Q) Discuss key loggers and its type ->

Keyloggers can be classified into two keystrokes, which makes them

main categories: software-based and difficult to detect with regular
hardware-based. Below are the antivirus software.
different types of keyloggers within Use Case: Typically used by
these categories: advanced malware or spyware to
Software-Based Keyloggers ensure the capture of all system
These keyloggers are software activity, including sensitive
programs installed on the target information entered into secure
system, often without the user’s applications.
knowledge. They can be standalone c. API-Based Keyloggers:
programs or part of a broader suite Description: These keyloggers rely on
of malware. the Windows API (or other OS APIs)
Application-Level Keyloggers: to intercept keystrokes.
Description: These keyloggers How it Works: They monitor specific
operate at the application level and functions like GetAsyncKeyState or
monitor keystrokes that are typed GetKeyState in Windows to capture
into specific applications, such as the keystrokes typed by the user.
web browsers or email clients. Use Case: Often simpler to
How it Works: They hook into the implement but detectable by more
target application, capturing advanced anti-malware programs
keystrokes and sending them to the due to their reliance on known
attacker. system APIs.
Use Case: Common in scenarios 2. Hardware-Based Keyloggers
where specific application data is Unlike software keyloggers,
targeted, like capturing login hardware-based keyloggers are
credentials from a banking site. physical devices that are often
b. Kernel-Level Keyloggers: inserted between the keyboard and
Description: More sophisticated and the computer. They don’t require
harder to detect, kernel-level software installation and are often
keyloggers operate at the core of the harder to detect.
operating system (kernel), allowing a. USB Keyloggers:
them to intercept all keystrokes Description: These devices are
across the entire system. physically connected to the USB port
How it Works: These keyloggers between the keyboard and the
manipulate the OS kernel to monitor computer.
 How it Works: The device intercepts Use Case: Common in scenarios
the keystrokes sent from the involving older systems still using
keyboard to the computer and stores PS/2 connections.
them in internal memory. Some USB c. Wireless Keyloggers:
keyloggers also allow for remote Description: These keyloggers
retrieval of the data. intercept wireless signals sent
Use Case: Used in physical attacks between a wireless keyboard and
where an attacker has temporary the receiver connected to the
access to the victim’s computer. computer.
b. PS/2 Keyloggers: How it Works: They capture
Description: Similar to USB keystrokes by listening to the
keyloggers but designed for older wireless communication between
PS/2 keyboards. the keyboard and the receiver.
How it Works: These devices sit Use Case: Effective against wireless
between the PS/2 keyboard cable keyboards, often used by attackers
and the computer, capturing all within range of the wireless signal.
keystrokes as they are typed.

Q) Short note on SOX ->

The Sarbanes-Oxley Act of 2002 2. CEO and CFO Accountability: SOX
(SOX) is a U.S. federal law enacted to requires the CEO and CFO to
protect investors by improving the personally certify the accuracy of
accuracy and reliability of corporate financial statements and disclosures,
disclosures. The law was passed in making them legally accountable for
response to major financial scandals, any fraud.
including Enron and WorldCom, 3. Internal Controls: Section 404 of SOX
which shook investor confidence in mandates that companies establish
the integrity of financial reporting. and maintain effective internal
controls over financial reporting.
Key Provisions of SOX:
Auditors must assess and report on
1. Increased Financial Transparency: these controls.
Companies must adhere to stricter 4. Auditor Independence: SOX restricts
financial reporting standards, audit firms from providing certain
ensuring accuracy in their financial consulting services to clients to
statements. prevent conflicts of interest.
5. Enhanced Penalties: SOX imposes accountability, improving financial
severe penalties for fraudulent transparency, and deterring
financial activity, including fines and corporate fraud. It applies to all
imprisonment. publicly traded companies in the
Importance: U.S. and has had a significant impact
SOX is designed to restore public on corporate governance practices
trust in corporate governance and globally.
financial reporting by increasing

