CYBER SECURITY & CYBER LAWS

NOTES
Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from
malicious attacks.

Cyber Security's main objective is to ensure data protection.

PROTECTION:- it states that protect the data of an individuals, group of community , company etc over an internet

. We can protect the data by various security mechanism such as:-

Network Security: It involves implementing the hardware and software to secure a computer network

from unauthorized access, intruders, attacks, disruption, and misuse. This security helps an organization

to protect its assets against external and internal threats.

o Application Security: It involves protecting the software and devices from unwanted threats. This

protection can be done by constantly updating the apps to ensure they are secure from attacks. Successful

security begins in the design stage, writing source code, validation, threat modeling, etc., before a program

or device is deployed.

o Information or Data Security: It involves implementing a strong data storage mechanism to maintain

the integrity and privacy of data, both in storage and in transit.

o Identity management: It deals with the procedure for determining the level of access that each individual

has within an organization.

o Operational Security: It involves processing and making decisions on handling and securing data assets.

o Mobile Security: It involves securing the organizational and personal data stored on mobile devices such

as cell phones, computers, tablets, and other similar devices against various malicious threats. These

threats are unauthorized access, device loss or theft, malware, etc.

o Cloud Security: It involves in protecting the information stored in the digital environment or cloud

architectures for the organization. It uses various cloud service providers such as AWS, Azure, Google, etc.,

to ensure security against multiple threats.

 o Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring, alerts,

and plans to how an organization responds when any malicious activity is causing the loss of operations

or data. Its policies dictate resuming the lost operations after any disaster happens to the same operating

capacity as before the event.

o User Education: It deals with the processes, monitoring, alerts, and plans to how an organization responds

when any malicious activity is causing the loss of operations or data. Its policies dictate resuming the lost

operations after any disaster happens to the same operating capacity as before the event.

Risk

Cyber security risks are commonly classified as vulnerabilities. However, vulnerability and risk are not the same
thing, which can lead to confusion.

Think of risk as the probability and impact of a vulnerability being exploited.

If the impact and probability of a vulnerability being exploited is low, then there is low risk. Inversely, if the impact
and probability of a vulnerability being exploited is high, then there is a high risk.

Generally, the impact of a cyber attack can be tied to the CIA triad or the confidentiality, integrity, or availability of
the resource. Following this train of reasoning, there are cases where common vulnerabilities pose no risk. For
example, when the information system with the vulnerability has no value to your organization.

Vulnerability

A vulnerability is a weakness that can be exploited by cybercriminals to gain unauthorized access to a

computer system. After exploiting a vulnerability, a cyberattack can run malicious code, install malware, and

even steal sensitive data.

Cyber Security Goals

Cyber Security's main objective is to ensure data protection. The security community provides a triangle of three
related principles to protect the data from cyber-attacks. This principle is called the CIA triad.

When any security breaches are found, one or more of these principles has been violated.

We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is actually a security
model that helps people to think about various parts of IT security. Let us discuss each part in detail.
Confidentiality

Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves ensuring the data
is accessible by those who are allowed to use it and blocking access to others. It prevents essential information
from reaching the wrong people. Data encryption is an excellent example of ensuring confidentiality.

Integrity

This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized modification by
threat actors or accidental user modification. If any modifications occur, certain measures should be taken to protect
the sensitive data from corruption or loss and speedily recover from such an event. In addition, it indicates to make
the source of information genuine.

Availability

This principle makes the information to be available and useful for its authorized people always. It ensures that
these accesses are not hindered by system malfunction or cyber-attacks.

Threat

A threat in cybersecurity is a malicious activity by an individual or organization to corrupt or steal data, gain access
to a network, or disrupts digital life in general. The cyber community defines the following threats available today:

Malware

Malware means malicious software, which is the most common cyber attacking tool. It is used by the cybercriminal
or hacker to disrupt or damage a legitimate user's system. The following are the important types of malware created
by the hacker:
 o Virus

o Spyware

o Trojans

o Ransomware

o Worms

o Adware

Phishing

Phishing is a type of cybercrime in which a sender seems to come from a genuine organization like PayPal, eBay,
financial institutions, or friends and co-workers. They contact a target or targets via email, phone, or text message
with a link to persuade them to click on that links. This link will redirect them to fraudulent websites to provide
sensitive data such as personal information, banking and credit card information, social security numbers,
usernames, and passwords. Clicking on the link will also install malware on the target devices that allow hackers
to control devices remotely.

Man-in-the-middle (MITM) attack

A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a

cybercriminal intercepts a conversation or data transfer between two individuals. Once the cybercriminal
places themselves in the middle of a two-party communication, they seem like genuine participants and can get
sensitive information and return different responses. The main objective of this type of attack is to gain access to
our business or customer data. For example, a cybercriminal could intercept data passing between the target
device and the network on an unprotected Wi-Fi network.

