Module 1

CYBERSECURITY
The technique of protecting internet-connected systems such as computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks is known as cybersecurity. We can divide
cybersecurity into two parts one is cyber, and the other is security. Cyber refers to the technology that
includes systems, networks, programs, and data.

Types of Cyber Security

Network Security: It involves implementing the hardware and software to secure a computer network from
unauthorized access, intruders, attacks, disruption, and misuse. This security helps an organization to protect its
assets against external and internal threats.

Application Security: It involves protecting the software and devices from unwanted threats. This protection
can be done by constantly updating the apps to ensure they are secure from attacks.
Information or Data Security: It involves implementing a strong data storage mechanism to maintain the
integrity and privacy of data, both in storage and in transit.
Identity management: It deals with the procedure for determining the level of access that each individual
has within an organization.
Operational Security: It involves processing and making decisions on handling and securing data assets.
Mobile Security: It involves securing the organizational and personal data stored on mobile devices such as
cell phones, computers, tablets, and other similar devices against various malicious threats. These threats are
unauthorized access, device loss or theft, malware, etc.
Cloud Security: It involves in protecting the information stored in the digital environment or cloud
architectures for the organization.
Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring, alerts, and plans to
how an organization responds when any malicious activity is causing the loss of operations or data. Its policies
dictate resuming the lost operations after any disaster happens to the same operating capacity as before the
event.

Cyber Security Goals

Cyber Security's main objective is to ensure data protection. The security community provides a triangle of three
related principles to protect the data from cyber-attacks. This principle is called the CIA triad. The CIA model is
designed to guide policies for an organization's information security infrastructure. When any security breaches
are found, one or more of these principles has been violated.
Confidentiality

Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves ensuring the
data is accessible by those who are allowed to use it and blocking access to others. It prevents essential
information from reaching the wrong people. Data encryption is an excellent example of ensuring
confidentiality. User IDs and passwords constitute a standard procedure; two-factor authentication (2FA) is
becoming the norm. Other options include Biometric verification and security tokens,
Integrity

This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized modification by
threat actors or accidental user modification. If any modifications occur, certain measures should be taken to
protect the sensitive data from corruption or loss and speedily recover from such an event. In addition, it
indicates to make the source of information genuine.
Data might include checksums, even cryptographic checksums, for verification of integrity. Backups or
redundancies must be available to restore the affected data to its correct state. Furthermore, digital signatures
can be used to provide effective nonrepudiation measures,
Availability

This principle makes the information to be available and useful for its authorized people always. It ensures
that these accesses are not hindered by system malfunction or cyber-attacks.
This is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when
needed and maintaining a properly functioning operating system (OS) environment that is free of software
conflicts. It's also important to keep current with all necessary system upgrades.
Cyberspace

Cyberspace refers to the virtual computer world, and more specifically, an electronic medium that is used to facilitate
online communication. Cyberspace typically involves a large computer network made up of many worldwide computer
subnetworks that employ TCP/IP protocol to aid in communication and data exchange activities.
TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of communication protocols used to
interconnect network devices on the internet. TCP/IP is also used as a communications protocol in a private computer
network (an intranet or extranet).

Web Technology
Web Technology refers to the various tools and techniques that are utilized in the process of communication
between different types of devices over the Internet. A web browser is used to access web pages. Web
browsers can be defined as programs that display text, data, pictures, animation, and video on the Internet.

Web Technology can be classified into the following sections:

World Wide Web (WWW): The World Wide Web is based on several different technologies: Web
browsers, Hypertext Markup Language (HTML), and Hypertext Transfer Protocol (HTTP).

Web Browser: The web browser is an application software to explore www (World Wide Web). It
provides an interface between the server and the client and requests to the server for web documents
and services.

Web Server: Web server is a program which processes the network requests of the users and serves
them with files that create web pages. This exchange takes place using Hypertext Transfer Protocol
(HTTP).
HTML: It's a language that helps structure and show content on web pages

CSS: It helps make web pages look pretty by adding colors, fonts, and styles

JavaScript: It's a language that makes web pages do cool stuff like animations and interactive features

Backend Technologies: They are the tools used to make the server-side parts of web apps work

Database Systems: They store and retrieve data used in web apps

One way to talk about cyberspace is related to the use of the global Internet for diverse purposes, from
commerce to entertainment. Wherever stakeholders set up virtual meeting spaces, we see the cyberspace
existing. Wherever the Internet is used, you could say, that creates a cyberspace.

