CYBER SECURITY

CYBER SECURITY
MODULE 1
V SEM B.Sc./BCA

Prepared By:

Shruthi V.
Santhosha M.
Lohith
Dept. Of Computer science

Dep. Of Computer Science MSCW, Mysore Page 1

 CYBER SECURITY

MODULE 1: INTRODUCTION TO CYBER SECURITY

Cyber security is the technique of protecting computers, networks, programs and data
from unauthorized access or attacks that are aimed for exploitation.
or
Cyber security is the protection of Internet-connected systems, including hardware,
software and data from cyber-attacks.

It is made up of two words one is cyber and other is security.

• Cyber is related to the technology which contains systems, network and programs or
data.
• Security is related to the protection which includes systems security, network security
and application and information security.

Cyberspace
 It refers to the virtual computer network and is an electronic medium used to form a
global computer network to facilitate online communication.
 It is a large computer network made up of many worldwide computer networks
uses TCP/IP protocol for communication and data exchange activities.

Overview of computer
Computer is an electronic device that receives input, stores or processes the input as per
user instructions and provides output in desired format.

The basic parts of a computer are as follows:

 Input Unit: Devices like keyboard and mouse that are used to input data and
instructions to the computer are called input unit.

 Output Unit: Devices like printer and visual display unit that are used to provide
information to the user in desired format are called output unit.

Dep. Of Computer Science MSCW, Mysore Page 2

 CYBER SECURITY

 Control Unit: This unit controls all the functions of the computer. All devices or
parts of computer interact through the control unit.
 Arithmetic Logic Unit: This is the brain of the computer where all arithmetic
operations and logical operations take place.
 Memory: All input data, instructions are stored in the memory. Memory is of two
types – primary memory and secondary memory. Primary memory resides within
the CPU whereas secondary memory is external to it.

Characteristics of Computer

 Speed: Computer can carry out 3-4 million instructions per second.
 Accuracy: Computers exhibit a very high degree of accuracy. Errors that may occur
are usually due to inaccurate data, wrong instructions.
 Reliability: Computers can carry out same type of work repeatedly without
throwing up errors due to tiredness or boredom.
 Versatility: Computers can carry out a wide range of work from data entry and
ticket booking to complex mathematical calculations and continuous astronomical
observations.
 Storage Capacity: A computer can store millions of records. These records may be
accessed with complete precision. Computer memory storage capacity is measured
in Bytes, Kilobytes (KB), Megabytes(MB), Gigabytes(GB), and Terabytes(TB). A
computer has built-in memory known as primary memory.

Advantages of Computer
 Multitasking: Multitasking is one of the main advantages of computers. The
computer can perform millions or trillions of works in one second.
 Speed: One of the most advantages of computers is their incredible speed which
helps human to finish their task in a few seconds.
 Accuracy: Computers perform not only calculations but also with accuracy.
 Communication: The computer helps the user better understand and communicate
with other devices.

Disadvantages of computer
 Virus and hacking attacks: A virus may be a worm and hacking are just
unauthorized access over a computer for illegal purposes. Viruses can go to another
system from email attachments, viewing an infected website advertisement, through
removable devices like USBs, etc.
 Online Cyber Crimes: Online cyber-crime means computers and networks may
have been utilized in order to commit a crime. Cyberstalking and fraud are the
points that come under online cyber-crime.

Dep. Of Computer Science MSCW, Mysore Page 3

 CYBER SECURITY

 Health Problems: Prolonged use of computers to work leads to various health

problems. Working for long hours with a computer may affect the sitting posture of
the user and sometimes irritates the eyes.

