Unit 5

5.1 Kerberos:

Kerberos provides a centralized authentication server whose function is to

authenticate users to servers and servers to users. In Kerberos Authentication
server and database is used for client authentication. Kerberos runs as a third-
party trusted server known as the Key Distribution Center (KDC).

The main components of Kerberos are:

• Authentication Server (AS):

The Authentication Server performs the initial authentication and ticket for
Ticket Granting Service.

• Database(SS):
The Authentication Server verifies the access rights of users in the database.

• Ticket Granting Server (TGS):

The Ticket Granting Server issues the ticket for the Server

Kerberos Overview:
• Step-1:
User login and request services on the host. Thus user requests for ticket-
granting service.

• Step-2:
Authentication Server verifies user’s access right using database and then
gives ticket-granting-ticket and session key. Results are encrypted using the
Password of the user.

• Step-3:
The decryption of the message is done using the password then send the ticket
to Ticket Granting Server. The Ticket contains authenticators like user names
and network addresses.

• Step-4:
Ticket Granting Server decrypts the ticket sent by User and authenticator
verifies the request then creates the ticket for requesting services from the
Server.

• Step-5:
The user sends the Ticket and Authenticator to the Server.

• Step-6:
The server verifies the Ticket and authenticators then generate access to the
service. After this User can access the services.

5.2 IPSec (IP Security) architecture uses two protocols to secure the traffic or
data flow. These protocols are ESP (Encapsulation Security Payload) and AH
(Authentication Header).

IPSec Architecture includes protocols, algorithms, DOI, and Key Management.

All these components are very important in order to provide the three main
services:
• Confidentiality
• Authentication
• Integrity
IP Security Architecture:

1. Architecture: Architecture or IP Security Architecture covers the general

concepts, definitions, protocols, algorithms, and security requirements of IP
Security technology.
2. ESP Protocol: ESP(Encapsulation Security Payload) provides a confidentiality
service. Encapsulation Security Payload is implemented in either two ways:
• ESP with optional Authentication.
• ESP with Authentication.
Packet Format:

• Security Parameter Index(SPI): This parameter is used by Security

Association. It is used to give a unique number to the connection built between
the Client and Server.
• Sequence Number: Unique Sequence numbers are allotted to every packet so
that on the receiver side packets can be arranged properly.
• Payload Data: Payload data means the actual data or the actual message. The
Payload data is in an encrypted format to achieve confidentiality.
• Padding: Extra bits of space are added to the original message in order to
ensure confidentiality. Padding length is the size of the added bits of space in
the original message.
• Next Header: Next header means the next payload or next actual data.
• Authentication Data This field is optional in ESP protocol packet format.

3. Encryption algorithm: The encryption algorithm is the document that

describes various encryption algorithms used for Encapsulation Security
Payload.
4. AH Protocol: AH (Authentication Header) Protocol provides both
Authentication and Integrity service. Authentication Header is implemented in
one way only: Authentication along with Integrity.
Authentication Header covers the packet format and general issues related to the
use of AH for packet authentication and integrity.
5. Authentication Algorithm: The authentication Algorithm contains the set of
documents that describe the authentication algorithm used for AH and for the
authentication option of ESP.
6. DOI (Domain of Interpretation): DOI is the identifier that supports both AH
and ESP protocols. It contains values needed for documentation related to each
other.
7. Key Management: Key Management contains the document that describes
how the keys are exchanged between sender and receiver.

Modes: Transport and Tunnel

➢ IPsec Tunnel Mode

• Full Header and Payload Encryption: In Tunnel Mode, the complete

original IP packet (header and payload) is encrypted after which it is
encapsulated inside a new IP packet. This new packet has a different IP
header, normally with exclusive source and destination spotted on its IP
addresses.
• Protects Network-to-Network Communication: Network to network
Communication secures communication between all the networks, for
encryption and protection from attacks.
 ➢ IPsec Transport Mode
• Payload encryption simplest: In transport mode, only the payload
(information) of a valid IP packet is encrypted, while the valid IP header
stays intact. This mode is usually used to pause communication between
hosts or gadgets.
• Used for host-to-host communication: The host-to-host
communication mode is generally used to guard communication among
hosts or devices in preference to the whole network.

