Cyber

Security
▪Course name: Cyber Security (CSSF3021_3181799)
▪Course instructor: Dr. Uddipana Dowerah
▪Lectures per week: 3

2
Administration & Passing Criteria
• Total number of lectures: 3 hours in a week
• Mid Sem- 20%
• End Sem- 30%
• Internal Assessment- 50%
• Detailed breakup of Internal Assessment:

Internal Assessment Weightage in calculation of Internal

Component Assessment
Quiz 15%
Assignment 15%
Seminar/Presentation 20%

• 85 or above for Outstanding (O) & 35 marks is the minimum passing marks
▪ Attendance
▪ Manual attendance
▪ Via smart card scanning

▪ Seminar/Presentation
▪ Group seminar (?)
▪ Individual seminar (?)

▪ Self Study
▪ textbooks, online lectures, internet
Contact/Communication

• All communication via email:

[email protected]

• Microsoft Teams for sharing information:

• CR will create a group and add all the students
• Any/All information is to be shared through Teams
Course Objectives

• This course on Information Technology and Cyber Security aims to provide

students with a comprehensive understanding of fundamental concepts and
principles in information security, types of cybercrimes, IT security planning,
audit, and compliance, network security and data privacy, as well as physical
security.
• The course objectives include developing knowledge and skills in risk
management, security controls and technologies, incident response, legal
and ethical considerations, and emerging trends in information security.
• Students will also gain insights into cybersecurity laws, network attacks, data
encryption, secure transmission protocols, and physical security measures.
Practical exercises and real-world examples will enhance critical thinking,
problem-solving, and communication skills, fostering professionalism and
ethical responsibility in the field.
Course Outcomes
CO1. Understand the fundamental concepts and principles of information
security, including risk management, security controls, and incident response.
CO2. Identify and analyze different types of cyber-crimes, including hacking,
malware attacks, identity theft, and financial cyber-crimes, and comprehend
the impact of these crimes on individuals and organizations.
CO3. Apply IT security planning, audit, and compliance practices, including
security policies and standards, risk assessment, and incident response, to
ensure effective management and protection of information technology
resources.
CO4. Evaluate and implement network security measures, data privacy
principles, and secure transmission protocols to safeguard networks, web
applications, and cloud computing environments.
CO5. Recognize the importance of physical security and employ appropriate
measures, such as access control systems, video surveillance, and emergency
response procedures, to mitigate physical security threats and vulnerabilities.
Books
Textbooks

1. Duane C. Wilson, “Cybersecurity” The MIT Press, 2021.

2. David Alexander, Amanda Finch, David Sutton, and Andy Taylor, “Information Security Management
Principles”, 2nd Edition, BCS, The Chartered Institute for IT, 2013.

Reference Books

1. Dr. Erdal Ozkaya, “Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started
in cybersecurity”, Packt publisher, 2019.
2. Charles J. Brooks, Christopher Grow, Philip Craig, and Donald Short, “Cybersecurity Essentials”,
Sybex, 2018.
Course Plan

Units Hours Timeline

Unit I: Overview and Fundamentals 12 Jan 6-Jan 21
of Information Security
Unit II: Types of Cyber Crimes 12 Jan 24-Feb 7
Unit III: IT Security Planning, Audit & 12 Feb 10-Mar 4
Compliance
Unit IV: Introduction to Network 12 Mar 7-Apr 1
Security & Data Privacy
Unit V: Introduction to Physical 12 Apr 4-Apr 30
Security
Motivation

What is Cyber Security?

• Cyber security is how individuals and organizations protect themselves from the
risk of cyber attacks.
• Cyber attacks – hacking, identity theft, financial cyber crimes
• Almost everything we use is connected to the internet – smartphones,
computers, wearables to home appliances
• From online banking and shopping, to email and social media – more important
than ever to prevent cyber criminals from getting access to our accounts, data
and devices
• “Cyber security is the use of technologies, practices and policies for protecting
devices, networks, programs and data from cyber attacks.”
• Core function – protect our devices (smartphones, computers) and the services
we use online – from theft or damage.
Motivation

Role of AI and ML in Cybersecurity?

• Threat detection and prevention: AI algorithms analyze vast amounts of data to

identify patterns indicative of cyber threats. ML models can detect anomalies to
identify previously unknown threats.

• Adaptive security measures: AI systems continuously learn from detected attacks

like brute force or password cracking attempts thereby adapting to emerging
threats and evolving attack techniques.

• Potential for AI misuse: Adversaries might manipulate AI systems through bad

training data or adversarial AI.
Motivation

Cybersecurity in AI and ML?

