, there are two screening routers and both connected to the perimeter
net. One router sits between the perimeter net and the internal network, and the other router sits
between the perimeter net and the external network. To break into the internal network, an
attacker would have to get past both routers. There is no single vulnerable point that will
compromise the internal network.
VPNs

A VPN stands for virtual private network. It is a technology which creates a safe and an
encrypted connection on the Internet from a device to a network. This type of connection helps to
ensure our sensitive data is transmitted safely. It prevents our connection from eavesdropping on
the network traffic and allows the user to access a private network securely. This technology is
widely used in the corporate environments.

A VPN works same as firewall like firewall protects data local to a device wherever VPNs
protects data online. To ensure safe communication on the internet, data travel through secure
tunnels, and VPNs user used an authentication method to gain access over the VPNs server.
VPNs are used by remote users who need to access corporate resources, consumers who want to
download files and business travellers want to access a site that is geographically restricted.

Intrusion Detection System (IDS)

An IDS is a security system which monitors the computer systems and network traffic. It
analyses that traffic for possible hostile attacks originating from the outsider and also for system
misuse or attacks originating from the insider. A firewall does a job of filtering the incoming
traffic from the internet, the IDS in a similar way compliments the firewall security. Like, the
firewall protects an organization sensitive data from malicious attacks over the Internet, the
Intrusion detection system alerts the system administrator in the case when someone tries to
break in the firewall security and tries to have access on any network in the trusted side.

Intrusion Detection System have different types to detects the suspicious activities-

1. NIDS-
It is a Network Intrusion Detection System which monitors the inbound and outbound traffic to
and from all the devices over the network.

2. HIDS-

It is a Host Intrusion Detection System which runs on all devices in the network with direct
access to both internet and enterprise internal network. It can detect anomalous network packets
that originate from inside the organization or malicious traffic that a NIDS has failed to catch.
HIDS may also identify malicious traffic that arises from the host itself.

3. Signature-based Intrusion Detection System-

It is a detection system which refers to the detection of an attack by looking for the specific
patterns, such as byte sequences in network traffic, or known malicious instruction sequences
used by malware. This IDS originates from anti-virus software which can easily detect known
attacks. In this terminology, it is impossible to detect new attacks, for which no pattern is
available.

4. Anomaly-based Intrusion Detection System-

This detection system primarily introduced to detect unknown attacks due to the rapid
development of malware. It alerts administrators against the potentially malicious activity. It
monitors the network traffic and compares it against an established baseline. It determines what
is considered to be normal for the network with concern to bandwidth, protocols, ports and other
devices.
Access Control

Access control is a process of selecting restrictive access to a system. It is a concept in security

to minimize the risk of unauthorized access to the business or organization. In this, users are
granted access permission and certain privileges to a system and resources. Here, users must
provide the credential to be granted access to a system. These credentials come in many forms
such as password, keycard, the biometric reading, etc. Access control ensures security
technology and access control policies to protect confidential information like customer data.

The access control can be categories into two types-

Physical access control

Logical access control

Physical Access Control- This type of access control limits access to buildings, rooms, campuses,
and physical IT assets.

Logical access control- This type of access control limits connection to computer networks,
system files, and data.

The more secure method for access control involves two - factor authentication. The first factor
is that a user who desires access to a system must show credential and the second factor could be
an access code, password, and a biometric reading.

The access control consists of two main components: authorization and authentication.
Authentication is a process which verifies that someone claims to be granted access whereas an
authorization provides that whether a user should be allowed to gain access to a system or denied
it.
Threat to E-Commerce

E-Commerce refers to the activity of buying and selling things over the internet. Simply, it refers
to the commercial transactions which are conducted online. E-commerce can be drawn on many
technologies such as mobile commerce, Internet marketing, online transaction processing,
electronic funds transfer, supply chain management, electronic data interchange (EDI), inventory
management systems, and automated data collection systems.

E-commerce threat is occurring by using the internet for unfair means with the intention of
stealing, fraud and security breach. There are various types of e-commerce threats. Some are
accidental, some are purposeful, and some of them are due to human error. The most common
security threats are an electronic payments system, e-cash, data misuse, credit/debit card frauds,
etc.

Electronic payments system:

With the rapid development of the computer, mobile, and network technology, e-commerce has
become a routine part of human life. In e-commerce, the customer can order products at home
and save time for doing other things. There is no need of visiting a store or a shop. The customer
can select different stores on the Internet in a very short time and compare the products with
different characteristics such as price, colour, and quality.

