AAT–II

NAME ROLL NO AAT TYPE SUBJECT

KANCHARLA 21951A05K5 ASSIGNMENT CYBER SECURITY
SNEHA SREE

Assignment Questions: -

Answers: -

1. Here’s a summary of the roles of each term:

a. Data Confidentiality:
Ensures that sensitive data is accessible only to authorized users and protected
from unauthorized access. It involves encryption, access control, and privacy
policies to prevent data breaches and leaks.
b. Data Integrity:
Ensures that data remains accurate, complete, and unaltered during storage,
processing, and transmission. It involves mechanisms like checksums, hashing,
and error-checking protocols to detect and prevent data tampering.
c. Authentication:
Verifies the identity of users, devices, or systems to ensure that only legitimate
entities can access resources. It uses methods like passwords, biometrics, multi-
factor authentication (MFA), and digital certificates to establish trust.
2. Cybersecurity is referred to as computer protection because it defends computer
systems, networks, and data from various cyber threats like hacking, malware, and
data breaches. Its primary goal is to ensure the confidentiality, integrity, and
availability of information, thus protecting both digital assets and system
functionality. This protection involves implementing security measures such as
firewalls, antivirus software, and encryption protocols.

Advantages of Cybersecurity

1. Data Protection: Prevents data breaches and unauthorized access.

2. Business Continuity: Minimizes downtime after cyberattacks.
3. Reputation Management: Builds customer trust and avoids reputation damage.
4. Regulatory Compliance: Ensures compliance with data protection laws.

Elements of Cybersecurity

1. Network Security: Protecting network infrastructure from intrusions and attacks.

Example: Firewalls and intrusion detection systems.
2. Application Security: Ensuring applications are secure from vulnerabilities.
Example: Regular software updates and patches.
3. Information Security: Safeguarding data from unauthorized access.
Example: Data encryption and access control.
4. Endpoint Security: Securing individual devices connected to the network.
Example: Installing antivirus and endpoint detection software on laptops.
5. Identity and Access Management (IAM): Ensuring only authorized individuals
have access.Example: Implementing multi-factor authentication (MFA)

Real-Time Example

Consider a bank’s cybersecurity system. The bank uses firewalls and secure VPNs to
protect its internal network. Its online banking application is safeguarded through
frequent software updates and data encryption. Multi-factor authentication ensures
only authorized users can access accounts, while real-time monitoring systems detect
potential threats. This comprehensive cybersecurity framework ensures safe and
reliable banking services for customers.

3. Endpoint security protects devices like computers, smartphones, and servers

connected to a network. It uses tools such as antivirus, firewalls, and device
management systems to detect, prevent, and respond to cyber threats targeting these
endpoints.

Key Features:
Device Monitoring
Threat Detection
Data Encryption
Access Control
Patch Management
Importance in OS Security:

• Prevents Unauthorized Access: Ensures only trusted users and devices access the
 OS.
• Stops Malware and Ransomware: Blocks malicious software targeting the OS.
• Data Protection: Encrypts sensitive files on devices.
• Mitigates Insider Threats: Monitors device activity to prevent internal breaches.
• Ensures OS Updates: Applies security patches to fix OS vulnerabilities.
Example: In remote work, endpoint security tools like antivirus and VPNs protect
employees’ devices, ensuring malware can’t spread to the corporate network if a device
is compromised.

4. Key Differences Between DoS and DDoS Attacks

Aspect DoS Attack DDoS Attack

Source of Attack Single source Multiple sources (botnet)
Attack Scale Limited impact Large-scale, widespread
Complexity Simpler, easier to execute Complex requires
coordination
Detection Easier to detect and block Harder to detect and
mitigate
Attack Method Overloads target with Simultaneous traffic
traffic floods
Example Flooding a server from Botnet attacking a website
one IP

DoS attacks originate from a single source and are easier to detect and block, while
DDoS attacks involve multiple sources, making them harder to mitigate due to their
distributed nature and larger attack scale.

5. Network Intrusion Detection Techniques

Signature-Based Detection:
Concept: Compares network traffic against a database of known attack patterns
(signatures).
Strength: Effective against known threats.
Limitation: Cannot detect new or unknown attacks.
Example: Identifying a malware file based on its signature hash.

Anomaly Detection:
Concept: Establishes a baseline of normal network behavior and flags deviations.
Strength: Detects new or unknown attacks.
Limitation: Prone to false positives if normal behavior changes.
Example: Detecting unusual spikes in traffic volume during off-hours.

Behavioral Analysis:
Concept: Monitors user and system behavior for suspicious activities.
Strength: Identifies insider threats and advanced persistent threats (APTs).
Limitation: Requires continuous learning and updates.
Example: Flagging a user downloading large volumes of sensitive files unexpectedly.
These techniques work together in network intrusion detection systems (NIDS) to
provide comprehensive security monitoring and threat mitigation.
6. Mining big data presents several challenges, primarily related to scalability, data
quality, and privacy. Scalability issues arise because traditional systems cannot
efficiently process the massive volumes of data generated. Distributed computing
frameworks like Hadoop and Apache Spark are used to scale data processing across
multiple systems.

Data quality is another significant challenge, as big data often contains incomplete,
noisy, or inconsistent information. This can be addressed through data cleaning and
preprocessing techniques to improve the accuracy of analysis.