In simpler terms(Do not write this in exam )

Transport Mode is like sending a letter in an envelope. Only the

content (message) is hidden, not the destination.
Tunnel Mode is like putting your letter in a locked suitcase and then
sending it. Both the content and the destination are hidden.
5.3 Email Security: SMTP
➢ SMTP stands for Simple Mail Transfer Protocol.
➢ SMTP is a set of communication guidelines that allow software to transmit an
electronic mail over the internet is called Simple Mail Transfer Protocol.
➢ It is a program used for sending messages to other computer users based on e-
mail addresses.
➢ It provides a mail exchange between users on the same or different computers,
➢ The main purpose of SMTP is used to set up communication rules between
servers. The servers have a way of identifying themselves and announcing
what kind of communication they are trying to perform.
➢ They also have a way of handling the errors such as incorrect email address.
For example, if the receiver address is wrong, then receiving server reply with
an error message of some kind.
➢ POP3 downloads emails from a server to a single computer, making those
emails only accessible on that specific computer.

How SMTP works:

1. Sending Emails: SMTP is primarily responsible for sending emails

from a client (like your email app) to a server (your email provider's
server) and from one server to another. When you hit 'send' on your
email, your email client connects to your email provider's SMTP server
and sends the email to it.
 2. Communication Protocol: SMTP operates on TCP (Transmission
Control Protocol) port 25. It uses a client-server model, where the client
(your email client) initiates the connection to the server (your email
provider's SMTP server). The client then sends commands to the server
to specify the sender, recipient, and contents of the email.

3. Message Format: SMTP messages consist of a header and a body.

The header contains information such as the sender and recipient
addresses, subject, and date. The body contains the actual content of the
email.

4. Relaying: SMTP servers are often arranged in a network of servers.

When you send an email to someone whose email provider is different
from yours, your SMTP server will communicate with the recipient's
SMTP server to deliver the email. This process is called relaying.

5. Authentication and Security: SMTP can operate with or without

authentication. Insecure SMTP connections transmit emails in plain
text, which can be intercepted by malicious actors. Secure variants like
SMTPS (SMTP Secure) and STARTTLS provide encryption to protect
sensitive data.

Privacy Enhanced Mail (PEM)

Privacy Enhanced Mail (PEM) is an email security standard to provide secure

electronic mail communication over the internet.

Working of PEM : The PEM works basically in 4 main steps.

1. Canonical Conversion – This step involves the conversion of the message
into a standard format that is independent of the computer architecture and the
operating system of the sender and the receiver. If the sender and receiver has
different computer architecture or operating system. It may lead to generation
of different message digest due to difference in their interpretation because of
syntactical difference from one operating system to an other.

2. Digital Signature – In this step, the digital signature is generated by

encrypting the message digest of an email message with the sender’s private
 key.

3. Encryption – The encrypted message is generated by encrypting the original

message and digital signature together along with the symmetric key as shown
in the figure below.This step is very crucial in order to obtain the
confidentiality.
4. Base-64 Encoding – This is the last step where the binary output is
transformed into character output. The binary output which is 24 bits is
divided into 4 equal sets and mapped with the 8 bit character output generating
a decimal code. Now PEM uses a separate map table and each number from
the code generated is mapped with its corresponding value from the mapping
table and binary equivalent corresponding to the 8 bit ASCII of the character
is written.
EX: 01010100 01100101 01110011 = 24 bits

We can group these binary digits into sets of 6: 010101 000110 010101 011101

0 A
1 B
25 Z
26 a
27 b
51 z
52 0
53 1
61 9
62 +

010101 -> V 0 1 0 1 0 1
32 16 8 4 2 1
000110 -> G

010101 -> V

011101 -> d

Pretty good privacy:

PGP was designed to provide all four aspects of security, i.e., privacy,
integrity, authentication, and non-repudiation in the sending of email.

o PGP uses a digital signature (a combination of hashing and public key

encryption) to provide integrity, authentication, and non-repudiation. PGP
uses a combination of secret key encryption and public key encryption to
 provide privacy. Therefore, we can say that the digital signature uses one hash
function, one secret key, and two private-public key pairs.
o PGP is an open source and freely available software package for email
security.
o PGP provides authentication through the use of Digital Signature.
o It provides confidentiality through the use of symmetric block encryption.
o It provides compression by using the ZIP algorithm, and EMAIL
compatibility using the radix-64 encoding scheme.