The electronic payment systems have a very important role in e-commerce. E-commerce
organizations use electronic payment systems that refer to paperless monetary transactions. It
revolutionized the business processing by reducing paperwork, transaction costs, and labour cost.
E-commerce processing is user-friendly and less time consuming than manual processing.
Electronic commerce helps a business organization expand its market reach expansion. There is a
certain risk with the electronic payments system.

Some of them are:

The Risk of Fraud

An electronic payment system has a huge risk of fraud. The computing devices use an identity of
the person for authorizing a payment such as passwords and security questions. These
authentications are not full proof in determining the identity of a person. If the password and the
answers to the security questions are matched, the system doesn't care who is on the other side. If
someone has access to our password or the answers to our security question, he will gain access
to our money and can steal it from us.

The Risk of Tax Evasion

The Internal Revenue Service law requires that every business declare their financial transactions
and provide paper records so that tax compliance can be verified. The problem with electronic
systems is that they don't provide cleanly into this paradigm. It makes the process of tax
collection very frustrating for the Internal Revenue Service. It is at the business's choice to
disclose payments received or made via electronic payment systems. The IRS has no way to
know that it is telling the truth or not that makes it easy to evade taxation.

The Risk of Payment Conflicts

In electronic payment systems, the payments are handled by an automated electronic system, not
by humans. The system is prone to errors when it handles large amounts of payments on a
frequent basis with more than one recipients involved. It is essential to continually check our pay
slip after every pay period ends in order to ensure everything makes sense. If it is a failure to do
this, may result in conflicts of payment caused by technical glitches and anomalies.

E-cash

E-cash is a paperless cash system which facilitates the transfer of funds anonymously. E-cash is
free to the user while the sellers have paid a fee for this. The e-cash fund can be either stored on
a card itself or in an account which is associated with the card. The most common examples of e-
cash system are transit card, PayPal, GooglePay, Paytm, etc.

E-cash has four major components-

ADVERTISEMENT
 1. Issuers - They can be banks or a non-bank institution.

2. Customers - They are the users who spend the e-cash.

3. Merchants or Traders - They are the vendors who receive e-cash.

4. Regulators - They are related to authorities or state tax agencies.

In e-cash, we stored financial information on the computer, electronic device or on the internet
which is vulnerable to the hackers. Some of the major threats related to e-cash system are-

Backdoors Attacks

It is a type of attacks which gives an attacker to unauthorized access to a system by bypasses the
normal authentication mechanisms. It works in the background and hides itself from the user that
makes it difficult to detect and remove.

Denial of service attacks

A denial-of-service attack (DoS attack) is a security attack in which the attacker takes action that
prevents the legitimate (correct) users from accessing the electronic devices. It makes a network
resource unavailable to its intended users by temporarily disrupting services of a host connected
to the Internet.
Direct Access Attacks

Direct access attack is an attack in which an intruder gains physical access to the computer to
perform an unauthorized activity and installing various types of software to compromise security.
These types of software loaded with worms and download a huge amount of sensitive data from
the target victims.

Eavesdropping

This is an unauthorized way of listening to private communication over the network. It does not
interfere with the normal operations of the targeting system so that the sender and the recipient of
the messages are not aware that their conversation is tracking.

Credit/Debit card fraud

A credit card allows us to borrow money from a recipient bank to make purchases. The issuer of
the credit card has the condition that the cardholder will pay back the borrowed money with an
additional agreed-upon charge.

A debit card is of a plastic card which issued by the financial organization to account holder who
has a savings deposit account that can be used instead of cash to make purchases. The debit card
can be used only when the fund is available in the account.

Some of the important threats associated with the debit/credit card are-

ATM (Automated Teller Machine)-

It is the favourite place of the fraudster from there they can steal our card details. Some of the
important techniques which the criminals opt for getting hold of our card information is:

Skimming-

ADVERTISEMENT

It is the process of attaching a data-skimming device in the card reader of the ATM. When the
customer swipes their card in the ATM card reader, the information is copied from the magnetic
strip to the device. By doing this, the criminals get to know the details of the Card number, name,
CVV number, expiry date of the card and other details.
Unwanted Presence-

ADVERTISEMENT

ADVERTISEMENT

It is a rule that not more than one user should use the ATM at a time. If we find more than one
people lurking around together, the intention behind this is to overlook our card details while we
were making our transaction.

Vishing/Phishing

Phishing is an activity in which an intruder obtained the sensitive information of a user such as
password, usernames, and credit card details, often for malicious reasons, etc.