Overview of web technology

Web Technology refers to the various tools and techniques that are utilized in the process
of communication between different types of devices over the Internet. A web browser is
used to access web pages. Web browsers can be defined as programs that display text, data,
pictures, animation, and video on the Internet.
Web Technology can be classified into the following sections:
World Wide Web (WWW): The World Wide Web is based on several different
technologies: Web browsers, Hypertext Mark-up Language (HTML), and Hypertext
Transfer Protocol (HTTP).
Web Browser: The web browser is an application software to explore WWW (World Wide
Web). It provides an interface between the server and the client and requests to the server
for web documents and services.
Web Server: Web server is a program which processes the network requests of the users
and serves them with files that create web pages. This exchange takes place using
Hypertext Transfer Protocol (HTTP).
Web Pages: A webpage is a digital document that is linked to the World Wide Web and
viewable by anyone connected to the internet has a web browser.
Web Development: Web development refers to the building, creating, and maintaining of
websites. It includes aspects such as web design, web publishing, web programming, and
database management. It is the creation of an application that works over the internet i.e.
websites.

Architecture of cyber space or cyber security

A cyber security architecture combines security software and appliance solutions,
providing the infrastructure for protecting an organization from cyber-attacks.
The primary goals of effective cybersecurity architecture are:
 Attack surfaces are shrunk, protected, and engaged.
 Sensitive data at rest and in transit is encrypted and backed up.
 Threats and vulnerabilities are aggressively monitored, detected, mitigated, and
countered.
 Design security into the infrastructure

Dep. Of Computer Science MSCW, Mysore Page 4

 CYBER SECURITY

The 3 Phases of Cybersecurity Architecture

Phase 1: Develop Policies, Standards, and Best Practices
Security architects develop their organizational policies, standards, and best practices
based on cybersecurity architecture frameworks. These frameworks give guidelines like
‘sensitive data must be encrypted.’
Phase 2: Implementation of Phase 1
Once security architects define the organization’s policies and standards, the development
teams design and implement the software. This stage applies these requirements and
principles at the building block level.
Phase 3: Monitoring of Phases 1 and 2
Security architects monitor their systems. They watch to ensure that standards are met,
update these standards for new technologies, and keep track of exceptions.

Communication
Communication is a foundational component of all work in cybersecurity. Communication
happens in many forms, written, spoken, and even non-verbal. It happens in large groups
and small, sometimes it's real-time, and sometimes it's asynchronous. Communicating
effectively is perhaps the most important soft skill in this framework. Everyone also carries
past experiences, perceptions, ideas, and mental models. These things inevitably inform
how people receive and interpret any form of communication.

There are numerous subsets of communication, these include:

 Writing skills
 Oral communication
 Presentation skills
 Active listening
 Nonverbal communication

Dep. Of Computer Science MSCW, Mysore Page 5

 CYBER SECURITY

Purpose
Communication serves many purposes for people:

 To inform others of something

 To express feelings
 To influence somebody in a particular direction
 To collaborate with others

Web Technology
Web Technology refers to the various tools and techniques that are utilized in the process of
communication between different types of devices over the Internet. A web browser is used
to access web pages. Web browsers can be defined as programs that display text, data,
pictures, animation, and video on the Internet.

Web Technology can be classified into the following sections:

 World Wide Web (WWW): The World Wide Web is based on several different
technologies: Web browsers, Hypertext Markup Language (HTML), and Hypertext
Transfer Protocol (HTTP).

 Web Browser: The web browser is an application software to explore www (World
Wide Web). It provides an interface between the server and the client and requests to
the server for web documents and services.

 Web Server: Web server is a program which processes the network requests of the
users and serves them with files that create web pages. This exchange takes place using
Hypertext Transfer Protocol (HTTP).

 Web Pages: A webpage is a digital document that is linked to the World Wide Web and
viewable by anyone connected to the internet has a web browser.

 Web Development: Web development refers to the building, creating, and maintaining
of websites. It includes aspects such as web design, web publishing, web programming,
and database management. It is the creation of an application that works over the
internet i.e. websites.

Internet
Internet is a global communication system that links together thousands of individual
networks. It allows exchange of information between two or more computers on a
network. Thus internet helps in transfer of messages through mail, chat, video & audio

Dep. Of Computer Science MSCW, Mysore Page 6

 CYBER SECURITY

conference, etc. It has become mandatory for day-to-day activities: bills payment, online
shopping and surfing, tutoring, working, communicating with peers, etc.

