Cyber security

Course Objectives:
 To familiarize with network security, network security threats,
security services, and counter measures.
 To be aware of computer security and Internet security.
 To study the defensive techniques against these attacks

 To familiarize with cyber forensics.

 To be aware of cyber crime related to mobile and laptop etc.
 To acquire knowledge relating to Cyberspace laws and Cyber crimes.
 To understand ethical laws of computer for different countries,
Offences under the Cyberspace and Internet in India.
 Course Outcomes:
At the end of this course the student will be able to

• The students will be able to understand cyber-attacks, types

of cybercrimes.
• Realize the importance of cyber security and various forms of
cyber attacks and countermeasures.
• Get familiar of cyber forensics.
• Cyber laws and also how to protect them self and ultimately
the entire Internet community from such attacks.
• The power of Central and State Government to make rules
under IT Act 2008.
 Units covered
• UNIT-I: Introduction to cyber Security
• UNIT-II: Cyber Forensics
• UNIT-III: Cybercrime: Mobile and Wireless Devices:
• UNIT-IV: Cyber Security: Organizational Implications
• UNIT-V: Privacy Issues
• UNIT-VI: Cyberspace and the Law &Miscellaneous
provisions of IT Act.
 Text books
• TEXT BOOKS:
• 1. Nina Godbole and Sunit Belpure, Cyber Security Understanding Cyber Crimes, Computer
Forensics and Legal Perspectives, Wiley
• B. B. Gupta, D. P. Agrawal, Haoxiang Wang, Computer and Cyber Security: Principles,
Algorithm, Applications, and Perspectives, CRC Press, ISBN 9780815371335, 2018.
•
•
REFERENCE BOOKS:
• Cyber Security Essentials, James Graham, Richard Howard and Ryan Otson, CRC Press.
• Introduction to Cyber Security, Chwan-Hwa(john) Wu,J. David Irwin, CRC Press T&F Group.
• 3. Debby Russell and Sr. G.T Gangemi, "Computer Security Basics (Paperback)”, 2ndEdition, O’
Reilly Media, 2006.
• 4. Wenbo Mao, “Modern Cryptography – Theory and Practice”, Pearson Education, New
Delhi, 2006.
• 5. Cyberspace and Cybersecurity, George Kostopoulos, Auerbach Publications, 2012.
• 6. Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of
Computer Crimes, Second Edition, Albert Marcella, Jr., Doug Menendez, Auerbach
Publications, 2007.
• 7. Cyber Laws and IT Protection, Harish Chander, PHI, 2013
Cyber security introduction:
• Cyber security is the most concerned and matter as cyber threats and attacks
overgrowing.
• Attackers are now using more sophisticated techniques to target the systems.
• Individuals and small scale businesses and large scale businesses all are being
impacted.
• So all these are understood the importance of cyber security and adopting all
possible measures to deal with cyber threats.
What is cyber security ?
“Cyber security is primarily about people and ,processes,technologies working
together to encompass the full range of threat reduction,vulnarability
reduction,etc.,”
OR
“Cyber security is body of technologies,processes to protect data
networks ,computers,programs and data from attack,damage unauthorized
access.”
 Vulnerability reduction
• The term cyber security vulnerability refers to any kind of exploitable
weak spot that threatens the cyber security of your organization.
• For instance, if your organization does not have lock on its front door,
this poses a security vulnerability since one can easily come in and steal
something like a printer.
• Similarly, if your organization does not have proper firewalls, an
intruder can easily find their way into your networks and steal
important data. Since the asset under threat is a digital one, not having
proper firewalls poses a cyber security vulnerability.
• A firewall is a network security tool that monitors incoming and
outgoing network traffic and determines whether to allow or block
definite traffic based on a defined collection of security rules.
• The primary purpose is to enable non-threatening traffic and avoid
malicious or unwanted data traffic for protecting the system from
viruses and attacks.
The term cyber security refers to techniques practices designed to
protect digital data.
Data is stored and transmitted or used on an information systems.

