CYBER SECURITY NOTES

UNIT-I Systems, Development of Information Systems, Introduction to Information Security and CIA triad, Need

Introduction- Introduction to Information Systems, Types of Information for Information Security, Threats to
Information Systems, Information Assurance and Security Risk Analysis, Cyber Security.

What is Cyber Security?

The technique of protecting internet-connected systems such as computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks is known as cyber security. We can divide cyber security into
two parts one is cyber, and the other is security. Cyber refers to the technology that includes systems, networks,
programs, and data. And security is concerned with the protection of systems, networks, applications, and
information. In some cases, it is also called electronic information security or information technology security.
Some other definitions of cyber security are:
"Cyber Security is the body of technologies, processes, and practices designed to protect networks, devices,
programs, and data from attack, theft, damage, modification or unauthorized access."
"Cyber Security is the set of principles and practices designed to protect our computing resources and online
information against threats."

Introduction to Information System

The data for an information system can be collected from various inter-
organization and intra-organization sources such as employee personal details and
competitor’s performance. This data can be stored in paper and electronic format.

An information system can be defined as a set of interrelated components that collect, manipulate, store data,
distribute information to support decision making and provide a feedback mechanism to monitor
performance.

It may also help the manager and workers to analyze problems, visualize complex subject, and create new
products. Software, Hardware, information system users, computer system connections and information, and the
system's housing are all part of an Information System.

Components of Information System

The components that must be combined together in order to produce an information system are:
People: Peoples are the most essential part of the information system because without them the system cannot be
operated correctly.
Hardware: It is the part of a physical component of an information system which we can touch. The information
system hardware includes the computer, processors, monitors, printer, keyboards, disk drives, iPads, flash drives,
etc.
Software: It is a set of instruction that tells the hardware what to do. It can be used to organize, process and
analyse data in the information system.
Data: Data is a collection of facts. Information systems work with data. These data can be aggregated, indexed,
and organized into tables and files together to form a database. These databases can become a powerful tool for
every businesses information system.
Network: It includes internet, intranet, extranet to provide successful operations for all types of organizations and
computer-based information system.
Procedures: It specifies the policies that govern the operation of an information system. It describes how specific
method of data are processed and analysed to get the answers for which the information system is designed.
Feedback: It is the component of an information system which defines that an IS may be provided with feedback.

Types of Information system

Fig: Classification of information system

The information systems can be categorized into four types. These are:

1. Executive Information Systems

It is a strategic-level information system which is found at the top of the Pyramid. Its primary goal is to provide
information gathered from both internal and external sources to the senior executives and management to analyse
the environment in which the organization operates, and to plan appropriate courses of action for identifying the
long-term trends. It can also be used to monitor organization performance as well as to identify opportunities and
problems. EIS is designed in such a way that it can be operated directly by executives without the need for
intermediaries.
The role of Executive Information Systems are:

o It is concerned for ease of use.

o It supports unstructured decisions.

o It concerned with predicting the future.

o It is highly flexible.

o It is effective.

o It uses both internal and external data sources.

o It is used only at the higher levels of authority.

2. Decision Support Systems

A DSS or Decision Support System is a computer application program used by senior managers to analyse the
business data and presents it in that form in which the users can make business decisions more easily . These
systems are usually interactive and can be used to solve ill-structured problems in an organization. It helps in
exchanging the information within the organization.
The role of Decision Support System are:

o It supports ill-structured or semi-structured decisions.

o It is used by senior managerial levels.

o It has analytical and/or modeling capacity.

o It is concerned with predicting the future.

3. Management Information Systems

MIS or Management Information System is the use of information technology, people, and business processes to
record, store, manipulate, and process data to produce meaningful information. These information helps decision
makers to make day to day decisions correctly and accurately. It is used to make a tactical decision (middle-term
decision) to ensure the smooth running of an organization. It also helps to evaluate the organization's performance
by comparing previous outputs with current output.
The role of Management Information Systems are:

o It is based on internal information flows.

o It supports relatively structured decisions.

o It is inflexible and has a little analytical capacity.

 o It is used by lower and middle managerial levels.

o It deals with the past and presents rather than the future.

4. Transaction Processing Systems

TPS or transaction processing system is a type of information processing system for business transactions that
involve the collection, storage, modification and retrieval of all data transaction of an enterprise. The
characteristics of a Transaction Processing System includes reliability, performance, and consistency. A TPS is
also known as real-time processing.

The role of Transaction Processing System are:

o It produces the information for other systems.
o It is used by operational personnel plus supervisory levels.
o It is efficiency oriented.