Following are the steps taken by PGP to create secure e-mail at the sender site:
o The e-mail message is hashed by using a hashing function to create a digest.
o The digest is then encrypted to form a signed digest by using the sender's
private key, and then signed digest is added to the original email message.
o The original message and signed digest are encrypted by using a one-time
secret key created by the sender.
o The secret key is encrypted by using a receiver's public key.
o Both the encrypted secret key and the encrypted combination of message and
digest are sent together.

PGP at the Sender site (A)

Following are the steps taken to show how PGP uses hashing and a combination
of three keys to generate the original message:
o The receiver receives the combination of encrypted secret key and message
digest is received.
 o The encrypted secret key is decrypted by using the receiver's private key to
get the one-time secret key.
o The secret key is then used to decrypt the combination of message and digest.
o The digest is decrypted by using the sender's public key, and the original
message is hashed by using a hash function to create a digest.
o Both the digests are compared if both of them are equal means that all the
aspects of security are preserved.

PGP at the Receiver site (B)

Provide email security

Used for signing, encrypting, decrypting of text,files

Techniques:

Hashing, data compression, symmetric asymmetric

5.4 Public Key Infrastructure:

➢ Public key infrastructure or PKI is the governing body behind

issuing digital certificates and used to manage, secure digital
identities, communication, and transactions over computer networks,
particularly the internet.
➢ It enables users to securely exchange data and verify the authenticity
of digital assets such as emails, documents, software, and online
transactions.

Public Key Infrastructure:

PKI identifies a public key along with its purpose. It usually consists of the
following components:
• A digital certificate also called a public key certificate
• Private Key tokens
• Registration authority
• Certification authority
• CMS or Certification management system

Working of PKI:
The working of Public Key Infrastructure (PKI):

1. Key Generation(Generates keys)

- Users generate a pair of keys: a public key for encryption/verification and a

private key for decryption/signing.
2. Certificate Issue(show certificate)

- Users request a digital certificate from a trusted Certificate Authority (CA)

with their public key and identity.

- CA verifies the user's identity and issues a digital certificate containing the
public key, signed by the CA.

3. Certificate Distribution (export certificate)

- The digital certificate is sent securely to the user or published in a Certificate

Repository.

4. Certificate Validation(Import certificate)

- Users or applications validate received certificates using the CA's public

key, ensuring authenticity and trustworthiness.

5. Secure Communication:

- Secure channels are established using validated certificates for encryption

and decryption.

Certificates:

➢ A PKI certificate is a trusted digital identity.

➢ Certificates play a crucial role in ensuring secure communication and
authentication between entities such as users, devices, and services.
➢ A PKI certificate is also called a digital certificate.
➢ It is used to identify users, servers or things when communicating over
untrusted networks, to documents and to encrypt data or communication.
There are three common types of PKI certificates:

1. SSL/TLS(Secure Sockets Layer) and its successor TLS (Transport Layer

Security) certificates (authenticate a server's identity)
➢ SSL and TLS are two well-known network protocols that use certificates to
authenticate a server's identity and encrypt transfers between a browser and
a server.

2. Code signing certificates(authenticate owner of software)

A code signing certificate, also known as a software signing certificate, uses a
digital signature to verify the owner of software.