Distributed denial of service (DDoS)

It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers, services, or network's
regular traffic by fulfilling legitimate requests to the target or its surrounding infrastructure with Internet traffic.
Here the requests come from several IP addresses that can make the system unusable, overload their servers,
slowing down significantly or temporarily taking them offline, or preventing an organization from carrying out its
vital functions.

Brute Force

A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all possible
combinations until the correct information is discovered. Cybercriminals usually use this attack to obtain personal
information about targeted passwords, login info, encryption keys, and Personal Identification Numbers (PINS).

SQL Injection (SQLI)

SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for backend database
manipulation to access sensitive information. Once the attack is successful, the malicious actor can view, change,
or delete sensitive company data, user lists, or private customer details stored in the SQL database.

Domain Name System (DNS) attack

A DNS attack is a type of cyberattack in which cyber criminals take advantage of flaws in the Domain Name System
to redirect site users to malicious websites (DNS hijacking) and steal data from affected computers. It is a severe
cybersecurity risk because the DNS system is an essential element of the internet infrastructure.

The following are the system that can be affected by security breaches and attacks:

o Communication: Cyber attackers can use phone calls, emails, text messages, and messaging apps for

cyberattacks.

o Finance: This system deals with the risk of financial information like bank and credit card detail. This

information is naturally a primary target for cyber attackers.

o Governments: The cybercriminal generally targets the government institutions to get confidential public

data or private citizen information.

o Transportation: In this system, cybercriminals generally target connected cars, traffic control systems, and

smart road infrastructure.

o Healthcare: A cybercriminal targets the healthcare system to get the information stored at a local clinic

to critical care systems at a national hospital.

o Education: A cybercriminals target educational institutions to get their confidential research data and

information of students and employees.

Digital Signature

A digital signature is a mathematical technique which validates the authenticity and integrity of a message, software
or digital documents. It allows us to verify the author name, date and time of signatures, and authenticate the
message contents.

The digital signatures are different from other electronic signatures not only in terms of process and result, but
also it makes digital signatures more serviceable for legal purposes. Some electronic signatures that legally
recognizable as signatures may not be secure as digital signatures and may lead to uncertainty and disputes.

Application of Digital Signature

The important reason to implement digital signature to communication is

o Authentication

o Non-repudiation

o Integrity

Authentication

Authentication is a process which verifies the identity of a user who wants to access the system. In the digital
signature, authentication helps to authenticate the sources of messages.
Non-repudiation

Non-repudiation means assurance of something that cannot be denied. It ensures that someone to a contract or
communication cannot later deny the authenticity of their signature on a document or in a file or the sending of a
message that they originated.

Integrity

Integrity ensures that the message is real, accurate and safeguards from unauthorized user modification during the
transmission.

What is authorization in cybersecurity?

Authorization is the process of determining whether a user or entity has the necessary permissions and privileges
to access a specific resource or perform a particular action within a system or network. It is a security mechanism
that ensures only authorized personnel can access sensitive data and applications.

How does authorization differ from authentication in cybersecurity?

Authentication is the process of identifying the user or entity trying to access a system or network, while
authorization is the process of determining whether the identified user or entity has the necessary permissions
and privileges to access a specific resource or perform a particular action within that system or network. In other
words, authentication verifies the identity of a user, while authorization verifies their access rights.

• Plaintext: This refers to the original readable data in its natural form. It’s the information before
encryption. Any message, document, or file that is not meant to be encrypted falls into the category of
plaintext. For example, the text you’re reading right now is plaintext.
• Ciphertext: When data is encrypted, it becomes ciphertext. Ciphertext is not easily readable; it requires
decryption to be understood. Algorithms transform plaintext into ciphertext and vice versa. The output
of encryption is ciphertext, while the input for decryption is also ciphertext.
Types of ciphers
There are various types of ciphers, including:

• Substitution ciphers. Replace bits, characters, or character blocks in plaintext with alternate bits, characters or
character blocks to produce ciphertext. A substitution cipher may be monoalphabetic or polyalphabetic:
o A single alphabet is used to encrypt the entire plaintext message. For example, if the letter A is
enciphered as the letter K, this will be the same for the entire message.
e.g – ALIBABA------→ KMICKCK
o A more complex substitution using a mixed alphabet to encrypt each bit, character or character block of
a plaintext message. For instance, the letter A may be encoded as the letter K for part of the message, but
later it might be encoded as the letter W.
e.g – ALIBABA------→ KMSKJDP

• Transposition ciphers. Unlike substitution ciphers that replace letters with other letters, transposition ciphers keep
the letters the same, but rearrange their order according to a specific algorithm. For instance, in a simple columnar
transposition cipher, a message might be read horizontally but would be written vertically to produce the
ciphertext.
Data encryption is a way of translating data from plaintext (unencrypted) to ciphertext (encrypted). Users can
access encrypted data with an encryption key and decrypted data with a decryption key.

