A Literature Review of Cyber

Security
Abstract

In recent years, the Internet has become an integral element of people's everyday lifestyles all across the world.
Online criminality, on the other hand, has risen in tandem with the growth of Internet activity.
Cyber security has advanced greatly in recent years in order to keep up with the rapid changes that occur in
cyberspace.
Cyber security refers to the methods that a country or organization can use to safeguard its products and
information in cyberspace.
Two decades ago, the term "cyber security" was barely recognized by the general public. Cyber security isn't
just a problem that affects individuals but it also applies to an organization or a government. Everything has
recently been digitized, with cybernetics employing a variety of technologies such as cloud computing, smart
phones, and Internet of Things techniques, among others.
 Cyber security safeguards the data and integrity of computing assets that are part of or connected to an
organization's network, with the goal of defending such assets from all threat actors throughout the life cycle of
a cyber-attack
INTRODUCTION

 Cyber security has developed into a topic of global significance and value. More than 50
countries have already officially published some form of strategy paper outlining their
official stance on cyberspace, cybercrime and/or cyber security.
 Cyber security is used, in most literature, as an all-inclusive term. Definitions of this
word differ, e.g. the Merriam Webster dictionary defines it as "measures taken to protect
a device or computer network from unauthorized access or attack" The International
Telecommunications Union (ITU) describes the following for cyber security.
 Cybersecurity is the array of resources, procedures, security principles, safety protocols,
rules, risk management strategies, activities, training, best practices, compliance, and
technology that can be used to secure the cyber environment and the properties of the
company and user.
The Most Significant Cyber Attacks from
2006-2020,by Country
What are the Most Common Types?

Specops highlights the four most commonly used for significant cyber crimes:

• Structured Query Language (SQL) Injection Attack

• A man-in-the-middle (MitM)

• Phishing Attack

• Denial of Service Attack (DoS)

Structured Query Language (SQL) Injection
Attack

• SQL injection is a sort of attack that targets SQL

databases only. SQL statements are used to query
data in SQL databases, and these statements are
commonly executed through an HTML form on a
webpage.
• If the database permissions are incorrectly
specified, the attacker may be able to use the
HTML form to run queries that create, read,
change, or delete data from the database.
• the hacker writes vindictive SQL code and inserts
it into a victim’s database, in order to access
private information
A man-in-the-middle (MitM)

• A man-in-the-middle (MITM) attack is a cyber

attack in which a threat actor puts themselves in
the middle of two parties, typically a user and an
application, to intercept their communications and
data exchanges and use them for malicious
purposes like making unauthorized purchases or
hacking.
• This form of attack happens when a cyber criminal
hacks into a communication channel between two
people, and eavesdrops on their online exchanges.
Phishing Attack

“Phishing” refers to an attempt to steal sensitive

information, typically in the form of usernames,
passwords, credit card numbers, bank account
information or other important data in order to utilize or
sell the stolen information.
Denial of Service Attack (DoS)

"Denial of service" or "DoS" describes the

ultimate goal of a class of cyber attacks
designed to render a service inaccessible. The
DoS attacks that most people have heard about
are those launched against high profile
websites, since these are frequently reported
by the media.
Literature review

To maintain information security, organizations

establish focal points for cybersecurity and defense
operations known as Security Operations Centers
(SOCs) or Security Incident Response Teams
(CSIRTs). To deal with cybersecurity problems, the
SOC or CSIRT establish daily operations or activities
that are executed by security analysts.
 CONCLUSION

• This paper examined the meanings of both the security of information and ICT. The paper then
argued that cyber security is distinct from information security, despite sometimes being used as an
equivalent concept for information security.
• the paper argues that cyber security reaches beyond conventional information security boundaries
to include not only the protection of information resources, but also that of other properties,
including the individual himself
• In cyber security this aspect has a further element, namely, humans as possible targets of cyber-
attacks or even engaging unknowingly in a cyber assault.
Cybercrime is estimated to have cost the global economy just under USD 1
trillion in 2020, indicating an increase of more than 50% since 2018. With
the average cyber insurance claim rising from USD 145,000 in 2019 to
USD 359,000 in 2020, there is a growing necessity for better cyber
information sources, standardised databases, mandatory reporting and
public awareness. This research analyses the extant academic and industry
literature on cybersecurity and cyber risk management with a particular
focus on data availability. From a preliminary search resulting in 5219
cyber peer-reviewed studies, the application of the systematic methodology
resulted in 79 unique datasets. We posit that the lack of available data on
cyber risk poses a serious problem for stakeholders seeking to tackle this
issue. In particular, we identify a lacuna in open databases that undermine
collective endeavours to better manage this set of risks. The resulting data
evaluation and categorisation will support cybersecurity researchers and
the insurance industry in their efforts to comprehend, metricise and
manage cyber risks.
AIM AND OBJECTIVE OF RESEARCH:

A.Extensive literature survey about various types of cyber attacks and defense
Methodologies

B.Evolving a Cyber Risk Management model in support of the information security.

C.Generalize and socialize the usage of Cyber Risk Management model.

D. Usage of the proposed model in various applications of cyber defense.

KEY WORDS:
Cyber Security,cyber attacks,
Risks Assesment,
Cyber Risk Management,
Cyber Attacks
Prediction Model.
Bayesian network (BN)