Cyber Security College Workshop

Workshop on Cyber Security
Niks Technology Private Limited
By: Dr. Rahul Nayan

Cyber Space:
The Global Room Today
A science fiction writer coined the useful term "cyberspace" in 1982. But the territory in question, the
electronic frontier, is about a hundred and thirty years old. Cyberspace is the "place" where a
telephone conversation appears to occur. Not inside your actual phone, the plastic device on your
desk. This "place“ is not "real," but it is serious, it is earnest. Tens of thousands of people have
dedicated their lives to it, to the public service of public communication by wire and electronics.
Cyberspace today is a "Net," a "Matrix," international in scope and growing swiftly and steadily. It's
growing in size, and wealth, and political importance. People have met there and been married there.
There are entire living communities in cyberspace today; chattering, gossiping, planning, conferring
and scheming, leaving one another voice-mail and electronic mail, giving one another big weightless
chunks of valuable data, both legitimate and illegitimate. They busily pass one another computer
software and the occasional festering computer virus.

Cyber Security Defined
 Cyber Security’s goal: Protect our information and
information systems
 Cyber Security is: “Protection of information
systems against unauthorized access to or
modification of information, whether in storage,
processing or transit, and against the denial of service
to authorized users, including those measures
necessary to detect, document, and counter such
threats.”

The CIA and N
• Confidentiality: Safeguards information from being accessed by individuals without the
proper clearance, access level, and need to know.
• Integrity: Results from the protection of unauthorized modification or destruction of
information.
• Availability: Information services are accessible when they are needed. Authentication
means a security measure that establishes the validity of a transmission, message, or
originator, or a means of verifying an individual's authorization to receive specific categories
of information.
• Non-repudiation: Assurance the sender of data is provided with proof of delivery and the
recipient is provided with proof of the sender's identity, so neither can later deny having
processed the data.

Sensitive Data
 Information is considered sensitive if the loss of Confidentiality,
Integrity, or Availability could be expected to have a serious, severe, or
catastrophic adverse effect on organizational operations, organizational
assets, or individuals.
 Types of sensitive information include:
 Personnel
 Financial
 Payroll
 Medical
 Privacy Act information.

The Bottom Line
• The Internet already has triggered challenging questions about the
applicability of case precedent and legal models for Internet-mediated
communications and commerce.
• At the macro-level, the Internet affects broad, almost metaphysical concepts
like matter, distance, time and space.
• At the micro-level, it directly impacts how we communicate, educate,
entertain and transact business.

Assets
 Financial Data
 Personal information
 Critical design information
 System control functions for Dams etc.
 Proprietary data

Threats
 Hackers, crackers
 Black hats and White hats
 Criminals and Terrorists
 Russian invasion of Georgia
 War Driving
 Social engineering

Threat Characteristics

Internal Threats
 Unauthorized access
 Accidental access
 Negligence

External Threats
 Hackers, crackers, script kiddies
 Freelance information brokers
 Competitive espionage

Cyber Terrorism & Cyber Crime
 Cyber Terrorism focuses on controlling critical infrastructure
 Cyber Crime focuses on competitive advantage and financial gain.

Vulnerabilities
 Hardware
 Unsecured Wi-Fi
 No Router
 Router with default password
 Software
 No anti-virus/anti-spyware
 No Firewall
 Old virus definitions
 Out of date Windows O.S.
 Personal Behaviour
 Failure to use strong passwords
 Clicking on unsafe links or emails
 Downloading questionable files
 Leaving computer logged on
 Leaving your computer accessible

Vulnerability Assessments
Blue Team
 Physical security assessment
 Includes an IT component
Red Team
 Penetration testing
 Off site script run against IT system
 Post assessment report identifying

Types of Malware
 Viruses
 Worms
 Wabbits
 Trojans
 Spyware
 Backdoors
 Exploits
 Rootkit
 Key loggers
 Dialler's
 URL Injectors
 Adware

TROJANS: The chief of VIRUSES
(Vital Information Resource Under Seize)
Trojans are small programs that effectively give “hackers” remote control over your entire Computer.
Some common features with Trojans are as follows:
 Open your DVD-ROM drive
 Capture a screenshot of your computer
 Record your key strokes and send them to the “Hacker”
 Full Access to all your drives and files
 Ability to use your computer as a bridge to do other hacking related activities.
 Disable your keyboard
 Disable your mouse…and more!

