CYBER SECURITY

COURSE CODE: SS-815

FALL 2022
PROF. DR. TUGHRAL YAMIN
ASSOCIATE DEAN CIPS
 PROFILE OF THE INSTRUCTOR

• PROF DR TUGHRAL YAMIN IS ASSOCIATE DEAN AND FOUNDING MEMBER OF CIPS

• HIS PHD DISSERTATION WAS ON WMDs AND THEIR IMPACT ON THE STRATEGIC STABILITY
OF SOUTH ASIA
• HE IS THE AUTHOR OF THREE BOOKS I.E.
• THE EVOLUTION OF NUCLEAR DETERRENCE IN SOUTH ASIA
• CYBER CBMs BETWEEN PAKISTAN AND INDIA
• UN PEACEKEEPING OPERATIONS IN SOMALIA 1992-1995: A PAKISTANI PERSPECTIVE
• COAUTHOR OF SECURING PAKISTAN: MAKING SENSE OF THE FUNDAMENTALS OF
COUNTER TERRORISM & COUNTER VIOLENT EXTREMISM
• HE HAS WRITTEN NUMBER OF BOOK CHAPTERS AND ARTICLES IN INTERNATIONALLY
RECOGNIZED JOURNALS
• PROF YAMIN HAS TAUGHT ARMS CONTROL, UN PEACEKEEPING OPERATIONS &
INTERNATIONAL SECURITY TO PHD AND MS CLASSES

Prof. T. Yamin. Cyber Security, Introductory Lecture 2

Prof. T. Yamin. Cyber Security, Introductory Lecture 3
 ARTICLES ON CYBER SECURITY
• FUTURE WARFARE, PAKISTAN ARMY GREEN BOOK 2020
• HYBRID WARFARE, STRATEGIC THOUGHT, NDU
• NATIONAL RESPONSE TO CYBER THREAT, PAKISTAN ARMY GREEN BOOK 2019
• CYBERSECURITY MANAGEMENT IN PAKISTAN, GOVERNANCE AND MANAGEMENT REVIEW BY PUNJAB
UNIVERSITY, AUGUST 2018
• CYBER CONFIDENCE BUILDING MEASURES BETWEEN PAKISTAN AND INDIA, PAKISTAN ARMY GREEN BOOK 2015
BOOK CHAPTERS 
• CYBERSECURITY POLICY AND STRATEGIES FOR CYBERWARFARE PREVENTION EDITED BY JEAN-LOUP RICHET
CYBERSECURITY POLICIES AND STRATEGIES FOR CYBERWARFARE PREVENTION BY IGI GLOBAL
• CYBER SECURITY CHALLENGES FOR PAKISTAN
CONFERENCE PAPERS
• FAKE NEWS AS AN INSTRUMENT OF WAR, IRS
• NON-TRADITIONAL THREATS: CYBER SECURITY - THE NEW FRONTIER AND A POSSIBLE RESPONSE
• CYBERSPACE MANAGEMENT IN PAKISTAN
• COMBATING CYBER TERRORISM THROUGH AN EFFECTIVE SYSTEM OF CYBER SECURITY COOPERATION

Prof. T. Yamin. Cyber Security, Introductory Lecture 4

 AIM, • THE COURSE IS DESIGED
TO CREATE AWARENESS
PURPOSE ABOUT ‘CYBER THREAT
AND SCOPE AS A NON-TRADITIONAL
OF THE SECURITY ISSUE’ 
• IT HELPS STUDENTS TO
•

COURSE • UNDERSTAND INTERNATIONAL CYBER

POLITICS
• PREPARE POLICY OPTIONS FOR
THE GOVERNMENT AND PUBLIC AS WELL
PRIVATE SECTOR.