OR
 “Cyber security is the protection of internet –
connected systems,including hardware ,software and
data from attacks.
It is made up of two words cyber and security
 “cyber –systems,network,data”.
 “security-system security ,network security, data
security, application security.”
 Why is cyber security important?
• Cyber attacks can be extremely expensive for
businesses to endure.
• In addition to financial damage suffered by the
business, a data breach can also inflict untold
reputational damage.
• Cyber-attacks these days are becoming progressively
destructive. Cybercriminals are using sophisticated
ways to initiate cyber attacks.
• Regulations such as GDPR are forcing organizations
into taking better care of the personal data they hold.
 GDPR
• EU General Data Protection Regulation or GDPR, and
is aimed at guiding and regulating the way companies
across the world will handle their customers' personal
information and creating strengthened and unified
data protection for all individuals within the EU
• Because of the above reasons, cyber security has
become an important part of the business and the
focus now is on developing appropriate response
plans that minimize the damage in the event of a
cyber attack.
History of the GDPR
• The General Data Protection Regulation (GDPR) is
the toughest privacy and security law in the world.
• Though it was drafted and passed by the European
Union (EU), it imposes obligations onto
organizations anywhere, so long as they target or
collect data related to people in the EU.
• The regulation was put into effect on May 25,
2018. The GDPR will levy harsh fines against those
who violate its privacy and security standards,
with penalties reaching into the tens of millions of
euros.
 EU
• The right to privacy is part of the 1950
European Convention on Human Rights, which states,
“Everyone has the right to respect for his private and family
life, his home and his correspondence.”
• From this basis, the European Union has sought to ensure
the protection of this right through legislation.
• As technology progressed and the Internet was invented, the
EU recognized the need for modern protections.
• So in 1995 it passed the European Data Protection Directive,
establishing minimum data privacy and security standards,
upon which each member state based its own implementing
law.
 Fundamental Objectives of Cyber
security
• Confidentiality, integrity, and availability, also known
as the CIA triad, is a model designed to guide companies
and organizations to form their security policies.
• Technically, cyber security means protecting information
from unauthorized access, unauthorized modification,
and unauthorized deletion in order to
provide confidentiality, integrity, and availability.
• Let’s explore these components and some of the
information security measures which are designed to
assure the safety of each component.
The CIA Triad
 Confidentiality
• Confidentiality is about preventing the disclosure of data
to unauthorized parties.
• It also means trying to keep the identity of authorized
parties involved in sharing and holding data private and
anonymous.
• Standard measures to establish confidentiality include:
Data encryption
Two-factor authentication
Biometric verification
Security tokens
 Integrity

• Integrity refers to protecting information from being

modified by unauthorized parties.
• It is a requirement that information and programs are
changed only in a specified and authorized manner.
• Malicious Malware Software attacks a computer or
network in the form of viruses, worms, trojans, spyware,
adware or rootkits.
• Their mission is often targeted at accomplishing unlawful
tasks such as robbing protected data, deleting
confidential documents or add software without the
user consent.
• Standard measures to guarantee integrity
include:
• Cryptographic checksums
• Using file permissions
• Uninterrupted power supplies
• Data backups
 Availability
• The ability of a computer system to ensure that the authorized user has
used the file. Only the authorized system or user can use the information in
files.
• Standard measures to guarantee availability include:

