Course Code/ Title : IT3404/ INTRODUCTION TO CYBER SECURITY Unit :1

UNIT I INTRODUCTION TO CYBERSECURITY CONCEPTS

Introduction to Cyber security Fundamentals - Cyber Threat Landscape -Cyber

security Frameworks and Standards - Security Architecture and Models - Incident Response
and Cybersecurity Incident Handling - Security Awareness and Training - Legal and Ethical
Aspects of Cybersecurity - Emerging Trends in Cybersecurity.

Introduction to Cyber Security Fundamentals

Cyber Security Introduction - Cyber Security Basics:

Cyber security is the most concerned matter as cyber threats and attacks are overgrowing.
Attackers are now using more sophisticated techniques to target the systems. Individuals,
small-scale businesses or large organization, are all being impacted. So, all these firms
whether IT or non-IT firms have understood the importance of Cyber Security and focusing
on adopting all possible measures to deal with cyber threats.

What is cyber security?

"Cyber security is primarily about people, processes, and technologies working together to
encompass the full range of threat reduction, vulnerability reduction, deterrence, international
engagement, incident response, resiliency, and recovery policies and activities, including
computer network operations, information assurance, law enforcement, etc."
OR
Cyber security is the body of technologies, processes, and practices designed to protect
networks, computers, programs and data from attack, damage or unauthorized access.

 The term cyber security refers to techniques and practices designed to protect
digital data.

 The data that is stored, transmitted or used on an information system.

OR
Cyber security is the protection of Internet-connected systems, including hardware,
software, and data from cyber attacks.
It is made up of two words one is cyber and other is security.

 Cyber is related to the technology which contains systems, network and

programs or data.

 Whereas security related to the protection which includes systems security,

network security and application and information security.

7
 Course Code/ Title : IT3404/ INTRODUCTION TO CYBER SECURITY Unit :1

Why is cyber security important?

Listed below are the reasons why cyber security is so important in what’s become a
predominant digital world:

 Cyber attacks can be extremely expensive for businesses to endure.

 In addition to financial damage suffered by the business, a data breach can also
inflict untold reputational damage.
 Cyber-attacks these days are becoming progressively destructive.
Cybercriminals are using more sophisticated ways to initiate cyber attacks.
 Regulations such as GDPR are forcing organizations into taking better care
of the personal data they hold.
 Because of the above reasons, cyber security has become an important part of the
business and the focus now is on developing appropriate response plans that minimize
the damage in the event of a cyber attack.
 But, an organization or an individual can develop a proper response plan only when
he has a good grip on cyber security fundamentals.

Cyber security Fundamentals – Confidentiality:

Confidentiality is about preventing the disclosure of data to unauthorized parties.

It also means trying to keep the identity of authorized parties involved in sharing and holding
data private and anonymous.

Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle

(MITM) attacks, disclosing sensitive data.

Standard measures to establish confidentiality include:

 Data encryption
 Two-factor authentication
 Biometric verification
 Security tokens

Integrity

Integrity refers to protecting information from being modified by unauthorized parties.

Standard measures to guarantee integrity include:

 Cryptographic checksums
 Using file permissions
 Uninterrupted power supplies
 Data backups

7
 Course Code/ Title : IT3404/ INTRODUCTION TO CYBER SECURITY Unit :1
Availability

Availability is making sure that authorized parties are able to access the information when
needed.

Standard measures to guarantee availability include:

 Backing up data to external drives

 Implementing firewalls
 Having backup power supplies
 Data redundancy
Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to

alter computer code, logic or data and lead to cybercrimes, such as information and identity
theft.

Cyber-attacks can be classified into the following categories:

1) Web-based attacks
2) System-based

attacks Web-based

attacks

These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic to the attackers computer or any other computer. The DNS spoofing attacks can go on
for a long period of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access to all of the user data.

7
 Course Code/ Title : IT3404/ INTRODUCTION TO CYBER SECURITY Unit :1

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthy entity in electronic communication.

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.
6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.

Protocol attacks- It consumes actual server resources, and is measured in a packet.

Application layer attacks- Its goal is to crash the web server and is measured in
request per second.

7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get
original password.

8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files
which is available on the web server or to execute malicious files on the web server by
making use of the include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert
and modify the data in the intercepted connection.

7
 Course Code/ Title : IT3404/ INTRODUCTION TO CYBER SECURITY Unit :1

System-based attacks

These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-
 Virus

It is a type of malicious software program that spread throughout the computer files
without the knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute instructions
that cause harm to the system.
2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected

computers. It works same as the computer virus. Worms often originate from email attachments that
appear to be from trusted senders.
3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual activity,
even when the computer should be idle. It misleads the user of its true intent. It appears to be a normal
application but when opened/executed some malicious code will run in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they
receive specific input. Common examples of bots program are the crawler, chatroom bots,
and malicious bots.