Vishing is an activity in which an intruder obtained the sensitive information of a user via
sending SMS on mobiles. These SMS and Call appears to be from a reliable source, but in real
they are fake. The main objective of vishing and phishing is to get the customer's PIN, account
details, and passwords.

Online Transaction

Online transaction can be made by the customer to do shopping and pay their bills over the
internet. It is as easy as for the customer, also easy for the customer to hack into our system and
steal our sensitive information. Some important ways to steal our confidential information during
an online transaction are-

o By downloading software which scans our keystroke and steals our password and card
details.

o By redirecting a customer to a fake website which looks like original and steals our
sensitive information.

o By using public Wi-Fi

POS Theft

It is commonly done at merchant stores at the time of POS transaction. In this, the salesperson
takes the customer card for processing payment and illegally copies the card details for later use.
Security Policies

Security policies are a formal set of rules which is issued by an organization to ensure that the
user who are authorized to access company technology and information assets comply with rules
and guidelines related to the security of information. It is a written document in the organization
which is responsible for how to protect the organizations from threats and how to handles them
when they will occur. A security policy also considered to be a "living document" which means
that the document is never finished, but it is continuously updated as requirements of the
technology and employee changes.

Need of Security policies-

1) It increases efficiency.

The best thing about having a policy is being able to increase the level of consistency which
saves time, money and resources. The policy should inform the employees about their individual
duties, and telling them what they can do and what they cannot do with the organization sensitive
information.

2) It upholds discipline and accountability

When any human mistake will occur, and system security is compromised, then the security
policy of the organization will back up any disciplinary action and also supporting a case in a
court of law. The organization policies act as a contract which proves that an organization has
taken steps to protect its intellectual property, as well as its customers and clients.

3) It can make or break a business deal

It is not necessary for companies to provide a copy of their information security policy to other
vendors during a business deal that involves the transference of their sensitive information. It is
true in a case of bigger businesses which ensures their own security interests are protected when
dealing with smaller businesses which have less high-end security systems in place.

4) It helps to educate employees on security literacy

A well-written security policy can also be seen as an educational document which informs the
readers about their importance of responsibility in protecting the organization sensitive data. It
involves on choosing the right passwords, to providing guidelines for file transfers and data
storage which increases employee's overall awareness of security and how it can be strengthened.

We use security policies to manage our network security. Most types of security policies are
automatically created during the installation. We can also customize policies to suit our specific
environment. There are some important cybersecurity policies recommendations describe below-

1. Virus and Spyware Protection policy

This policy provides the following protection:

ADVERTISEMENT

ADVERTISEMENT

o It helps to detect, removes, and repairs the side effects of viruses and security risks by
using signatures.

o It helps to detect the threats in the files which the users try to download by using
reputation data from Download Insight.

o It helps to detect the applications that exhibit suspicious behaviour by using SONAR
heuristics and reputation data.

2. Firewall Policy

This policy provides the following protection:

ADVERTISEMENT

o It blocks the unauthorized users from accessing the systems and networks that connect to
the Internet.

o It detects the attacks by cybercriminals.

o It removes the unwanted sources of network traffic.

3. Intrusion Prevention policy

This policy automatically detects and blocks the network attacks and browser attacks. It also
protects applications from vulnerabilities. It checks the contents of one or more data packages
and detects malware which is coming through legal ways.

4. LiveUpdate policy

This policy can be categorized into two types one is LiveUpdate Content policy, and another is
LiveUpdate Setting Policy. The LiveUpdate policy contains the setting which determines when
and how client computers download the content updates from LiveUpdate. We can define the
computer that clients contact to check for updates and schedule when and how often clients
computer check for updates.

5. Application and Device Control

This policy protects a system's resources from applications and manages the peripheral devices
that can attach to a system. The device control policy applies to both Windows and Mac
computers whereas application control policy can be applied only to Windows clients.

6. Exceptions policy

ADVERTISEMENT

This policy provides the ability to exclude applications and processes from detection by the virus
and spyware scans.

7. Host Integrity policy

This policy provides the ability to define, enforce, and restore the security of client computers to
keep enterprise networks and data secure. We use this policy to ensure that the client's computers
who access our network are protected and compliant with companies? securities policies. This
policy requires that the client system must have installed antivirus.