 Backing up data to external drives

 Implementing firewalls Having backup power

supplies

 Data redundancy is a condition created within a database or data storage

technology in which the same piece of data is held in two separate places.
This can mean two different fields within a single database
 Types of Cyber Attacks
• A cyber-attack is an exploitation of computer
systems and networks.
• It uses malicious code to alter computer code,
logic or data and lead to cybercrime
• Cyber-attacks can be classified into the
following categories:
• 1) Web-based attacks 2) System-based attacks.
• Web-based attacks These are the attacks
which occur on a website or web applications.
Some of the important web-based attacks are
as follows
Web-based attacks :These are the attacks which
occur on a website or web applications.
Some of the important web-based attacks are as
follows:
1. Injection attacks
It is the attack in which some data will be
injected into a web application to manipulate the
application and fetch the required information.
Example- SQL Injection, code Injection, log
Injection, XML Injection etc.
 2. DNS Spoofing
• DNS Spoofing is a type of computer security
hacking.
• Whereby a data is introduced into a DNS
resolver's cache causing the name server to
return an incorrect IP address, diverting traffic to
the attackers computer or any other computer.
• The DNS spoofing attacks can go on for a long
period of time without being detected and can
cause serious security issues.
 3.Session Hijacking
• It is a security attack on a user session over a
protected network.
• Web applications create cookies to store the
state and user sessions.
• By stealing the cookies, an attacker can have
access to all of the user data.
 4. Phishing
• Phishing is a type of attack which attempts to
steal sensitive information like user login
credentials and credit card number.
• Several things can occur by clicking the link.
For example:
• The user is redirected to myuniversity.edurenewal.com, a bogus
page appearing exactly like the real renewal page, where both
new and existing passwords are requested. The attacker,
monitoring the page, hijacks the original password to gain
access to secured areas on the university network.
• The user is sent to the actual password renewal page. However,
while being redirected, a malicious script activates in the
background to hijack the user’s session cookie. This results in a
reflected XSS(cross-site scripting) attack, giving the privileged
access to the university network.
 5. Brute force
• It is a type of attack which uses a trial and
error method.
• This attack generates a large number of
guesses and validates them to obtain actual
data like user password and personal
identification number.
• This attack may be used by criminals to crack
encrypted data, or by security, analysts to test
an organization's network security.
 6. Denial of Service
• It is an attack which meant to make a server or network resource
unavailable to the users. I
• t accomplishes this by flooding the target with traffic or sending it
information that triggers a crash.
• It uses the single system and single internet connection to attack
a server.
• It can be classified into the following:
• Volume-based attacks- Its goal is to saturate the bandwidth of the
attacked site, and is measured in bit per second. Protocol attacks-
It consumes actual server resources, and is measured in a packet.
• Application layer attacks- Its goal is to crash the web server and is
measured in request per second.
 7. Dictionary attacks
• This type of attack stored the list of a
commonly used password and validated them
to get original password.
 8. URL Interpretation
• URL stands for Uniform Resource Locator. It is
the address of a resource, which can be a
specific webpage or a file, on the internet. It is
also known as web address when it is used
with http.
• It is a type of attack where we can change the
certain parts of a URL, and one can make a
web server to deliver web pages for which he
is not authorized to browse.
 9. File Inclusion attack
• It is a type of attack that allows an attacker to
access unauthorized or essential files which is
available on the web server or to execute
malicious files on the web server by making
use of the include functionality.
 10. Man in the middle attacks
• It is a type of attack that allows an attacker to
intercepts the connection between client and
server and acts as a bridge between them.
• Due to this, an attacker will be able to read,
insert and modify the data in the intercepted
connection.
 System-based attacks
• These are the attacks which are intended to compromise a
computer or a computer network. Some of the important
system-based attacks are as follows:
1. Virus: It is a type of malicious software program that
spread throughout the computer files without the