Development of Information System

An Information System Development is a set of activities, methods, best practices, deliverables and automated
tools that every organization use to develop and continuously improve information systems and its related
software.
There are four steps which can be used to develop an information system. These are:
1. Define and understand the problems
The purpose of the first step is to find the scope of the problem and determine solutions. This phase also includes
considered resources, time, cost, and other items for the requirements of the information system.
2. Develop an alternative solution
The purpose of this steps is to find a path to the solution determined by system analysis. In this phase some
solution require modification in the existing system, some solution does not require an information system, and
some solution requires a new system.
3. Evaluate and choose the best solution
The purpose of the third step is to evaluate the feasibility issues related to financial, technical, and organizational.
It measures the time and cost to design an information system. It evaluates the business value of a system and finds
the best solution for developing an information system.
4. Implement the solution
The purpose of the last step is to create the detailed design specification for an information system.
This phase provides complete implementations for-
o Hardware selection and acquisition
o Software development and programming
o Testing such as Unit, System, Acceptance testing
o Training and documentation (Online practice, step-by-step instruction)
o Conversion, i.e., Changing from Old to New System
o Production & maintenance (Review, Objectives, Modification)
o

o
o

o
o

o
o
o
o
o
o
o

o
o

o
 Information System and Security

INTRODUCTION:

An information system (IS) is a collection of hardware, software, data, and people that work together to collect,
process, store, and disseminate information. An IS can be used for a variety of purposes, such as supporting
business operations, decision making, and communication.
Information security refers to the protection of information and information systems from unauthorized
access, use, disclosure, disruption प्रकटीकरण व्यवधान, modification, or destruction. It aims to
protect the confidentiality, integrity, and availability of information and information systems.
 There are several different security measures that organizations can implement to protect their
information systems, such as:
 Firewalls: Firewalls are used to restrict access to an organization’s network and to protect against
unauthorized access.
 Intrusion detection systems: These systems are used to detect and alert organizations to potential security
breaches.
 Encryption: Encryption is used to protect sensitive information by converting it into unreadable code.
 Access controls: Access controls are used to restrict access to information and information systems to
authorized individuals only.
 Security policies: Organizations can implement security policies to ensure that their employees understand
their security responsibilities and adhere to them.
 Security Auditing: Regularly monitoring the system for possible malicious activities and vulnerabilities .
Types of information system

Information systems are categorized based on their scope, purpose, and functionality. Here are the main types of
information systems:
Transaction Processing Systems (TPS): TPSs are used to process and record transactions, such as sales,
purchases, and payments. They are designed to handle high volumes of transactions and are critical for the daily
operations of businesses.
Management Information Systems (MIS): MISs are used to provide managers with the information they need
to make decisions. They typically provide reports and analysis on the performance of the organization, including
financial, operational, and marketing data.
Decision Support Systems (DSS): DSSs are used to support decision-making by providing information and
analysis to users. They use models and analytical tools to analyze data and provide recommendations based on
that analysis.
Executive Support Systems (ESS): ESSs are used to support the strategic decision-making of senior executives.
They provide high-level summaries of data and analysis, typically in the form of dashboards and other
visualizations.
Enterprise Resource Planning (ERP) Systems: ERPs are used to manage and integrate all the business
processes and data of an organization. They typically include modules for finance, HR, inventory management,
and other areas of the business.
Customer Relationship Management (CRM) Systems: CRMs are used to manage customer interactions and
relationships. They provide a 360-degree view of the customer, including their purchase history, preferences, and
feedback.
Supply Chain Management (SCM) Systems: SCMs are used to manage the flow of goods and services from
suppliers to customers. They include modules for inventory management, logistics, and procurement.
Knowledge Management Systems (KMS): KMSs are used to capture, store, and share knowledge and expertise
within an organization. They include tools for collaboration, content management, and search.
Geographic Information Systems (GIS): GISs are used to manage and analyze spatial data. They are used in
fields such as urban planning, environmental management, and natural resource management.
Expert Systems (ES): ESs are used to provide expert-level advice and decision-making in specific domains.
They are typically based on rule-based or knowledge-based systems.
Security Challenge

The number of smart phone devices capable of offering internet technology and experience rivaling desktop
computer standards is growing at a fast pace. Security and privacy concern for mobile devices rival or go beyond
similar concern for a laptop computer as mobile device are even more mobile by nature and are less likely to be
managed by an organization.

Ensure Security:

In order to ensure security, it is necessary to provide at least the following services, which are given below.
1. Authorization:
It is act of determining whether an (authenticate) entity has the right to execute action.

2. Audit:
An auditing service providing a history of action that can be used to determine what (if anything) went
wrong and what caused it to go wrong.

3. Physical authentication:
Some firm of authentication such as an object (a key or a smart card ) or a personal characteristic like a
fingerprint, retinal pattern, hand geometry.

4. Data Confidentiality:
It protects against disclosure of any data while in transit and is provided by encryption of data.

ADVANTAGES OR DISADVANTAGES:

Advantages of implementing information system and security include:

 Protection of sensitive information: By implementing security measures, organizations can protect their
sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction.
 Compliance •अनुपालन: Implementing information security can help organizations meet compliance
requirements, such as HIPAA, PCI-DSS, and SOX.( Database compliance has taken center stage in recent
years due to the exponential rise in Ecommerce and online activity involving Personally identifiable
information (PII). Sarbanes-Oxley Act (SOX) and Payment Card Industry Data Security Standard (PCI DSS)
are two leading compliance protocols that organizations can no longer ignore.)
 Risk management: By implementing security measures, organizations can better manage the risks
associated with their information systems.
 Business continuity: By protecting information systems from natural disasters and other disruptions,
organizations can ensure that their business operations can continue uninterrupted.
 Cost savings: Implementing security measures can help organizations avoid costly data breaches and other
security incidents.
Disadvantages of implementing information system and security include:

