Cyber Security is: “Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.”
Report
Share
Report
Share
1 of 52
More Related Content
Cyber Security College Workshop
1. Workshop on Cyber Security
Niks Technology Private Limited
By: Dr. Rahul Nayan
2. Cyber Space:
The Global Room Today
A science fiction writer coined the useful term "cyberspace" in 1982. But the territory in question, the
electronic frontier, is about a hundred and thirty years old. Cyberspace is the "place" where a
telephone conversation appears to occur. Not inside your actual phone, the plastic device on your
desk. This "place“ is not "real," but it is serious, it is earnest. Tens of thousands of people have
dedicated their lives to it, to the public service of public communication by wire and electronics.
Cyberspace today is a "Net," a "Matrix," international in scope and growing swiftly and steadily. It's
growing in size, and wealth, and political importance. People have met there and been married there.
There are entire living communities in cyberspace today; chattering, gossiping, planning, conferring
and scheming, leaving one another voice-mail and electronic mail, giving one another big weightless
chunks of valuable data, both legitimate and illegitimate. They busily pass one another computer
software and the occasional festering computer virus.
Niks Technology Private Limited
3. Niks Technology Private Limited
Cyber Security Defined
Cyber Security’s goal: Protect our information and
information systems
Cyber Security is: “Protection of information
systems against unauthorized access to or
modification of information, whether in storage,
processing or transit, and against the denial of service
to authorized users, including those measures
necessary to detect, document, and counter such
threats.”
4. The CIA and N
• Confidentiality: Safeguards information from being accessed by individuals without the
proper clearance, access level, and need to know.
• Integrity: Results from the protection of unauthorized modification or destruction of
information.
• Availability: Information services are accessible when they are needed. Authentication
means a security measure that establishes the validity of a transmission, message, or
originator, or a means of verifying an individual's authorization to receive specific categories
of information.
• Non-repudiation: Assurance the sender of data is provided with proof of delivery and the
recipient is provided with proof of the sender's identity, so neither can later deny having
processed the data.
Niks Technology Private Limited
5. Sensitive Data
Information is considered sensitive if the loss of Confidentiality,
Integrity, or Availability could be expected to have a serious, severe, or
catastrophic adverse effect on organizational operations, organizational
assets, or individuals.
Types of sensitive information include:
Personnel
Financial
Payroll
Medical
Privacy Act information.
Niks Technology Private Limited
6. The Bottom Line
• The Internet already has triggered challenging questions about the
applicability of case precedent and legal models for Internet-mediated
communications and commerce.
• At the macro-level, the Internet affects broad, almost metaphysical concepts
like matter, distance, time and space.
• At the micro-level, it directly impacts how we communicate, educate,
entertain and transact business.
Niks Technology Private Limited
7. Assets
Financial Data
Personal information
Critical design information
System control functions for Dams etc.
Proprietary data
Niks Technology Private Limited
8. Threats
Hackers, crackers
Black hats and White hats
Criminals and Terrorists
Russian invasion of Georgia
War Driving
Social engineering
Niks Technology Private Limited
12. Cyber Terrorism & Cyber Crime
Cyber Terrorism focuses on controlling critical infrastructure
Cyber Crime focuses on competitive advantage and financial gain.
Niks Technology Private Limited
13. Vulnerabilities
Hardware
Unsecured Wi-Fi
No Router
Router with default password
Software
No anti-virus/anti-spyware
No Firewall
Old virus definitions
Out of date Windows O.S.
Personal Behaviour
Failure to use strong passwords
Clicking on unsafe links or emails
Downloading questionable files
Leaving computer logged on
Leaving your computer accessible
Niks Technology Private Limited
14. Vulnerability Assessments
Blue Team
Physical security assessment
Includes an IT component
Red Team
Penetration testing
Off site script run against IT system
Post assessment report identifying
Niks Technology Private Limited
16. TROJANS: The chief of VIRUSES
(Vital Information Resource Under Seize)
Trojans are small programs that effectively give “hackers” remote control over your entire Computer.
Some common features with Trojans are as follows:
Open your DVD-ROM drive
Capture a screenshot of your computer
Record your key strokes and send them to the “Hacker”
Full Access to all your drives and files
Ability to use your computer as a bridge to do other hacking related activities.