It verifies the software code comes from who they say it does and to ensure code
has not been altered or tampered with before it reaches end users

3. client certificates(Au2 thenticates user identity)

It authenticates a user's identity and secures data in transit, a client certificate only
authenticates an end user's or device's identity. only allowed people and devices
can access systems.
Certificate Authority (Responsible for issuing digital certificates)
➢ A Certificate Authority (CA) is a trusted entity responsible for issuing digital
certificates that verify the identity of individuals, organizations, servers, and
devices in a Public Key Infrastructure (PKI).
➢ CAs play a crucial role in establishing trust and enabling secure
communication over networks,
Registration Authority (RA)
➢ A Registration Authority (RA) is a component within a Public Key
Infrastructure (PKI) system that works simultaneously with a Certificate
Authority (CA) to facilitate the issuance and management of digital
certificates.
 ➢ The primary role of an RA is to handle tasks related to identity
verification, certificate enrollment, and validation before forwarding
certificate requests to the CA for issuance.

5.5 Cyber Crime: Introduction

➢ Cybercrime refers to criminal activities carried out using computers,

networks, or other digital technologies.
➢ It encompasses a wide range of illegal activities that exploit vulnerabilities
in digital systems or target individuals, organizations, or governments for
financial gain, disruption, or malicious intent.

Classification of Cyber Crime:

1. Cyber Terrorism –
Cyber terrorism may include different type of activities either by software or
hardware for threatening life of citizens.
In general, Cyber terrorism can be defined as an act of terrorism committed
through the use of cyberspace or computer resources.

2. Cyber Extortion –
Cyber extortion occurs when a website, e-mail server or computer system is
subjected to or threatened with repeated denial of service or other attacks by
malicious hackers. These hackers demand huge money in return for assurance
to stop the attacks and to offer protection.

3. Internet Fraud –
Internet fraud is a type of fraud or deceit which makes use of the Internet and
could include hiding of information or providing incorrect information for the
purpose of deceiving victims for money or property.

4. Cyber Stalking –
This is a kind of online harassment wherein the victim is subjected to a
barrage of online messages and emails. In this case, these stalkers know their
victims and instead of offline stalking, they use the Internet to stalk.
 Hacking:
➢ Hacking is the unauthorized or illicit access into computer systems,
networks, or electronic devices.
➢ It involves gaining entry into these systems or devices without
permission, often with the intent to steal, alter, or destroy data, disrupt
operations, or exploit vulnerabilities for personal gain or malicious
purposes.
➢ One example of computer hacking is the use of a password cracking
technique to gain access to a computer system. The process of gaining
illegal access to a computer system, or a group of computer systems, is
known as hacking
The types of hackers are:
1. Black Hat Hackers: These types of hackers, often known as crackers.Their
goal is to make money by stealing secret organizational data, stealing funds
from online bank accounts, violating privacy rights to benefit criminal
organizations, and so on.
2. White Hat Hackers/Ethical Hackers: White hat hackers (sometimes referred
to as ethical hackers) are the polar opposites of black hat hackers. They employ
their technical expertise to defend the organization against malicious hackers.
3. Gray Hat Hackers: They fall somewhere between the above-mentioned types
of hackers, in that they gain illegal access to a system but does not perform any
malicious task.

Digital Forgery:
➢ Creating a fake copy or imitation of a document or an object with the
intention to deceive is called forgery.
➢ It can involve everything from forging a signature, faking a masterpiece,
creating a cheap replica of an expensive original device to faking
government documents like a licence, birth certificate etc.
➢ Market places are full of convincing fakes of expensive originals items
like designers shoes, clothes etc. All of these fakes can be called as
forgeries.
➢ Digital forgery involves creating the same fakes in electronic form.

Cyber Stalking/harassment:
➢ Cyber stalking involves using electronic means such as the internet, email,
social media, or other digital communications to harass, intimidate, or
threaten an individual.
 ➢ This can include repeatedly sending unwanted messages, monitoring
someone's online activity without their consent, or even impersonating them
online.
➢ Cyber Harassment is defined as a repeated, unsolicited, hostile behaviour by
a person through cyberspace with a intent to terrify, intimidate, humiliate,
threaten, harass or stalk someone.
➢ Any harassment caused through electronic media is considered to have a
similar impact as traditional offence of harassment.

