Teaching Scheme

Cyber Security
(SEIT4530)

Module 1 Introduction to Cyber Security

Books

Module 1 Introduction to Cyber Security

 Outline Cyber Space
• Overview of Cyber Security
• Internet Governance – Challenges and Constraints • Cyberspace is a virtual space with no mass, gravity or
• Cyber Threats boundaries. It is the interconnected space between networks of
• Cyber Warfare computer systems. Bits and Bytes- Zeroes and ones are used to
• Cyber Crime
• Cyber Terrorism
define Cyberspace.
• Cyber Espionage
• Need for a Comprehensive Cyber Security Policy • It is a dynamic environment where these values change
• Need for a Nodal Authority continuously.
• Need for an International convention on Cyberspace

• The electronic world created by inter-connected • Cyber is of relating to , or involving computers or

networks of information technology and the networks (Such as internet)
information on those networks. • It is relating to or characteristic of the culture of
computers, information technology, and virtual reality.
• It is a global commons where people are linked • Cyber as a combination of,
together to exchange ideas and services. ▪ Technology,
▪ Human Beings
▪ Organization

4
• Networks • Policy Makers
• Application Servers • Technologists
• Laptops • Criminals
• Smart Phones
• Social Activists
• Sensors
• Intelligence Operatives
• Database, etc.
• Hobbyists, etc.

• Corporations • Security is freedom from fear, dang er or threat.

• Organizations(Private and Public Sectors)

• Security is about to secure Individual, corporation and
• Rail Companies Nation States by using different tools , technology and
• Nuclear Power plants, etc. architecture.
 • Cyber crime is criminal activity carried out by means of • Cyber Security is the organization and collection of
computers or the internet. resources, processes and structures used to protect
cyberspace and cyberspace-enabled systems.
Examples:
• Hacking
• It refers to Protection of everything
• Unauthorized network access
that is digital by understanding of
• Internet fraud
networks and art of hiding and
• Theft of passwords
encrypting information.
• Website defacing, etc.

11

Importance of Cyber Security

• The Internet allows an attacker to work from anywhere on the
• Internet has made our life very easier with its invention. planet.
• Risks caused by poor security knowledge and practice:
• Cy b e rsecurity is constantly evolutionary industry with • Identity Theft
• Monetary Theft
requirement of daily life. • Legal Ramifications (for yourself and your organization)
• Cy b e rcrime is common and rates of cyber crime are • Sanctions or termination if policies are not followed
• According to the SANS Institute, the top vectors for vulnerabilities
increasing. available to a cyber criminal are:
• Web Browser
• It is important measure for any organization to build trust. • IM Clients
• Web Applications
• Excessive User Rights
 Cyber Security Cyber Security

• Cyber security refers to the body of technologies, processes, and

practices designed to protect networks, devices, programs, and data
from attack, damage, or unauthorized access.

Cyber Security is Safety Cyber Crime

• Security: We must protect our computers and data • Cybercrime can be defined as “The illegal usage of any communication device
in the same way that we secure the doors to our to commit or facilitate in committing any illegal act”.
homes. • A cybercrime is explained as a type of crime that targets or uses a computer or
• Safety: We must behave in ways that protect us a group of computers under one network for the purpose of harm.
against risks and threats that come with • Cybercrimes are committed using computers and computer networks. They
technology. can be targeting individuals, business groups, or even governments.
• Investigators tend to use various ways to investigate devices suspected to be
used or to be a target of a cybercrime.
 Cyber Crime Classification of Cyber Crimes

• The term cyber crime is used to describe a unlawful activity in which • The cyber criminal could be internal or external to the organization
computer or computing devices such as smartphones, tablets, Personal facing the cyber attack.
Digital Assistants(PDAs), etc. which are stand alone or a part of a
1. Insider Attack
network are used as a tool or/and target of criminal activity.
2. Outsider Attack
• It is often committed by the people of destructive and criminal mindset
either for revenge, greed or adventure.