Working of the internet

The internet is a global computer network that connects various devices and sends a lot
of information and media. It uses an Internet Protocol (IP) and Transport Control
Protocol (TCP)-based packet routing network. TCP and IP work together to ensure that
data transmission across the internet is consistent and reliable, regardless of the device
or location. Data is delivered across the internet in the form of messages and packets. A
message is a piece of data delivered over the internet, but before it is sent, it is broken
down into smaller pieces known as packets.
IP is a set of rules that control how data is transmitted from one computer to another via
the internet. The IP system receives further instructions on how the data should be
transferred using a numerical address (IP Address). The TCP is used with IP to ensure
that data is transferred in a secure and reliable manner. This ensures that no packets are
lost.
History of Internet
The ARPANET (Advanced Research Projects Agency Network, later renamed the internet)
established a successful link between the University of California Los Angeles and the
Stanford Research Institute on October 29, 1969. Libraries automate and network
catalogs outside of ARPANET in the late 1960s.

TCP/IP (Transmission Control Protocol and Internet Protocol) is established in the

1970s, allowing internet technology to mature. The development of these protocols aided
in the standardization of how data was sent and received via the internet. NSFNET
(National Science Foundation Network), the 56 Kbps backbone of the internet, was
financed by the National Science Foundation in 1986. Because government monies were
being used to administer and maintain it, there were commercial restrictions in place at
the time.
In the year 1991, a user-friendly internet interface was developed. Delphi was the first
national commercial online service to offer internet connectivity in July 1992. Later in
May 1995, all restrictions on commercial usage of the internet are lifted. As a result, the
internet has been able to diversify and grow swiftly. Wi-Fi was first introduced in 1997.
The year is 1998, and Windows 98 is released. Smartphone use is widespread in 2007.

Dep. Of Computer Science MSCW, Mysore Page 7

 CYBER SECURITY

The 4G network is launched in 2009. The internet is used by 3 billion people nowadays.
By 2030, there are expected to be 7.5 billion internet users and 500 billion devices linked
to the internet.
Uses of the Internet:
 E-mail: E-mail is an electronic message sent across a network from one computer
user to one or more recipients. It refers to the internet services in which messages are
sent from and received by servers.

 Web Chat: Web chat is an application that allows you to send and receive messages in
real-time with others. By using Internet chat software, the user can log on to specific
websites and talk with a variety of other users online.

 World Wide Web: The World Wide Web is the Internet’s most popular information
exchange service. It provides users with access to a large number of documents that
are linked together using hypertext or hyperlinks.

 E-commerce: E-commerce refers to electronic business transactions made over the

Internet. It encompasses a wide range of product and service-related online business
activities.

 Internet telephony: The technique that converts analog speech impulses into digital
signals and routes them through packet-switched networks of the internet is known
as internet telephony.

 Video conferencing: The term “video conferencing” refers to the use of voice and
images to communicate amongst users.

Advantages of the Internet

 Online Banking and Transaction: The Internet allows us to transfer money online
through the net banking system. Money can be credited or debited from one account
to the other.

 Education, Online Jobs, Freelancing: Through the Internet, we are able to get more
jobs via online platforms like Linkedin and to reach more job providers. Freelancing
on the other hand has helped the youth to earn a side income and the best part is all
this can be done via the INTERNET.

 Entertainment: There are numerous options for entertainment online we can listen
to music, play games can watch movies, and web series, and listen to podcasts,
YouTube itself is a hub of knowledge as well as entertainment.

 New Job Roles: The Internet has given us access to social media, and digital products
so we are having numerous new job opportunities like digital marketing and social
media marketing online businesses are earning huge amounts of money just because
the Internet is the medium to help us to do so.