Q) Short note on HIPAA ->

The Health Insurance Portability and from unauthorized access or
Accountability Act (HIPAA), enacted breaches.
in 1996, is a U.S. law designed to 3. Breach Notification Rule: Mandates
protect the privacy and security of that covered entities must notify
individuals' medical information. It affected individuals, the Department
applies to healthcare providers, of Health and Human Services (HHS),
health plans, and healthcare and, in some cases, the media, in the
clearinghouses, as well as their event of a data breach involving PHI.
business associates that handle 4. Enforcement Rule: Establishes
sensitive patient data. guidelines for investigations,
Key Provisions of HIPAA: penalties, and fines for non-
1. Privacy Rule: Establishes national compliance with HIPAA regulations,
standards to protect individuals' including civil and criminal penalties
medical records and personal health for violations.
information (PHI). It grants patients Importance:
rights over their health information, HIPAA ensures the confidentiality,
including the right to access and integrity, and security of patient
request corrections. information, promotes healthcare
2. Security Rule: Requires covered data privacy, and helps prevent
entities to implement safeguards— healthcare fraud. Compliance with
administrative, physical, and HIPAA is crucial for protecting
technical—to protect electronic patient trust and avoiding
protected health information (ePHI) substantial penalties.

Q) IT ACT 2008 amendment ->

 IT Amendment Act, 2008: 3. Corporate Responsibility for Data
The IT Amendment Act, 2008 was Protection:
introduced to update the original IT o Introduces Section 43A, which holds
Act, 2000, by addressing gaps and organizations liable for failing to
introducing stronger provisions implement reasonable security
against cybercrimes. It also practices to protect sensitive
accommodates advancements in personal data. Compensation is
technology and the widespread use awarded for any resulting loss or
of the internet in daily transactions. harm.
Key Provisions of the IT Amendment 4. Intermediary Liability:
Act, 2008: o Section 79 exempts intermediaries
1. Introduction of Cyber Security (such as ISPs, platforms like social
Provisions: media) from liability for third-party
o Defines cyber terrorism (Section 66F)
content, provided they observe due
and imposes life imprisonment for diligence and comply with legal
those involved in using computer takedown notices. This provision
resources to threaten national aims to clarify the roles and
security. responsibilities of internet
intermediaries.
o Focuses on data protection and
information security, with penalties 5. Digital Signatures and Electronic
for unauthorized access to data, Authentication:
breach of privacy, and hacking. o Recognizes electronic signatures and

2. Stronger Provisions for Cybercrimes: digital signatures as valid means for

authenticating documents and
o Includes new sections addressing
conducting transactions
offenses like identity theft (Section electronically.
66C), impersonation (Section 66D),
child pornography (Section 67B), and 6. Appointment of Certifying
phishing. Authorities:
o Ensures that digital signatures and
o Expands punishment for sending
offensive messages through encryption keys are verified by
communication services (Section trusted certifying authorities,
66A, later struck down in 2015 by creating a reliable system for
the Supreme Court of India for electronic transactions.
violating free speech).
 Q) how the intellectual property laws protect the rights of owner of the
intellectual property ->
Intellectual property (IP) laws 2. Copyright (for Creative Works)
protect the rights of creators and  What is Protected: Copyright
owners by granting them exclusive protects original literary, artistic,
rights over the use, distribution, and musical, and other creative works,
commercialization of their creations including books, films, software,
or inventions. These laws ensure paintings, and music.
that individuals or organizations can  Rights Granted: The copyright holder
benefit financially from their work has exclusive rights to reproduce,
and prevent others from using it distribute, perform, display, and
without permission. IP laws cover a create derivative works. The
broad range of creations, including duration typically lasts the life of the
inventions, literary and artistic author plus 70 years (in many
works, symbols, names, images, and jurisdictions).
designs.  How it Protects: Copyright prevents
Key Ways Intellectual Property Laws others from copying, distributing, or
Protect Owners' Rights: publicly performing the work
1. Patents (for Inventions) without the creator's permission.
 What is Protected: Patents protect The owner can pursue legal action in
new inventions, processes, or cases of infringement.
technological innovations.  Example: An author holds the
 Rights Granted: The patent holder copyright to their book, meaning no
has exclusive rights to manufacture, one can reproduce or distribute the
sell, or license the invention for a book without permission.
limited period, usually 20 years. 3. Trademarks (for Brands and Logos)
 How it Protects: A patent prevents  What is Protected: Trademarks
others from making, using, or selling protect names, symbols, logos,
the patented invention without slogans, and designs used to identify
permission. If someone infringes on goods or services and distinguish
the patent, the owner can seek legal them from others.
action and demand compensation  Rights Granted: The owner of a
for unauthorized use. trademark has the exclusive right to
 Example: A pharmaceutical company use the mark in commerce and to
can patent a new drug formula, prevent others from using similar
preventing competitors from marks that might confuse
producing the drug without consent. consumers.
 How it Protects: Trademark laws confidential business information
help brand owners protect their that provides a competitive edge.
reputation and market position by  Rights Granted: Trade secrets are
preventing competitors from using protected as long as they remain
similar signs that may mislead confidential. There is no expiration
customers. Unauthorized use can period for protection.
lead to lawsuits for infringement.  How it Protects: Trade secret laws
 Example: The logo of a popular prevent unauthorized acquisition,
coffee brand is protected by use, or disclosure of confidential
trademark, so no other company can information. If a competitor steals a
use a similar design for selling trade secret (through industrial
coffee. espionage, for instance), the owner
4. Trade Secrets (for Confidential can take legal action.
Business Information)  Example: The formula for a popular
 What is Protected: Trade secrets soft drink is a trade secret, and
include proprietary formulas, anyone who unlawfully obtains or
processes, methods, designs, or any discloses it could face legal
consequences.