 Cost: Implementing security measures can be costly, as it may require additional resources, such as security
experts, to manage the process.
 Time-consuming: Implementing security measures can be time-consuming, especially for organizations that
have not previously used this framework.
 Complexity: Implementing security measures can be complex, especially for organizations that have a lot of
data and systems to protect.
 Inflexibility: Security measures can be inflexible, making it difficult for organizations to respond quickly to
changing security needs.
 Limited Adaptability: Security measures are predefined, which is not adaptable to new technologies, it may
require updating or revising to accommodate new technology.
Security Management System
Security Management System (ISMS) is defined as an efficient method for managing sensitive company
information so that it remains secure. The security management system is a very broad area that generally
includes everything from the supervision of security guards at malls and museums to the installation of high-tech
security management systems that are generally made to protect an organization’s data. Read on to learn more
about this field and get examples of the types of security management in place today.
Feature of Security Management System:
 Security management relates to the physical safety of buildings, people, and products.
 Security management is the identification of the organization’s assets.
 Generally, Security Management System is provided to any enterprise for security management and
procedures as information classification, risk assessment, and risk analysis to identify threats, categorize
assets, and rate.
Importance of security management: There are some important aspects of security management which is
generally provided to any organization and which are given below:
1. Intellectual Property: There are principal reasons, that organizations formalize an innovation management
program, is to gain a competitive edge over the competition. Although if the initial ideation phases are open to
everyone, a lot of work goes into developing and refining those ideas and that refinement is often the difference
between an incremental idea and a transformative one and the companies don’t protect those later stage
refinement activities, then they could lose the competitive edge they gain by instituting an innovation
management program in the first place.
2. Data Integrity: Security Management systems confidence in lots of data to help prioritize and validate
initiatives and generally we could be talking about votes and comments on ideas, ROI data, and beyond. If
security management systems aren’t secure, this data could be stripped or tampered with. It will be simple to
make an idea or project appear more popular or more valuable if the system can be gamed.
3. Personally Identifiable Information: All who participate in a security management program share at least
their personal information in order to log on to the system and where privacy is everything – security
management systems are provided to protect all their users as a matter of course.
4. System Interconnectivity: Generally, security management software interacts with a variety of other systems
like project management, social software, and beyond, etc. Frailness in one system can lead to frailness in others,
which is why any security management system has to be equal to the systems with which it interacts.
Information Security | Integrity
Integrity is the protection of system data from intentional or accidental unauthorized changes. The challenges of
the security program are to ensure that data is maintained in the state that is expected by the users. Although the
security program cannot improve the accuracy of the data that is put into the system by users. It can help ensure
that any changes are intended and correctly applied. An additional element of integrity is the need to protect the
process or program used to manipulate the data from unauthorized modification. A critical requirement of both
commercial and government data processing is to ensure the integrity of data to prevent fraud and errors. It is
imperative, therefore, no user be able to modify data in a way that might corrupt or lose assets or financial
records or render decision making information unreliable. Examples of government systems in which integrity is
crucial include air traffic control system, military fire control systems, social security and welfare systems.
Examples of commercial systems that require a high level of integrity include medical prescription system, credit
reporting systems, production control systems and payroll systems.
Information Security | Confidentiality
Confidentiality is the protection of information in the system so that an unauthorized person cannot access it.
This type of protection is most important in military and government organizations that need to keep plans and
capabilities secret from enemies. However, it can also be useful to businesses that need to protect their
proprietary trade secrets from competitors or prevent unauthorized persons from accessing the company’s
sensitive information (e.g., legal, personal, or medical information). Privacy issues have gained an increasing
amount of attention in the past few years, placing the importance of confidentiality on protecting personal
information maintained in automated systems by both government agencies and private-sector organizations.
Confidentiality must be well-defined, and procedures for maintaining confidentiality must be carefully
implemented. A crucial aspect of confidentiality is user identification and authentication. Positive identification
of each system user is essential in order to ensure the effectiveness of policies that specify who is allowed access
to which data items.
Threats to Confidentiality: Confidentiality can be compromised in several ways. The following are some of the
commonly encountered threats to information confidentiality –
 Hackers
 Masqueraders
 Unauthorized user activity
 Unprotected downloaded files
 Local area networks (LANs)
 Trojan Horses
Confidentiality Models: Confidentiality models are used to describe what actions must be taken to ensure the
confidentiality of information. These models can specify how security tools are used to achieve the desired level
of confidentiality.
Types of Confidentiality :
In Information Security, there are several types of confidentiality:
1. Data confidentiality: refers to the protection of data stored in computer systems and networks from
unauthorized access, use, disclosure, or modification. This is achieved through various methods, such as
encryption and access controls.
2. Network confidentiality: refers to the protection of information transmitted over computer networks from
unauthorized access, interception, or tampering. This is achieved through encryption and secure protocols
such as SSL/TLS.
3. End-to-end confidentiality: refers to the protection of information transmitted between two endpoints, such
as between a client and a server, from unauthorized access or tampering. This is achieved through encryption
and secure protocols.
4. Application confidentiality: refers to the protection of sensitive information processed and stored by
software applications from unauthorized access, use, or modification. This is achieved through user
authentication, access controls, and encryption of data stored in the application.
5. Disk and file confidentiality: refers to the protection of data stored on physical storage devices, such as hard
drives, from unauthorized access or theft. This is achieved through encryption, secure storage facilities, and
access controls.
Overall, the goal of confidentiality in Information Security is to protect sensitive and private information from
unauthorized access, use, or modification and to ensure that only authorized individuals have access to
confidential information.
Uses of Confidentiality :
In the field of information security, confidentiality is used to protect sensitive data and information from
unauthorized access and disclosure. Some common uses include:
1. Encryption: Encrypting sensitive data helps to protect it from unauthorized access and disclosure.
2. Access control: Confidentiality can be maintained by controlling who has access to sensitive information
and limiting access to only those who need it.
3. Data masking: Data masking is a technique used to obscure sensitive information, such as credit card
numbers or social security numbers, to prevent unauthorized access.
4. Virtual private networks (VPNs): VPNs allow users to securely connect to a network over the internet and
protect the confidentiality of their data in transit.
5. Secure file transfer protocols (SFTPs): SFTPs are used to transfer sensitive data securely over the internet,
protecting its confidentiality in transit.
6. Two-factor authentication: Two-factor authentication helps to ensure that only authorized users have
access to sensitive information by requiring a second form of authentication, such as a fingerprint or a one-
time code.
7. Data loss prevention (DLP): DLP is a security measure used to prevent sensitive data from being leaked or
lost. It monitors and controls the flow of sensitive data, protecting its confidentiality.
Issues of Confidentiality :
Confidentiality in information security can be challenging to maintain, and there are several issues that can arise,
including:
1. Insider threats: Employees and contractors who have access to sensitive information can pose a threat to
confidentiality if they intentionally or accidentally disclose it.
2. Cyberattacks: Hackers and cybercriminals can exploit vulnerabilities in systems and networks to access and
steal confidential information.
3. Social engineering: Social engineers use tactics like phishing and pretexting to trick individuals into
revealing sensitive information, compromising its confidentiality.
4. Human error: Confidential information can be accidentally disclosed through human error, such as sending
an email to the wrong recipient or leaving sensitive information in plain sight.
5. Technical failures: Technical failures, such as hardware failures or data breaches, can result in the loss or
exposure of confidential information.
6. Inadequate security measures: Inadequate security measures, such as weak passwords or outdated
encryption algorithms, can make it easier for unauthorized parties to access confidential information.
7. Legal and regulatory compliance: Confidentiality can be impacted by legal and regulatory requirements,
such as data protection laws, that may require the disclosure of sensitive information in certain
circumstances.