5
Prof. T. Yamin. Cyber Security, Introductory Lecture
 DEFINITIONS
• CYBER SECURITY IS THE STATE OF BEING PROTECTED AGAINST CRIMINAL OR
UNAUTHORIZED USE OF ELECTRONIC DATA, OR THE MEASURES TAKEN TO
ACHIEVE THIS
• IT INVOLVES THE PRACTICE OF IMPLEMENTING MULTIPLE LAYERS OF
SECURITY AND PROTECTION AGAINST DIGITAL ATTACKS ACROSS
COMPUTERS, DEVICES, SYSTEMS, AND NETWORKS
• USUALLY, ORGANIZATIONS HAVE A SYSTEM AND FRAMEWORK FOR
TACKLING CYBERATTACKS
• A GOOD FRAMEWORK CAN HELP DETECT AND IDENTIFY THREATS, PROTECT
NETWORKS AND SYSTEMS, AND RECOVER IN CASE ANY ATTACK IS
SUCCESSFUL

Prof. T. Yamin. Cyber Security, Introductory Lecture 6

 IMPORTANCE OF CYBER SECURITY
• THE INTERNET HAS CONNECTED THE ENTIRE WORLD
• THE INTERNET OF THINGS (IOT) IS THE NETWORK OF PHYSICAL OBJECTS OR THINGS EMBEDDED WITH SENSORS,
SOFTWARE, AND OTHER TECHNOLOGIES FOR THE PURPOSE OF CONNECTING AND EXCHANGING DATA WITH
OTHER DEVICES AND SYSTEMS OVER THE INTERNET. THESE DEVICES RANGE FROM ORDINARY HOUSEHOLD
OBJECTS TO SOPHISTICATED INDUSTRIAL TOOLS. WITH MORE THAN 10 BILLION CONNECTED IOT DEVICES TODAY,
THIS NUMBER WILL GROW TO 22 BILLION BY 2025.
• ALL IMPORTANT OPERATIONS WHETHER PERSONAL OR RELATED TO GOVERNMENT, BUSINESSES, BANKING,
TRAVEL, EDUCATION, HEALTH AND MILITARY TAKE PLACE THROUGH INTERCONNECTED COMPUTER SYSTEMS AND
DEVICES. ANY DISRUPTION CAN CAUSE NOT ONLY SIGNIFICANT DOWNTIME BUT ALSO FRUSTRATION AND
ANXIETY.
• MOST VIRTUAL DATA RESIDE IN DATA CENTRES, SERVERS, CLOUD OR COMPUTER SYSTEMS. ALL DATA BASES ARE
PRONE TO CYBER ATTACKS.
• CRITICAL INFRASTRUCTURES SUCH AS HOSPITALS, FINANCIAL SERVICE COMPANIES, POWER PLANTS, ETC. POSSESS
SENSITIVE DATA NOT ONLY PERTAINING TO THEIR CONSUMERS BUT ALSO TO THEMSELVES.
• IT IS IMPORTANT TO HAVE RELIABLE CYBER SECURITY MEASURES AT ALL LEVELS TO PREVENT LOSS OF VALUABLE
DATA, MISUSE OF SENSITIVE INFORMATION, EXTORTION ATTEMPTS, ID THEFT, CYBERSTALKING, ETC.

Prof. T. Yamin. Cyber Security, Introductory Lecture 7

 WHAT IS CYBER SECURITY?
CYBER SECURITY IS THE PRACTICE OF DEFENDING COMPUTERS, SERVERS, MOBILE DEVICES, ELECTRONIC SYSTEMS,
NETWORKS, AND DATA FROM MALICIOUS ATTACKS. IT'S ALSO KNOWN AS IT SECURITY OR ELECTRONIC INFORMATION
SECURITY. THE TERM APPLIES IN A VARIETY OF CONTEXTS, FROM BUSINESS TO MOBILE COMPUTING, AND CAN BE DIVIDED
INTO A FEW COMMON CATEGORIES.
• NETWORK SECURITY IS THE PRACTICE OF SECURING A COMPUTER NETWORK FROM INTRUDERS, WHETHER TARGETED
ATTACKERS OR OPPORTUNISTIC MALWARE.
• APPLICATION SECURITY FOCUSES ON KEEPING SOFTWARE AND DEVICES FREE OF THREATS. A COMPROMISED
APPLICATION COULD PROVIDE ACCESS TO THE DATA ITS DESIGNED TO PROTECT. SUCCESSFUL SECURITY BEGINS IN THE
DESIGN STAGE, WELL BEFORE A PROGRAM OR DEVICE IS DEPLOYED.
• INFORMATION SECURITY PROTECTS THE INTEGRITY AND PRIVACY OF DATA, BOTH IN STORAGE AND IN TRANSIT.
• OPERATIONAL SECURITY INCLUDES THE PROCESSES AND DECISIONS FOR HANDLING AND PROTECTING DATA ASSETS. THE
PERMISSIONS USERS HAVE WHEN ACCESSING A NETWORK AND THE PROCEDURES THAT DETERMINE HOW AND WHERE
DATA MAY BE STORED OR SHARED ALL FALL UNDER THIS UMBRELLA.

