Cyber Security
Cyber Security
Cyber Security is referred to the security offered through online services to protect the online
information.
With an increasing amount of people getting connected to the Internet, the security threats are also
massively increasing.
Cyber Security:
It is the body of technologies, processes and practices designed to protect networks, devices,
programs and data from attack, theft, damage, modification or unauthorized access. It is also called as
Information Technology Security.
OR
Cyber Security is the setoff principles and practices designed to protect the computing resources
and online information against threats.
Understanding Cyber Security:
Maintenance:
Install a security suite that protects the computer against threats such as viruses and worms. (eg.,
Antivirus)
Hackers:
A hacker is a person who uses computers to gain unauthorized access to data.
Types of Hackers:
• Black Hat Hackers: (Unethical Hacker or Security Cracker)
These people hack the system illegally to steal money or to achieve their own illegal goals.
They find the banks or organization with weak security and steal money or credit card
information, they can also modify or destroy confidential data.
• White Hat Hackers: (Ethical Hacker or Penetration Tester)
These people use the same technique used by the black hat hackers, but they can only hack
the system that they have permission to hack inorder to test the security of the system.
They focus on securing and protecting IT System. White Hat Hacker is legal.
• Grey Hat Hackers:
Grey Hat Hackers are hybrid of Black hat hackers & White hat hackers
They can hack any system even if they don’t have permission to test the security of the
system but they will never steal money or damage the system.
Maintenance:
It may be impossible to prevent computer hacking, however effective security controls including
strong passwords and the use of firewalls.
Maintenance:
Download an anti-malware program that also helps prevent infection. Activate network protection
firewall, antivirus.
Trojan Horse:
Trojan horse are email viruses that can duplicate themselves, steal information or harm the computer
system. These viruses are the most serious threats to computers.
Maintenance:
Security suits such as Avast Internet Security, which will prevent from downloading Trojan Horses.
Password Cracking:
Password attacks are attacks by hackers that are able to determine passwords or find passwords to
different protected electronic areas and social network sites.
Maintenance:
Use always strong password. Never use same password for two different sites.
CYBER SECURITY Page 5
LAYERS OF SECURITY
The 7 layers of cyber security should center on the mission critical assests.
Vulnerabilities are the gaps or weaknesses in a system that make threats possible and tempt
threat actors to exploit them.
SQL injections,
Server misconfigurations,
Cross-site scripting, and
Transmitting sensitive data in a non- encrypted plain text format.
Computer Criminals:
Computer crimes have quickly become on of the fastest rising forms of modern crime. According to
cyber experts, approx., 1 million potential cyber attacks are attempted per day.
Types of Cyber Criminals:
Cyber criminals are also known as hackers. Hackers are extremely difficult to identify on both
individual and group level, due to their various security measures.
Cyber Security expert assert that Cyber Criminals are using more ruthless methods to achieve their
objectives and the proficiency of attacks are expected to advance as they continue to develop new
methods of cyber attacks.
Identity Thieves:
Identity thieves are cyber criminals who try to gain access to their victim’s personal
information. They use their information to make financial transaction while impersonating their
victims. Identity theft is one of the oldest cyber crime.
Phishing Scammers:
Phishing are cyber criminals who attempt to get hold of personal or sensitive information
through victim’s computer.
This is often done via phishing websites that are designed to copycat small business,
corporate or government websites.
Once such information is obtained, phishers either use the information themselves for
identity fraud scams or sell it in the dark web.
Cyber Terrorists:
Cyber Terrorism is a well-developed politically inspired cyber attack in which the cyber
criminal attempts to steal data or corrupt corporate or Government computer systems and networks
resulting in harm to countries, business, organizations and even individuals.
The key difference between an act of cyber terrorism and a regular cyber attack is that
within an attack of cyber terrorism, hackers are politically motivated as opposed to just seeking
financial gain.
CIA Triad
The CIA Triad is actually a security model that has been developed to help people think about
various parts of IT security.
