Cyber Security

5BCA
Course Code: BCA 305-5

Mission Vision Core Values

Christ University is a nurturing ground for an individual’s Excellence and Service Faith in God | Moral Uprightness
holistic development to make effective contribution Love of Fellow Beings | Social Responsibility
to the society in a dynamic environment Pursuit of Excellence
Unit I

Fundamentals of Cyber Security & Regulations

Topics

1. Introduction to Cybersecurity: Concepts, importance, challenges, and scope.

2. Internet Society and Regulation of Cyberspace.

3. Cybersecurity Frameworks and Standards (ISO 27001, NIST, CIS).

4. Cybersecurity Governance: Policies, risk management, compliance.

2
Introduction to Cybersecurity: Concepts
Cyber security is the practice of protecting digital devices,
networks, and sensitive data from cyber threats such as
hacking, malware, and phishing attacks.

It involves a range of strategies, technologies, and best

practices designed to safeguard computers, networks, and
data from cyber attacks.

3
Importance of Cyber Security

● Cybersecurity keeps your online world safe and secure.

● It ensures that sensitive information remains confidential, intact, and

accessible only to authorized users.

● Whether it's securing personal information, financial transactions, or

corporate databases.

4
Rising Cyber Threats: How Hackers Exploit Weak Security

Cybercriminals are constantly finding new ways to exploit vulnerabilities in systems, networks,
and personal devices.
Weak passwords, outdated software, and unsecured networks create easy entry points for
hackers.
They use sophisticated methods like phishing emails, ransomware, and social engineering to steal
sensitive data, disrupt operations, and demand ransoms.

Consequences of Cyber Attacks for Businesses & Individuals

A successful cyber attack can have devastating effects, both financially and reputationally. For
businesses, a data breach can lead to massive financial losses, legal penalties, and loss of
customer trust. Small businesses are especially vulnerable, as they often lack robust security
measures. Individuals, on the other hand, face risks like identity theft, financial fraud, and personal
data leaks.
5
Challenges of Cyber Security
Constantly Evolving Threat Landscape: Cyber threats are constantly evolving, and attackers
are becoming increasingly sophisticated. This makes it challenging for cybersecurity
professionals to keep up with the latest threats and implement effective measures to protect
against them.
Lack of Skilled Professionals: There is a shortage of skilled cybersecurity professionals, which
makes it difficult for organizations to find and hire qualified staff to manage their cybersecurity
programs.
Limited Budgets: Cybersecurity can be expensive, and many organizations have limited
budgets to allocate toward cybersecurity initiatives. This can result in a lack of resources and
infrastructure to effectively protect against cyber threats.
6
Insider Threats: Insider threats can be just as damaging as external threats.
Employees or contractors who have access to sensitive information can
intentionally or unintentionally compromise data security.
Complexity of Technology: With the rise of cloud computing, IoT, and other
technologies, the complexity of IT infrastructure has increased significantly.
This complexity makes it challenging to identify and address vulnerabilities
and implement effective cybersecurity measures.

7
Scope of Cyber Security

Cybersecurity involves securing various aspects of digital infrastructure and operations, including:

● Network Security: Protecting computer networks from unauthorized access, attacks, and
malware using tools like firewalls and intrusion detection systems.
● Application Security: Securing software applications throughout their development and
deployment phases to prevent vulnerabilities from being exploited by hackers.
● Information Security (InfoSec): Protecting the integrity, confidentiality, and availability of
sensitive data, both online and offline, through encryption and access controls.
● Cloud Security: Protecting data, applications, and services hosted in cloud environments
(private, public, or hybrid) using appropriate security measures.

8
● Endpoint Security: Securing individual devices like laptops, desktops, and mobile phones that
connect to a network, which are potential entry points for cyber threats.
● Incident Response: Developing strategies to respond to and recover from cyber incidents
effectively.
● Governance, Risk, and Compliance (GRC): Ensuring organizations adhere to cybersecurity
laws, regulations, and industry standards, and implementing risk management practices.
● Identity and Access Management (IAM): Controlling who can access what resources within a
system through authentication and authorization mechanisms.
● Security Operations Center (SOC): A dedicated team that monitors and responds to security
threats in real-time.