Insider Attack Outsider (External) Attack

• An attack to the network or the computer system by some person with • When the attacker is either hired by an insider or an external entity to the
authorized system access is known as insider attack. organization, it is known as external attack.
• It is generally performed by dissatisfied or unhappy inside employees or • The organization which is a victim of cyber attack not only faces financial loss
contractors. The motive of the insider attack could be revenge or greed. but also the loss of reputation.
• It is comparatively easy for an insider to perform a cyber attack as he is well • Since the attacker is external to the organization, so these attackers usually scan
aware of the policies, processes, IT architecture and weakness of the security and gathering information.
system.
 Reasons for Commission of Cyber Crimes Reasons for Commission of Cyber Crimes
1. Money: People are motivated towards committing cyber crime is to make quick 5. Anonymity- Many time the anonymity that a cyber space provide motivates the
and easy money. person to commit cyber crime as it is much easy to commit a cyber crime over
2. Revenge: Some people try to take revenge with other the cyber space and remain anonymous as compared to real world. It is much
person/organization/society/ caste or religion by defaming its reputation or easier to get away with criminal activity in a cyber world than in the real world.
bringing economical or physical loss. This comes under the category of cyber There is a strong sense of anonymity than can draw otherwise respectable
terrorism. citizens to abandon their ethics in pursuit personal gain.
3. Fun: The amateur do cyber crime for fun. They just want to test the latest tool 6. Cyber Espionage: At times the government itself is involved in cyber
they have encountered. trespassing to keep eye on other person/network/country. The reason could
4. Recognition: It is considered to be pride if someone hack the highly secured be politically, economically socially motivated.
networks like defense sites or networks.

Types of Cyber Crimes Example of Cyber Crime

A gang of criminals is active over the cyber space, which steels the credit card data of the
1. crimes against people (cyber harassment, distribution of child cardholders from the POS at shopping malls, petrol pumps, resturents, hotels, etc. and use
these cards to book air tickets online. According to the reports, over 15000 credit cards
pornography, credit card fraud)
were fraudulently used by these criminals to book online tickets which account for
2. crimes against property (hacking, virus transmission, copyright ) approximatly Rs. 17 crore revenue loss. These criminals use public infrastructure like
cyber cafe, etc. to book these tickets so that it is difficult to trace them. The fraud came to
3. crimes against the government (accessing confidential information, the notice when the customers who were charged for booking an airticket and these
customers reported at the card issuing banks claming that these tickets were never
cyber warfare, pirated software). booked by them.
 • The Internet is a vast network of
independently-managed networks.
• Who decides on the Strategic guidelines and
developments of the internet?
• No single individual, company, organization
or state decides alone.
• The internet relies on multi-stakeholder
cooperation known as “ Internet
Governance”.
• A group of actors that work together at
national level and international level in their
respective role.
16

17 18
 • The Internet Governance Forum (IGF) network is a multistakeholder
policy platform, initiated by the United Nations with the aim of
exchanging information and sharing good policies and practices
relating to the Internet and technologies.
• It brings together representatives of various stakeholders and social
groups on online governance, in particular governments, the private
sector and civil society, including the technical and academic
community, and promotes dialogue and policy-making
internationally.

39 69

• It is the art or technique of finding and exploiting • Ethical Hacking :

security loopholes in a system.
When a hacker helps organizations or individuals with
finding security loopholes and fixing them with their
permission, it is referred to as ethical hacking.
Hacking

• Unethical Hacking:
Ethical Hacking Unethical Hacking When a hacker uses his knowledge to steal from or
cause damage to other people ,it is known as
unethical hacking
41 42
• A hacker is a person who breaks into a computer • A criminal who uses and manipulates technology
with vicious and often illegal intent and for their
system Hackers
personal profit .

Black Hat Hackers White Hat Hackers Grey Hat Hackers • They are sometimes called crackers.

Why do they do it?