CIA Triad
The CIA triad is one of the most important models which is designed to guide policies for information security
within an organization.
CIA stands for :
1. Confidentiality
2. Integrity
3. Availability

These are the objectives that should be kept in mind while securing a network.
Confidentiality

Confidentiality means that only authorized individuals/systems can view sensitive or classified information. The
data being sent over the network should not be accessed by unauthorized individuals. The attacker may try to
capture the data using different tools available on the Internet and gain access to your information. A primary
way to avoid this is to use encryption techniques to safeguard your data so that even if the attacker gains access
to your data, he/she will not be able to decrypt it. Encryption standards include AES(Advanced Encryption
Standard) and DES (Data Encryption Standard). Another way to protect your data is through a VPN tunnel. VPN
stands for Virtual Private Network and helps the data to move securely over the network.

Integrity

The next thing to talk about is integrity. Well, the idea here is to make sure that data has not been modified.
Corruption of data is a failure to maintain data integrity. To check if our data has been modified or not, we make
use of a hash function.

We have two common types: SHA (Secure Hash Algorithm) and MD5(Message Direct 5). Now MD5 is a 128-
bit hash and SHA is a 160-bit hash if we’re using SHA-1. There are also other SHA methods that we could use
like SHA-0, SHA-2, and SHA-3.
Let’s assume Host ‘A’ wants to send data to Host ‘B’ to maintain integrity. A hash function will run over the
data and produce an arbitrary hash value H1 which is then attached to the data. When Host ‘B’ receives the
packet, it runs the same hash function over the data which gives a hash value of H2. Now, if H1 = H2, this
means that the data’s integrity has been maintained and the contents were not modified.
Availability

This means that the network should be readily available to its users. This applies to systems and to data. To
ensure availability, the network administrator should maintain hardware, make regular upgrades, have a plan for
fail-over, and prevent bottlenecks in a network. Attacks such as DoS or DDoS may render a network unavailable
as the resources of the network get exhausted. The impact may be significant to the companies and users who
rely on the network as a business tool. Thus, proper measures should be taken to prevent such attacks.
 Need Of Information Security
Information system means to consider available countermeasures or controls stimulated through uncovered
vulnerabilities and identify an area where more work is needed. The purpose of data security management is to
make sure business continuity and scale back business injury by preventing and minimizing the impact of
security incidents.
The basic principle of Information Security is:
1. Confidentiality: Confidentiality refers to protecting sensitive information from unauthorized access or
disclosure. This involves keeping confidential data secure and accessible only to those who are authorized to
access it.
2. Authentication: Authentication is a crucial aspect of the principle of Information Security and is used to
verify the identity of individuals or systems attempting to access sensitive information or systems. It is a
process of verifying that a person or system is who or what it claims to be. Authentication is a critical
component of Confidentiality and Availability as it helps prevent unauthorized access to sensitive
information and systems.
3. Non-Repudiation: Non-repudiation is a principle of Information Security that refers to the ability to prove
that an action or transaction took place and that it was performed by a specific individual or system. The term
“non-repudiation” implies that an action or transaction cannot be denied by the individual or system that
performed it.
4. Integrity: Integrity refers to the accuracy and completeness of information and the prevention of
unauthorized or accidental modification of data. This ensures that data is not tampered with and remains
trustworthy.
Threats to Information Security:

