Cyber Security

Unit-1

Introduction to Cyber Security:

Cybersecurity refers to the practice of protecting computer systems, networks, and data from
unauthorized access, use, disclosure, disruption, modification, or destruction.
It involves implementing various measures, technologies, and processes to prevent cyber threats
and ensure the confidentiality, integrity, and availability of information.
1. The technique of protecting internet-connected systems such as computers, servers, mobile
devices, electronic systems, networks, and data from malicious attacks is known as cyber
security.

2. We can divide cyber security into two parts one is cyber, and the other is security.

a. Cyber refers to the technology that includes systems, networks, programs, and data.
b. Security is concerned with the protection of systems, networks, applications, and information.

3. The another name of cyber security is electronic information security or information

technology security.

4. designed to protect networks, devices, programs, and data from attack, theft, damage,
modification or unauthorized access.

Types of Cyber Security

Every organization's assets are the combinations of a variety of different systems.

o Network Security: It involves implementing the hardware and software to secure a computer
network from unauthorized access, intruders, attacks, disruption, and misuse. This security helps an
organization to protect its assets against external and internal threats.

o Application Security: It involves protecting the software and devices from unwanted threats.
This protection can be done by constantly updating the apps to ensure they are secure from attacks.
Successful security begins in the design stage, writing source code, validation, threat modeling, etc.,
before a program or device is deployed.

o Information or Data Security: It involves implementing a strong data storage mechanism to

maintain the integrity and privacy of data, both in storage and in transit.

o Identity management: It deals with the procedure for determining the level of access that each
individual has within an organization.

o Operational Security: It involves processing and making decisions on handling and securing
data assets.

o Mobile Security: It involves securing the organizational and personal data stored on mobile
devices such as cell phones, computers, tablets, and other similar devices against various malicious
threats. These threats are unauthorized access, device loss or theft, malware, etc.

o Cloud Security: It involves in protecting the information stored in the digital environment or
cloud architectures for the organization. It uses various cloud service providers such as AWS,
Azure, Google, etc., to ensure security against multiple threats.
o Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring,
alerts, and plans to how an organization responds when any malicious activity is causing the loss of
operations or data. Its policies dictate resuming the lost operations after any disaster happens to the
same operating capacity as before the event.

o User Education: It deals with the processes, monitoring, alerts, and plans to how an organization
responds when any malicious activity is causing the loss of operations or data. Its policies dictate
resuming the lost operations after any disaster happens to the same operating capacity as before the
event.

Importance and Challenges in Cyber Security:

Cybersecurity is crucial in today's interconnected world as cyber threats continue to evolve and
pose significant risks to individuals, organizations, and even nations.
The importance of cybersecurity lies in safeguarding sensitive information, protecting privacy,
preventing financial losses, maintaining trust in digital systems, and ensuring the smooth
functioning of critical infrastructure.
However, there are several challenges in achieving effective cybersecurity. These challenges
include the constantly evolving nature of cyber threats, the increasing sophistication of cyber
attacks, the shortage of skilled cybersecurity professionals, the complexity of modern technology
systems, and the rapid pace of technological advancements.
Cyber Security Goals
1. Cyber Security main objective is to ensure data protection.
2. The security community provides a triangle of three related principles to protect the data from
cyber-attacks.
3. This principle is called the CIA triad.
4. The CIA model is designed to guide policies for an organization's information security
infrastructure. When any security breaches are found, one or more of these principles has been
violated.
We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is
actually a security model that helps people to think about various parts of IT security.
Confidentiality
Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves
ensuring the data is accessible by those who are allowed to use it and blocking access to others. It
prevents essential information from reaching the wrong people. Data encryption is an excellent
example of ensuring confidentiality.
Integrity
This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized
modification by threat actors or accidental user modification. If any modifications occur, certain
measures should be taken to protect the sensitive data from corruption or loss and speedily recover
from such an event. In addition, it indicates to make the source of information genuine.
Availability
This principle makes the information to be available and useful for its authorized people always. It
ensures that these accesses are not hindered by system malfunction or cyber-attacks.
ADVANTAGES
- Cyber security will defend us from critical cyber- attacks.
- It helps us to browse the safe website.
- Cyber security will defend us from hacks & virus.
- The application of cyber security used in our PC needs to update every week.
- Internet security processes all the incoming & outgoing data on our computer.
- It helps to reduce computer chilling & crashes.
- Gives us privacy.

DISADVANTAGES
- It was expensive; most of the users can’t afford this.
- A normal user can’t use this properly, requiring special expertise.
- Lack of knowledge is the main problem.
- It was not easy to use.
- It makes the system slower.
- It could take hours to days to fix a breach in security.

Malware
Malware means malicious software, which is the most common cyber attacking tool. It is used by
the cybercriminal or hacker to disrupt or damage a legitimate user's system. The following are the
important types of malware created by the hacker:

o Virus: It is a malicious piece of code that spreads from one device to another. It can clean files
and spreads throughout a computer system, infecting files, stoles information, or damage device.

o Spyware: It is a software that secretly records information about user activities on their system.
For example, spyware could capture credit card details that can be used by the cybercriminals for
unauthorized shopping, money withdrawing, etc.

o Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into
downloading and running. Its primary purpose is to corrupt or steal data from our device or do other
harmful activities on our network.

o Ransomware: It's a piece of software that encrypts a user's files and data on a device, rendering
them unusable or erasing. Then, a monetary ransom is demanded by malicious actors for
decryption.

o Worms: It is a piece of software that spreads copies of itself from device to device without
human interaction. It does not require them to attach themselves to any program to steal or damage
the data.

o Adware: It is an advertising software used to spread malware and displays advertisements on our
device. It is an unwanted program that is installed without the user's permission. The main objective
of this program is to generate revenue for its developer by showing the ads on their browser.

o Botnets: It is a collection of internet-connected malware-infected devices that allow

cybercriminals to control them. It enables cybercriminals to get credentials leaks, unauthorized
access, and data theft without the user's permission.

Cyberspace:

Cyberspace refers to the virtual domain created by interconnected computer systems and networks.
It encompasses all the digital platforms, communication channels, and online environments where
information is exchanged, stored, and processed.
 1. Cyberspace can be defined as an intricate environment that involves interactions between
people, software, and services.

2. It is maintained by the worldwide distribution of information and communication

technology devices and networks.

3. With the benefits carried by the technological advancements, the cyberspace today has
become a common pool used by citizens, businesses, critical information infrastructure,
military and governments in a fashion that makes it hard to induce clear boundaries among
these different groups.

4. The cyberspace is anticipated to become even more complex in the upcoming years, with
the increase in networks and devices connected to it.

Cyber Threats:
Cyber threats are malicious activities or events that aim to compromise the security of computer
systems, networks, and data.
Common cyber threats include malware (such as viruses, worms, and ransomware), hacking
attacks, social engineering, phishing, identity theft, denial-of-service (DoS) attacks, and insider
threats.
A Cyber Threat or a Cyber Security Threat is a malicious act performed by hackers to intentionally
steal data or other assets, misuse them, or simply cause disruption in digital life in general. Cyber
Threats can come from remote locations by unknown parties or even within an organization by
trusted users.

Common Sources of Cyber Threats

 Nation states—hostile countries can launch cyber attacks against local companies and
institutions, aiming to interfere with communications, cause disorder, and inflict damage.

 Terrorist organizations—terrorists conduct cyber attacks aimed at destroying or abusing

critical infrastructure, threaten national security, disrupt economies, and cause bodily harm
to citizens.

 Criminal groups—organized groups of hackers aim to break into computing systems for
economic benefit. These groups use phishing, spam, spyware and malware for extortion,
theft of private information, and online scams.

 Hackers—individual hackers target organizations using a variety of attack techniques. They

are usually motivated by personal gain, revenge, financial gain, or political activity. Hackers
often develop new threats, to advance their criminal ability and improve their personal
standing in the hacker community.

 Malicious insiders—an employee who has legitimate access to company assets, and abuses
their privileges to steal information or damage computing systems for economic or personal
gain. Insiders may be employees, contractors, suppliers, or partners of the target
organization. They can also be outsiders who have compromised a privileged account and
are impersonating its owner.