Privacy and security concerns are critical, especially with sensitive data such as
personal or financial information. Ensuring data protection through encryption, access
control, and compliance with regulations like GDPR helps prevent breaches and
maintain confidentiality.

Data integration is complicated by the diverse formats and sources of big data,
requiring standardized formats and ETL processes to ensure smooth integration and
consistency. Processing speed (velocity) is also a challenge, particularly with real-
time data streams, which can be managed using tools like Apache Kafka for real-time
processing.

Finally, interpretability of results is often difficult due to complex models and large
datasets. Using data visualization and explainable AI techniques helps make the
insights more understandable and actionable.

In sectors like healthcare, big data from patient records and devices faces these
challenges. Scalable cloud platforms, data cleaning, encryption, and real-time
analytics enable effective management and analysis, ensuring accurate and timely
insights.

7. The General Data Protection Regulation (GDPR), introduced by the EU in 2018, set
a high standard for data protection globally. It applies to any company processing data
of EU residents and emphasizes transparency, user consent, and accountability. The
GDPR has influenced global data privacy laws, encouraging countries like Brazil and
Japan to adopt similar regulations. It has significantly raised awareness about data
privacy and user rights.

Challenges Faced by Multinational Companies in Achieving Compliance

• Diverse Legal Frameworks: Multinational companies must navigate different data
privacy laws across regions, complicating compliance efforts.

• Operational Costs and Resources: Implementing GDPR compliance requires

significant investment in technology, staff, and legal resources.

• Data Localization and Cross-Border Transfers: Companies must ensure personal

data stays within jurisdictions or use legal mechanisms for international transfers.

• Consent Management: Obtaining explicit consent from users worldwide and

managing it across jurisdictions can be challenging.
 • Data Breach Response: Companies must respond quickly to breaches and notify
authorities within 72 hours, which is complex for global operations.

• Continuous Monitoring: Ensuring ongoing compliance through audits and regular

updates adds to the operational burden.

8. Email filtering is a process that sorts incoming emails to block unwanted or malicious
content, such as spam and phishing attempts. Filters analyze email content, sender
information, and attachments to identify and prevent threats.

Spam Filtering: Detects and blocks unwanted bulk emails by analyzing sender IPs,
content, and suspicious patterns.

Phishing Detection: Identifies fraudulent emails attempting to steal sensitive

information by checking URLs, verifying sender authenticity, and detecting social
engineering tactics.

Malware Detection: Scans attachments for viruses and malware using signature-based
detection, file type filtering, and behavioral analysis.

Email filtering is crucial for protecting users from malicious threats by ensuring only
safe emails reach the inbox.

9. A comprehensive Disaster Recovery Plan (DRP) ensures business continuity during

and after a cyber incident, such as a data breach, ransomware attack, or system failure.
This plan focuses on redundant data backups and failover mechanisms to guarantee
data availability and minimize downtime. A Disaster Recovery Plan (DRP) ensures
data availability and business continuity during cyber incidents by implementing
redundant data backups and failover mechanisms.
1. Redundant Data Backups:
• Backup Types: Perform full, incremental, and differential backups to ensure
up-to-date data.
• Backup Locations: Use both on-site and off-site (cloud) backups for
reliability.
• Data Encryption: Ensure all backups are encrypted for security.
2. Failover Mechanisms:
• Redundant Systems: Use high availability (HA) systems and failover servers
to minimize downtime.
• Cloud Failover: Leverage cloud services for disaster recovery, ensuring
continuous data access.
• Network Failover: Implement automatic failover systems for uninterrupted
network service.
3. Incident Response and Recovery:
• Detection and Assessment: Continuously monitor systems for threats and
assess incident severity.
• Data Restoration: Restore from the latest clean backup and activate failover
systems.
• Communication: Keep internal and external stakeholders informed during
recovery.
4. Testing and Maintenance:
 • Regularly test backups and failover systems through disaster recovery drills.
• Update the plan periodically to incorporate new systems and technologies.
5. Continuous Improvement:
• After each test or incident, review the plan and enhance security measures.
This plan ensures rapid recovery from cyber incidents, minimizing downtime and
data loss through effective backups and failover strategies.

10. To deter cyber warfare and protect cyberspace, international cooperation and cyber
treaties can be strengthened in the following ways:
• Clear Cyber Norms and Standards: Develop global norms for responsible state
behavior in cyberspace, similar to laws of armed conflict, to define cyber
warfare and unacceptable actions like cyber espionage.
• Expanding Cyber Treaties: Create legally binding international treaties for
cybersecurity, such as expanding the Budapest Convention, and promote
confidence-building measures to enhance transparency and trust among
nations.
• International Collaboration: Foster cooperation through global law
enforcement bodies like Interpol and Europol, and establish international
incident response teams to help mitigate and recover from cyberattacks.
• Strengthening Cyber Defense Capabilities: Support developing countries in
building cybersecurity infrastructure and facilitate global platforms for
sharing cyber threat intelligence.
• Deterrence through Attribution: Develop mechanisms for attributing
cyberattacks, making perpetrators accountable, and using sanctions to deter
state-sponsored attacks.
• Global Cybersecurity Governance: Establish a global cybersecurity
organization to oversee rules and foster collaboration between governments,
private companies, and civil society for stronger defenses.
By improving these areas, nations can create a more resilient, cooperative, and secure
global cyberspace.