knowledge of a user.
2. It is a self-replicating malicious computer program that
replicates by inserting copies of itself into other computer
programs when executed.
3. It can also execute instructions that cause harm to the
system
 2. Worm
• It is a type of malware whose primary function
is to replicate itself to spread to uninfected
computers.
• It works same as the computer virus. Worms
often originate from email attachments that
appear to be from trusted senders.
 3. Trojan horse
• It is a malicious program that occurs
unexpected changes to computer setting and
unusual activity, even when the computer
should be idle.
• It misleads the user of its true intent. It
appears to be a normal application but when
opened/executed some malicious code will
run in the background.
 4. Backdoors
• It is a method that bypasses the normal
authentication process.
• A developer may create a backdoor so that an
application or operating system can be
accessed for troubleshooting or other
purposes.
 5. Bots
• A bot (short for "robot") is an automated
process that interacts with other network
services.
• Some bots program run automatically, while
others only execute commands when they
receive specific input.
• Common examples of bots program are the
crawler, chatroom bots, and malicious bots.
 7 layers of cyber security
• 1: Mission Critical Assets – This is the data you need to
protect
• 2: Data Security – Data security controls protect the
storage and transfer of data.
• 3: Application Security – Applications security controls
protect access to an application, an application’s access
to your mission critical assets, and the internal security
of the application.
• 4: Endpoint Security – Endpoint security controls protect
the connection between devices and the network.
• 5: Network Security – Network security controls protect an
organization’s network and prevent unauthorized access of the
network.
• 6: Perimeter Security – Perimeter security controls include
both the physical and digital security methodologies that
protect the business overall.
• 7: The Human Layer – Humans are the weakest link in any
cyber security posture. Human security controls include
phishing simulations and access management controls that
protect mission critical assets from a wide variety of human
threats, including cyber criminals, malicious insiders, and
negligent users.
• Cyber threats : are security incidents or circumstances
with the potential to have a negative outcome for
your network or other data management systems.
• Examples of common types of security threats include
phishing attacks that result in the installation of
malware that infects your data, failure of a staff
member to follow data protection protocols that
cause a data breach, or even a tornado that takes
down your company’s data headquarters, disrupting
access.
SECURITY VULNERABILITIES, THREATS AND
ATTACKS
• Vulnerabilities are the gaps or weaknesses in a
system that make threats possible and tempt
threat actors to exploit them.
Categories of vulnerabilities
• Corrupted (Loss of integrity)
• Leaky (Loss of confidentiality)
• Unavailable or very slow (Loss of availability)
• Threats: represent potential security harm to an
asset when vulnerabilities are exploited
 Computer criminals
• Computer criminals have access to enormous
amounts of hardware, software, and data.
• We say computer crime is any crime involving
a computer so,to protect ourselves, our
businesses, and our communities against
those who use computers maliciously.
 Attacks are threats that have been carried
out
• Active and Passive Attacks are security attacks.
• In Active attack, an attacker tries to modify the content of
the messages.
• Whereas in Passive attack, an attacker observes the
messages, copy them and may use them for malicious
purposes.
• Insider attack – An insider threat is a security risk that
originates from within the targeted organization.
• It typically involves a current or former employee or
business.
• Outsider attack– Initiated from outside the perimeter
 Motive of Attackers
• The categories of cyber-attackers enable us to
better understand the attackers' motivations
and the actions they take.
• operational cybersecurity risks arise from three types of actions
• i) inadvertent actions (generally by insiders) that are taken
without malicious or harmful intent.
• The definition of inadvertent is something unintentional or
careless. ... An example of inadvertent is someone accidentally
telling another person's secret.
• ii) deliberate actions (by insiders or outsiders) that are taken
intentionally and are meant to do harm
• iii) inaction (generally by insiders), such as a failure to act in a
given situation, either because of a lack of appropriate skills,
knowledge, guidance, or availability of the correct person to take
action .
 deliberate actions