Security Standards
To make cybersecurity measures explicit, the written norms are required. These norms are known
as cybersecurity standards: the generic sets of prescriptions for an ideal execution of certain
measures. The standards may involve methods, guidelines, reference frameworks, etc. It ensures
efficiency of security, facilitates integration and interoperability, enables meaningful comparison
of measures, reduces complexity, and provide the structure for new developments.

A security standard is "a published specification that establishes a common language, and
contains a technical specification or other precise criteria and is designed to be used consistently,
as a rule, a guideline, or a definition." The goal of security standards is to improve the security of
information technology (IT) systems, networks, and critical infrastructures. The Well-Written
cybersecurity standards enable consistency among product developers and serve as a reliable
standard for purchasing security products.

Security standards are generally provided for all organizations regardless of their size or the
industry and sector in which they operate. This section includes information about each standard
that is usually recognized as an essential component of any cybersecurity strategy.

1. ISO

ISO stands for International Organization for Standardization. International Standards make
things to work. These standards provide a world-class specification for products, services and
computers, to ensure quality, safety and efficiency. They are instrumental in facilitating
international trade.

ISO standard is officially established On 23 February 1947. It is an independent, non-

governmental international organization. Today, it has a membership of 162 national standards
bodies and 784 technical committees and subcommittees to take care of standards development.
ISO has published over 22336 International Standards and its related documents which covers
almost every industry, from information technology, to food safety, to agriculture and healthcare.

ISO 27000 Series

It is the family of information security standards which is developed by the International

Organization for Standardization and the International Electrotechnical Commission to provide a
globally recognized framework for best information security management. It helps the
organization to keep their information assets secure such as employee details, financial
information, and intellectual property.

The need of ISO 27000 series arises because of the risk of cyber-attacks which the organization
face. The cyber-attacks are growing day by day making hackers a constant threat to any industry
that uses technology.

The ISO 27000 series can be categorized into many types. They are-

ISO 27001- This standard allows us to prove the clients and stakeholders of any organization to
managing the best security of their confidential data and information. This standard involves a
process-based approach for establishing, implementing, operating, monitoring, maintaining, and
improving our ISMS.

ISO 27000- This standard provides an explanation of terminologies used in ISO 27001.

ADVERTISEMENT

ISO 27002- This standard provides guidelines for organizational information security standards
and information security management practices. It includes the selection, implementation,
operating and management of controls taking into consideration the organization's information
security risk environment(s).

ISO 27005- This standard supports the general concepts specified in 27001. It is designed to
provide the guidelines for implementation of information security based on a risk management
approach. To completely understand the ISO/IEC 27005, the knowledge of the concepts, models,
processes, and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is required. This
standard is capable for all kind of organizations such as non-government organization,
government agencies, and commercial enterprises.

ISO 27032- It is the international Standard which focuses explicitly on cybersecurity. This
Standard includes guidelines for protecting the information beyond the borders of an
organization such as in collaborations, partnerships or other information sharing arrangements
with clients and suppliers.
2. IT Act

The Information Technology Act also known as ITA-2000, or the IT Act main aims is to provide
the legal infrastructure in India which deal with cybercrime and e-commerce. The IT Act is based
on the United Nations Model Law on E-Commerce 1996 recommended by the General
Assembly of United Nations. This act is also used to check misuse of cyber network and
computer in India. It was officially passed in 2000 and amended in 2008. It has been designed to
give the boost to Electronic commerce, e-transactions and related activities associated with
commerce and trade. It also facilitate electronic governance by means of reliable electronic
records.

IT Act 2000 has 13 chapters, 94 sections and 4 schedules. The first 14 sections concerning digital
signatures and other sections deal with the certifying authorities who are licenced to issue digital
signature certificates, sections 43 to 47 provides penalties and compensation, section 48 to 64
deal with appeal to high court, sections 65 to 79 deal with offences, and the remaining section 80
to 94 deal with miscellaneous of the act.

3. Copyright Act

The Copyright Act 1957 amended by the Copyright Amendment Act 2012 governs the subject of
copyright law in India. This Act is applicable from 21 January 1958. Copyright is a legal term
which describes the ownership of control of the rights to the authors of "original works of
authorship" that are fixed in a tangible form of expression. An original work of authorship is a
distribution of certain works of creative expression including books, video, movies, music, and
computer programs. The copyright law has been enacted to balance the use and reuse of creative
works against the desire of the creators of art, literature, music and monetize their work by
controlling who can make and sell copies of the work.