Identity Theft:

This theft is committed in many ways by gathering personal information such as

transactional information of another person to make transactions.

Example: Thieves use different mechanisms to extract information about

customers’ credit cards from corporate databases, once they are aware of the
information they can easily degrade the rating of the victim’s credit card. Having
this information with the thieves can make you cause huge harm if not notified
early. With these false credentials, they can obtain a credit card in the name of the
victim which can be used for covering false debts.
Types of Identity Thefts:
There are various amount of threats but some common ones are :
• Criminal Identity Theft – This is a type of theft in which the victim backs up
his position with the false documents of the victim such as ID or other
verification documents and his bluff is successful.
• Senior Identity Theft – Seniors with age over 60 are often targets of identity
thieves. They are sent information that looks to be actual and then their
personal information is gathered for such use. Seniors must be aware of not
being the victim.
• Driver’s license ID Identity Theft – Driver’s license identity theft is the most
common form of ID theft. All the information on one’s driver’s license
provides the name, address, and date of birth, as well as a State driver’s
identity number. The thieves use this information to apply for loans or credit
cards or try to open bank accounts to obtain checking accounts or buy cars,
houses, vehicles, electronic equipment, jewelry, anything valuable and all are
charged to the owner’s name.
• Medical Identity Theft – In this theft, the victim’s health-related information
is gathered and then a fraud medical service need is created with fraud bills,
which then results in the victim’s account for such services.
• Social Security Identity Theft In this type of attack the thief intends to know
your Social Security Number (SSN). With this number, they are also aware of
all your personal information which is the biggest threat to an individual.

Cyber terrorism:

➢ Cyber terrorism refers to the use of digital technologies, such as computers,

the internet, and social media, to carry out terrorist activities or promote
terrorist ideologies.
➢ It involves the deliberate exploitation of cyberspace to cause harm, disrupt
critical infrastructure, spread fear and panic, or advance political or
ideological goals. Here are some key aspects of cyberterrorism:

1. Targets: Cyberterrorism can target various sectors, including government

agencies, financial institutions, critical infrastructure (such as power grids,
transportation systems, and water supplies), healthcare organizations, educational
institutions, and private businesses. Attackers may seek to disrupt services, steal
sensitive information, manipulate data, or cause physical damage.

2. Methods: Cyberterrorists employ a wide range of tactics and techniques to

achieve their objectives, including malware attacks (such as viruses, worms, and
ransomware), distributed denial-of-service (DDoS) attacks, hacking into systems to
steal or manipulate data, social engineering (such as phishing scams), and
spreading propaganda and misinformation through online platforms.

3. Countermeasures: Governments, law enforcement agencies, and cybersecurity

organizations employ various strategies to counter cyberterrorism, including
enhancing cybersecurity measures, conducting threat intelligence gathering and
analysis, promoting international cooperation and information sharing, developing
legal frameworks to prosecute cybercriminals, and raising public awareness about
online threats.

Cyber defamation:

➢ Cyber defamation, also known as online defamation or internet defamation,

occurs when false statements or information about an individual or
organization are spread through digital platforms such as social media,
websites, forums, or blogs.
➢ These false statements can harm the reputation, credibility, or livelihood of
the target.

Breakdown of cyber defamation:

1. False Statements: Cyber defamation involves the publication or dissemination

of false statements or information that are damaging to the reputation of the
individual or organization. This can include false accusations, derogatory remarks,
or misleading information.

2. Online Platforms: With the proliferation of social media and other digital
platforms, false information can spread rapidly and reach a wide audience. Cyber
defamation can occur through posts, comments, reviews, articles, or other content
shared online.

3. Legal Implications: Cyber defamation is often considered a form of

defamation, which is a civil offense in many jurisdictions. Victims of cyber
defamation may pursue legal action against the individuals or entities responsible
for spreading false information.
5.6 Cyber Laws:

➢ Cyber law, also known as internet law or digital law, signifies the legal
regulations and frameworks governing digital activities. It covers a large
range of issues, including online communication, e-commerce, digital
privacy, and the prevention and prosecution of cybercrimes.
➢ Cyberlaw offers legal protections for people who are using the Internet as
well as running an online business. It is most important for Internet users to
know about the local area and cyber law of their country by which they
could know what activities are legal or not on the network.