• Political motivations: examples include destroying,

disrupting, or taking control of targets
• Economic motivations: examples include theft of
intellectual property or other economically valuable
assets (e.g., funds, credit card information), fraud,
blackmail.
• Socio-cultural motivations: it also include fun,
curiosity, and a desire for publicity or ego
gratification
 Active attack
an attacker tries to
modify the content of the
messages
Types of active attacks include:
1.Denial of service (DoS)
2.Distributed Denial of Service
(DDoS)
3.Session replay
4.Masquerade
5.Message modification
6.Trojans
• DOS: A Denial-of-Service (DoS) attack is an attack meant to
shut down a machine or network, making it inaccessible to its
intended users. DoS attacks accomplish this by flooding the
target with traffic, or sending it information that triggers a
crash.
• Masquerade:in this attack, the intruder pretends to be a
particular user of a system to gain access .A masquerade may
be attempted through the use of stolen login IDs and
passwords, through finding security gaps in programs or
through bypassing the authentication mechanism.
• Session replay: In this type of attack, a hacker steals an
authorized user’s log in information by stealing the session ID.
The intruder gains access and the ability to do anything the
authorized user can do on the website.
• Message modification: In this attack, an intruder alters packet
header addresses to direct a message to a different
destination or modify the data on a target machine
 DDOS
• The DDoS attack will send multiple requests to the
attacked web resource – with the aim of exceeding
the website's capacity to handle multiple requests…
and prevent the website from functioning correctly.
Passive attack
• Eavesdropping (tapping): the attacker simply listens
to messages exchanged by two entities. For the
attack to be useful, the traffic must not be
encrypted.
• Traffic analysis: is a method of monitoring
network availability and activity to identify
anomalies
• Collecting a real-time and historical record of
what's happening on your network. Detecting
malware such as ransomware activity.
• Software Attacks:
• Malicious code (sometimes called malware) is
a type of software designed to take over or
damage a computer user's operating system,
without the user's knowledge or approval.
• It can be very difficult to remove and very
damaging.
 .
• Common malware examples are listed
• 1.A virus is a program that attempts to damage a computer system
and replicate itself to other computer systems.
• A virus: Requires a host to replicate and usually attaches itself to a
host file or a hard drive sector.
• Replicates each time the host is used.
• Often focuses on destruction or corruption of data.
• Usually attaches to files with execution capabilities such
as .doc, .exe, and .bat extensions.
• Often distributes via e-mail. Many viruses can e-mail themselves to
everyone in your address book.
• Examples: Stoned, Michelangelo, Melissa, I Love You
• A worm is a self-replicating program that can
be designed to do any number of things, such
as delete files or send documents via e-mail. A
worm can negatively impact network traffic
just in the process of replicating itself.
• Is usually introduced into the system through
a vulnerability.
• Infects one system and spreads to other
systems on the network. Example: Code Red.
• A Trojan horse is a malicious program that is
disguised as legitimate software
• Cannot replicate itself.
• Often contains spying functions (such as a packet
sniffer) or backdoor functions that allow a computer
to be remotely controlled from the network.
• Often is hidden in useful software such as screen
savers or games.
• Example: Back Orifice, Net Bus, Whack-a-Mole
• A Logic Bomb is malware that lies dormant
until triggered. A logic bomb is a specific
example of an asynchronous attack.
• trigger activity may be a specific date and
time, the launching of a specific program, or
the processing of a specific type of activity.
• Logic bombs do not self-replicate
Hardware Attacks: Common hardware attacks include:
• Manufacturing backdoors, for malware or other
penetrative purposes; backdoors aren’t limited to
software and hardware, but they also affect
embedded radiofrequency identification (RFID)
chips and memory
• Hardware modification tampering
• Backdoor creation; the presence of hidden methods
for bypassing normal computer authentication
systems
 Spectrum of Cyber Attacks
• These attacks can be arranged into five
categories or levels that build upon one
another to form a spectrum:
• Network Denial
• Enterprise Denial
• Enterprise Manipulation
• Mission Denial
• Mission Manipulation
 LEVEL -1Network Denial
• A cyber attack that prevents a network from
communicating with external networks.
• The first level of attack is the most simple to
conduct, difficult to stop, and thus commonly
used.
• Level 1, Network Denial, targets only the
transmission of information, not the actual
information itself. These attacks may affect
only a part of the network.
• Examples. A simple example of Network
Denial is characterized by an attacker that logs
into a router at the border of an organization’s
network and stops it from transferring data.
• This example results in the blocking of all
traffic on a network and isolates the target
organization, temporarily preventing it from
transmitting any information in or out using
computer networks.
 LEVEL -2 Enterprise Denial
• A cyber attack that denies an organization’s users access to
their data
• cyber attack also disables an organization, but in a manner
that inhibits the daily activities of end-users.
• systems and applications users rely on to perform day-to-day
tasks. Examples of daily activities affected by level 2 attacks
include the ability to log into computers, send e-mail, and alter
documents.
• The most common example of a level 2 attack is ransom
malware, or “ransom ware,” currently in vogue with
cybercriminals. Ransom ware does not need to know anything
about an organization before executing its core objective
 LEVEL-3 Enterprise Manipulation
• A cyber attack that manipulates the decision-
making of an organization’s users without
being detected
• attacks must be performed in a manner that is
not predictable nor widespread throughout
the target organization.
 LEVEL-4 Mission Denial
• A cyber attack that specifically prevents the
operation of processes.
• The final two levels are essential to an
organization carrying out its core mission.
 LEVEL-5 Mission Manipulation
• A cyber attack that specifically manipulates
the systems or processes critical to an
organization’s mission without being detected
• Mission Manipulation allows for the repeated,
sustained disruption of the fundamental
mission of an organization.
• Taxonomy of the Attacks In order to organize all the
attacks for the work presented, several taxonomies
can be used.
• For the purpose our work, a short taxonomy was
used. In it, the attacks were classified by order and
by phase.
• The order classification was based on that type the
attack was.
• The phase classification was based in which part of
the sequence of event was the attack implemented.
• Reconaissance -was an attack in which the
attacker investigate, observes and examines
the target network in order to find out the
network’s configuration and if an encryption
scheme is used.
• Denial Phase Attacks : An attack in which the
attacker denies the use of the network to
single or multiple users in order to gain access
to such a network.
• These types of attacks are normally used to
either cause a break in the network.
• Exploitation Phase -attack in which the
attacker exploits vulnerabilities of the system,
system implementation or system
configuration to gain access to the information
transmitted thought the network.
 IP spoofing

