CYBER SECURITY

(A iliated to Bengaluru North University)

# 11/2,7 cross, Basavanapura Main Road,Gayathri Layout
th

K.R Puram, Bengaluru-36

Module 1 : Cyber Security

Concept of cyber security cybersecurity is the practice of protecting computer systems, networks, and data
from theft, damage, or unauthorized access. It encompasses a wide range of technologies, processes, and
practices designed to safeguard digital information and ensure the confidentiality, integrity, availability of
data.

 Confidentiality: This principle focuses on ensuring that sensitive information is only accessible to
authorized individuals or systems. It involves encryption, access controls, and data classification to
prevent unauthorized access or disclosure.
 Integrity: Integrity in cybersecurity means that data and systems are accurate and trustworthy. Any
unauthorized modification or tampering with data or systems should be detected and prevented.
Techniques like checksums and digital signatures are used to maintain data integrity.
 Availability: Availability ensures that systems and data are accessible when needed. Cyberattacks
can disrupt services or make them unavailable, so cybersecurity measures aim to prevent or mitigate
such disruptions through redundancy, load balancing, and disaster recovery planning.
 Authentication: Authentication is the process of ifying the identity of users, devices, or systems
trying to access resources. This can be achieved through passwords, biometrics, two-factor
authentication (2FA), and multi-factor authentication (MFA).

Cyber Attacks:

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer
code, logic or data and lead to cybercrimes, such as information and identity theft. Cyber-attacks can be
classified into the following categories:
1. Web-based attacks

2. System-based attacks

Web-based attacks

These are the attacks which occur on a website or web applications. Some of the important web-based
attacks are as follows-

 Injection attacks :It is the attack in which some data will be injected into a web application to
manipulate the application and fetch the required information.
 Session Hijacking :It is a security attack on a user session over a protected network. Web
applications create cookies to store the state and user sessions. By stealing the cookies, an attacker
can have access to all of the user data.

PREPARED BY KEERTHI K UNNI, IVDC 1

 CYBER SECURITY
 Phishing: Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy
entity in electronic communication.
 Denial of Service:It is an attack which meant to make a server or network resource unavailable to
the users.

System-based attacks

These are the attacks which are intended to compromise a computer or a computer network. Some of the
important system-based attacks are as follows-

 Virus :It is a type of malicious software program that spread throughout the computer files
without the knowledge of a user. It is a self-replicating malicious computer program that
replicates by inserting copies of itself into other computer programs when executed. It can also
execute instructions that cause harm to the system.
 Worm :It is a type of malware whose primary function is to replicate itself to spread to
uninfected computers. It works same as the computer virus. Worms often originate from email
attachments that appear to be from trusted senders.
 Trojan horse : it is a malicious program that occurs unexpected changes to computer setting and
unusual activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will run in
the background.
Cyber Threat

A Cyber threat is any malicious act that attempts to gain access to a computer network without authorization
or permission from the owners. It refers to the wide range of malicious activities that can damage or disrupt
a computer system, a network or the information it contain.

 A Threat by definition is a condition / circumstance which can cause damage to the system/asset.
 Threats can be intentional like human negligence or unintentional like natural disasters.
 A Threat may or may not be malicious.
 Chance to damage or information alteration varies from low to very high.
Cyber Attack

 An Attack by definition is an intended action to cause damage to system/asset.

 The attack is a deliberate action. An attacker has a motive and plan the attack accordingly.
 An Attack is always malicious.
 The chances of damaging or altering information is very high.
Issues and challenges of cyber security

Cybersecurity faces numerous issues and challenges due to the ever-evolving nature of technology and the
increasing sophistication of cyber threats. Some of the key issues and challenges in cybersecurity include:
[Link] Attacks: The constant threat of cyberattacks from various actors, including hackers,
cybercriminals, nation-states, and hacktivists, is a significant challenge. These attacks can take various
forms, such as malware, ransomware, phishing, and distributed denial of service (DDoS) attacks.

PREPARED BY KEERTHI K UNNI, IVDC 2

 CYBER SECURITY
[Link] Breaches: Data breaches can have severe consequences for organizations and individuals. The theft
or exposure of sensitive data, such as personal information, financial records, or intellectual property, can
lead to financial losses, reputational damage, and legal liabilities.

[Link] Vulnerabilities: Software and hardware vulnerabilities are exploited by attackers to gain
unauthorized access or control over systems. Identifying and patching these vulnerabilities in a timely
manner is a constant challenge.

[Link] Threats: Insider threats, where individuals within an organization misuse their access and
privileges, can be particularly challenging to detect and prevent. This includes employees, contractors, or
partners who intentionally or unintentionally compromise security.

[Link] of Cybersecurity Awareness: Many individuals and employees lack awareness of cybersecurity
best practices, making them susceptible to social engineering attacks and other cyber threats.

[Link]: Ransomware attacks have surged in recent years, with cybercriminals encrypting data and
demanding a ransom for decryption keys. These attacks can disrupt critical operations and result in
significant financial losses.

PREPARED BY KEERTHI K UNNI, IVDC 3