The copyright act covers the following-

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT
 o Rights of copyright owners

o Works eligible for protection

o Duration of copyright

o Who can claim copyright

The copyright act does not covers the following-

o Ideas, procedures, methods, processes, concepts, systems, principles, or discoveries

o Works that are not fixed in a tangible form (such as a choreographic work that has not
been notated or recorded or an improvisational speech that has not been written down)

o Familiar symbols or designs

o Titles, names, short phrases, and slogans

o Mere variations of typographic ornamentation, lettering, or coloring

4. Patent Law

Patent law is a law that deals with new inventions. Traditional patent law protect tangible
scientific inventions, such as circuit boards, heating coils, car engines, or zippers. As time
increases patent law have been used to protect a broader variety of inventions such as business
practices, coding algorithms, or genetically modified organisms. It is the right to exclude others
from making, using, selling, importing, inducing others to infringe, and offering a product
specially adapted for practice of the patent.

In general, a patent is a right that can be granted if an invention is:

o Not a natural object or process

o New

o Useful

o Not obvious.
5. IPR

Intellectual property rights is a right that allow creators, or owners of patents, trademarks or
copyrighted works to benefit from their own plans, ideas, or other intangible assets or investment
in a creation. These IPR rights are outlined in the Article 27 of the Universal Declaration of
Human Rights. It provides for the right to benefit from the protection of moral and material
interests resulting from authorship of scientific, literary or artistic productions. These property
rights allow the holder to exercise a monopoly on the use of the item for a specified period.

Digital Signature

A digital signature is a mathematical technique which validates the authenticity and integrity of a
message, software or digital documents. It allows us to verify the author name, date and time of
signatures, and authenticate the message contents. The digital signature offers far more inherent
security and intended to solve the problem of tampering and impersonation (Intentionally copy
another person's characteristics) in digital communications.

The computer-based business information authentication interrelates both technology and the
law. It also calls for cooperation between the people of different professional backgrounds and
areas of expertise. The digital signatures are different from other electronic signatures not only in
terms of process and result, but also it makes digital signatures more serviceable for legal
purposes. Some electronic signatures that legally recognizable as signatures may not be secure as
digital signatures and may lead to uncertainty and disputes.

Application of Digital Signature

The important reason to implement digital signature to communication is:

ADVERTISEMENT

ADVERTISEMENT

o Authentication
 o Non-repudiation

o Integrity

Authentication

Authentication is a process which verifies the identity of a user who wants to access the system.
In the digital signature, authentication helps to authenticate the sources of messages.

Non-repudiation

Non-repudiation means assurance of something that cannot be denied. It ensures that someone to
a contract or communication cannot later deny the authenticity of their signature on a document
or in a file or the sending of a message that they originated.

Integrity

Integrity ensures that the message is real, accurate and safeguards from unauthorized user
modification during the transmission.

Algorithms in Digital Signature

A digital signature consists of three algorithms:

1. Key generation algorithm

The key generation algorithm selects private key randomly from a set of possible private keys.
This algorithm provides the private key and its corresponding public key.

2. Signing algorithm

A signing algorithm produces a signature for the document.

3. Signature verifying algorithm

A signature verifying algorithm either accepts or rejects the document's authenticity.

How digital signatures work

Digital signatures are created and verified by using public key cryptography, also known as
asymmetric cryptography. By the use of a public key algorithm, such as RSA, one can generate
two keys that are mathematically linked- one is a private key, and another is a public key.
The user who is creating the digital signature uses their own private key to encrypt the signature-
related document. There is only one way to decrypt that document is with the use of signer's
public key.

This technology requires all the parties to trust that the individual who creates the signature has
been able to keep their private key secret. If someone has access the signer's private key, there is
a possibility that they could create fraudulent signatures in the name of the private key holder.

The steps which are followed in creating a digital signature are:

ADVERTISEMENT

1. Select a file to be digitally signed.

2. The hash value of the message or file content is calculated. This message or file content is
encrypted by using a private key of a sender to form the digital signature.

3. Now, the original message or file content along with the digital signature is transmitted.

4. The receiver decrypts the digital signature by using a public key of a sender.

5. The receiver now has the message or file content and can compute it.

6. Comparing these computed message or file content with the original computed message.
The comparison needs to be the same for ensuring integrity.

Types of Digital Signature

Different document processing platform supports different types of digital signature. They are
described below:
Certified Signatures

The certified digital signature documents display a unique blue ribbon across the top of the
document. The certified signature contains the name of the document signer and the certificate
issuer which indicate the authorship and authenticity of the document.