▪ PPML:
• Datasets (healthcare, finance) often contain sensitive information.
Cybersecurity can ensure the confidentiality of this data.
• Secures model from being stolen (model theft) or manipulated (model
poisoning)
• Ensures secure data sharing and computation in distributed AI systems like
federated learning
Unit 1- Overview & Fundamentals of Information Security
• Introduction to Information Security
• Information Security Principles,
• Security Threats and Vulnerabilities,
• Risk Management,
• Security Policies and Procedures,
• Security Controls and Technologies,
• Security Incident Response,
• Legal and Ethical Considerations,
• Emerging Trends in Information Security.
Security Overview

What is Security?

▪ Simple definition – protection from any harm

• Attack, theft, malicious activity

▪ Most basic form of Security – Physical Security

• Securing your house against intruders

• Focused on preventing unauthorized access

Security Overview

What is Information Security?

• Apart from physical security, information could also be stolen digitally

• Protects information (in all formats) and information systems from unauthorized
access, use, disclosure, disruption, modification or destruction.
• We want to protect our data and our systems from those who want to misuse it

When are we secure?

• Using strong passwords?

• Disconnecting from the internet?
• Using a firewall/antivirus?
Security Overview

When are we NOT secure?

• Using weak passwords like “password” or “1234”

• Downloading programs from the Internet
• Opening e-mail attachments from unknown senders

Information Security Principles: CIA Triad

• Confidentiality
• Integrity
• Availability
CIA Triad

Confidentiality

▪ Protecting information from unauthorized access or disclosure

▪ What kind of information needs protection?

• Sensitive information – medical or corporate data, military intelligence etc.

▪ Can be compromised by the loss of a device containing data (smartphone),

someone looking over our shoulder while we type a password, an e-mail being
sent to the wrong person etc.
CIA Triad

Integrity

▪ Protection against unauthorized changes or modification of information

▪ Two classes of mechanisms: prevention and detection

• Prevention mechanism: blocks any unauthorized attempts to change the data
• Detection mechanism: detects the integrity of data

▪ Example – OS such as Windows implement permissions that restrict what actions

can be performed by an unauthorized user on a given file
CIA Triad

Availability

▪ Refers to the ability to access our data when we need it.

▪ Prevents unauthorized with-holding of information.
▪ Can result from power loss, operating system or application problems, networks
attacks or other problems
▪ When caused by an attacker – Denial of Service Attacks (system is flooded with
requests until it cannot keep up and crashes)
Exercise
Q1. Classify each of the following as a violation of confidentiality, of
integrity, or of availability.

1. John copies Mary’s homework

2. Paul crashes Linda’s system
3. Carol changes the amount of Angelo’s check from $100 to $1000
4. Gina forges Roger’s signature on a deed
5. Sarah intercepts and reads a sensitive email intended for her manager
6. Tom deletes files from a shared drive making them inaccessible to other team
members
Exercise
1. John copies Mary’s homework
- Confidentiality (unauthorized access to and copying compromises Mary’s
private information)
2. Paul crashes Linda’s system
- Availability (crashing the system makes it unavailable for Linda’s use)
3. Carol changes the amount of Angelo’s check from $100 to $1000
- Integrity (altering the amount compromises the accuracy of data)
4. Gina forges Roger’s signature on a deed
- Integrity (changes the authenticity of the document)
5. Sarah intercepts and reads a sensitive email intended for her manager
- Confidentiality (unauthorized access to sensitive information)
6. Tom deletes files from a shared drive making them inaccessible to other team
members
- Availability (files are no longer accessible for legitimate use)
Attacks

Interception Interruption

Types of
attacks

Modification Fabrication
Attacks

Confidentiality • Interception

• Interruption
Integrity • Modification
• Fabrication

• Interruption
Availability • Modification
• Fabrication
Attacks
Interception:
• Allow unauthorized users to access private or confidential information
• Primarily an attack against confidentiality
• Unauthorized file viewing or copying, eavesdropping on phone conversations or
reading e-mail, and can be conducted against data at rest or in motion
• Man-in-the-middle attack

Mitigation:
• Encrypting communications
• Avoiding untrusted wi-fi networks
• Regularly updating softwares
Attacks
Interruption:
• It can cause our assets temporarily or permanently unusable or inaccessible,
disrupting their availability and functionality
• Often affect availability but can be an attack on integrity as well
• DoS attack, Viruses to delete data or disable system functioning

Mitigation:
• Firewalls
• System backups
Attacks
Modification:
• It involves not only gaining access but also manipulating our asset
• Primarily an attack against integrity but could also be an attack on availability
• Accessing a file in an unauthorized manner and altering the data- attack on integrity
• If the file is a configuration file that controls the behavior of a service (web server)-
affect availability of that service by changing the contents of the file
• Man-in-the-middle

Mitigation:
• Intrusion detection systems
• Data encryption
• Access Controls
Attacks
Fabrication:
• Intruder injects bogus data, communications or other activities in the system
• Primarily an attack against integrity but could also be an attack on availability
• Generating false data such as malicious emails spreading malware is an integrity attack
• Can also disrupt system availability by injecting an overdose of traffic into a network
• Identity spoofing by creating a fake version of a legitimate user

