TY CO,CM,IF-NIS

Unit 5: Network Security, Cyber Laws and Compliance Standards

Kerberos:
How Kerberos Works?
Step1: Authentication exchange: The client asks the authentication server for a ticket to the ticket-
granting server (TGS). The authentication server looks up the client in its database, then generates
a session key (SK1) for use between the client and the TGS. Kerberos encrypts the SK1 using the
client’s secret key. The authentication server also uses the TGS’s secret key (known only to the
authentication server and the TGS) to create and send the user a ticket-granting ticket (TGT).

Step 2: Ticket-granting service exchange: The client decrypts the message and recovers the session
key, then uses it to create an authenticator containing the user’s name, IP address and a time stamp.
The client sends this authenticator, along with the TGT, to the TGS, requesting access to the target
server. The TGS decrypts the TGT, and then uses the SK1 inside the TGT to decrypt the
authenticator. It verifies information in the authenticator, the ticket, the client’s network address
and the time stamp. If everything matches, it lets the request proceed. Then the TGS creates a new
session key (SK2) for the client and target server to use, encrypts it using SK1 and sends it to the
client. The TGS also sends a new ticket containing the client’s name, network address, a time
stamp and an expiration time for the ticket all encrypted with the target server’s secret key — and
the name of the server.

Page 1 of 23
 TY CO,CM,IF-NIS

Step 3: Client/server exchange: The client decrypts the message and gets the SK2. Finally ready
to approach the target server, the client creates a new authenticator encrypted with SK2. The client
sends the session ticket (already encrypted with the target server’s secret key) and the encrypted
authenticator. Because the authenticator contains plaintext encrypted with SK2, it proves that the
client knows the key. The encrypted time stamp prevents an eavesdropper from recording both the
ticket and authenticator replaying them later. The target server decrypts and checks the ticket,
authenticator, client address and time stamp. For applications that require two-way authentication,
the target server returns a message consisting of the time stamp plus 1, encrypted with SK2. This
proves to the client that the server actually knew its own secret key and thus could decrypt the
ticket and the authenticator.

Step 4: Secure communications: The target server knows that the client is who he claims to be,
and the two now share an encryption key for secure communications. Because only the client and
target server share this key, they can assume that a recent message encrypted in that key originated
with the other party.

IP Security: The IP packet contains data in text form. Hence such packets can be accessed, read
the contents & even exchange them. Higher level security such as SSL, HTTP SET etc can be used
to prevent such attacks. These protocols can enhance the protection mechanism. But then came the
requirement of securing the IP packets themselves so that dependency on higher level protocols
can be prevented. These higher level protocols can then be served as additional security measures.
Thus two level protection mechanisms can be implemented:
➢ First by offering security to the IP packets itself.
➢ Continue to implement the higher security mechanisms.
The Internet Architecture Board (IAB) reported that the Internet was a very open network & hence
needs better security measures in terms of authentication, integrity & confidentially. Hence IPV6
Page 2 of 23
 TY CO,CM,IF-NIS
or IPng where implemented. But till then IPv4 was devised to provide the required security
measures for the network.
The overall idea of IP Sec is to encrypt & seal the transport & application layer data during
transmission. It also provides integrity at the Internet layer.

Applications of IPSec: IPSec provides the capability to secure the communications across the
LAN, WAN networks. These include the following:
➢ Secure branch office connectivity over the Internet: A company can build a secure private
network over the Internet or over a public WAN. This enables a business to rely on Internet
& reduce its need for private networks, saving costs & network management overheads.
➢ Secure remote access over the Internet: An end user whose system is equipped with IP
security protocols can make a local call to an ISP & gain secure access to a company
network. This reduces the cost of the toll charges for traveling employees & telecommuters.
➢ Establishing extranet & intranet connectivity with partners: IPSec can be used to secure
communication with other organizations, ensuring authentication & confidentially &
providing a key exchange mechanism.
➢ Enhancing electronic commerce security: Even some web & electronic commerce
applications have built-in security protocols the use of IPSec enhances that security.

Use of IPSec: The following typical scenario of the IPSec is as shown as:

An organization maintains LAN’s at dispersed locations. Non secure IP traffic is conducted on

each LAN. For traffic offsite, through some sort of private or public WAN, IPSec protocols are
used. These protocols operate in the networking devices, such as a router or firewall, that connect
each LAN to the outside world. The IPSec networking device will typically encrypt & compress
all traffic going into the WAN; these operations are transparent to workstations & servers on the
LAN. Secure transmission is also possible with individual users who dial into the WAN. Such user
workstations must implement the IPSec protocols to provide security.

Benefits of IPSec: The advantages of IPSec are:

a) When IPSec is implemented in a firewall or router it provides strong security that can be
applied to all traffic crossing the perimeter. Traffic within a company or workgroup does
not incur the overhead of security-related processing.

Page 3 of 23
 TY CO,CM,IF-NIS
b) IPSec in a firewall is resistant to bypass if all traffic from the outside must use IP, & the
firewall is the only means of entrance from the Internet into the organization.
c) IPSec is below the transport layer & so is transparent to applications. There is no need to
change the software on a user or server system when IPSec is to be implemented in the
firewall or router.
d) IPSec can be transparent to the end users. There is no need to train users on security
mechanisms, issue keying material on per-user basis, or revoke keying material when users
leave the organizations.
e) IPSec can provide security for individual users if needed. This is useful for offsite workers
& for setting up a secure virtual sub network within an organization for sensitive
applications.

Internet Protocol Security (IPSec): - IPSEC actually consist of two separate protocols that
provide different levels of security protection.
• The IP Authentication Header (AH) protocol provides authentication and guarantees integrity
of IP datagram.
• The IP Encapsulating Security Payload (ESP) provides datagram encryption and
authentication.
The two protocols can be separated in two modes i.e. Transport mode & turned mode as follows:-
1) AH: The AH protocol adds an extra header to the datagram’s generated by the transmitting
computer right after the IP header in transport mode. The use of AH protocol filled in the IP
header identifies the AH protocol packet instead of transport layer protocol packet. AH header
authenticates the user for the data and also contains Integrity Check Value (ICV) that the
receiving computer uses to verify that incoming packets have not been altered.