Approval Signatures

The approval digital signatures on a document can be used in the organization's business
workflow. They help to optimize the organization's approval procedure. The procedure involves
capturing approvals made by us and other individuals and embedding them within the PDF
document. The approval signatures to include details such as an image of our physical signature,
location, date, and official seal.

Visible Digital Signature

The visible digital signature allows a user to sign a single document digitally. This signature
appears on a document in the same way as signatures are signed on a physical document.

Invisible Digital Signature

The invisible digital signatures carry a visual indication of a blue ribbon within a document in
the taskbar. We can use invisible digital signatures when we do not have or do not want to
display our signature but need to provide the authenticity of the document, its integrity, and its
origin.

Cyber Security Tools

Protecting our IT environment is very critical. Every organization needs to take cybersecurity
very seriously. There are numbers of hacking attacks which affecting businesses of all sizes.
Hackers, malware, viruses are some of the real security threats in the virtual world. It is essential
that every company is aware of the dangerous security attacks and it is necessary to keep
themselves secure. There are many different aspects of the cyber defence may need to be
considered. Here are six essential tools and services that every organization needs to consider to
ensure their cybersecurity is as strong as possible. They are described below:
1. Firewalls

As we know, the firewall is the core of security tools, and it becomes one of the most important
security tools. Its job is to prevent unauthorized access to or from a private network. It can be
implemented as hardware, software, or a combination of both. The firewalls are used to prevent
unauthorized internet users from accessing private networks connected to the Internet. All
messages are entering or leaving the intranet pass through the firewall. The firewall examines
each message and blocks those messages that do not meet the specified security criteria.

The Firewall is very useful, but it has limitations also. A skilled hacker knew how to create data
and programs that are believing like trusted firewalls. It means that we can pass the program
through the firewall without any problems. Despite these limitations, firewalls are still very
useful in the protection of less sophisticated malicious attacks on our system.
2. Antivirus Software

Antivirus software is a program which is designed to prevent, detect, and remove viruses and
other malware attacks on the individual computer, networks, and IT systems. It also protects our
computers and networks from the variety of threats and viruses such as Trojan horses, worms,
keyloggers, browser hijackers, rootkits, spyware, botnets, adware, and ransomware. Most
antivirus program comes with an auto-update feature and enabling the system to check for new
viruses and threats regularly. It provides some additional services such as scanning emails to
ensure that they are free from malicious attachments and web links.

3. PKI Services

PKI stands for Public Key Infrastructure. This tool supports the distribution and identification of
public encryption keys. It enables users and computer systems to securely exchange data over the
internet and verify the identity of the other party. We can also exchange sensitive information
without PKI, but in that case, there would be no assurance of the authentication of the other
party.

People associate PKI with SSL or TLS. It is the technology which encrypts the server
communication and is responsible for HTTPS and padlock that we can see in our browser
address bar. PKI solve many numbers of cybersecurity problems and deserves a place in the
organization security suite.

PKI can also be used to:

ADVERTISEMENT

ADVERTISEMENT

o Enable Multi-Factor Authentication and access control

o Create compliant, Trusted Digital Signatures.

o Encrypt email communications and authenticate the sender's identity.

o Digitally sign and protect the code.

o Build identity and trust into IoT ecosystems.

4. Managed Detection and Response Service (MDR)

Today's cybercriminals and hackers used more advanced techniques and software to breach
organization security So, there is a necessity for every businesses to be used more powerful
forms of defences of cybersecurity. MDR is an advanced security service that provides threat
hunting, threat intelligence, security monitoring, incident analysis, and incident response. It is a
service that arises from the need for organizations (who has a lack of resources) to be more
aware of risks and improve their ability to detect and respond to threats. MDR also uses Artificial
Intelligence and machine learning to investigate, auto detect threats, and orchestrate response for
faster result.

The managed detection and response has the following characteristics:

o Managed detection and response is focused on threat detection, rather than compliance.

o MDR relies heavily on security event management and advanced analytics.

o While some automation is used, MDR also involves humans to monitor our network.

o MDR service providers also perform incident validation and remote response.

ADVERTISEMENT

5. Penetration Testing

Penetration testing, or pen-test, is an important way to evaluate our business's security systems
and security of an IT infrastructure by safely trying to exploit vulnerabilities. These
vulnerabilities exist in operating systems, services and application, improper configurations or
risky end-user behavior. In Penetration testing, cybersecurity professionals will use the same
techniques and processes utilized by criminal hackers to check for potential threats and areas of
weakness.