Dep. Of Computer Science MSCW, Mysore Page 8

 CYBER SECURITY

 Best Communication Medium: The communication barrier has been removed from
the Internet. You can send messages via email, Whatsapp, and Facebook. Voice
chatting and video conferencing are also available to help you to do important
meetings online.

 Comfort to humans: Without putting any physical effort you can do so many things
like shopping online it can be anything from stationeries to clothes, books to personal
items, etc. You can books train and plane tickets online.

 GPS Tracking and Google maps: Yet another advantage of the internet is that you
are able to find any road in any direction, and areas with less traffic with the help of
GPS on your mobile.

Disadvantages of the Internet

 Time Wastage: Wasting too much time on the internet surfing social media apps and
wasting time on scrolling social media apps.

 Bad Impacts on Health: Spending too much time on the internet causes bad impacts
on your health physical body needs some outdoor games exercise and many more
things. Looking at the screen for a longer duration causes serious impacts on the eyes.

 Cyber Crimes: Spam, viruses, hacking, and stealing data are some of the crimes
which are on the verge these days. Your system which contains all the confidential
data can be easily hacked by cybercriminals.

 Effects on Children: Small children are heavily addicted to the Internet watching
movies, and games all the time is not good for their overall personality as well as
social development.

World Wide Web (WWW)

The World Wide Web is abbreviated as WWW and is commonly known as the web. The
WWW was initiated by CERN (European library for Nuclear Research) in 1989.
WWW can be defined as the collection of different websites around the world, containing
different information shared via local servers (or computers).

History:
It is a project created, by Timothy Berner Lee in 1989, for researchers to work together
effectively at CERN, is an organization named the World Wide Web Consortium (W3C),
which was developed for further development of the web. This organization is directed
by Tim Berner’s Lee, aka the father of the web.

System Architecture:
From the user’s point of view, the web consists of a vast, worldwide connection of
documents or web pages. Each page may contain links to other pages anywhere in the

Dep. Of Computer Science MSCW, Mysore Page 9

 CYBER SECURITY

world. The pages can be retrieved and viewed by using browsers of which internet
explorer, Netscape Navigator, Google Chrome, etc are the popular ones. The browser
fetches the page requested interprets the text and formatting commands on it, and
displays the page, properly formatted, on the screen.

Difference between World Wide Web and the Internet

The main difference between the World Wide Web and the Internet are:

World Wide Web Internet

All the web pages and web documents

are stored there on the World wide The Internet is a global network of computers
web and to find all that stuff you will that is accessed by the World wide web.
have a specific URL for each website.

The world wide web is a service. The Internet is an infrastructure.

The world wide web is a subset of the The Internet is the superset of the world wide
Internet. web.

The world wide web is software-

The Internet is hardware-oriented.
oriented.

The world wide web uses HTTP. The Internet uses IP Addresses.

The world wide web can be considered

as a book from the different topics The Internet can be considered a Library.
inside a Library.

Dep. Of Computer Science MSCW, Mysore Page 10

 CYBER SECURITY

Internet infrastructure for data transfer

The Internet was born by ARPA (Advanced Research Projects Agency) in 1969 and
was initially called as ARPANET. The word Internet is derived from Interconnected
Networks and this simply indicates that it needs networks to be interconnected.

How does it Work?

Generally, two main components uphold the functionality of the Internet, they are:
1. Packets
2. Protocols

So what are Packets and Protocols?

In networking, the data which is being transmitted through the internet is sent via small
segments/chunks which are later translated into bits, and the packets get routed to their
endpoint (destination) through different networking devices i.e. routers or switches.
Later, once the packet arrives at the receiver’s end, that small chunks of data get
reassembled in order to utilize or check the data that he/she requested.

Basic Infrastructure of the Internet

Connecting two computers with the help of any communication method. To solve the
connection issue, protocols were introduced. It is a standardized method of
performing certain tasks and data formatting so that two or more devices can
communicate with each other.