Page 4 of 23
 TY CO,CM,IF-NIS

In tunnel mode AH protocol attaches AH header before the IP header which is preceded by outer
IP header indicating the tunnel.

2) ESP: ESP works by encapsulating the transport layer data. In each datagram using its own
header & trailer and by encrypting all of the data following the ESP header.

ESP auth field provides authentication & also contents ICV. In tunnel mode ESP encapsulate both
IP header & data encrypting extra IP header indicating the tunnel mode operation. AH & ESP can
be used separately or in combination, depending on the level & types of security desired. Both
work in the transport & tunnel mode of the IPSec protocols.

Page 5 of 23
 TY CO,CM,IF-NIS
Email Security: The e-mail security has become one of the most issue as most of the threats to
the network are through the internet which acts as a medium through which the mails are
transmitted. The three main email security protocols are:

❖ Privacy Enhanced Mail (PEM).

❖ Pretty Good privacy (PGP).
❖ Secure MIME (S/MIME).

Privacy Enhanced Mail (PEM): PEM is an email security standard adopted by Internet
Architecture Board (IAB) to provide secure email communication over the Internet. PEM was
developed by Internet Research Task Force (IRTF) & Privacy Security Research Group (PSRG).
PEM supports three main cryptographic functions of encryption, non-repudiation & message
Integrity.
PEM Working: PEM starts with a canonical conversion which is followed by digital signature then
by encryption & finally Base 64 encoding. PEM allows three security options when sending email
message as;
1. Signature only.
2. Signature & Base 64 encoding.
3. Signature, Encryption & Base 64 encoding.

Step 1: Conversion: The computers that are communicating over the Internet may be operating on
different architectures, or on different OS. Due to this it may happen that the same thing looks
different on this different computer. This creates problems when creating message digests. Hence
in PEM transforms each email message into an abstract, canonical representation. This means that
regardless of the architecture & OS of the sending & receiving computers the email message
always travels in a uniform, independent format.
Step 2: Digital Signature: This starts with creating a message digest of the email message using an
algorithm such as MD2 or MD5. This message digest is then encrypted with the sender’s private
key to form the sender’s digital signatures.

Step 3: Encryption: In this step the original email & the digital signature are encrypted together
with a symmetric key.

Step 4: Base 64 encoding: The Base 64 encoding process transforms arbitrary binary input into
printable character o/p. in this technique the binary input is processed in blocks of 3 octets. These
24 bits are considered to be made up of 4 sets each of 6 bits. Each set is mapped into an 8-bit o/p
character in this process using Base 64 encoding mapping table.

Pretty Good Privacy (PGP): Pretty Good Privacy (PGP) is a computer program that provides
cryptographic privacy and authentication. PGP is often used for signing, encrypting and decrypting
e-mails to increase the security of e-mail communications. PGP encryption uses public-key
cryptography and includes a system which binds the public keys to a user name and/or an e-mail
address.

PGP Working: In PGP, the sender of the message needs to include the identifier of the algorithm
used in message along with the value of the keys. PGP starts with a digital signature, which is
followed by compression then by encryption then by digital enveloping & finally by Base 64
encoding. PGP allows for four security options when sending an email message:

Page 6 of 23
 TY CO,CM,IF-NIS
1. Signature only.
2. Signature & Base 64 encoding only.
3. Signature, Encryption, Enveloping & Base 64 encoding.
The receiver has to perform these four steps in the reverse direction to retrieve the original plain
text email message:

Step 1: Digital Signature: This is typical process of digital signature. It consists of creation a
message digest of the email message using SHA-1 algorithm. The resulting message digest is then
encrypted with the sender’s private key. The result is the sender’s digital signature.

Step 2: Compression: This is an additional step in PGP. Here the i/p message as well as the digital
signature are compressed together to reduce the size of the final message that will be transmitted.
For this Lempel-Ziv algorithm is used. In this the algorithm looks for the repeated strings or words
& stores them in variables. It then replaces actual occurrence of the repeated word or string with a
pointer to the corresponding variable.

Step 3: Encryption: In this step the compressed output of step 2 are encrypted with a symmetric
key. For this generally the IDEA algorithm in the CFB mode is used.

Step 4: Digital Encoding: In this case, the symmetric key is used for encryption in step 3 is
encrypted with the receiver’s public key. The output of step 3 & 4 together form a digital envelope.

Step 5: Base 64 Encoding: The output of step 4 is Base 64 encoded.

S/MIME (Secure / Multipurpose Internet Mail Extensions): It is a standard for public key
encryption and signing of e-mail encapsulated in MIME.
S/MIME provides the following cryptographic security services for electronic messaging
applications: authentication, message integrity and non-repudiation of origin (using digital
signatures) and privacy and data security (using encryption).
S/MIME is a form of encryption that is included in several email clients by default (such as
Outlook Express and Mozilla Thunderbird) and relies on the use of a Certificate Authority to issue
a secure email certificate.
To use S/MIME, you get a certificate issued by one of these authorities that user should "install"
on computer. Once the other person has a copy of your Digital Signature, they are able to use their
S/MIME certificate to encrypt email to user. User need to have both the sender's certificate and
the recipient’s. Digital Signature on your computer in order to send encrypted email.

S/MIME functionalities:

Functionality Description
Enveloped data Consists of encrypted content of any type & the encryption key encrypted with
the receiver’s public key.
Signed Data Consists of a message digest encrypted with the sender’s private key. The
content & the digital signature are both base 64 encoded.
Clear-signed Similar to signed data. Only the digital signature is Base 64 encoded.
data
Signed & Signed only & enveloped only entities can be combined, so that the enveloped
enveloped data data can be signed, or the Signed/ Clear signed data can be enveloped.

