CYBER SECURITY

B.Com CA, III YEAR, VI Semester

2023-2024

Lecturer in Computer Science

Objective of the course:

 To acquire conceptual and application knowledge of

Cyber Security

 To learn cyber security, cyber security vulnerabilities ,

securing web application,services and servers,
cryptography and network securityand cyberspace and
cyber forensics.
Outcomes
On completion of the course students should be able to:
 Get Knowledge of

 Cyber security

 cyber security vulnerabilities

 how to secure web appplications,servers

 cryptography,network security

 cyberspace and cyber forensics.

SUGGESTED READINGS:

Nina Godbole & Sunit Belapure Cyber Security,Wiley

India Pvt Ltd,2012

Ramandeep Kaurangra, Cyber laws and Intellectural

Property Rights, Kalyani Publishers

Pankaj Agarwal, Information Security and Cyber Laws,

Acme Learning,2013
Unit-I: INTRODUCTION
Cybersecurity is a practice of protecting
systems,networks and programs such as
hardware,software and data from cyber threats.

These Cyber-attacks are usually aimed at accessing,

changing or destroying sensitive information extorting
money from users or interupting normal business
processes.

Cybersecurity is used by individuals and enterprises to

protect against unauthorized access to data centres and
other computized systems.
 What exactly is it that cyber-criminals
look for when planning an attack
Common targes include

Internal data : Operations,salaries,research and development.

Intellectual property : Top-secret projects,formulas,plans or other

kinds of private data.Anything an attacker could sell or use to their own
benefit.

Client and customer information : Who are the clients of this

organization?How much are they paying and for what services?

Marketing and competitive intelligence : Short and long-range

marketing goals and competitor knowledge
 Elements of Cybersecurity
• Application security

• Information or data security

• Network security

• Disaster recovery / business continuity planning

• Operational security

• Cloud security

• Critical infrastructure security

• Physical security

• End-user education
 Benefits of Cybersecurity
• The benefits of implementing and maintaining cybersecurity practices
include

• Business protection against cyberattacks and data breaches.

• Protection of unauthorized user access

• Improved recovery time after a breach.

• Protection for end users and end point devices.

• Regulatory complaince.

• Business continuity.

• Improved confidence in the company’s reputation and trust for developers,

partners,customers,stakeholders and employees.
 Cyber Threats
• Cyber Warfare

• Cyber crime

• Cyber Terrorism

• Cyber Espionage
 Cyber Security Vulnerabilities
• In cybersecurity, a Vulnerability is a weakness that can be exploited by cybercriminals to gain
unauthorized access to a computer system.

• After exploiting, a vulnerability, a cyber attack can run malicious code, install malware and even
steal sensitive data.

• Cybersecurity vulnerabilities are issues or problems that make a computer system or network
susceptible to a criminal.

• Causes of Vulnerabilities

 There are many causes of vulnerabilities . Some of them are .

 Poor Password Management : Weak passwords can be broken with brute force and reusing
passwords can result in one data breach becoming many.
 Software Bugs : Programmers can accidentally or deliberately leave an exploitable bug in
software. Sometimes end users fail to update their software leaving them unpatched and
vulnerable to exploitation.
 Connectivity : The more connected a device is the higher the chance of a vulnerability.
 Cyber Security Safeguards
• Cybersecurity safeguards are all kind of control
measures that support the fulfillment of requirements or
the achievement of objectives related to cybersecurity.

• Authentication : Authentication is the process of

identifying users that request access to a system,
network, or device. Access control often determines
user identity according to credentials like username and
password. Other authentication technologies like
biometrics and authentication apps are also used to
authenticate user identity.
 Cyber Security Policies
• A cybersecurity policy basically lays down
the rules for employees,board members
and third-party users on practicing
computer security.
• A strong cybersecurity policy can improve
employer reputation and organizational
credibility.Everyone wants their data to be
stored safely, which guaranteed with a
computer security policy.
Types of Cybersecurity Policies
• Organizational Security Policy

• System-specific Policy

• Issue-specific Secuirty Policy

 Network Architectures and its Types
• Network architecture refers to how computers
are organized in a system and how tasks are
allocated between these computers.
• Types of Networks
 Local Area Networks eg : Building
 Wide Area Networks eg : Country
 Personal Area Networks eg : Bluetooth
 Strong Area Networking eg : server’s switches &
this connection over land has no high traffic
 Cryptography
• Cryptography is technique of securing information and
communications through use of codes so that only those people for
whom the information is intended can understand it and process it.
Thus, preventing unauthorized access to information.

• The prefix “crypt” means “hidden” and suffix graphy means “writing”.

