1.

Explain the key concepts of cyber security

The Cyber Security on a whole is a very broad term but is based on three fundamental concepts
known as “The CIA Triad“.

It consists of Confidentiality, Integrity and Availability. This model is designed to guide the
organization with the policies of Cyber Security in the realm of Information security.

Confidentiality

 It defines the rules that limits the access of information. Confidentiality takes on the
measures to restrict the sensitive information from being accessed by cyber attackers
and hackers.

 In an organization, peoples are allowed or denied the access of information according to

its category by authorizing the right persons in a department. They are also given
proper training about the sharing of information and securing their accounts with strong
passwords.

 They can change the way data is handled within an organization to ensure data
protection. Various ways to ensure confidentiality, like: two-factor authentication, Data
encryption, data classification, biometric verification, and security tokens.

Integrity

 This assures that the data is consistent, accurate and trustworthy over its time period. It
means that the data within the transit should not be changed, altered, deleted or illegally
being accessed.

 Proper measures should be taken in an organization to ensure its safety. File

permissions and user access control are the measures controlling the data breach. Also,
there should be tools and technologies implemented to detect any change or breach in
the data. Various Organizations uses a checksum, and even cryptographic checksum to
verify the integrity of data.

 To cope with data loss or accidental deletion or even cyber attacks, regular backups
should be there. Cloud backups are now the most trusted solution for this.
Availability

 Availability in terms of all necessary components like hardware, software, networks,

devices and security equipment should all be maintained and upgraded. This will ensure
the smooth functioning and access of Data without any disruption. Also providing
constant communication between the components through providing enough
bandwidth.

 It also involves opting for extra security equipment in case of any disaster or
bottlenecks. Utilities like firewalls, disaster recovery plans, proxy servers and a proper
backup solution should ensure to cope with DoS attacks.

 For a successful approach, it should go through multiple layers of security to ensure

protection to every constituent of CyberSecurity. Particularly involving computers,
hardware systems, networks, software programs and the data which are shared among
them

2. Types of cybersecuity threats

 Malware. Software that performs a malicious task on a target device or network, e.g.
corrupting data or taking over a system.

 Phishing. An email-borne attack that involves tricking the email recipient into
disclosing confidential information or downloading malware by clicking on a hyperlink
in the message.

 Spear Phishing. A more sophisticated form of phishing where the attacker learns about
the victim and impersonates someone he or she knows and trusts.

 “Man in the Middle” (MitM) attack. Where an attacker establishes a position

between the sender and recipient of electronic messages and intercepts them, perhaps
changing them in transit. The sender and recipient believe they are communicating
directly with one another. A MitM attack might be used in the military to confuse an
enemy.

 Trojans. Named after the Trojan Horse of ancient Greek history, the Trojan is a type of
malware that enters a target system looking like one thing, e.g. a standard piece of
software, but then lets out the malicious code once inside the host system.

 Ransomware. An attack that involves encrypting data on the target system and
demanding a ransom in exchange for letting the user have access to the data again.
These attacks range from low-level nuisances to serious incidents like the locking down
of the entire city of Atlanta’s municipal government data in 2018.
  Denial of Service attack or Distributed Denial of Service Attack (DDoS). Where an
attacker takes over many (perhaps thousands) of devices and uses them to invoke the
functions of a target system, e.g. a website, causing it to crash from an overload of
demand.

 Attacks on IoT Devices. IoT devices like industrial sensors are vulnerable to multiple
types of cyber threats. These include hackers taking over the device to make it part of a
DDoS attack and unauthorized access to data being collected by the device. Given their
numbers, geographic distribution and frequently out-of-date operating systems, IoT
devices are a prime target for malicious actors.

 Data Breaches. A data breach is a theft of data by a malicious actor. Motives for data
breaches include crime (i.e. identity theft), a desire to embarrass an institution (e.g.
Edward Snowden or the DNC hack) and espionage.

 Malware on Mobile Apps. Mobile devices are vulnerable to malware attacks just like
other computing hardware. Attackers may embed malware in app downloads, mobile
websites or phishing emails and text messages. Once compromised, a mobile device
can give the malicious actor access to personal information, location data, financial
accounts and more.