• Make money by illegal means.
• Sell sensitive data
• Noteriety and fame amoungst other hackers
44

• They are also called penetration tester. • A hacker that is not necessarily
malicious but blurs the line between
black and hat hacker.
• They purposely attempt to hack client
systems to find weaknesses which they • They use their talents in the same as
then report to their company. white hat hackers but without the
permission of their company.
• They are hired by businesses to handle
cyber security. • Once they discover weaknesses they
will offer to sell them back to the
hacked party..
45 46
 What cause vulnerabilities
Hacker Cracker •Vulnerabilities can arise from a wide variety of sources.
•Misconfigurations, bugs, or unauthorized use are more likely in complex systems.
People who gain unauthorized Someone who breaks into
access to computer system for computers , often does harmful •Consistency − Attackers may be able to predict and exploit flaws in widely used
knowledge or to discover things such as steal credentials. code, operating systems, hardware, and software.
•Connectivity makes gadgets more susceptible to security flaws.
Does not work against law and Work against the law and
•Weak or repeated passwords increase the risk of multiple data breaches.
does not damage data damages data intentionally
intentionally •Operating System Flaws − Operating systems are not immune to having problems.
Operating systems that aren't properly protected by design are
Referred as White Hats Referred as Black Hats
vulnerable to viruses and malware since they provide users
Have good ethics , improve and Have poor ethics , shutdown or unrestricted access.
make system advance. Harm systems 47

What cause vulnerabilities Vulnerability

•Spyware and adware - that may be automatically placed on computers can be found • Vulnerabilities are weaknesses in a system that gives threats the opportunity to

all over the internet. compromise assets. All systems have vulnerabilities. Even though the technologies are
improving but the number of vulnerabilities are increasing such as tens of millions of lines
•Bugs in Software Development- It is not uncommon for programmers to
of code, many developers, human weaknesses, etc.
inadvertently introduce a security flaw.
•Unchecked user input − If a piece of software or a website treats all user input as • Types of Vulnerabilities
trustworthy, it may execute an accidental SQL injection. 1. Hardware Vulnerability

•Most companies face their greatest security risk from their employees, making 2. Software Vulnerability
3. Network Vulnerability
social engineering a top concern. This suggests that people can be a major
4. Procedural Vulnerability
source of danger.
 Hardware Vulnerability Software Vulnerability

• A software error happen in development or configuration such as the execution

• A hardware vulnerability is a weakness which can used to attack the system
of it can violate the security policy.
hardware through physically or remotely.
• For examples:
1. Lack of input validation
• For examples:
2. Unverified uploads
1. Old version of systems or devices 3. Cross-site scripting
2. Unprotected storage 4. Unencrypted data, etc.
3. Unencrypted devices, etc.

Network Vulnerability Procedural Vulnerability

• A weakness happen in network which can be hardware or software. • A weakness happen in an organization operational methods.

• For examples: • For examples:

1. Unprotected communication 1. Password procedure – Password should follow the standard password
policy.
2. Malware or malicious software (e.g.: Viruses, Keyloggers, Worms,
2. Training procedure – Employees must know which actions should be taken
etc)
and what to do to handle the security. Employees must never be asked for
3. Social engineering attacks user credentials online. Make the employees know social engineering and
4. Misconfigured firewalls phishing threats.
 • A cyber or cybersecurity threat is a
malicious act that seeks to damage data,
steal data, or disrupt digital life in general.

• The possibility of a malicious attempt to

damage or disrupt a computer network or
system.

64 65

• Malware stands for “Malicious Software” and it

is designed to gain access or installed into the • There is a full range of malwares which can seriously degrade
computer without the consent (permission) of the performance of the host machine by deleting or
the user. corrupting files.

• Malware is defined as code with malicious intent

that typically steals, encrypt or destroy • First malware (Moriss Warm) will be come on picture on Nov
sensitive data, attacking or hijacking core 2,1988. Now that is installed on floppy disk and kept in a
computing functions and monitoring users’ museum.
computer activity.
• They perform unwanted tasks in the host
computer for the benefit of a third party.
66 67
 • Virus designed to make self-replicate.
• Virus
• A virus is a malicious code written to
• Worms damage/harm the host computer by deleting or
• Trojan horse appending a file, occupy memory space of the
computer by replicating its own copy of the code,
• Spyware slow down the performance of the computer,
format the host machine, etc.
• Adware
• Scareware • By replication, RAM or Disk space will b e full
and system performance decreased.
• Browser Hijacking software

68 25

• Warms can replicate themselves like • Trojan horse is a malicious code that is installed in
Virus. the host machine by pretending to be useful
• They does not require human intervention to software.
travel over the network and spread from the • The user clicks on the link or download the file
infected machine to the whole network. which pretends to be a useful file or software from
legitimate source.
• Worms can spread either through network,
using the loopholes of the Operating System • It not only damages the host computer by
or via email. The replication and spreading of manipulating the data but also it creates a
the worm over the network consumes the backdoor in the host computer so that it could be
network resources like space and bandwidth controlled by a remote computer.
and force the network to choke.
• Trojens neither infect the other computers in
70 the network nor do they replicate. 71
• It is a special type of which is installed in the target • It is a special type of malware which is used for
computer with or without the user permission forced advertising. They either redirect the page
and is designed to steal sensitive information from to some advertising page or pop-up an additional
the target machine. page which promotes some product or event.