Prof. T. Yamin. Cyber Security, Introductory Lecture 8

• DISASTER RECOVERY AND BUSINESS CONTINUITY DEFINE HOW AN ORGANIZATION
RESPONDS TO A CYBER-SECURITY INCIDENT OR ANY OTHER EVENT THAT CAUSES
THE LOSS OF OPERATIONS OR DATA. DISASTER RECOVERY POLICIES DICTATE HOW
THE ORGANIZATION RESTORES ITS OPERATIONS AND INFORMATION TO RETURN TO
THE SAME OPERATING CAPACITY AS BEFORE THE EVENT. BUSINESS CONTINUITY IS
THE PLAN THE ORGANIZATION FALLS BACK ON WHILE TRYING TO OPERATE
WITHOUT CERTAIN RESOURCES.
• END-USER EDUCATION ADDRESSES THE MOST UNPREDICTABLE CYBER-SECURITY
FACTOR: PEOPLE. ANYONE CAN ACCIDENTALLY INTRODUCE A VIRUS TO AN
OTHERWISE SECURE SYSTEM BY FAILING TO FOLLOW GOOD SECURITY PRACTICES.
TEACHING USERS TO DELETE SUSPICIOUS EMAIL ATTACHMENTS, NOT PLUG IN
UNIDENTIFIED USB DRIVES, AND VARIOUS OTHER IMPORTANT LESSONS IS VITAL FOR
THE SECURITY OF ANY ORGANIZATION.

Prof. T. Yamin. Cyber Security, Introductory Lecture 9

 TYPES OF CYBER THREAT
THE THREATS COUNTERED BY CYBER-SECURITY ARE THREE-FOLD:
1. CYBERCRIME INCLUDES SINGLE ACTORS OR GROUPS TARGETING
SYSTEMS FOR FINANCIAL GAIN OR TO CAUSE DISRUPTION.
2. CYBER-ATTACK OFTEN INVOLVES POLITICALLY MOTIVATED
INFORMATION GATHERING.
3. CYBERTERRORISM IS INTENDED TO UNDERMINE ELECTRONIC
SYSTEMS TO CAUSE PANIC OR FEAR.

