Cyber Security Unit -5

1. Explain information security and cyber security.

2. What are the applications of cyber security?

3. Explain the impact it has on an organization in security breach.

4. Explain evils and perils of cyber threats for Organizations.

5. Explain how cookies impact data security and personal security.

6. Explain data vigilance and browse-fingerprinting – do these phenomena

threaten our online privacy?

7. Explain the security risks in social media marketing.

8. Explain the advantages and disadvantages of cyber security and how to

overcome the disadvantages.
9. Explain the importance of privacy of users in the organization.
10.Explain about social media marketing and privacy implications.
11.Explain about IPR issues.
12.Explain about Forensic practices.
1.Explain information security and cyber security.
Information security and cybersecurity are two interconnected fields that focus
on protecting information and information systems, but they have different
scopes and areas of focus.

Information Security

 Information security is the practice of protecting information and

information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction.

 It encompasses all forms of information, whether it's digital, physical

(like paper documents), or verbal.

Scope

Information security is a broad field. It focuses on maintaining the

confidentiality, integrity, and availability of data.

Confidentiality: Ensuring that information is accessible only to those

authorized to access it. This involves measures like encryption and access
controls.

Integrity: Maintaining the accuracy and completeness of information and

processing methods. This involves preventing data tampering and corruption.

Availability: Ensuring that information and systems are available when needed.
This includes measures to prevent or quickly recover from disruptions like
hardware failures or cyber-attacks.

Areas of Application:
Physical Security: Protecting physical assets, such as paper documents, server
rooms, and hardware.

Administrative Security: Implementing policies and procedures to manage

information security, such as training employees and setting data handling
protocols.

Technical Security: Using technology to protect digital data, such as firewalls,

antivirus software, and intrusion detection systems.

Cyber security

 Cybersecurity is a subset of information security that specifically focuses

on protecting digital data and information systems from cyber threats.
 It deals with the protection of networks, devices, programs, and data
from unauthorized access, attacks, damage, or theft.

Scope:

Network Security: Protecting the integrity and usability of networks and data.
This includes measures like firewalls, intrusion detection systems, and secure
network architecture.

Application Security: Ensuring software and applications are secure from cyber
threats. This includes practices like secure coding, patch management, and
vulnerability assessments.

Endpoint Security: Protecting devices that connect to networks, such as

computers, smartphones, and tablets. This involves using antivirus software,
endpoint detection and response (EDR) systems, and device encryption.
Data Security: Protecting digital data from unauthorized access and breaches.
This includes encryption, data masking, and secure data storage.

Threats:

Malware: Malicious software designed to damage or disrupt systems, such as

viruses, worms, and ransomware.

Phishing: Deceptive attempts to obtain sensitive information by pretending to

be a trustworthy entity.

Hacking: Unauthorized access to systems and data, often with malicious intent.

2.What are the applications of cyber security?

 Cyber security plays a vital role across all sectors that rely on digital
infrastructure. Its applications span industries, systems, and everyday
technology use.
 Here are some key applications of cyber security.

Data Protection and Privacy:

Personal Data: Ensuring the privacy and security of personal
information, such as social security numbers, medical records, and
financial information.
Corporate Data: Protecting sensitive business information, trade secrets,
and intellectual property.
Network Security:
 Securing internal networks of organizations to prevent unauthorized
access, data breaches, and other cyber threats.
  Protecting public and shared networks, such as those in airports and
coffee shops, from cyber threats.
Application Security:
 Implementing secure coding practices to avoid vulnerabilities in
software applications.
 Protecting web applications from attacks like SQL injection, cross-site
scripting (XSS), and distributed denial-of-service (DDoS).

Financial Sector Security:

 Safeguarding online banking systems and transactions to prevent
fraud and unauthorized access.
 Protecting trading platforms from cyber attacks that could disrupt
financial markets.
Healthcare Security:
 Protecting Electronic Health Records (EHRs)
 Securing medical devices.
 Preventing ransomware attacks on hospital systems.
Government and Defense:
 Protecting national defense systems, intelligence data, and other critical
government operations from cyber espionage and attacks.
 Securing government databases and public service applications to
ensure the continuity of services.

