Document (5) (2)
Document (5) (2)
- Align with established frameworks like NIST Cybersecurity Framework, ISO 27001,
or COBIT for comprehensive planning.
- Define roles and responsibilities for cybersecurity and disaster recovery teams.
- Develop a detailed IRP outlining steps to detect, contain, mitigate, and recover from
cyber incidents.
- Ensure essential business functions can continue during and after a cyber disaster.
7. Secure IT Infrastructure:-
- Understand and comply with relevant laws, regulations, and industry standards
(e.g., GDPR, HIPAA, or CCPA).
- Conduct regular tabletop exercises and simulations to test the effectiveness of the
cyber disaster plan.
- Perform a thorough review after a cyber incident to understand what went wrong.
- Update the cyber disaster plan based on lessons learned to prevent similar
incidents in the future.
Cyber disaster planning is a continuous process that evolves as new threats emerge. It
ensures organizations can minimize the impact of cyber incidents and maintain
resilience in the face of evolving challenges.
Q.Discuss the concept of information security briefly and explain its main principles ?
The term information security can be defined as the way of protecting information
systems and the information stored in it from the unauthorized access, use,
modification, disclosure, or disruption.
Integrity refers to the assurance that information is trustworthy, accurate and genuine.
It protects information from unauthorized modification. Availability means only
authorized users should be able to access the information whenever needed. It
ensures the timely access to data whenever it is needed by the authorized users.
1. Confidentiality
2. Integrity
3. Availability
1.Confidentiality :-The property of the system which ensures that the unauthorized
systems and individuals are unable to access the information is known as
confidentiality. This ensures that someone who is not authorized to access the system
is unable to view the information.
Thus, confidentiality is a necessary property but not sufficient alone to ensure the
privacy of person whose information is stored in computer systems.
2.Integrity :-Integrity is the property of information security that prevents modification
of information by an unauthorized person or system. If an employee deletes an
important file accidently or intentionally, then violation of integrity takes place.
3.Availability :-According to this principle, for any information system to serve its
purpose, the information must be available when it is needed. This ensures the
correct and smooth operation of the computers and networks and sees that the
needed information can be accessed by the authorized users. If the users are unable
to access the system, then it becomes impossible to assess the integrity and
confidentiality aspect.
It is necessary that information system must be available to the users, to serve its
purpose and it is also necessary to ensure the proper functioning of the computing
system that processes and stores the information.
Ans. Criminal Threats to IT Infrastructure and the Preventive Measures for these
Threats
Following are the different types of threats to the IT infrastructure along with the
preventive measures that can be taken to reduce your susceptibility to these threats:
1. Vulnerabilities
2. Spyware
3. Malware
4. Spam
5. Phishing
1.Vulnerabilities:-
Vulnerabilities are the flaws in computer software that create weaknesses in your
computer or network’s overall security. They can also be created by improper
computer or security configurations. Threats exploit the weaknesses of
vulnerabilities, resulting in potential damage to the computer or its data.
Preventive measures:-
•Configure security settings for your operating system, Internet browser and security
software.
• Companies should develop personal security policies for online behavior, and
individuals should be sure to adopt their own policies to promote online safety.
•Install a proactive security solution like Norton Internet Security to block the threats
targeting vulnerabilities.
Preventive measures:
• Use a trustworthy Internet security program to proactively protect from spyware and
other security risks.
• Configure the firewall in the reputable Internet security program to block unsolicited
requests for outbound communication.
• Do not accept or open suspicious error dialogs from within the browser.
• Always carefully read the End User License agreement during installation.
Preventive measures:
• Open only those e-mails, web-links or attachments that come from trusted sources
and are expected.
• Have email attachments scanned by a reputable Internet security program prior to
opening.
Preventive measures:
• Do not click on URL links within IM unless they are from a known source and
expected.
Preventive measures:
Cyber terrorism denotes unlawful attacks and threats of attack against computers,
networks and information stored therein to intimidate or coerce a government or its
people for propagating hidden political or unlawful social and religious agendas. It has
an objective to destroy or damage specific targets such as political, economic, energy,
civil, and military infrastructure.
In 1998, a politically motivated cyber attack was conducted by ethnic Tamil guerrillas
who attempted to disrupt Sri Lankan embassies by sending hundreds of e- mails a day
over a two-week period. It was characterized as a terrorist attack on a country’s
computer system.
Cyber terrorists can affect the overall economy of a country by targeting the critical
infrastructure, which includes telecommunications sector, food & agriculture sector,
energy sector, financial sector, government sector, and health care sector.
