Cyber Security Introduction

"Cybersecurity is primarily about people, processes, and technologies working together to

encompass the full range of threat reduction, vulnerability reduction, deterrence,
international engagement, incident response, resiliency, and recovery policies and activities,
including computer network operations, information assurance, law enforcement, etc."

Cybersecurity is the protection of Internet-connected systems, including hardware,

software, and data from cyber attacks. It is made up of two words one is cyber and other is
security. Cyber is related to the technology which contains systems, network and programs
or data. Whereas security related to the protection which includes systems security,
network security and application and information security.

It is the body of technologies, processes, and practices designed to protect networks,

devices, programs, and data from attack, theft, damage, modification or unauthorized
access. It may also be referred to as information technology security.

We can also define cybersecurity as the set of principles and practices designed to protect
our computing resources and online information against threats. Due to the heavy
dependency on computers in a modern industry that store and transmit an abundance of
confidential and essential information about the people, cybersecurity is a critical function
and needed insurance of many businesses.

Why is cybersecurity important?

We live in a digital era which understands that our private information is more vulnerable
than ever before. We all live in a world which is networked together, from internet banking
to government infrastructure, where data is stored on computers and other devices. A
portion of that data can be sensitive information, whether that be intellectual property,
financial data, personal information, or other types of data for which unauthorized access or
exposure could have negative consequences.

Cyber-attack is now an international concern and has given many concerns that hacks and
other security attacks could endanger the global economy. Organizations transmit sensitive
data across networks and to other devices in the course of doing businesses, and
cybersecurity describes to protect that information and the systems used to process or store
it.

As the volume of cyber-attacks grows, companies and organizations, especially those that
deal information related to national security, health, or financial records, need to take steps
to protect their sensitive business and personal information.

History of Cyber Security

The origin of cybersecurity began with a research project. It only came into existence
because of the development of viruses.

How did we get here?

In 1969, Leonard Kleinrock, professor of UCLA and student, Charley Kline, sent the first
electronic message from the UCLA SDS Sigma 7 Host computer to Bill Duvall, a
programmer, at the Stanford Research Institute. This is a well-known story and a moment
in the history of a digital world. The sent message from the UCLA was the word "login." The
system crashed after they typed the first two letters "lo." Since then, this story has been a
belief that the programmers typed the beginning message "lo and behold." While factually
believed that "login" was the intended message. Those two letters of messages were
changed the way we communicate with one another.

In 1970's, Robert (Bob) Thomas who was a researcher for BBN Technologies in
Cambridge, Massachusetts created the first computer worm (virus). He realized that it was
possible for a computer program to move across a network, leaving a small trail (series of
signs) wherever it went. He named the program Creeper, and designed it to travel between
Tenex terminals on the early ARPANET, printing the message "I'M THE CREEPER: CATCH ME
IF YOU CAN."

An American computer programmer named Ray Tomlinson, the inventor of email, was also
working for BBN Technologies at the time. He saw this idea and liked it. He tinkered (an act
of attempting to repair something) with the program and made it self-replicating "the first
computer worm." He named the program Reaper, the first antivirus software which
would found copies of The Creeper and delete it.

Where are we now?

After Creeper and Reaper, cyber-crimes became more powerful. As computer software and
hardware developed, security breaches also increase. With every new development came an
aspect of vulnerability, or a way for hackers to work around methods of protection. In
1986, the Russians were the first who implement the cyber power as a weapon. Marcus
Hess, a German citizen, hacked into 400 military computers, including processors at the
Pentagon. He intended to sell secrets to the KGB, but an American astronomer, Clifford
Stoll, caught him before that could happen.

In 1988, an American computer scientist, Robert Morris, wanted to check the size of the
internet. He wrote a program for testing the size of the internet. This program went through
networks, invaded Unix terminals, and copied itself. The program became the first famous
network virus and named as Moris worm or internet worm. The Morris worm could be
infected a computer multiple times, and each additional process would slow the machine
down, eventually to the point of being damaged. Robert Morris was charged under
the Computer Fraud and Abuse Act. The act itself led to the founding of the Computer
Emergency Response Team. This is a non-profit research centre for issues that could
endanger the internet as a whole.

Nowadays, viruses were deadlier, more invasive, and harder to control. We have already
experienced cyber incidents on a massive scale, and 2018 isn't close to over. The above is
to name a few, but these attacks are enough to prove that cybersecurity is a necessity for
corporations and small businesses alike.

Cyber Security Goals

The objective of Cybersecurity is to protect information from being stolen, compromised or
attacked. Cybersecurity can be measured by at least one of three goals-

1. Protect the confidentiality of data.

2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.

These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all
security programs. The CIA triad is a security model that is designed to guide policies
for information security within the premises of an organization or company. This
model is also referred to as the AIC (Availability, Integrity, and
Confidentiality) triad to avoid the confusion with the Central Intelligence Agency.
The elements of the triad are considered the three most crucial components of
security.

The CIA criteria are one that most of the organizations and companies use when
they have installed a new application, creates a database or when guaranteeing
access to some data. For data to be completely secure, all of these security goals
must come into effect. These are security policies that all work together, and
therefore it can be wrong to overlook one policy.

The CIA triad are-

1. Confidentiality
Confidentiality is roughly equivalent to privacy and avoids the unauthorized
disclosure of information. It involves the protection of data, providing access for
those who are allowed to see it while disallowing others from learning anything about
its content. It prevents essential information from reaching the wrong people while
making sure that the right people can get it. Data encryption is a good example to
ensure confidentiality.

Tools for Confidentiality

Encryption
Encryption is a method of transforming information to make it unreadable for
unauthorized users by using an algorithm. The transformation of data uses a secret
key (an encryption key) so that the transformed data can only be read by using
another secret key (decryption key). It protects sensitive data such as credit card
numbers by encoding and transforming data into unreadable cipher text. This
encrypted data can only be read by decrypting it. Asymmetric-key and symmetric-
key are the two primary types of encryption.

Access control
Access control defines rules and policies for limiting access to a system or to physical
or virtual resources. It is a process by which users are granted access and certain
privileges to systems, resources or information. In access control systems, users
need to present credentials before they can be granted access such as a person's
name or a computer's serial number. In physical systems, these credentials may
come in many forms, but credentials that can't be transferred provide the most
security.

Authentication
An authentication is a process that ensures and confirms a user's identity or role that
someone has. It can be done in a number of different ways, but it is usually based
on a combination of-

o something the person has (like a smart card or a radio key for storing secret
keys),
o something the person knows (like a password),
o something the person is (like a human with a fingerprint).

Authentication is the necessity of every organizations because it enables

organizations to keep their networks secure by permitting only authenticated users
to access its protected resources. These resources may include computer systems,
networks, databases, websites and other network-based applications or services.

Authorization
Authorization is a security mechanism which gives permission to do or have
something. It is used to determine a person or system is allowed access to
resources, based on an access control policy, including computer programs, files,
services, data and application features. It is normally preceded by authentication for
user identity verification. System administrators are typically assigned permission
levels covering all system and user resources. During authorization, a system verifies
an authenticated user's access rules and either grants or refuses resource access.
Physical Security
Physical security describes measures designed to deny the unauthorized access of IT
assets like facilities, equipment, personnel, resources and other properties from
damage. It protects these assets from physical threats including theft, vandalism,
fire and natural disasters.

2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and
safeguarded from unauthorized user modification. It is the property that information
has not be altered in an unauthorized way, and that source of the information is
genuine.

Tools for Integrity

Backups
Backup is the periodic archiving of data. It is a process of making copies of data or
data files to use in the event when the original data or data files are lost or
destroyed. It is also used to make copies for historical purposes, such as for
longitudinal studies, statistics or for historical records or to meet the requirements of
a data retention policy. Many applications especially in a Windows environment,
produce backup files using the .BAK file extension.

Checksums
A checksum is a numerical value used to verify the integrity of a file or a data
transfer. In other words, it is the computation of a function that maps the contents
of a file to a numerical value. They are typically used to compare two sets of data to
make sure that they are the same. A checksum function depends on the entire
contents of a file. It is designed in a way that even a small change to the input file
(such as flipping a single bit) likely to results in different output value.

Data Correcting Codes

It is a method for storing data in such a way that small changes can be easily
detected and automatically corrected.

3. Availability
 Availability is the property in which information is accessible and modifiable in a
timely fashion by those authorized to do so. It is the guarantee of reliable and
constant access to our sensitive data by authorized people.

Tools for Availability

o Physical Protections
o Computational Redundancies

Physical Protections
Physical safeguard means to keep information available even in the event of physical
challenges. It ensure sensitive information and critical information technology are
housed in secure areas.

Computational redundancies
It is applied as fault tolerant against accidental faults. It protects computers and
storage devices that serve as fallbacks in the case of failures.