Asymmetric Cryptography

Asymmetric Cryptography, also known as Public-Key Cryptography, encrypts and decrypts the data using two
separate cryptographic asymmetric keys. These two keys are known as a “public key” and a “private key”.

Common asymmetric Cryptography methods:

• RSA
• Public key infrastructure (PKI).

Symmetric Cryptography

Symmetric cryptography is a type of encryption where only one secret symmetric key is used to encrypt the plaintext
and decrypt the ciphertext.

Common symmetric Cryptography methods:

• Data Encryption Standards (DES)

• Advanced Encryption Standard (AES
• Twofish

Public key

It is an encryption technique that uses a pair of keys (public and private key) for secure data communication. In the
pair of keys, the public key is for encrypting the plain text to convert it into ciphertext, and the private key is used
for decrypting the ciphertext to read the message.

The private key is given to the receiver while the public key is provided to the public. Public Key Cryptography is
also known as asymmetric cryptography.

Public-key encryption is slower than secret-key encryption. In secret key encryption, a single shared key is used to
encrypt and decrypt the message, while in public-key encryption, different two keys are used, both related to each
other by a complex mathematical process. Therefore, we can say that encryption and decryption take more time in
public-key encryption.

Applications of public key

The applications of public key are -

ADVERTISEMENT
 o Public key cryptography can be used to encrypt Emails to keep their content confidential.

o Public-key cryptography is also used in Secure socket layer (SSL) protocol

o Public key is also used in Blockchain and cryptography technology.

o It can be used to create a digital signature in the Operating System software such as Ubuntu, Red Hat

Linux packages distribution, etc.

Private Key

In private key, the same key (or secret key) is used by both the parties, i.e., the sender and receiver, for
Encryption/Decryption technique.

The sender uses the secret key and encryption algorithm for encryption, whereas for decryption, the receiver uses
this key and decryption algorithm. In Secret Key Encryption/Decryption technique, the algorithm used for
encryption is the inverse of the algorithm used for decryption. It means that if the combination of addition and
multiplication is used in the encryption algorithm, then the decryption algorithm will use the combination of
subtraction and division.

cyber forensics is required for legal compliance and to enforce auditing policies in a way that the integrity of information is
maintained and tied to a sequence of actions, which may be attributed to a criminal behavior.

What are Internal Cybersecurity Threats?

Internal threats, including potential mistakes by employees, whether due to negligence or by a

disgruntled worker, can arise from various sources within an organization, such as insider security
threats, misconfigurations, and inadvertent data leaks.

Common Indicators of Internal Threats:

• Unusual Employee Behavior.

• Unauthorized Access Attempts

 • Unexplained Changes in Data or Systems

• Suspicious Activity on Internal Networks.

What are External Cybersecurity Threats?

Turning our focus outward, we confront the orchestrated challenges posed by external threats.
Cybercriminals, state-sponsored actors, hacktivists, and corporate espionage attempts create a
formidable force that organizations must guard against. Understand the anatomy of external threats,
dissecting their potential impact, and implementing actionable insights to fortify defenses against
these ever-evolving challenges, integrating cyber threat intelligence.

The Impact of External Threats:

External threats, often more visible, can result in large-scale data breaches, financial losses, and
infrastructure damage. Their visibility may exacerbate public concern, magnifying reputational
damage.

Common Indicators of External Threats:

• Frequent, Targeted Phishing Emails:

• Unexpected Increases in Network Traffic

• Evidence of Malware or Malicious Software

• Unauthorized Access Attempts from External IP Addresses

Cyber Security Risk Analysis

Risk analysis refers to the review of risks associated with the particular action or event. The risk analysis is applied
to information technology, projects, security issues and any other event where risks may be analysed based on a
quantitative and qualitative basis. Risks are part of every IT project and business organizations. The analysis of risk
should be occurred on a regular basis and be updated to identify new potential threats. The strategic risk analysis
helps to minimize the future risk probability and damage.

Types of Risk Analysis

Qualitative Risk Analysis

 o The qualitative risk analysis process is a project management technique that prioritizes risk on the project

by assigning the probability and impact number. Probability is something a risk event will occur whereas

impact is the significance of the consequences of a risk event.

o The objective of qualitative risk analysis is to assess and evaluate the characteristics of individually

identified risk and then prioritize them based on the agreed-upon characteristics.

o The assessing individual risk evaluates the probability that each risk will occur and effect on the project

objectives. The categorizing risks will help in filtering them out.

o Qualitative analysis is used to determine the risk exposure of the project by multiplying the probability

and impact.

Quantitative Risk Analysis

o The objectives of performing quantitative risk analysis process provide a numerical estimate of the overall

effect of risk on the project objectives.

o It is used to evaluate the likelihood of success in achieving the project objectives and to estimate

contingency reserve, usually applicable for time and cost.

o Quantitative analysis is not mandatory, especially for smaller projects. Quantitative risk analysis helps in

calculating estimates of overall project risk which is the main focus.