Hackers: Breaches
• Headlines
– Ashley Madison 2015: Many use same passwords, spear phishing
campaigns, blackmail targets
– Twitter: 32 Million
– Yahoo: 500 Million (LinkedIn, Amazon, Facebook, Credit Cards, )
– Security cameras, breach-able appliances, access control systems
– Malware found on all platforms including Apple
– 9 million new signatures of malware in July 2018

Attack Vectors
 Hacking (Data theft, corporate espionage, identity theft)
 Social Engineering (Spear Phishing, Phishing, traditional SE)
 Internal attacks: Unauthorized access and access control
 Cloud Attacks and Breaches (Dropbox, iCloud, OneDrive, Etc.)
 Virus/Malware/Botnet
 Ransomware and Extortion

Legacy Gateway Security Implementation

Modern Security Implementation

ULTIMATE PREVENTION: CURE
 Firewalls
 Anti Virus
 Cyber Hygiene
 Access Control
 Data Security and Information Protection
 Protective Technology
 Boundary Defense and Network Separation
 Configuration Management
 Training

10 Driving Principles of the New Economy
 Matter—law involves the processing of information and the Internet provides a
comparatively superior medium for some applications.
 Space—the Internet transcends distance and provides a major new promotional medium.
 Time—Internet time moves faster than we’d like.
 People—brain power and people skills matter particularly in an Internet-mediated world.
 Growth—the Internet can fuel market expansion.
 Value—Web pages offer prospective clients access to helpful general information and
for existing clients a portal to a some of a firm’s assets.
 Efficiency—consider whether and how e-mail enhances productivity.
 Markets—the Internet makes markets more porous and more easily customized.
 Transactions—with modification, the Internet can provide a medium for commerce.
 Impulse—the Internet reduces the time between sales pitch and transaction.

Cybersecurity Risk Management, Risk Assessment and
Asset Evaluation

Cybersecurity Plans and Strategies, Establishing
Priorities, Organizing Roles and Responsibilities

Technology Trends
 The Internet provides a “virtual” medium for
communications and commerce that transcends many of
the limitations in the physical world.
 This presents a mixed blessing: the capacity to achieve
near parity with competitors located any place, offset by
expectations and the complexity in doing business across
jurisdictions.
 We must ascend new learning curves and make sizeable
equipment investments to accrue efficiency and
productivity gains.

Marketplace Trends
 The Internet reduces market entry barriers.
 It provides a new medium, that can reduce transaction costs and
promote “frictionless” commerce.
 It can eliminate intermediaries that do not add sufficient value
(“disintermediation”), but it also can create new opportunities,
e.g., content portals, auctioneers and B2B brokers.
 It reduces comparative and competitive disadvantages based on
location alone.
 It offers the promise of faster, better, smarter, cheaper and more
convenient services.

Business in the 21st Century
 All businesses in 21st century will be more and more knowledge
based. IT will be a strong enabler for the business
 Businesses will stick to their core competencies
 Logistics will be critical
 Layers of management structures will shrink
 Changing Business Relationships
 And the Cyber Security shall be a concern for all….

How business will be
done in the 21st Century
• Deal with well informed customers with high service
standards expectation
• Paperless Offices and work flow based execution
• Business at any hour
• Virtual Showrooms and Teleshopping
• And again the Cyber Security shall be a concern for
all………….

How the Internet Affects the Law
 Internet mediation does not necessarily foreclose the application of preexisting laws;
something unlawful, regulated or licensed does not become lawful, unregulated and
unlicensed simply through Internet-mediation.
 The trans border nature of Internet commerce and communications challenges
national sovereignty and the jurisdictional reach of laws and regulations.
 Technological innovations, coupled with the global reach of the Internet, threaten the
viability of laws including ones protecting intellectual property, privacy and
consumers.