Prof. T. Yamin. Cyber Security, Introductory Lecture 10

 MEANS OF CAUSING CYBER
DAMAGE
• PHYSICAL DAMAGE/DESTRUCTION OF CRITICAL INFRSTRUCTURE: THIS INCLUDES
PHYSICAL/CYBER ATTACKS AGAINST COMMAND & CONTROL CENTRES, MARINE
AND SURFACE OFC.
• PHISHING: A FRAUDULENT ATTEMPT TO SEND EMAILS CLAIMING TO BE FROM
REPUTABLE SOURCES TO OBTAIN SENSITIVE DATA SUCH AS CREDIT CARD NUMBERS,
USERNAMES, PASSWORDS, ETC. PHISHING IS THE MOST COMMON TYPE OF
CYBERATTACK. IT CAN BE PREVENTED IF THE PUBLIC IS EDUCATED ON IT AND IF
THE LATEST TECHNOLOGY SOLUTIONS SCREEN SUCH MALICIOUS EMAILS.
• RANSOMWARE: IS MALICIOUS SOFTWARE DESIGNED AS A MEANS TO EXTORT
MONEY. ATTACKERS BLOCK ACCESS TO FILES OR SYSTEMS UNTIL A DEMANDED
RANSOM IS PAID BY THE VICTIM. HOWEVER, PAYING THE RANSOM DOES NOT
NECESSARILY GUARANTEE FILE RECOVERY OR SYSTEM RESTORATION, WHICH CAN
AGAIN BE A HUGE SETBACK.
Prof. T. Yamin. Cyber Security, Introductory Lecture 11
HOW DO MALICIOUS ACTORS GAIN
CONTROL OF COMPUTER SYSTEMS?
• MALWARE: IS A SOFTWARE DESIGNED TO ATTAIN UNAUTHORIZED ACCESS TO SYSTEMS OR CAUSE
DAMAGE. THESE TYPES OF MALICIOUS SOFTWARE INCLUDE VIRUSES, WORMS, RANSOMWARE, AND
SPYWARE. CLICKING ON MALICIOUS LINKS OR ATTACHMENTS INSTALLS THE SOFTWARE THAT
ACTIVATES THE MALWARE. ONCE ACTIVATED, IT CAN:
• STEALTHILY ACQUIRE DATA BY TRANSMITTING IT FROM THE HARD DRIVE (SPYWARE)
• BLOCK USERS FROM ACCESSING KEY NETWORK COMPONENTS (RANSOMWARE)
• MAKE SYSTEMS INOPERABLE BY DISRUPTING INDIVIDUAL COMPONENTS
• INSTALL MALICIOUS SOFTWARE THAT CAN CAUSE HARMFUL EFFECTS
• SOCIAL ENGINEERING: IS A TACTIC TO MANIPULATE PEOPLE INTO GIVING UP CONFIDENTIAL
INFORMATION, INCLUDING BANK INFORMATION, PASSWORDS, OR ACCESS TO THEIR COMPUTER TO
COVERTLY INSTALL MALICIOUS SOFTWARE THAT CAN STEAL SUCH INFORMATION FROM THE SYSTEM.
SOCIAL ENGINEERING MAY ALSO WORK IN CONJUNCTION WITH OTHER CYBER THREATS TO MAKE IT
MORE LIKELY FOR USERS TO CLICK ON MALICIOUS LINKS, SOURCES, OR MALWARE DOWNLOAD LINKS.

Prof. T. Yamin. Cyber Security, Introductory Lecture 12

HOW DO……
• ADVANCED PERSISTENT THREATS (APTs): HAPPENS WHEN SOMEONE UNAUTHORIZED
GAINS ACCESS TO A SYSTEM OR NETWORK AND STAYS THERE UNDETECTED FOR A
LONG TIME. THESE THREATS GENERALLY DO NOT HARM THE NETWORK OR MACHINES
AND ARE MORE FOCUSED ON DATA THEFT. APTs ARE KNOWN TO GO UNNOTICED AND
UNDETECTED BY TRADITIONAL SECURITY SYSTEMS, BUT THEY ARE NOTORIOUS TO BE
THE REASON FOR A NUMBER OF LARGE, COSTLY DATA BREACHES.
• SQL INJECTION: INVOLVES INSERTING A MALICIOUS CODE INTO A SERVER THAT USES
SQL AND ALLOWS THE ATTACKER TO INTERVENE WITH QUERIES. THIS WEB SECURITY
VULNERABILITY CAN BE AS SIMPLE AS ENTERING THE CODE INTO AN UNPROTECTED
WEBSITE SEARCH BOX. THE INFECTION CAUSES THE SERVER TO RELEASE SENSITIVE
INFORMATION.