3. What are different types of cyber crime?

Cyber crime can be categorised into :

 Cyber crime against person

 Cyber crime against property

 Cyber crime against government

 Cyber crime against society

a. Cyber crime against person :

 a. Cyber stalking : The term stalking means unwanted or obsessive attention by an

individual or group towards another person. Cyber stalking refers to threat that is
created through the use of computer technology such as Internet, e-mails, SMS,
webcams, phones calls, websites or even videos.

 b. cyber crime Hacking : This means gaining unauthorised access over computer
system with the intent of personal gain or misuse. It generally destroys the whole data
present in computer system. Screenshot 2 shows message that hacker can post once
your system is compromised.
  c. Cracking : Cracking refers to digitally removing the copy write protection code that
prevents copied or pirated software from running on computers that haven’t been
authorised to run it by the vendor of the software. The person who carries out this task
if called as Cracker.

 There is difference between Hacker and a Cracker. Hacker uses their knowledge to find
the flaws in the security of systems where as Cracker uses their knowledge to break the
law.

 d. Defamation : It involves action of damaging the good reputation of someone using

computer or electronic service as medium. For eg., Posting vulgar message and/or
photos about a person on his/her social network profile such as facebook, twitter etc.

 e. Online fraud : This refers to acts of stealing confidential details of victim such as
banking credentials using phishing sites and thereafter withdrawing money from
victims account, online lottery scams such as nigeria lottery scams. Screenshot 3 shows
online lottery scam claiming that you have won $ 5,00,000 amount!

 f. Child pronography : This involves the use of electronic device and services to
create, distribute or access materials that sexually exploit minor childrens. For
eg., Recording heinous act done with child on mobile device and distributing on porn
site.

 g. Spoofing : The term spoofing means imitate something while exaggerating its
characteristic features with some personal gain or profit. Spoofing of user identity can
be described as a situation in which one person or program successfully
masquerades (means pretending to be someone one is not) as another by falsifying data.
Spoofing can be done using email or SMS or WhatApp. For eg.,Constantly mailing a
person claiming from bank and requesting banking credentials.

b. Cyber crime against Property

 In this category crime is committed against property of person using electronic service
as a medium. Below are some offences that comes under this category :

 a.Transmitting virus : A computer virus is a malware program that reproduces

itself into another computer programs, disk drive, files or booting sector of hard drive.
Once this replication of so called virus is succeeded the areas affected are termed
as “infected”. Hacker generally transmit virus to target system using email attachment
as medium. When victim opens the attachment (which is infected with virus) this virus
gets replicated throughout the system and thereby slowing down your system.

 b. Cyber Squatting : The term squatting means unlawfully occupying an uninhabited

place. Cyber Squatting is where two or more persons claim for the same Domain Name
 or any service available on Internet such as facebook profile etc. The hacker claims
that he/she had first registered the name before other person or he/she is the owner for
twitter handle.

 For eg., the first case in India registered for cyber squatting was Yahoo Inc. v/s Aakash
Arora in 1999 where the defendant launched a YahooIndia.com website nearly identical
to the plaintiff’s popular website Yahoo.com and also provided almost similar services.
However, the court ruled in favour of Yahoo Inc.

 c. Cyber Vandalism : Vandalism refers to action involving deliberate destruction or

damage of public or private property. Cyber vandalism means destroying or damaging
the data when a network service is unavailable.

 For eg., The Tribune of Pakistan had reported in November 2012 that hackers (group
named as ‘eboz’ in Pakistan) replaced Google’s Pakistan logo with a picture of two
penguins walking up a bridge at sunset.

 d. Intellectual Property Crimes : Intellectual property are intangible property that is

the result of creativity such as copyrights, trademark, patent etc. Intellectual Property
Right (IPR) crime is any unlawful act by which the owner is deprived of his/her rights
completely or partially. These are the most common offence occurring in India and
includes software piracy, infringement of patents, designs, trademark, copyright, theft
of source code etc.

 For eg., The popular case of trademark of Bikanervala v/s New Bikanerwala filed in
2005. The plaintiff (here Bikanervala) had filed IPR case with defendant (here New
Bikanerwala) since they were running new outlet in Delhi by using trademark
registered with plaintiff. The court had allowed plaintiff’s application and the defendant
was restrained by means of an ad interim injunction.

c. Cyber crime against government:

 In this category crime is committed against government by using Internet facilities.