1. Types of Cyber Attacks:

Cyber attacks are a major threat to information security and can take many forms, including:
 Malware: Malicious software designed to damage or disrupt computer systems. This includes viruses,
worms, and Trojans.
 Phishing: Fraudulent emails or websites designed to trick users into disclosing sensitive information such as
passwords or credit card numbers.
 Denial of Service (DoS) attacks: Attacks that aim to make a system or network unavailable to its intended
users by overwhelming it with traffic.
 Ransomware: Malware that encrypts files on a computer system and demands a ransom payment in
exchange for the decryption key.
 Social engineering: The use of psychological manipulation to trick individuals into disclosing sensitive
information or performing actions that compromise security.
2. Risks posed by Cyber Attacks:
Cyber attacks pose a significant risk to organizations and individuals. Some of the risks posed by these attacks
include:
 Data Loss: Cyber attacks can result in the theft or destruction of sensitive information, leading to data loss.
 Reputation Damage: Cyber attacks can damage an organization’s reputation and credibility, which can be
difficult and expensive to repair.
Current State of Information Security:

1. Measures being taken to improve Information Security:

There are several measures being taken to improve information security, including:
 Security Awareness Training: Many organizations provide security awareness training to employees to
help them identify and respond to security threats.
 Encryption: Encryption is used to protect sensitive information as it is transmitted or stored. This helps
prevent unauthorized access or theft of data.
 Firewalls: Firewalls are used to control access to computer networks and help prevent unauthorized access
to sensitive information.
 Access Controls: Access controls are used to restrict access to sensitive information and systems to only
those who need it.
 Penetration Testing: Penetration testing is used to identify vulnerabilities in an organization’s systems and
to test its defenses against cyber attacks.
2. Evaluating the effectiveness of these measures:
Evaluating the effectiveness of these measures is important to ensure that information security is being
effectively managed. This involves regularly reviewing and updating security policies and procedures and testing
the security of systems and networks.
3. Challenges in implementing Information Security:
Despite the measures being taken to improve information security, there are still several challenges that
organizations face, including:
 Keeping up with evolving threats: Cyber threats are constantly evolving, and it can be difficult for
organizations to keep up with the latest threats and stay ahead of potential attacks.
 Integration of security into business processes: Integrating security into business processes can be
challenging, as it requires a significant investment of time and resources.
 Employee compliance: Employee compliance with security policies and procedures is crucial to the success
of information security efforts. Ensuring that employees understand the importance of security and follow
security protocols can be a challenge.
 Limited resources: Implementing effective information security measures requires significant financial and
human resources. Many organizations face challenges in allocating sufficient resources to information
security.
Information Assurance Model in Cyber Security
Information Assurance concerns implementation of methods that focused on protecting and safeguarding
critical information and relevant information systems by assuring confidentiality, integrity, availability, and non-
repudiation. It is strategic approach focused which focuses more on deployment of policies rather than building
infrastructures.
Information Assurance Model :
The security model is multidimensional model based on four dimensions :

1. Information States –
Information is referred to as interpretation of data which can be found in three states stored, processed, or
transmitted.
2. Security Services –
It is fundamental pillar of the model which provides security to system and consists of five services namely
availability, integrity, confidentiality, authentication, and non-repudiation.

3. Security Countermeasures –
This dimension has functionalities to save system from immediate vulnerability by accounting for
technology, policy & practice, and people.

4. Time –
This dimension can be viewed in many ways. At any given time data may be available offline or online,
information and system might be in flux thus, introducing risk of unauthorized access. Therefore, in every
phase of System Development Cycle, every aspect of Information Assurance model must be well defined and
well implemented in order to minimize risk of unauthorized access.

Information States :

1. Transmission –
It defines time wherein data is between processing steps.
Example :
In transit over networks when user sends email to reader, including memory and storage encountered during
delivery.

2. Storage –
It defines time during which data is saved on medium such as hard drive.Example: Saving document on file
server’s disk by user.

3. Processing –
It defines time during which data is in processing state.
 Example :
Data is processed in random access memory (RAM) of workstation.

Security Services :

1. Confidentiality –
It assures that information of system is not disclosed to unauthorized access and is read and interpreted only
by persons authorized to do so. Protection of confidentiality prevents malicious access and accidental
disclosure of information. Information that is considered to be confidential is called as sensitive
information.
To ensure confidentiality data is categorized into different categories according to damage severity and then
accordingly strict measures are taken.
Example :
Protecting email content to read by only desired set of users. This can be insured by data encryption. Two-
factor authentication, strong passwords, security tokens, and biometric verification are some popular norms
for authentication users to access sensitive data.

2. Integrity –
It ensures that sensitive data is accurate and trustworthy and can not be created, changed, or deleted without
proper authorization. Maintaining integrity involves modification or destruction of information by
unauthorized access.
To ensure integrity backups should be planned and implemented in order to restore any affected data in case
of security breach. Besides this cryptographic checksum can also be used for verification of data.
Example :
Implementation of measures to verify that e-mail content was not modified in transit. This can be achieved
by using cryptography which will ensure that intended user receives correct and accurate information.

