MODULE 1

INTRODUCTION TO CYBER SECURITY

Today an individual can receive and send any information may be video, or an email or only
through the click of a button but did s/he ever ponder how safe this information transmitted to
another individual strongly with no spillage of data? The proper response lies in
cybersecurity. Today more than 61% of full industry exchanges are done on the internet, so
this area prerequisite high quality of security for direct and best exchanges. Thus,
cybersecurity has become a most recent issue (Dervojeda, et. all., 2014). The extent of
cybersecurity does not merely restrict to verifying the data in IT industry yet also to different
fields like cyberspace and so forth. Improving cybersecurity and ensuring that necessary data
systems are vital to each country's security and financial prosperity

Cyber-security is both about the insecurity made by and through this new space and about the
practices or procedures to make it (progressively) secure (Kumar, & Somani, 2018). It alludes
to a lot of exercises and measures, both specialized and non- specialized, expected to ensure
the bioelectrical condition and the information it contains and transports from all possible
threats.
 MODULE 2

BASIC SECURITY FRAMEWORK

There are five steps that make up a Cybersecurity Framework: Identification, Protection,
Detection, Respond, and Remediation. Any network security model can apply this process.

 Identification
This step helps businesses identify network connection points in the business
environment. It can be information technology devices, resources, information, etc.

 Protection
This step is to strengthen the process of access control, data security, and maintenance
in and around the business environment. It can be understood as a proactive phase of
problem-solving in network security.

 Detection
This step is when businesses will find and detect potential vulnerabilities by
monitoring logs and intrusions at the network and device levels. They will carry out
both operational management and security information.

 Respond
Once a vulnerability has been discovered, businesses need to respond quickly.
Understand the vulnerability, fix the flaws, and move forward with the remediation
process.
 Remediation
Remediating the cybersecurity process, as well as troubleshooting and contingency
planning will be handled during this phase.
COMMON SECURITY FRAMEWORK
 ISO 27001/27002 : The International Standards Organization (ISO)

developed ISO27000. It is a framework that covers all broad aspects of cybersecurity

which is applicable to all sectors.This framework is compared with the ISO 9000

standard in production. Helping businesses define and measure the quality of

cybersecurity in their environment.

 CIS Security Control : The Center for Internet Security (CIS) has designed a set
of key security controls. These controls are crucial for businesses to implement in

their networks to achieve an efficient network.CIS has developed three sets of critical

security controls for the business. Including 20 controls, they are all fundamental and

organized. These methods can perform many of the security controls required for a

business environment.

 NIST MODEL : The US National Institute of Standards and Technology (NIST)

has also published similar policies and rules. Their audience is governmental

organizations to develop methods of effective information security.The NIST

model can also be applied to other industries. Controlled Unclassified Information

(CUI) will also be the main object of this model.

 PCI DSS : The Payment Card Industry Data Security Standard (PCI DSS) is acyber

security model. It is designed to strengthen the security of payment accounts by

protecting electronic transactions such as credit cards, debit cards, and cash cards.

All of the above models are built, validated, and the public to ensure businesses will

follow industry standards and implement effective security.

 MODULE 3

EXAMINING CYBER THREATS

Cyber crimes have turned out to be a low-investment, low-risk business with huge returns.
Now-a-days these structured crimes are performed are highly organized. There is a perfect
hierarchical organizational setup like formal organizations and some of them have reached a
level in technical capabilities at par with those of developed nation.

Figure 1 : Hierarchical Organisational Structure

 MALWARE : Malware stands for “Malicious Software” and it is designed to gain

access or installed into the computer without the consent of the user. They perform
unwanted tasks in the host computer for the benefit of a third party. There is a full
range of malwares which can seriously degrade the performance of the host machine.
There is a full range of malwares which are simply written to distract/annoy the user,
to the complex ones which captures the sensitive data from the host machine and send
it to remote servers.

 PHISHING : It is a process of acquiring personal and sensitive information of an

individual via email by disguising as a trustworthy entity in an electronic
communication. The purpose of phishing is identity theft and the personal information
like username, password, and credit card number etc. may be used to steal money
from user account. If a telephone is used as a medium for identity theft, it is known as
Vishing (voice phishing).
 COMPUTER HACKING : It is a practice of modifying computer hardware and
software to accomplish a goal outside thecreator‟s original purpose. The purpose of
hacking a computer system may vary from simplydemonstrations of the technical
ability, to sealing, modifying or destroying information for social, economic or
political reasons.

 SPAMMING : Sending of unsolicited and commercial bulk message over the

internet is known as spamming.
An email can be classified as spam, if it meets following criteria:
a. Mass mailing:- the email is not targeted to one particular person but to a large
number of peoples.
b. Anonymity:- The real identify of the person not known
c. Unsolicited:- the email is neither expected nor requested for the recipient.
These spams not only irritate the recipients and overload the network but also waste
the time and occupy the valuable memory space of the mailbox.

 WEB JACKING : The hacker gain access to a website of an organization and

either blocks it or modify it to serve political, economical or social interest. The recent
examples of web jacking are some of the websites of the educational institutes were
hacked by Pakistani hackers and an animation which contains Pakistani flags were
flashed in the homepage of these websites.

 DENIAL OF SERVICE ATTACK : It is a cyber attack in which the network

is chocked and often collapsed by flooding it with useless traffic and thus preventing
the legitimate network traffic.

 SALAMI ATTACK : It is an attack which proceeds with small increments and

final add up to lead to a major attack. The increments are so small that they remain
unnoticed. An example of salami attack is gaining access to online banking of an
individual and withdrawing amount in such a small amounts that it remains unnoticed
by the owner. Often there is default trigger set in the banking website and transactions
below say, Rs. 1000 withdrawal are not reported to the owner of the account.