• Mostly it gathers the browsing habits of the user and • These adware are financially supported by the
the send it to the remote server without the organizations whose products are advertised.
knowledge of the owner of the computer.

72 73

• It is malicious software which install on system

without user permission and encrypt or lock the • It is malicious software which usually comes with
data. the browser add on over extension.

• It has even changed the way how the criminal • It hijacks the setting of all browsers like
target the people for ransom. Homepage, New tab and default search
engine.
• The malicious code can neither be uninstalled nor
can the computer be used till the ransom is paid.

74 75
 • By mail attachments (Spam Mail). • Avoid clicking on untrusted Links.
• By downloading cracked version. • Avoid downloading attachments from unknown senders.
• By visiting untrusted websites. • Install updates re g ularly to make your system up to date
• By clicking adds. and to solve security patches.
• Use anti virus software.
• Use updated firewall.

76 77

• Phishing is an online scam where

criminals send fraudulent emails to the • Never enter sensitive information (like bank details,
organization, user, and more to collect email Id or Password) to a web page that you don’t trust.
sensitive information.
• Mostly, this happens through a link sent
by an unknown email domain. • Always be careful look at the URL.
Clicking the links contained in such
emails can put all your data is at risk.
• These emails can also lead to monetary
losses. The intentions can vary from one
phishing mail to another, but one thing
is guaranteed i.e loss. 78 79
 • Brute Force Attacks: In this attack, hacker logged in with
• It is an attempt to obtain or decrypt a possible password combinations.
user’s password for illegal use.
• Hackers can use cracking programs, • Dictionary Attack : In this attack, hacker logged in by
dictionary attacks and password sniffers in cycling through the combination of common words. They will
try those possibilities which are most likely to succeed.
password attacks.
• Example : Access Bank details • Keylogger Attacks: A hacker, captures the keystrokes typed
on keyboard and saves these keystrokes in a file, including the
details like the usernames and passwords you entered, credit
card details, websites you have visited, the applications you
opened, and so on.
80 81

• Update password
• Update passwords in regular intervals.
• John the ripper
• Password should not be the same for everything. • Hydra tool:
• Enforce strong password policies • Hashcat
• When setting password , best practices should be followed with a generous
use of alpha numeric.
• Mesusa
• CeWL tool:
• Enable Multifactor Authentication
• It involves use of password with extra security checks. E.g., One-Time
• Cain & Abel
Password (OTP), biometric authentication, software tokens, and behavioral
analysis. • Ophcrack
• Use No Dictionary
• ncrack etc
• It’s always a great idea to use a password that makes no sense for passwords. 39
82
• Botnets are workhorses of the • DDos stands for distributed denial of service attack.
internet. • It is a cyber attack on a specific server or network.
• A botnet is a number of internet-
connected devices, each of which
runs one or more bots.

• A botnet is nothing more than a

connected computers coordinated
together to perform a task.

84 85

• DOS : It is a denial of service attack, in

• An intended purpose of DDoS is to disrupting normal
this attack a computer sends a massive
operation.
amount of traffic to a victim’s computer
and shuts it down.
• It flooding the targ et with a constant flood of traffic to • Dos attack is an online attack that is
degrade the performance. used to make the website unavailable
for its users when done on a website .

• It downs the web and denies or slow down the service of

our network. • DDoS: DDoS means distributed denial
of service in this attack dos attacks are
done from many different locations
86 (distributed) using many systems.
• A hacker create a botnet of devices by installing malwares on • Competitive advantage against rival business.
compromised machines and create botnet farm to do DDoS
attack upon hackers instruction. • Ransom demands for releasing data.
• For stress Test on network.
• At particular time, these bots or zombie flood the target
machine with continue(overwhelmed) requests that put
server system to crash.