Cyberwarfare:
Cyberwarfare involves the use of cyber attacks by one nation-state against another for political,
military, or economic purposes.
It includes activities such as disrupting critical infrastructure, conducting espionage, stealing
sensitive information, and launching coordinated cyber attacks against an adversary's computer
systems.
Cyber Warfare is typically defined as a set of actions by a nation or organization to attack
countries or institutions' computer network systems with the intention of disrupting,
damaging, or destroying infrastructure by computer viruses or denial-of-service attacks.

Cyber warfare can take many forms, but all of them involve either the destabilization or destruction
of critical systems. The objective is to weaken the target country by compromising its core systems.

This means cyber warfare may take several different shapes:

1. Attacks on financial infrastructure

2. Attacks on public infrastructure like dams or electrical systems

3. Attacks on safety infrastructure like traffic signals or early warning systems

4. Attacks against military resources or organizations

CIA Triad:

The CIA Triad is a fundamental concept in cybersecurity that stands for Confidentiality, Integrity,
and Availability.
Confidentiality ensures that information is accessed only by authorized individuals and remains
protected from unauthorized disclosure.
Integrity ensures that information is accurate, complete, and unaltered during storage, processing,
and transmission.
Availability ensures that information and systems are accessible and usable when needed by
authorized users.

Cyber Terrorism:

Cyber terrorism refers to the use of cyber attacks by terrorist organizations or individuals to cause
widespread disruption, fear, and damage.
It involves targeting critical infrastructure, government systems, financial institutions, and public
services to create chaos, instill fear, and undermine societal stability.
1. Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the
loss of life or significant bodily harm, in order to achieve political or ideological gains
through threat or intimidation.

2. Acts of deliberate, large-scale disruption of computer networks, especially of personal

computers attached to the Internet by means of tools such as computer viruses, computer
worms, phishing, malicious software, hardware methods, programming scripts can all be
forms of internet terrorism.

3. Cyberterrorism can be also defined as the intentional use of computers, networks, and public
internet to cause destruction and harm for personal objectives.

4. Experienced cyberterrorists, who are very skilled in terms of hacking can cause massive
damage to government systems and might leave a country in fear of further attacks.
Cyber Security of Critical Infrastructure:

Critical infrastructure refers to the essential systems and assets that are vital for the functioning of a
society and its economy, such as power grids, transportation networks, healthcare systems, and
financial institutions.
Ensuring the cybersecurity of critical infrastructure is crucial as a successful cyber attack on these
systems can have severe consequences, including economic disruption, loss of life, and societal
chaos.
Protecting critical infrastructure involves implementing robust cybersecurity measures, conducting
regular risk assessments, establishing incident response plans, and promoting collaboration between
public and private sectors.
Critical infrastructure security is the area of concern surrounding the protection of systems,
networks and assets whose continuous operation is deemed necessary to ensure the security of a
given nation, its economy, and the public's health and/or safety.
The UK internet industry and Government recognized the need to develop a series of Guiding
Principles for improving the online security of the ISPs' customers and limit the rise in
cyberattacks. Cybersecurity for these purposes encompasses the protection of essential information,
processes, and systems, connected or stored online, with a broad view across the people, technical,
and physical domains.
These Principles recognize that the ISPs (and other service providers), internet users, and UK
Government all have a role in minimizing and mitigating the cyber threats inherent in using the
internet.
These Guiding Principles have been developed to respond to this challenge by providing a
consistent approach to help, inform, educate, and protect ISPs' (Internet Service Provider's)
customers from online crimes. These Guiding Principles are aspirational, developed and delivered
as a partnership between Government and ISPs. They recognize that ISPs have different sets of
customers, offer different levels of support and services to protect those customers from cyber
threats.
Some of the essential cybersecurity principles are described below-
 1. Economy of mechanism

2. Fail-safe defaults

3. Least Privilege

4. Open Design

5. Complete mediation

6. Separation of Privilege

7. Least Common Mechanism

8. Psychological acceptability

9. Work Factor

10. Compromise Recording

1. Economy of mechanism

This principle states that Security mechanisms should be as simple and small as possible. The
Economy of mechanism principle simplifies the design and implementation of security
mechanisms. If the design and implementation are simple and small, fewer possibilities exist for
errors. The checking and testing process is less complicated so that fewer components need to be
tested. Interfaces between security modules are the suspect area which should be as simple as
possible. Because Interface modules often make implicit assumptions about input or output
parameters or the current system state. If the any of these assumptions are wrong, the module's
actions may produce unexpected results. Simple security framework facilitates its understanding by
developers and users and enables the efficient development and verification of enforcement
methods for it.

2. Fail-safe defaults

The Fail-safe defaults principle states that the default configuration of a system should have a
conservative protection scheme. This principle also restricts how privileges are initialized when a
subject or object is created. Whenever access, privileges/rights, or some security-related attribute is
not explicitly granted, it should not be grant access to that object.

Example: If we will add a new user to an operating system, the default group of the user should
have fewer access rights to files and services.

3. Least Privilege

This principle states that a user should only have those privileges that need to complete his task. Its
primary function is to control the assignment of rights granted to the user, not the identity of the
user. This means that if the boss demands root access to a UNIX system that you administer, he/she
should not be given that right unless he/she has a task that requires such level of access. If possible,
the elevated rights of a user identity should be removed as soon as those rights are no longer
needed.
4. Open Design

This principle states that the security of a mechanism should not depend on the secrecy of its design
or implementation. It suggests that complexity does not add security. This principle is the opposite
of the approach known as "security through obscurity." This principle not only applies to
information such as passwords or cryptographic systems but also to other computer security related
operations.

Example: DVD player & Content Scrambling System (CSS) protection. The CSS is a
cryptographic algorithm that protects the DVD movie disks from unauthorized copying.

5. Complete mediation

The principle of complete mediation restricts the caching of information, which often leads to
simpler implementations of mechanisms. The idea of this principle is that access to every object
must be checked for compliance with a protection scheme to ensure that they are allowed. As a
consequence, there should be wary of performance improvement techniques which save the details
of previous authorization checks, since the permissions can change over time.

Whenever someone tries to access an object, the system should authenticate the access rights
associated with that subject. The subject's access rights are verified once at the initial access, and
for subsequent accesses, the system assumes that the same access rights should be accepted for that
subject and object. The operating system should mediate all and every access to an object.

Example: An online banking website should require users to sign-in again after a certain period
like we can say, twenty minutes has elapsed.

6. Separation of Privilege

This principle states that a system should grant access permission based on more than one condition
being satisfied. This principle may also be restrictive because it limits access to system entities.
Thus, before privilege is granted more than two verifications should be performed.

Example: To change to root, two conditions must be met-

 The user must know the root password.

 The user must be in the right group (wheel).

7. Least Common Mechanism

This principle states that in systems with multiple users, the mechanisms allowing resources shared
by more than one user should be minimized as much as possible. This principle may also be
restrictive because it limits the sharing of resources.

Example: If there is a need to be accessed a file or application by more than one user, then these
users should use separate channels to access these resources, which helps to prevent from
unforeseen consequences that could cause security problems.

8. Psychological acceptability

This principle states that a security mechanism should not make the resource more complicated to
access if the security mechanisms were not present. The psychological acceptability principle
recognizes the human element in computer security. If security related software or computer
systems are too complicated to configure, maintain, or operate, the user will not employ the
necessary security mechanisms. For example, if a password is matched during a password change
process, the password changing program should state why it was denied rather than giving a cryptic
error message. At the same time, applications should not impart unnecessary information that may
lead to a compromise in security.

Example: When we enter a wrong password, the system should only tell us that the user
id or password was incorrect. It should not tell us that only the password was wrong as
this gives the attacker information.

9. Work Factor

This principle states that the cost of circumventing a security mechanism should be compared with
the resources of a potential attacker when designing a security scheme. In some cases, the cost of
circumventing ("known as work factor") can be easily calculated. In other words, the work factor is
a common cryptographic measure which is used to determine the strength of a given cipher. It does
not map directly to cybersecurity, but the overall concept does apply.

Example: Suppose the number of experiments needed to try all possible four character passwords
is 244 = 331776. If the potential attacker must try each experimental password at a terminal, one
might consider a four-character password to be satisfactory. On the other hand, if the potential
attacker could use an astronomical computer capable of trying a million passwords per second, a
four-letter password would be a minor barrier for a potential intruder.

10. Compromise Recording

The Compromise Recording principle states that sometimes it is more desirable to record the details
of intrusion that to adopt a more sophisticated measure to prevent it.