Today, Internet has become the center of all the personal and professional activities.
Everything depends on Global Information Infrastructure. If any of its services block, it
causes huge economic impact. By targeting the Critical Infrastructure of country,
cyber terrorists can affect the overall economy of a country.
• Terrorists can cause economic loss by hacking a financial transaction which involves
huge amount Of money because all the transactions are done over Internet which is
not secure edge.
•Stock markets may react negatively because negative publicity gives the competitors
a competitive.
•Cyber terrorism attacks make the cost of doing business in the affected region very
high as these attacks target the Critical Infrastructure and hence cause huge
economic losses.
• Internet is central element for all the businesses and hence it is exploited by the
cyber terrorists. It is used by the terrorists to affect the overall economy.
• Internet shut down can have a huge impact on various domestic businesses as well
as foreign investments.
• Cyber terrorism attacks lead to loss of confidence and credibility in the financial
systems of the targeted country, reputation loss, ruined business partner
relationships, staff-turnover and loss of trust in the government and IT industry of the
targeted country.
• Cyber terrorism attacks also affect the GDP (Gross Domestic Product) of a country.
• After cyber terrorism attacks, investors withdraw their investments from the
affected country.
Countries are being transformed into information societies with the following aims:
• An information society is based on the information rather than material goods as the
chief driver of socio-economics.
• It offers various benefits to the public. People use information in their activities as
consumers to make informed choices between different products.
• It is a society in which all the work is information- based. Information is the key-
factor for all the tasks.
Knowledge Society
Knowledge society is a society whose economy depends upon the knowledge of their
citizens and the success of this society is dependent on the innovation and creativity
of the citizens.
• There are multiple centres of expertise and a poly. Centric production of knowledge
utilisation.
• A large portion of the labour forces are knowledge workers, who need a higher
degree of education and experience to perform their job well.
• Both individuals and the state invest heavily in education and research and
development.
Ans. Cyberspace
Characteristics of Cyberspace
• The cost of entry for access to cyberspace is very low. Only a communication device
and a network connection are required.
• Activities and benefits of cyberspace are open for everyone who can afford to use it.
Applications of Cyberspace
• Military applications
QDefine Hacking. Describe types of hacking and also describe hacking techniques ❔
Ans. Hacking
Hacking is an illegal intrusion into a computer system and / or network. Every act
committed towards breaking into a computer and / or network is hacking. Hackers
write or use ready-made computer programs to attack the target computer. They
possess the desire to destruct and they get the kick out of such destruction.
Types of hacking
a) Ethical Hacking
b) Unethical Hacking
A] Ethical Hacking:- When hacking is done with the intention of improving the security
of a network or protecting against cyber attacks, it is called ethical hacking. It is
performed by White Hat Hackers to find the security vulnerabilities of the system and
prevent the Black Hat hackers from illegally infiltrating and stealing data from any
system.
Ethical hacking is performed as per the rules and regulations set by the legal
authorities. Generally, the device owners or the organization on which the ethical
hacking is performed knows about the hacking being performed on them
Hacking Techniques
1. Phishing
2. Denial of Service Attack
3. Cookie Theft
4. DNS Spoofing
5. Social Engineering
6. Injection Attacks
7. Brute Force Attack
Q.Explain the features, scope and objectives of Information Technology Act, 2000.
The IT Act 2000, the cyber law of India, gives the legal framework so that information is
not denied legal effect, validity or enforceability, solely on the ground that it is in the
form of electronic records. The Information Technology Act, 2000 and the institutional
infrastructure derived out of it are very important components of the regulatory
regime in the field of internet use in India.
1.Electronic contracts have been made legally valid if made through secure electronic
communications’.
3.Security procedures for electronic records and digital signatures have been laid
down.
4.To facilitate e-governance, provisions have been included to build the required
system.
5.Various types of computer-related crimes have been defined and stringent penalties
provided under the Act.
Q Explain the concept of Information Society and also explain Its aim & drawbacks?
1. *Widespread use of ICTs*: ICTs are ubiquitous and play a vital role in various
aspects of life, including education, work, and leisure.
5. *Digital literacy*: The society has a high level of digital literacy, and people have the
skills to effectively use ICTs.
1. *Digital divide*: The unequal access to ICTs and the internet can exacerbate existing
social and economic inequalities.
5. *Social isolation*: The increased reliance on ICTs can lead to social isolation, as
people spend more time interacting with technology and less time interacting with
other humans.
7. *Environmental impact*: The production and disposal of ICTs can have a significant
environmental impact, including e-waste and carbon emissions.