• The data transmitted over the internet is first broken into

multiple packets, and those packets are transmitted
independently and reassembled at the end.
• Each packet has an IP (Internet Protocol) header that
contains information about the packet, including the
source IP address and the destination IP address.
• Internet Protocol (IP) spoofing is a type of malicious
attack where the threat actor hides the true source of IP
packets to make it difficult to know where they came
from. The attacker creates packets, changing the source
IP address to impersonate a different computer system.
• The spoofed packet's header field for the
source IP address contains an address that is
different from the actual source IP address.
• IP spoofing is a technique often used by
attackers to launch distributed denial of
service (DDoS) attacks and man-in-the-middle
attacks
 METHODS OF DEFENSE

• 1 . Encryption
• 2 . Software Controls
• 3 . Hardware Controls
• 4 . Overlapping Controls
• 5 . Periodic Review
 1 . Encryption
• Encryption provides secrecy for data .
Additionally , encryption can be used to
achieve integrity , since data that cannot be
read generally also cannot be changed .
Furthermore , encryption is important in
protocols .
 2 . Software Controls
• Program controls include the following kinds
of things:
. Development controls -a program is designed
coded , tested , and maintained.
 3 . Hardware Controls
• The term hardware security also refers to the
protection of physical systems from harm.
 4 . Overlapping Controls
• For example , security for a microcomputer
application may be provided by a combination
of controls on program access to the data , on
physical access to the microcomputer and
storage media , and even by file locking to
control access to the processing programs.
 5 . Periodic Review
• Few controls are permanently effective .
• Just when the security specialist finds a way to
secure assets against attacks , the opposition
doubles its efforts in an effort to defeat the
security mechanism .
• Thus , judging the effectiveness of a control is
an ongoing task .
 Security Models