7
 Course Code/ Title : IT3404/ INTRODUCTION TO CYBER SECURITY Unit :1

The 7 layers of cyber security should centre on the mission critical assets you are seeking
to protect.

1: Mission Critical Assets – This is the data you need to protect

2: Data Security – Data security controls protect the storage and transfer of data.
3: Application Security – Applications security controls protect access to an application, an
application’s access to your mission critical assets, and the internal security of the
application.
4: Endpoint Security – Endpoint security controls protect the connection between devices
and the network.
5: Network Security – Network security controls protect an organization’s network and
prevent unauthorized access of the network.
6: Perimeter Security – Perimeter security controls include both the physical and digital
security methodologies that protect the business overall.
7: The Human Layer – Humans are the weakest link in any cyber security posture. Human
security controls include phishing simulations and access management controls that protect
mission critical assets from a wide variety of human threats, including cyber criminals,
malicious insiders, and negligent users.

Vulnerability, threat, Harmful acts

As the recent epidemic of data breaches illustrates, no system is immune to attacks. Any
company that manages, transmits, stores, or otherwise handles data has to institute and
enforce mechanisms to monitor their cyber environment, identify vulnerabilities, and close up
security holes as quickly as possible.
Before identifying specific dangers to modern data systems, it is crucial to understand the
distinction between cyber threats and vulnerabilities.

Cyber threats are security incidents or circumstances with the potential to have a negative
outcome for your network or other data management systems.
Examples of common types of security threats include phishing attacks that result in the
installation of malware that infects your data, failure of a staff member to follow data
protection protocols that cause a data breach, or even a tornado that takes down your
company’s data headquarters, disrupting access.

Vulnerabilities are the gaps or weaknesses in a system that make threats possible and tempt
threat actors to exploit them.

Types of vulnerabilities in network security include but are not limited to SQL injections,
server misconfigurations, cross-site scripting, and transmitting sensitive data in a non-
encrypted plain text format.

When threat probability is multiplied by the potential loss that may result, cyber security
experts, refer to this as a risk.

7
 Course Code/ Title : IT3404/ INTRODUCTION TO CYBER SECURITY Unit :1

SECURITY VULNERABILITIES, THREATS AND ATTACKS –

Categories of vulnerabilities

 Corrupted (Loss of integrity)

 Leaky (Loss of confidentiality)

 Unavailable or very slow (Loss of availability)

– Threats represent potential security harm to an asset when vulnerabilities are exploited
- Attacks are threats that have been carried out
 Passive – Make use of information from the system without affecting
system resources

 Active – Alter system resources or affect operation

 Insider – Initiated by an entity inside the organization

 Outsider – Initiated from outside the perimeter

Computer criminals
Computer criminals have access to enormous amounts of hardware, software, and data; they
have the potential to cripple much of effective business and government throughout the
world. In a sense, the purpose of computer security is to prevent these criminals from doing
damage.
We say computer crime is any crime involving a computer or aided by the use of one.
Although this definition is admittedly broad, it allows us to consider ways to protect
ourselves, our businesses, and our communities against those who use computers maliciously.
One approach to prevention or moderation is to understand who commits these crimes and
why. Many studies have attempted to determine the characteristics of computer criminals. By
studying those who have already used computers to commit crimes, we may be able in the
future to spot likely criminals and prevent the crimes from occurring.

CIA Triad
The CIA Triad is actually a security model that has been developed to help people think
about various parts of IT security.
CIA triad broken down:

Confidentiality

It's crucial in today's world for people to protect their sensitive, private information from
unauthorized access. Protecting confidentiality is dependent on being able to define and
enforce certain access levels for information.

7
 Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1

In some cases, doing this involves separating information into various collections that are
organized by who needs access to the information and how sensitive that information actually
is - i.e. the amount of damage suffered if the confidentiality was breached.

Some of the most common means used to manage confidentiality include access control lists,
volume and file encryption, and Unix file permissions.

Integrity

Data integrity is what the "I" in CIA Triad stands for.

This is an essential component of the CIA Triad and designed to protect data from deletion or
modification from any unauthorized party, and it ensures that when an authorized person
makes a change that should not have been made the damage can be reversed.

Availability

This is the final component of the CIA Triad and refers to the actual availability of your data.
Authentication mechanisms, access channels and systems all have to work properly for the
information they protect and ensure it's available when it is needed.

Understanding the CIA triad

The CIA Triad is all about information. While this is considered the core factor of the
majority of IT security, it promotes a limited view of the security that ignores other important
factors.

For example, even though availability may serve to make sure you don't lose access to
resources needed to provide information when it is needed, thinking about information
security in itself doesn't guarantee that someone else hasn't used your hardware resources
without authorization.