• Zombie pc : It is a computer that carries out actions under

remote control (by hacker), without the actual user intending
this to happen. 88 89

• Volume attack
• Protocol attack
• In volume attack, attackers overflow the website with malicious • Protocol or network-layer DDoS attacks send large numbers of
traffic. packets to targeted network infrastructures and infrastructure
management tools.
• This attack is initiated by forwarding a huge number of UDP, I C M P • Protocol attacks mainly utilize layers 3 and 4 of the protocol
and HTTP (GET and POST) flood packets. stack to make the target not been accessed. These attacks
consume the state capacity of web servers, firewalls and load
• In this attack continuously requests can been send called pings. balancer etc.
• Volume attacks consume to use the bandwidth of target and
• Protocol assaults, also known as state-exhaustion attacks, disrupt
service by consuming too many servers and network
internet networks. equipment resources.
90 91
• Application layer attack : • Traffic Analysis to detect any unusual traffic on network.
• This attack is low and slow.
• Traffic control by employ load balancers(reroute traffic to other
• Application attacks Some of the more sophisticated DDoS attacks, servers and prevent any one server to failure) and firewalls (blocks
these exploit weaknesses in the application layer by opening unwanted traffic).
connections and initiating process and transaction requests that
consume finite resources.
• DDoS attacks on the application layer do not target network • Detect an attack early (by filtering the traffic) and mitigate the
damage beyond that.
bandwidth. Rather, these attacks focus on the application layer 7 of
the OSI model hosting the service that end-users are browsing.
• The slow-rate cyberattacks are aimed at the layer that produces • Switch to cloud service providers like AWS and Azure.
webpages on the domain controller and delivers them in response to
HTTP. 48
• Allocate more bandwidth to prevent clogging of data. 49

• GoldenEye • A man-in-the-middle attack (MITM attack) is a cyber attack where

• Slowloris an attacker relays and possibly alters communication
• LOIC (Low Orbit Ion Cannon) between two parties who believe they are communicating
• HOIC (High Orbit Ion Cannon) directly. This allows the attacker to relay communication, listen in,
• THC-SSL-DoS and even modify what each party is saying.
• HULK (http Unbearable Load King)
• Man-in-the-middle attacks enable eavesdropping between
people, clients and servers.
• Pyloris
• TOR's Hammer • This can include HTTPS connections to websites,
• XO I C
other SSL/TLS connections,Wi-Fi networks connections and more
OWASP HTTP POST
• RUDY (R U Dead Yet ?)
• DAVOSET
50 95
• OWASP HTTP POST
 • Public networks
Public wifi connection with no access restriction is most risky.
• On your computer
Malware on your system can monitors and modifies the internet
connection.
• Router
Routers supplied by internet service provider may have default
security (login credential) settings or have outdated firmware.
• Web Server
Attacker g ains access to the g enuine web server you intended to
96 .communicate with 97

• Make sure your company has a software update policy

• Use a Virtual Private Network
VPN connection can mask IP address by bouncing it through a private To get the updated security patch.
server. And encrypt web data.
• Force encryption • Adopt a zero-trust security model
Access only HTTPS websites It is requiring your colleagues to authenticate themselves each time
• Use strong router credentials
they connect to your network.
To change default security credential of routers.
• Prevent cookie stealing

Do not save credit card details to any shopping site to protect yourself.
98 99
• Malvertising, or malicious advertising, is the term for
criminally controlled advertisements within Internet
connected programs, usually web browsers, which
intentionally harm people and businesses with all manner of
malware, potentially unwanted programs (PUPs), and assorted
scams.

• It is a growing problem, as is evidenced by a recent US

Senate report, and the establishment of bodies like Trust in
Ads.

100 101

• By using Ad-blocker
• By using regular software updates
• Common sense to avoid any scam

102 103
• A drive-by download attack refers to the unintentional
download of malicious code to your computer or mobile device
that leaves you open to a cyberattack.

• You don't have to click on anything, press download, or open a

malicious email attachment to become infected.

104 61

• Hijack device. • Do not click on untrusted links or visit untrusted website.