Disable your keyboard
Disable your mouse…and more!
Niks Technology Private Limited
17. Hackers: Breaches
• Headlines
– Ashley Madison 2015: Many use same passwords, spear phishing
campaigns, blackmail targets
– Twitter: 32 Million
– Yahoo: 500 Million (LinkedIn, Amazon, Facebook, Credit Cards, )
– Security cameras, breach-able appliances, access control systems
– Malware found on all platforms including Apple
– 9 million new signatures of malware in July 2018
Niks Technology Private Limited
18. Attack Vectors
Hacking (Data theft, corporate espionage, identity theft)
Social Engineering (Spear Phishing, Phishing, traditional SE)
Internal attacks: Unauthorized access and access control
Cloud Attacks and Breaches (Dropbox, iCloud, OneDrive, Etc.)
Virus/Malware/Botnet
Ransomware and Extortion
Niks Technology Private Limited
21. ULTIMATE PREVENTION: CURE
Niks Technology Private Limited
Firewalls
Anti Virus
Cyber Hygiene
Access Control
Data Security and Information Protection
Protective Technology
Boundary Defense and Network Separation
Configuration Management
Training
22. 10 Driving Principles of the New Economy
Matter—law involves the processing of information and the Internet provides a
comparatively superior medium for some applications.
Space—the Internet transcends distance and provides a major new promotional medium.
Time—Internet time moves faster than we’d like.
People—brain power and people skills matter particularly in an Internet-mediated world.
Growth—the Internet can fuel market expansion.
Value—Web pages offer prospective clients access to helpful general information and
for existing clients a portal to a some of a firm’s assets.
Efficiency—consider whether and how e-mail enhances productivity.
Markets—the Internet makes markets more porous and more easily customized.
Transactions—with modification, the Internet can provide a medium for commerce.
Impulse—the Internet reduces the time between sales pitch and transaction.
Niks Technology Private Limited
24. Cybersecurity Plans and Strategies, Establishing
Priorities, Organizing Roles and Responsibilities
Niks Technology Private Limited
25. Technology Trends
The Internet provides a “virtual” medium for
communications and commerce that transcends many of
the limitations in the physical world.
This presents a mixed blessing: the capacity to achieve
near parity with competitors located any place, offset by
expectations and the complexity in doing business across
jurisdictions.
We must ascend new learning curves and make sizeable
equipment investments to accrue efficiency and
productivity gains.
Niks Technology Private Limited
26. Marketplace Trends
The Internet reduces market entry barriers.
It provides a new medium, that can reduce transaction costs and
promote “frictionless” commerce.
It can eliminate intermediaries that do not add sufficient value
(“disintermediation”), but it also can create new opportunities,
e.g., content portals, auctioneers and B2B brokers.
It reduces comparative and competitive disadvantages based on
location alone.
It offers the promise of faster, better, smarter, cheaper and more
convenient services.
Niks Technology Private Limited
27. Business in the 21st Century
All businesses in 21st century will be more and more knowledge
based. IT will be a strong enabler for the business
Businesses will stick to their core competencies
Logistics will be critical
Layers of management structures will shrink
Changing Business Relationships
And the Cyber Security shall be a concern for all….
Niks Technology Private Limited
28. How business will be
done in the 21st Century
• Deal with well informed customers with high service
standards expectation
• Paperless Offices and work flow based execution
• Business at any hour
• Virtual Showrooms and Teleshopping
• And again the Cyber Security shall be a concern for
all………….
Niks Technology Private Limited
29. How the Internet Affects the Law
Internet mediation does not necessarily foreclose the application of preexisting laws;
something unlawful, regulated or licensed does not become lawful, unregulated and
unlicensed simply through Internet-mediation.
The trans border nature of Internet commerce and communications challenges
national sovereignty and the jurisdictional reach of laws and regulations.
Technological innovations, coupled with the global reach of the Internet, threaten the
viability of laws including ones protecting intellectual property, privacy and
consumers.