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code
to alter computer code, logic or data and lead to cybercrimes, such as information and
identity theft.

We are living in a digital era. Now a day, most of the people use computer and internet.
Due to the dependency on digital things, the illegal computer activity is growing and
changing like any type of crime.

Cyber-attacks can be classified into the following categories:

Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic to the attacker?s computer or any other computer. The DNS spoofing attacks can go
on for a long period of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access to all of the user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthy entity in electronic communication.

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large
number of guesses and validates them to obtain actual data like user password and
personal identification number. This attack may be used by criminals to crack encrypted
data, or by security, analysts to test an organization's network security.

6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users.
It accomplishes this by flooding the target with traffic or sending it information that triggers
a crash. It uses the single system and single internet connection to attack a server. It can
be classified into the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.

Protocol attacks- It consumes actual server resources, and is measured in a packet.

Application layer attacks- Its goal is to crash the web server and is measured in request
per second.

7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get
original password.

8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.
9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files which
is available on the web server or to execute malicious files on the web server by making use
of the include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read,
insert and modify the data in the intercepted connection.

System-based attacks
These are the attacks which are intended to compromise a computer or a computer
network. Some of the important system-based attacks are as follows-

1. Virus

It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates
by inserting copies of itself into other computer programs when executed. It can also
execute instructions that cause harm to the system.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected

computers. It works same as the computer virus. Worms often originate from email
attachments that appear to be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will run
in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they
receive specific input. Common examples of bots program are the crawler, chatroom bots,
and malicious bots.

Types of Cyber Attackers

In computer and computer networks, an attacker is the individual or organization who
performs the malicious activities to destroy, expose, alter, disable, steal or gain
unauthorized access to or make unauthorized use of an asset.

As the Internet access becomes more pervasive across the world, and each of us spends
more time on the web, there is also an attacker grows as well. Attackers use every tools
and techniques they would try and attack us to get unauthorized access.

There are four types of attackers which are described below-

Cyber Criminals
Cybercriminals are individual or group of people who use technology to commit cybercrime
with the intention of stealing sensitive company information or personal data and generating
profits. In today's, they are the most prominent and most active type of attacker.

Cybercriminals use computers in three broad ways to do cybercrimes-

o Select computer as their target- In this, they attack other people's computers to
do cybercrime, such as spreading viruses, data theft, identity theft, etc.
o Uses the computer as their weapon- In this, they use the computer to do
conventional crime such as spam, fraud, illegal gambling, etc.
o Uses the computer as their accessory- In this, they use the computer to steal
data illegally.

Hacktivists
Hacktivists are individuals or groups of hackers who carry out malicious activity to promote
a political agenda, religious belief, or social ideology. According to Dan Lohrmann, chief
security officer for Security Mentor, a national security training firm that works with states
said "Hacktivism is a digital disobedience. It's hacking for a cause." Hacktivists are not like
cybercriminals who hack computer networks to steal data for the cash. They are individuals
or groups of hackers who work together and see themselves as fighting injustice.

State-sponsored Attacker
State-sponsored attackers have particular objectives aligned with either the political,
commercial or military interests of their country of origin. These type of attackers are not in
a hurry. The government organizations have highly skilled hackers and specialize in
detecting vulnerabilities and exploiting these before the holes are patched. It is very
challenging to defeat these attackers due to the vast resources at their disposal.

Insider Threats
The insider threat is a threat to an organization's security or data that comes from within.
These type of threats are usually occurred from employees or former employees, but may
also arise from third parties, including contractors, temporary workers, employees or
customers.

Insider threats can be categorized below-

Malicious-
Malicious threats are attempts by an insider to access and potentially harm an
organization's data, systems or IT infrastructure. These insider threats are often attributed
to dissatisfied employees or ex-employees who believe that the organization was doing
something wrong with them in some way, and they feel justified in seeking revenge.

Insiders may also become threats when they are disguised by malicious outsiders, either
through financial incentives or extortion.

Accidental-
Accidental threats are threats which are accidently done by insider employees. In this type
of threats, an employee might accidentally delete an important file or inadvertently share
confidential data with a business partner going beyond company?s policy or legal
requirements.

Negligent-
These are the threats in which employees try to avoid the policies of an organization put in
place to protect endpoints and valuable data. For example, if the organization have strict
policies for external file sharing, employees might try to share work on public cloud
applications so that they can work at home. There is nothing wrong with these acts, but
they can open up to dangerous threats nonetheless.

Cyber Security Principles

The UK internet industry and Government recognized the need to develop a series of
Guiding Principles for improving the online security of the ISPs' customers and limit the rise
in cyber-attacks. Cybersecurity for these purposes encompasses the protection of essential
information, processes, and systems, connected or stored online, with a broad view across
the people, technical, and physical domains.

These Principles recognize that the ISPs (and other service providers), internet users, and
UK Government all have a role in minimizing and mitigating the cyber threats inherent in
using the internet.

These Guiding Principles have been developed to respond to this challenge by providing a
consistent approach to help, inform, educate, and protect ISPs' (Internet Service Provider's)
customers from online crimes. These Guiding Principles are aspirational, developed and
delivered as a partnership between Government and ISPs. They recognize that ISPs have
different sets of customers, offer different levels of support and services to protect those
customers from cyber threats.

Some of the essential cybersecurity principles are described below-

1. Economy of mechanism
2. Fail-safe defaults
3. Least Privilege
4. Open Design
5. Complete mediation
6. Separation of Privilege
7. Least Common Mechanism
8. Psychological acceptability
9. Work Factor
10. Compromise Recording

1. Economy of mechanism
This principle states that Security mechanisms should be as simple and small as possible.
The Economy of mechanism principle simplifies the design and implementation of security
mechanisms. If the design and implementation are simple and small, fewer possibilities
exist for errors. The checking and testing process is less complicated so that fewer
components need to be tested.

Interfaces between security modules are the suspect area which should be as simple as
possible. Because Interface modules often make implicit assumptions about input or output
parameters or the current system state. If the any of these assumptions are wrong, the
module's actions may produce unexpected results. Simple security framework facilitates its
understanding by developers and users and enables the efficient development and
verification of enforcement methods for it.
2. Fail-safe defaults
The Fail-safe defaults principle states that the default configuration of a system should have
a conservative protection scheme. This principle also restricts how privileges are initialized
when a subject or object is created. Whenever access, privileges/rights, or some security-
related attribute is not explicitly granted, it should not be grant access to that object.

Example: If we will add a new user to an operating system, the default group of the user
should have fewer access rights to files and services.

3. Least Privilege
This principle states that a user should only have those privileges that need to complete his
task. Its primary function is to control the assignment of rights granted to the user, not the
identity of the user. This means that if the boss demands root access to a UNIX system that
you administer, he/she should not be given that right unless he/she has a task that requires
such level of access. If possible, the elevated rights of a user identity should be removed as
soon as those rights are no longer needed.

4. Open Design
This principle states that the security of a mechanism should not depend on the secrecy of
its design or implementation. It suggests that complexity does not add security. This
principle is the opposite of the approach known as "security through obscurity." This
principle not only applies to information such as passwords or cryptographic systems but
also to other computer security related operations.

Example: DVD player & Content Scrambling System (CSS) protection. The CSS is a
cryptographic algorithm that protects the DVD movie disks from unauthorized copying.

5. Complete mediation
The principle of complete mediation restricts the caching of information, which often leads
to simpler implementations of mechanisms. The idea of this principle is that access to every
object must be checked for compliance with a protection scheme to ensure that they are
allowed. As a consequence, there should be wary of performance improvement techniques
which save the details of previous authorization checks, since the permissions can change
over time.

Whenever someone tries to access an object, the system should authenticate the access
rights associated with that subject. The subject's access rights are verified once at the initial
access, and for subsequent accesses, the system assumes that the same access rights
should be accepted for that subject and object. The operating system should mediate all
and every access to an object.

Example: An online banking website should require users to sign-in again after a certain
period like we can say, twenty minutes has elapsed.
6. Separation of Privilege
This principle states that a system should grant access permission based on more than one
condition being satisfied. This principle may also be restrictive because it limits access to
system entities. Thus before privilege is granted more than two verification should be
performed.

Example: To su (change) to root, two conditions must be met-

o The user must know the root password.

o The user must be in the right group (wheel).

7. Least Common Mechanism

This principle states that in systems with multiple users, the mechanisms allowing resources
shared by more than one user should be minimized as much as possible. This principle may
also be restrictive because it limits the sharing of resources.

Example: If there is a need to be accessed a file or application by more than one user, then
these users should use separate channels to access these resources, which helps to prevent
from unforeseen consequences that could cause security problems.