Page 7 of 23
 TY CO,CM,IF-NIS

Public Key Infrastructure

Public key infrastructure or PKI is the governing body behind issuing digital certificates. It helps to protect
confidential data and gives unique identities to users and systems. Thus, it ensures security in
communications.
The public key infrastructure uses a pair of keys: the public key and the private key to achieve security.
The public keys are prone to attacks and thus an intact infrastructure is needed to maintain them.

Managing Keys in the Cryptosystem:

The security of a cryptosystem relies on its keys. Thus, it is important that we have a solid key management
system in place. The 3 main areas of key management are as follows:
• A cryptographic key is a piece of data that must be managed by secure administration.
• It involves managing the key life cycle which is as follows:

• Public key management further requires:

1. Keeping the private key secret: Only the owner of a private key is authorized to use a private
key. It should thus remain out of reach of any other person.
2. Assuring the public key: Public keys are in the open domain and can be publicly accessed.
When this extent of public accessibility, it becomes hard to know if a key is correct and what it
will be used for. The purpose of a public key must be explicitly defined.
PKI or public key infrastructure aims at achieving the assurance of public key.

Public Key Infrastructure:

Public key infrastructure affirms the usage of a public key. PKI identifies a public key along with its
purpose. It usually consists of the following components:
• A digital certificate also called a public key certificate
• Private Key tokens
• Registration authority
• Certification authority
• CMS or Certification management system

Page 8 of 23
 TY CO,CM,IF-NIS
Working on a PKI:
1) PKI and Encryption: The root of PKI involves the use of cryptography and encryption techniques.
Both symmetric and asymmetric encryption uses a public key. The challenge here is – “how do you
know that the public key belongs to the right person or to the person you think it belongs to?”. There
is always a risk of MITM(Man in the middle). This issue is resolved by a PKI using digital certificates.
It gives identities to keys in order to make the verification of owners easy and accurate.
2) Public Key Certificate or Digital Certificate: Digital certificates are issued to people and electronic
systems to uniquely identify them in the digital world. Here are a few noteworthy things about a digital
certificate. Digital certificates are also called X.509 certificates. This is because they are based on the
ITU standard X.509.
a) The Certification Authority (CA) stores the public key of a user along with other information about
the client in the digital certificate. The information is signed and a digital signature is also included
in the certificate.
b) The affirmation for the public key then thus be retrieved by validating the signature using the
public key of the Certification Authority.
3) Certifying Authorities: A CA issues and verifies certificates. This authority makes sure that the
information in a certificate is real and correct and it also digitally signs the certificate. A CA
or Certifying Authority performs these basic roles:
a) Generates the key pairs – This key pair generated by the CA can be either independent or in
collaboration with the client.
b) Issuing of the digital certificates – When the client successfully provides the right details about
his identity, the CA issues a certificate to the client. Then CA further signs this certificate digitally
so that no changes can be made to the information.
c) Publishing of certificates – The CA publishes the certificates so that the users can find them. They
can do this by either publishing them in an electronic telephone directory or by sending them out
to other people.
d) Verification of certificate – CA gives a public key that helps in verifying if the access attempt is
authorized or not.
e) Revocation – In case of suspicious behavior of a client or loss of trust in them, the CA has the
power to revoke the digital certificate.

Classes of a Digital Certificate:

A digital certificate can be divided into four broad categories. These are :
1) Class 1: These can be obtained by only providing the email address.
2) Class 2: These need more personal information.
3) Class 3: This first checks the identity of the person making a request.
4) Class 4: They are used by organizations and governments.

Process of creation of certificate:

The creation of a certificate takes place as follows:
1) Private and public keys are created.
2) CA requests identifying attributes of the owner of a private key.
3) Public key and attributes are encoded into a CSR or Certificate Signing Request.
4) Key owner signs that CSR to prove the possession of a private key.
5) CA signs the certificate after validation.

Page 9 of 23
 TY CO,CM,IF-NIS
Certificate Authority: Certificate Authority is an trusted agency that can issue digital certificates. It
establishes an association between the subject’s identity and a public key. The certificate’s public and
private key is stored separately. Certificate authority (CA) is an authority in a network that issues and
manages security credentials and public keys for message encryption. As part of a public key infrastructure
(PKI), a CA checks with a registration authority (RA) to verify information provided by the requestor of
a digital certificate. If the RA verifies the requestor's information, the CA can then issue a certificate.
Depending on the public key infrastructure implementation, the certificate includes the owner's public
key, the expiration date of the certificate, the owner's name, and other information about the public key
owner.
As the CA may be loaded with the tasks related to the digital certificates some of the tasks of the CA are
assigned to the Registration Authority [RA]. RA is an intermediate entity between the end users and the
CA. RA is mainly used for setting up communication between the end users and the CA but it cannot issue
certificates. RA provides the services:
a. Accepting and verifying registration information about new users.
b. Generating keys on behalf of the end users.
c. Accepting and authorizing requests for key backups and recovery.
d. Accepting and authorizing requests for certificate revocation.

Digital Certificate: Digital certificates are electronic files. Digital certificates are issued by a third party
Known as a Certification Authority
These third party certificate authorities have the responsibility to confirm the identity of the
certificate holder as well as provide assurance to the website visitors that the website is one that is
trustworthy and capable of serving them in a trustworthy manner. Digital certificates have two
basic functions:
➢ The first is to certify that the people, the website, and the network resources such as servers
and routers are reliable sources, in other words, who or what they claim to be.
➢ The second function is to provide protection for the data exchanged from the visitor and
the website from tampering or even theft, such as credit card information.
A digital certificate contains the name of the organization or individual, the business address,
digital signature, public key, serial number, and expiration date. When user is online and user’s
web browser attempts to secure a connection, the digital certificate issued for that website is
checked by the web browser to be sure that all is well and that user can browse securely. The web
browser basically has a built in list of all the main certification authorities and their public keys
and uses that information to decrypt the digital signature. This allows the browser to quickly check
for problems, abnormalities, and if everything checks out the secure connection is enabled. When
the browser finds an expired certificate or mismatched information, a dialog box will pop up with
an alert.