Another prime example of cyberspace is the online gaming platforms advertised as massive online player
ecosystems. These large communities, playing all together, create their own cyberspace worlds that exist only
in the digital realm, and not in the physical world,
ARCHITECTURE
Cybersecurity shouldn’t be a single piece of technology that improves security. Rather, it should be a layered
approach with multiple facets to ensure comprehensive protection.

It’s important to understand what a layered approach consists of. Generally, there are 7 layers of cybersecurity to
consider. Below, we explore what these are and why they are important.
The Seven Layers Of Cybersecurity
1. Mission-Critical Assets
This is data that is absolutely critical to protect. Whether businesses would like to admit it or not, they face malicious
forces daily. The question is how are leaders dealing with this type of protection? And what measures have they put in
place to guard against breaches?

An example of mission-critical assets in the Healthcare industry is Electronic Medical Record (EMR) software. In the
financial sector, its customer’s financial records.

2. Data Security
Data security is when there are security controls put in place to protect both the transfer and the storage of data. There
has to be a backup security measure in place to prevent the loss of data, This will also require the use of encryption and
archiving.
Security Strategy: At this level, keeping things secure entails file and disc encryption, frequent backups of all crucial
data and procedures, two-factor authentication, enterprise rights management, and rules that make sure data is erased
from devices that are no longer in use or that are being given to another employee.
 3. Endpoint Security
This layer of security makes sure that the endpoints of user devices are not exploited by breaches. This includes the
protection of mobile devices, desktops, and laptops.
Security Strategy: Endpoint encryption is required to make sure that the devices are operating in secure
environments.
Endpoint security systems enable protection either on a network or in the cloud depending on the needs of a
business.
4. Application Security
This involves the security features that control access to an application and that application’s access to your assets. It
also includes the internal security of the app itself.
Most of the time, applications are designed with security measures that continue to provide protection when the
app is in use.
Security Strategy: The most basic thing you can do here is to keep your programs up to date. This guarantees that
the application is as secure as possible and that any known security vulnerabilities are addressed.
5. Network Security
This is where security controls are put in place to protect the business’s network. The goal is to prevent unauthorized
access to the network.
It is crucial to regularly update all systems on the business network with the necessary security patches, including
encryption. It’s always best to disable unused interfaces to further guard against any threats.

Security Strategy: If no one person has access to everything, then any successful cyberattack only results in a small
portion of the network being breached. The best practice for security at this layer is to only give employees and devices
access to the parts of the network that are 100% necessary for them to do their jobs.
6. Perimeter Security
This security layer ensures that both the physical and digital security methods protect a business as a whole. It
includes things like firewalls that protect the business network against external forces.
Security Strategy: This includes firewalls, data encryption, antivirus software, device management (which is crucial
if your company has a bring-your-own-device and setting up a secure demilitarized zone for further security.

7. The Human Layer

Despite being known as the weakest link in the security chain, the human layer is a very necessary layer. It
incorporates management controls and phishing simulations as an example. Humans are the weakest link in any
cyber security strategy, and they are alone responsible for 90% of data breaches.
Security Strategy: Education and training, which include instructions on how to recognize and deal with phishing
attacks, strong password strategies, system hardening, and cyber security awareness, are the best ways to keep the
human layer secure. Access controls are a smart notion for protecting the human layer since they can reduce the
amount of harm that could result from a successful attack.
Communication Technologies - Web Services

WWW is the acronym for World Wide Web. WWW is an information space inhabited by interlinked documents and
other media that can be accessed via the Internet. WWW was invented by British scientist Tim Berners-Lee in 1989
and developed the first web browser in 1990 to facilitate exchange of information through the use of interlinked
hypertexts.

A text that contains link to another piece of text is called

hypertext. The web resources were identified by a unique
name called URL to avoid confusion.