Cybersecurity - Organizational Implications:

Cybersecurity has significant organizational implications for businesses and institutions.

Organizations need to prioritize cybersecurity as a strategic objective and integrate it into their
overall risk management strategies.

This involves developing robust security policies and procedures, conducting regular security
awareness training for employees, implementing strong access controls and encryption
mechanisms, and regularly assessing and monitoring the effectiveness of security measures.

Organizations should also establish incident response plans to effectively handle cyber incidents,
establish partnerships with cybersecurity vendors and experts, and stay updated with the latest
threats and vulnerabilities.
 Unit – 2
Hackers and Cyber Crimes

What are Hackers? A hacker is a person who breaks into a computer system. The reasons for
hacking can be many: installing malware, stealing or destroying data, disrupting service, and more.
Hackers are individuals with advanced computer skills who possess in-depth knowledge of
computer systems and networks.
What are Crackers? Crackers are kind of bad people who break or violate the system or a
computer remotely with bad intentions to harm the data and steal it. Crackers destroy data by
gaining unauthorized access to the network. Crackers, on the other hand, are individuals who break
into computer systems and networks with malicious intent, often for personal gain or to cause harm.
Write the Difference between Hackers and Crackers?
1. Hackers are people who use their knowledge for a good purpose and do not damage the data,
whereas a cracker is someone who breaks into the system with a malicious purpose and damages
data intentionally.
2. Hackers possess advanced knowledge of computer systems and programming languages, while
crackers might not necessarily be so skilled and well-versed with computing knowledge.
3. The hackers work for an organization to improvise their network and solve any issues. Crackers
are someone from whom the hacker protects the organization. Crackers work just because a system
might be challenging or to get illegal gains.
4. Hacking is ethical, while cracking is illegal and unethical.
5. Hackers have ethical certificates, while the Crackers do not possess any certificates.
6. Hackers continuously work towards making new tools rather than using the existing ones. The
crackers, on the other hand, have inadequate computing knowledge to make new tools and use tools
already used by other crackers.
Types of Hackers:
White Hat Hackers (Ethical Hacker): Also known as ethical hackers,
they use their skills to identify vulnerabilities in computer systems and
networks and help organizations strengthen their security defenses. A
security hacker who gains access to systems with a view to fix the
identified weaknesses. They may also perform penetration Testing and
vulnerability assessments.
Black Hat Hackers: These are malicious hackers who exploit
vulnerabilities for personal gain, engage in cybercrime, steal data, and
cause harm. A hacker who gains unauthorized access to computer systems
for personal gain. The intent is usually to steal corporate data, violate
privacy rights, transfer funds from bank accounts etc.
 Grey Hat Hackers: They fall somewhere between white hat and black hat
hackers. They may exploit vulnerabilities without authorization but with
the intention of notifying the affected parties to fix the issues. A hacker
who is in between ethical and black hat hackers. He/she breaks into
computer systems without authority with a view to identify weaknesses
and reveal them to the system owner.

Script kiddies: A non-skilled person who gains access to computer

systems using already made tools.

Hacktivist: A hacker who use hacking to send social, religious, and

political, etc. messages. This is usually done by hijacking websites and
leaving the message on the hijacked website.

Phreaker: A hacker who identifies and exploits weaknesses in telephones

instead of computers.

Cyber-Attacks and Vulnerabilities:

Cyber-attacks are deliberate actions aimed at exploiting vulnerabilities in computer systems,
networks, or software to gain unauthorized access, disrupt operations, or steal sensitive information.
Vulnerabilities are weaknesses or flaws in software, hardware, or network configurations that can
be exploited by attackers to compromise systems.
Malware Threats:
Malware, short for malicious software, refers to any software designed to perform malicious
activities on a computer system.
Types of malwares include viruses, worms, Trojans, ransomware, spyware, adware, and botnets.
Malware can be delivered through email attachments, malicious websites, infected software
downloads, or removable media.
Sniffing:
Sniffing involves capturing and analyzing network traffic to intercept sensitive information such as
passwords, usernames, credit card numbers, or other confidential data. A sniffing attack is an act of
intercepting or capturing data while in transit through a network. Sniffing is a process of monitoring
and capturing all data packets passing through given network. Sniffers are used by network/system
administrator to monitor and troubleshoot network traffic. Attackers use sniffers to capture data
packets containing sensitive information such as password, account information etc. Sniffers can be
hardware or software installed in the system.
Active Sniffing: Sniffing in the switch is active sniffing. A switch is a point to point network
device. The switch regulates the flow of data between its ports by actively monitoring the MAC
address on each port, which helps it pass data only to its intended target. In order to capture the
traffic between target sniffers has to actively inject traffic into the LAN to enable sniffing of the
traffic. This can be done in various ways.
Passive Sniffing: This is the process of sniffing through the hub. Any traffic that is passing through
the non-switched or unbridged network segment can be seen by all machines on that segment.
Sniffers operate at the data link layer of the network. Any data sent across the LAN is actually sent
to each and every machine connected to the LAN. This is called passive since sniffers placed by the
attackers passively wait for the data to be sent and capture them.
Sniffing attacks can be carried out using specialized tools or by compromising network devices.

Gaining Access:
Gaining access refers to the process of unauthorized entry into a computer system, network, or
application. Gaining access attack is the second part of the network penetration testing. In this
section, we will connect to the network. This will allow us to launch more powerful attacks and get
more accurate information. If a network doesn't use encryption, we can just connect to it and sniff
out unencrypted data. If a network is wired, we can use a cable and connect to it, perhaps through
changing our MAC address.
Attackers may use various methods such as exploiting software vulnerabilities, using default or
weak credentials, or conducting brute-force attacks to gain access.
Escalating Privileges:
Once attackers gain initial access, they may attempt to escalate their privileges to gain higher levels
of control within the system. A privilege escalation attack is a cyberattack designed to gain
unauthorized privileged access into a system. Privilege escalation is the act of exploiting a bug, a
design flaw, or a configuration oversight in an operating system or software application to gain
elevated access to resources that are normally protected from an application or user.
Privilege escalation involves exploiting vulnerabilities or misconfigurations to gain administrative
or root-level access, which allows the attacker to perform more extensive actions.
Executing Applications:
Attackers may execute malicious applications or scripts on compromised systems to carry out
specific actions, such as stealing data, launching further attacks, or creating backdoors for future
access.
Hiding Files:
Attackers may hide their malicious files, scripts, or malware within legitimate-looking files, folders,
or system areas to evade detection by security tools and administrators.
Covering Tracks:
After carrying out an attack, attackers may attempt to cover their tracks by deleting logs, modifying
timestamps, or tampering with audit trails to avoid detection and hinder forensic investigations. If
someone covers their tracks, they hide or destroy evidence of their identity or their actions, because
they want to keep them secret.

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter
computer code, logic or data and lead to cybercrimes, such as information and identity theft.

We are living in a digital era. Now a day, most of the people use computer and internet. Due to the
dependency on digital things, the illegal computer activity is growing and changing like any type
of crime.

Cyber-attacks can be classified into the following categories:

Web-based attacks

These are the attacks which occur on a website or web applications. Some of the important web-
based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS
resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the
attacker’s computer or any other computer. The DNS spoofing attacks can go on for a long period
of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create cookies
to store the state and user sessions. By stealing the cookies, an attacker can have access to all of
the user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login credentials
and credit card number. It occurs when an attacker is masquerading as a trustworthy entity in
electronic communication.

5. Brute force

It is a type of attack which uses a trial-and-error method. This attack generates a large number of
guesses and validates them to obtain actual data like user password and personal identification
number. This attack may be used by criminals to crack encrypted data, or by security, analysts to
test an organization's network security.

6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a crash.
It uses the single system and single internet connection to attack a server. It can be classified into
the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured
in bit per second.

Protocol attacks- It consumes actual server resources, and is measured in a packet.

Application layer attacks- Its goal is to crash the web server and is measured in request per
second.

7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get original
password.

8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can make a web
server to deliver web pages for which he is not authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of the
include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and server
and acts as a bridge between them. Due to this, an attacker will be able to read, insert and modify
the data in the intercepted connection.