CIA triad broken down:
Confidentiality:
Protecting confidentiality is dependent on being able to define and enforce certain access levels for
information. This process involves separating information into various collections that are
organized by authorized user, who needs to access the information and how sensitive that
information actually is - i.e. the amount of damage suffered if the confidentiality was breached.
Integrity
This is an essential component of the CIA Triad and designed to protect data from deletion or
modification from any unauthorized party, and it ensures that when an authorized person makes a
change that should not have been made the damage can be reversed.
CYBER SECURITY Page 8
Standard measures to guarantee Integrity include:
Cryptography checksums
Using file permissions
Uninterrupted power supplies
Data backups.
Availability
This is the final component of the CIA Triad and refers to the actual availability of your data.
Authentication mechanisms, access channels and systems all have to work properly for the
information they protect and ensure it's available when it is needed.
For example: An employee’s desktop computer, laptop or company phone would be considered
an asset, as would applications on those devices. Likewise, critical infrastructure, such as
servers and support systems, are assets. An organization’s most common assets are information
assets. These are things such as databases and physical files – i.e. the sensitive data that you
store
A threat is any incident that could negatively affect an asset – for example, if it’s lost, knocked
offline or accessed by an unauthorized party.
Intentional threats include things such as criminal hacking or a malicious insider stealing
information, whereas accidental threats generally involve employee error, a technical
malfunction or an event that causes physical damage, such as a fire or natural disaster.
Motive of Attackers
The categories of cyber-attackers enable us to better understand the attackers' motivations and
the actions they take. As shown in Figure, operational cyber security risks arise from three
types of actions:
i) inadvertent actions (generally by insiders) that are taken without malicious or harmful
intent;
ii) deliberate actions (by insiders or outsiders) that are taken intentionally and are meant
to do harm; and
iii) inaction (generally by insiders), such as a failure to act in a given situation, either
because of a lack of appropriate skills, knowledge, guidance, or availability of the
CYBER SECURITY Page 9
correct person to take action
Of primary concern here are deliberate actions, of which there are three categories of
motivation.
1) Web-based attacks
2) System-based attacks
Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows-
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS
resolver's cache causing the name server to return an incorrect IP address, diverting traffic to
the attackers computer or any other computer. The DNS spoofing attacks can go on for a long
period of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have access
to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy
entity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.
It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.
Application layer attacks- Its goal is to crash the web server and is measured in request per
second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get
original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.
It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of
the include functionality.
It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert
and modify the data in the intercepted connection.
System-based attacks
These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-
2. Virus
It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.
4. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It appears
to be a normal application but when opened/executed some malicious code will run in the
background.
5. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.
6. Bots
A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they receive
specific input. Common examples of bots program are the crawler, chatroom bots, and
malicious bots.
Active attacks: An active attack is a network exploit in which a hacker attempts to make
changes to data on the target or data en route to the target.
Masquerade: in this attack, the intruder pretends to be a particular user of a system to gain
access or to gain greater privileges than they are authorized for. A masquerade may be
attempted through the use of stolen login IDs and passwords, through finding security gaps in
programs or through bypassing the authentication mechanism.
Session replay: In this type of attack, a hacker steals an authorized user’s log in information
by stealing the session ID. The intruder gains access and the ability to do anything the
authorized user can do on the website.
Message modification: In this attack, an intruder alters packet header addresses to direct a
message to a different destination or modify the data on a target machine.
In a denial of service (DoS) attack, users are deprived of access to a network or web resource.
This is generally accomplished by overwhelming the target with more traffic than it can handle.
Passive Attacks:Passive attacks are relatively scarce from a classification perspective, but can
be carried out with relative ease, particularly if the traffic is not encrypted.
Eavesdropping (tapping): the attacker simply listens to messages exchanged by two entities.
For the attack to be useful, the traffic must not be encrypted. Any unencrypted information,
such as a password sent in response to an HTTP request, may be retrieved by the attacker.
Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to deduce
information relating to the exchange and the participating entities, e.g. the form of the
exchanged traffic (rate, duration, etc.). In the cases where encrypted data are used, traffic
analysis can also lead to attacks by cryptanalysis, whereby the attacker may obtain information
or succeed in unencrypting the traffic.