World Wide Web has revolutionized the way we create, store

and exchange information. Success of WWW can be attributed
to these factors −

User friendly
Use of multimedia
Interlinking of pages through hypertexts
Interactive
 HTML
HTML stands for Hypertext Markup Language. A language designed such that parts of text can be marked to
specify its structure, layout and style in context of the whole page is called a markup language. Its primary
function is defining, processing and presenting text.

HTML is the standard language for creating web pages and web applications, and loading them in web
browsers.

Domain Names
Domain name is a unique name given to a server to identify it on the World Wide Web. In the example
request given earlier −
https://www.amazon.com/videotutorials/index.htm
amazon.com is the domain name. Domain name has multiple parts called labels separated by dots. Let us
discuss the labels of this domain name. The right most label .com is called top level domain (TLD). Other
examples of TLDs include .net, .org, .co, .au, etc. amazon is second level domain name.
URL
URL stands for Uniform Resource Locator. URL refers to the location of a web resource on computer
network and mechanism for retrieving it. Let us continue with the above example −

https://www.tutorialspoint.com/videotutorials/index.htm

This complete string is a URL. Let’s discuss its parts −

index.htm is the resource (web page in this case) that needs to be retrieved

www.tutorialspoint.com is the server on which this page is located

videotutorials is the folder on server where the resource is located

www.tutorialspoint.com/videotutorials is the complete pathname of the resource

https is the protocol to be used to retrieve the resource

URL is displayed in the address bar of the web browser.

Websites
Website is a set of web pages under a single domain name. Web page is a text document located on a server and
connected to the World Wide Web through hypertexts.
http://web.simmons.edu/~grabiner/comm244/weektwo/links.html
Web Browsers
Web browser is an application software for accessing, retrieving, presenting and traversing any resource
identified by a URL on the World Wide Web. Most popular web browsers include −

Chrome
Internet Explorer
Firefox
Apple Safari
Opera

Web Servers
Web server is any software application, computer or networked device that serves files to the users as per their
request. These requests are sent by client devices through HTTP or HTTPS requests.

Web Hosting
Web hosting is an Internet service that enables individuals, organizations or businesses to store web pages that can be
accessed on the Internet. Web hosting service providers have web servers on which they host web sites and their pages.
They also provide the technologies necessary for making a web page available upon client request
The Internet and the Web
The internet is a global network of interconnected computers and servers that allows people to communicate, share
information, and access resources from anywhere in the world.

Worldwide digital population

2023
As of April 2023, there were
5.18 billion internet users
worldwide, which amounted
to 64.6 percent of the global
population. Of this total, 4.8
billion, or 59.9 percent of the
world's population, were
social media users.
How Does the Internet Work?

The actual working of the internet takes place with the help of clients and servers. Here the client is a
laptop that is directly connected to the internet and servers are the computers connected indirectly to
the Internet and they are having all the websites stored in those large computers. These servers are
connected to the internet with the help of ISP (Internet Service Providers) and will be identified with
the IP address.

Each website has its Domain name as it is difficult for any person to always remember the long
numbers or strings. So, whenever you search for any domain name in the search bar of the browser the
request will be sent to the server and that server will try to find the IP address from the Domain name
because it cannot understand the domain name. After getting the IP address the server will try to
search the IP address of the Domain name in a Huge phone directory that in networking is known as a
DNS server (Domain Name Server). For example, if we have the name of a person and we can easily
find the Aadhaar number of him/her from the long directory as simple as that.

So after getting the IP address, the browser will pass on the further request to the respective server
and now the server will process the request to display the content of the website which the client
wants.

https://www.youtube.com/watch?v=x3c1ih2NJEg
Difference Between World Wide Web and the Internet
The main difference between the World Wide Web and the Internet are:

World Wide Web Internet

All the web pages and web documents are stored there on
The Internet is a global network of computers that is
the World wide web and to find all that stuff you will have a
accessed by the World wide web.
specific URL for each website.

The world wide web is a service. The Internet is an infrastructure.

The world wide web is a subset of the Internet. The Internet is the superset of the world wide web.

The world wide web is software-oriented. The Internet is hardware-oriented.

The world wide web uses HTTP. The Internet uses IP Addresses.