 Ethernet – If both systems are connected over the same network

 IP (Internet Protocol) – for receiving and sending packets from network to network
 TCP (Transmission Control Protocol) – To ensure that those packets are arriving
successfully in the same order,
 HTTP (Hyper Text Transfer Protocol) – for formatting data over websites and apps

Dep. Of Computer Science MSCW, Mysore Page 11

 CYBER SECURITY

How Does The Internet Work?

When You “Google” From a Web Browser, from opening a web browser to visiting a
website, it all happens with specific methods that we’re going to check in these 5 easy
steps.

1. Firstly, you’ll be required to connect your system or PC with any router or modem to
establish a connection. This connection is the base of the internet connection.
2. When you open the browser and start typing something like “www.google.com”, your
system will push a query command to your ISP (Internet Service Provider) that is
connected with other servers that store and process data.
3. Now, the web browser will start indexing the URL that you’ve entered and will fetch
the details in numeric format (in their own language to identify the
address (unique) that you’re trying to reach.
4. Next is, now your browser will start sending the HTTP request where you’re trying to
reach and sends a copy of the website on the user’s system. Note: The server will send
data in the form of small packets (from the website to the browser)
5. Once all the data (of small packets) will be received at the user’s end (PC/Laptop), the
browser will start arranging all those small packets and later will form a collective file
(here, the browser will gather all the small packets and rearrange them just like a
puzzle) and then you’ll be able to see the contents of that website

What are the Modes of Connecting through the Internet?

There are certain ways of getting connected to the Internet and going online. So, for that,
you need an ISP (Internet Service Provider), the type of ISP you’ll be choosing will depend
upon the availability in your area and what kind of services they’re offering to their
customers.

Here we are listing some universal modes of the internet:

 DSL: This technology (Digital Subscriber Line) uses a Broadband connection which
is in trend for the past few years. Your ISP will connect your premises with the help of
telephone wire despite the fact that you own a telephone.

Dep. Of Computer Science MSCW, Mysore Page 12

 CYBER SECURITY

 Dial-Up: People used to connect their system with the help of a dial-up connection,
and it is one of the slowest types of Internet connection. This is used to enable
internet connectivity with the help of a telephone connection and the user must
have multiple connections then only they can use a Dial-up connection.

 Cable TV Connection: It is being used to connect your system to the Internet, and for
that, you, ISP will connect it via cable TV wire. It also uses Broadband technology and
you really don’t need to have a Cable connection for that. Cable is considered as most
accessible as and faster than dial-up and DSL that we have for connection.

 Satellite: It also uses broadband technology but without interacting with any cable
connection. Hence, it connects wirelessly with the help of a satellite and this enables
its availability anywhere in the world.

 3G/4G/5G: This is the new age technology in the entire world. It connects wirelessly
via different ISPs and is widely used in cell phones. But they aren’t considered as
stable as DSL or cable and most importantly they come with a DATA LIMITATION cap
for each month.

Internet Society
Cybersecurity is a critical aspect of the modern Internet society. It encompasses a range of
practices, technologies, and measures designed to protect computer systems, networks,
and data from various forms of cyber threats and attacks. The Internet Society, often
represented by organizations like the Internet Society (ISOC), plays a significant role in
promoting and addressing cybersecurity concerns in the digital age.

Here are some key points related to cybersecurity and the Internet Society:

1. Definition of Cybersecurity: Cybersecurity is the practice of protecting computer

systems, networks, and data from theft, damage, disruption, and unauthorized
access. It involves a combination of technology, processes, and education to
establish a robust defence against cyber threats.
2. Importance of Cybersecurity: In the Internet society, where data and
communication are increasingly digital and interconnected, cybersecurity is crucial.
Cyberattacks can lead to data breaches, financial loss, disruption of critical
infrastructure, and even national security threats.
3. Cyber Threats: Common cyber threats include malware, phishing, ransomware,
denial of service (DoS) attacks, and social engineering. These threats can target
individuals, organizations, or even entire nations.
4. Internet Society (ISOC): The Internet Society is a global non profit organization
that advocates for an open, secure, and accessible Internet for everyone. It focuses
on various aspects of Internet governance, development, and policy. Part of its