9
● Penetration Testing (Ethical Hacking): Simulating cyberattacks to identify vulnerabilities in
systems and improve security measures.
● Digital Forensics: Investigating cybercrimes and analyzing digital evidence to understand the
nature and scope of attacks.
● Software Development Security: Embedding security principles into the software development
lifecycle to minimize vulnerabilities in applications.
● IoT Security: Securing Internet of Things (IoT) devices, such as smart homes and industrial
sensors, that are connected to the internet and can be vulnerable to attacks.
● Mobile Security: Protecting mobile devices and the sensitive information they store from
various threats like malware and unauthorized access.

10
Growing Importance and Demand:

● Cybersecurity is becoming increasingly important due to the rise in

sophisticated cyberattacks and the growing volume of data stored and
transmitted digitally. Businesses and individuals face significant risks, including
financial losses, data breaches, reputational damage, and disruption of critical
operations.

11
Future Trends and Challenges:
The cybersecurity landscape is constantly evolving, with new threats and challenges emerging
regularly. Some of the key trends and challenges shaping the future of cybersecurity include:

● AI-Driven Threat Detection: Leveraging Artificial Intelligence (AI) and Machine Learning (ML) to
enhance threat detection and response capabilities.
● Zero Trust Architecture: A security model that assumes no user or device can be trusted by
default and requires continuous verification for access.
● Ransomware Evolution: Ransomware attacks are becoming more sophisticated, with attackers
employing advanced tactics to disrupt operations and extort money.
● Cybersecurity Skills Shortage: A significant challenge in the industry is the lack of skilled
cybersecurity professionals to fill the growing demand.

12
● Threats from Quantum Computing: The potential of quantum computers to break existing encryption
methods poses a serious future threat to cybersecurity.
● Increased Use of AI and Machine Learning in Cybersecurity: AI and ML are expected to play a crucial role
in future cybersecurity strategies, automating threat detection and response and enabling predictive
analysis.
● Expansion of Zero Trust Architecture: Zero Trust models will continue to gain traction as organizations
seek to secure their hybrid and cloud-based environments.
● Growth of Ransomware-as-a-Service (RaaS): RaaS platforms lower the barrier to entry for cybercrime,
leading to an increase in ransomware attacks.
● Adoption of Cybersecurity as a Business Priority: Organizations are increasingly recognizing
cybersecurity as a critical business function and investing more resources in security initiatives

13
Internet Society

The Internet Society (ISOC) and the regulation of cyberspace are two interconnected concepts that are crucial
for the continued functioning and development of the Internet

● Role: The Internet Society is a global non-profit organization founded in 1992 that advocates for policies
and technologies to keep the Internet open, globally connected, secure, and trustworthy.
● Mission: ISOC works to ensure the long-term well-being of the Internet by expanding its reach, promoting
security, closing the digital divide, and ensuring everyone can benefit from its opportunities.
● Activities: ISOC achieves its mission through various activities, including policy advocacy, capacity
building, technical standards development, and community engagement.
● Multi-Stakeholder Approach: ISOC operates on a multi-stakeholder model, involving individuals,
organizations from different sectors (including governments, businesses, academia, and civil society) in
decision-making processes.

14
Regulation of Cyber Space

Regulation of Cyberspace:

● Necessity: Cyberspace regulation is deemed necessary due to the increasing volume of online
activity, encompassing economic transactions, creative interactions, and the dissemination of
information.
● Need for Regulation: The need for regulation arises from concerns over issues like the
distribution of illegal content, cybercrime, potential invasion of privacy, and the challenges
cyberspace poses to traditional notions of jurisdiction and regulation.

15
● Regulatory Approaches: Different approaches to cyberspace regulation exist, including:
● Legislative Approach: Governments establish legal frameworks to address issues like data
protection, cybersecurity, and cybercrime.
● Self-Regulation: Industry stakeholders and online communities develop rules and best practices, as
exemplified by organizations like ICANN.
● Co-Regulation: Governments and industry collaborate to develop and implement regulations, such as
in telecommunications.
● International Cooperation: Collaborative efforts between nations are crucial to harmonize legal
standards and norms to combat cross-border threats.