8. Psychological acceptability
This principle states that a security mechanism should not make the resource more
complicated to access if the security mechanisms were not present. The psychological
acceptability principle recognizes the human element in computer security. If security-
related software or computer systems are too complicated to configure, maintain, or
operate, the user will not employ the necessary security mechanisms. For example, if a
password is matched during a password change process, the password changing program
should state why it was denied rather than giving a cryptic error message. At the same
time, applications should not impart unnecessary information that may lead to a
compromise in security.

Example: When we enter a wrong password, the system should only tell us that the user id
or password was incorrect. It should not tell us that only the password was wrong as this
gives the attacker information.

9. Work Factor
This principle states that the cost of circumventing a security mechanism should be
compared with the resources of a potential attacker when designing a security scheme. In
some cases, the cost of circumventing ("known as work factor") can be easily calculated. In
other words, the work factor is a common cryptographic measure which is used to
determine the strength of a given cipher. It does not map directly to cybersecurity, but the
overall concept does apply.
Example: Suppose the number of experiments needed to try all possible four character
passwords is 244 = 331776. If the potential attacker must try each experimental password
at a terminal, one might consider a four-character password to be satisfactory. On the other
hand, if the potential attacker could use an astronomical computer capable of trying a
million passwords per second, a four-letter password would be a minor barrier for a
potential intruder.

10. Compromise Recording

The Compromise Recording principle states that sometimes it is more desirable to record
the details of intrusion that to adopt a more sophisticated measure to prevent it.

Example: The servers in an office network may keep logs for all accesses to files, all emails
sent and received, and all browsing sessions on the web. Another example is that Internet-
connected surveillance cameras are a typical example of a compromise recording system
that can be placed to protect a building.

Data Security Consideration

Data security is the protection of programs and data in computers and communication
systems against unauthorized access, modification, destruction, disclosure or transfer
whether accidental or intentional by building physical arrangements and software checks. It
refers to the right of individuals or organizations to deny or restrict the collection and use of
information about unauthorized access. Data security requires system managers to reduce
unauthorized access to the systems by building physical arrangements and software checks.

Data security uses various methods to make sure that the data is correct, original, kept
confidentially and is safe. It includes-

o Ensuring the integrity of data.

o Ensuring the privacy of the data.
o Prevent the loss or destruction of data.

Data security consideration involves the protection of data against unauthorized access,
modification, destruction, loss, disclosure or transfer whether accidental or intentional.
Some of the important data security consideration are described below:

Backups
Data backup refers to save additional copies of our data in separate physical or cloud
locations from data files in storage. It is essential for us to keep secure, store, and backup
our data on a regular basis. Securing of the data will help us to prevent from-

o Accidental or malicious damage/modification to data.

 o Theft of valuable information.
o Breach of confidentiality agreements and privacy laws.
o Premature release of data which can avoid intellectual properties claims.
o Release before data have been checked for authenticity and accuracy.

Keeping reliable and regular backups of our data protects against the risk of damage or loss
due to power failure, hardware failure, software or media faults, viruses or hacking, or even
human errors.

To use the Backup 3-2-1 Rule is very popular. This rule includes:

o Three copies of our data

o Two different formats, i.e., hard drive+tape backup or DVD (short term)+flash drive
o One off-site backup, i.e., have two physical backups and one in the cloud

Some important backup options are as follows-

1. Hard drives - personal or work computer

2. Departmental or institution server
3. External hard drives
4. Tape backups
5. Discipline-specific repositories
6. University Archives
7. Cloud storage

Some of the top considerations for implementing secure backup and recovery are-

1. Authentication of the users and backup clients to the backup server.

2. Role-based access control lists for all backup and recovery operations.
3. Data encryption options for both transmission and the storage.
4. Flexibility in choosing encryption and authentication algorithms.
5. Backup of a remote client to the centralized location behind firewalls.
6. Backup and recovery of a client running Security-Enhanced Linux (SELinux).
7. Using best practices to write secure software.

Archival Storage
Data archiving is the process of retaining or keeping of data at a secure place for long-term
storage. The data might be stored in safe locations so that it can be used whenever it is
required. The archive data is still essential to the organization and may be needed for future
reference. Also, data archives are indexed and have search capabilities so that the files and
parts of files can be easily located and retrieved. The Data archival serve as a way of
reducing primary storage consumption of data and its related costs.

Data archival is different from data backup in the sense that data backups created copies of
data and used as a data recovery mechanism to restore data in the event when it is
corrupted or destroyed. On the other hand, data archives protect the older information that
is not needed in day to day operations but may have to be accessed occasionally.

Data archives may have many different forms. It can be stored as Online, offline, or cloud
storage-

o Online data storage places archive data onto disk systems where it is readily
accessible.
o Offline data storage places archive data onto the tape or other removable media
using data archiving software. Because tape can be removed and consumes less
power than disk systems.
o Cloud storage is also another possible archive target. For example, Amazon Glacier is
designed for data archiving. Cloud storage is inexpensive, but its costs can grow over
time as more data is added to the cloud archive.

The following list of considerations will help us to improve the long-term usefulness of our
archives:

1. Storage medium
2. Storage device
3. Revisiting old archives
4. Data usability
5. Selective archiving
6. Space considerations
7. Online vs. offline storage

Storage medium

The first thing is to what storage medium we use for archives. The archived data will be
stored for long periods of time, so we must need to choose the type of media that will be
lost as long as our retention policy dictates.

Storage device

This consideration takes into account about the storage device we are using for our archives
which will be accessible in a few years. There is no way to predict which types of storage
devices will stand the best. So, it is essential to try to pick those devices that have the best
chance of being supported over the long term.

Revisiting old archives

Since we know our archive policies and the storage mechanisms we use for archiving data
would change over time. So we have to review our archived data at least once a year to see
that if anything needs to be migrated into a different storage medium.

For example, about ten years ago, we used Zip drives for archival then we had transferred
all of my archives to CD. But in today?s, we store most of our archives on DVD. Since
modern DVD drives can also read CDs, so we haven't needed to move our extremely old
archives off CD onto DVD.

Data usability

In this consideration, we have seen one major problem in the real world is archived data
which is in an obsolete format.

For example, a few years ago, document files that had been archived in the early 1990s
were created by an application known as PFS Write. The PFS Write file format was
supported in the late 80s and early 90s, but today, there are not any applications that can
read that files. To avoid this situation, it might be helpful to archive not only the data but
also copies the installation media for the applications that created the data.

Selective archiving

In this consideration, we have to sure about what should be archived. That means we will
archive only a selective part of data because not all data is equally important.

Space considerations

If our archives become huge, we must plan for the long-term retention of all our data. If we
are archiving our data to removable media, capacity planning might be simple which makes
sure that there is a free space in the vault to hold all of those tapes, and it makes sure that
there is a room in our IT budget to continue purchasing tapes.

Online vs. offline storage

In this consideration, we have to decide whether to store our archives online (on a
dedicated archive server) or offline (on removable media). Both methods of archival contain
advantages and disadvantages. Storing of data online keeps the data easily accessible. But
keeping data online may be vulnerable to theft, tampering, corruption, etc. Offline storage
enables us to store an unlimited amount of data, but it is not readily accessible.

Disposal of Data
Data destruction or disposal of data is the method of destroying data which is stored on
tapes, hard disks and other electronic media so that it is completely unreadable, unusable
and inaccessible for unauthorized purposes. It also ensures that the organization retains
records of data for as long as they are needed. When it is no longer required, appropriately
destroys them or disposes of that data in some other way, for example, by transfer to an
archives service.

The managed process of data disposal has some essential benefits-

o It avoids the unnecessary storage costs incurred by using office or server space in
maintaining records which is no longer needed by the organization.
o Finding and retrieving information is easier and quicker because there is less to
search.

The disposal of data usually takes place as part of the normal records management process.
There are two essential circumstances in which the destruction of data need to be handled
as an addition to this process-

o The quantity of a legacy record requires attention.

o The functions are being transferred to another authority and disposal of data records
becomes part of the change process.

The following list of considerations will help us for the secure disposal of data-

1. Eliminate access
2. Destroy the data
3. Destroy the device
4. Keep the record of which systems have been decommissioned
5. Keep careful records
6. Eliminate potential clues
7. Keep systems secure until disposal

Eliminate access

In this consideration, we have to ensure that eliminating access account does not have any
rights to re access the disposed of data again.

Destroy the Data

In this consideration, there is not necessary to remove data from storage media will be safe.
Even these days reformatting or repartitioning a drive to "erase" the data that it stores is
not good enough. Today's many tools available which can help us to delete files more
securely. To encrypt the data on the drive before performing any deletion can help us to
make data more difficult to recover later.
Destroy the device

In the most cases, storage media need to be physically destroyed to ensure that our
sensitive data is not leaked to whoever gets the drives next. In such cases, we should not
destroy them itself. To do this, there should be experts who can make probably a lot better
at safely and effectively rendering any data on our drives unrecoverable. If we can't trust
this to an outsider agency that specializes in the secure destruction of storage devices, we
should have a specialized team within our organization who has the same equipment and
skills as outside contractors.