Cloud Security:
 Protecting data stored in cloud environments from unauthorized access
and breaches.
 Securing cloud-bascd applications and services from cyber threats.
E-Commerce
 Protecting customer data during purchases.
  Secure payment gateways.

Education
 Protecting student and faculty data.
 Preventing cyberbullying and unauthorized access.

3.Explain the impact it has on an organization in security breach.

A security breach, which is any unauthorized access to an organization's data or

systems, can have severe consequences across multiple areas.

Key Impacts

1.Financial Losses:
Direct Costs:
 Expenses related to restoring systems, recovering data, and repairing
damage.
 Costs associated with determining the cause and extent of the breach.
 Fines for non-compliance with data protection.
 Compensation to affected customers.
Indirect Costs:
 Loss of revenue due to disrupted operations and damaged customer
trust.
2. Reputational Damage:
 Customers lose confidence in the organization’s ability to protect their
data.
 Brand image takes a hit, potentially causing long-term loss of business.
 Media coverage often amplifies negative perception.
 Investors may become unwilling to invest in an organization with a
history of security breaches.
3. Legal Consequences:
 Organizations may face significant fines for violating data protection
regulations.
4. Operational Disruption
 Systems may need to be shut down for investigation and recovery.
 Business continuity can be affected, causing delays in services and supply
chains.
5. Loss Of Sensitive Data
 Proprietary data, trade secrets, or strategic plans can be stolen.
 If customer or employee information is leaked, it can lead to identity
theft or fraud.
6. Decline in Customer and Stakeholder Trust
 Customers may switch to more secure competitors.
 Partners and investors may reconsider their association with the
organization.
 Future sales and stock prices can be negatively impacted.
7. Increased Costs for Security Improvements
 Organizations need to invest heavily in cybersecurity technologies,
infrastructure, and personnel to prevent and mitigate data breaches.
 Continuous monitoring, threat detection, and regular security updates
are essential, requiring dedicated resources.

Conclusion
Security breaches can have a devastating impact on organizations, affecting
their financial stability, reputation, operations. Proactive cybersecurity
measures are crucial to prevent breaches.

4. Explain evils and perils of cyber threats for Organizations.

  Cyber threats cause significant dangers to organizations, impacting
their operations, finances, reputation, and overall security posture.
 Here are some of the primary evils and perils associated with cyber
threats for organizations:

Evils And Perils Of Cyber Threats For Organizations:

1.Financial Losses:
 Cybercriminals can directly steal funds through fraudulent transactions,
or by gaining access to financial accounts.
 Ransomware attacks encrypt an organization's data, demanding a
ransom payment for its release. Even if paid, there's no guarantee of
data recovery.
 Attacks like Distributed Denial of Service (DDoS) can shut down critical
systems and websites, leading to loss of revenue, productivity, and
potential contract breaches.
 Organizations incur significant expenses in incident response, system
recovery, data restoration, legal fees, and regulatory fines after a
cyberattack.

2. Reputational Damage:
 Cyber incidents can severely damage an organization's reputation.
Loss of customer trust can lead to decreased sales, loss of business,
and difficulty in acquiring new customers.
 Customers lose confidence in the organization’s ability to protect their
data.
 Brand image takes a hit, potentially causing long-term loss of business.
 Media coverage often amplifies negative perception.
  Investors may become unwilling to invest in an organization with a
history of security breaches.

3. Legal Consequences:
 Organizations may face significant fines for violating data protection
regulations.
4. Operational Disruption
 Cyber attacks can disrupt business operations, causing downtime and
loss of productivity.
 Systems may need to be shut down for investigation and recovery.
 Business continuity can be affected, causing delays in services and supply
chains.
5. Loss Of Sensitive Data
 Proprietary data, trade secrets, or strategic plans can be stolen.
 If customer or employee information is leaked, it can lead to identity
theft or fraud.
6. Decline in Customer and Stakeholder Trust
 Customers may switch to more secure competitors.
 Partners and investors may reconsider their association with the
organization.
 Future sales and stock prices can be negatively impacted.
7. Increased Costs for Security Improvements
 Organizations need to invest heavily in cybersecurity technologies,
infrastructure, and personnel to prevent and mitigate threats.
 Continuous monitoring, threat detection, and regular security updates
are essential, requiring dedicated resources.