Niks Technology Private Limited
30. What is Cyber Law ?
Cyber law is a generic term which refers to all the legal and
regulatory aspects of Information Technology in the Cyber
space
Anything related to or concerning any activity of netizens
and others, within Cyberspace comes within the ambit of
Cyber law
A vibrant and effective regulatory mechanism is crucial for
the success of e-Commerce
Niks Technology Private Limited
31. The Information
Technology Act 2000
India is the 13th country to pass legislation on Information
Technology.
The I.T. Act received the President’s sanction on 9th June,
2000.The I.T. Act is effective from 17th October, 2000.
Niks Technology Private Limited
32. Salient Features of I.T Act
Computer data accorded legal sanctity
Certifying Authorities for Digital Signature established
Digital Signature recognized
Cyber crimes to invite tough penalties
E-Governance
Police Authorities given powers of enforcement
Appellate authorities set up
Niks Technology Private Limited
33. Legal Recognition For
Electronic Records
An electronic data will be considered as a valid evidence in the court of law.
The following conditions have to be satisfied:
The information contained in the data is accessible for subsequent use or
reference.
The electronic record is retained or reproducible in the format in which it was
originally generated, sent or received
Facilitate identification of the origin, date and time of dispatch or receipt of such
electronic record.
Niks Technology Private Limited
34. Digital Certificate
A Digital Certificate is an “electronic card” that establishes one’s
credentials when doing business or other transactions on the web.
Issuing Authority
Certifying Authority is a person to whom a license has been granted
to issue a Digital Certificate which is used to create public-private key
pairs and digital signatures.
Niks Technology Private Limited
35. Eligibility criteria for Certifying Authorities
An individual being a citizen of India, who has a capital of Rs 5 crores
in his business or profession
A company with a paid up capital of Rs 5 crores and net worth not less
than Rs 50 crores and with a foreign holding of not more than 49 %
A firm with capital of all partners exceeding 5 crores and net worth
exceeding Rs 50 crores
Niks Technology Private Limited
36. Digital Signature
A digital signature is a digital code that can be attached to an
electronically transmitted message to uniquely identify the stranger.
Unlike a handwritten signature, a digital signature binds the content of a
message to the signer in such a way that if even one bit in the message
changes enroute, the signature will not verify at the other end.
Niks Technology Private Limited
37. Authentication of
Digital Signatures
Any subscriber (a person in whose name digital signature is issued)may
authenticate an electronic record by affixing his digital signature
A Digital Signature is secure if it has the following attributes :
Unique to subscriber affixing it
Capable of identifying such subscriber
Created in an manner or using means under the exclusive control of the subscriber
Niks Technology Private Limited
38. Duties of the Subscriber
Subscriber to generate the key pair by using the prescribed security
procedure
Subscriber to exercise reasonable care to retain control over the private
key
Cannot refute a document to which his signature is affixed as not sent by
him using his private key
Niks Technology Private Limited
39. Revocation of Digital
Signature Certificate
Upon request made by a subscriber
Upon the death by a subscriber
Upon dissolution of firm or company
Requirements for issuance of digital signature not fulfilled by subscriber
Niks Technology Private Limited
40. Cyber Crimes
What is Cyber Crime?
All activities done with criminal intent in Cyber space. These
could be either the criminal activities in the conventional sense
or could be activities, newly evolved with growth of new
medium.
Niks Technology Private Limited
41. Major Cybercrimes
Unauthorized access to a computer system
Unauthorized access to data or information
Introduces or causes to introduce viruses
Tampering with computer source documents
Cause Damage to Computer system or causes any disruption
Denies access to any person authorized to access the computer system
Spread of viruses
Uses or down loads un-licensed software
Hacking
Publishing obscene information
Breach of confidentiality and privacy
Cyber Squatting
Spread of viruses
Niks Technology Private Limited
42. Cybersecurity
The cost and risks of cyber attacks are increasing
Niks Technology Private Limited
Cyber Threat Landscape
• Cybersecurity events and costs are increasing:
– 79% of survey respondents detected a security incident in the past 12 months
– Average total cost of a data breach increased 23% over the past two years
– Average cost paid for each lost / stolen record increased 6%
Industry Outlook
• Data breaches are expected to reach $2.1 trillion globally by 2019
• 76% of survey respondents were more concerned about cybersecurity threats than in previous 12 months:
– Increase from 59% in 2014
Reputational Risk
• An IT security breach can have serious implications in how a company is perceived:
– 46% of companies suffered damage to reputation & brand value due to a security breach
– 19% of companies suffered damage to reputation & brand value due to a third-party security breach
or IT system failure
• The risk of losing customer trust is significant and rising:
– 82% of customers would consider leaving an institution that suffered a data breach
43. CYBERLAWS FOR
E-COMMERCE
Cybercrimes are on the increase.