Keep the record of which systems have been decommissioned

In this, we have to make sure that the storage media has been fully decommissioned
securely and they do not consist of something easily misplaced or overlooked. It is best if
storage media that have not been fully decommissioned are kept in a specific location, while
decommissioned equipment placed somewhere else so that it will help us to avoid making
mistakes.

Keep careful records

In this consideration, it is necessary to keep the record of whoever is responsible for

decommissioning a storage media. If more than one person is assigned for such
responsibility, he should sign off after the completion of the decommissioning process. So
that, if something happened wrong, we know who to talk to find out what happened and
how bad the mistake is.

Eliminate potential clues

In this consideration, we have to clear the configuration settings from networking

equipment. We do this because it can provide crucial clues to a security cracker to break
into our network and the systems that reside on it.

Keep system secure until disposal of data

In this consideration, we should have to make clear guidelines for who should have access
to the equipment in need of secure disposal. It will be better to ensure that nobody should
have access authentication to it before disposal of data won't get his or her hands on it.

Security Technologies
With the rapid growth in the Internet, cybersecurity has become a major concern to
organizations throughout the world. The fact that the information and tools & technologies
needed to penetrate the security of corporate organization networks are widely available
has increased that security concern.

Today, the fundamental problem is that much of the security technology aims to keep the
attacker out, and when that fails, the defences have failed. Every organization who uses
internet needed security technologies to cover the three primary control types - preventive,
detective, and corrective as well as provide auditing and reporting. Most security is based
on one of these types of things: something we have (like a key or an ID card), something
we know (like a PIN or a password), or something we are (like a fingerprint).

Some of the important security technologies used in the cybersecurity are described below-

Firewall
Firewall is a computer network security system designed to prevent unauthorized access to
or from a private network. It can be implemented as hardware, software, or a combination
of both. Firewalls are used to prevent unauthorized Internet users from accessing private
networks connected to the Internet. All messages are entering or leaving the intranet pass
through the firewall. The firewall examines each message and blocks those that do not meet
the specified security criteria.

Categories of Firewalls
Firewall can be categorised into the following types-

1. Processing mode:

The five processing modes that firewalls can be categorised are-

Packet filtering

Packet filtering firewalls examine header information of a data packets that come into a
network. This firewall installed on TCP/IP network and determine whether to forward it to
the next network connection or drop a packet based on the rules programmed in the
firewall. It scans network data packets looking for a violation of the rules of the firewalls
database. Most firewall often based on a combination of:

o Internet Protocol (IP) source and destination address.

o Direction (inbound or outbound).
o Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) source and
destination port requests.

Packet filtering firewalls can be categorized into three types-

1. Static filtering: The system administrator set a rule for the firewall. These filtering rules
governing how the firewall decides which packets are allowed and which are denied are
developed and installed.

2. Dynamic filtering: It allows the firewall to set some rules for itself, such as dropping
packets from an address that is sending many bad packets.

3. Stateful inspection: A stateful firewalls keep track of each network connection between
internal and external systems using a state table.

Application gateways

It is a firewall proxy which frequently installed on a dedicated computer to provides network

security. This proxy firewall acts as an intermediary between the requester and the
protected device. This firewall proxy filters incoming node traffic to certain specifications
that mean only transmitted network application data is filtered. Such network applications
include FTP, Telnet, Real Time Streaming Protocol (RTSP), BitTorrent, etc.

Circuit gateways

A circuit-level gateway is a firewall that operates at the transport layer. It provides UDP and
TCP connection security which means it can reassemble, examine or block all the packets in
a TCP or UDP connection. It works between a transport layer and an application layers such
as the session layer. Unlike application gateways, it monitors TCP data packet handshaking
and session fulfilment of firewall rules and policies. It can also act as a Virtual Private
Network (VPN) over the Internet by doing encryption from firewall to firewall.

MAC layer firewalls

This firewall is designed to operate at the media access control layer of the OSI network
model. It is able to consider a specific host computer's identity in its filtering decisions. MAC
addresses of specific host computers are linked to the access control list (ACL) entries. This
entry identifies specific types of packets that can be sent to each host and all other traffic is
blocked. It will also check the MAC address of a requester to determine whether the device
being used are able to make the connection is authorized to access the data or not.

Hybrid firewalls

It is a type of firewalls which combine features of other four types of firewalls. These are
elements of packet filtering and proxy services, or of packet filtering and circuit gateways.

2. Development Era:

Firewall can be categorised on the basis of the generation type. These are-

o First Generation
o Second Generation
o Third Generation
o Fourth Generation
 o Fifth Generation

First Generation:

The first generation firewall comes with static packet filtering firewall. A static packet filter is
the simplest and least expensive forms of firewall protection. In this generation, each
packet entering and leaving the network is checked and will be either passed or rejected
depends on the user-defined rules. We can compare this security with the bouncer of the
club who only allows people over 21 to enter and below 21 will be disallowed.

Second Generation:

Second generation firewall comes with Application level or proxy servers. This generation of
firewall increases the security level between trusted and untrusted networks. An Application
level firewall uses software to intercept connections for each IP and to perform security
inspection. It involves proxy services which act as an interface between the user on the
internal trusted network and the Internet. Each computer communicates with each other by
passing network traffic through the proxy program. This program evaluates data sent from
the client and decides which to move on and which to drop.

Third Generation:

The third generation firewall comes with the stateful inspection firewalls. This generation of
the firewall has evolved to meet the major requirements demanded by corporate networks
of increased security while minimizing the impact on network performance. The needs of the
third generation firewalls will be even more demanding due to the growing support for
VPNs, wireless communication, and enhanced virus protection. The most challenging
element of this evolution is maintaining the firewall's simplicity (and hence its
maintainability and security) without compromising flexibility.

Fourth Generation:

The fourth generation firewall comes with dynamic packet filtering firewall. This firewall
monitors the state of active connections, and on the basis of this information, it determines
which network packets are allowed to pass through the firewall. By recording session
information such as IP addresses and port numbers, a dynamic packet filter can implement
a much tighter security posture than a static packet filter.

Fifth Generation:

The fifth generation firewall comes with kernel proxy firewall. This firewall works under the
kernel of Windows NT Executive. This firewall proxy operates at the application layer. In
this, when a packet arrives, a new virtual stack table is created which contains only the
protocol proxies needed to examine the specific packet. These packets investigated at each
layer of the stack, which involves evaluating the data link header along with the network
header, transport header, session layer information, and application layer data. This firewall
works faster than all the application-level firewalls because all evaluation takes place at the
kernel layer and not at the higher layers of the operating system.
3. Intended deployment structure:

Firewall can also be categorized based on the structure. These are-

Commercial Appliances

It runs on a custom operating system. This firewall system consists of firewall application
software running on a general-purpose computer. It is designed to provide protection for a
medium-to-large business network. Most of the commercial firewalls are quite complex and
often require specialized training and certification to take full advantage of their features.

Small Office Home Office

The SOHO firewall is designed for small office or home office networks who need protection
from Internet security threats. A firewall for a SOHO (Small Office Home Office) is the first
line of defence and plays an essential role in an overall security strategy. SOHO firewall has
limited resources so that the firewall product they implement must be relatively easy to use
and maintain, and be cost-effective. This firewall connects a user's local area network or a
specific computer system to the Internetworking device.

Residential Software

Residential-grade firewall software is installed directly on a user's system. Some of these

applications combine firewall services with other protections such as antivirus or intrusion
detection. There are a limit to the level of configurability and protection that software
firewalls can provide.

4. Architectural Implementation

The firewall configuration that works best for a particular organization depends on three
factors: the objectives of the network, the organization's ability to develop and implement
the architectures, and the budget available for the function.

There are four common architectural implementations of firewalls:

Packet-filtering routers

Packet filtering firewall is used to control the network access by monitoring the outgoing
and incoming packets. It allows them to pass or halt based on the source and destination IP
addresses, protocols and ports. During communication, a node transmits a packet; this
packet is filtered and matched with the predefined rules and policies. Once it is matched, a
packet is considered secure and verified and are able to be accepted otherwise blocked
them.
Screened host firewalls

This firewall architecture combines the packet-filtering router with a separate and dedicated
firewall. The application gateway needs only one network interface. It is allowing the router
to pre-screen packets to minimize the network traffic and load on the internal proxy. The
packet-filtering router filters dangerous protocols from reaching the application gateway and
site systems.

Dual-homed host firewalls

The network architecture for the dual-homed host firewall is simple. Its architecture is built
around the dual-homed host computer, a computer that has at least two NICs. One NIC is
to be connected with the external network, and other is connected to the internal network
which provides an additional layer of protection. With these NICs, all traffic must go through
the firewall in order to move between the internal and external networks.