A pen test attempts the kind of attack a business might face from criminal hackers such as
password cracking, code injection, and phishing. It involves a simulated real-world attack on a
network or application. This tests can be performed by using manual or automated technologies
to systematically evaluate servers, web applications, network devices, endpoints, wireless
networks, mobile devices and other potential points of vulnerabilities. Once the pen test has
successfully taken place, the testers will present us with their findings threats and can help by
recommending potential changes to our system.

6. Staff Training

Staff training is not a 'cybersecurity tool' but ultimately, having knowledgeable employees who
understand the cybersecurity which is one of the strongest forms of defence against cyber-
attacks. Today's many training tools available that can educate company's staff about the best
cybersecurity practices. Every business can organize these training tools to educate their
employee who can understand their role in cybersecurity.

We know that cyber-criminals continue to expand their techniques and level of sophistication to
breach businesses security, it has made it essential for organizations to invest in these training
tools and services. Failing to do this, they can leave the organization in a position where hackers
would be easily targeted their security system. So, the expense of the investment on these
training tools might put a reward for the business organization with long-term security and
protection.

Cyber Security Challenges

Today cybersecurity is the main component of the country's overall national security and
economic security strategies. In India, there are so many challenges related to cybersecurity.
With the increase of the cyber-attacks, every organization needs a security analyst who makes
sure that their system is secured. These security analysts face many challenges related to
cybersecurity such as securing confidential data of government organizations, securing the
private organization servers, etc.

The recent important cybersecurity challenges are described below:

1. Ransomware Evolution

Ransomware is a type of malware in which the data on a victim's computer is locked, and
payment is demanded before the ransomed data is unlocked. After successful payment, access
rights returned to the victim. Ransomware is the bane of cybersecurity, data professionals, IT,
and executives.

Ransomware attacks are growing day by day in the areas of cybercrime. IT professionals and
business leaders need to have a powerful recovery strategy against the malware attacks to protect
their organization. It involves proper planning to recover corporate and customers' data and
application as well as reporting any breaches against the Notifiable Data Breaches scheme.
Today's DRaaS solutions are the best defence against the ransomware attacks. With DRaaS
solutions method, we can automatically back up our files, easily identify which backup is clean,
and launch a fail-over with the press of a button when malicious attacks corrupt our data.

2. Blockchain Revolution
Blockchain technology is the most important invention in computing era. It is the first time in
human history that we have a genuinely native digital medium for peer-to-peer value exchange.
The blockchain is a technology that enables cryptocurrencies like Bitcoin. The blockchain is a
vast global platform that allows two or more parties to do a transaction or do business without
needing a third party for establishing trust.

It is difficult to predict what blockchain systems will offer in regards to cybersecurity. The
professionals in cybersecurity can make some educated guesses regarding blockchain. As the
application and utility of blockchain in a cybersecurity context emerges, there will be a healthy
tension but also complementary integrations with traditional, proven, cybersecurity approaches.

3. IoT Threats

IoT stands for Internet of Things. It is a system of interrelated physical devices which can be
accessible through the internet. The connected physical devices have a unique identifier (UID)
and have the ability to transfer data over a network without any requirements of the human-to-
human or human-to-computer interaction. The firmware and software which is running on IoT
devices make consumer and businesses highly susceptible to cyber-attacks.

When IoT things were designed, it is not considered in mind about the used in cybersecurity and
for commercial purposes. So every organization needs to work with cybersecurity professionals
to ensure the security of their password policies, session handling, user verification, multifactor
authentication, and security protocols to help in managing the risk.

4. AI Expansion

AI short form is Artificial intelligence. According to John McCarthy, father of Artificial

Intelligence defined AI: "The science and engineering of making intelligent machines, especially
intelligent computer programs."

It is an area of computer science which is the creation of intelligent machines that do work and
react like humans. Some of the activities related to artificial intelligence include speech
recognition, Learning, Planning, Problem-solving, etc. The key benefits with AI into our
cybersecurity strategy has the ability to protect and defend an environment when the malicious
attack begins, thus mitigating the impact. AI take immediate action against the malicious attacks
at a moment when a threats impact a business. IT business leaders and cybersecurity strategy
teams consider AI as a future protective control that will allow our business to stay ahead of the
cybersecurity technology curve.

5. Serverless Apps Vulnerability

Serverless architecture and apps is an application which depends on third-party cloud

infrastructure or on a back-end service such as google cloud function, Amazon web services
(AWS) lambda, etc. The serverless apps invite the cyber attackers to spread threats on their
system easily because the users access the application locally or off-server on their device.
Therefore it is the user responsibility for the security precautions while using serverless
application.