It's important to understand what the CIA Triad is, how it is used to plan and also to
implement a quality security policy while understanding the various principles behind it. It's
also important to understand the limitations it presents. When you are informed, you can
utilize the CIA Triad for what it has to offer and avoid the consequences that may come along
by not understanding it.

Assets and Threat

What is an Asset: An asset is any data, device or other component of an organization’s

systems that is valuable – often because it contains sensitive data or can be used to access
such information.

8
 Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1

For example: An employee’s desktop computer, laptop or company phone would be

considered an asset, as would applications on those devices. Likewise, critical infrastructure,
such as servers and support systems, are assets. An organization’s most common assets are
information assets. These are things such as databases and physical files – i.e. the sensitive
data that you store
Types of cyber-attacker actions and their motivations when deliberate

Active attacks: An active attack is a network exploit in which a hacker attempts to make
changes to data on the target or data en route to the target.

Types of Active attacks:

Masquerade: In this attack, the intruder pretends to be a particular user of a system to gain
access or to gain greater privileges than they are authorized for. A masquerade may be
attempted through the use of stolen login IDs and passwords, through finding security gaps in
programs or through bypassing the authentication mechanism.

Session replay: In this type of attack, a hacker steals an authorized user’s log in information
by stealing the session ID. The intruder gains access and the ability to do anything the
authorized user can do on the website.

Message modification: In this attack, an intruder alters packet header addresses to direct a
message to a different destination or modify the data on a target machine.

In a denial of service (DoS) attack, users are deprived of access to a network or web resource.
This is generally accomplished by overwhelming the target with more traffic than it can
handle.

In a distributed denial-of-service (DDoS) exploit, large numbers of compromised

systems (sometimes called a botnet or zombie army) attack a single target.

Passive Attacks: Passive attacks are relatively scarce from a classification perspective, but
can be carried out with relative ease, particularly if the traffic is not encrypted.

Types of Passive attacks:

Eavesdropping (tapping): the attacker simply listens to messages exchanged by two entities.
For the attack to be useful, the traffic must not be encrypted. Any unencrypted information,
such as a password sent in response to an HTTP request, may be retrieved by the attacker.

Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to deduce
information relating to the exchange and the participating entities, e.g. the form of the
exchanged traffic (rate, duration, etc.). In the cases where encrypted data are used, traffic
analysis can also lead to attacks by cryptanalysis, whereby the attacker may obtain
information or succeed in unencrypting the traffic.

Software Attacks: Malicious code (sometimes called malware) is a type of software

designed to take over or damage a computer user's operating system, without the user's
knowledge or approval. It can be very difficult to remove and very damaging. Common
malware examples are listed in the following table:

Attack Characteristics

20
 Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1

Virus A virus is a program that attempts to damage a computer system and replicate itself
to other computer systems. A virus:

 Requires a host to replicate and usually attaches itself to a host file or a

hard drive sector.
 Replicates each time the host is used.
 Often focuses on destruction or corruption of data.
 Usually attaches to files with execution capabilities such as .doc, .exe, and
.bat extensions.
 Often distributes via e-mail. Many viruses can e-mail themselves to
everyone in your address book.
 Examples: Stoned, Michelangelo, Melissa, I Love You.

Worm A worm is a self-replicating program that can be designed to do any number of

things, such as delete files or send documents via e-mail. A worm can negatively
impact network traffic just in the process of replicating itself. A worm:

 Can install a backdoor in the infected computer.

 Is usually introduced into the system through a vulnerability.
 Infects one system and spreads to other systems on the network.
 Example: Code Red.

Trojan A Trojan horse is a malicious program that is disguised as legitimate software.

horse Discretionary environments are often more vulnerable and susceptible to Trojan
horse attacks because security is user focused and user directed. Thus the
compromise of a user account could lead to the compromise of the entire
environment. A Trojan horse:

 Cannot replicate itself.

 Often contains spying functions (such as a packet sniffer) or backdoor
functions that allow a computer to be remotely controlled from the
network.
 Often is hidden in useful software such as screen savers or games.
 Example: Back Orifice, Net Bus, Whack-a-Mole.

Logic A Logic Bomb is malware that lies dormant until triggered. A logic bomb is a
Bomb specific example of an asynchronous attack.

 A trigger activity may be a specific date and time, the launching of a

specific program, or the processing of a specific type of activity.
 Logic bombs do not self-replicate.