Below are some offences that comes under this category :

 a. Cyber Warfare : Cyber warfare is Internet-based conflict that involves politically

motivated attacks on information and its related systems. It can disable official websites
and networks, disrupt or even disable essential services such as Internet connection,
steal or alter classified data such as sensex details on official website, and cripple
financial systems such as blocking payment gateways.

 For eg., National Security Agency (NSA) of US spying on large scale on many
countries. This spying was blown up by former NSA agent Edward Snowden.
  b. Cyber Terrorism : Cyber Terrorism is politically motivated use of computers and
information technology to cause severe disruption or widespread fear amongst people.

 For eg., the recent example of 2015 dimapur mob lynching rape accused is due to
outspread of message on chatting app called Whatsapp amount locals of Dimapur
district in Nagaland.

d. Cyber crime against society at large :

 An unlawful activities done with the intention of causing harm to the cyberspace that can
affect entire society or large number of persons. Below are offences that comes under this
category:

 a. Online Gambling : The
chance for money. Online
growing today in the list
gambling or iGambling. The
scam (particularly those of
location etc.
term gambling means involving in activities that allows
gambling is one of the most lucrative businesses that is
of cyber crimes in India. It is also known as Internet
cyber crime incident such as online lottery
Nigeria lottery scam), online jobs i.e. work from remote

 b. Cyber Trafficking : The term trafficking means dealing or involving in trade

activities that is considered to be illegal and is prohibited by cybercrime law. Cyber
Trafficking refers to unlawful activities carried out using computer and/or computer
services. For eg., selling kidnapped child to human trafficking group using WhatsApp as
medium.

4. Write about Proliferation of Mobile and Wireless Devices

 Today, incredible advances are being made for mobile devices. The trend is for smaller
devices and more processing power. A few years ago, the choice was between a wireless
phone and a simple PDA. Now the buyers have a choice between high-end PDAs with
integrated wireless modems and small phones with wireless Web-browsing capabilities.
A long list of options is available to the mobile users. A simple hand-held mobile device
provides enough computing power to run small applications, play games and music, and
make voice calls. A key driver for the growth of mobile technology is the rapid growth of
business solutions into hand-held devices.

 As the term "mobile device" includes many products. We first provide a clear distinction
among the key terms: mobile computing, wireless computing and hand-held devices.

 Many types of mobile computers have been introduced since 1990s. They are as follows:
  1. Portable computer: It is a general-purpose computer that can be easily moved from
one place to another, but cannot be used while in transit, usually because it requires some
"setting-up" and an AC power source.

 2. Tablet PC: It lacks a keyboard, is shaped like a slate or a paper notebook and has
features of a touchscreen with a stylus and handwriting recognition software. Tablets may
not be best suited for applications requiring a physical keyboard for typing, but are
otherwise capable of carrying out most tasks that an ordinary laptop would be able to
perform.

 3. Internet tablet: It is the Internet appliance in tablet form. Unlike a Tablet PC, the
Internet tablet does not have much computing power and its applications suite is limited.
Also it cannot replace a general-purpose computer. The Internet tablets typically feature
an MP3 and video player, a Web browser, a chat application and a picture viewer.

 4. Personal digital assistant (PDA): It is a small, usually pocket-sized, computer with

limited functionality. It is intended to supplement and synchronize with a desktop
computer, giving access to contacts, address book, notes, E-Mail and other features.

 5. Ultramobile (PC): It is a full-featured, PDA-sized computer running a general-

purpose operating system (OS).

 6. Smartphone: It is a PDA with an integrated cell phone functionality. Current

Smartphones have a wide range of features and installable applications.

 7. Carputer: It is a computing device installed in an automobile. It operates as a wireless

computer, sound system, global positioning system (GPS) and DVD player. It also
contains word processing software and is Bluetooth compatible.

 8. Fly Fusion Pentop computer: It is a computing device with the size and shape of a
pen. It functions as a writing utensil, MP3 player, language translator, digital storage
device and calculator.

5. Explain the Types and Techniques of Credit Card Frauds

 Traditional Techniques

 The traditional and the first type of credit card fraud is paper-based-application fraud,
wherein a criminal uses stolen or fake documents such as utility bills and bank statements
that can build up useful personally Identifiable Information (PII) to open an account in
someone else's name.