16
Cybersecurity Frameworks and Standards (ISO 27001, NIST,
CIS)

● Purpose: An internationally recognized standard that provides a systematic

approach for establishing, implementing, maintaining, and continually
improving an Information Security Management System (ISMS).
● Focus: Protects sensitive company information through a risk-management
process, focusing on the confidentiality, integrity, and availability (CIA) of data.

17
● Benefits: Enhanced data security, improved business credibility, regulatory compliance (helps with
GDPR, HIPAA), and a framework for managing information security risks. It is a recognized certification
that demonstrates commitment to data protection.
● Key aspects: defines security controls across organizational, people, physical, and technological
themes, emphasizes risk assessment and treatment, and encourages continuous improvement.
● Applicability: Applicable to organizations of all sizes and sectors, though commonly adopted by
businesses dealing with sensitive data and seeking international recognition.

18
NIST Cybersecurity Framework (NIST CSF)

● A set of guidelines and best practices developed by the National Institute of

Standards and Technology (NIST) to help organizations manage and reduce
cybersecurity risks.
● Provides a structured approach for understanding, managing, and
communicating cybersecurity risks. It's adaptable and can be tailored to an
organization's size, industry, and cybersecurity maturity level.

19
Key Components:

A comprehensive set of cybersecurity outcomes and activities, divided into six

core functions.
● Govern: Establishing and maintaining governance structures.
● Identify: Understanding and managing cybersecurity risks.
● Protect: Implementing safeguards to mitigate risks.
● Detect: Promptly identifying cybersecurity events.
● Respond: Developing and implementing response plans.
● Recover: Restoring systems after an incident.

20
CIS Controls (Center for Internet Security Critical Security
Controls)
● Purpose: A prioritized set of recommended actions (18 in total) designed to
protect organizations from known cyberattack vectors.
● Focus: Provides actionable steps for improving cybersecurity posture and
reducing risk. It's known for its practicality and is suitable for organizations of
all sizes, especially those new to cybersecurity.

21
Key aspects:

● Prioritized Safeguards: The controls are structured into implementation groups, allowing
organizations to focus on basic security hygiene before moving to more complex
measures.
● Action-oriented: Each control breaks down into measurable actions (safeguards).
● Community-driven: Continuously updated based on feedback from a global community of
experts.
● Alignment: Aligns with other major industry frameworks, including NIST CSF and ISO
27001.
● Benefits: Prioritization of security efforts, reduced risk exposure, enhanced compliance with
regulations, and a standardized approach to cybersecurity practices.

22
Choosing the Right Framework:

The best cybersecurity framework depends on an organization's specific needs, industry, size, and
risk profile.

● NIST CSF: Ideal for organizations needing a flexible and detailed framework, particularly
relevant for those dealing with the US government.
● ISO 27001: Suitable for organizations seeking formal certification and international recognition,
with a structured approach to governance and risk management.
● CIS Controls: Best for organizations looking for a practical, prioritized set of security practices,
particularly beneficial for smaller companies or those just starting out.

23
Cybersecurity governance refers to the policies, frameworks, and leadership
structures that define how an organization manages its cybersecurity risks.
It ensures that security efforts are aligned with business objectives, comply
with regulations, and support risk management.
Governance establishes a structure for responsibility and accountability,
ensuring decisions related to cybersecurity are made effectively and risks are
minimized.

24
Key elements of a robust cybersecurity governance framework

● Policy and Standards Development: Formalized documents outlining the

organization's security stance, employee responsibilities, and procedures
for managing security incidents.
● Risk Management: Identifying, assessing, and prioritizing cybersecurity
risks to develop and implement effective mitigation strategies.
● Compliance and Regulatory Alignment: Ensuring adherence to relevant
regulations (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001,
NIST Cybersecurity Framework).

25
● Incident Response and Business Continuity: Developing plans and
procedures for detecting, responding to, recovering from, and learning
from cybersecurity incidents.
● Training and Awareness: Educating employees on cybersecurity best
practices, policies, and their roles in maintaining security.
● Technical Controls and Integration: Implementing and integrating security
technologies such as firewalls, intrusion detection systems, and
encryption.
● Continuous Monitoring and Improvement: Regularly assessing the
effectiveness of the governance framework, reviewing vulnerabilities, and
adapting to emerging threats.
26
Importance of Cybersecurity governance

● Improved Risk Management: Enables proactive identification and

addressing of cybersecurity risks.
● Enhanced Security Posture: Strengthens overall defense against
cyberattacks and vulnerabilities.
● Regulatory Compliance: Helps meet legal and industry standards for data
protection, avoiding potential penalties.
● Increased Stakeholder Confidence: Builds trust with customers, partners,
and employees by demonstrating a commitment to data protection.
● Business Continuity: Minimizes disruption from security incidents and
ensures the organization can continue operating effectively.