Page 10 of 23
 TY CO,CM,IF-NIS
Contents of digital certificate/ Format of X.509 Certificate:

Version Version number specifies the format and the fields that are available
which identifies the X.509 standard that was used to create a certificate.
Certificate serial number Unique number that identifies that the certificate issued by CA.
Signature algorithm Indicates that algorithm that is used to digitally sign the certificate.
Issuer name Used to identify the CA that issued and signed the certificate.
Validity Indicates the date through which the certificates are valid.
Subject name Specifies the owner.
Subject PKI It contains the public key that bounds to the certificate subject and also
identifies the algorithm used to create the public/private key.
Issuer Unique identifier
Subject Unique identifier
Extensions Allows additional data to be encoded into the certificate to expand
certificates functionality.

Steps for obtaining Digital Certificates: The creation of digital certificate consists of various
steps:
a. Key Generation: The action starts with an user/organisation who wants to obtain a
certificate. The user can create a private or public key using software which is a part of the
web browser or web server. The user keeps the private key as secret & sends the public
key to the RA along with his information.
b. Registration: After sending the public key and associated information to the RA then the
software provides a wizard in which the user enters all the data and submits it to the RA
through the n/w.after this the user gets a request identifier for tracking the progress of the
certifiacte request.
c. Verification: After the registration is complete then the RA verifies the user’s information
and then verifies that actually requests for the certificate possess the private key. This
checking is known as Proof of Possession [POP] of the private key.
d. Certificate Creation: After all this steps are successful then the RA submits the information
to the CA. the CA again verifies the user’s information and then creates the digital
certificate according to the X.509 standard format. The CA sends the certificate to the user
and also retains a copy of that for record.

Steps for verifying Authenticity and Integrity of the certificate: After receiving the Digital
certificate of the user the verification of a certificate involves the following steps:
a. The user passes all fields except the last one of the received digital certificate to a message
digest algorithm which is same as that used by CA. The algorithm used by CA is already
mentioned by the CA in the certificate.
b. The message digest algorithm calculates a message digest (hash) of all fields of the
certificates.
c. The user extracts the digital signature of the CA from the certificate.
d. The user de-signs the CA’s signature i.e. user decrypts the signature with the CA’s public
key.
e. This produces another message digest which is same as that produced while the CA signing
the certificate.

Page 11 of 23
 TY CO,CM,IF-NIS
f. The user compares the message digest that it has calculated in step 2 with the message
digest obtained after de-signing the CA’s signature.
g. If the signature matches the user is convinced that the digital certificate is indeed signed
by the CA otherwise user will reject the certificate.

Cybercrime:
Cybercrime encompasses a wide range of illegal activities carried out using technology,
particularly the internet. It's a global issue that affects individuals, businesses, and governments
alike. Here's an overview of three common types of cybercrime: hacking, digital forgery, and
cyberstalking.

Hacking
Hacking involves unauthorized access to or manipulation of computer systems, networks, or data.
It can range from benign intentions, like finding vulnerabilities in a system to improve its security,
to malicious activities, such as stealing sensitive information, launching denial-of-service attacks,
or installing malware.
• Motivations: Hacking can be motivated by financial gain, espionage, personal challenge,
or even activism (hacktivism).
• Prevention: Preventative measures include strong, regularly updated passwords, using
firewalls and antivirus software, regular software updates, and educating users about
phishing and other common attack vectors.

Digital Forgery
Digital forgery involves the creation or alteration of digital documents and images with the intent
to deceive. This can range from the falsification of financial documents and contracts to the
manipulation of digital images and videos (deepfakes).
• Impact: Digital forgery can lead to financial fraud, damage to personal reputations, or even
influence public opinion and political processes.
• Detection and Prevention: Methods to combat digital forgery include digital
watermarking, forensic analysis, and the use of blockchain and other technologies to verify
the authenticity of digital documents.

Cyberstalking
Cyberstalking is the use of the internet or other electronic means to stalk or harass an individual,
group, or organization. It may include the monitoring, threatening, or gathering information about
the target in a manner that causes fear or distress.
• Forms: It can take many forms, including unwanted emails or messages, posting false
information online, or even using GPS technology to track the victim's location.
• Legal Response: Many countries have laws specifically addressing cyberstalking,
recognizing it as a serious criminal offense. Victims are encouraged to keep records of the
harassment and report it to the authorities.

Identity theft and fraud:

Identity theft and fraud involve the unauthorized use of another person’s personal information for
illicit financial gain, to commit fraud, or deceive. These crimes are prevalent in the digital age,
where personal data is often stored online and can be vulnerable to breaches. Understanding the
mechanisms, impacts, and prevention strategies is crucial for individuals and organizations alike.

Page 12 of 23
 TY CO,CM,IF-NIS
Mechanisms of Identity Theft and Fraud
1. Phishing: Fraudsters use fake emails or websites to trick victims into providing personal
information, such as passwords and credit card numbers.
2. Data Breaches: Hackers break into databases to steal personal data on a large scale,
affecting millions of people at a time.
3. Social Engineering: Scammers use psychological manipulation to trick individuals into
handing over personal information or money.
4. Malware and Spyware: Malicious software is installed on victims’ devices without their
knowledge to steal personal information.
5. Physical Theft: Stealing wallets, mail, or documents from individuals to gain access to
personal information.