• Keep your system updated with recent patches.
To build a botnet, infect other devices, or breach yours further.
• Configure a proper firewall on your system.
• Spy on activity.
• Useanti-malware programs from trusted sources and update
To steal your online credentials, financial info, or identity. them regularly.
• Damage your Data • Carefully read and examine security popups on the web
before clicking.
To simply cause trouble • Be wary of keeping too many unnecessary programs and apps.
• Disable device • Use an ad-blocker.
To personally harm you. 62 107
• Rogue (dishonest) software is introduced in a device with an
intention to cause harm. • Rogue software has been a serious security threat in desktop
computing since 2008.
• Rogue security software is a form of malicious or unwanted
software and internet fraud that misleads users into believing there
is a virus on their computer and aims to convince them to pay for a Features of Rogue Software:
fake malware removal tool that actually installs malware on their
computer. • Mimics Anti-malware (It mimics scan, alert of threats like antivirus)
• Constant False Alerts ( Flooding their desktop with endless messages)
• It is a form of scareware that manipulates users through fear, and a • Requires Extra Payments (Asks for payment by giving reports of infections)
form of ransomware.
• Modifies Actual Security Software(Put chokehold on other anti-virus
applications)
• It misleads users into believing that there is a virus on their
computer and manipulates them into paying money 108
for a fake • Freezes Entire Computer (Create pop-ups to get overwhelmed
109 system)
removal tool.

• By downloading the program through a variety of techniques ,

• Ads offering free or trail versions of security programs.

• Puts infected website as the top hits by manipulating SEO
ranking.

110 111
• Updated Firewall • Cyber warfare is the use of technology to attack a nation,
causing comparable harm to actual warfare, disruption of vital
• Use efficient and well-known Antivirus computer systems and loss of life.
• General Distrust
• Smart Clicking

112 113

Hacktavism
Military
• Hacktivism involves hackers using cyberattacks to promote an ideology.
• It is in the military’s best interests to gain control of key Hacktivists can engage in cyber warfare by spreading propaganda or
elements of an enemy nation’s cyberspace. An going after secrets and then exposing them to the rest of the world. In these
effective cyberattack could bring an enemy country’s military to ways, hacktivists can weaken an opponent’s standing on the world
its knees and secure what would have been an otherwise costly stage, precluding support from other countries.
victory.
Income Generation
• Cybe r warfare “soldiers” can engage in these kinds of attacks for their
Civil own financial benefit. If they are employed by the government, they can
• Attacking the civil infrastructure of a nation directly impacts the earn a fee for their services. Further, they could break the defenses of a
people living and working in the country. This could be used financial institution and steal money for themselves.
to inspire fear or cause them to revolt against the government in
protest, weakening the opponent from a political114standpoint. 79
 • It is crimes of terrorism which occur electrically.
Nonprofit Research
• Cyber Terrorism is basically the process of causing harm to the community
• Nonprofit research often reveals very valuable information by making use of Internet networks to conduct violent incidents like loss of
that a country can use to solve a critical problem. life or data, to achieve some political advantage by giving threats.
• A cyber terrorism attack is much more harmful than a normal cybercrime
because to intentional harm to the victims and it may not cause financial
• For example, if a country is trying to develop a vaccine and damage to cause fear in society.
another one already has it, cyber warfare could be used to
• In most cases, the criminals target the banking industry, military power,
steal information pertaining to their solution. nuclear power plants, air traffic control, and water control sectors for
making a cyber terrorism attack for creating fear, critical infrastructure
failure, or for political advantage.
116 117