Hardware Attacks:
Common hardware attacks include:

 Manufacturing backdoors, for malware or other penetrative purposes;

backdoors aren’t limited to software and hardware, but they also affect
embedded radio- frequency identification (RFID) chips and memory

 Eavesdropping by gaining access to protected memory without opening

other hardware

20
 Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1
 Inducing faults, causing the interruption of normal behaviour

 Hardware modification tampering with invasive operations

 Backdoor creation; the presence of hidden methods for bypassing normal

computer authentication systems
 Counterfeiting product assets that can produce extraordinary operations and
those made to gain malicious access to systems.
Cyber Threats-Cyber Warfare:Cyber warfare refers to the use of digital attacks -- like computer
viruses and hacking -- by one country to disrupt the vital computer systems of another, with the aim of
creating damage, death and destruction. Future wars will see hackers using computer code to attack an
enemy's infrastructure, fighting alongside troops using conventional weapons like guns and missiles.
Cyber warfare involves the actions by a nation-state or international organization to attack and attempt
to damage another nation's computers or information networks through, for example, computer viruses
or denial-of-service attacks.
Cyber Crime:

Cybercrime is criminal activity that either targets or uses a computer, a computer

network or a networked device. Cyber crime is committed by cybercriminals or hackers who want
to make money. Cybercrime is carried out by individuals or organizations. Some cybercriminals
are organized, use advanced techniques and are highly technically skilled. Others are novice
hackers.
Cyber Terrorism:
Cyber terrorism is the convergence of cyberspace and terrorism. It refers to unlawful attacks and threats
of attacks against computers, networks and the information stored therein when done to intimidate or
coerce a government or its people in furtherance of political or social objectives.

Examples are hacking into computer systems, introducing viruses to vulnerable networks, web site
infefacing, Denial-of-service attacks, or terroristic threats made via electronic communication.

Cyber Espionage:
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and information without
the permission and knowledge of the holder of the information .
II. Cyber Threat Landscape

The cyber threat landscape refers to the evolving environment in which cyber threats and vulnerabilities
exist. It encompasses the full spectrum of cyber risks, including both external and internal threats, as
well as the changing tactics, techniques, and procedures (TTPs) used by cyber adversaries. Here's a
breakdown of key aspects of the cyber threat landscape:
Types of Cyber Threats:
Malware: Software designed to damage or disrupt systems, such as viruses, worms,
ransomware, and trojans. Phishing and Social Engineering: Techniques used to manipulate
individuals into revealing sensitive information or performing actions that compromise
security.Denial of Service (DoS) / Distributed Denial of Service (DDoS): Attacks that overload
systems or networks, rendering them unavailable to legitimate users.Data Breaches:
Unauthorized access to or disclosure of sensitive information, often resulting in financial or
reputational damage.Insider Threats: Employees, contractors, or other trusted individuals who
intentionally or unintentionally compromise security.Advanced Persistent Threats (APT): Long-
term, targeted attacks by well-funded, skilled adversaries, often involving espionage or
sabotage.

20
 Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1
Emerging Threats:
Ransomware: Increasingly sophisticated attacks where attackers encrypt data and demand
payment for its release.IoT Vulnerabilities: As more devices become connected, vulnerabilities
in Internet of Things (IoT) devices increase, making them targets for cybercriminals.Cloud
Security Issues: Misconfigured cloud environments or vulnerabilities in cloud service providers
lead to data breaches or service outages.Supply Chain Attacks: Attacks targeting the supply
chain, including software updates and third-party vendors, to gain access to an organization's
network.
Adversary Techniques:
Exploitation of Vulnerabilities: Attackers exploit unpatched or zero-day vulnerabilities in
software or hardware to gain access. Credential Stuffing: Using stolen or leaked credentials to
gain unauthorized access to accounts across multiple platforms. Man-in-the-Middle Attacks:
Intercepting and potentially altering communications between two parties. Lateral Movement:
Once inside a network, attackers move through systems to gain access to more critical assets.
Threat Actors:
Cybercriminals: Motivated by financial gain, cybercriminals often target individuals,
companies, and even governments. Nation-State Actors: Governments or state-sponsored
groups that engage in cyber warfare, espionage, or sabotage. Hacktivists: Groups or individuals
that conduct cyberattacks to promote a political, social, or environmental cause.Insiders:
Employees or contractors who exploit their access to systems or data for malicious purposes.
5. Impact of Cyber Threats:
Financial Loss: Costs associated with data breaches, system downtime, or recovery efforts.
Reputation Damage: Loss of customer trust and public confidence after an attack. Legal and Regulatory
Consequences: Fines, lawsuits, and penalties resulting from data breaches or non-compliance with
cybersecurity regulations (e.g., GDPR, HIPAA). Operational Disruption: Interruptions to business
operations, supply chains, or critical services.
6. Mitigation Strategies:
Regular Software Updates: Applying patches and updates to fix vulnerabilities and reduce the attack
surface. Network Segmentation: Isolating critical systems and data to limit lateral movement by
attackers. Employee Training: Educating staff on security best practices, such as recognizing phishing
attempts and using strong passwords. Incident Response Plans: Having well-defined plans in place for
detecting, responding to, and recovering from cyberattacks. Threat Intelligence: Continuously
monitoring and analyzing emerging threats and trends to proactively defend against attacks.
7. Technologies and Tools:
Firewalls: Protect networks by filtering traffic based on security rules. Intrusion Detection Systems
(IDS): Detect and alert on potential threats within a network. Endpoint Detection and Response (EDR):
Monitor and respond to threats on individual devices. SIEM (Security Information and Event
Management): Aggregates and analyzes security event data from across the organization. AI and
Machine Learning: Used to detect patterns of malicious activity and predict potential threats.
8. Future Trends:
AI-Driven Attacks: As AI and machine learning evolve, cybercriminals may use these technologies to
automate and enhance their attacks. Quantum Computing: The potential for quantum computing to
break current encryption methods is an area of concern for future cybersecurity.5G Security: The rollout
of 5G networks introduces new security challenges, including the expansion of attack surfaces and
vulnerabilities in network infrastructure. Zero Trust Security: The adoption of Zero Trust frameworks,
where no user or device is trusted by default, is becoming more common to secure sensitive data. The
cyber threat landscape is dynamic, with threats evolving as technology advances. Continuous vigilance,
proactive security measures, and a comprehensive risk management strategy are essential for staying
ahead of potential cyber adversaries.