The Implementation of this architecture often makes use of NAT. NAT is a method of
mapping assigned IP addresses to special ranges of no routable internal IP addresses,
thereby creating another barrier to intrusion from external attackers.

Screened Subnet Firewalls

This architecture adds an extra layer (perimeter network) of security to the screened host
architecture by adding a perimeter network that further isolates the internal network from
the Internet. In this architecture, there are two screening routers and both connected to the
perimeter net. One router sits between the perimeter net and the internal network, and the
other router sits between the perimeter net and the external network. To break into the
internal network, an attacker would have to get past both routers. There is no single
vulnerable point that will compromise the internal network.

VPNs
A VPN stands for virtual private network. It is a technology which creates a safe and an
encrypted connection on the Internet from a device to a network. This type of connection
helps to ensure our sensitive data is transmitted safely. It prevents our connection from
eavesdropping on the network traffic and allows the user to access a private network
securely. This technology is widely used in the corporate environments.

A VPN works same as firewall like firewall protects data local to a device wherever VPNs
protects data online. To ensure safe communication on the internet, data travel through
secure tunnels, and VPNs user used an authentication method to gain access over the VPNs
server. VPNs are used by remote users who need to access corporate resources, consumers
who want to download files and business travellers want to access a site that is
geographically restricted.

Intrusion Detection System (IDS)

An IDS is a security system which monitors the computer systems and network traffic. It
analyses that traffic for possible hostile attacks originating from the outsider and also for
system misuse or attacks originating from the insider. A firewall does a job of filtering the
incoming traffic from the internet, the IDS in a similar way compliments the firewall
security. Like, the firewall protects an organization sensitive data from malicious attacks
over the Internet, the Intrusion detection system alerts the system administrator in the
case when someone tries to break in the firewall security and tries to have access on any
network in the trusted side.

Intrusion Detection System have different types to detects the suspicious activities-

1. NIDS-

It is a Network Intrusion Detection System which monitors the inbound and outbound traffic
to and from all the devices over the network.

2. HIDS-

It is a Host Intrusion Detection System which runs on all devices in the network with direct
access to both internet and enterprise internal network. It can detect anomalous network
packets that originate from inside the organization or malicious traffic that a NIDS has failed
to catch. HIDS may also identify malicious traffic that arises from the host itself.

3. Signature-based Intrusion Detection System-

It is a detection system which refers to the detection of an attack by looking for the specific
patterns, such as byte sequences in network traffic, or known malicious instruction
sequences used by malware. This IDS originates from anti-virus software which can easily
detect known attacks. In this terminology, it is impossible to detect new attacks, for which
no pattern is available.

4. Anomaly-based Intrusion Detection System-

This detection system primarily introduced to detect unknown attacks due to the rapid
development of malware. It alerts administrators against the potentially malicious activity.
It monitors the network traffic and compares it against an established baseline. It
determines what is considered to be normal for the network with concern to bandwidth,
protocols, ports and other devices.

Access Control
Access control is a process of selecting restrictive access to a system. It is a concept in
security to minimize the risk of unauthorized access to the business or organization. In this,
users are granted access permission and certain privileges to a system and resources. Here,
users must provide the credential to be granted access to a system. These credentials come
in many forms such as password, keycard, the biometric reading, etc. Access control
ensures security technology and access control policies to protect confidential information
like customer data.
The access control can be categories into two types-

o Physical access control

o Logical access control

Physical Access Control- This type of access control limits access to buildings, rooms,
campuses, and physical IT assets.

Logical access control- This type of access control limits connection to computer
networks, system files, and data.

The more secure method for access control involves two - factor authentication. The first
factor is that a user who desires access to a system must show credential and the second
factor could be an access code, password, and a biometric reading.

The access control consists of two main components: authorization and authentication.
Authentication is a process which verifies that someone claims to be granted access
whereas an authorization provides that whether a user should be allowed to gain access to a
system or denied it.

Threat to E-Commerce
E-Commerce refers to the activity of buying and selling things over the internet. Simply, it
refers to the commercial transactions which are conducted online. E-commerce can be
drawn on many technologies such as mobile commerce, Internet marketing, online
transaction processing, electronic funds transfer, supply chain management, electronic data
interchange (EDI), inventory management systems, and automated data collection systems.

E-commerce threat is occurring by using the internet for unfair means with the intention of
stealing, fraud and security breach. There are various types of e-commerce threats. Some
are accidental, some are purposeful, and some of them are due to human error. The most
common security threats are an electronic payments system, e-cash, data misuse,
credit/debit card frauds, etc.

Electronic payments system:

With the rapid development of the computer, mobile, and network technology, e-commerce
has become a routine part of human life. In e-commerce, the customer can order products
at home and save time for doing other things. There is no need of visiting a store or a shop.
The customer can select different stores on the Internet in a very short time and compare
the products with different characteristics such as price, colour, and quality.

The electronic payment systems have a very important role in e-commerce. E-commerce
organizations use electronic payment systems that refer to paperless monetary
transactions. It revolutionized the business processing by reducing paperwork, transaction
costs, and labour cost. E-commerce processing is user-friendly and less time consuming
than manual processing. Electronic commerce helps a business organization expand its
market reach expansion. There is a certain risk with the electronic payments system.
Some of them are:

The Risk of Fraud

An electronic payment system has a huge risk of fraud. The computing devices use an
identity of the person for authorizing a payment such as passwords and security questions.
These authentications are not full proof in determining the identity of a person. If the
password and the answers to the security questions are matched, the system doesn't care
who is on the other side. If someone has access to our password or the answers to our
security question, he will gain access to our money and can steal it from us.

The Risk of Tax Evasion

The Internal Revenue Service law requires that every business declare their financial
transactions and provide paper records so that tax compliance can be verified. The problem
with electronic systems is that they don't provide cleanly into this paradigm. It makes the
process of tax collection very frustrating for the Internal Revenue Service. It is at the
business's choice to disclose payments received or made via electronic payment systems.
The IRS has no way to know that it is telling the truth or not that makes it easy to evade
taxation.

The Risk of Payment Conflicts

In electronic payment systems, the payments are handled by an automated electronic
system, not by humans. The system is prone to errors when it handles large amounts of
payments on a frequent basis with more than one recipients involved. It is essential to
continually check our pay slip after every pay period ends in order to ensure everything
makes sense. If it is a failure to do this, may result in conflicts of payment caused by
technical glitches and anomalies.

E-cash
E-cash is a paperless cash system which facilitates the transfer of funds anonymously. E-
cash is free to the user while the sellers have paid a fee for this. The e-cash fund can be
either stored on a card itself or in an account which is associated with the card. The most
common examples of e-cash system are transit card, PayPal, GooglePay, Paytm, etc.

E-cash has four major components-

1. Issuers - They can be banks or a non-bank institution.

2. Customers - They are the users who spend the e-cash.
3. Merchants or Traders - They are the vendors who receive e-cash.
4. Regulators - They are related to authorities or state tax agencies.

In e-cash, we stored financial information on the computer, electronic device or on the

internet which is vulnerable to the hackers. Some of the major threats related to e-cash
system are-
Backdoors Attacks
It is a type of attacks which gives an attacker to unauthorized access to a system by
bypasses the normal authentication mechanisms. It works in the background and hides
itself from the user that makes it difficult to detect and remove.

Denial of service attacks

A denial-of-service attack (DoS attack) is a security attack in which the attacker takes
action that prevents the legitimate (correct) users from accessing the electronic devices. It
makes a network resource unavailable to its intended users by temporarily disrupting
services of a host connected to the Internet.

Direct Access Attacks

Direct access attack is an attack in which an intruder gains physical access to the computer
to perform an unauthorized activity and installing various types of software to compromise
security. These types of software loaded with worms and download a huge amount of
sensitive data from the target victims.

Eavesdropping
This is an unauthorized way of listening to private communication over the network. It does
not interfere with the normal operations of the targeting system so that the sender and the
recipient of the messages are not aware that their conversation is tracking.

Credit/Debit card fraud

A credit card allows us to borrow money from a recipient bank to make purchases. The
issuer of the credit card has the condition that the cardholder will pay back the borrowed
money with an additional agreed-upon charge.

A debit card is of a plastic card which issued by the financial organization to account holder
who has a savings deposit account that can be used instead of cash to make purchases. The
debit card can be used only when the fund is available in the account.

Some of the important threats associated with the debit/credit card are-

ATM (Automated Teller Machine)-

It is the favourite place of the fraudster from there they can steal our card details. Some of
the important techniques which the criminals opt for getting hold of our card information is:

Skimming-
It is the process of attaching a data-skimming device in the card reader of the ATM. When
the customer swipes their card in the ATM card reader, the information is copied from the
magnetic strip to the device. By doing this, the criminals get to know the details of the Card
number, name, CVV number, expiry date of the card and other details.