Attack Characteristics
Virus A virus is a program that attempts to damage a computer system and replicate itself
to other computer systems. A virus:
Logic A Logic Bomb is malware that lies dormant until triggered. A logic bomb is a
Bomb specific example of an asynchronous attack.
Hardware Attacks:
Common hardware attacks include:
Security Policies:
Security policies are a formal set of rules which is issued by an organization to ensure that the
user who are authorized to access company technology and information assets comply with
rules and guidelines related to the security of information.
A security policy also considered to be a "living document" which means that the document is
never finished, but it is continuously updated as requirements of the technology and employee
changes.
We use security policies to manage our network security. Most types of security policies are
automatically created during the installation. We can also customize policies to suit our specific
environment.
1) It increases efficiency.
Firewall Policy:
• It blocks the unauthorized users from accessing the systems and networks that connect
to the Internet.
• It detects the attacks by cybercriminals and removes the unwanted sources of network
traffic.
• This policy automatically detects and blocks the network attacks and browser attacks.
• It also protects applications from vulnerabilities and checks the contents of one or
more data packages and detects malware which is coming through legal ways.
• This policy protects a system's resources from applications and manages the
peripheral devices that can attach to a system.
• The device control policy applies to both Windows and Mac computers whereas
application control policy can be applied only to Windows clients.
CYBERSPACE
Cyberspace can be defined as an intricate environment that involves interactions between
people, software, and services. It is maintained by the worldwide distribution of information
and communication technology devices and networks.
With the benefits carried by the technological advancements, the cyberspace today hasbecome
a common pool used by citizens, businesses, critical information infrastructure, military and
governments in a fashion that makes it hard to induce clear boundaries among these different
groups. The cyberspace is anticipated to become even more complex in the upcoming years,
with the increase in networks and devices connected to it.
REGULATIONS
There are five predominant laws to cover when it comes to cybersecurity:
Information Technology Act, 2000 The Indian cyber laws are governed by the Information
Technology Act, penned down back in 2000. The principal impetus of this Act is to offer
reliable legal inclusiveness to eCommerce, facilitating registration of real-time records with the
Government.
But with the cyber attackers getting sneakier, topped by the human tendency to misuse
technology, a series of amendments followed.
The ITA, enacted by the Parliament of India, highlights the grievous punishments and penalties
safeguarding the e-governance, e-banking, and e-commerce sectors. Now, the scopeof ITA has
been enhanced to encompass all the latest communication devices.
The IT Act is the salient one, guiding the entire Indian legislation to govern cybercrimes
rigorously:
Section 43 - Applicable to people who damage the computer systems without permission from
the owner. The owner can fully claim compensation for the entire damage in such cases.
Section 66 - Applicable in case a person is found to dishonestly or fraudulently committing
any act referred to in section 43. The imprisonment term in such instances can mount up to
three years or a fine of up to Rs. 5 lakh.
Section 66B - Incorporates the punishments for fraudulently receiving stolen communication
devices or computers, which confirms a probable three years imprisonment. This term can also
be topped by Rs. 1 lakh fine, depending upon the severity.
Section 66C - This section scrutinizes the identity thefts related to imposter digital signatures,
hacking passwords, or other distinctive identification features. If proven guilty, imprisonment
of three years might also be backed by Rs.1 lakh fine.
Indian cyberspace was born in 1975 with the establishment of National Informatics Centre
(NIC) with an aim to provide govt with IT solutions. Three networks (NWs) were set up
between 1986 and 1988 to connect various agencies of govt. These NWs were, INDONET
which connected the IBM mainframe installations that made up India’s computerinfrastructure,
NICNET (the NIC NW) a nationwide very small aperture terminal (VSAT) NW for public
sector organisations as well as to connect the central govt with the state govts and district
administrations, the third NW setup was ERNET (the Education and Research Network), to
serve the academic and research communities.