Q) Explain Smishing ->

Smishing (a portmanteau of "SMS" importance to trick users into taking
and "phishing") is a type of immediate action. The attacker
cyberattack where attackers use SMS usually sends a text message
text messages to deceive individuals pretending to be from a legitimate
into revealing personal information, source, such as a bank, government
such as login credentials, credit card agency, online retailer, or popular
details, or other sensitive data. service provider, urging the recipient
Smishing is a form of social to click on a malicious link,
engineering attack and is similar to download malware, or respond with
phishing, which typically occurs via sensitive information.
email, but in this case, the attack is Steps in a Smishing Attack:
delivered through SMS or mobile 1. Attack Initiation: The attacker sends
messaging apps. a fraudulent SMS message to the
How Smishing Works victim, typically from a number that
Smishing attacks often rely on may appear to be from a trusted
creating a sense of urgency or source.
2. Message Content: The SMS usually Examples of Smishing Scenarios
contains one of the following 1. Bank Alerts:
elements: o Example: "Your bank account has
o A link to a fake website designed to been temporarily suspended due to
steal information. suspicious activity. Please verify your
o A phone number to call, which details by clicking the link below to
connects the victim to the attacker reactivate your account."
posing as a legitimate entity. o The provided link leads to a fake
o A request for personal information, banking website designed to steal
like account details, passwords, or login credentials or other sensitive
PINs, often presented as an urgent details.
matter (e.g., a bank account is Smishing Attack Techniques
blocked, or a payment issue requires 1. Malicious Links: The SMS contains a
immediate attention). clickable URL that redirects to a fake
3. Victim Action: If the victim clicks the website designed to steal personal
link, they are taken to a malicious data. These links often look
website that mimics a legitimate legitimate at first glance but use
service. This site may ask them to domain names that mimic real
input sensitive details (such as a organizations.
username, password, or credit card 2. Phone-based Social Engineering:
number). Alternatively, clicking the Some smishing attacks prompt
link may cause malicious software to victims to call a fake customer
be installed on their device. service number where attackers
4. Exfiltration of Information: Once the impersonate bank officials, tech
victim submits the requested support, or other trusted entities to
information, the attacker collects it solicit sensitive information directly
for fraudulent activities like identity
theft, unauthorized transactions, or
further targeted attacks.

Q) Type of Phishing ->

There are many types of phishing  Spear phishing: Targets a specific
attacks, including: individual or group, such as a
 Email phishing: The most common company's system administrator
type of phishing attack, where a  Whaling: Targets high-level
deceptive email appears to be from executives, such as CEOs and CFOs
a legitimate company
 Vishing: Uses the phone to try to but with a malicious link or
steal information attachment
 Smishing: Uses SMS (text messages)  Pharming: A highly technical form of
instead of email phishing that can be harder to
 Angler phishing: Uses fake social detect
media accounts belonging to well-  HTTPS phishing: Sends a victim an
known organizations email with a link to a fake website
 Clone phishing: Creates a nearly  Pop-up phishing: Can be dangerous,
identical copy of a legitimate email, even though most users install pop-
up blockers