Prof. T. Yamin. Cyber Security, Introductory Lecture 13

HOW DO……
• MAN IN THE MIDDLE (MITM): MITM ATTACKS OCCUR WHEN HACKERS
ALTER A TWO-PARTY TRANSACTION AND STEAL DATA. ANY UNSECURED
PUBLIC WI-FI NETWORK IS PRONE TO SUCH KINDS OF ATTACKS. THE
ATTACKERS WHO RESORT TO SUCH TACTICS INSERT THEMSELVES
BETWEEN THE VISITOR AND THE NETWORK AND, WITH THE HELP OF
MALWARE, CARRY OUT MALICIOUS ACTIVITIES.
• DENIAL OF SERVICE (DOS): A DOS ATTACK IS INTENDED TO SHUT
DOWN A MACHINE OR NETWORK SO THAT IT CANNOT RESPOND TO
ANY REQUESTS AND TO MAKE IT INACCESSIBLE FOR USERS. THIS TYPE
OF ATTACK IS CARRIED OUT BY FLOODING THE TARGET WITH TRAFFIC
AND TRIGGERING A CRASH.
Prof. T. Yamin. Cyber Security, Introductory Lecture 14
 COURSE CONTENTS
WEEK TIME TOPICS

1st week 2-5 PM INTRODUCTION/OVERVIEW

2nd week 2-5 PM CRITICAL INFRASTRUCTURE AND HOMELAND SECURITY
3rd weeks 2-5 PM PRIVACY & CYBER SECURITY
4th week 2-5 PM SOCIAL MEDIA AND BIG TECH COMPANIES
5th week 2-5 PM PRIVACY LAWS
6th week 2-5 PM INTERNATIONAL RIVALRY/COLLABORATION AND CYBER ALLIANCES
7th week 2-5 PM CRYPTO CURRENCY AND STATE SOVEREIGNTY
8th week 2-5 PM CYBER ATTACKS – SOME CASE STUDIES
9th week MID TERM EXAM
11th week 2-5 PM GLOBAL CYBER GOVERNANCE AND ATTEMPTS AT SHAPING STATE BEHAVIOR
IN CYBERSPACE
11th week 2-5 PM CYBERSECURITY IN NUCLEAR / ENERGY SECTOR
12th week 2-5 PM SPYWARE AND CYBER SURVEILLANCE
13th week 2-5 PM NATIONAL CYBER LAWS AND DIGITAL RIGHTS
14th week 2-5 PM DEBATE ON CYBER SECURITY
15th week 2-5 PM DEBATE ON CYBER SECURITY
16th week 2-5 PM DEBATE ON CYBER SECURITY
17th week 2-5 PM ELECTIONS AND CYBER SECURITY
18th week FINAL EXAM

15
Prof. T. Yamin. Cyber Security, Introductory Lecture
 MARKS DIVISION
Ser Assignments/Exams Marks

1. BOOK REVIEW (BEFORE MID- 10

TERM)
2. DEBATE ON CYBER SECURITY 20
(10 MARKS FOR
DEBATE & 10
MARKS FOR
REPORT WRITING)
3. MID TERM EXAM 30

4. FINAL EXAM 40

Total 100

Prof. T. Yamin. Cyber Security, Introductory Lecture 16

 READING LIST
Ser Title Author Availability
1 Chinese Cybersecurity and Cyberdefense Daniel Ventre E book
2 Counterterrorism and Cybersecurity: Total Information Awareness Newton Lee E book

3 Cyber Attacks and International Law on the Use of Force Samuli Haataja CIPS
The Turn to Information Ethics

4 Cyber Media and Information Technology Kumud Kundu CIPS

5 Cyber Security for Educational Leaders: A Guide to Understanding Richard Phillips, Rayton R. Sianjina E book
and Implementing Technology Policies

6 Cyber Security Politics: Socio-Technological Transformations and Myriam Dunn Cavelty, Andreas E book
Political Fragmentation Wenger
7 Cyber Security Standards, Practices and Industrial Applications: Junaid Ahmed Zubairi, Athar E book/ Central library
Systems and Methodologies Mahboob