Unwanted Presence-

It is a rule that not more than one user should use the ATM at a time. If we find more than
one people lurking around together, the intention behind this is to overlook our card details
while we were making our transaction.

Vishing/Phishing

Phishing is an activity in which an intruder obtained the sensitive information of a user such
as password, usernames, and credit card details, often for malicious reasons, etc.

Vishing is an activity in which an intruder obtained the sensitive information of a user via
sending SMS on mobiles. These SMS and Call appears to be from a reliable source, but in
real they are fake. The main objective of vishing and phishing is to get the customer's PIN,
account details, and passwords.

Online Transaction

Online transaction can be made by the customer to do shopping and pay their bills over the
internet. It is as easy as for the customer, also easy for the customer to hack into our
system and steal our sensitive information. Some important ways to steal our confidential
information during an online transaction are-

o By downloading software which scans our keystroke and steals our password and
card details.
o By redirecting a customer to a fake website which looks like original and steals our
sensitive information.
o By using public Wi-Fi

POS Theft

It is commonly done at merchant stores at the time of POS transaction. In this, the
salesperson takes the customer card for processing payment and illegally copies the card
details for later use.

Security Policies
Security policies are a formal set of rules which is issued by an organization to ensure that
the user who are authorized to access company technology and information assets comply
with rules and guidelines related to the security of information. It is a written document in
the organization which is responsible for how to protect the organizations from threats and
how to handles them when they will occur. A security policy also considered to be a "living
document" which means that the document is never finished, but it is continuously updated
as requirements of the technology and employee changes.

Need of Security policies-

1) It increases efficiency.
The best thing about having a policy is being able to increase the level of consistency which
saves time, money and resources. The policy should inform the employees about their
individual duties, and telling them what they can do and what they cannot do with the
organization sensitive information.

2) It upholds discipline and accountability

When any human mistake will occur, and system security is compromised, then the security
policy of the organization will back up any disciplinary action and also supporting a case in a
court of law. The organization policies act as a contract which proves that an organization
has taken steps to protect its intellectual property, as well as its customers and clients.

3) It can make or break a business deal

It is not necessary for companies to provide a copy of their information security policy to
other vendors during a business deal that involves the transference of their sensitive
information. It is true in a case of bigger businesses which ensures their own security
interests are protected when dealing with smaller businesses which have less high-end
security systems in place.

4) It helps to educate employees on security literacy

A well-written security policy can also be seen as an educational document which informs
the readers about their importance of responsibility in protecting the organization sensitive
data. It involves on choosing the right passwords, to providing guidelines for file transfers
and data storage which increases employee's overall awareness of security and how it can
be strengthened.

We use security policies to manage our network security. Most types of security policies are
automatically created during the installation. We can also customize policies to suit our
specific environment. There are some important cybersecurity policies recommendations
describe below-

1. Virus and Spyware Protection policy

This policy provides the following protection:

o It helps to detect, removes, and repairs the side effects of viruses and security risks
by using signatures.
 o It helps to detect the threats in the files which the users try to download by using
reputation data from Download Insight.
o It helps to detect the applications that exhibit suspicious behaviour by using SONAR
heuristics and reputation data.

2. Firewall Policy

This policy provides the following protection:

o It blocks the unauthorized users from accessing the systems and networks that
connect to the Internet.
o It detects the attacks by cybercriminals.
o It removes the unwanted sources of network traffic.

3. Intrusion Prevention policy

This policy automatically detects and blocks the network attacks and browser attacks. It
also protects applications from vulnerabilities. It checks the contents of one or more data
packages and detects malware which is coming through legal ways.

4. LiveUpdate policy

This policy can be categorized into two types one is LiveUpdate Content policy, and another
is LiveUpdate Setting Policy. The LiveUpdate policy contains the setting which determines
when and how client computers download the content updates from LiveUpdate. We can
define the computer that clients contact to check for updates and schedule when and how
often clients computer check for updates.

5. Application and Device Control

This policy protects a system's resources from applications and manages the peripheral
devices that can attach to a system. The device control policy applies to both Windows and
Mac computers whereas application control policy can be applied only to Windows clients.

6. Exceptions policy

This policy provides the ability to exclude applications and processes from detection by the
virus and spyware scans.

7. Host Integrity policy

This policy provides the ability to define, enforce, and restore the security of client
computers to keep enterprise networks and data secure. We use this policy to ensure that
the client's computers who access our network are protected and compliant with
companies? securities policies. This policy requires that the client system must have
installed antivirus.
Security Standards
To make cybersecurity measures explicit, the written norms are required. These norms are
known as cybersecurity standards: the generic sets of prescriptions for an ideal execution of
certain measures. The standards may involve methods, guidelines, reference frameworks,
etc. It ensures efficiency of security, facilitates integration and interoperability, enables
meaningful comparison of measures, reduces complexity, and provide the structure for new
developments.

A security standard is "a published specification that establishes a common language, and
contains a technical specification or other precise criteria and is designed to be used
consistently, as a rule, a guideline, or a definition." The goal of security standards is to
improve the security of information technology (IT) systems, networks, and critical
infrastructures. The Well-Written cybersecurity standards enable consistency among product
developers and serve as a reliable standard for purchasing security products.

Security standards are generally provided for all organizations regardless of their size or the
industry and sector in which they operate. This section includes information about each
standard that is usually recognized as an essential component of any cybersecurity strategy.

1. ISO
ISO stands for International Organization for Standardization. International Standards make
things to work. These standards provide a world-class specification for products, services
and computers, to ensure quality, safety and efficiency. They are instrumental in facilitating
international trade.

ISO standard is officially established On 23 February 1947. It is an independent, non-

governmental international organization. Today, it has a membership of 162 national
standards bodies and 784 technical committees and subcommittees to take care of
standards development. ISO has published over 22336 International Standards and its
related documents which covers almost every industry, from information technology, to
food safety, to agriculture and healthcare.

ISO 27000 Series

It is the family of information security standards which is developed by the International
Organization for Standardization and the International Electrotechnical Commission to
provide a globally recognized framework for best information security management. It helps
the organization to keep their information assets secure such as employee details, financial
information, and intellectual property.

The need of ISO 27000 series arises because of the risk of cyber-attacks which the
organization face. The cyber-attacks are growing day by day making hackers a constant
threat to any industry that uses technology.

The ISO 27000 series can be categorized into many types. They are-
ISO 27001- This standard allows us to prove the clients and stakeholders of any
organization to managing the best security of their confidential data and information. This
standard involves a process-based approach for establishing, implementing, operating,
monitoring, maintaining, and improving our ISMS.

ISO 27000- This standard provides an explanation of terminologies used in ISO 27001.

ISO 27002- This standard provides guidelines for organizational information security
standards and information security management practices. It includes the selection,
implementation, operating and management of controls taking into consideration the
organization's information security risk environment(s).

ISO 27005- This standard supports the general concepts specified in 27001. It is designed
to provide the guidelines for implementation of information security based on a risk
management approach. To completely understand the ISO/IEC 27005, the knowledge of the
concepts, models, processes, and terminologies described in ISO/IEC 27001 and ISO/IEC
27002 is required. This standard is capable for all kind of organizations such as non-
government organization, government agencies, and commercial enterprises.

ISO 27032- It is the international Standard which focuses explicitly on cybersecurity. This
Standard includes guidelines for protecting the information beyond the borders of an
organization such as in collaborations, partnerships or other information sharing
arrangements with clients and suppliers.

2. IT Act
The Information Technology Act also known as ITA-2000, or the IT Act main aims is to
provide the legal infrastructure in India which deal with cybercrime and e-commerce. The IT
Act is based on the United Nations Model Law on E-Commerce 1996 recommended by the
General Assembly of United Nations. This act is also used to check misuse of cyber network
and computer in India. It was officially passed in 2000 and amended in 2008. It has been
designed to give the boost to Electronic commerce, e-transactions and related activities
associated with commerce and trade. It also facilitate electronic governance by means of
reliable electronic records.

IT Act 2000 has 13 chapters, 94 sections and 4 schedules. The first 14 sections concerning
digital signatures and other sections deal with the certifying authorities who are licenced to
issue digital signature certificates, sections 43 to 47 provides penalties and compensation,
section 48 to 64 deal with appeal to high court, sections 65 to 79 deal with offences, and
the remaining section 80 to 94 deal with miscellaneous of the act.

3. Copyright Act
The Copyright Act 1957 amended by the Copyright Amendment Act 2012 governs the
subject of copyright law in India. This Act is applicable from 21 January 1958. Copyright is a
legal term which describes the ownership of control of the rights to the authors of "original
works of authorship" that are fixed in a tangible form of expression. An original work of
authorship is a distribution of certain works of creative expression including books, video,
movies, music, and computer programs. The copyright law has been enacted to balance the
use and reuse of creative works against the desire of the creators of art, literature, music
and monetize their work by controlling who can make and sell copies of the work.