Importance of Cyber Law

➢ Cyber laws are formed to punish people who perform any illegal activities
online.
➢ They are important to punish related to these types of issues such as online
harassment, attacking another website or individual, data theft, disrupting the
online workflow of any enterprise and other illegal activities.

Need of Cyber Laws:

➢ Cyber law plays a crucial role in ensuring cybersecurity by providing
legal frameworks and regulations that govern activities in cyberspace.
Need of Cyber Laws are:
1. Standardizing Cybersecurity Practices: Cyber law ensures that all
industries follow the same security standards, making it easier for
organizations to protect against cyber threats effectively.

2. Protecting Children Online: It puts rules in place to keep kids safe from
harmful content and online dangers, ensuring they can explore the internet
securely.

3. Regulating Emerging Technologies: Cyber law guides the safe

development and use of new technologies, like AI and IoT, to prevent
potential risks and ensure they're used responsibly.

Types of Laws
1. Data Protection Laws
Data protection laws ensure that users’ personal and sensitive data are
meticulously shielded from unauthorized breaches and misuse. These laws, in
essence, are the backbone of our online privacy, safety, and dignity.
2. Copyright and Intellectual Property Laws
➢ When creators ask, “What is cyber law doing for my digital creations?”
the answer lies in these laws. They are meticulously crafted to protect
the rights of creators.
➢ This ensures that their digital innovations remain safeguarded from
unauthorized
use or replication, providing a haven for creativity.

3. E-commerce Laws
➢ For those navigating the bustling lanes of online business, e-commerce
laws serve as guiding lights. They meticulously regulate online
transactions, ensuring they’re not only secure but also transparent, thus
fostering trust among all parties involved.
4. Cybercrime Laws
➢ The digital realm, while offering endless possibilities, also harbors
shadows of cybercriminal activities. They act as guardians by penalizing
activities ranging from malicious hacking to online harassment to keep
the digital space safe.
5. Digital Signature Laws
The digital signature laws validate the authenticity of digital signatures in
electronic documents. In essence, they are the pillars that uphold the
trustworthiness of digital agreements and contracts.
6. Privacy Laws
Every individual cherishes their privacy. Recognizing this universal truth,
these
laws ensure that the sanctity of users’ online privacy remains inviolable. This
allows the average person to explore the digital world with peace of mind.

Crime against Individual:

➢ Crimes against individuals in the realm of cybersecurity involve
malicious activities targeting individuals' personal information,
privacy, and well-being in digital environments. Here are some
examples:

1. Identity Theft:
- This crime involves stealing personal information, such as social security
numbers, credit card details, or login credentials, to impersonate individuals or
commit fraud online.

2. Phishing:
- Phishing attacks deceive individuals into providing sensitive information,
such as usernames, passwords, or financial data, by posing as legitimate
entities through deceptive emails, websites, or messages.

3. Online Harassment and Cyberbullying:

- Individuals may be targeted with harassment, threats, or defamation through
social media platforms, messaging apps, or online forums, leading to
emotional distress and reputational harm.

4. Ransomware Attacks:
- Ransomware infects individuals' devices or systems, encrypts their
files, and
demands payment in exchange for restoring access to their data, causing
financial
loss and disruption to their lives.

5. Spyware and Stalking:

- Malicious software, such as spyware, may be used to monitor
individuals'
online activities, track their location, or access their personal information
without their consent, violating their privacy and security.

6. Online Fraud and Scams:

- Individuals may fall victim to various online scams, such as fake investment
schemes, romance scams, or tech support scams, resulting in financial loss and
exploitation.

7. Cyberstalking:
- Individuals may be subjected to persistent and unwanted surveillance or
harassment online, causing fear, anxiety, and invasion of their privacy.

Government
1. Legislative Bodies:
- Legislative bodies create laws and regulations that govern cybersecurity
practices, establish penalties for cybercrimes, and promote data protection and
privacy rights.