New Internet Policy of 1998 paved the way for services from multiple Internet service
providers (ISPs) and gave boost to the Internet user base grow from 1.4 million in 1999 to over
150 million by Dec 2012. Exponential growth rate is attributed to increasing Internet
• To create a secure cyber ecosystem in the country, generate adequate trust and
confidence in IT system and transactions in cyberspace and thereby enhance adoption
of IT in all sectors of the economy.
• To create an assurance framework for the design of security policies and promotion and
enabling actions for compliance to global security standards and best practices by way
of conformity assessment (Product, process, technology & people).
• To strengthen the Regulatory Framework for ensuring a SECURE CYBERSPACE
ECOSYSTEM.
• To enhance and create National and Sectoral level 24X7 mechanism for obtaining
strategic information regarding threats to ICT infrastructure, creating scenarios for
response, resolution and crisis management through effective predictive, preventive,
protective response and recovery actions.
The forensic examination of computers, and data storage media, is a complicated and highly
specialized process. The results of forensic examinations are compiled and included in reports.
In many cases, examiners testify to their findings, where their skills and abilities are put to
ultimate scrutiny.
DIGITAL FORENSICS:
Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the
digital evidence residing on various types of electronic devices.
Digital forensic science is a branch of forensic science that focuses on the recovery and
investigation of material found in digital devices related to cybercrime.
THE NEED FOR COMPUTER FORENSICS
Computer forensics is also important because it can save your organization money From a
technical standpoint, the main goal of computer forensics is to identify, collect, preserve, and
analyze data in a way that preserves the integrity of the evidence collected so it can be used
effectively in a legal case.
CYBER FORENSICS AND DIGITAL EVIDENCE:
Digital evidence is information stored or transmitted in binary form that may be relied on in
court. It can be found on a computer hard drive, a mobile phone, among other places. Digital
evidence is commonly associated with electronic crime, or e-crime, such as child pornography
or credit card fraud. However, digital evidence is now used to prosecute all types of crimes,
not just e-crime. For example, suspects' e-mail or mobile phone files might contain critical
evidence regarding their intent, their whereabouts at the time of a crime and their relationship
with other suspects. In 2005, for example, a floppy disk led investigators to the BTK serial
killer who had eluded police capture since 1974 and claimed the lives of at least 10 victims.
• Header Analysis – Meta data in the e-mail message in the form of control information
i.e. envelope and headers including headers in the message body contain information
about the sender and/or the path along which the message has traversed. Some of these
may be spoofed to conceal the identity of the sender. A detailed analysis of these
headers and their correlation is performed in header analysis.
• Bait Tactics – In bait tactic investigation an e-mail with http: “<imgsrc>” tag having
image source at some computer monitored by the investigators is send to the sender of
e-mail under investigation containing real (genuine) e-mail address. When the e-mail
is opened, a log entry containing the IP address of the recipient (sender of the e-mail
under investigation) is recorded on the http server hosting the image and thus sender
is tracked. However, if the recipient (sender of the e-mail under investigation) is using
a proxy server then IP address of the proxy server is recorded. The log on proxy server
can be used to track the sender of the e-mail under investigation. If the proxy server’s
log is unavailable due to some reason, then investigators may send the tactic e-mail
containing a) Embedded Java Applet that runs on receiver’s computer or b) HTML page
with Active X Object. Both aiming to extract IP address of the receiver’s computer and
e-mail it to the investigators.
• Server Investigation – In this investigation, copies of delivered e-mails and server logs
are investigated to identify source of an e-mail message. E-mails purged from theclients
(senders or receivers) whose recovery is impossible may be requested from servers
(Proxy or ISP) as most of them store a copy of all e-mails after their deliveries. Further,
logs maintained by servers can be studied to trace the address of the computer
responsible for making the e-mail transaction. However, servers store the copies of e-
mail and server logs only for some limited periods and some may not co-operate with
the investigators. Further, SMTP servers which store data like credit card number and
other data pertaining to owner of a mailbox can be used to identify person behind an e-
mail address.
Erasing or deleting an email doesn’t necessarily mean that it is gone forever. Often emails can
be forensically extracted even after deletion. Forensic tracing of e-mail is similar to traditional
detective work. It is used for retrieving information from mailbox files.