Impacts of Identity Theft and Fraud

• Financial Loss: Victims may suffer direct financial loss through unauthorized transactions,
loans taken out in their name, or their savings being stolen.
• Credit Damage: Unauthorized activities can negatively impact a victim’s credit score,
affecting their ability to get loans or mortgages.
• Legal Issues: Victims may face legal problems if their stolen identity is used to commit
crimes.
• Emotional Stress: Dealing with identity theft can be a stressful and time-consuming
process, leading to emotional distress.

Prevention Strategies
1. Secure Personal Information: Keep personal and financial documents in a safe place. Shred
documents with personal information before disposing of them.
2. Use Strong, Unique Passwords: For online accounts, use strong, unique passwords and
enable two-factor authentication where possible.
3. Beware of Phishing Attempts: Be cautious with emails, messages, or calls asking for
personal information. Verify the source before responding.
4. Monitor Financial Statements: Regularly check bank statements and credit reports for
unauthorized transactions or accounts.
5. Secure Devices: Use security software on computers and mobile devices, and keep them
updated to protect against malware and hacking attempts.
6. Educate Yourself: Stay informed about the latest scams and threats, and know what to do
if you suspect you’re a victim of identity theft.

What to Do If You’re a Victim

1. Report to Financial Institutions: Immediately contact your bank and credit card issuers to
report the theft and protect your accounts.
2. File a Report with Relevant Authorities: This may include the police, national fraud
reporting centers, and credit reporting agencies.
3. Change Passwords and Secure Accounts: Change passwords for all online accounts and
ensure they are secure against further attacks.
4. Place a Fraud Alert or Credit Freeze: Contact credit reporting agencies to place a fraud
alert or credit freeze on your account to prevent further misuse of your credit.

Page 13 of 23
 TY CO,CM,IF-NIS

Cyber terrorism:
Cyber terrorism refers to the use of the internet and digital technologies to conduct, or threaten to
conduct, terrorist activities. These activities aim to intimidate or coerce a government, civilian
population, or any segment thereof, in furtherance of political or social objectives. Cyber terrorism
can involve a wide range of activities, including but not limited to, attacks on information systems,
hacking, spreading malware, and disseminating propaganda and fear through social media
platforms. Here's an in-depth look at cyber terrorism:

Key Characteristics
• Targeted Attacks: Cyber terrorists may target critical infrastructure, such as power grids,
water supply systems, transportation networks, and financial services, aiming to cause
widespread disruption, economic damage, or loss of life.
• Propaganda: The internet can be used to spread extremist ideologies, recruit members, and
incite violence. Online platforms can amplify the reach and impact of terrorist propaganda.
• Information Warfare: Cyber terrorism can involve the theft and manipulation of
information to undermine trust in governments or institutions, influence political processes,
or sway public opinion.

Methods of Cyber Terrorism

1. Denial of Service (DoS) Attacks: Overloading servers to shut down websites or services,
often targeting government or news websites to suppress information or cause panic.
2. Data Breaches: Stealing sensitive information from government agencies, corporations, or
individuals to expose secrets, undermine security, or for financial gain.
3. Malware Attacks: Distributing malicious software designed to disrupt, damage, or gain
unauthorized access to computer systems.
4. Ransomware: Encrypting data or systems and demanding ransom for their release, which
can be used to fund terrorist activities or simply disrupt critical services.

Impact of Cyber Terrorism

• Economic Damage: Attacks on financial services or critical infrastructure can lead to
significant economic losses.
• Psychological Impact: The threat or execution of cyber attacks can instill fear and
uncertainty in the general population, affecting national morale and security.
• Political and Social Destabilization: Cyber terrorism can undermine trust in government
institutions, influence elections, and exacerbate social divisions.

Combating Cyber Terrorism

• International Cooperation: Given the borderless nature of the internet, international
collaboration is essential to prevent and respond to cyber terrorism.
• Legislation and Regulation: Updating legal frameworks to address the evolving threat of
cyber terrorism, including measures to improve cybersecurity standards and reporting.
• Public-Private Partnerships: Cooperation between governments and the private sector,
particularly tech companies, is crucial for sharing intelligence, improving security
measures, and combating online propaganda.
• Education and Awareness: Raising awareness about cyber threats among the public and
within organizations can help prevent successful attacks.

Page 14 of 23
 TY CO,CM,IF-NIS
Challenges
• Anonymity of the Internet: The ability to conceal one's identity online makes it difficult to
attribute cyber attacks to specific groups or individuals.
• Rapidly Evolving Technology: The fast pace of technological change can outstrip legal
and security measures, providing terrorists with new tools and methods for attack.

Cyber defamation:
Cyber defamation refers to the act of damaging someone's reputation by publishing false or
malicious statements about them on the internet. This can occur through various digital channels,
including social media platforms, blogs, forums, and websites. Unlike traditional defamation,
which might be limited in its reach, cyber defamation has the potential to spread quickly and
widely, impacting a much larger audience and causing significant harm to the victim's reputation,
personal life, and professional opportunities.

Characteristics of Cyber Defamation

• Anonymity: Perpetrators often take advantage of the anonymity afforded by the internet to
post defamatory content without revealing their true identity.
• Virality: The internet's interconnected nature can make defamatory statements go viral,
reaching a global audience in a matter of hours or even minutes.
• Permanence: Once information is published online, it can be challenging to remove
completely, potentially causing long-lasting or permanent damage to a person's reputation.

Forms of Cyber Defamation

1. Libel: In the context of cyber defamation, libel involves publishing defamatory written
content online. This includes text posts, comments, blogs, and any other form of written
communication on the internet.
2. Slander: While traditionally referring to spoken defamation, in the digital world, slander
can involve spoken words in videos or audio recordings shared online.

Legal Frameworks
Many countries have legal frameworks in place to address cyber defamation, often extending
traditional defamation laws to include digital communications. Victims may seek legal remedies,
including:
• Cease and Desist Orders: Legal demands for the perpetrator to stop the defamatory activity
and remove the content.
• Retractions and Apologies: Public retractions of false statements and apologies to the
victim.
• Monetary Compensation: Financial damages awarded to the victim for harm to their
reputation and emotional distress.