20
 Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1
III. Cyber Security Frameworks and Standards
The digital threat landscape is always changing, with cybercriminals developing more advanced
attacks every day. To stay ahead in this ever-shifting environment, organizations must adopt the latest
cybersecurity frameworks.
These frameworks offer a structured approach to managing cybersecurity risks, addressing potential
vulnerabilities, and strengthening overall digital defenses. As companies increasingly rely on digital
technologies, keeping up with the most current cybersecurity frameworks has become crucial.
From the National Institute of Standards and Technology (NIST) to the Health Insurance Portability and
Accountability Act (HIPAA), these frameworks are vital for any IT operation.
What are Cybersecurity Frameworks?
A cybersecurity framework is a collection of policies, practices, and procedures designed to establish a
strong cybersecurity posture. These frameworks guide organizations in safeguarding their assets from
cyber threats by helping them identify, assess, and manage risks that could lead to data breaches, system
outages, or other disruptions.
By providing a structured approach, cybersecurity frameworks assist organizations in developing and
maintaining a tailored cybersecurity strategy that fits their specific needs. They enable security teams to
evaluate existing practices, identify gaps, and implement the necessary safeguards to protect critical
assets.
Top 7 Essential Cybersecurity Frameworks
Multiple cybersecurity frameworks are used in the industries and several organizations to maintain
safety and prevent the organizations from cyber attacks. Some of the top 7 essential cybersecurity
frameworks are mentioned below.
1. NIST Cybersecurity Framework
NIST framework is another top cybersecurity framework that was designed in response to an executive
order to improve critical infrastructure cybersecurity which called for greater collaboration between
the public and the private sector for identifying, assessing, and managing the risks of
cybersecurity. NIST CSF 2.0 has extended its reach beyond critical infrastructure cybersecurity
targeting small schools, non-profits, large agencies, and corporations. This cybersecurity framework
mainly consists of six main functions such as identity, protect, detect, respond, recover, and govern
by providing a holistic approach to managing the risks in cybersecurity
Advantages

 This framework is used to strengthen the infrastructure to bridge the gap between the CEOs and
the technical team.
 It is a widely accepted way to protect any business from ever-changing cyber threats.

 This framework also helps in integrating the industry standards and the best practices.
2. ISO 27001 and ISO 27002
ISO 27001 and ISO 27002 are integral components of the ISO 27000 series, which provides
comprehensive guidelines for establishing, implementing, maintaining, and continually improving
an information security management system (ISMS). Developed by the International Organization for
Standardization (ISO), these frameworks are among the most widely recognized and adopted
cybersecurity standards globally.
ISO 27001 focuses on the requirements for establishing an ISMS, offering a systematic approach to
managing sensitive company information so that it remains secure. This standard covers all aspects of
security, including people, processes, and IT systems.
ISO 27002 complements ISO 27001 by providing a detailed set of best practices for implementing the
security controls outlined in ISO 27001. It helps organizations select, implement, and manage

20
 Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1
information security controls, providing a robust guide for protecting sensitive information.
Advantages

 These frameworks help organizations protect sensitive information against a broad range of
cybersecurity threats, ensuring the confidentiality, integrity, and availability of data.

 They align closely with other standard management systems, such as those for quality assurance
and environmental management, making them easier to integrate into existing operations.

 Adopting ISO 27001 and ISO 27002 can significantly boost an organization's credibility and
resilience against cyber threats, enhancing trust with stakeholders and customers.
3. HIPAA
HIPAA is abbreviated as the Health Insurance Portability and Accountability Act which was introduced
by the United States government for, the availability and integrity of protected health information in the
healthcare industry. The main objective of HIPAA is to make sure that the individual's medical
information is secure and that they have full control over how the information is being used and
disclosed. HIPAA framework has been used by multiple industries that handle healthcare providers,
health plans, and PHI. Therefore this framework mainly consists of privacy rule sets and security rules
Advantages

 HIPAA mainly provides advantages such as it helps in enhancing the privacy of the
patients and data security.