 Application fraud can be divided into

 1. ID theft: Where an individual pretends to be someone else.

  2. Financial fraud: Where an individual gives false information about his or her
financial status to acquire credit.

 Sophisticated techniques, enable criminals to produce fake and doctored cards. Then
there are also those who use skimming to commit fraud. Skimming is where the
information held on either the magnetic strip on the back of the credit card or the data
stored on the smart chip are copied from one card to another. Site cloning and false
merchant sites on the Internet are becoming a popular method of fraud and to direct the
users to such bogus/fake sites is called Phishing. Such sites are designed to get people to
hand over their credit card details without realizing that they have been directed to a fake
weblink/website (i.e., they have been scammed).

1. Triangulation: It is another method of credit card fraud and works in the fashion as explained
further.

 The criminal offers the goods with heavy discounted rates through a website designed
and hosted

 The customer registers on this website with his/her name, address, shipping address and
valid credit card details.

 The criminal orders the goods from a legitimate website with the help of stolen credit
card details and supply shipping address that have been provided by the customer while
registering on the criminal's website.

 The goods are shipped to the customer and the transaction gets completed.

 The criminal keeps on purchasing other goods using fraudulent credit card details of
different customers till the criminal closes existing website and starts a new one.

 Customers till the criminal closes existing website and starts a new one.

 Such websites are usually available for few weeks/months, till the authorities track the
websites through which the criminal has enticed the individuals to reveal their personal
details, which enabled the criminal to commit the transactions by using the credit card
details of these customers. The entire investigation process for tracking and reaching
these criminals is time-consuming, and the criminals may close such fake website in
between the process that may cause further difficulty to trace the criminal. The criminals
aim to create a great deal of confusion for the authorities so that they can operate long
enough to accumulate a vast amount of goods purchased through such fraudulent
transactions.

 2. Credit card generators: It is another modern technique computer emulation software

that creates valid credit card numbers and expiry dates. The criminals highly rely on these
 generators to create valid credit cards. These are available for free download on the
Internet.

6. Write about the IPR Issues in cyber security

Copyright issues in cyber space

 Linking: “Linking” allows a website user to visit another website on the Internet without
leaving that particular website. By clicking on a word or image in one web page, the user
can view another Web page somewhere else in the world, or on the same server as the
original page. Linking may damage the rights or interests of the owner of the page that is
linked to in two ways:

 linked-to sites can lose income as their revenues are often tied to the number of viewers
who visit their home page, and;

 it may create the impression in the minds of users that the two linked sites endorse each
other or are somehow linked to each other.

Trademark issues in cyber space

 A domain name dispute is a conflict that arises when more than one individual believe
they have the right to register a specific domain name. A “domain name dispute” arises
when a domain name similar to a registered trademark is registered by another individual
or organization who is not the owner of registered trademark. All domain name registrars
must follow the Uniform Domain-Name Dispute-Resolution Policy (UDRP).

 Yahoo! Inc v. Akash Arora & Anr (1999 IIAD Delhi 229) the defendants were using
“yahooindia.com” for providing internet services. The petitioner here was the owner of
the trademark “Yahoo!” and had registered its domain name with different countries like
“yahoo.in” for India. Hence, the domain name “yahooindia.com” could be mistaken as an
extension of “Yahoo!”. The Court treated the matter as passing off and granted an
injunction restraining the defendant from using the domain name “yahooindia.com”.

Email marketing risks

 Outbound digital marketing via email is a traditional and powerful tool. The threat of
email account hijacking includes phishing and spamming. Hackers can send links to
malicious websites that download ransomware to completely encrypt the victim’s data
files.

 Guard against email messaging threats through encryption and adding outbound filters.
Digital marketers should install email security software to stay ahead with cybersecurity
threats.
Threats to customers’ data privacy

 Customer data is the treasure trove of digital marketers. That data is likewise a goldmine
for hackers, who steal, sell, and compromise customer passwords, credit card
information, and personal data. Data breaches have resulted in the compromise of
millions of customer accounts, bad publicity for the targeted businesses, as well as fines
and legal sanctions.