System-based attacks

These are the attacks which are intended to compromise a computer or a computer network. Some
of the important system-based attacks are as follows-

1. Virus
It is a type of malicious software program that spread throughout the computer files without the
knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system. Viruses are programs that replicate and spread by
attaching themselves to other files or programs, often causing damage or disrupting system
operations.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected

computers. It works same as the computer virus. Worms often originate from email attachments
that appear to be from trusted senders. Worms are self-replicating programs that spread across
networks, exploiting vulnerabilities and consuming system resources. A worm virus refers to a
malicious program that replicates itself, automatically spreading through a network. A computer
worm is a type of malware that spreads copies of itself from computer to computer. A worm can
replicate itself without any human interaction, and it does not need to attach itself to a software
program in order to cause damage.

3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual activity,
even when the computer should be idle. It misleads the user of its true intent. It appears to be a
normal application but when opened/executed some malicious code will run in the background.
Trojans are malicious programs disguised as legitimate software, which trick users into executing
them and provide unauthorized access to attackers. A Trojan is sometimes called a Trojan virus or
a Trojan horse virus. A Trojan horse, or Trojan, is a type of malicious code or software that looks
legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or
in general inflict some other harmful action on your data or network. A Trojan Horse Virus is a
type of malware that downloads onto a computer disguised as a legitimate program.

4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a backdoor
so that an application or operating system can be accessed for troubleshooting or other purposes.
Backdoors are hidden entry points created by attackers to bypass normal authentication
mechanisms and gain unauthorized access to systems or networks. A backdoor is a means to
access a computer system or encrypted data that bypasses the system's customary security. A
backdoor is any method that allows somebody — hackers, governments, IT people, etc. — to
remotely access your device without your permission or knowledge. Hackers can install a
backdoor onto your device by using malware, by exploiting your software vulnerabilities, or even
by directly installing a backdoor in your device’s hardware/firmware.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network services. Some
bots program run automatically, while others only execute commands when they receive specific
input. Common examples of bot’s program are the crawler, chatroom bots, and malicious bots.
 Unit- 3
Ethical Hacking and Social Engineering

Ethical Hacking Concepts and Scopes:

Ethical hacking, also known as penetration testing or white hat hacking, involves authorized and
legal attempts to identify vulnerabilities in computer systems, networks, or applications.
Ethical hackers use their skills and knowledge to assess the security posture of organizations, find
weaknesses, and provide recommendations for improvement.
The scope of ethical hacking typically includes testing networks, applications, infrastructure,
wireless networks, and social engineering.
It is an act of penetrating networks or systems to find out threats and vulnerabilities in that system
which the attacker would have exploited and caused the loss of data, financial loss or other major
damages to a business.
Purpose of Ethical hacking
The purpose of Ethical hacking is to build the security of the system or network by settling the
vulnerabilities which are detected while testing. Ethical hackers may use the same techniques and
mechanisms used by malicious hackers but with the permission of the authorized person, the
Ethical hackers help to develop the security and defend the systems from attacks.
Why Ethical Hacking is important?
When the Ethical hacker finds a vulnerability, he will inform the issues and advise how to fix the
problem. The company employs an Ethical hacker to protect and secure their data. The Ethical
hacker’s tests do not always mean a system is attacked by malicious attackers. Sometimes, it means
the hacker is preparing and protecting their data in precaution. Some of the advanced attacks caused
by hackers include: -
 Piracy
 Vandalism
 Credit card theft
 Theft of service
 Identity theft
 Manipulation of data
 Denial-of-service Attacks
These types of cyberattacks, hacking cases are increased because of the huge usage of online
services and online transactions in the last decade.
Phases of Ethical Hacking: -
The phases of Ethical Hacking: -
 Scanning
 Footprinting & Reconnaissance
 Enumeration
 System Hacking
 Escalation of Privileges
 Covering Track
Skills of an Ethical Hacker
A skilled Ethical Hacker should hold a collection of technical and non-technical skills.
Technical Skills
1. The Ethical Hackers must have strong knowledge in all Operating Systems like Windows,
Linux, and Mac.
2. The Ethical Hackers should be skilled with Networking and have a strong knowledge of
basic and detailed concepts in technologies, software, and hardware applications.
3. Ethical Hackers must know all kinds of attacks.
Non-Technical Skills
1. Communication Skills
2. Learning Ability
3. Problem-solving skills
4. Proficient in the security policies
5. Awareness of laws, standards, and regulations.
Scope of Ethical Hacking: -
Ethical hacking is generally used as penetration testing to detect vulnerabilities, risk and identify
the loopholes in a security system and to take corrective measures against those attacks.
Ethical hacking is a key component of risk evaluation, auditing, and counter -frauds. The scope for
the Ethical Hackers is high and it is one of the rapidly growing careers at present as many malicious
attackers cause a threat to the business and its networks. Industries like Information Technology and
Banking Sectors hire several Ethical hackers to protect their data and infrastructure. Also, in the
upcoming days, the demand for this profile is going to be high compared to other profiles due to an
increased threat of vulnerabilities.
What are Ethical Hacking Scopes?
 Information Security Analyst.
 Cyber Security Analyst.
 Security Engineer.
 Penetration Tester.
 Security Analyst.
 Information Security Manager.
 Cyber Security Engineer.
What are Threats and Attack Vectors in cyber security?
Threats in the context of ethical hacking refer to potential risks or vulnerabilities that can be
exploited by attackers to compromise systems or networks.
Attack vectors are the specific methods or techniques used by attackers to carry out an attack.
They can include exploiting software vulnerabilities, using social engineering tactics, leveraging
weak passwords, or conducting phishing attacks.
1. An attack vector is a pathway or method used by a hacker to illegally access a network or
computer in an attempt to exploit system vulnerabilities.
2. Hackers use numerous attack vectors to launch attacks that take advantage of system
weaknesses, cause a data breach, or steal login credentials.
 Passive Attack - A passive attack occurs when an attacker monitors a system for open
ports or vulnerabilities to gain or gather information about their target. Passive attacks can
be difficult to detect because they do not involve altering data or system resources.
 Active Attack - An active attack vector is one that sets out to disrupt or cause damage to
an organization’s system resources or affect their regular operations. This includes attackers
launching attacks against system vulnerabilities, such as denial-of-service (DoS) attacks,
targeting users’ weak passwords, or through malware and phishing attacks.
Write common types of cyber attack vectors?
1. Malicious Insiders
A malicious insider is an employee who exposes private company information and/or exploits
company vulnerabilities.
2. Missing or Poor Encryption
Data encryption translates data into another form that only people with access to a secret key or
password can read. Encrypted data is commonly referred to as ciphertext, while unencrypted data is
called plaintext. The purpose of data encryption is to protect digital data confidentiality.
Missing / poor encryption leads to sensitive information including credentials being transmitted
either in plaintext, or using weak cryptographic ciphers or protocols.
3. Weak and Stolen Credentials
Weak passwords and password reuse make credential exposure a gateway for initial attacker access
and propagation.
Apps and protocols sending login credentials over your network pose a significant security threat.
An attacker connected to your network can easily locate and utilize these credentials for lateral
movement.
For example, in the Target attack, adversaries were able to steal Active Directory credentials and
propagate their attack into the enterprise payment network.
4. Phishing
Phishing is a cybercrime tactic in which the targets are contacted by email, telephone or text
message by someone posing as a legitimate institution to lure individuals into providing sensitive
data such as personally identifiable information, banking and credit card details, and passwords.
5. Ransomware
Ransomware is a form of cyber-extortion in which users are unable to access their data until a
ransom is paid. Users are shown instructions for how to pay a fee to get the decryption key.
6. Misconfiguration
Misconfiguration is when there is an error in system configuration.
What is Information Assurance (IA)?
Information assurance focuses on protecting the confidentiality, integrity, and availability of
information and ensuring its reliability.
It involves implementing security controls, policies, and procedures to mitigate risks and protect
sensitive data from unauthorized access, modification, or disclosure.
1. Information Assurance (IA) is the practice of managing information-related risks and the
steps involved to protect information systems such as computer and network systems.
2. Information assurance is the practice of assuring information and managing risks related
to the use, processing, storage, and transmission of information.
3. Information assurance includes protection of the integrity, availability, authenticity and
confidentiality of user data.
Pillars of Information Assurance:
1. Integrity
2. Availability
3. Authentication
4. Confidentiality
5. Non repudiation
Integrity
Integrity involves assurance that all information systems are protected
Availability
Availability means those who need access to information, are allowed to access it. Information
should be available to only those who are aware of the risks associated with information systems.
Authentication
Authentication involves ensuring those who have access to information are who they say they are.
authentication include methods such as two-factor authentication, strong passwords, biometrics, and
other devices.
Confidentiality
IA involves the confidentiality of information, meaning only those with authorization may view
certain data.
Non repudiation
Assurance that the sender of information is provided with proof of delivery and the recipient is
provided with proof of the sender's identity
Threat Modelling:
Threat modelling is a systematic approach used to identify and analyze potential threats and
vulnerabilities to a system or application.
It involves identifying potential attackers, their motivations, and the methods they might use to
compromise security.
By understanding the threats, organizations can design and implement appropriate security controls
to mitigate the risks effectively.
Enterprise Information Security Architecture:
Enterprise information security architecture refers to the design and structure of an organization's
security infrastructure.
It involves creating a comprehensive framework that defines the security controls, policies, and
technologies used to protect the organization's assets and systems.
The architecture should align with the organization's goals, comply with relevant regulations, and
provide a robust defense against threats.
What is vulnerability assessment in cyber security?
Vulnerability assessment involves identifying and assessing vulnerabilities in systems, networks, or
applications.
It typically involves scanning systems for known vulnerabilities, analyzing the results, and
providing recommendations for remediation.
A vulnerability assessment is the testing process used to identify and assign severity levels to as
many security defects as possible in a given timeframe.
A vulnerability assessment is a systematic review of security weaknesses in an information system.
It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those
vulnerabilities, and recommends remediation or mitigation, if and whenever needed.
Penetration Testing in cyber security?
A penetration test (pen test) is an authorized simulated attack performed on a computer system to
evaluate its security. Penetration testing goes a step further by simulating real-world attacks to test
the effectiveness of security controls and identify potential weaknesses. Penetration testers use the
same tools, techniques, and processes as attackers to find and demonstrate the business impacts of
weaknesses in a system.
Penetration Testing is the method to evaluate the security of an application or network by safely
exploiting any security vulnerabilities present in the system. These security flaws can be present in
various areas such as system configuration settings, login methods, and even end-users risky
behaviors.
Insider Attack:
Insider attacks refer to security breaches or malicious activities conducted by individuals who have
authorized access to systems or networks.
Insiders may abuse their privileges, steal data, compromise systems, or cause damage from within
the organization.
An insider threat is a security risk that originates from within the targeted organization. It typically
involves a current or former employee or business associate who has access to sensitive information
or privileged accounts within the network of an organization, and who misuses this access.
Preventing Insider Threats:
Preventing insider threats involves implementing security measures and controls to detect and
mitigate the risks associated with trusted individuals within the organization.
This includes implementing access controls, monitoring user activities, conducting background
checks, enforcing separation of duties, and providing security awareness training.
1. Security Policy: One of the best ways to prevent insider threats is to include procedures in your
security policy to prevent and detect misuse.
2. Physical Security: One of the best ways to prevent insider theft is to physically keep employees
away from your critical infrastructure. Giving your employees a place to lock up their sensitive
information.
3. Use Multifactor Authentication: Implementing strong, multifactor authentication measures to
extremely sensitive applications within your company.
4. Segment LANs: It can be very difficult to find the many choke points inside LANs so instead,
segment LANs with firewalls which will create a zone of trust at all points that each LAN connects
with the corporate LAN.
5. Seal Information Leaks: can also use software that will scan your policy and alert you when
employees violate this policy on your network. There is also software available that will scan the
text of outgoing emails to ensure that your employees are not sharing company secrets.
6. Investigate Unusual Activities: Many times, an employee betrays a company’s trust, they don’t
expect to get cause because most companies are too busy looking for outside threats. there are
monitoring laws so make sure you familiarize yourself with these laws before you break any of
them.
7. Implement Perimeter Tools & Strategies: Make sure you patch web and email servers and get
rid of any unused services. Also, try locking down configurations to increase your security protocol.
Types of Social Engineering:
Social engineering is a technique used by attackers to manipulate individuals and trick them into
revealing sensitive information or performing actions that could compromise security.
Social engineering is a manipulation technique that exploits human error to gain private
information, access, or valuables. social engineering attackers have one of two goals:
1. Sabotage: Disrupting or corrupting data to cause harm or inconvenience.
2. Theft: Obtaining valuables like information, access, or money.
Common types of social engineering include phishing, pretexting, baiting, tailgating, and shoulder
surfing.
Social Engineering Targets/ Attacks and Defence Strategies:
Social engineering targets individuals' psychology and exploits their trust, curiosity, or willingness
to help.
1. Pretexting: Pretexting is another form of social engineering where attackers focus on creating a
pretext, or a fabricated scenario, that they can use to steal someone’s personal information.
2. Phishing: Phishing is a cybercrime tactic in which the targets are contacted by email, telephone
or text message by someone posing as a legitimate institution to lure individuals into providing
sensitive data such as personally identifiable information, banking and credit card details, and
passwords.
3. Baiting: Baiting attacks may leverage the offer of free music or movie downloads to trick users
into handing their login credentials.
4. Quid Pro Quo: quid pro quo attacks promise something in exchange for information.
5. Tailgating (piggybacking): It is a type of physical security breach in which an unauthorized
person follows an authorized individual to enter secured premises.
Defence strategies against social engineering include employee awareness and training programs,
strict access controls, multifactor authentication, incident response plans, and regular security
assessments.
Organizations should also implement strong policies regarding information sharing, privacy, and
employee conduct to mitigate the risks associated with social engineering attacks.
1. Educate Yourself
2. Be Aware of The Information You’re Releasing
3. Determine Which of Your Assets Are Most Valuable to Criminals
4. Write A Policy and Back It Up with Good Awareness Training
5. Keep Your Software Up to Date
6. Give Employees A Sense of Ownership When It Comes to Security
7. When Asked for Information, Consider Whether the Person You’re Talking to Deserves the
Information They’re Asking About
 Unit – 4
Cyber Forensics and Auditing