• In cryptography the techiques which are used to protect information

are obtained from mathematical concepts and algorithms to convert
messages in ways to make it hard to decode it.

• Algorithms are used for cryptographic key generations,digital

signing,verification to protect data privacy,web browsing on internet
and to protect confidential transactions such as credit card and debit
card transactions.
 Hackers and Types of Hackers
• Hacker : A hacker is a person who solves a technical issue by using a
computer, networking, or even other abilities. Anyone who uses their skills to
gain access to a system or networks in application to break laws is referred to
as a hacker.
Types of Hackers
 White hat hackers (ethical hackers) : They break into our system with good
intention fo finding velnerabilities and assisting you in removing viruses and
malware
 Black hat hackers : The agenda of a black hat hacker is monetary.They can
back into your network and gain access to your personal ,business and
financial information by exploiting any loopholes they find.
 Grey hat hackers : They are in between White and black hat hackers.Grey hat
hackers may not use their skills for personal gain, they can however have both
good and bad intentions. For instance , a hacker who hacks into an
organization and finds some vulnerabilitiy may leak it over the internet or
inform the organization about it.
Unit-I : Objectives
 This unit gives the idea of concepts on Cyber
Security,Cyber Security Vulnerailities,Cyber Security
Safeguards

 Be able to understand Advantages and Disadvantages

of implementing Cyber Security.

 Be able to learn how to protect computers and networks

from cyber attacks.
Unit-II: Securing Web Applications,Services and Servers

 Securing Web Applications, Services and Servers :

 Introduction , Basic security for HTTP Applications and
Services

 Basic Security for SOAP Services.

 Identity Management and Web Services

 Authorization Patterns-security Considerations,

Challenges.
 Unit-II: INTRODUCTION
• Seuring web applications is the process of protecting websites and online
services against different security threats that exploit vulnerabilities in an
application’s code.

• Common targets for web application attacks are content mangement

systems,database administration tools and SaaS applications.

• Web application security breaches can be very profitable for cyber criminals.

• Data breaches are often deployed stalthily and can go undetected for
months,exposing customers personal records and causing last damage to
businesses.

• Monintoring web application security threats are critical to detecting signs of

a web application security breach

• Signs of a breach include application malfunctioning and slow down,

unexpected log messages, alter files and browser warnings.
 Common Web application attacks

 Cross Site Scriptiing(XSS)

 SQL Injection (SQLi)

 Cross-site Request Forgery (CSRF)

 Denial-of-Service (DoS)

 Distributed Denial-of-Service(DDoS)
• In the event of a web application security
breach. IT security teams should be
equipped with a well-defined incident
response plan.These includes.

 Identification
 Containment
 Eradication
 Recovery
 Lessons learned
Unit-2 : Objectives

 This unit gives the idea of Framework of E-Commerce,

Application services, Interface Layers, Network

Infrastructure & network security.

 Data Encryption , Decryption Techniques

Unit-III: Consumer Oriented E-Commerce
Applications

Mercantile Process Model : Consumers perspective

and Merchant’s perspective

Electronic Payment Systems : Legal Issues & Digital

Currency

E-cash & E-Cheque , Electronic Fund Transfer

Advantages and Risks – Digital Token-Based

E-payment system – Smart Cards.
Unit-III : objectives

• The unit gives the idea of Mercantile process model

(Consumers perspective and Merchant’s Perspective)

• Learning of Electronic Payment System, Legal Issues,

Digital currency- E-cash and E-Cheque, Electronic Fund
Transfer

• Learning of E-Payment System – Smart cards.

Unit-IV: Electronic Data Interchange
• Introduction : EDI Standards , Types of EDI, EDI
Applications in Business

• Legal – Security and privacy issues if EDI –EDI and E-

Commerce – EDI Software Implementation.
 Unit -IV: objectives

• This unit gives the idea of EDI(electronic data

interchange) standards, Types of EDI

• Learning about Legal Security and Privacy issues if

EDI-EDI and E-Commerce – EDI Software
Implementation.
Unit-V: E-Marketing Techniques
 Introduction – New age of Information – Based Marketing –
Influence on Marketing

 Search Engines and Directory Services

 Charting the On-line Marketing Process – Chain Letters

 Application of 5P’s (Product, Price, Place, Promotion,

People)

 E-Advertisement – Virual Reality and Consumer Experience

 Role of Digital Marketing.

Unit-V : Objectives

• This unit gives the idea of E-Marketing

Techniques, Search Engines .

• Applications of 5P’s (Product, Price, Place,

Promotion, People)

• E-Advertisment

• Role of Digital Marketing in E-commerce

Thank you