 It helps reduce healthcare abuse and fraud by implementing industry standards.

 HIPAA results in significant fines and reputational damage for the organizations.
4. PCI-DSS
PCI-DSS (Payment Card Industry Data Security Standard) is a globally recognized cybersecurity
framework designed specifically to protect payment card information. Developed by the Payment Card
Industry Security Standards Council (PCI SSC), PCI-DSS provides a comprehensive set of
requirements aimed at securing credit card transactions and ensuring the safe handling of cardholder
data by merchants and service providers.
This framework encompasses various security measures, including data encryption, access control,
network security, and regular monitoring. Organizations that process, store, or transmit credit card
information must comply with PCI-DSS to protect against data breaches and fraud, ensuring the
security of their customers' financial information.
Advantages:
 PCI-DSS is essential for businesses in the payment card industry, helping them safeguard
cardholder data against a wide range of cyber threats, thereby reducing the risk of fraud and
data breaches.

 Compliance with PCI-DSS enhances an organization's credibility and trustworthiness,

demonstrating a commitment to securing customer financial data.

 By adhering to PCI-DSS, organizations can avoid hefty fines and penalties associated with non-
compliance, while also minimizing the potential financial and reputational damage from
security breaches.
5. SOC2
SOC2 is another popular cybersecurity framework and auditing standard that can be mainly used to
verify vendors and partners. It is a type of detailed framework with over 60 compliance
requirements and extensive auditing processes for third-party controls and systems. It is known to be
one of the toughest cybersecurity frameworks to implement especially for organizations in the
banking or in the financial sector which face a higher standard for compliance

20
 Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1
Advantages

 SOC2 is mainly used to improve the services and it also shows the ways individuals can
streamline the organization's control and processes.

 This framework also allows businesses to make security improvements which can increase
the efficiency of the organizations.

 SOC2 makes sure that the third-party service provider stores and processes the customer data in
an effective and secure manner.
6. FISMA
FISMA is abbreviated as the Federal Information Security Management Act which is a detailed
cybersecurity framework which was designed to protect the federal government information and the
systems as well as the third parties and the lenders who are working on behalf of the federal agencies
against the cyber security threats. Therefore under this cybersecurity framework agencies and third
parties are needed to maintain an inventory of the digital assets and identify any integration between the
systems and the networks.
Advantages

 Fisma mainly offers multiple benefits such as it helps in enhancing the security posture.

 This framework is used for the implementation of robust security which helps organizations to
strengthen their overall security postures.

 This framework also helps in reducing the risk of cyber-attacks and data breaches.
7. COBIT
COBIT is a popular cybersecurity framework that was developed by the Information Systems Audit and
Control Association. Control objectives for the information and related technology is a comprehensive
framework designed to help the organization manage their IT resources more effectively. This
framework mainly offers the best practices for risk management, security, and governance. The
framework is mainly divided into categories such
as acquiring, implementing, delivering, supporting, monitoring, and evaluating management. These
categories are used for particular processes and activities to help organizations effectively manage IT
resources.
Advantages
 This framework mainly includes comprehensive data security and protection guidelines.
 It is mainly used to protect organizations and their systems from cybersecurity threats.
 This framework is mainly used to improve and maintain high-quality information to
support business decisions.
IV. Security and Architecture Model of Cyber Security
A Security Architecture is critical to reducing risk, ensuring compliance, and effectively
addressing security issues in Software Development. Whether in the cloud or on-premises, it provides a
basis for identifying and managing potential threats, thereby increasing the safety and security of the
organization in the face of change in the digital environment. In this Article, we are going to study about
Secuirty Architecture, its types, examples, its benefits and why do we need security architecture in
software development.