Dep. Of Computer Science MSCW, Mysore Page 13

 CYBER SECURITY

mission is to address cybersecurity concerns and promote a safer online

environment.
5. Collaboration: The Internet Society works with governments, industry
stakeholders, academia, and civil society to develop and promote best practices in
cybersecurity. This collaboration is crucial in addressing evolving threats and
challenges.
6. Standards and Guidelines: The Internet Society has been involved in the
development and promotion of cybersecurity standards and guidelines. These
standards help organizations implement robust security measures and protect their
networks and data.
7. Education and Awareness: The Internet Society also emphasizes the importance of
cybersecurity education and awareness. It conducts awareness campaigns,
organizes workshops, and produces educational resources to help individuals and
organizations better understand and mitigate cyber risks.
8. Global Initiatives: ISOC has been involved in global initiatives related to
cybersecurity, such as advocating for the responsible use of encryption, promoting
Internet infrastructure security, and addressing policy issues related to cyberspace.
9. Public Policy Advocacy: The Internet Society is engaged in public policy
discussions related to cybersecurity. It often provides input and expertise to
policymakers to ensure that regulations and laws promote a secure and open
Internet.
10. Technological Solutions: In addition to policy and education efforts, the Internet
Society also explores and promotes technological solutions that can enhance
cybersecurity. These include advancements in encryption, authentication, and
network security.
In summary, cybersecurity is a critical element of the Internet society, and organizations
like the Internet Society play a vital role in advocating for and implementing measures to
ensure a secure and resilient digital environment. The collaborative efforts of various
stakeholders are essential to address the evolving landscape of cyber threats and
challenges.

Dep. Of Computer Science MSCW, Mysore Page 14

 CYBER SECURITY

Regulations of Cyber Space

Cybersecurity regulations in cyberspace are essential for protecting digital assets, ensuring
the privacy of individuals and organizations, and maintaining the integrity of critical
infrastructure. These regulations vary by country and jurisdiction but generally focus on
establishing requirements for organizations and individuals to protect their systems and
data from cyber threats.

Here are some common components of cybersecurity regulations:

1. Data Protection and Privacy Regulations: Many regions have enacted data
protection laws that mandate how personal data should be handled, stored, and
protected. The General Data Protection Regulation (GDPR) in the European Union is
one such example, imposing strict requirements on data handling, consent, and
breach notification.
2. Cybercrime Laws: Cybersecurity regulations often include laws that define and
criminalize various forms of cybercrime, such as hacking, malware distribution,
identity theft, and fraud. These laws prescribe penalties for offenders and empower
law enforcement agencies to investigate and prosecute cybercriminals.
3. Incident Reporting and Notification: Some regulations require organizations to
report cybersecurity incidents promptly, particularly data breaches, to regulatory
authorities and affected individuals. These notifications help in containing the
damage and protecting individuals' rights.
4. Critical Infrastructure Protection: Regulations may require operators of critical
infrastructure, such as energy, water, and financial institutions, to implement
specific cybersecurity measures to safeguard these vital systems from cyberattacks.
5. Regulations on Access Control and Authentication: Regulations often emphasize
access control and authentication mechanisms to ensure that only authorized
individuals have access to sensitive data and systems. Multi-factor authentication
(MFA) and strong password policies may be mandated.
6. Network Security Requirements: Regulations may outline network security
standards that organizations must adhere to, including firewall configurations,
intrusion detection systems, and encryption protocols.
7. Employee Training and Awareness: Some regulations recommend or mandate
employee training and awareness programs to help organizations maintain a
security-aware workforce.
8. Audit and Compliance Reporting: Organizations might be required to conduct
regular security audits and produce compliance reports to demonstrate their
adherence to cybersecurity regulations.
9. Vendor and Supply Chain Security: Regulations often encourage organizations to
assess the cybersecurity practices of their vendors and supply chain partners to
reduce vulnerabilities introduced by third parties.

