MUSTAFA GHULAM

SIDDIQUI
160721735007
CYBER SECURITY ASSIGNMENT-1 ECE-A

Q1: What are the Layers of Security in Cyber Security, and Why are They Important?

Answer: The layers of security in cyber security, often referred to as "defence in depth,"
include physical security, network security, computer security, application security, and data
security. Each layer provides a barrier that defends against potential threats, ensuring that if
one layer is compromised, others still provide protection. This multilayered approach is
crucial because it addresses different types of threats at various levels, significantly
enhancing the overall security posture of an organization.

Q2: How Do Vulnerabilities, Threats, and Harmful Acts Interrelate in the Context of Cyber
Security?

Answer: In cyber security, a vulnerability is a weakness in a system that can be exploited. A

threat is a potential danger that exploits a vulnerability to harm the system or organization,
such as a cybercriminal or malware. Harmful acts are the consequences of threats exploiting
vulnerabilities, leading to unauthorized access, data theft, or damage to systems.
Understanding the relationship between these elements is critical for assessing risks and
implementing effective security measures to protect against potential attacks.

Q3: What are the Major Challenges and Constraints in Internet Governance, and How Do
They Impact Cyber Security?

Answer: Internet governance faces challenges such as jurisdictional differences, privacy

concerns, and the need for international cooperation. Constraints include varying laws
across countries, technological disparities, and differing priorities for openness versus
security. These challenges impact cyber security by complicating the enforcement of laws,
standardizing security protocols, and fostering global collaboration to combat cyber threats.
Addressing these issues requires a coordinated effort among nations, industries, and
communities to develop adaptable and comprehensive security strategies.

Q4: What is the CIA Triad, and How Does It Guide Cyber Security Efforts?

Answer: The CIA Triad stands for Confidentiality, Integrity, and Availability, serving as the
cornerstone of cyber security principles. Confidentiality ensures that information is
accessible only to authorized users. Integrity maintains the accuracy and completeness of
data, preventing unauthorized alteration. Availability ensures that information and resources
are accessible to authorized users when needed. The CIA Triad guides cyber security efforts
by providing a framework to develop policies, controls, and procedures that protect
information systems against unauthorized access, modification, and disruptions.

Q5: What Motivates Cyber Attackers, and How Do Different Motivations Influence the Types
of Attacks?

Answer: Cyber attackers are motivated by a variety of factors, including financial gain,
political or ideological beliefs, espionage, personal grievances, or the thrill of the challenge.
These motivations influence the nature of attacks:
- Financially motivated attackers might engage in ransomware, phishing, or fraud.
- Politically or ideologically motivated attackers might participate in hacktivism, spreading
propaganda or disrupting services.
- Espionage motives often lead to sophisticated spying operations targeting sensitive
government or corporate information.

Understanding the motivations behind attacks helps in predicting potential targets and
tailoring security measures to defend against specific threats more effectively.

Q6: Explain the Difference Between Active and Passive Attacks and Provide Examples of
Each.

Answer:
Active attacks involve direct actions against a target that alter systems or data, such as
injecting malware, denial of service attacks, or altering data. Passive attacks, however,
involve monitoring and possibly intercepting communications without altering the content
or system operation, such as eavesdropping on network traffic or collecting unencrypted
data. Examples include network sniffing for passive attacks and SQL injection for active
attacks. Identifying the type of attack helps in applying appropriate defensive strategies.

These questions and answers provide a foundational understanding of critical cyber security
concepts, highlighting the importance of a multi-layered security approach, understanding
the motivations behind cyber attacks, and the challenges faced in governing and securing
the internet.