What are Cyber Forensics?

Computer forensics is the application of scientific techniques to collect, analyze, and preserve
digital evidence from computer systems, storage media, and other electronic devices.
Forensic investigators are professionals trained in computer forensics who play a crucial role in
collecting and analyzing digital evidence for legal and investigative purposes.
1. Cyberforensics is an electronic discovery technique used to determine and reveal technical
criminal
evidence.
2. It often involves extracting data from local and/or cloud storage to electronic to establish a chain
of evidence for legal process purposes.
3. Computer forensics is the application of investigation and analysis techniques to gather and
preserve evidence from a particular computing device in a way that is suitable for presentation in a
court of law.
4. The goal of computer forensics is to perform a structured investigation and maintain a
documented chain of evidence to find out exactly what happened on a computing device and who
was responsible for it.
Computer Equipment, and Associated Storage Media:
Computer equipment and associated storage media encompass various devices, such as computers,
laptops, servers, external hard drives, USB drives, memory cards, CDs/DVDs, and mobile devices,
that may contain valuable evidence.
Role of a Forensics Investigator:
A forensic investigator is responsible for conducting investigations involving digital evidence.
Their role includes identifying and preserving potential evidence, acquiring data from devices, analyzing
data to uncover relevant information, and documenting findings for legal proceedings.