• MiTec Mail Viewer – This is a viewer for Outlook Express, Windows Mail/Windows
Live Mail, Mozilla Thunderbird message databases, and single EML files. It displays a
list of contained messages with all needed properties, like an ordinary e-mail client.
Messages can be viewed in detailed view, including attachments and an HTML
preview. It has powerful searching and filtering capability and also allows extracting
email addresses from all emails in opened folder to list by one click. Selected messages
can be saved to eml files with or without their attachments. Attachments can be
extracted from selected messages by one command.
• OST and PST Viewer – Nucleus Technologies’ OST and PST viewer tools help you
view OST and PST files easily without connecting to an MS Exchange server. These
tools allow the user to scan OST and PST files and they display the data saved in it
including email messages, contacts, calendars, notes, etc., in a proper folder structure.
Collection: The first step in the forensic process is to identify potential sources of data and
acquire data from them.
Examination:After data has been collected, the next phase is to examine the data, which
involves assessing and extracting the relevant pieces of information from the collected data.
This phase may also involve bypassing or mitigating OS or application features that obscure
data and code, such as data compression, encryption, and access control mechanisms.
Analysis: Once the relevant information has been extracted, the analyst should study and
analyze the data to draw conclusions from it. The foundation of forensics is using a methodical
approach to reach appropriate conclusions based on the available data or determine that no
conclusion can yet be drawn.
Reporting: The process of preparing and presenting the information resulting from the analysis
phase. Many factors affect reporting, including the following:
a. Alternative Explanations:When the information regarding an event is incomplete, it
may not be possible to arrive at a definitive explanation of what happened. When an
event has two or more plausible explanations, each should be given due consideration
in the reporting process. Analysts should use a methodical approach to attempt to prove
or disprove each possible explanation that is proposed.
b. Audience Consideration. Knowing the audience to which the data or information will
be shown is important.
• Technical challenges
• Legal challenges
• Resource Challenges
TECHNICAL CHALLENGES
As technology develops crimes and criminals are also developed with it. Digital forensic
experts use forensic tools for collecting shreds of evidence against criminals and criminals use
such tools for hiding, altering or removing the traces of their crime, in digital forensic this
process is called Anti- forensics technique which is considered as a major challenge in digital
forensics world.
LEGAL CHALLENGES
The presentation of digital evidence is more difficult than its collection because there are many
instances where the legal framework acquires a soft approach and does not recognize every
aspect of cyber forensics, as in Jagdeo Singh V. The State and Ors case Hon’ble High Court of
Delhi held that “while dealing with the admissibility of an intercepted telephone call in a CD
and CDR which was without a certificate under Sec. 65B of the Indian Evidence Act, 1872 the
court observed that the secondary electronic evidence without certificate u/s. 65B ofIndian
Evidence Act, 1872 is not admissible and cannot be looked into by the court for any purpose
whatsoever.” This happens in most of the cases as the cyber police lack the necessary
qualification and ability to identify a possible source of evidence and prove it. Besides, most
of the time electronic evidence is challenged in the court due to its integrity. In the absence of
proper guidelines and the nonexistence of proper explanation of the collection, and acquisition
of electronic evidence gets dismissed in itself.
Legal Challenges
• Privacy Issues
• Admissibility in Courts
• Preservation of electronic evidence
• Power for gathering digital evidence
• Analyzing a running computer
Resource Challenges
As the rate of crime increases the number of data increases and the burden to analyze such huge
data is also increasing on a digital forensic expert because digital evidence is more sensitive as
compared to physical evidence it can easily disappear. For making the investigation process
fast and useful forensic experts use various tools to check the authenticity of the data but dealing
with these tools is also a challenge in itself.
• Change in technology
Due to rapid change in technology like operating systems, application software and hardware,
reading of digital evidence becoming more difficult because new version software’s are not
supported to an older version and the software developing companies did provide any backward
compatible’s which also affects legally.
The confidentiality, availability, and integrity of electronic documents are easily get
manipulated. The combination of wide-area networks and the internet form a big network that
allows flowing data beyond the physical boundaries. Such easiness of communication and
availability of electronic document increases the volume of data which also create difficulty in
the identification of original and relevant data.