The world wide web can be considered as a book from the

The Internet can be considered a Library.
different topics inside a Library.
Security and the Internet
Very huge amount of data is managed across the Internet almost the time, which leads to the risk of data
breaching and many other security issues.

Steps to Protect the Online Privacy

• Install Antivirus or Antimalware.
• Create random and difficult passwords, so that it becomes difficult to guess.
• Use a private browsing window or VPN for using the Internet.
• Try to use HTTPS only for better protection.
• Try to make your Social Media Account Private.
• If you are not using any application, which requires GPS, then you can turn GPS off.
• Do not simply close the tab, first log out from that account, then close the tab.
• Try to avoid accessing public Wifi or hotspots.
• Try to avoid opening or downloading content from unknown sources.
TCP/IP data transfer
TCP/IP sockets provide a simple way of connecting computer programs together, and this type of interface is
commonly added to existing stand-alone applications. TCP/IP provides a mechanism for transferring data
between two applications, which can be running on different computers. The transfer of data is bidirectional;
provided that the TCP/IP connection is maintained and no data is lost, the sequence of the data is kept.
A TCP/IP connection between two applications has a client end and a server end, which means that
one application acts as a server and the other as a client.

1.The server application listens on a local port (on the computer that is running the application) for
requests for connections to be made by a client application.
2.The client application requests a connection from the server port, which the server then accepts.
3.When the server accepts the request, a port is created on the client computer and is connected to the
server port.
4.A socket is created on both ends of the connection, and the details of the connection are
encapsulated by the socket.
5. The server port remains available to listen for further connection requests:
The server can accept more connections from other client applications. These connections can be in the
same process, in a different process on the same computer, or on a different computer:
When the connection has been established, two data streams exist: one for inbound data and another for
outbound data:

The client and server ends of the connection are identical and both can perform the same operations. The
only difference between them is that the output stream of the client is the input stream of the server, and the
input stream of the client is the output stream of the server.
Data Governance
Data governance is the practice of identifying important data across an organization, ensuring it is of high quality, and
improving its value to the business.

Data Government Policy

A data governance policy is a document that formally outlines how organizational data will be managed and
controlled. A few common areas covered by data governance policies are:

Data quality – ensuring data is correct, consistent and free of “noise” that might impeded usage and analysis.
Data availability – ensuring that data is available and easy to consume by the business functions that require it.
Data usability – ensuring data is clearly structured, documented and labeled, enables easy search and retrieval, and
is compatible with tools used by business users.
Data integrity – ensuring data retains its essential qualities even as it is stored, converted, transferred and viewed
across different platforms.
Data security – ensuring data is classified according to its sensitivity, and defining processes for safeguarding
information and preventing data loss and leakage.
Addressing all of these points requires a right combination of
people skills, internal processes, and the appropriate
technology.

Data Stewards
A data steward is an organizational role responsible for
enacting the data governance policy. Data stewards are
typically subject matter experts who are familiar with the data
used by a specific business function or department. They
ensure the fitness of data elements, both content and
metadata, administer the data and ensure compliance with
regulations.
Data Governance Frameworks
A data governance framework is a structure that helps an organization assign responsibilities, make decisions,
and take action on enterprise data

What is data governance used for?

Data governance is necessary to assure that data is safe, secure, private, usable, and in compliance with
both internal and external data policies. Data governance allows setting and enforcing controls that allow
greater access to data, gaining the security and privacy from the controls on data. Here are some
common use cases:
Data stewardship
Data governance often means giving accountability and responsibility for both the data itself and the
processes that ensure its proper use to “data stewards.”

Data quality
Data governance is also used to ensure data quality, which refers to any activities or techniques designed
to make sure data is suitable to be used. Data quality is generally judged on six dimensions: accuracy,
completeness, consistency, timeliness, validity, and uniqueness.
Scores of data quality dimensions are typically expressed in percentages, which set the reference for the
intended use. For example, when you use 87% accurate patient data to process billing, 13% of the data
.
cannot guarantee you correct billing. In another example, a 52% complete customer data set implies lower
confidence in the planned campaign reaching the right target segment. You can define the acceptable
levels of scores for building more trust in data.
Data management
This is a broad concept encompassing all aspects of managing data as an enterprise asset, from collection and
storage to usage and oversight, making sure it’s being leveraged securely, efficiently, and cost-effectively
before it’s disposed of.
Benefits of data governance

Make better, more timely decisions

Users throughout your organization get the data they need to reach and service customers, design and improve
products and services, and seize opportunities for new revenues.