Investigators use a variety of techniques and proprietary forensic applications to examine the copy
they've made of a compromised device. They search hidden folders and unallocated disk space for
copies of deleted, encrypted or damaged files.
 Reverse steganography. Steganography is a common tactic used to hide data inside any
type of digital file, message or data stream. Computer forensic experts reverse a
steganography attempt by analyzing the data hashing that the file in question contains. If a
cybercriminal hides important information inside an image or other digital file, it may look
the same before and after to the untrained eye, but the underlying hash or string of data that
represents the image will change.
 Stochastic forensics. Here, investigators analyze and reconstruct digital activity without the
use of digital artifacts. Artifacts are unintended alterations of data that occur from digital
processes. Artifacts include clues related to a digital crime, such as changes to file attributes
 during data theft. Stochastic forensics is frequently used in data breach investigations where
the attacker is thought to be an insider, who might not leave behind digital artifacts.
 Cross-drive analysis. This technique correlates and cross-references information found on
multiple computer drives to search for, analyze and preserve information relevant to an
investigation. Events that raise suspicion are compared with information on other drives to
look for similarities and provide context. This is also known as anomaly detection.
 Live analysis. With this technique, a computer is analyzed from within the OS while the
computer or device is running, using system tools on the computer. The analysis looks at
volatile data, which is often stored in cache or RAM. Many tools used to extract volatile
data require the computer in to be in a forensic lab to maintain the legitimacy of a chain of
evidence.
 Deleted file recovery. This technique involves searching a computer system and memory
for fragments of files that were partially deleted in one place but leave traces elsewhere on
the machine. This is sometimes known as file carving or data carving.
Forensics Investigation Process:
Cyber forensics is a field that follows certain procedures to find the evidence to reach conclusions
after proper investigation of matters.
 Identification and Preservation:

The first step of cyber forensics experts is to identify what evidence is present, where it is stored,
and in which format it is stored. Identifying potential sources of evidence and ensuring they are not
tampered with or compromised.
After identifying the data, the next step is to safely preserve the data and not allow other people to
use that device so that no one can tamper data. Taking necessary steps to preserve the integrity of
the evidence, such as creating a forensic image or making a bit-by-bit copy.
 Acquisition:
Acquiring the data from the identified sources, including computer systems, storage media, or
network logs. Using forensically sound techniques to capture and preserve the evidence, ensuring
its admissibility in court.
 Analysis:
After getting the data, the next step is to analyze the data or system. Here the expert recovers the
deleted files and verifies the recovered data and finds the evidence that the criminal tried to erase by
deleting secret files. This process might take several iterations to reach the final conclusion.
Analyzing the acquired data using forensic tools and techniques.
Searching for relevant information, reconstructing events, and uncovering evidence that can support
the investigation.
 Reporting:
Documenting the findings, methodologies, and analysis performed during the investigation. Now
after analyzing data a record is created. This record contains all the recovered and available (not
deleted) data which helps in recreating the crime scene and reviewing it.
Creating a comprehensive report that presents the evidence in a clear, concise, and understandable
manner.
 Presentation:
This is the final step in which the analyzed data is presented in front of the court to solve cases.
How many Types of computer forensics?
There are multiple types of computer forensics depending on the field in which digital investigation
is needed. The fields are:
 Network forensics: This involves monitoring and analyzing the network traffic to and from
the criminal’s network. The tools used here are network intrusion detection systems and
other automated tools.
 Email forensics: In this type of forensics, the experts check the email of the criminal and
recover deleted email threads to extract out crucial information related to the case.
 Malware forensics: This branch of forensics involves hacking related crimes. Here, the
forensics expert examines the malware, trojans to identify the hacker involved behind this.
 Memory forensics: This branch of forensics deals with collecting data from the
memory(like cache, RAM, etc.) in raw and then retrieve information from that data.
 Mobile Phone forensics: This branch of forensics generally deals with mobile phones.
They examine and analyze data from the mobile phone.
 Database forensics: This branch of forensics examines and analyzes the data from
databases and their related metadata.
 Disk forensics: This branch of forensics extracts data from storage media by searching
modified, active, or deleted files.
Advantages
 Cyber forensics ensures the integrity of the computer.
 Through cyber forensics, many people, companies, etc get to know about such crimes, thus
taking proper measures to avoid them.
 Cyber forensics find evidence from digital devices and then present them in court, which
can lead to the punishment of the culprit.
 They efficiently track down the culprit anywhere in the world.
 They help people or organizations to protect their money and time.
 The relevant data can be made trending and be used in making the public aware of it.
What are the required set of skills needed to be a cyber forensic expert?
The following skills are required to be a cyber forensic expert:
 As we know, cyber forensic based on technology. So, knowledge of various technologies,
computers, mobile phones, network hacks, security breaches, etc. is required.
 The expert should be very attentive while examining a large amount of data to identify
proof/evidence.
 The expert must be aware of criminal laws, a criminal investigation, etc.
 As we know, over time technology always changes, so the experts must be updated with the
latest technology.
 Cyber forensic experts must be able to analyse the data, derive conclusions from it and
make proper interpretations.
 The communication skill of the expert must be good so that while presenting evidence in
front of the court, everyone understands each detail with clarity.
 The expert must have strong knowledge of basic cyber security.
How to write computer forensics report?

1. Executive Summary: Executive Summary section of computer forensics report template

provides background data of conditions that needs a requirement for investigation.
2. Objectives: Objectives section is used to outline all tasks that an investigation has planned to
complete.
3. Computer Evidence Analyzed: The Computer Evidence Analyzed section is where all gathered
evidences and its interpretations are introduced. It provides detailed information.
4. Relevant Findings: This section of Relevant Findings gives summary of evidences found of
probative Value When a match is found between forensic science material recovered from a crime
scene e.g., a fingerprint, a strand of hair, a shoe print, etc.
5. Supporting Details: Supporting Details is section where in-depth analysis of relevant findings is
done.
6. Investigative Leads: Investigative Leads performs action items that could help to discover
additional information related to the investigation of case. The investigators perform all outstanding
tasks to find extra information if more time is left.
7. Additional Subsections: Various additional subsections are included in a forensic report.
 Attacker Methodology – Additional briefing to help reader understand general or exact
attacks performed is given in this section of attacker methodology.
 User Applications – In this section we discuss relevant applications that are installed on
media analyzed because it is observed that in many cases applications present on system.
 Internet Activity – Internet Activity or Web Browsing History section gives web surfing
history of user of media analyzed.
 Recommendations – This section gives recommendation to posture client to be more
prepared and trained for next computer security incident.

Collecting Network-Based Evidence:

Network-based evidence refers to digital evidence collected from network devices, logs, traffic
captures, and communication records.
Collecting network-based evidence involves capturing network packets, analyzing network logs,
examining firewall logs, and correlating network activities to reconstruct events.
Writing Computer Forensics Reports:
Computer forensics reports serve as a documentation of the investigation process, findings,
analysis, and conclusions.
Reports should be clear, concise, and organized, with detailed information on the evidence
collected, tools used, methodologies applied, and results obtained.
Reports should follow standard formats and guidelines, ensuring they are admissible as evidence in
legal proceedings.
Auditing and Planning an Audit Against a Set of Audit Criteria:
Auditing refers to the systematic evaluation of an organization's processes, controls, and systems to
ensure compliance with established standards or criteria.
Planning an audit involves defining the scope, objectives, and criteria against which the audit will
be conducted.
The audit criteria may include industry standards, regulatory requirements, best practices, or
specific organizational policies.

 1st answer:
2nd answer:
What is an ISMS (Information Security Management System)?
1. ISMS stands for ‘Information Security Management System’.
2. An ISMS includes policies, processes and procedures to manage information security risks in a
structured and systematic way.
3. The goal of an ISMS is to minimize risk and ensure business continuity by proactively limiting
the impact of a security breach.
4. ISMS that identifies the organizational assets and provides the following assessment:
 the risks the information assets face;
 the steps taken to protect the information assets;
 a plan of action in case a security breach happens; and
 identification of individuals responsible for each step of the information security process.