27
Cybersecurity policies

● Cybersecurity policies are formal documents that define how an

organization manages and protects its digital identity and environment.
These policies provide guidance and procedures for employees on various
IT activities and ensure the organization's cybersecurity efforts align with
its strategic goals and objectives.

28
Importance of Cybersecurity policies

● Reduce Risk: Policies set guidelines for data security activities, limiting access to
critical systems, promoting data integrity, and decreasing vulnerabilities.
● Regulatory Compliance: Many industry and government regulations require specific
security policies to be in place, like HIPAA and GDPR.
● Operational Consistency: Provides a standardized approach to security across
departments, ensuring everyone follows the same protocols.
● Improved Employee Awareness: Clearly defines roles and responsibilities in
maintaining security and fosters a culture of cybersecurity awareness through
training.
● Enhanced Reputation: Demonstrates a commitment to protecting sensitive data,
building trust with stakeholders and improving brand image.

29
Risk management

● Cybersecurity risk management is the systematic process of identifying,

assessing, mitigating, and monitoring risks to an organization's digital
assets and information.

30
Key steps in risk management

● Risk Identification: Recognizing potential threats and vulnerabilities to critical assets.

● Risk Assessment: Evaluating the likelihood of risks occurring and their potential
impact on the organization.
● Risk Mitigation: Developing and implementing controls and strategies to reduce the
likelihood or impact of identified risks (e.g., encryption, access controls, employee
training).
● Risk Monitoring: Continuously tracking, assessing, and addressing risks in real-time,
adapting to the evolving threat landscape.
● Response: Having a well-defined incident response plan to contain, eradicate, and
recover from cybersecurity incidents.

31
Compliance

● Compliance refers to an organization's adherence to relevant laws,

regulations, and industry standards related to cybersecurity and data
protection. This can include both external regulations, such as GDPR and
HIPAA, and internal corporate policies

32
Importance of compliance

● Avoid Penalties: Non-compliance can result in substantial fines and legal

repercussions.
● Build Trust: Demonstrates a commitment to data protection and ethical
business practices, enhancing stakeholder confidence.
● Improve Security: Encourages the implementation of robust cybersecurity
measures and best practices.
● Protect Data: Ensures sensitive information is handled securely and
confidentially, preventing data breaches and misuse.

33
Cyber Threats

● Cyber threats represent any malicious activity aimed at damaging,

stealing, or disrupting digital life.
● They target computer systems, networks, and data, posing significant
risks to individuals, organizations, and governments alike.
● Cyber threats can originate from various sources, including malicious
actors like hackers and cybercriminals, organized crime groups, and even
state-sponsored entities

34
Malware
● Malware, short for malicious software, is a broad category encompassing various types of intrusive
programs or files designed to harm or exploit computer systems
Common types include:
● Viruses: Replicate and attach to other programs or files, spreading when those infected files are
executed.
● Worms: Self-replicating programs that spread across networks, consuming resources and potentially
causing significant slowdowns.
● Trojans (Trojan horses): Malware disguised as legitimate software to trick users into downloading and
installing them.
● Ransomware: Encrypts data or locks users out of their systems, demanding a ransom for decryption.
● Spyware: Secretly monitors user activity and collects sensitive information, like login credentials
● Malware can be spread through various means, including email attachments,
malicious downloads, drive-by downloads, flash drives, and exploiting system
vulnerabilities.