Challenges in Combating Cyber Defamation

• Jurisdictional Issues: The global nature of the internet means that defamatory content may
be hosted in a different country from where the victim resides, complicating legal
proceedings.
• Identification of Perpetrators: Anonymity tools and the use of fake identities can make it
difficult to identify and prosecute those responsible for cyber defamation.
• Balancing Free Speech: Efforts to combat cyber defamation must balance the right to free
speech with protection against harm to reputation, leading to legal and ethical complexities.

Page 15 of 23
 TY CO,CM,IF-NIS

Prevention and Response

• Digital Literacy: Educating individuals about the potential consequences of their online
actions and the importance of respectful communication.
• Online Reputation Management: Monitoring the internet for defamatory content and using
legal and technological tools to address and remove it.
• Legal Action: Pursuing legal avenues to remove defamatory content and hold perpetrators
accountable can be an effective response, though it may not always be feasible for all
victims.
Cyber defamation represents a significant challenge in the digital age, requiring a nuanced
approach that includes legal, technological, and educational strategies to protect individuals'
reputations while respecting freedom of expression.

Addressing Cybercrime
Combating these and other forms of cybercrime requires a multifaceted approach:
• Legal Measures: Strong legal frameworks and international cooperation are essential to
prosecute cybercrimes effectively.
• Technical Measures: Ongoing development of cybersecurity technologies and practices
is critical to defend against cyber threats.
• Education and Awareness: Educating the public and organizations about cyber risks and
prevention strategies is key to reducing the impact of cybercrime.
The fight against cybercrime is ongoing and evolving, as new technologies and methodologies
emerge on both sides of the law. It requires the combined efforts of individuals, organizations, and
governments worldwide to protect privacy, security, and trust in the digital age.

Cyber laws: Introduction, Need Categories: Crime against individual, Government property
Introduction to Cyber Laws
Cyber laws encompass a wide range of legal issues related to the internet and digital technology.
These laws cover everything from intellectual property rights, privacy, and freedom of expression
to cybercrime, data protection, and electronic commerce. As the internet transcends national
borders, the development and enforcement of cyber laws often require international cooperation.
Cyber laws refer to the legal principles and regulations governing the use of the internet and digital
communications. They are designed to address the challenges and issues that arise in the rapidly
evolving digital landscape. The introduction of cyber laws marks a critical step towards creating a
safe and secure online environment, ensuring that users' rights are protected while maintaining the
internet as an open and free space for expression and innovation

Need for Cyber Laws

The necessity for cyber laws stems from the unique challenges posed by the digital world.
Traditional legal frameworks were not designed with the internet in mind, leading to gaps in
legislation that could be exploited for malicious purposes. Key reasons for the need for cyber laws
include:
• Protection against Cybercrime: To safeguard individuals and organizations from crimes
such as hacking, identity theft, phishing, and cyberstalking.
• Data Privacy and Security: To ensure the protection of personal and sensitive data against
unauthorized access and breaches.
• Regulation of E-commerce: To provide a legal framework for online transactions,
protecting both consumers and businesses.

Page 16 of 23
 TY CO,CM,IF-NIS
• Intellectual Property Rights: To protect digital content, including software, digital media,
and online publications, from piracy and unauthorized use.
• Prevention of Cyber Terrorism: To combat and prevent attacks on national infrastructure
and to address the spread of extremist content online.

Categories of Cyber Laws

Cyber laws can be broadly categorized based on the nature of the protection they offer or the type
of cyber activities they regulate. Two primary categories include:

1. Crime Against Individuals

This category covers laws aimed at protecting individuals from online harassment, identity theft,
privacy breaches, and other forms of cybercrime that directly affect a person's security and well-
being. Specific crimes include:
• Cyberstalking and Harassment: Using the internet to stalk or harass individuals.
• Identity Theft: Stealing personal information to impersonate someone or commit fraud.
• Phishing: Fraudulently obtaining sensitive information by posing as a trustworthy entity.
• Online Fraud and Scams: Deceiving individuals to gain financially or personally.

2. Crime Against Government and Property

This category encompasses cybercrimes targeting government institutions or involving the
unauthorized access and damage to digital assets and intellectual property. Crimes include:
• Cyber Terrorism: Attacking national infrastructure or spreading propaganda and fear
through digital means.
• Hacking Government Systems: Unauthorized access to government databases and
systems for espionage or sabotage.
• Intellectual Property Theft: Stealing or using copyrighted digital content without
authorization.
• Damaging Electronic Data: Introducing malware or viruses that damage or disrupt digital
infrastructure.

Compliance standards: Implementing and Information security management system, ISO

27001, ISO 20000, BS 25999:
Compliance standards are essential frameworks that guide organizations in managing and
protecting information assets. Implementing an Information Security Management System (ISMS)
in accordance with recognized standards like ISO 27001, ISO 20000, and BS 25999 ensures that
organizations have robust systems in place to mitigate risks, protect customer data, and ensure
business continuity. Here’s a look at these standards and their importance in establishing and
maintaining information security.

ISO 27001 - Information Security Management System (ISMS)

ISO 27001 is the leading international standard focused on information security management. It
provides a systematic approach for managing sensitive company information so that it remains
secure. It includes people, processes, and IT systems by applying a risk management process.
• Implementation: To implement ISO 27001, an organization needs to establish,
implement, maintain, and continuously improve an ISMS. This involves assessing the
organization's information security risks, including threats, vulnerabilities, and impacts;
designing and implementing a comprehensive set of information security controls and other

Page 17 of 23
 TY CO,CM,IF-NIS
forms of risk management to address those risks; and adopting an overarching management
process to ensure that the information security controls meet the organization’s information
security needs on an ongoing basis.
• Benefits: Implementing ISO 27001 helps in protecting confidential data, ensures integrity
of business data and IT systems, and can significantly reduce the risk of security breaches.
It also boosts customer and stakeholder confidence.