2. Law Enforcement Agencies:

- Law enforcement agencies investigate cybercrimes, apprehend
cybercriminals,
 and collaborate with international partners to combat cyber threats and ensure
cyberspace safety.

3. Government Agencies:
- Government agencies develop and implement cybersecurity policies,
strategies,
and frameworks to protect critical infrastructure, secure government networks,
and
enhance national cybersecurity resilience.

4. Intelligence Agencies:
- Intelligence agencies gather and analyze cyber threat intelligence, conduct
cyber espionage operations, and provide early warnings to government and
private
sector entities to mitigate cyber risks.

5. Regulatory Bodies:

- Regulatory bodies oversee compliance with cybersecurity regulations,

conduct
audits, and enforce penalties for non-compliance to ensure organizations
adhere to
cybersecurity standards and protect consumer interests.

Property:
Intellectual property (IP) is often a key digital asset that organizations aim to
protect. However, cybersecurity threats like hacking, malware, and data
breaches can compromise these IP assets.

There are numerous types of tools of protection that come under the term
“intellectual property”. Notable among these are the following:
• Patent
• Trademark
• Geographical indications
• Layout Designs of Integrated Circuits
• Trade secrets
• Copyrights
• Industrial Designs
 5.7 Compliance standards:
Implementing an Information Security Management System (ISMS) involves
adhering to various compliance standards and frameworks. Some of the key
standards and frameworks for information security management include:

1. ISO/IEC 27001(Used for improving information Security of

organization): This is one of the most widely recognized standards for ISMS
implementation. It provides a framework for establishing, implementing,
maintaining, and continually improving an organization's information security
management system.
Why is ISO/IEC 27001 important?: With cyber-crime on the rise and new
threats constantly emerging, it can seem difficult or even impossible to
manage cyber-risks. ISO/IEC 27001 helps organizations become risk-aware
and proactively identify and address weaknesses.

2. ISO/IEC 20000 (Used to check whether IT services are applicable to

business and external services): The standard focuses on IT Service
Management (ITSM) processes and is applicable to both internal IT service
providers within organizations and external service providers.

Why is ISO/IEC 20000? Is the international ITSM (IT service

management) standard. It enables IT departments to ensure that their ITSM
processes are aligned with the business’s needs and international best practices.

3. BS 25999-2(defines Business continuity ) also defines business continuity

management system which contains the same four management phases: planning,
implementing, reviewing and monitoring, and finally, improving.

OR

BS 25999 is a British standard that focuses on Business Continuity Management

(BCM). It provides guidelines and best practices for organizations to plan,
establish, implement, operate, monitor, review, maintain, and continually improve
their business continuity management system (BCMS). The standard aims to help
organizations prepare for and respond effectively to disruptions and ensure the
continuity of critical business functions during unexpected events or disasters.

PCI DSS(defines security for card holder)

 The Payment Card Industry (PCI) Data Security Standard (DSS) is an information
security standard developed to enhance cardholder data security for organizations
that store, process or transmit credit card data.

In simple terms: PCI DSS (Payment Card Industry Data Security Standard) plays
a crucial role in network security, especially for organizations that handle payment
card information.

ITIL: ITIL (Information Technology Infrastructure Library)(dEfines IT

services and technologies) is a framework designed to standardize the selection,
planning, delivery, maintenance and overall lifecycle of IT services within a
business.

The 4 ITIL service operation functions

• Service desk.
• IT Technical Management.
• IT Application Management.
• IT Operations Management.
ITIL (Information Technology Infrastructure Library) is a framework that
provides best practices for IT service management. While ITIL primarily focuses
on service delivery and support processes, it also encompasses aspects related to
network security.

COBIT:

COBIT (Control Objectives for Information and Related Technologies) is a

framework developed by ISACA (Information Systems Audit and Control
Association) that provides guidelines and best practices for IT governance and
management. While COBIT is not specifically focused on network security, it
includes principles and components that are relevant to enhancing network security
within an organization.