35
Phishing

● Email phishing: Uses deceptive emails to lure victims into clicking malicious links or
opening attachments.
● Spear phishing: Targeted attacks using personalized information to appear more
convincing, often aimed at specific individuals or organizations.
● Smishing: Phishing attempts conducted via SMS, using text messages to trick
recipients.
● Vishing: Voice phishing using phone calls to deceive individuals into revealing
sensitive information

36
Social engineering

● Social engineering is a broad range of malicious activities that manipulate

individuals through human interaction to gain access to confidential
information or systems.
● It exploits psychological and social aspects rather than relying solely on
technical vulnerabilities.
Key features include:
● Psychological manipulation: Exploiting emotions like trust, fear, and
curiosity to deceive targets.
● Impersonation: Posing as a trusted entity to gain a victim's trust.

37
● Creating urgency: Pressuring individuals to act quickly without thinking.
● Exploiting curiosity: Using enticing offers or false promises to lure victims into traps.

Social engineering attacks can take various forms, including phishing, pretexting (creating
fabricated scenarios), baiting (using false promises to lure victims), and tailgating
(following authorized persons into secure areas)

38
Zero-day attacks

● Zero-day attacks exploit previously unknown vulnerabilities in software or hardware

before developers have a chance to address them.
● The term "zero-day" signifies that the vendor had "zero days" to fix the issue before
the attack occurred.
● Vulnerability: A security flaw or weakness in software or hardware that is unknown to
the vendor.
● Exploit: The method or technique used to take advantage of the vulnerability.
● Attack: The act of using the exploit to compromise a system.

Zero-day attacks are especially dangerous due to their unpredictable nature and lack of
existing defenses, making them particularly difficult to detect and mitigate. They can
cause significant damage, including data breaches, financial losses, and operational
disruptions.
39
Cybersecurity Defense Mechanisms

● Cybersecurity defense mechanisms are the tools, strategies, and

practices implemented to protect digital information and infrastructure
from cyber threats.
● These mechanisms are designed to detect, prevent, and respond to
attacks that aim to compromise the confidentiality, integrity, or
availability of data and systems.

40
Key elements of cybersecurity defense

● Preventing threats before they enter a system (using tools like firewalls),
detecting abnormal activity that may indicate a breach (using systems like
SIEM and IDS), responding quickly to mitigate the impact of threats (often
guided by incident response plans), recovering systems after an attack to
restore operations, and educating staff on recognizing threats to prevent
incidents caused by human error.

41
Types of defense mechanisms

● Various types of defense mechanisms protect different aspects of an

organization's digital environment.
● Network security involves securing the IT infrastructure with tools like
firewalls and IDS/IPS.
● Endpoint security protects devices such as laptops and mobile phones
using measures like antivirus software.
● Application security focuses on securing software from vulnerabilities,
while data protection safeguards sensitive information through encryption
and access controls.
● Identity and Access Management (IAM) controls user access to resources
using methods like multi-factor authentication.
42
Firewalls

● Firewalls act as barriers between a trusted internal network and

untrusted external networks (like the internet).
● They monitor and control incoming and outgoing network traffic based on
predefined security rules.

43
Functions of firewalls

● Traffic Filtering: Firewalls examine data packets and allow or block them
based on rules like source/destination IP addresses, ports, and protocols.
● Access Control: They determine which applications, services, and devices
can access the network.
● Threat Detection: Some firewalls can also detect and prevent threats like
malware and suspicious behaviors.
● Logging and Alerts: They keep detailed logs of traffic and events, alerting
administrators about suspicious activities.

44
Types of firewalls

● Packet Filtering Firewalls: Filter traffic based on network and transport

layer information like IP addresses and ports.
● Stateful Inspection Firewalls: Track the state of network connections and
filter based on the connection's context, not just individual packets.
● Proxy Firewalls: Act as intermediaries between networks, inspecting and
mediating traffic at the application layer.
● Next-Generation Firewalls (NGFW): Combine traditional firewall functions
with features like Deep Packet Inspection, intrusion prevention, and
application awareness

45
Intrusion detection systems (IDS) and intrusion prevention systems
(IPS)
● These systems monitor network traffic and system activity for signs of malicious
behavior or policy violations

Intrusion Detection System (IDS)

● Functionality: Monitors network traffic for suspicious activity and alerts
administrators.
● Response: Passive; focuses on detection and alerting, requiring manual investigation
and response.
● Detection Methods:
○ Signature-Based: Identifies known attack patterns or signatures.
○ Anomaly-Based: Detects deviations from normal network behavior.