 EMAIL SPOOFING : It is a process of changing the header information of an e-

mail so that its original source is not identified and it appears to an individual at the
receiving end that the email has been originated from source other than the original
source.
 MODULE 4

SECURITY RISK ANALYSIS

Risk analysis refers to the review of risks associated with the particular action or event. The
risk analysis is applied to information technology, projects, security issues and any other
event where risks may be analysed based on a quantitative and qualitative basis. Risks are
part of every IT project and business organizations. The analysis of risk should be occurred
on a regular basis and be updated to identify new potential threats.

STEPS IN THE RISK ANALYSIS PROCESS

Conduct a risk assessment survey: Getting the input from management and
department heads is critical to the risk assessment process. The risk assessment survey refers
to begin documenting the specific risks or threats within each department.

Identify the risks: This step is used to evaluate an IT system or other aspects of an
organization to identify the risk related to software, hardware, data, and IT employees. It
identifies the possible adverse events that could occur in an organization such as human error,
flooding, fire, or earthquakes.

Analyse the risks: Once the risks are evaluated and identified, the risk analysis process
should analyse each risk that will occur, as well as determine the consequences linked with
each risk. It also determines how they might affect the objectives of an IT project.

Develop a risk management plan: After analysis of the Risk that provides an idea
about which assets are valuable and which threats will probably affect the IT assets
negatively, we would develop a plan for risk management to produce control
recommendations that can be used to mitigate, transfer, accept or avoid the risk.

Implement the risk management plan: The primary goal of this step is to implement
the measures to remove or reduce the analyses risks. We can remove or reduce the risk from
starting with the highest priority and resolve or at least mitigate each risk so that it is no
longer a threat.

Monitor the risks: This step is responsible for monitoring the security risk on a regular
basis for identifying, treating and managing risks that should be an essential part of any risk
analysis process.
 MODULE 5

CYBER SECURITY SAFEGUARDS

Protective measures prescribed to meet the security requirements (i.e., confidentiality,
integrity, and availability) specified for an information system. Safeguards may include
security features, management constraints, personnel security, and security of physical
structures, areas, and devices.

 Identify Your Assets : The first step of cybersecurity starts with knowing your
IT infrastructure and environment. You cannot protect what you don’t know exists.
This Cyber Security Safeguard is essential to understand the scope of the problem and
it will make the overall process for cyber security safeguard quite organized. You also
need to gather the technical details of the hardware such as the Makes, Models, Serial
Numbers, MAC Address, IP Address, and Open Ports.

In the case of software, find out the type of software (OS and applications), version,
and whether it requires admin privilege or not. At last, collect the name of the users,
their job titles, and whether they use an administrative account or not.

 Train your Employees : In a research carried out by Stanford University and a

top cyber security organization, it was found that approximately 88% of cyberattacks
or data breaches happen due to a human mistake. This is because humans are
vulnerable to social engineering attacks. In this attack, the fraudster attempts to
mislead someone to perform an action that eventually results in the desired result.

A phishing attack is one of the best examples of social engineering. Here, the attacker
crafts an email in such a way that it tricks the user to take some action like clicking on
a link, downloading an attachment, or providing some really sensitive information.

 Keep your Endpoints Safe and Protected : Endpoint is a device that is

connected to a network and exchanges information with it. An endpoint could be a
computer, laptop, printer, server, security camera, or anything that is connected to the
Internet and exchanges information within the network.

These endpoints are a point of concern because they might be outside the scope of
network security (eg: Network Firewall).

 Restrict Admin Privileges : Almost all operating systems support different user
accounts with different technical capabilities. In the case of Windows OS, you can
create two types of accounts i.e. user account and administrator account. The
 administrator account has every privilege in the operating system and can be used to
install any application, make changes to the configuration, or disable any service.

All these capabilities of an administrator account make it the top choice for pulling off
a cyberattack or running malicious executables in the system.

MODULE 6

AUTHENTICATING PROTOCOL
User authentication is the first most priority while responding to the request made by the
user to the software application. There are several mechanisms made which are required to
authenticate the access while providing access to the data.

 Kerberos : Kerberos is a protocol that aids in network authentication. This is

used for validating clients/servers during a network employing a cryptographic key.
It is designed for executing strong authentication while reporting to applications.
The overall implementation of the Kerberos protocol is openly available by MIT and
is used in many mass-produced products.

 Lightweight Directory Access Protocol (LDAP) : LDAP refers to

Lightweight Directory Access Protocol. It is a protocol that is used for determining
any individuals, organizations, and other devices during a network regardless of
being on public or corporate internet. It is practiced as Directories-as-a-Service and
is the grounds for Microsoft building Activity Directory.

 OAuth2 : OAuth as the name suggests it is an authorization framework that

promotes granting limited access to the user on its account through an HTTP
service. When a user requests access to resources an API call is made and after the
authentication token is passed.

 SAML : SAML stands for Security Assertion Markup Language which is based
on XML-based authentication data format which provides the authorization between
an identity provider and service provider. It serves as a product of the OASIS
Security Services Technical Committee.

 RADIUS : RADIUS stands for Remote Authentication Dial-In User Service. It is

a network protocol that provides sufficient centralized Authentication, Accounting,
and Authorization for the users that use and network services. The functioning of
the protocol occurs when the user requests access to network resources, where the
RADIUS server encrypts the credentials which are entered by the user. After this,
the user credentials are mapped through the local database and provide access.