Social Media Disruption

 Social media is a valuable monitoring tool for tracking real-time references to a business
brand. Those mentions provide a source for exploiting outbound marketing efforts. On
the other hand, hackers can hijack a social media account and create confusion. Hacking
can change the company profile, add false and offensive statements and send spam emails
from the account to its customers.

 The Danger Social Media Bots Present

 We are always trying to reduce costs, improve productivity and make things more
efficient. This is how we evolve and with evolution comes innovation. Automating your
social media account and the posting schedule is a useful function. This allowsd you to
save time and become more productive.

 some basic security measure s to take to secure your account:

 Use 2 factor authentication.

 Change your password every 2-3 months.

 Review your profile and account settings every 2-3 months

 Cookie Logging & Cookie Jacking

 Cookies are pieces of software that depends on the cookie type get downloaded onto the
user’s browser or hard drive and provide information on the user’s habits. A use case of
how cookies work is used in ecommerce stores when users place items into their
shopping cart, this allows store advertising to send retargeting ads and messages to you
because you have been cookied and the store knows your movements when on that stores
website.

7. Explain about data profiling in cyber security

• In our increasingly connected world, the amount of data – and the sources of this data –
continue to rise. Data profiling is an often-visual assessment that uses a toolbox of
business rules and analytical algorithms to discover, understand and potentially expose
 inconsistencies in your data. This knowledge is then used to improve data quality as an
important part of monitoring and improving the health of these newer, bigger data sets.

• The amount of data is only one side of the equation – data quality is important, too. Data
that isn’t formatted right, standardized or correctly integrated with the rest of the database
can cause delays and problems that lead to missed opportunities, confused customers and
bad decisions.

• Data profiling helps you to get ahead of these issues.

• Why do you need data profiling?

• Data profiling helps you discover, understand and organize your data. It should be an
essential part of how your organization handles its data for several reasons.

• First, data profiling helps cover the basics with your data, verifying that the information
in your tables matches the descriptions. Then it can help you better understand your data
by revealing the relationships that span different databases, source applications or tables.

• What are the different kinds of data profiling?

• Many of the data profiling techniques or processes used today fall into three major
categories: structure discovery, content discovery and relationship discovery.

• Structure discovery, also known as structure analysis, validates that the data that you
have is consistent and formatted correctly. There are several different processes that you
can use for this, such as pattern matching. For example, if you have a data set of phone
numbers, pattern matching helps you find the valid sets of formats within the data set.
Pattern matching also helps you understand whether a field is text- or number-based
along with other format-specific information.

8. Write about the privacy issues in cyber security

• Internet is the fastest way of connecting with the world but, unfortunately, it is not the
safest one. The internet is full of scams and gambles, and you are on the verge of
security risks when you choose to be online.

• Most internet users are least bothered about their online privacy and are unaware of the
plausible risks associated with it. Not only your privacy but your safety is also
endangered, especially when you are using the internet to carry out important and
secretive tasks like online banking and sharing crucial business files.

• Three Major Issues Concerning Online Privacy

Spying and Snooping

 • When you are online, you are spied by a number of trackers for various
purposes. Trackers keep a record of your search history and track all your online
activities through various means. This provides them a clear picture of who you are and
your interests, which is a breach of online privacy policy and makes you a public
property. Most of the time, this tracking is for advertisement purposes only and it allows
advertisers to show ads according to your taste and interests. But sometimes this
information is used by cybercriminals to carry out unauthorized and illegal activities
risking your online existence.

Information Mishandling

• There are various sites on the internet that need your personal information to get access to
their services. These sites often store cookies and save your personal information and
later use it for various purposes. Most of the time this information is not encrypted and
can be accessed by anyone. This mishandling of personal information may lead to serious
consequences. The modern trend of e-banking and e-business portals have multiplied the
risks associated with online privacy. By sharing your bank details and crucial files on the
internet, you are paving ways for burglars and making yourself vulnerable to
cybercriminals.

• Data privacy fundamentals entail the proper use and handling of data with sensitive
information. This typically includes personal, health, or financial data about an individual
or organization. It should not be confused with data security, which is the process of
protecting data from being viewed, altered, or stolen by unauthorized users.

Data Confidentiality

• Data confidentiality is the prevention of unauthorized entities from accessing sensitive

data. Users who access the data must be properly authorized to use it, see it, and
distribute it. Not all data is created equal in this regard, as some types of data are more
sensitive than others.