Mobile computing is "taking a computer and all necessary files and software out into the field."
Many types of mobile computers have been introduced since 1990s. They are as follows:
1. Portable computer: It is a general-purpose computer that can be easily moved from one
place to another, but cannot be used while in transit, usually because it requires some "setting-
up" and an AC power source.
2. Denial-of-service (DoS): The main objective behind this attack is to make the system
unavailable to the intended users. Virus attacks can be used to damage the system to make the
system unavailable. Presently, one of the most common cyber security threats to wired Internet
service providers (iSPs) is a distributed denial-of-service (DDos) attack .DDoS
• Mobile - Viruses
• Concept of Mishing
• Concept of Vishing
• Concept of Smishing
• Hacking - Bluetooth
2. Laptop safes: Safes made of polycarbonate - the same material that is used in bulletproof
windows, police riot shields and bank security screens-can be used to carry and safeguard the
laptops. The advantage of safes over security cables is that they protect the whole laptop and
its devices such as CD-ROM bays, PCMCIA cards and HDD bays which can be easily removed
in the case of laptops protected by security cables.
3. Motion sensors and alarms: Even though alarms and motion sensors are annoying owing
to their false alarms and loud sound level, these devices are very efficient in securing laptops.
Once these devices are activated, they can be used to track missing laptops in crowded places.
Also owing to their loud nature, they help in deterring thieves. Modern systems for laptops are
designed wherein the alarm device attached to the laptop transmits radio signals to a certain
range around the laptop.
4. Warning labels and stamps: Warning labels containing tracking information and
identification details can be fixed onto the laptop to deter aspiring thieves. These labels cannot
be removed easily and are a low-cost solution to a laptop theft. These labels have an
identification number that is stored in a universal database for verification, which, in turn makes
the resale of stolen laptops a difficult process. Such labels are highly recommended for the
laptops issued to top executives and/or key employees of the organizations.
5. Other measures for protecting laptops are as follows:
• Engraving the laptop with personal details
• Keeping the laptop close to oneself wherever possible
Introduction:
In the global environment with continuous network connectivity, the possibilities for cyberattacks
can emanate from sources that are local, remote, domestic or foreign. They could be launched by an
individual or a group. They could be casual probes from hackers using personal computers (PCs) in
their homes, hand-held devices or intense scans from criminal groups.
Most information the organization collects about an individual is likely to come under “PI” category
if it can be attributed to an individual. For an example, PI is an individual’s first name or first initial
and last name in combination with any of the following data:
1. Social security number (SSN)/social insurance number.
2. Driver’s license number or identification card number.
3. Bank account number, credit or debit card number with personal identification number such as an
access code, security codes or password that would permit access to an individual’s financial
account.
4. Home address or E-Mail address.
5. Medical or health information.
• A case in point is the infamous “Heartland Payment System Fraud” that was uncovered in January
2010.
• In this case, the concerned organization suffered a serious blow through nearly 100 million credit
cards compromised from at least 650 financial services companies.
• When a card is used to make a purchase, the card information is transmitted through a payment
network.
• A piece of malicious software (keystroke logger) planted on the company’s payment processing
network; recorded payment card data as it was being sent for processing to Heartland by thousands
of the company’s retail clients.
• Digital information within the magnetic stripe on the back of credit/debit cards was copied by
keylogger.
• Criminal created counterfeit credit cards.
• Yet another incidence is the Blue Cross Blue Shield (BCBS) Data Breach in October 2009 the
theft of 57 hard drives from a BlueCross BlueShield of Tennessee training facility puts the private
information of approximately 500,000 customers at risk in at least 32 states.
• The hard drives containing 1.3 million audio files and 300,000 video files related to coordination
of care and eligibility telephone calls from providers and members were reportedlystolen from a
leased office.
1. Physical security is very important.
2. Insider threats cannot be ignored.
1. Informational/data privacy: It is about data protection, and the user’s rights to determine how,
when and to what extent information about them is communicated to other parties.