Mitigation:
• Digital signatures
• Data encryption
Attacks
Threats, Vulnerabilities, and Risk
Threats:
• Potential to cause harm to our assets
- Asset: pure information, physical assets like buildings or computer systems, software used to
process information

• Specific to certain environments – threats to one organization may be

opportunities to another

Vulnerability:
• A weakness of an asset that can be exploited by one or more threats
• Could be a specific operating system or application we are running, a physical
location (of the office building)
• Someone going out into a “cloudy” environment without an umbrella
Threats, Vulnerabilities, and Risk
Risk:
• A combination of threat and vulnerability
• If there is a threat (of rain) and a vulnerability (of not carrying an umbrella) then
there is a risk that the person might get drenched and ruin their clothes
• Risk is the likelihood that something bad will happen when there is a potential
threat due to a vulnerability

Impact:
• The result of an information security incident caused by a threat that affects
assets.
• Gravity of a risk is decided by its potential impact.
Threats, Vulnerabilities, and Risk
Risk Management
Risk Management: Process of minimizing risks to organizational
operations, assets or individuals.

Risk Management Framework: A Risk Management Framework (RMF)

establishes principles and guidelines to which an organization must
adhere in order to effectively manage risks.

Key Features and components:

• Risk Identification:
• Risk Assessment
• Risk Mitigation
• Risk Monitoring and Reporting
• Risk Governance
Risk Management
Risk Identification:
• Identify potential threats and vulnerabilities
• Identify assets that are vulnerable to threats and the impact of such threats
• Continuous process – risks might change over time

Risk Assessment:
• Measures the severity of threats and creates a risk profile for the identified risks
• Could be as simple as calculating the capital loss
• In information security, an organization might compare the cost of a security
breach to the cost of implementing a security system to reduce the risk.
Risk Management
Risk Mitigation:
• Methods to eliminate or reduce the identified risks
• Implementing necessary security controls, Improving existing security measures
and by following best practices to make risk management more effective.

Reporting and Monitoring:

• Regularly monitoring the current risks
• Examining the adopted risk mitigation strategies
• Helps to maintain the effectiveness of the threat mitigation strategies

Risk Governance:
• Risk governance is the process of making sure that the risk mitigation techniques
that have been adopted are put into place and that the employees adhere to those
policies.
Risk Management
Some of the top RMFs
• NIST cybersecurity framework
• ISO 31000
• COBIT 2019

Exercise: Describe the above RMFs.

AI Risk Management:
• NIST AI Risk management framework
• ISO/IEC 42001: AI risk management
Security Controls
Security Controls:
• Measures to help mitigate risks
• Three types: Physical, Logical and Administative

1. Physical Control:
• Protect the physical environment in which our systems sit, or where
data is stored
• Include things like fences, gates, locks, guards, access control cards etc.
• Attackers can steal or destroy the system making it unavailable for our
use
Security Controls
2. Logical/Technical Controls:
• Protect the systems, networks and environments that process, transmit
and store our data
• Include passwords, encryption, firewalls etc.

3. Administrative Control:
• Based on rules, laws, policies, procedures, guidelines and other items
that “paper” in nature
• Ensures that set policies and procedures are complied with
• Physical access to facilities, auditing, usage of company resource etc.
Security Policies, Standards and Procedures
Security Policy:
• A document that states in writing how a company plans to maintain the
confidentiality, integrity, and availability of its data
• High level plans, rules, guidelines that establishes security
requirements
• Continuously updates as technologies, vulnerabilities and security
requirements change
• An information security policy should describe an information security
control that can be enforced
Security Policies, Standards and Procedures
Security Standards:
• Provide more specific details that enable policies to be implemented
within the organization using different technologies.
• Provide the necessary level of detail to make a security policy practical
across the entire organization.

Security Procedures:
• Step-by-step instructions that people will follow to implement policies
(or even standards.)
• Procedures provide the “how”
• Example - Employee Termination Procedure
• Manager notifies HR and IT – HR conducts exit interview – IT suspends user ID – Manger and HR
collects company property
Security Policies, Standards and Procedures

Fig: Security Document Hierarchy

Information Security Framework

• Another level within the overall structure of information security

that we call Information Security Frameworks.
• Provide categories of related information security controls that must
be implemented to comply with a specific regulation or governance
system such as ISO 27001.
- ISO 27001: An international set of guidelines from the International
Organization for Standardization (ISO) that helps organizations manage sensitive
information
• Example - NIST SP 800-53, NIST-CSF, CMMC
Information Security Framework
Various Attacks
Malicious Code:
• Execution of viruses, worms, Trojan horses to destroy or steal
information
• State-of-the-art MC attack is the polymorphic or multivector worm.
• Other forms include of