The copyright act covers the following-

o Rights of copyright owners

o Works eligible for protection
o Duration of copyright
o Who can claim copyright

The copyright act does not covers the following-

o Ideas, procedures, methods, processes, concepts, systems, principles, or discoveries

o Works that are not fixed in a tangible form (such as a choreographic work that has
not been notated or recorded or an improvisational speech that has not been written
down)
o Familiar symbols or designs
o Titles, names, short phrases, and slogans
o Mere variations of typographic ornamentation, lettering, or coloring

4. Patent Law
Patent law is a law that deals with new inventions. Traditional patent law protect tangible
scientific inventions, such as circuit boards, heating coils, car engines, or zippers. As time
increases patent law have been used to protect a broader variety of inventions such as
business practices, coding algorithms, or genetically modified organisms. It is the right to
exclude others from making, using, selling, importing, inducing others to infringe, and
offering a product specially adapted for practice of the patent.

In general, a patent is a right that can be granted if an invention is:

o Not a natural object or process

o New
o Useful
o Not obvious.
5. IPR
Intellectual property rights is a right that allow creators, or owners of patents, trademarks
or copyrighted works to benefit from their own plans, ideas, or other intangible assets or
investment in a creation. These IPR rights are outlined in the Article 27 of the Universal
Declaration of Human Rights. It provides for the right to benefit from the protection of
moral and material interests resulting from authorship of scientific, literary or artistic
productions. These property rights allow the holder to exercise a monopoly on the use of
the item for a specified period.

Digital Signature
A digital signature is a mathematical technique which validates the authenticity and integrity
of a message, software or digital documents. It allows us to verify the author name, date
and time of signatures, and authenticate the message contents. The digital signature offers
far more inherent security and intended to solve the problem of tampering and
impersonation (Intentionally copy another person's characteristics) in digital
communications.

The computer-based business information authentication interrelates both technology and

the law. It also calls for cooperation between the people of different professional
backgrounds and areas of expertise. The digital signatures are different from other
electronic signatures not only in terms of process and result, but also it makes digital
signatures more serviceable for legal purposes. Some electronic signatures that legally
recognizable as signatures may not be secure as digital signatures and may lead to
uncertainty and disputes.

Application of Digital Signature

The important reason to implement digital signature to communication is:

o Authentication
o Non-repudiation
o Integrity

Authentication
Authentication is a process which verifies the identity of a user who wants to access the
system. In the digital signature, authentication helps to authenticate the sources of
messages.

Non-repudiation
Non-repudiation means assurance of something that cannot be denied. It ensures that
someone to a contract or communication cannot later deny the authenticity of their
signature on a document or in a file or the sending of a message that they originated.
Integrity
Integrity ensures that the message is real, accurate and safeguards from unauthorized user
modification during the transmission.

Algorithms in Digital Signature

A digital signature consists of three algorithms:

1. Key generation algorithm

The key generation algorithm selects private key randomly from a set of possible private
keys. This algorithm provides the private key and its corresponding public key.

2. Signing algorithm

A signing algorithm produces a signature for the document.

3. Signature verifying algorithm

A signature verifying algorithm either accepts or rejects the document's authenticity.

How digital signatures work

Digital signatures are created and verified by using public key cryptography, also known as
asymmetric cryptography. By the use of a public key algorithm, such as RSA, one can
generate two keys that are mathematically linked- one is a private key, and another is a
public key.

The user who is creating the digital signature uses their own private key to encrypt the
signature-related document. There is only one way to decrypt that document is with the use
of signer's public key.

This technology requires all the parties to trust that the individual who creates the signature
has been able to keep their private key secret. If someone has access the signer's private
key, there is a possibility that they could create fraudulent signatures in the name of the
private key holder.

The steps which are followed in creating a digital signature are:

1. Select a file to be digitally signed.

2. The hash value of the message or file content is calculated. This message or file
content is encrypted by using a private key of a sender to form the digital signature.
3. Now, the original message or file content along with the digital signature is
transmitted.
4. The receiver decrypts the digital signature by using a public key of a sender.
 5. The receiver now has the message or file content and can compute it.
6. Comparing these computed message or file content with the original computed
message. The comparison needs to be the same for ensuring integrity.

Types of Digital Signature

Different document processing platform supports different types of digital signature. They
are described below:

Certified Signatures
The certified digital signature documents display a unique blue ribbon across the top of the
document. The certified signature contains the name of the document signer and the
certificate issuer which indicate the authorship and authenticity of the document.

Approval Signatures
The approval digital signatures on a document can be used in the organization's business
workflow. They help to optimize the organization's approval procedure. The procedure
involves capturing approvals made by us and other individuals and embedding them within
the PDF document. The approval signatures to include details such as an image of our
physical signature, location, date, and official seal.

Visible Digital Signature

The visible digital signature allows a user to sign a single document digitally. This signature
appears on a document in the same way as signatures are signed on a physical document.

Invisible Digital Signature

The invisible digital signatures carry a visual indication of a blue ribbon within a document in
the taskbar. We can use invisible digital signatures when we do not have or do not want to
display our signature but need to provide the authenticity of the document, its integrity, and
its origin.

Cyber Security Tools

Protecting our IT environment is very critical. Every organization needs to take
cybersecurity very seriously. There are numbers of hacking attacks which affecting
businesses of all sizes. Hackers, malware, viruses are some of the real security threats in
the virtual world. It is essential that every company is aware of the dangerous security
attacks and it is necessary to keep themselves secure. There are many different aspects of
the cyber defence may need to be considered. Here are six essential tools and services that
every organization needs to consider to ensure their cybersecurity is as strong as possible.
They are described below:

1. Firewalls
As we know, the firewall is the core of security tools, and it becomes one of the most
important security tools. Its job is to prevent unauthorized access to or from a private
network. It can be implemented as hardware, software, or a combination of both. The
firewalls are used to prevent unauthorized internet users from accessing private networks
connected to the Internet. All messages are entering or leaving the intranet pass through
the firewall. The firewall examines each message and blocks those messages that do not
meet the specified security criteria.

The Firewall is very useful, but it has limitations also. A skilled hacker knew how to create
data and programs that are believing like trusted firewalls. It means that we can pass the
program through the firewall without any problems. Despite these limitations, firewalls are
still very useful in the protection of less sophisticated malicious attacks on our system.

2. Antivirus Software
Antivirus software is a program which is designed to prevent, detect, and remove viruses
and other malware attacks on the individual computer, networks, and IT systems. It also
protects our computers and networks from the variety of threats and viruses such as Trojan
horses, worms, keyloggers, browser hijackers, rootkits, spyware, botnets, adware, and
ransomware. Most antivirus program comes with an auto-update feature and enabling the
system to check for new viruses and threats regularly. It provides some additional services
such as scanning emails to ensure that they are free from malicious attachments and web
links.

3. PKI Services
PKI stands for Public Key Infrastructure. This tool supports the distribution and identification
of public encryption keys. It enables users and computer systems to securely exchange data
over the internet and verify the identity of the other party. We can also exchange sensitive
information without PKI, but in that case, there would be no assurance of the authentication
of the other party.

People associate PKI with SSL or TLS. It is the technology which encrypts the server
communication and is responsible for HTTPS and padlock that we can see in our browser
address bar. PKI solve many numbers of cybersecurity problems and deserves a place in the
organization security suite.

PKI can also be used to:

o Enable Multi-Factor Authentication and access control

o Create compliant, Trusted Digital Signatures.
 o Encrypt email communications and authenticate the sender's identity.
o Digitally sign and protect the code.
o Build identity and trust into IoT ecosystems.

4. Managed Detection and Response Service (MDR)

Today's cybercriminals and hackers used more advanced techniques and software to breach
organization security So, there is a necessity for every businesses to be used more powerful
forms of defences of cybersecurity. MDR is an advanced security service that provides
threat hunting, threat intelligence, security monitoring, incident analysis, and incident
response. It is a service that arises from the need for organizations (who has a lack of
resources) to be more aware of risks and improve their ability to detect and respond to
threats. MDR also uses Artificial Intelligence and machine learning to investigate, auto
detect threats, and orchestrate response for faster result.

The managed detection and response has the following characteristics:

o Managed detection and response is focused on threat detection, rather than

compliance.
o MDR relies heavily on security event management and advanced analytics.
o While some automation is used, MDR also involves humans to monitor our network.
o MDR service providers also perform incident validation and remote response.

5. Penetration Testing
Penetration testing, or pen-test, is an important way to evaluate our business's security
systems and security of an IT infrastructure by safely trying to exploit vulnerabilities. These
vulnerabilities exist in operating systems, services and application, improper configurations
or risky end-user behavior. In Penetration testing, cybersecurity professionals will use the
same techniques and processes utilized by criminal hackers to check for potential threats
and areas of weakness.