What is Cyber Law ?
Cyber law is a generic term which refers to all the legal and
regulatory aspects of Information Technology in the Cyber
space
Anything related to or concerning any activity of netizens
and others, within Cyberspace comes within the ambit of
Cyber law
A vibrant and effective regulatory mechanism is crucial for
the success of e-Commerce

The Information
Technology Act 2000
 India is the 13th country to pass legislation on Information
Technology.
 The I.T. Act received the President’s sanction on 9th June,
2000.The I.T. Act is effective from 17th October, 2000.

Salient Features of I.T Act
 Computer data accorded legal sanctity
 Certifying Authorities for Digital Signature established
 Digital Signature recognized
 Cyber crimes to invite tough penalties
 E-Governance
 Police Authorities given powers of enforcement
 Appellate authorities set up

Legal Recognition For
Electronic Records
 An electronic data will be considered as a valid evidence in the court of law.
 The following conditions have to be satisfied:
The information contained in the data is accessible for subsequent use or
reference.
The electronic record is retained or reproducible in the format in which it was
originally generated, sent or received
Facilitate identification of the origin, date and time of dispatch or receipt of such
electronic record.

Digital Certificate
 A Digital Certificate is an “electronic card” that establishes one’s
credentials when doing business or other transactions on the web.
Issuing Authority
 Certifying Authority is a person to whom a license has been granted
to issue a Digital Certificate which is used to create public-private key
pairs and digital signatures.

Eligibility criteria for Certifying Authorities
 An individual being a citizen of India, who has a capital of Rs 5 crores
in his business or profession
 A company with a paid up capital of Rs 5 crores and net worth not less
than Rs 50 crores and with a foreign holding of not more than 49 %
 A firm with capital of all partners exceeding 5 crores and net worth
exceeding Rs 50 crores

Digital Signature
 A digital signature is a digital code that can be attached to an
electronically transmitted message to uniquely identify the stranger.
 Unlike a handwritten signature, a digital signature binds the content of a
message to the signer in such a way that if even one bit in the message
changes enroute, the signature will not verify at the other end.

Authentication of
Digital Signatures
 Any subscriber (a person in whose name digital signature is issued)may
authenticate an electronic record by affixing his digital signature
 A Digital Signature is secure if it has the following attributes :
Unique to subscriber affixing it
Capable of identifying such subscriber
Created in an manner or using means under the exclusive control of the subscriber

Duties of the Subscriber
 Subscriber to generate the key pair by using the prescribed security
procedure
 Subscriber to exercise reasonable care to retain control over the private
key
 Cannot refute a document to which his signature is affixed as not sent by
him using his private key

Revocation of Digital
Signature Certificate
 Upon request made by a subscriber
 Upon the death by a subscriber
 Upon dissolution of firm or company
 Requirements for issuance of digital signature not fulfilled by subscriber

Cyber Crimes
What is Cyber Crime?
All activities done with criminal intent in Cyber space. These
could be either the criminal activities in the conventional sense
or could be activities, newly evolved with growth of new
medium.

Major Cybercrimes
 Unauthorized access to a computer system
 Unauthorized access to data or information
 Introduces or causes to introduce viruses
 Tampering with computer source documents
 Cause Damage to Computer system or causes any disruption
 Denies access to any person authorized to access the computer system
 Spread of viruses
 Uses or down loads un-licensed software
 Hacking
 Publishing obscene information
 Breach of confidentiality and privacy
 Cyber Squatting
 Spread of viruses