3. Availability –
It guarantees reliable and constant access to sensitive data only by authorized users. It involves measures to
sustain access to data in spite of system failures and sources of interference.
To ensure availability of corrupted data must be eliminated, recovery time must be speed up and physical
infrastructure must be improved.
Example :
Accessing and throughput of e-mail service.

4. Authentication –
It is security service that is designed to establish validity of transmission of message by verification of
individual’s identity to receive specific category of information.
To ensure availability of various single factors and multi-factor authentication methods are used. A single
factor authentication method uses single parameter to verify users’ identity whereas two-factor authentication
uses multiple factors to verify user’s identity.
 Example :
Entering username and password when we log in to website is example of authentication. Entering correct
login information lets website verify our identity and ensures that only we access sensitive information.

5. Non-Repudiation –
It is mechanism to ensure sender or receiver cannot deny fact that they are part of data transmission. When
sender sends data to receiver, it receives delivery confirmation. When receiver receives message it has all
information attached within message regarding sender.
Example :
A common example is sending SMS from one mobile phone to another. After message is received
confirmation message is displayed that receiver has received message. In return, message received by
receiver contains all information about sender.

Security Countermeasures :

1. People –
People are heart of information system. Administrators and users of information systems must follow
policies and practice for designing good system. They must be informed regularly regarding information
system and ready to act appropriately to safeguard system.

2. Policy & Practice –

Every organization has some set of rules defined in form of policies that must be followed by every
individual working in organization. These policies must be practiced in order to properly handle sensitive
information whenever system gets compromised.

3. Technology –
Appropriate technology such as firewalls, routers, and intrusion detection must be used in order to defend
system from vulnerabilities, threats. The technology used must facilitate quick response whenever
information security gets compromised.

Cyber Security Risk Analysis

Risk analysis refers to the review of risks associated with the particular action or event. The risk analysis is applied
to information technology, projects, security issues and any other event where risks may be analysed based on a
quantitative and qualitative basis. Risks are part of every IT project and business organizations. The analysis of risk
should be occurred on a regular basis and be updated to identify new potential threats. The strategic risk analysis
helps to minimize the future risk probability and damage.
Enterprise and organization used risk analysis:

o To anticipates and reduce the effect of harmful results occurred from adverse events.

o To plan for technology or equipment failure or loss from adverse events, both natural and human-caused.

o To evaluate whether the potential risks of a project are balanced in the decision process when evaluating to
move forward with the project.
 o To identify the impact of and prepare for changes in the enterprise environment.

Benefits of risk analysis

Every organization needs to understand about the risks associated with their information systems to effectively and
efficiently protect their IT assets. Risk analysis can help an organization to improve their security in many ways.
These are:

o Concerning financial and organizational impacts, it identifies, rate and compares the overall impact of risks
related to the organization.

o It helps to identify gaps in information security and determine the next steps to eliminate the risks of
security.

o It can also enhance the communication and decision-making processes related to information security.

o It improves security policies and procedures as well as develop cost-effective methods for implementing
information security policies and procedures.

o It increases employee awareness about risks and security measures during the risk analysis process and
understands the financial impacts of potential security risks.

Steps in the risk analysis process

The basic steps followed by a risk analysis process are:
Conduct a risk assessment survey:
Getting the input from management and department heads is critical to the risk assessment process. The risk
assessment survey refers to begin documenting the specific risks or threats within each department.
Identify the risks:
This step is used to evaluate an IT system or other aspects of an organization to identify the risk related to software,
hardware, data, and IT employees. It identifies the possible adverse events that could occur in an organization such
as human error, flooding, fire, or earthquakes.
Analyse the risks:
Once the risks are evaluated and identified, the risk analysis process should analyse each risk that will occur, as
well as determine the consequences linked with each risk. It also determines how they might affect the objectives
of an IT project.
Develop a risk management plan:
After analysis of the Risk that provides an idea about which assets are valuable and which threats will probably
affect the IT assets negatively, we would develop a plan for risk management to produce control recommendations
that can be used to mitigate, transfer, accept or avoid the risk.
Implement the risk management plan:
The primary goal of this step is to implement the measures to remove or reduce the analyses risks. We can remove
or reduce the risk from starting with the highest priority and resolve or at least mitigate each risk so that it is no
longer a threat.
Monitor the risks:
This step is responsible for monitoring the security risk on a regular basis for identifying, treating and managing
risks that should be an essential part of any risk analysis process.

Types of Risk Analysis

The essential number of distinct approaches related to risk analysis are:

Qualitative Risk Analysis

o The qualitative risk analysis process is a project management technique that prioritizes risk on the project
by assigning the probability and impact number. Probability is something a risk event will occur whereas
impact is the significance of the consequences of a risk event.

o The objective of qualitative risk analysis is to assess and evaluate the characteristics of individually
identified risk and then prioritize them based on the agreed-upon characteristics.

o The assessing individual risk evaluates the probability that each risk will occur and effect on the project
objectives. The categorizing risks will help in filtering them out.

o Qualitative analysis is used to determine the risk exposure of the project by multiplying the probability and
impact.