ISO 20000 - Service Management

ISO 20000 is recognized as the first international standard for service management. It specifies
requirements for the service provider to plan, establish, implement, operate, monitor, review,
maintain, and improve an SMS (Service Management System). The requirements include the
design, transition, delivery, and improvement of services to fulfill agreed service requirements.
• Implementation: Implementing ISO 20000 involves defining the scope of the SMS,
planning and transitioning new or changed services, implementing service management
processes, and preparing for emergencies and incidents. Organizations must also ensure
continual improvement of services and the management system itself.
• Benefits: It leads to increased efficiency in service delivery, enhanced customer
satisfaction by meeting service requirements, and continuous improvement through well-
defined and managed processes.

BS 25999 - Business Continuity Management

BS 25999 was a British standard providing a basis for understanding, developing, and
implementing business continuity within an organization. It has since been superseded by ISO
22301, the international standard for Business Continuity Management Systems.
• Implementation: While BS 25999 is obsolete and replaced by ISO 22301, the approach
remains relevant. Organizations should conduct business impact analysis and risk
assessment, develop business continuity strategies, and establish, implement and maintain
a documented business continuity management system.
• Benefits: Implementation ensures that the organization is better prepared for disasters or
disruptions, minimizing the impact on business operations. It enhances resilience and the
ability to recover from incidents.
Implementing Compliance Standards
Implementing these standards requires a strategic approach:
1. Commitment from Top Management: Secure backing from senior management.
2. Understand Requirements: Thoroughly understand the specific standards and their
requirements.
3. Gap Analysis: Conduct a gap analysis to identify where your organization currently stands
in relation to the standard’s requirements.
4. Plan: Develop an implementation plan based on the gap analysis.
5. Educate and Train: Educate and train employees about the standard and its implications
for their work.
6. Document Processes: Document processes, policies, and procedures required by the
standard.
7. Implement Changes: Implement necessary changes to processes and IT systems.
8. Conduct Internal Audits: Conduct internal audits to ensure compliance.
9. Continual Improvement: Use the results from monitoring and measurement to identify
opportunities for continual improvement.

Page 18 of 23
 TY CO,CM,IF-NIS
Adherence to these standards not only helps in protecting an organization from security threats but
also demonstrates a commitment to information security to customers, partners, and stakeholders.

Payment Card Industry Data Security Standard (PCI DSS):

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards
designed to ensure that all companies that accept, process, store, or transmit credit card information
maintain a secure environment. Essentially, PCI DSS applies to any organization, regardless of
size or number of transactions, that accepts, transmits, or stores any cardholder data. The main
purpose is to reduce the risk of debit and credit card data breaches. It is a global standard and
applies to all businesses that deal with cardholder data from major credit card companies.
Key Requirements of PCI DSS
PCI DSS comprises 12 main requirements, which are further divided into numerous sub-
requirements and testing procedures. These requirements are categorized into six objectives:
1. Build and Maintain a Secure Network and Systems
• Install and maintain a firewall configuration to protect cardholder data.
• Do not use vendor-supplied defaults for system passwords and other security
parameters.
2. Protect Cardholder Data
• Protect stored cardholder data.
• Encrypt transmission of cardholder data across open, public networks.
3. Maintain a Vulnerability Management Program
• Protect all systems against malware and regularly update antivirus software or
programs.
• Develop and maintain secure systems and applications.
4. Implement Strong Access Control Measures
• Restrict access to cardholder data by business need to know.
• Identify and authenticate access to system components.
• Restrict physical access to cardholder data.
5. Regularly Monitor and Test Networks
• Track and monitor all access to network resources and cardholder data.
• Regularly test security systems and processes.
6. Maintain an Information Security Policy
• Maintain a policy that addresses information security for all personnel.

Implementing PCI DSS

Implementing PCI DSS can be challenging, but it's essential for any business that handles credit
card information. Here are some steps to help ensure compliance:
1. Scope Determination: Identify all systems and processes that handle cardholder data to
understand the scope of compliance efforts.
2. Gap Analysis: Perform a gap analysis to identify the current state of compliance versus
the PCI DSS requirements.
3. Remediation: Address the gaps by implementing necessary controls and procedures to
meet PCI DSS standards.
4. Documentation: Maintain detailed documentation of compliance efforts, including
policies, procedures, and technical measures implemented.
5. Regular Testing: Conduct regular testing of security systems and processes to ensure
ongoing compliance and identify any vulnerabilities.

Page 19 of 23
 TY CO,CM,IF-NIS
6. Training: Provide regular training to employees on data security and compliance
requirements.

Benefits of PCI DSS Compliance

• Reduced Risk of Data Breaches: Compliance helps in significantly reducing the risk of
data breaches and the associated financial and reputational damage.
• Customer Trust: Demonstrating compliance can enhance customers' trust in your
business, knowing their data is handled securely.
• Avoidance of Fines: Non-compliance can result in hefty fines from credit card companies
and banks.

Challenges
• Maintaining Compliance: Continuous effort is needed to maintain compliance as
technology and threats evolve.
• Cost: Implementing the necessary controls and processes can be costly, especially for small
to medium-sized enterprises (SMEs).
PCI DSS is not just a set of rules but a comprehensive approach to security, designed to protect
businesses and their customers from the ever-present threat of data theft and fraud.

IT Infrastructure Library (ITIL) framework:

The IT Infrastructure Library (ITIL) framework is a set of best practices for IT service management
(ITSM) that aims to align IT services with the needs of businesses. ITIL outlines processes,
procedures, tasks, and checklists which are not organization-specific, but can be applied by an
organization for establishing integration with the organization's strategy, delivering value, and
maintaining a minimum level of competency. It allows the organization to establish a baseline
from which it can plan, implement, and measure. It is used to demonstrate compliance and to
measure improvement.