Cybersecurity
The cost and risks of cyber attacks are increasing
Cyber Threat Landscape
• Cybersecurity events and costs are increasing:
– 79% of survey respondents detected a security incident in the past 12 months
– Average total cost of a data breach increased 23% over the past two years
– Average cost paid for each lost / stolen record increased 6%
Industry Outlook
• Data breaches are expected to reach $2.1 trillion globally by 2019
• 76% of survey respondents were more concerned about cybersecurity threats than in previous 12 months:
– Increase from 59% in 2014
Reputational Risk
• An IT security breach can have serious implications in how a company is perceived:
– 46% of companies suffered damage to reputation & brand value due to a security breach
– 19% of companies suffered damage to reputation & brand value due to a third-party security breach
or IT system failure
• The risk of losing customer trust is significant and rising:
– 82% of customers would consider leaving an institution that suffered a data breach

CYBERLAWS FOR
E-COMMERCE
 Cybercrimes are on the increase.
 Cybercrimes can be said to be of three categories :
1. Cybercrime against property
2. Cybercrime against persons
3. Cybercrime against nations

Special Provisions for ISPs
 Service Providers considered as intermediaries
 ISPs – Internet Service Providers to maintain log of all their
customers and the sites they have visited. For this special software is
required to be installed.
 Such data to be produced on demand by ISPs to any enquiry officer

IT ACT,2000- OBJECTS
 Aims to provide legal recognition for transactions carried out by means
of electronic data interchange and other means of electronic
communication commonly referred to as electronic commerce which
involve the alternatives to paper based methods of communication and
storage of information.
 To facilitate electronic filing of documents with Government agencies .
 To amend four laws of the country, The Indian Penal Code, The Indian
Evidence Act, 1872, The Bankers Book Evidence Act, 1881 and The
Reserve Bank of India Act, 1934.

HACKING
 Hacking has been made a penal offence punishable with imprisonment
and fine.
 “ Whoever with the intent to cause or knowing that he is likely to
cause wrongful loss or damage to the public or any person destroys or
deletes or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by any means,
commits hacking”

SEARCH ENGINE ISSUES
 In case, if your website has a search facility or a search engine,
specific declaration about the same needs to be given on the
homepage.
 Express disclaiming statements need to be given that search engine is
only spidering the web for the requested query on the basis of the
relevant technology and that the website, owners and administrators
are not liable in any manner whatsoever in any event or for any cause
whatsoever for the search results.

Strategic Forces Shaping Cyber
Significant Cyber Events in 2018
2018
Events
Social
Media
Infrastructure &
Government
HealthcareHospitality
Business

The Threat Landscape
• Impact: Costly regulatory inquiries and
penalties, consumer and shareholder
lawsuits, loss of consumer confidence
• Motivation: Financial gain
• 2017 Outlook: Cyber-extortion
will continue to rise
• Impact: Competitive advantage, trade secret disclosure,
operational disruption, brand and reputation
• Motivation: Personal advantage, monetary gain, professional
revenge, patriotism
• 2017 Outlook: More organizations will implement insider threat
mitigation programs and processes
• Impact: Disruption of business activities, brand and reputation, loss
of consumer confidence
• Motivation: Negatively impact reputation, drive attention to a
cause, pressure for change
• 2017 Outlook: Expected to escalate attack methods with high-
profile data breaches
• Impact: loss of competitive advantage, disruption
to critical infrastructure
• Motivation: Economic, political, and/or military advantage
• 2017 Outlook: Will continue to strengthen their defensive and
offensive cyber skills

Future in Cyber Security
 2.5 Million Cyber Security Job Openings globally in 2019.

Launch Nation wide information security campaign: Information on cyber
security related aspects is the concern of all the computer network / Internet users.
Thus, the Government should take appropriate steps to inform the public about
cyber security in a well-organized manner. This could be done by organizing
workshops / trainings, regular discussions / talks on TV during prime time,
publishing articles etc. in the leading newspapers on cyber security and counter
security aspects.
What is needed today is ……

Let us all come together to prevent Cyber Crime,
as
TOGETHER WE CAN.
Thankyou for the kind support.
NiksTechnology
wishes youall a
QUALITYOF WORKLIFEAHEAD.

Cyber Security College Workshop

More Related Content

Cyber Security College Workshop