Cybercrimes can be said to be of three categories :
1. Cybercrime against property
2. Cybercrime against persons
3. Cybercrime against nations
Niks Technology Private Limited
44. Special Provisions for ISPs
Service Providers considered as intermediaries
ISPs – Internet Service Providers to maintain log of all their
customers and the sites they have visited. For this special software is
required to be installed.
Such data to be produced on demand by ISPs to any enquiry officer
Niks Technology Private Limited
45. IT ACT,2000- OBJECTS
Aims to provide legal recognition for transactions carried out by means
of electronic data interchange and other means of electronic
communication commonly referred to as electronic commerce which
involve the alternatives to paper based methods of communication and
storage of information.
To facilitate electronic filing of documents with Government agencies .
To amend four laws of the country, The Indian Penal Code, The Indian
Evidence Act, 1872, The Bankers Book Evidence Act, 1881 and The
Reserve Bank of India Act, 1934.
Niks Technology Private Limited
46. HACKING
Hacking has been made a penal offence punishable with imprisonment
and fine.
“ Whoever with the intent to cause or knowing that he is likely to
cause wrongful loss or damage to the public or any person destroys or
deletes or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by any means,
commits hacking”
Niks Technology Private Limited
47. SEARCH ENGINE ISSUES
In case, if your website has a search facility or a search engine,
specific declaration about the same needs to be given on the
homepage.
Express disclaiming statements need to be given that search engine is
only spidering the web for the requested query on the basis of the
relevant technology and that the website, owners and administrators
are not liable in any manner whatsoever in any event or for any cause
whatsoever for the search results.
Niks Technology Private Limited
48. Strategic Forces Shaping Cyber
Significant Cyber Events in 2018
Niks Technology Private Limited
2018
Events
Social
Media
Infrastructure &
Government
HealthcareHospitality
Business
49. The Threat Landscape
Niks Technology Private Limited
• Impact: Costly regulatory inquiries and
penalties, consumer and shareholder
lawsuits, loss of consumer confidence
• Motivation: Financial gain
• 2017 Outlook: Cyber-extortion
will continue to rise
• Impact: Competitive advantage, trade secret disclosure,
operational disruption, brand and reputation
• Motivation: Personal advantage, monetary gain, professional
revenge, patriotism
• 2017 Outlook: More organizations will implement insider threat
mitigation programs and processes
• Impact: Disruption of business activities, brand and reputation, loss
of consumer confidence
• Motivation: Negatively impact reputation, drive attention to a
cause, pressure for change
• 2017 Outlook: Expected to escalate attack methods with high-
profile data breaches
• Impact: loss of competitive advantage, disruption
to critical infrastructure
• Motivation: Economic, political, and/or military advantage
• 2017 Outlook: Will continue to strengthen their defensive and
offensive cyber skills
50. Future in Cyber Security
2.5 Million Cyber Security Job Openings globally in 2019.
Niks Technology Private Limited
51. Launch Nation wide information security campaign: Information on cyber
security related aspects is the concern of all the computer network / Internet users.
Thus, the Government should take appropriate steps to inform the public about
cyber security in a well-organized manner. This could be done by organizing
workshops / trainings, regular discussions / talks on TV during prime time,
publishing articles etc. in the leading newspapers on cyber security and counter
security aspects.
What is needed today is ……
Niks Technology Private Limited
52. Let us all come together to prevent Cyber Crime,
as
TOGETHER WE CAN.
Thankyou for the kind support.
NiksTechnology
wishes youall a
QUALITYOF WORKLIFEAHEAD.
Niks Technology Private Limited