ISO 27001:2013:
ISO 27001:2013 is an international standard that sets the requirements for establishing,
implementing, maintaining, and continually improving an Information Security Management
System (ISMS).
ISMS is a framework of policies, procedures, and controls designed to manage an organization's
information security risks.
The standard provides guidance on risk assessment, risk management, incident response, security
controls, and ongoing monitoring and review of the ISMS.
Implementing ISO 27001:2013 helps organizations establish a systematic approach to information
security and demonstrate their commitment to protecting sensitive information.
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and
continually improving an information security management system within the context of the
organization. It also includes requirements for the assessment and treatment of information security
risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are
generic and are intended to be applicable to all organizations, regardless of type, size or nature.
 Unit – 5
Cyber Ethics and Laws

Introduction to Cyber Laws:

Cyber laws are legal frameworks that govern and regulate activities in cyberspace. They are
designed to address legal issues related to the use of computers, networks, and the internet.
Cyber laws cover a wide range of areas, including data protection, privacy, intellectual property,
cybercrime, e-commerce, and digital signatures.
Cyber Law also called IT Law is the law regarding Information-technology including computers
and the internet. It is related to legal informatics and supervises the digital circulation of
information, software, information security, and e-commerce.
Write the Importance of Cyber Law?
1. It covers all transactions over the internet.
2. It keeps eye on all activities over the internet.
3. It touches every action and every reaction in cyberspace.
Write some Advantages of Cyber Law?
 Organizations are now able to carry out e-commerce using the legal infrastructure provided
by the Act.
 Digital signatures have been given legal validity and sanction in the Act.
 It allows Government to issue notifications on the web e-governance.
 It gives authority to the companies or organizations to file any form, application, or any
other document with any office, authority, body, or agency owned or controlled by the
suitable Government in e-form using such e-form as may be prescribed by the suitable
Government.
 The IT Act also addresses the important issues of security, which are so critical to the
success of electronic transactions.
 Cyber Law provides both hardware and software security.
Explain Area of Cyber Law?
1. Cyber laws contain different types of purposes.
2. Some laws create rules for how individuals and companies may use computers and the internet
while some laws protect people from becoming the victims of crime.
A. Fraud:
Consumers depend on cyber laws to protect them from online fraud. Laws are made to prevent
identity theft, credit card theft, and other financial crimes that happen online.
B. Copyright: Copyright violation is an area of cyber law that protects the rights of individuals and
companies to profit from their creative works.
C. Defamation: Defamation laws are civil laws that save individuals from fake public statements
that can harm a business or someone’s reputation. When people use the internet to make statements
that violate civil laws, that is called Defamation law.
D. Harassment and Stalking: When a person makes threatening statements again and again about
someone else online, there is a violation of both civil and criminal laws. Cyber lawyers both
prosecute and defend people when stalking occurs using the internet and other forms of electronic
communication.
E. Freedom of Speech: Cyber lawyers must advise their clients on the limits of free speech
including laws that prohibit obscenity. Cyber lawyers may also defend their clients when there is a
debate about whether their actions consist of permissible free speech.
F. Contracts and Employment Law:
Every time you click a button that says you agree to the terms and conditions of using a website,
you have used cyber law. There are terms and conditions for every website that are somehow
related to privacy concerns.
E-Commerce and E-Governance:
E-commerce refers to the buying and selling of goods and services over the internet. It involves online
transactions, electronic payments, and digital contracts.

Advantages of E-commerce:
1. Global Reach: E-commerce provides businesses with the opportunity to reach a global
audience. With an online store, businesses can transcend geographical limitations and sell
their products or services to customers worldwide. This expanded reach can lead to
increased sales and growth opportunities.
2. 24/7 Availability: Unlike physical stores with fixed operating hours, e-commerce platforms
are accessible 24/7. This convenience allows customers to make purchases at any time,
accommodating their busy schedules. It also means that businesses can generate sales even
when their physical locations are closed.
3. Lower Costs: E-commerce can significantly reduce costs for both businesses and
customers. Online stores eliminate the need for a physical storefront, which can be
expensive to rent or buy. Additionally, operational costs like staffing, utilities, and inventory
management can be streamlined with e-commerce systems. For customers, online shopping
eliminates travel expenses and allows them to compare prices easily, leading to potential
cost savings.
4. Increased Customer Convenience: E-commerce offers customers unparalleled
convenience. They can browse and purchase products or services from the comfort of their
homes or on the go, using various devices like computers, smartphones, or tablets. E-
commerce also enables customers to have their purchases delivered directly to their
doorstep, saving them time and effort.
5. Personalization and Targeted Marketing: E-commerce platforms allow businesses to
collect and analyze customer data, enabling them to personalize the shopping experience.
By understanding customer preferences and behaviours, businesses can offer targeted
recommendations, personalized discounts, and tailored marketing campaigns, enhancing
customer satisfaction and increasing sales.
6. Expanded Product Range: Unlike physical stores limited by shelf space, e-commerce
allows businesses to offer a wider range of products or services. Online stores can showcase
an extensive inventory without the constraints of physical storage, providing customers with
more choices and increasing the likelihood of finding what they need.
7. Seamless Integration with Digital Marketing: E-commerce aligns well with various
digital marketing strategies. Businesses can leverage search engine optimization (SEO),
social media marketing, email marketing, and other online advertising techniques to drive
traffic to their online stores. This integration enhances brand visibility, customer
engagement, and overall marketing effectiveness.
8. Streamlined Inventory Management: E-commerce systems provide efficient inventory
management tools, automating processes such as stock tracking, replenishment, and order
 fulfillment. Real-time inventory updates prevent overselling or stockouts, improving
customer satisfaction and reducing operational inefficiencies.
9. Data-driven Insights and Analytics: E-commerce platforms generate vast amounts of data
that can be analyzed to gain valuable insights. Businesses can track customer behavior,
buying patterns, and other metrics to optimize their strategies. Data-driven decision-making
enables businesses to make informed choices, enhance operational efficiency, and improve
customer satisfaction.
10. Scalability and Growth Potential: E-commerce offers businesses scalability and the
potential for rapid growth. With an online presence, businesses can easily expand their
operations without the constraints of physical infrastructure. E-commerce platforms can
handle increased traffic and transactions, allowing businesses to accommodate higher sales
volumes and expand into new markets.
Types of Ecommerce
1. Business-to-Consumer (B2C): B2C e-commerce refers to transactions conducted directly
between businesses and individual consumers. It is the most common form of e-commerce
and involves online retailers selling products or services to customers. Examples include
online shopping platforms like Amazon, eBay, and Shopify.
2. Business-to-Business (B2B): B2B e-commerce involves transactions between businesses. It
typically involves the exchange of goods, services, or information between manufacturers,
wholesalers, or distributors. B2B e-commerce platforms focus on streamlining procurement
processes and facilitating efficient transactions between businesses. Examples include
Alibaba.com and ThomasNet.
3. Consumer-to-Consumer (C2C): C2C e-commerce facilitates transactions between
individual consumers through online platforms. These platforms act as intermediaries,
connecting buyers and sellers. Users can sell products they no longer need or buy items
from other individuals. Popular C2C platforms include eBay, Craigslist, and Facebook
Marketplace.
4. Consumer-to-Business (C2B): In C2B e-commerce, individual consumers offer products
or services to businesses. This model is commonly seen in freelancing platforms, where
individuals provide services like graphic design, writing, or consulting to companies.
Crowdsourcing platforms also fall under this category, where consumers contribute their
ideas or solutions to businesses.
5. Mobile Commerce (m-commerce): M-commerce refers to e-commerce transactions
conducted using mobile devices such as smartphones and tablets. With the widespread
adoption of mobile devices, many online retailers have optimized their websites for mobile
browsing and developed dedicated mobile apps. Mobile wallets and payment systems like
Apple Pay and Google Pay have also facilitated mobile transactions.
6. Social Commerce: Social commerce integrates e-commerce with social media platforms. It
leverages social networks to facilitate product discovery, recommendations, and purchasing.
Social commerce often involves user-generated content, influencer marketing, and social
shopping features. Examples include Instagram's shopping tags and Facebook's
Marketplace.
7. Dropshipping: Dropshipping is a retail fulfillment method where a store doesn't keep the
products it sells in stock. Instead, when a store sells a product, it purchases the item from a
third party and has it shipped directly to the customer. Dropshipping eliminates the need for
inventory management and allows businesses to focus on marketing and customer service.
8. Subscription-based E-commerce: This model involves offering products or services on a
subscription basis. Customers pay a recurring fee to receive products regularly or access
specific services. Subscription e-commerce is common in industries like streaming media
(Netflix, Spotify), meal kits (HelloFresh), and beauty products (Birchbox).
 9. Omni-channel E-commerce: Omni-channel e-commerce provides customers with a
seamless shopping experience across multiple channels, such as online websites, mobile
apps, brick-and-mortar stores, and even call centers. Customers can browse, purchase, and
return products through various channels, allowing them to choose the most convenient
option.

Write the difference between traditional commerce and ecommerce.

E-governance refers to the use of technology and electronic platforms to provide government services,
engage with citizens, and improve the efficiency of administrative processes.