20
 Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1

Security architecture is a strategy for designing and building a company's security infrastructure.
Troubleshoots data protection issues by analyzing processes, controls and systems. This multifaceted
strategy has many elements such as security policy, risk management, and determination of controls and
procedures. It is suitable for special cases such as network security, application security or business
information security.
The purpose of network security architecture is to protect the organization's network infrastructure using
tools such as firewalls and intrusion detection systems. Application security architecture focuses on
software security with an emphasis on secure coding methods and strong authentication systems. At the
same time, the company's information security architecture takes an approach to combine security measures
with business objectives across people, processes and technology.
Types of Security Architecture
1. Architecture of Network Security:
 The systematic design and implementation of security measures to safeguard an organization's
computer networks against unwanted access, cyberattacks, and data breaches is referred to as
network security architecture. It entails the installation of firewalls, intrusion detection/prevention
systems, and other network security controls in order to protect the integrity and confidentiality of
data transmitted across the network.
Example: To defend its internal network from illegal access and cyber threats, a corporation installs a
network security architecture that comprises firewalls, intrusion detection/prevention systems, and secure
Wi-Fi protocols.
2. Architecture of Application Security:
 Application Security Architecture entails the systematic design and integration of security
measures into software applications in order to prevent vulnerabilities and illegal access. Secure
coding practices, authentication systems, and encryption are all used to ensure the confidentiality
and integrity of sensitive data processed by apps.
Example: To prevent vulnerabilities and preserve user data, a software development business adds secure
coding methods, encryption, and rigorous authentication mechanisms into its application development
process.
3. Architecture of Cloud Security:
 Cloud Security Architecture is the design and implementation of security rules and practices
adapted specifically for cloud computing systems. To safeguard data, apps, and infrastructure
housed in the cloud, it includes methods such as encryption, identity and access management
(IAM), and frequent security audits.
Example: To secure data and applications hosted on cloud platforms such as Amazon Web Services
(AWS) or Microsoft Azure, a business deploys resources in a cloud environment using encryption, identity
and access management (IAM) restrictions, and frequent security audits.
4. Architecture of Enterprise Information Security:
 Enterprise Information Security Architecture (EISA) is a comprehensive method to protecting an
organization's information assets spanning people, processes, and technology. It entails the creation
and implementation of comprehensive security policies, as well as identity management and risk
assessment, in order to connect security efforts with business objectives and provide a unified
security posture.
Example: To protect sensitive client information and ensure regulatory compliance, a large financial
institution builds an enterprise-wide security architecture that comprises extensive security policies,
identity management systems, and regular risk assessments.
20
 Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1
5. Architecture for Wireless Security:
 Wireless Security Architecture is concerned with the design and implementation of security
mechanisms for wireless networks. It includes mechanisms such as WPA3 encryption, MAC
address filtering, and access control to prevent unauthorized access and protect data transfer in Wi-
Fi networks.
Example: The school uses a wireless security architecture that includes WPA3 encryption, MAC address
filtering, and access access to protect the Wi-Fi network and prevent unauthorized access.
6. Endpoint Security Architecture:
 Endpoint Security Architecture involves designing and implementing security mechanisms to
protect specific devices (endpoints) such as computers, mobile phones and tablets. It includes anti-
virus software, endpoint detection and response (EDR) technology, and mobile device management
(MDM) solutions to prevent malware and unauthorized access.
Example: A company uses endpoint security measures, including antivirus software, endpoint detection
and response (EDR) tools, and networking solutions to protect personal devices (computers, smartphones,
etc.) from malware. mobile device (MDM) and unauthorized access.
Elements of Security Architecture
The security architecture aspect includes many products and activities designed to provide effective
security in the organization. These devices work together to protect data assets and reduce risk. The
following are the main components of security architecture:
1. Security Framework:
 Policies and procedures that establish security standards, procedures, and policies in an
organization.
 Responsibilities: Building a security system, communicating expectations, and providing a
framework for compliance is part of the job.
2. Security Management:
 Security measures taken to detect, prevent or reduce the impact of security threats and
vulnerabilities.
 Responsibilities: Prevent unauthorized access, data deletion, and other security issues by using
security policies.
3. Risk Management:
 The process of identifying, analyzing and monitoring risks to the institution's information assets.
 Responsibilities: Participate in decision making, resource allocation and implementation of controls
to reduce or control identified risks.
4. IAM (Identity and Access Management):
 Management of user identities and their access to systems, applications and information.
 Responsibilities: Ensuring that only authorized personnel can access sensitive information,
preventing unauthorized access or information leakage.
5. Encryption:
 The process of encoding data so that it cannot be understood without the decryption key.
 Responsibilities: Protect sensitive data from unauthorized access while maintaining confidentiality,
especially during data transfer and storage.

20
 Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1
6. Responses to Issues:
 A good way to handle a security incident and control its outcome.
 Responsibilities: Minimize downtime, recover quickly, and analyze and learn from security
incidents.
7. Security Architecture Framework:
 A model or framework that provides best practices and guidelines for designing and implementing
security solutions.
 Responsibilities: As a plan to create an integrated and effective security system that suits business
needs.
8. Security Education and Training:
 Programs and events designed to educate employees and users about security risks, policies, and
best practices.
 Responsibilities: To improve the human base of security by promoting knowledge, behavior and
compliance with security laws.
Together, these elements help create a robust security system that helps protect an organization's
information assets and maintain effective defense against security-altering threats.
Examples of Security Architecture Framework
Many security architecture companies provide design guidelines and guidelines to help organizations
design and implement effective security solutions. Some good ideas on security architecture:
1. Open Group Architecture Framework (TOGAF):
 Overview: A popular approach to business architecture that incorporates security concerns
designed into its framework. TOGAF provides a comprehensive approach to business information
design, planning, implementation and management.
 Role: TOGAF incorporates security concerns into its infrastructure, making security an important
element of all business development processes.
2. Sherwood Applied Business Security Architecture (SABSA):
 Overview: A business-focused security framework focused on integrating security architecture
with business objectives. SABSA focuses on risk management and security integration across all
business sectors.
 Role: SABSA's role in security is to provide businesses with the tools to create a secure, risk-based
security architecture that closely meets business needs.
3. Zachman Framework:
 Overview: The Zachman Framework is not only a security framework but also a company
structure used to organize and explain the various perspectives involved in business architecture. It
provides a way to view and create complex systems.
 Role: The Zachman Framework can serve as a reference to ensure that every aspect of
organizations' security decisions is addressed, resulting in better security.
4. NIST Cybersecurity Framework:
 Overview: Developed by the National Institute of Standards and Technology (NIST), this
framework provides guidelines, standards, and best practices for managing cybersecurity risks. The