Core Components of ITIL

ITIL V3, one of the most widely adopted versions, organizes ITIL into five core volumes, each
covering a different ITSM lifecycle stage:
1. Service Strategy: This involves designing, developing, and implementing service
management as a strategic asset. Key aspects include service portfolio management,
demand management, financial management, and business relationship management.

Page 20 of 23
 TY CO,CM,IF-NIS
2. Service Design: Focuses on designing new IT services and making changes and
improvements to existing ones. This includes service catalogue management, service level
management, availability management, capacity management, and information security
management.
3. Service Transition: Covers the development and improvement of capabilities for
transitioning new and changed services into live service operation. This includes change
management, knowledge management, release and deployment management, and service
asset and configuration management.
4. Service Operation: Emphasizes the practices necessary for managing IT services on a day-
to-day basis and managing the technology needed to deliver and support services. This
includes event management, incident management, request fulfillment, problem
management, and access management.
5. Continual Service Improvement (CSI): Aims to improve services and processes across
the ITIL service lifecycle. This involves the 7-step improvement process which guides the
measurement and improvement of service quality and efficiency.

ITIL 4 Update
ITIL 4, the latest evolution of the framework, was introduced to further adapt ITIL for the modern
digital world. ITIL 4 retains the core essence of ITIL but updates the framework to accommodate
new ways of working like Agile, DevOps, and Lean IT. ITIL 4 emphasizes the importance of
collaboration, transparency, automating where appropriate, and working holistically. It introduces
the concept of the Service Value System (SVS) and four dimensions of service management:
1. Organizations and People
2. Information and Technology
3. Partners and Suppliers
4. Value Streams and Processes

Benefits of Implementing ITIL

• Improved IT Services: By aligning IT services with business needs, ITIL helps
organizations deliver and support valuable services.
• Enhanced Customer Satisfaction: Through more professional service delivery, ITIL
enhances customer satisfaction.
• Increased Productivity: ITIL improves productivity by establishing clear processes and
responsibilities.
• Greater Visibility of IT Costs and Assets: ITIL provides frameworks for financial
management, helping organizations understand the costs of service delivery.
• Better Risk Management: By providing frameworks for risk assessment and
management, ITIL helps organizations manage and mitigate risks more effectively.

Certification
ITIL offers a comprehensive certification scheme, ranging from Foundation level, providing a
general awareness of key elements, concepts, and terminology, to Master level, which validates an
individual's ability to apply ITIL principles in the real world. The ITIL certifications are globally
recognized and highly valued in the IT industry.
Adopting ITIL can significantly improve an organization's IT service management capabilities,
ensuring that IT services are aligned with business goals and delivered efficiently and effectively.

Page 21 of 23
 TY CO,CM,IF-NIS
Control Objectives for Information and related Technology (COBIT) framework
The Control Objectives for Information and related Technology (COBIT) framework is a
comprehensive IT management framework developed by ISACA (Information Systems Audit and
Control Association) to help businesses manage and govern their information technology.
Originally developed for IT auditors, COBIT has evolved into a robust IT governance and
management framework used by managers, auditors, and IT professionals to bridge the gap
between control requirements, technical issues, and business risks.

Key Components of COBIT

COBIT provides an end-to-end business view of the governance of enterprise IT that reflects the
central role of information and technology in creating value for enterprises. The key components
of the COBIT framework include:
• Processes: COBIT describes a set of generic processes for the management of IT, with
each process defined together with process inputs and outputs, key process activities,
process objectives, performance measures, and an elementary maturity model.
• Control Objectives: For each IT process, COBIT defines control objectives that help
ensure effective governance and management of IT.
• Management Guidelines: COBIT provides a set of management guidelines that include
maturity models, metrics, and critical success factors for managing IT processes.
• Frameworks and Models: COBIT integrates and aligns with other standards and
frameworks, such as ITIL and ISO/IEC 27001, providing a comprehensive approach to IT
governance and management.

COBIT Framework Versions

Over the years, COBIT has been updated to align with the evolving IT landscape. The most recent
version, COBIT 2019, builds on the principles and models of its predecessor, COBIT 5, by
introducing new concepts and addressing the latest trends in technology and business, including
areas like cybersecurity, data privacy, and information governance.

Principles of COBIT
COBIT is based on a set of guiding principles for governance and management of enterprise IT:

1. Meeting Stakeholder Needs: COBIT focuses on ensuring that the enterprise IT framework
meets the needs of stakeholders.

Page 22 of 23
 TY CO,CM,IF-NIS
2. Covering the Enterprise End-to-end: It applies to all aspects of IT within the enterprise.
3. Applying a Single, Integrated Framework: COBIT integrates with other standards and
frameworks to provide a comprehensive approach.
4. Enabling a Holistic Approach: The framework addresses all aspects of IT governance
and management.
5. Separating Governance from Management: COBIT clearly distinguishes between
governance (direction setting and monitoring) and management (planning, building,
running, and monitoring).

Benefits of Implementing COBIT

• Improved IT Governance: COBIT helps organizations ensure that IT is aligned with
business goals and delivers value through its investment in IT.
• Risk Management: By providing a framework for IT risk management, COBIT helps
organizations identify, manage, and mitigate IT-related risks.
• Compliance: COBIT assists organizations in meeting regulatory and statutory compliance
requirements related to IT.
• Enhanced Efficiency: The framework helps optimize IT operations, improving efficiency
and effectiveness in IT process management.
• Strategic Alignment: COBIT ensures that IT processes and strategies are aligned with the
organization's overall goals and strategies.

Certification and Training

ISACA offers certification and training for professionals seeking to demonstrate their expertise in
COBIT. These certifications are valuable for IT managers, auditors, and consultants who are
involved in the governance, management, and operation of IT within an organization.
The COBIT framework provides a robust and comprehensive approach to IT governance and
management, helping organizations ensure that their IT systems are effective, efficient, and aligned
with business objectives.

Page 23 of 23