Conclusion:
 The evils and perils of cyber threats for organizations can have severe
consequences.
 Proactive and robust cybersecurity measures are essential for the
survival and success of modern organizations.
5. Explain how cookies impact data security and personal security.
 Cookies, small text files that websites store on a user's computer, play a
crucial role in web functionality by remembering user preferences, login
information, and browsing history.
 However, they also have significant implications for data security and
personal security.

Impact on Data Security:

Cross-Site Scripting (XSS) Attacks

 Malicious scripts can exploit vulnerable websites and steal cookies.

 This gives attackers access to sensitive session or login data.

Session Hijacking:

 Some cookies store session information that helps maintain a user's login
state across pages or sessions.
 If an attacker gains access to a user's session cookie, they can access
their accounts without credentials.

Unencrypted Cookies:

 Cookies can potentially store sensitive information, such as user

identifiers, session tokens, and personal preferences.
 If not properly managed or encrypted, these cookies could be
susceptible to unauthorized access or theft, leading to data leakage and
potential security breaches.

Impact on Personal Security

Privacy Concerns:
  Cookies can track users' browsing behaviors, preferences, and activities
across different websites.
 This tracking can lead to privacy concerns as users might feel that their
online activities are being monitored without their permission.

Data Collection and Sharing:

 Many websites collect data via cookies without explicit user consent
or adequate transparency. Users may not be fully aware of what data
is being collected and how it is being used or shared.
 If companies that collect and store cookie data experience a data
breach, users' personal information can be exposed, leading to
potential identity theft and other malicious activities.
Lack of Control:
 Users often have limited control over the cookies that websites set on
their browsers.
 Although browsers provide options to manage cookies, many users
are not aware of these settings or how to use them effectively.

Mitigating Risks

 Ensure that your browser is up-to-date and has security features that
can block or manage cookies effectively.
 Use browser settings to manage cookie preferences, such as blocking
third-party cookies or deleting cookies after each session.
 Use incognito or private browsing modes to limit the persistence of
cookies and reduce tracking.

Conclusion
  while cookies are essential for the functionality and user experience
of the web, they also present significant data security and personal
security risks if not handled properly.
 Understanding these risks and implementing appropriate security
measures and privacy practices is crucial for both individuals and
organizations to protect sensitive information and maintain online
safety.

6.Explain data vigilance and browse-fingerprinting – do these phenomena

threaten our online privacy?

Data Vigilance

Data vigilance refers to the continuous monitoring, collection, and analysis

of user data often by organizations, advertisers, or tech platforms to predict
behavior, personalize content, or manage security.

How It Works:

 Information is gathered from various sources, such as social media,

online purchases, web browsing history, GPS data, and mobile app
usage.
 The collected data is analyzed to identify patterns, behaviors, and
trends.
 This analysis often involves sophisticated algorithms and big data
analytics.
 The insights gained from dataveillance are used for various
purposes, including targeted advertising, personalized content
delivery, risk assessment, and even law enforcement surveillance.
Privacy Threats:

 Constant surveillance makes anonymity nearly impossible.

 Data is often collected without user’s permission.

 Collected data can be misused by organizations or fall into the

hands of malicious actors, leading to identity theft, fraud, or other
malicious activities.

Browser Fingerprinting

 Browser fingerprinting is a technique used by websites to

uniquely identify and track users based on their browser and
device characteristics.
 Unlike cookies, which can be deleted or blocked, browser
fingerprints are more persistent and harder to avoid.
How It Works:

 Information about the user's browser and device is collected,

including screen resolution, installed plugins, time zone, language
settings, operating system, and browser version.
 Fingerprint Creation: This combination of characteristics creates a
unique "fingerprint" that can be used to track the user across
different websites and sessions.
 The fingerprint allows websites and third-party trackers to
recognize and follow users even if they delete cookies or use
private browsing modes .

Privacy Threats:
  Browser fingerprints are difficult to change or hide, making it
possible to track users across different sessions and devices
persistently.
 Just like with dataveillance, browser fingerprinting can be used to
build detailed profiles of users' online activities and preferences.
 Users may feel their privacy is invaded as they have little control
over how their fingerprints are collected and used.

Mitigating the Privacy Threats

 Use browsers with privacy protections.

 Install anti-tracking extensions.
 Regularly clear cookies and site data.
 Use VPNs to mask IP addresses.