Advantages of E-governance:
1. Increased Efficiency: E-governance enables government processes to be automated and
streamlined, reducing paperwork, eliminating manual errors, and speeding up decision-
making. This efficiency leads to faster service delivery and improved overall governance.
2. Transparency and Accountability: E-governance promotes transparency by providing
citizens with access to information and government services. It enables citizens to track the
progress of their applications, access public documents, and participate in decision-making
processes. This transparency fosters accountability among government officials and reduces
corruption.
3. Cost Savings: Implementing E-governance can lead to significant cost savings for
governments. It reduces administrative costs associated with manual processes, such as
paperwork, storage, and transportation. Additionally, digital platforms can enable
governments to deliver services more cost-effectively, eliminating the need for physical
infrastructure in some cases.
4. Enhanced Citizen Engagement: E-governance facilitates better citizen-government
interaction. Online portals and platforms allow citizens to provide feedback, raise concerns,
and participate in public consultations from the convenience of their homes. This
engagement leads to increased citizen satisfaction and a sense of ownership in the
governance process.
5. Improved Service Delivery: E-governance enables governments to provide services more
efficiently and effectively. Online portals allow citizens to access government services 24/7,
 eliminating the need for physical visits during limited office hours. This convenience
improves service delivery and enhances the overall user experience.
6. Data-Driven Decision Making: E-governance generates vast amounts of data that can be
analyzed to gain insights and make informed policy decisions. Governments can use data
analytics to identify trends, assess the impact of policies, and allocate resources more
efficiently. This data-driven approach improves governance and policy outcomes.
7. Accessibility and Inclusivity: E-governance promotes inclusivity by providing access to
government services for all citizens, including those in remote areas or with disabilities.
Online platforms can be designed to be user-friendly, multilingual, and accessible to
individuals with visual or hearing impairments, ensuring that no one is left behind.
8. Faster Response to Emergencies: During emergencies or crises, E-governance systems
can facilitate rapid response and coordination among government agencies. Real-time
communication, data sharing, and emergency alert systems enable authorities to quickly
disseminate information and provide assistance to affected populations.
9. Environmental Sustainability: E-governance reduces the consumption of paper and other
physical resources, leading to a smaller ecological footprint. Digital processes eliminate the
need for excessive printing and physical documentation, contributing to environmental
sustainability and conservation.
10. Global Connectivity and Collaboration: E-governance enables governments to
collaborate and share best practices on a global scale. International forums and platforms
foster knowledge exchange, enabling countries to learn from each other and implement
successful initiatives in their own contexts.
Types of E-governance
1. Government-to-Citizen (G2C):
 G2C e-governance focuses on providing online services and information to citizens.
 It aims to enhance convenience, accessibility, and transparency in the delivery of
government services.
 Examples include online portals for tax filing, bill payments, passport applications, voter
registration, and access to government information.

2. Government-to-Business (G2B):
 G2B e-governance aims to facilitate interactions between the government and the business
community.
 It streamlines processes such as business registration, license applications, permits, and
procurement.
 Examples include online business registration platforms, e-procurement systems, and
portals for submitting bids and tenders.

3. Government-to-Government (G2G):
 G2G e-governance focuses on improving collaboration and information sharing between
government agencies and departments.
 It aims to enhance efficiency, coordination, and integration of government services.
 Examples include interdepartmental data exchange platforms, e-filing systems for internal
government processes, and shared databases for information sharing.

4. Government-to-Employees (G2E):
 G2E e-governance initiatives target improving internal government operations and
communication with employees.
 It aims to enhance administrative efficiency, human resource management, and knowledge
sharing within the government.
  Examples include employee portals for accessing HR services, internal communication
platforms, and e-learning platforms for training and development.

5. Government-to-Society (G2S):
 G2S e-governance focuses on promoting citizen engagement, participation, and
collaboration in policy-making and governance processes.
 It aims to empower citizens and facilitate their involvement in decision-making.
 Examples include e-participation platforms, online consultation mechanisms, and social
media engagement for soliciting public input.

6. Government Internal Processes (GIP):

 GIP e-governance initiatives target improving the internal processes and workflows within
government organizations.
 It aims to enhance efficiency, productivity, and accountability.
 Examples include enterprise resource planning (ERP) systems, document management
systems, and workflow automation tools.
Write the difference between ecommerce and e governance.

Certifying Authority and Controller:

Certifying authorities are trusted entities that issue digital certificates to verify the authenticity of electronic
documents, transactions, and identities in the digital realm.
Controllers, in the context of cyber laws, refer to entities or individuals responsible for ensuring compliance
with data protection and privacy regulations.

1st Answer:
2nd Answer:
What is Intellectual Property Rights in Cyberspace?
Intellectual Property (IP) simply refers to the creation of the mind. It refers to the possession of
thought or design by the one who came up with it. It offers the owner of any inventive design or
any form of distinct work some exclusive rights, that make it unlawful to copy or reuse that work
without the owner’s permission. It is a part of property law. People associated with literature,
music, invention, etc. can use it in business practices.
Intellectual property rights (IPR) refer to legal protections granted to creators and owners of
intellectual property, such as inventions, patents, trademarks, copyrights, and trade secrets.
In cyberspace, IPR is crucial due to the ease of copying and distributing digital content. Laws
related to copyright infringement, piracy, and unauthorized use of intellectual property apply in the
digital domain.
There are numerous types of tools of protection that come under the term “intellectual property”.
Notable among these are the following:
•Patent
•Trademark
•Geographical indications
•Layout Designs of Integrated Circuits
•Trade secrets
•Copyrights
•Industrial Designs
Cyberspace is the non-physical domain where numerous computers are connected through
computer networks to establish communication between them. With the expansion of technology,
cyberspace has come within reach of every individual. This fact led to the emergence of cyberspace
as a business platform and hence increases pressure on Intellectual Property.
Offences under IT Act:
The IT Act (Information Technology Act) is a legislation in India that provides legal recognition to
electronic transactions and addresses cybercrimes.
The act defines various offenses, such as unauthorized access to computer systems, hacking,
identity theft, cyber stalking, cyber terrorism, and dissemination of obscene or offensive material.
The offences included in the IT Act 2000 are as follows:
1. Tampering with the computer source documents.
2. Hacking with computer system.
3. Publishing of information which is obscene in electronic form.
4. Power of Controller to give directions
5. Directions of Controller to a subscriber to extend facilities to decrypt information
6. Protected system
7. Penalty for misrepresentation
8. Penalty for breach of confidentiality and privacy
9. Penalty for publishing Digital Signature Certificate false in certain particulars
10. Publication for fraudulent purpose
11. Act to apply for offence or contravention committed outside India
12. Confiscation
13. Penalties or confiscation not to interfere with other punishments.
14. Power to investigate offences.
It also outlines penalties and punishments for these offenses.
Computer Offences and Penalties under IT Act 2000:
The IT Act 2000 specifies penalties for various computer offenses. Some examples include:
 Unauthorized access to a computer system: Imprisonment up to 2 years or a fine.
 Hacking with the intent to cause damage: Imprisonment up to 3 years or a fine.
 Publishing or transmitting obscene material: Imprisonment up to 5 years or a fine.
 Breach of confidentiality and privacy: Imprisonment up to 3 years or a fine.
What is IP security (IPSec)?
IPSec (Internet Protocol Security) is a set of protocols and standards used to secure communication
at the network layer of the internet protocol suite.
IPSec provides authentication, integrity, and confidentiality of IP packets through encryption and
digital signatures.
It is commonly used to establish virtual private networks (VPNs) and secure communications
between network nodes, ensuring data privacy and integrity.
1. The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols
between 2 communication points across the IP network that provide data authentication, integrity,
and confidentiality.
2. It also defines the encrypted, decrypted and authenticated packets. The protocols needed for
secure key exchange and key management are defined in it.
 Uses of IP Security –
IPsec can be used to do the following things:
 To encrypt application layer data.
 To provide security for routers sending routing data across the public internet.
 To provide authentication without encryption, like to authenticate that the data
originates from a known sender.
 To protect network data by setting up circuits using IPsec tunneling in which all data
is being sent between the two endpoints is encrypted, as with a Virtual Private
Network (VPN) connection.
 Components of IP Security –
A. Encapsulating Security Payload (ESP) –
It provides data integrity, encryption, authentication and anti replay. It also provides
authentication for payload.
B. Authentication Header (AH) –
It also provides data integrity, authentication and anti replay and it does not provide
encryption.
C. Internet Key Exchange (IKE) –
It is a network security protocol designed to dynamically exchange encryption keys
and find a way over Security Association (SA) between 2 devices. The Security
Association (SA) establishes shared security attributes between 2 network entities to
support secure communication.