Difference between Cyberwar and

Cyber Espionage Cyberespionage
• Cyber espionage (cyberespionage) is a type of cyber attack that malicious hackers carry
out against a business or government entity. • The terms cyber espionage and cyberwarfare are similar, but they are not the same.
• The goal of cyber espionage, also referred to as cyber spying, is to provide attackers
with information that gives them advantages over rival companies or governments. • The biggest difference is that the primary goal of a cyberwarfare attack is to disrupt the
activities of a nation-state, while the primary goal of a cyber espionage attack is for the
• Cyberspies try to gain access to the following resources: attacker to remain hidden for as long as possible in order to gather maximum
intelligence.
1. Data and activities related to research and development
2. IP related to academic research, such as product specifications or designs • Even though cyber espionage and cyberwarfare are two distinct concepts, they are often
3. Salaries, compensation structures, and other sensitive financial and operational data of used together.
the organization
4. Lists of clients or customers and payment methods • For example, cyber espionage can be used to build intelligence that will help a nation-
5. Corporate objectives, strategic plans, and marketing strategies state prepare for a physical or cyberwar.
6. Strategies, allegiances, and communications in politics
7. Military information
Need for a Comprehensive Cyber Security Policy: Elements of an Effective Cyber Security Policy:
Rationale for a Comprehensive Cyber Security Policy:
Threat Assessment and Risk Management:
Organizations must conduct thorough assessments to identify potential cyber threats and vulnerabilities.
The increasing frequency and sophistication of cyberattacks highlight the critical need for Risk management involves evaluating the impact and likelihood of threats and deciding how to mitigate,
organizations to establish comprehensive cyber security policies. transfer, or accept those risks.
This element helps organizations allocate resources effectively and prioritize security measures.
A comprehensive policy ensures that all aspects of an organization's digital environment are
adequately protected, from networks and systems to data and personnel. Incident Response and Recovery Plans:
Incident response plans outline the steps an organization should take in the event of a cyber incident, such
It helps mitigate risks, maintain operational continuity, safeguard customer trust, and comply as a data breach or cyberattack.
with regulatory requirements. These plans detail roles and responsibilities, communication strategies, containment procedures, and
recovery processes.
Having a well-defined plan minimizes damage, reduces downtime, and helps an organization resume
normal operations swiftly.

Elements of an Effective Cyber Security Policy: Case Studies:

Employee Training and Awareness: The Impact of Comprehensive Policies:
Employees are often the first line of defense against cyber threats, but they can also be vulnerabilities if
unaware of best practices. Real-world examples of organizations that have successfully implemented comprehensive cyber
Comprehensive policies emphasize ongoing employee training and awareness programs to educate staff security policies can highlight the benefits.
about security risks, phishing, safe browsing, and social engineering.
Educated employees contribute to a strong security culture and prevent unintentional security breaches.
You could discuss instances where policies led to effective threat detection, timely incident
Collaboration with Law Enforcement:. response, and minimized damage.
In cases of cybercrimes or serious incidents, collaboration with law enforcement agencies is crucial.
Comprehensive policies establish protocols for working with law enforcement to gather evidence, Case studies can also demonstrate the financial and reputational repercussions of lacking a
prosecute cybercriminals, and recover stolen assets. comprehensive policy.
Such collaboration enhances the likelihood of successful cybercrime investigations and convictions.
Need for an International Convention on Cyberspace: Need for an International Convention on Cyberspace:
The Global Nature of Cyberspace: Benefits of an International Convention:
Cyberspace transcends geographical boundaries and connects people, organizations, and An international convention on cyberspace would provide a standardized framework for addressing cyber
governments worldwide. threats on a global scale.
Digital interactions occur across jurisdictions, making it challenging to address cyber threats It would facilitate collaboration among nations, leading to consistent regulations, cooperative cybercrime
solely through national regulations. investigations, and shared threat intelligence.
The interconnected nature of the internet underscores the need for international cooperation A convention could enhance the predictability of international responses to cyber incidents and promote
to ensure security and stability. stability in cyberspace.
Challenges in Regulating Cyberspace Internationally: Efforts and Initiatives towards International Cybersecurity Cooperation:
National laws and regulations often struggle to address cyber threats that originate or traverse Various international organizations, such as the United Nations, have initiated discussions on cyberspace
multiple countries. regulations and norms.
Attribution of cyberattacks can be complex due to the use of anonymizing technologies and tactics that The Budapest Convention on Cybercrime, adopted by the Council of Europe, aims to harmonize laws and
mask the true origins of attacks. facilitate international cooperation in combating cybercrime.
Disparities in legal systems, cultural norms, and political interests among nations hinder uniform Initiatives like the Global Forum on Cyber Expertise (GFCE) and the Paris Call for Trust and Security in
enforcement of cyber regulations. Cyberspace demonstrate efforts to build consensus among governments, industry, and civil society.