2. Personal privacy: It is about content filtering and other mechanisms to ensure that the end-
users are not exposed to whatever violates their moral senses.
3. Communication privacy: This is as in networks, where encryption of data being transmitted is
important.
4. Territorial privacy: It is about protecting user’s property.
For example, the user devices from being invaded by undesired content such as SMS or
E-Mail/Spam messages.
The key challenges from emerging new information threats to organizations are as follows:
1. Industrial espionage: There are several tools available for web administrators to monitor and
track the various pages and objects that are accessed on their website.
2. IP-based blocking: This process is often used for blocking the access of specific IP addresses
and/or domain names.
3. IP-based “cloaking”: Businesses are global in nature and economies are interconnected. There
are websites that change their online content depending on a user’s IP address or user’s geographic
location.
4. Cyberterrorism: “Cyberterrorism” refers to the direct intervention of a threat source toward your
organization’s website.
5. Confidential information leakage: “Insider attacks” are the worst ones. Typically, an
organization is protected from external threats by your firewall and antivirus solution.
There are many new endpoints in today’s complex networks; they include hand-held devices.
1. Endpoint protection: It is an often-ignored area but it is IP-based printers, although they are
passive devices, are also one of the endpoints.
2. Secure coding: These practices are important because they are a good mitigation control to
protect organizations from “Malicious Code” inside business applications.
3. HR checks: These are important prior to employment as well as after employment.
4. Access controls: These are always important, for example, shared IDs and shared laptops are
dangerous. (for confidential and sensitive data).
5. Importance of security governance: It cannot be ignored - policies, procedures and their
effective implementation cannot be over-emphasized.
The most often quoted reasons by employees, for use of pirated software, are as follows:
• Cloud computing is one of the top 10 Cyber Threats to organizations. There are data privacy risks
through cloud computing. Organizations should think about privacy scenarios in terms of “user
spheres”.
• There are three kinds of spheres and their characteristics:
1. User sphere: Here data is stored on user’s desktops, PCs, laptops, mobile phones, Radio
Frequency Identification (RFID) chips, etc. Organization’s responsibility is to provide
access to users and monitor that access to ensure misuse does not happen.
2. Recipient sphere: Here, data lies with recipients: servers and databases of network
providers, service providers or other parties with whom data recipient shares data.
CYBER SECURITY Page 43
Organizations responsibility is to minimize users privacy risk by ensuring unwanted
exposure of personal data of users does not happen.
3. Joint sphere: Here data lies with web service provider’s servers and databases. This is the
in-between sphere where it is not clear to whom does the data belong. Organization
responsibility is to provide users some control over access to themselves and to minimize
users futures privacy risk.
• Social media marketing has become dominant in the industry. According to fall 2009 survey by
marketing professionals; usage of social media sites by large business-to-business (B2B)
organizations shows the following:
• Facebook is used by 37% of the organizations.
• LinkedIn is used by 36% of the organizations.
• Twitter is used by 36% of the organizations.
• YouTube is used by 22% of the organizations.
• My Space is used by 6% of the organizations
• Although the use of social media marketing site is rampant, there is a problem related to “social
computing” or “social media marketing” – the problem of privacy threats.
• Exposures to sensitive PI and confidential business information are possible if due care is not taken
by organizations while using the mode of “social media marketing.”
Following are the most typical reasons why organizations use social media marketing to promote
their products and services:
1. To be able to reach to a larger target audience in a more spontaneous and instantaneous manner
without paying large advertising fees.
There are other tools too that organizations use; industry practices indicate the following:
1. Twitter is used with higher priority to reach out to maximum marketers in the technology space
and monitor the space.
2. Professional networking tool LinkedIn is used to connect with and create a community of top
executives from the Fortune 500.
3. Facebook as the social group or social community tool is used to drive more traffic to Websense
website and increase awareness about Websense.
4. YouTube (the video capability tool to run demonstrations of products/services, etc.) is used to
increase the brand awareness and create a presence for corporate videos.