• These models are used for maintaining goals of

security, i.e. Confidentiality, Integrity, and
Availability.
• In simple words, it deals with CIA
Triad maintenance. There are 3 main types of
Classic Security Models.
• 1.Bell-LaPadula
• 2.Biba
• 3.Clarke Wilson Security Model
• 1. Bell-LaPadula
• This Model was invented by Scientists David
Elliot Bell and Leonard .J. LaPadula.Thus this
model is called the Bell-LaPadula Model. This is
used to maintain the Confidentiality of Security.
• Here, the classification of Subjects(Users) and
Objects(Files) are organized in a non-
discretionary fashion, with respect to different
layers of secrecy.
• SIMPLE CONFIDENTIALITY RULE: Simple Confidentiality Rule states
that the Subject can only Read the files on the Same Layer of Secrecy
and the Lower Layer of Secrecy but not the Upper Layer of Secrecy,
due to which we call this rule as NO READ-UP
• STAR CONFIDENTIALITY RULE: Star Confidentiality Rule states that
the Subject can only Write the files on the Same Layer of Secrecy and
the Upper Layer of Secrecy but not the Lower Layer of Secrecy, due to
which we call this rule as NO WRITE-DOWN
• STRONG STAR CONFIDENTIALITY RULE: Strong Star Confidentiality
Rule is highly secured and strongest which states that
the Subject can Read and Write the files on the Same Layer of Secrecy
only and not the Upper Layer of Secrecy or the Lower Layer of
Secrecy, due to which we call this rule as NO READ WRITE UP DOWN
• 2. Biba
• This Model was invented by Scientist Kenneth .J. Biba.
Thus this model is called Biba Model. This is used to
maintain the Integrity of Security. Here, the classification
of Subjects(Users) and Objects(Files) are organized in a
non-discretionary fashion, with respect to different
layers of secrecy.
• This works the exact reverse of the Bell-LaPadula Model.
• SIMPLE INTEGRITY RULE: Simple Integrity Rule states that
the Subject can only Read the files on the Same Layer of
Secrecy and the Upper Layer of Secrecy but not the Lower
Layer of Secrecy, due to which we call this rule as NO READ
DOWN
• STAR INTEGRITY RULE: Star Integrity Rule states that
the Subject can only Write the files on the Same Layer of
Secrecy and the Lower Layer of Secrecy but not the Upper
Layer of Secrecy, due to which we call this rule as NO WRITE-
UP
• STRONG STAR INTEGRITY RULE
 3. Clarke Wilson Security Model

• SUBJECT: It is any user who is requesting for Data Items.

• CONSTRAINED DATA ITEMS: It cannot be accessed directly by the Subject.
These need to be accessed via Clarke Wilson Security Model
• UNCONSTRAINED DATA ITEMS: It can be accessed directly by the Subject.
• TRANSFORMATION PROCESS: Here,
the Subject’s request to access the Constrained Data
Items is handled by the Transformation process which
then converts it into permissions and then forwards it to
Integration Verification Process
• INTEGRATION VERIFICATION PROCESS: The Integration
Verification Process will
perform Authentication and Authorization. If that is
successful, then the Subject is given access to
Constrained Data Items.
 cyber risk management process