The serverless apps do nothing to keep the attackers away from our data. The serverless
application doesn't help if an attacker gains access to our data through a vulnerability such as
leaked credentials, a compromised insider or by any other means then serverless.

We can run software with the application which provides best chance to defeat the
cybercriminals. The serverless applications are typically small in size. It helps developers to
launch their applications quickly and easily. They don't need to worry about the underlying
infrastructure. The web-services and data processing tools are examples of the most common
serverless apps.

Cyber Security Risk Analysis

Risk analysis refers to the review of risks associated with the particular action or event. The risk
analysis is applied to information technology, projects, security issues and any other event where
risks may be analysed based on a quantitative and qualitative basis. Risks are part of every IT
project and business organizations. The analysis of risk should be occurred on a regular basis and
be updated to identify new potential threats. The strategic risk analysis helps to minimize the
future risk probability and damage.

Enterprise and organization used risk analysis:

ADVERTISEMENT

ADVERTISEMENT
 o To anticipates and reduce the effect of harmful results occurred from adverse events.

o To plan for technology or equipment failure or loss from adverse events, both natural and
human-caused.

o To evaluate whether the potential risks of a project are balanced in the decision process
when evaluating to move forward with the project.

o To identify the impact of and prepare for changes in the enterprise environment.

Benefits of risk analysis

Every organization needs to understand about the risks associated with their information systems
to effectively and efficiently protect their IT assets. Risk analysis can help an organization to
improve their security in many ways. These are:

o Concerning financial and organizational impacts, it identifies, rate and compares the
overall impact of risks related to the organization.

o It helps to identify gaps in information security and determine the next steps to eliminate
the risks of security.

o It can also enhance the communication and decision-making processes related to

information security.

o It improves security policies and procedures as well as develop cost-effective methods for
implementing information security policies and procedures.

o It increases employee awareness about risks and security measures during the risk
analysis process and understands the financial impacts of potential security risks.

Steps in the risk analysis process

The basic steps followed by a risk analysis process are:

Conduct a risk assessment survey:

Getting the input from management and department heads is critical to the risk assessment
process. The risk assessment survey refers to begin documenting the specific risks or threats
within each department.
Identify the risks:

This step is used to evaluate an IT system or other aspects of an organization to identify the risk
related to software, hardware, data, and IT employees. It identifies the possible adverse events
that could occur in an organization such as human error, flooding, fire, or earthquakes.

Analyse the risks:

Once the risks are evaluated and identified, the risk analysis process should analyse each risk that
will occur, as well as determine the consequences linked with each risk. It also determines how
they might affect the objectives of an IT project.

Develop a risk management plan:

After analysis of the Risk that provides an idea about which assets are valuable and which threats
will probably affect the IT assets negatively, we would develop a plan for risk management to
produce control recommendations that can be used to mitigate, transfer, accept or avoid the risk.

Implement the risk management plan:

The primary goal of this step is to implement the measures to remove or reduce the analyses
risks. We can remove or reduce the risk from starting with the highest priority and resolve or at
least mitigate each risk so that it is no longer a threat.

Monitor the risks:

This step is responsible for monitoring the security risk on a regular basis for identifying, treating
and managing risks that should be an essential part of any risk analysis process.

Types of Risk Analysis

The essential number of distinct approaches related to risk analysis are:

Qualitative Risk Analysis

o The qualitative risk analysis process is a project management technique that prioritizes
risk on the project by assigning the probability and impact number. Probability is
something a risk event will occur whereas impact is the significance of the consequences
of a risk event.

o The objective of qualitative risk analysis is to assess and evaluate the characteristics of
individually identified risk and then prioritize them based on the agreed-upon
characteristics.

o The assessing individual risk evaluates the probability that each risk will occur and effect
on the project objectives. The categorizing risks will help in filtering them out.

o Qualitative analysis is used to determine the risk exposure of the project by multiplying
the probability and impact.

Quantitative Risk Analysis

o The objectives of performing quantitative risk analysis process provide a numerical

estimate of the overall effect of risk on the project objectives.

o It is used to evaluate the likelihood of success in achieving the project objectives and to
estimate contingency reserve, usually applicable for time and cost.

o Quantitative analysis is not mandatory, especially for smaller projects. Quantitative risk
analysis helps in calculating estimates of overall project risk which is the main focus.