Q) Steganography ->
Steganography is the practice of like Least Significant Bit (LSB)
concealing information within modification.
another file, message, image, or 2. Audio Steganography: Embedding
video, such that the presence of the secret data into sound files by
hidden information is not obvious. modifying subtle audio properties,
Unlike cryptography, which focuses such as frequency or amplitude.
on encrypting the message, 3. Video Steganography: Concealing
steganography hides the message in information within video files by
plain sight. The goal is to prevent modifying pixel frames or
anyone from noticing that there is embedding data in motion vectors.
any hidden information at all. 4. Text Steganography: Hiding data
Key Concepts: within text by altering formatting,
 Carrier File: The file in which the adding invisible characters, or
secret information is hidden (e.g., making changes that are hard to
image, audio, video). detect (e.g., spacing, font size).
 Payload: The actual secret message Use Cases:
or data being concealed.  Covert Communication: Secretly
 Embedding Method: The technique sending messages without raising
used to hide the secret data inside suspicion.
the carrier file without altering its  Watermarking: Embedding
appearance or usability. ownership or copyright information
Common Types of Steganography: within digital media to prove
1. Image Steganography: Hiding data authenticity.
within images by altering pixel  Data protection :
values, typically using techniques
 Q) Electronic data interchange ->
Electronic Data Interchange (EDI) is 4. Cost Savings: By eliminating paper-
the electronic exchange of business based processes and reducing
documents and data between manual input, EDI minimizes errors
organizations in a standardized and administrative costs.
format. It enables companies to send 5. Security: EDI provides secure
and receive information such as methods of transmitting business
purchase orders, invoices, shipping data, ensuring that sensitive
notices, and other business information is protected.
documents directly between their Common EDI Documents:
computer systems, without the need  Purchase Orders: Requesting
for manual intervention or paper- products or services.
based communication.  Invoices: Billing for goods or services
Key Features of EDI: rendered.
1. Standardization: EDI uses specific  Shipping Notices: Communicating
standards (such as ANSI X12, shipment details and tracking
EDIFACT) to ensure that the format information.
of the exchanged data is consistent  Payment Transactions: Facilitating
and interpretable by both parties. electronic payments.
2. Automation: The exchange of data is Benefits of EDI:
automated, allowing businesses to  Increased Accuracy: Fewer errors
communicate directly between their due to the elimination of manual
systems, reducing the need for data entry.
manual data entry.  Improved Efficiency: Streamlined
3. Speed and Efficiency: EDI reduces business processes and faster
processing times for transactions transaction times.
and eliminates delays associated
with postal mail or fax.

Q) E contract and its type ->

An e-contract (electronic contract) is transactions, e-commerce, and
a legally binding agreement that is digital services. They are enforceable
created, communicated, and by law, provided they meet the
executed in electronic form, without standard legal requirements of
the need for physical paperwork or contracts, such as offer, acceptance,
face-to-face interaction. E-contracts consideration, and mutual intent.
are widely used in online Key Elements of E-Contracts:
1. Offer and Acceptance: One party click an "agree" button. However,
offers terms, and the other accepts continued use of the website implies
electronically (e.g., clicking "I consent to the terms.
agree").  Example: Terms and conditions of a
2. Consideration: There must be website that users agree to simply
something of value exchanged by browsing the site.
between the parties. 3. Shrink-Wrap Contracts
3. Intention to Create Legal Relations:  Description: Traditionally used in
Both parties must have the intent to physical goods, shrink-wrap
form a legally binding agreement. contracts are agreements that are
4. Legal Capacity: Both parties must enclosed within the packaging of a
have the legal capacity to enter into product. By opening the package
a contract. (the shrink-wrap), the user is
Types of E-Contracts: considered to have accepted the
1. Click-Wrap Contracts terms.
 Description: In this type of contract,  How it Works: In the context of e-
the user must click a button (usually contracts, this concept is applied to
labeled "I Agree" or "Accept") to downloaded software, where the
accept the terms and conditions terms are agreed to before using the
presented online. software.
 How it Works: Commonly used in  Example: Software that comes with a
software installations, e-commerce, printed license inside the box or
and mobile app services. Users requires acceptance of terms upon
cannot proceed without agreeing to installation.
the terms. 4. E-Signature Contracts
 Example: Accepting the terms and  Description: These contracts involve
conditions of a software license the use of an electronic signature (e-
when installing a program. signature) to indicate acceptance of
2. Browse-Wrap Contracts terms. An e-signature can be a
 Description: In a browse-wrap scanned handwritten signature,
agreement, the user implicitly agrees typed name, or even a biometric
to the terms and conditions by using signature.
or browsing a website. The terms are  How it Works: E-signature contracts
usually available via a link at the are widely used in legal, real estate,
bottom of the page. and financial industries, where
 How it Works: Unlike click-wrap, formal agreements
users are not required to explicitly