A pen test attempts the kind of attack a business might face from criminal hackers such as
password cracking, code injection, and phishing. It involves a simulated real-world attack on
a network or application. This tests can be performed by using manual or automated
technologies to systematically evaluate servers, web applications, network devices,
endpoints, wireless networks, mobile devices and other potential points of vulnerabilities.
Once the pen test has successfully taken place, the testers will present us with their findings
threats and can help by recommending potential changes to our system.

6. Staff Training
Staff training is not a 'cybersecurity tool' but ultimately, having knowledgeable employees
who understand the cybersecurity which is one of the strongest forms of defence against
cyber-attacks. Today's many training tools available that can educate company's staff about
the best cybersecurity practices. Every business can organize these training tools to educate
their employee who can understand their role in cybersecurity.

We know that cyber-criminals continue to expand their techniques and level of

sophistication to breach businesses security, it has made it essential for organizations to
invest in these training tools and services. Failing to do this, they can leave the organization
in a position where hackers would be easily targeted their security system. So, the expense
of the investment on these training tools might put a reward for the business organization
with long-term security and protection.

Cyber Security Challenges

Today cybersecurity is the main component of the country's overall national security and
economic security strategies. In India, there are so many challenges related to
cybersecurity. With the increase of the cyber-attacks, every organization needs a security
analyst who makes sure that their system is secured. These security analysts face many
challenges related to cybersecurity such as securing confidential data of government
organizations, securing the private organization servers, etc.

The recent important cybersecurity challenges are described below:

1. Ransomware Evolution
Ransomware is a type of malware in which the data on a victim's computer is locked, and
payment is demanded before the ransomed data is unlocked. After successful payment,
access rights returned to the victim. Ransomware is the bane of cybersecurity, data
professionals, IT, and executives.

Ransomware attacks are growing day by day in the areas of cybercrime. IT professionals
and business leaders need to have a powerful recovery strategy against the malware
attacks to protect their organization. It involves proper planning to recover corporate and
customers' data and application as well as reporting any breaches against the Notifiable
Data Breaches scheme. Today's DRaaS solutions are the best defence against the
ransomware attacks. With DRaaS solutions method, we can automatically back up our files,
easily identify which backup is clean, and launch a fail-over with the press of a button when
malicious attacks corrupt our data.

2. Blockchain Revolution
Blockchain technology is the most important invention in computing era. It is the first time
in human history that we have a genuinely native digital medium for peer-to-peer value
exchange. The blockchain is a technology that enables cryptocurrencies like Bitcoin. The
blockchain is a vast global platform that allows two or more parties to do a transaction or do
business without needing a third party for establishing trust.
It is difficult to predict what blockchain systems will offer in regards to cybersecurity. The
professionals in cybersecurity can make some educated guesses regarding blockchain. As
the application and utility of blockchain in a cybersecurity context emerges, there will be a
healthy tension but also complementary integrations with traditional, proven, cybersecurity
approaches.

3. IoT Threats
IoT stands for Internet of Things. It is a system of interrelated physical devices which can
be accessible through the internet. The connected physical devices have a unique identifier
(UID) and have the ability to transfer data over a network without any requirements of the
human-to-human or human-to-computer interaction. The firmware and software which is
running on IoT devices make consumer and businesses highly susceptible to cyber-attacks.

When IoT things were designed, it is not considered in mind about the used in cybersecurity
and for commercial purposes. So every organization needs to work with cybersecurity
professionals to ensure the security of their password policies, session handling, user
verification, multifactor authentication, and security protocols to help in managing the risk.

4. AI Expansion
AI short form is Artificial intelligence. According to John McCarthy, father of Artificial
Intelligence defined AI: "The science and engineering of making intelligent machines,
especially intelligent computer programs."

It is an area of computer science which is the creation of intelligent machines that do work
and react like humans. Some of the activities related to artificial intelligence include speech
recognition, Learning, Planning, Problem-solving, etc. The key benefits with AI into our
cybersecurity strategy has the ability to protect and defend an environment when the
malicious attack begins, thus mitigating the impact. AI take immediate action against the
malicious attacks at a moment when a threats impact a business. IT business leaders and
cybersecurity strategy teams consider AI as a future protective control that will allow our
business to stay ahead of the cybersecurity technology curve.

5. Serverless Apps Vulnerability

Serverless architecture and apps is an application which depends on third-party cloud
infrastructure or on a back-end service such as google cloud function, Amazon web services
(AWS) lambda, etc. The serverless apps invite the cyber attackers to spread threats on their
system easily because the users access the application locally or off-server on their device.
Therefore it is the user responsibility for the security precautions while using serverless
application.

The serverless apps do nothing to keep the attackers away from our data. The serverless
application doesn't help if an attacker gains access to our data through a vulnerability such
as leaked credentials, a compromised insider or by any other means then serverless.

We can run software with the application which provides best chance to defeat the
cybercriminals. The serverless applications are typically small in size. It helps developers to
launch their applications quickly and easily. They don't need to worry about the underlying
infrastructure. The web-services and data processing tools are examples of the most
common serverless apps.

Cyber Security Risk Analysis

Risk analysis refers to the review of risks associated with the particular action or event. The
risk analysis is applied to information technology, projects, security issues and any other
event where risks may be analysed based on a quantitative and qualitative basis. Risks are
part of every IT project and business organizations. The analysis of risk should be occurred
on a regular basis and be updated to identify new potential threats. The strategic risk
analysis helps to minimize the future risk probability and damage.

Enterprise and organization used risk analysis:

o To anticipates and reduce the effect of harmful results occurred from adverse events.
o To plan for technology or equipment failure or loss from adverse events, both natural
and human-caused.
o To evaluate whether the potential risks of a project are balanced in the decision
process when evaluating to move forward with the project.
o To identify the impact of and prepare for changes in the enterprise environment.

Benefits of risk analysis

Every organization needs to understand about the risks associated with their information
systems to effectively and efficiently protect their IT assets. Risk analysis can help an
organization to improve their security in many ways. These are:

o Concerning financial and organizational impacts, it identifies, rate and compares the
overall impact of risks related to the organization.
o It helps to identify gaps in information security and determine the next steps to
eliminate the risks of security.
o It can also enhance the communication and decision-making processes related to
information security.
o It improves security policies and procedures as well as develop cost-effective
methods for implementing information security policies and procedures.
o It increases employee awareness about risks and security measures during the risk
analysis process and understands the financial impacts of potential security risks.

Steps in the risk analysis process

The basic steps followed by a risk analysis process are:
Conduct a risk assessment survey:

Getting the input from management and department heads is critical to the risk assessment
process. The risk assessment survey refers to begin documenting the specific risks or
threats within each department.

Identify the risks:

This step is used to evaluate an IT system or other aspects of an organization to identify the
risk related to software, hardware, data, and IT employees. It identifies the possible
adverse events that could occur in an organization such as human error, flooding, fire, or
earthquakes.

Analyse the risks:

Once the risks are evaluated and identified, the risk analysis process should analyse each
risk that will occur, as well as determine the consequences linked with each risk. It also
determines how they might affect the objectives of an IT project.

Develop a risk management plan:

After analysis of the Risk that provides an idea about which assets are valuable and which
threats will probably affect the IT assets negatively, we would develop a plan for risk
management to produce control recommendations that can be used to mitigate, transfer,
accept or avoid the risk.

Implement the risk management plan:

The primary goal of this step is to implement the measures to remove or reduce the
analyses risks. We can remove or reduce the risk from starting with the highest priority and
resolve or at least mitigate each risk so that it is no longer a threat.

Monitor the risks:

This step is responsible for monitoring the security risk on a regular basis for identifying,
treating and managing risks that should be an essential part of any risk analysis process.

Types of Risk Analysis

The essential number of distinct approaches related to risk analysis are:

Qualitative Risk Analysis

o The qualitative risk analysis process is a project management technique that
prioritizes risk on the project by assigning the probability and impact number.
 Probability is something a risk event will occur whereas impact is the significance of
the consequences of a risk event.
o The objective of qualitative risk analysis is to assess and evaluate the characteristics
of individually identified risk and then prioritize them based on the agreed-upon
characteristics.
o The assessing individual risk evaluates the probability that each risk will occur and
effect on the project objectives. The categorizing risks will help in filtering them out.
o Qualitative analysis is used to determine the risk exposure of the project by
multiplying the probability and impact.

Quantitative Risk Analysis

o The objectives of performing quantitative risk analysis process provide a numerical
estimate of the overall effect of risk on the project objectives.
o It is used to evaluate the likelihood of success in achieving the project objectives and
to estimate contingency reserve, usually applicable for time and cost.
o Quantitative analysis is not mandatory, especially for smaller projects. Quantitative
risk analysis helps in calculating estimates of overall project risk which is the main
focus.