8 Cyber Security: Understanding Cyber Crimes, Computer Forensics WILEY INDIA E book
And Legal Perspectives
9 Cyber War: The Next Threat to National Security and What to Do Richard A. Clarke, Robert Knake E book
About It
10 Cybercrime and Cybersecurity in the Global South Nir Kshetri E book
Prof. T. Yamin. Cyber Security, Introductory Lecture 17
11 Cybercrime: Criminal Threats from Cyberspace Susan W. Brenner CIPS

12 Cybersecurity in China Greg Austin E book

13 Cybersecurity in Humanities and Social Sciences Hugo Loiseau, Daniel Ventre, Hartmut Aden E book
14 Cybersecurity Today and Tomorrow National Research Council E book
15 Cyberspace CBMs between Pakistan and India Tughral Yamin CIPS
16 Cyberspace, Cybersecurity, and Cybercrime Janine Kremling, Amanda M Sharp Parker E book

17 Digital Defense: A Cybersecurity Primer Joseph Pelton, Indu B. Singh E book

18 Likewar: The Weaponization of Social Media Emerson T. Brooking and P. W. Singer E book

19 The Age of Surveillance Capitalism Shoshana Zuboff E book

20 The Cyber Security Handbook Alan Calder E book
21 The Digital Silk Road: China's Quest to Wire the World and Jonathan E. Hillman E book
Win the Future
22 The Digital War: How China’s Tech Power Shapes the Future Winston Ma, Anthony Scaramucci E book
of AI, Blockchain, and Cyberspace
23 The Great Decoupling: China, America and the Struggle for Nigel Inkster E book
Technological Supremacy
24 The Righteous Mind: Why Good People are Divided by Jonathan Haidt E book
Politics and Religion
25 Understanding cyber security : emerging governance and Gary Schaub Jr CIPS
strategy
26 The Tallinn Manual on International Law Applicable to Cyber General editor Michael N. Schmitt,
Operations
Prof. T. Yamin. Cyber Security, Introductory Lecture 18
IMPORTANT CYBER SECURITY
WEBSITES
Australia: ACSC Homepage | Cyber.gov.au
ASEAN: Cyber Security - ASEAN
AU: Cyber Security | African Union (au.int)
EU: https://www.consilium.europa.eu/
Cisco Cisco - Networking,https://www.consilium.europa.eu/
Cloud, and Cybersecurity Solutions
India: Cyber Security India
Israel: https://cyber.haifa.ac.il/images/pdf/cyber_english_A5_final.pdf
KSA: Cybersecurity in Saudi Arabia - Cyber Insights (cyber-insights.org)
NADRA NADRA
Pakistan – National Database & Registration Authority Official Website
NATO: NATO - Cyber defence
Russia:
Ministry of Digital Development, Communications and Mass Media of th
e Russian Federation - The Russian Government
SCO: CCDCOE
Prof. T. Yamin. Cyber Security, Introductory Lecture 19
• UK National Cyber Security Centre:
National Cyber Security Centre - GOV.UK (www.gov.uk)
• US NSA: Cybersecurity (nsa.gov)
• UK GCHQ: Cyber Security - GCHQ.GOV.UK
• US NSA: Cybersecurity (nsa.gov)
• US DHS: Cybersecurity | Homeland Security (dhs.gov)
• US CISA: Homepage | CISA
• Kaspersky What
is Cyber Security? | Definition, Types, and User Protection (kaspersky.
com)

Prof. T. Yamin. Cyber Security, Introductory Lecture 20

 Q&A

Prof. T. Yamin. Cyber Security, Introductory Lecture 21

 Resource Persons
SHERAZ (Lab Engineer) UZAIR (PA to Associate Dean)
 Qalam/LMS Coordinator • To schedule meetings with
 ICT related issues Associate Dean
• Information related to the department

IBRAHIM (Librarian) AD Exam FAHAD

 Reading Material  Student Record/Dossiers
 Availability of books, articles, magazine,  ID Cards, PG Handbook, Exams
e-articles and e-books.
and attendance.
 Submission of Thesis hard copy & CD.

Prof. T. Yamin. Cyber Security, Introductory Lecture 22