Quantitative Risk Analysis

o The objectives of performing quantitative risk analysis process provide a numerical estimate of the overall
effect of risk on the project objectives.

o It is used to evaluate the likelihood of success in achieving the project objectives and to estimate
contingency reserve, usually applicable for time and cost.

o Quantitative analysis is not mandatory, especially for smaller projects. Quantitative risk analysis helps in
calculating estimates of overall project risk which is the main focus.
Information Security Threats
Cybersecurity threats reflect the risk of experiencing a cyberattack.
A cyberattack is an intentional and malicious effort by an organization or an individual to breach the
systems of another organization or individual.
The attacker’s motives may include information theft, financial gain, espionage (गुप्‍तचरी), or
sabotage अंतध्वंस.
We can identify threats that are significant to your organization and ensure you are protected.

1. Malware attack
Attacks use many methods to get malware into a user’s device, most often social engineering.
1. Users may be asked to take an action, such as clicking a link or opening an attachment .
2. In other cases, malware uses vulnerabilities in browsers or operating systems to install themselves
without the user’s knowledge or consent.
Once malware is installed, it can monitor user activities, send confidential data to the attacker, assist the attacker
in penetrating(लक्ष्यों को भेदने) other targets within the network.
Malware attacks include:
 Trojan virus — tricks a user into thinking it is a harmless file. A Trojan can launch an attack on a
system and can establish a backdoor, which attackers can use.
 Ransomware — prevents access to the data of the victim and threatens to delete or publish it unless a
ransom is paid. Wiper malware — intends to destroy data or systems, by overwriting targeted files or
destroying an entire file system. Wipers are usually intended to send a political message, or hide hacker
activities after data exfiltration.
 Worms — this malware is designed to exploit(फायदा उठाने) backdoors and
vulnerabilities(खामियां, कमजोर, चपेट) to gain unauthorized access to operating systems.
After installation, the worm can perform various attacks, including Distributed Denial(इनकार) of
Service (DDoS).
 Spyware — this malware enables malicious actors to gain unauthorized access to data, including
sensitive information like payment details and credentials. Spyware can affect mobile phones, desktop
applications, and desktop browsers.
 Fileless malware — this type of malware does not require installing software on the operating system. It
makes native files such as PowerShell(It is an automation framework and scripting language which was
 developed by Microsoft. It provides a command-line shell and scripting language which is integrated with
the .Net framework, and it can also be embedded with other applications.) and WMI(The Microsoft
Windows operating system is deeply integrated with WMI. WMI is a part of the infrastructure for
management data and operations on Windows-based operating systems.) editable to enable malicious
functions, making them recognized as legitimate(valid) and difficult to detect.
2. Social engineering attacks
Social engineering attacks work by psychologically manipulating users into performing actions desirable to an
attacker, or divulging(खुलासा करना) sensitive information.
Social engineering attacks include:
 Phishing(Phishing emails) — attackers send fraudulent correspondence that seems to come from
legitimate sources, usually via email. The email may urge the user to perform an important action or
click on a link to a malicious website, leading them to hand over sensitive information to the attacker, or
expose themselves to malicious downloads. Phishing emails may include an email attachment infected
with malware.
 Spear(शूल) phishing — a variant of phishing in which attackers specifically target individuals with
security privileges or influence, such as system administrators or senior executives .
 Malvertising(advertising) मालवेयर बनाना — online advertising controlled by hackers, which
contains malicious code that infects a user’s computer when they click, or even just view the ad.
Malvertising has been found on many leading online publications.
 Drive-by downloads — attackers can hack websites and insert malicious scripts into PHP or HTTP code
on a page. When users visit the page, malware is directly installed on their computer; or, the attacker’s
script redirects users to a malicious site, which performs the download. Drive-by downloads rely on
vulnerabilities in browsers or operating systems.
 Scareware security software — pretends to scan for malware and then regularly shows the user fake
warnings and detections. Attackers may ask the user to pay to remove the fake threats from their
computer or to register the software. Users who comply transfer their financial details to an attacker.
 Baiting लालच — occurs when a threat actor tricks a target into using a malicious device, placing a
malware-infected physical device, like a USB, where the target can find it. Once the target inserts the
device into their computer, they unintentionally install the malware.
 Vishing — voice phishing (vishing) attacks use social engineering techniques to get targets to divulge
प्रकट करना financial or personal information over the phone.
 Whaling (disclosing confidential information. ) (big fish/whales filshes) — this phishing attack targets
high-profile employees (whales), such as the chief executive officer (CEO) or chief financial officer
(CFO). The threat actor attempts to trick the target into disclosing confidential information.
 Pretexting बहाना बनाना — occurs when a threat actor lies to the target to gain access to
privileged data. A pretexting scam may involve a threat actor pretending to confirm the target’s identity
by asking for financial or personal data.
 Diversion theft — threat actors use social engineers to trick a courier or delivery company into going to
a wrong drop-off or pickup location, intercepting बेधने the transaction.
 Honey trap — a social engineer assumes a fake identity as an attractive person to interact with a target
online. The social engineer fakes an online relationship and gathers sensitive information through this
relationship.
  piggybacking — occurs when a threat actor enters a secured building by following authorized personnel.
Typically, the staff with legitimate access assumes the person behind is allowed entrance, holding the
door open for them.
 Pharming — an online fraud scheme during which a cybercriminal installs malicious code on a server or
computer. The code automatically directs users to a fake website, where users are tricked into providing
personal data.