Dep. Of Computer Science MSCW, Mysore Page 15

 CYBER SECURITY

10. International Standards and Frameworks: Some countries align their

cybersecurity regulations with international standards and frameworks, such as ISO
27001 and NIST Cybersecurity Framework, to establish best practices.
11. Penalties for Non-Compliance: Regulations typically specify penalties, fines, or
other punitive measures for organizations that fail to comply with the established
cybersecurity requirements.
12. Notification of Cybersecurity Incidents: Some regulations mandate organizations
to notify authorities and affected parties in the event of a cybersecurity incident,
such as a data breach, within a specific timeframe.
It's essential to note that cybersecurity regulations can vary significantly from one region
to another and are subject to change. Staying informed about the relevant regulations in
your jurisdiction and adhering to best practices in cybersecurity is crucial for individuals
and organizations to ensure compliance and maintain a secure digital environment.

Concepts of Cyber Security

Cybersecurity, often abbreviated as "cyber security," is the practice of protecting computer
systems, networks, and digital data from theft, damage, unauthorized access, or any form of
cyber threats and attacks. The concept of cybersecurity revolves around safeguarding the
confidentiality, integrity, and availability of information in the digital world.

Here are the key components and principles of cybersecurity:

1. Confidentiality: Confidentiality ensures that information is only accessible to

authorized individuals or systems. Cybersecurity measures, such as encryption,
access controls, and data classification, help protect sensitive data from
unauthorized disclosure.
2. Integrity: Integrity focuses on maintaining the accuracy and trustworthiness of data
and systems. Cybersecurity mechanisms like data hashing and digital signatures
help verify that data hasn't been tampered with or altered.
3. Availability: Availability ensures that systems and data are accessible and
functional when needed. Cybersecurity practices include measures to prevent and
mitigate service disruptions, such as through redundancy and disaster recovery
planning.
4. Authentication: Authentication is the process of verifying the identity of users,
devices, or systems. It helps ensure that only authorized entities have access to
resources. Common methods include usernames and passwords, biometrics, and
two-factor authentication.
5. Authorization: Authorization follows authentication and determines what actions
and resources an authenticated entity is allowed to access or modify. Role-based
access control (RBAC) is a common approach to authorization.

Dep. Of Computer Science MSCW, Mysore Page 16

 CYBER SECURITY

6. Network Security: Network security involves protecting the network

infrastructure from unauthorized access and threats. This can include firewalls,
intrusion detection systems (IDS), and intrusion prevention systems (IPS).
7. Endpoint Security: Endpoint security focuses on securing individual devices, such
as computers, smartphones, and IoT devices. It involves measures like antivirus
software, endpoint detection and response (EDR) tools, and device management.
8. Data Encryption: Encryption is the process of converting data into a coded form
that can only be read by someone with the decryption key. It protects data both in
transit (e.g., during transmission) and at rest (e.g., stored on a server or device).
9. Security Policies and Procedures: Organizations should establish and enforce
security policies and procedures that define acceptable use, incident response, and
security best practices. These policies help guide employees and stakeholders in
maintaining security.
10. Patch Management: Keeping software, operating systems, and applications up to
date with security patches is critical in preventing known vulnerabilities from being
exploited.
11. Incident Response: Incident response plans outline how an organization should
react to a cybersecurity incident. This involves identifying, mitigating, and
recovering from security breaches.
12. Security Awareness and Training: Educating employees and users about
cybersecurity best practices helps reduce the risk of human errors that can lead to
security breaches.
13. Security Monitoring and Logging: Continuous monitoring and the collection of
system logs can help identify and respond to suspicious activities or potential
threats.
14. Threat Intelligence: Staying informed about emerging threats and vulnerabilities is
crucial in adapting and enhancing cybersecurity measures.
15. Regulatory Compliance: Depending on the industry and location, organizations
may need to comply with cybersecurity regulations and standards, such as GDPR,
HIPAA, or PCI DSS.
Cybersecurity is a dynamic field that continually evolves to counter new and evolving
threats. It is a fundamental aspect of the digital age, where the security of information and
systems is critical for individuals, businesses, and governments.