• Cyber risk management is the process of identifying,

analysing, evaluating and addressing your organisation’s
cyber security threats.
• The first part of any cyber risk management programme
is a cyber risk assessment. This will give you a snapshot
of the threats that might compromise your
organisation’s cyber security and how severe they are.
• Based on your organisation’s risk appetite, your cyber
risk management programme then determines how to
prioritise and respond to those risks.
• Identify the risks that might compromise your cyber
security. This usually involves identifying cyber
security vulnerabilities in your system and the
threats that might exploit them.
• Analyse the severity of each risk by assessing how
likely it is to occur, and how significant the impact
might be if it does.
• Evaluate how each risk fits within your risk appetite
(your predetermined level of acceptable risk).
• Prioritise the risks.
• Decide how to respond to each risk. There are generally four options:
– Treat – modify the likelihood and/or impact of the risk, typically by
implementing security controls.
– Tolerate – make an active decision to retain the risk (e.g. because it falls
within the established risk acceptance criteria).
– Terminate – avoid the risk entirely by ending or completely changing the
activity causing the risk.
– Transfer – share the risk with another party, usually by outsourcing or taking
out insurance.
• Since cyber risk management is a continual process, monitor your
risks to make sure they are still acceptable, review your controls to
make sure they are still fit for purpose, and make changes as required.
Remember that your risks are continually changing as the cyber
threat landscape evolves, and your systems and activities change.
• Cyber Threats-Cyber Warfare:Cyber warfare refers to the use
of digital attacks -- like computer viruses and hacking -- by one
country to disrupt the vital computer systems of another, with
the aim of creating damage, death and destruction.
• Future wars will see hackers using computer code to attack an
enemy's infrastructure, fighting alongside troops using
conventional weapons like guns and missiles.
• Cyber warfare involves the actions by a nation-state or
international organization to attack and attempt to damage
another nation's computers or information networks through,
for example, computer viruses or denial-of-service attacks.
• Cyber Crime:
• Cybercrime is criminal activity that either targets
or uses a computer, a computer network or a
networked device.Cybercrime is committed by
cybercriminals or hackers who want to make
money. Cybercrime is carried out by individuals
or organizations.
• Some cybercriminals are organized, use advanced
techniques and are highly technically skilled.
• Cyber terrorism is the convergence of cyberspace
and terrorism. It refers to unlawful attacks and
threats of attacks against computers, networks and
the information stored therein when done to
intimidate or coerce a government or its people in
furtherance of political or social objectives.
• Examples are hacking into computer systems,
introducing viruses to vulnerable networks, web site
defacing, Denial-of-service attacks, or terroristic
threats made via electronic communication.
• Cyber Espionage:
• Cyber spying, or cyber espionage, is the act or
practice of obtaining secrets and information without
the permission and knowledge of the holder of the
information from individuals, competitors, groups,
governments and enemies for personal, economic,
political or military advantage using methods on the
Internet.
• Globally, 30,000 websites are hacked daily.
• 64% of companies worldwide have experienced at least
one form of a cyber attack.
• There were 20M breached records in March 2021.
• In 2020, ransomware cases grew by 150%.
• Email is responsible for around 94% of all malware.
• Every 39 seconds, there is a new attack somewhere on
the web.
• An average of around 24,000 malicious mobile apps are
blocked daily on the internet.
• Security Policies:
• Security policies are a formal set of rules which is issued
by an organization to ensure that the user who are
authorized to access company technology and
information assets comply with rules and guidelines
related to the security of information.
• A security policy also considered to be a "living
document" which means that the document is never
finished, but it is continuously updated as requirements
of the technology and employee changes.
• Need of Security policies-
• 1) It increases efficiency.
• 2) It upholds discipline and accountability
• 3) It can make or break a business deal
• 4) It helps to educate employees on security
literacy
 There are some important cyber security
policies
• Virus and Spyware Protection policy:
• It helps to detect threads in files, to detect
applications that exhibits suspicious behavior.
• Removes, and repairs the side effects of
viruses and security risks by using signatures.
• Firewall Policy:
• It blocks the unauthorized users from
accessing the systems and networks that
connect to the Internet.
• It detects the attacks by cybercriminals and
removes the unwanted sources of network
traffic
• Intrusion Prevention policy:
• This policy automatically detects and blocks
the network attacks and browser attacks.
• It also protects applications from
vulnerabilities and checks the contents of one
or more data packages and detects malware
which is coming through legal ways.
• Application and Device Control:
• This policy protects a system's resources from
applications and manages the peripheral
devices that can attach to a system.
• The device control policy applies to both
Windows and Mac computers whereas
application control policy can be applied only
to Windows clients.