46
Intrusion Prevention System (IPS)

● Functionality: Extends IDS by not only detecting but also actively blocking
or preventing malicious activities in real time.
● Response: Active; can block malicious traffic, terminate suspicious
connections, or modify firewall rules.
● Detection Methods: Similar to IDS, using signature-based and anomaly-
based detection methods.

47
Access control

● Access control mechanisms ensure that only authorized users, devices, or

processes can access specific network resources. They are essential for
enforcing security policies and limiting the impact of a breach

48
Types of access control

● Discretionary Access Control (DAC): Owners of resources control access

permissions.
● Mandatory Access Control (MAC): System-wide rules dictate access, often
based on security labels and clearance levels.
● Role-Based Access Control (RBAC): Access is granted based on user roles
and responsibilities within an organization.

49
Methods of access control

● Authentication: Verifying user identity (e.g., passwords, biometrics).

● Authorization: Granting or denying specific permissions based on
authenticated identity.
● Auditing: Logging and reviewing access attempts to identify potential
security violations.

50
Overview of Cryptography: Symmetric & Asymmetric Encryption,
Hashing.

● Cryptography is the practice of securing information and communications

using codes to prevent unauthorized access or manipulation.

● It is crucial for ensuring confidentiality, integrity, and authenticity of data,

whether stored on a computer or transmitted over a network

51
Symmetric encryption

● Symmetric encryption, also known as secret-key or private-key

encryption, employs a single key for both encrypting and decrypting data.

● This means both the sender and receiver must possess the same secret
key to secure communication.

52
Characteristics

● Single key: Uses the same key for encryption and decryption.
● Fast and efficient: Ideal for encrypting large volumes of data due to its
speed and efficiency.
● Key distribution challenge: The biggest weakness is securely sharing the
key between parties; if the key is compromised, the encrypted data is no
longer secure.
● Examples: Advanced Encryption Standard (AES), Data Encryption
Standard (DES) (now considered insecure), Triple Data Encryption
Standard (3DES), Blowfish.

53
Asymmetric encryption

● Asymmetric encryption, or public-key cryptography, uses a pair of

mathematically related keys: a public key for encryption and a private key
for decryption.

● The public key is openly distributed, while the private key remains
confidential, ensuring that only the intended recipient can decrypt the
message.

54
Characteristics

● Key pair: Uses a public key for encryption and a private key for decryption.
● Enhanced security: The private key remains secret, making it highly
secure for data exchange, even over untrusted networks.
● Simplified key distribution: Public keys can be freely distributed without
compromising security.
● Slower performance: More computationally intensive and slower than
symmetric encryption.
● Examples: RSA (Rivest–Shamir–Adleman), Elliptic Curve Cryptography
(ECC), Digital Signature Algorithm (DSA).

55
Use cases

● Securely exchanging symmetric keys in protocols like SSL/TLS (used in

HTTPS).
● Creating digital signatures to verify sender identity and message integrity.
● Securing email communication (e.g., PGP, S/MIME).
● Providing authentication and non-repudiation (proof that a message
originated from a specific sender).

56
Hashing

● Hashing is a cryptographic technique that transforms input data of any

size into a fixed-length output called a hash value or message digest.

● Unlike encryption, hashing is a one-way function, meaning it's

computationally infeasible to reverse-engineer the original data from its
hash value.

57
Functions

● Data Integrity Check: Hashing confirms data integrity by creating

checksums or fingerprints that quickly detect if data has been tampered
with.
● Password Storage: Instead of storing passwords in plaintext, systems
store their hashed versions, adding an extra layer of security.
● Digital Signatures: Hashing is used to generate the message digest that is
encrypted with a private key to create a digital signature, ensuring both
authenticity and integrity.
● Authentication and Verification: Used for verifying data integrity and
sender identity, and for creating digital signatures

58
Key properties

● Deterministic: The same input always produces the same hash value.
● Pre-image resistance: It's computationally infeasible to determine the
original input from the hash value.
● Second pre-image resistance: Given an input and its hash, it's difficult to
find another input that produces the same hash.
● Collision resistance: It's computationally difficult to find two different
inputs that produce the same hash value.

59
Use cases

● Password storage.
● Digital signatures.
● Data integrity checks (e.g., for files, downloads).
● Blockchain technology.

60