Cyber Security Issues and Challenges

Cybersecurity faces a range of complex and evolving issues and challenges as technology
advances and cyber threats become more sophisticated.

Some of the major issues and challenges in the field of cybersecurity include:

1. Cyber Threats and Attacks: Cyber threats continue to grow in volume and
sophistication. These include malware, ransomware, phishing, and Distributed

Dep. Of Computer Science MSCW, Mysore Page 17

 CYBER SECURITY

Denial of Service (DDoS) attacks. Nation-state-sponsored cyberattacks and

hacktivist activities also pose significant challenges.
2. Data Breaches: Data breaches are a major concern, as they can result in the
exposure of sensitive personal and corporate information, leading to financial losses
and reputational damage.
3. Insider Threats: Malicious or negligent actions by employees or insiders can pose
significant cybersecurity risks. Insider threats are challenging to detect and prevent,
as they often involve individuals with legitimate access to systems and data.
4. IoT (Internet of Things) Security: The proliferation of IoT devices introduces
numerous security vulnerabilities. Many IoT devices lack robust security features
and are vulnerable to exploitation.
5. Cloud Security: With the shift to cloud computing, ensuring the security of data and
applications stored in the cloud is a critical challenge. Organizations must address
issues related to data privacy, compliance, and access control.
6. Supply Chain Security: Cyberattacks often target the supply chain, attempting to
compromise third-party vendors and suppliers as a way to infiltrate the primary
target organization. Supply chain security is increasingly critical, particularly for
critical infrastructure and government agencies.
7. Security Awareness and Training: Human error remains a significant factor in
many cybersecurity incidents. The lack of awareness and inadequate training among
employees can lead to breaches and data leaks.
8. Regulatory Compliance: Meeting the requirements of various data protection and
cybersecurity regulations (such as GDPR, HIPAA, or PCI DSS) can be challenging for
organizations. Non-compliance can result in legal consequences and financial
penalties.
9. Zero-Day Vulnerabilities: Cybercriminals often exploit previously unknown
vulnerabilities, known as zero-day vulnerabilities, before software vendors can
release patches to fix them. Detecting and mitigating these vulnerabilities is a
significant challenge.
10. Artificial Intelligence and Machine Learning Threats: While AI and machine
learning can enhance cybersecurity by identifying patterns and anomalies,
cybercriminals are also leveraging these technologies to conduct more sophisticated
attacks.
11. Cybersecurity Workforce Shortage: There is a shortage of skilled cybersecurity
professionals to address the growing demand for expertise. This shortage makes it
challenging for organizations to defend against threats effectively.
12. Complexity of Networks and Systems: As technology evolves, networks and
systems become increasingly complex. Managing and securing these complex
environments is challenging, especially for large organizations.
13. Mobile Security: Mobile devices are a popular target for cyberattacks. Ensuring the
security of smartphones and tablets used in the workplace is a growing challenge
for organizations.

Dep. Of Computer Science MSCW, Mysore Page 18

 CYBER SECURITY

14. National and International Cybersecurity Policies: Developing effective

cybersecurity policies and international agreements to address cyber threats and
conflicts is a complex issue, given the global and borderless nature of cyberspace.
15. Emerging Technologies: New technologies, such as quantum computing, 5G, and
the Internet of Things, introduce new security challenges and uncertainties that
need to be addressed proactively.
Cybersecurity is an ongoing, ever-evolving field, and addressing these issues and
challenges requires a holistic approach that involves technology, policies, education, and
international cooperation.

Organizations and governments must continually adapt to the evolving threat

landscape to protect digital assets and sensitive information effectively.

Dep. Of Computer Science MSCW, Mysore Page 19