20
 Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1
 Role: NIST Cybersecurity Framework provides a framework for reviewing and updating
cybersecurity measures, aligning them with business objectives, and facilitating cybersecurity
communications.
5. ISO/IEC 27001:
 Overview: ISO/IEC 27001, ISO/IEC 27000 series are widely recognized information security
management (ISMS) standards. It provides an effective and risk-based approach to data
management.
 Role: Although ISO/IEC 27001 is not an original architectural framework, it can help
organizations create a unified and complete information security system to ensure business print
security.
6. MITER ATT&CK Framework:
 Overview: ATT&CK (Countermeasures, Countermeasures, Techniques, and Common Sense) is a
cybersecurity threat intelligence matrix that provides examples of strategies and tactics used by
known adversaries in cyber attacks.
 Role: Although not an architecture firm, ATT&CK provides security professionals with threat
intelligence and strategies to help organizations develop security policies that protect against
threats around the world.
These framework provides guidance to help organizations develop and improve security based on their
unique needs, risks, and business objectives.
Incident Response and Cybersecurity Incident Handling
Incident response is the structured process organizations use to identify, manage, and mitigate security
incidents effectively. It involves preparing for, detecting, analyzing, containing, eradicating, and recovering
from cybersecurity threats. Key steps include:
1. Preparation: Creating incident response plans (IRPs), setting up tools, and training employees.
2. Detection and Analysis: Identifying potential threats and understanding their scope and impact.
3. Containment: Isolating affected systems to prevent further damage.
4. Eradication: Removing malicious components and vulnerabilities.
5. Recovery: Restoring normal operations and verifying the systems' integrity.
6. Post-Incident Review: Documenting lessons learned to improve future response.
An effective incident response plan minimizes downtime, reduces financial losses, and ensures regulatory
compliance.
Security Awareness and Training
Security awareness and training programs aim to educate employees about potential cyber threats and best
practices for maintaining organizational security. Core components include:
1. Understanding Threats: Awareness of phishing, malware, ransomware, and social engineering
attacks.
2. Safe Practices: Guidance on password hygiene, secure browsing, and handling sensitive data.
3. Policy Familiarization: Training on organizational policies, such as acceptable use policies
(AUPs) and data protection guidelines.
4. Regular Updates: Continuous education on emerging threats and updated protocols.
Engaging methods like interactive sessions, real-world scenarios, and phishing simulations help improve
retention and promote a security-conscious culture.
20
 Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1

Legal and Ethical Aspects of Cybersecurity

Legal and ethical considerations are crucial in ensuring cybersecurity practices align with laws and moral
standards. Key areas include:
1. Regulations and Standards: Compliance with laws such as GDPR, HIPAA, and IT Act 2000.
2. Data Privacy: Protecting individuals' personal data from unauthorized access or misuse.
3. Ethical Hacking: Conducting penetration tests within legal boundaries and with proper consent.
4. Intellectual Property: Safeguarding digital assets and respecting copyright laws.
5. Incident Reporting: Ensuring timely communication to authorities and affected parties.
Adhering to these principles helps organizations maintain trust, avoid legal penalties, and operate
responsibly.

Emerging Trends in Cybersecurity

The dynamic nature of cyber threats necessitates awareness of emerging trends in cybersecurity. Key
developments include:
1. Artificial Intelligence (AI) in Security: Using AI to detect anomalies and predict potential
breaches.
2. Zero Trust Architecture: Implementing a “trust no one” approach to network access.
3. Cloud Security: Securing data in multi-cloud environments and hybrid cloud setups.
4. IoT Security: Addressing vulnerabilities in interconnected devices.
5. Quantum Cryptography: Enhancing encryption techniques to counter quantum computing
threats.
6. Cybersecurity Mesh: Deploying a flexible, modular approach to security.

20
Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1

20
Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1

20
Course Code/ Title : CS3404/ INTRODUCTION TO CYBER SECURITY Unit :1

20