3. Software supply chain attacks
A software supply chain attack is a cyber attack against an organization that targets weak links in its trusted
software update and supply chain. A supply chain is the network of all individuals, organizations, resources,
activities, and technologies involved in the creation and sale of a product. A software supply chain attack
exploits the trust that organizations have in their third-party vendors, particularly in updates and patching.
4. Advanced persistent threats (APT)
When an individual or group gains unauthorized access to a network and remains undiscovered for an extended
period of time, attackers may exfiltrate बाहर निकलना sensitive data, avoiding detection by the
organization’s security staff.
APTs require sophisticated attackers and involve major efforts, so they are typically launched against nation
states, large corporations, or other highly valuable targets.
Common indicators of an APT presence include:
 New account creation — the P in Persistent comes from an attacker creating an identity or credential on
the network with elevated privileges.
 Abnormal activity — legitimate user accounts typically perform in patterns. Abnormal activity on these
accounts can indicate an APT is occurring, including noting a stale account which was created then left
unused for a time suddenly being active.
 Backdoor/trojan horse malware — extensive use of this method enables APTs to maintain long-term
access.
 Odd database activity — for example, a sudden increase in database operations with massive amounts
of data.
 Unusual data files — the presence of these files can indicate data has been bundled into files to assist in
an exfiltration process.
5. Distributed denial of service (DDoS)(attack on network as n/w traffi) load)
The objective of a denial of service (DoS) attack is to overwhelm(fill) the resources of a target system and cause
it to stop functioning, denying access to its users.
Distributed denial of service (DDoS) is a variant of DoS in which attackers compromise a large number of
computers or other devices, and use them in a coordinated attack against the target system.
DDoS attacks are often used in combination with other cyberthreats. These attacks may launch a denial of
service to capture the attention of security staff and create confusion, while they carry out more subtle attacks
aimed at stealing data or causing other damage.
Note: what is botnets:-
(A botnet is a network of private computers that hackers have infected with malicious software. The hackers then
control these computers remotely without the knowledge of their owners. Cybercriminals might then use the computers
they’ve infected to flood other servers with traffic to shut down targeted websites. They might also use infected
computers to mine cryptocurrency, flood the internet with spam, send phishing emails in an attempt to trick victims into
giving up their personal and financial information or send waves of traffic to sites that earn money from all these visits.)
Methods of DDoS attacks include:
 Botnets — systems under hacker control that have been infected with malware. Attackers use these bots
to carry out DDoS attacks. Large botnets can include millions of devices and can launch attacks at
devastating scale.
 Smurf attack(fack symbol or msg) — sends Internet Control Message Protocol (ICMP) echo requests
to the victim’s IP address. The ICMP requests are generated from ‘spoofed’ IP addresses. Attackers
automate this process and perform it at scale to overwhelm a target system.
 TCP SYN flood attack — attacks flood the target system with connection requests. When the target
system attempts to complete the connection, the attacker’s device does not respond, forcing the target
system to time out. This quickly fills the connection queue, preventing legitimate users from connecting.
6. Man-in-the-middle attack (MitM)
When users or devices access a remote system over the internet, they assume they are communicating directly
with the server of the target system. In a MitM attack, attackers break this assumption, placing themselves in
between the user and the target server.
Once the attacker has intercepted communications, they may be able to compromise a user’s credentials, steal
sensitive data, and return different responses to the user.
MitM attacks include:
 Session hijacking — an attacker hijacks a session between a network server and a client. The attacking
computer substitutes its IP address for the IP address of the client. The server believes it is corresponding
with the client and continues the session.
 Replay attack — a cybercriminal eavesdrops on network communication and replays messages at a later
time, pretending to be the user. Replay attacks have been largely mitigated by adding timestamps to
network communications.
 IP spoofingधोखा — an attacker convinces a system that it is corresponding with a trusted, known
entity. The system thus provides the attacker with access. The attacker forges its packet with the IP
source address of a trusted host, rather than its own IP address.
 Eavesdropping attack — attackers leverage insecure network communication to access information
transmitted between the client and server. These attacks are difficult to detect because network
transmissions appear to act normally.
 Bluetooth attacks — Because Bluetooth is often open in promiscuous अनेक mode, there are
many attacks, particularly against phones, that drop contact cards and other malware through open and
receiving Bluetooth connections. Usually this compromise of an endpoint is a means to an end, from
harvesting credentials to personal information.
7. Password attacks
A hacker can gain access to the password information of an individual by ‘sniffing’ the connection to the
network, using social engineering, guessing, or gaining access to a password database. An attacker can ‘guess’ a
password in a random or systematic way.
Password attacks include:
 Brute-force password guessing — an attacker uses software to try many different passwords, in hopes
of guessing the correct one. The software can use some logic to trying passwords related to the name of
the individual, their job, their family, etc.
 Dictionary attack — a dictionary of common passwords is used to gain access to the computer and
network of the victim. One method is to copy an encrypted file that has the passwords, apply the same
encryption to a dictionary of regularly used passwords, and contrast the findings.
 Pass-the-hash attack — an attacker exploits the authentication protocol in a session and captures a
password hash (as opposed to the password characters directly) and then passes it through for
authentication and lateral access to other networked systems. In these attack types, the threat actor
doesn’t need to decrypt the hash to obtain a plain text password.