5. Wikipedia is also used for brand building and driving traffic.
• There are conflict views about social media marketing some people in IT say the expensive and
careless use of it. Some illustrate the advantages of it with proper control of Security risk
5. Use of Firewalls:
• Firewalls helps organizations keep their security technology up to date.
• Some firewalls provides a comprehensive analysis of all data traffic.
• Deep inspection of Network traffic makes it possible to monitor the type of data traffic,
the websites from which it is coming, to know the web browsing patterns and peer-to- peer
applications to encrypted data traffic in SSL tunnel.
• The firewall decrypt the SSL data stream for inspection and encrypt it again before
forwarding the data to the Network.
• This results in effective protection of Workstations and other endpoints, internal networks,
hosts and servers against attacks within the SSL tunnels.
Data Privacy:
Data Privacy or Information privacy is a part of the data protection area that deals with
the proper handling of data focusing on compliance with data protection regulations.
Data Privacy is centered around how data should be collected, stored, managed, and
shared with any third parties.
Data Privacy
• Data Privacy focuses on the rights of individuals, the purpose of data collection and
processing, privacy preferences, and the way organizations govern personal data of data
subjects.
• It focuses on how to collect, process, share, archive, and delete the data in accordance with
the law.
Data Security
• Data Security includes a set of standards and different safeguards and measures that an
organization is taking in order to prevent any third party from unauthorized access to digital
data, or any intentional or unintentional alteration, deletion or disclosure of data.
• It focuses on the protection of data from malicious attacks and prevents the exploitation of
stolen data (data breach or cyber-attack). It includes Access control, Encryption, Network
security, etc.
Data Breach:
A data breach is a security violation in which sensitive, protected or confidential data is
copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
Ransomware:
Ransomware is a type of malware attack in which the attacker locks and encrypts the
victim’s data, important files and then demands a payment to unlock and decrypt the data.
Phishing:
• Phishing attacks are the practice of sending fraudulent communications that appear to come from
a reputable source. It is usually done through email. The goal is to steal sensitive data like credit
card and login information, or to install malware on the victim’s machine.
Data Linkage:
Data linking is the process of joining datasets together so that we can make as much use as
possible of the information that they hold.
Data Profiling:
Data profiling helps you discover, understand and organize your data.
Data profiling techniques or processes used today fall into three major categories:
• Structure discovery
• Content discovery
• Relationship discovery.
• Structure discovery, also known as structure analysis, validates that the data that you have
is consistent and formatted correctly.
• Content discovery is the process of looking more closely into the individual elements of the
database to check data quality. This can help you find areas that contain null values or values
that are incorrect or ambiguous.
• Relationship discovery involves discovering what data is in use and trying to gain a better
understanding of the connections between the data sets.
There are four general methods by which data profiling tools help accomplish better data quality:
• Column profiling scans through a table and counts the number of times each value shows up
within each column. This method can be useful to find frequency distribution and patterns within
a column of data.
• Cross-column profiling is made up of two processes: key analysis and dependency analysis.
• Key analysis examines collections of attribute values by scouting for a possible primary
key.
• Dependency analysis is a more complex process that determines whether there are
relationships or structures embedded in a data set.
• Both techniques help analyze dependencies among data attributes within the same table.
• Cross-table profiling uses foreign key analysis, which is the identification of orphaned records
and determination of semantic and syntactic differences, to examine the relationships of column
sets in different tables.
This can help cut down on redundancy but also identify data value sets that could be
mapped together.
• Finally, data rule validation uses data profiling in a proactive manner to verify that data instances
and data sets conform with predefined rules. This process helps find ways to improve data quality
and can be achieved either through batch validation or an ongoing validation service.
• Medical privacy or health privacy is the practice of maintaining the security and
confidentiality of patient records.
• It involves both the conversational discretion of health care providers and the security
of medical records.
• The terms can also refer to the physical privacy of patients from other patients and providers
while in a medical facility, and to modesty in medical settings.
• Modern concerns include the degree of disclosure to insurance companies, employers, and
other third parties.
• The advent of electronic medical records (EMR) and patient care management systems
(PCMS) have raised new concerns about privacy, balanced with efforts to reduce duplication
of services and medical errors.