Improve cost controls

Data helps you manage resources more effectively. Because you can eliminate data duplication caused by
information silos, you don’t overbuy—and have to maintain—expensive hardware.(Just in time inventory)

Enhance regulatory compliance

An increasingly complex regulatory climate has made it even more important for organizations to
establish robust data governance practices. You avoid risks associated with noncompliance while
proactively anticipating new regulations.
Earn greater trust from customers and suppliers
By being in auditable compliance with both internal and external data policies, you gain the trust of customers
and partners that you will protect their sensitive information, so they feel positive about doing business with you.
Manage risk more easily
With strong governance, you can allay concerns about exposure of sensitive data to individuals or systems who
lack proper authorization, security breaches from malicious outsiders, or even insiders accessing data they don’t
have the right to see.
Allow more personnel access to more data
Strong data governance allows more personnel access to more data, with the confidence that these personnel get
access to the right data and that this democratization of data does not negatively impact the organization.

Cybersecurity Issues and Challenges in 2023

Ransomware Extortion
Ransomware began as malware focused on extorting payments via data encryption. By denying legitimate users
access to their data by encrypting it, the attackers could demand a ransom for its recovery.

However, the growth of ransomware threats has resulted in focused security research designed to identify and
remediate these threats. The process of encrypting every file on a target system is time-consuming — making it
possible to save some data by terminating the malware before data is encrypted — and companies have the
potential to restore from backups without paying the ransom.

Double extortion attacks added data theft to data encryption, and some ransomware operators have shifted to focus
solely on the extortion effort, skipping encryption entirely. These ransomware data breaches are faster to carry out,
harder to detect, and cannot be fixed using backups, making them a more effective approach for cybercriminals and
a greater threat to businesses.
Cloud Third-Party Threats
Companies are increasingly adopting cloud computing, a move with significant security implications. Unfamiliarity
with cloud security best practices, the cloud shared security model, and other factors can make cloud
environments more vulnerable to attack than on-prem infrastructure.

While cybercriminals are increasingly targeting cloud infrastructure with exploits for new vulnerabilities, an
emerging and worrying tactic is the targeting of cloud service providers. By targeting cloud service providers and
cloud solutions with their attacks, a cybercriminal can gain access to their customers’ sensitive data and
potentially their IT infrastructure. By exploiting these trust relationships between organizations and their service
providers, attackers can dramatically increase the scale and impact of their attacks.

Mobile Malware
As mobile devices have become more widely used, mobile malware has emerged as a growing threat. Mobile
malware masquerading as legitimate and harmless applications — such as QR code readers, flashlights, and
games — have grown more common on official and unofficial app stores.

These attempts to infect users’ mobile devices have expanded from fake apps to cracked and custom versions of
legitimate apps. Cybercriminals are offering unofficial versions of apps as malicious APKs via direct downloads and
third-party app stores. These apps are designed to take advantage of name recognition to slip malware onto
employee devices.
Wipers and Destructive Malware
While ransomware and data breaches are some of the most visible threats to corporate data security, wipers and
other destructive malware can have even greater business impacts. Instead of breaching information or demanding
a ransom for its return, wipers delete the data entirely.

Weaponization of Legitimate Tools

The line between legitimate penetration testing and system administration tools and malware can be a fine
one. Often, functionality that cyber threat actors would build into their malware is also built into their targets’
operating systems or available via legitimate tools that are unlikely to be recognized as malware by signature-
based detection tools.

Zero-Day Vulnerabilities in Supply Chains

Zero-day vulnerabilities pose a significant but transient risk to corporate cybersecurity. A vulnerability is a zero day
when it has been discovered but no fix is available for the issue. During the window between the initial
exploitation of a vulnerability and the vendor’s release of a patch for it, cybercriminals can exploit the vulnerability
unchecked. However, even after a patch is available, it is not always promptly applied by businesses.