COMPUTER(I.T.

) HOMEWORK 2023

Name: Arpan Goswami

Class: X
Roll number: 6
 Processes of Cyber
Security

Cyber security is the practice of defending computers, servers,

mobile devices, electronic systems, networks, and data from
malicious attacks. It's also known as information technology
security or electronic information security. The term applies in a
variety of contexts, from business to mobile computing, and can be
divided into a few common categories.

Application security focuses on keeping software and

devices free of threats. A compromised application could provide
access to the data its designed to protect. Successful security
begins in the design stage, well before a program or device is
deployed.

Application security involves implementing various defenses within

all software and services used within an organization against a wide
range of threats. It requires designing secure application
architectures, writing secure code, implementing strong data input
validation, threat modeling, etc. to minimize the likelihood of any
unauthorized access or modification of application resources.

Application security describes security measures at the application

level that aim to prevent data or code within the app from being
stolen or hijacked. It encompasses the security considerations that
happen during application development and design, but it also
involves systems and approaches to protect apps after they get
deployed.

Application security may include hardware, software, and

procedures that identify or minimize security vulnerabilities. A
router that prevents anyone from viewing a computer’s IP address
from the Internet is a form of hardware application security. But
security measures at the application level are also typically built
into the software, such as an application firewall that strictly
defines what activities are allowed and prohibited. Procedures can
entail things like an application security routine that includes
protocols such as regular testing.
Different types of application security features include
authentication, authorization, encryption, logging, and application
security testing. Developers can also code applications to reduce
security vulnerabilities.

 Authentication: When software developers build

procedures into an application to ensure that only
authorized users gain access to it. Authentication
procedures ensure that a user is who they say they are.
This can be accomplished by requiring the user to provide a
user name and password when logging in to an application.
Multi-factor authentication requires more than one form of
authentication—the factors might include something you
know (a password), something you have (a mobile device),
and something you are (a thumb print or facial recognition).
 Authorization: After a user has been authenticated, the
user may be authorized to access and use the application.
The system can validate that a user has permission to
access the application by comparing the user’s identity with
a list of authorized users. Authentication must happen
before authorization so that the application matches only
validated user credentials to the authorized user list.
 Encryption: After a user has been authenticated and is
using the application, other security measures can protect
sensitive data from being seen or even used by a
cybercriminal. In cloud-based applications, where traffic
containing sensitive data travels between the end user and
the cloud, that traffic can be encrypted to keep the data
safe.
 Logging: If there is a security breach in an application,
logging can help identify who got access to the data and
how. Application log files provide a time-stamped record of
which aspects of the application were accessed and by
whom.
 Application security testing: A necessary process to
ensure that all of these security controls work properly.
Disaster recovery and business continuity define
how an organization responds to a cyber-security incident or any
other event that causes the loss of operations or data. Disaster
recovery policies dictate how the organization restores its operations
and information to return to the same operating capacity as before
the event. Business continuity is the plan the organization falls
back on while trying to operate without certain resources.

DR&BC deals with processes, monitoring, alerts and plans that

help organizations prepare for keeping business critical systems
online during and after any kind of a disaster as well as resuming
lost operations and systems after an incident.
The role of BCDR is to minimize the effects of outages and
disruptions on business operations. BCDR practices enable an
organization to get back on its feet after problems occur, reduce the
risk of data loss and reputational harm, and improve operations
while decreasing the chance of emergencies.

Some businesses might have a head start on BCDR. DR is an

established function in many IT departments with respect to
individual systems. However, BCDR is broader than IT,
encompassing a range of considerations -- including crisis
management, employee safety and alternative work locations.

A holistic BCDR approach requires thorough planning and

preparation. BCDR professionals can help an organization create a
strategy for achieving resiliency. Developing such a strategy is a
complex process that involves conducting a business impact
analysis (BIA) and risk analysis as well as developing BCDR plans,
tests, exercises and training.

Planning documents -- the cornerstone of an effective BCDR

strategy -- also help with resource management, providing
information such as employee contact lists, emergency contact lists,
vendor lists, instructions for performing tests, equipment lists, and
technical diagrams of systems and networks.

BCDR expert and consultant Paul Kirvan noted several other

reasons for the importance of BCDR planning:

 Results of the BIA identify opportunities for process improvement

and ways the organization can use technology better.
 Information in the plan serves as an alternate source of
documentation.
 The plan provides a single source of key contact information.
 The plan serves as a reference document for use in product
planning and design, service design and delivery, and other
activities.