FUNDAMENTALS OF

COMPUTER
SECURITY
ANB
Index
1. Introduction to Computers 13. Business and Professional Ethics
2. Computer History 14. Need for cyber security
3. Software, 15. Cyber Frauds and crimes
4. Hardware, 16. Digital Payments
5. Classification 17. Various Search Engines
6. Computer Input Devices 18. Introduction to Auditing
7. Computer Output Devices 19. Deep Web
8. Windows 20. VAPT
9. DOS Prompt Commands 21. Smartphone Operating systems
10. Basic computer terminology 22. introduction to compliances
11. Computer Security models
12. Computer Ethic
Unit I: Computers and Cyber Security
◦ Introduction to Computers-
◦ 1. What is a Computer?
◦ Computers are electronic devices that process data to perform tasks. They consist of hardware, such as the central
processing unit (CPU) and memory, and software, which includes programs and operating systems. Computers can
execute a variety of functions, from basic calculations to complex simulations, making them versatile tools in modern
society. They follow the binary system, using 0s and 1s to represent information. The evolution of computers spans
from room-sized mainframes to portable devices, shaping the way we communicate, work, and access information.
2. Basic Components of a Computer:
• Central Processing Unit (CPU): Often referred to as the brain of the computer, the CPU executes instructions from a
computer's memory.
• Memory (RAM and Storage): Random Access Memory (RAM) is volatile memory used for temporary storage, while
storage (like a hard drive or SSD) is for long-term data retention.
• Input Devices: Devices like keyboards, mice, and touchscreens allow users to input data into the computer.
• Output Devices: Devices like monitors and printers display or provide results to the user.
• Motherboard: The main circuit board that connects and facilitates communication between various components.
• Power Supply: Converts electrical power from an outlet into a form usable by the computer.
3. Software:
• Operating System (OS): Software that manages hardware resources and provides services for computer programs.
• Applications: Programs designed to perform specific tasks, such as word processors, web browsers, and games.
4. Types of Computers:
• Personal Computers (PCs): Typically used by individuals and small businesses. Examples include desktops and laptops.
• Servers: Computers that provide services to other computers on a network.
• Mainframes: Powerful computers used by large organizations for critical applications and massive data processing.
• Supercomputers: Extremely powerful computers used for complex scientific calculations.
5. Basic Computer Operations:
• Input: Data is entered into the computer using input devices.
• Processing: The CPU performs calculations and executes instructions.
• Output: Results are displayed or produced using output devices.
• Storage: Data is saved for future use on storage devices.
6. Networking and the Internet:
• Networking: Computers can be connected to share resources and information.
• Internet: A global network that allows computers to communicate and share information.
7. Computer Security:
• Antivirus Software: Protects against malicious software (malware) like viruses and ransomware.
• Firewalls: Control and monitor incoming and outgoing network traffic to prevent unauthorized access

Computer History,
1. Ancient Devices:
1. The abacus, developed around 2400 BC, is considered one of the earliest computing devices.
2. The Antikythera mechanism (100 BC) is an ancient Greek analog computer used for astronomical calculations.

2. Mechanical Calculators:
1. In the 17th century, Blaise Pascal created the Pascaline, a mechanical calculator for basic arithmetic functions.
2. Gottfried Wilhelm Leibniz invented the Step Reckoner in the 1670s, capable of multiplication and division.

3.Analytical Engine Concept (1837):

• Charles Babbage designed the Analytical Engine, a mechanical general-purpose computer that laid the groundwork for
modern computing concepts.
4. Ada Lovelace (1843):
• Ada Lovelace, an associate of Babbage, wrote the first algorithm intended for implementation on the Analytical Engine,
making her the world's first programmer.
5. Tabulating Machines:
• Herman Hollerith developed tabulating machines using punched cards, used for the 1890 U.S. Census. This led to the
founding of IBM.
6. Electromechanical Computers:
• During the 1930s and 1940s, electromechanical computers like the Harvard Mark I and the Atanasoff-Berry Computer (ABC)
were developed.
7.ENIAC (1946):
Electronic Numerical Integrator and Computer (ENIAC) was the world's first general-purpose electronic digital computer, built at the
University of Pennsylvania.

8. UNIVAC I (1951):
UNIVAC I, the first commercially produced computer, was used for business and scientific applications.
9. Transistors and Integrated Circuits:
The invention of transistors in the 1950s and integrated circuits in the 1960s led to smaller, more powerful, and energy-efficient
computers.
10. Personal Computers (1970s - 1980s):
The development of the microprocessor enabled the creation of personal computers, with companies like Apple and IBM entering the
market
.
.
11.Graphical User Interface (GUI) and the Mouse:
Xerox PARC developed the first GUI in the 1970s, later popularized by Apple's Macintosh. The mouse was also introduced during this time.

12. Internet and World Wide Web (1980s - 1990s):

The development of the internet and the World Wide Web revolutionized communication and information access.

13.Mobile Computing (2000s - present):

Advances in technology led to the widespread use of smartphones, tablets, and other portable computing devices.

14.Cloud Computing (2000s - present):

Cloud computing emerged, allowing users to access and store data and applications over the internet.

15.Artificial Intelligence (AI) and Machine Learning (2010s - present):

Significant progress has been made in AI and machine learning, with computers becoming capable of advanced tasks like image recognition
and natural language processing
Software
Software can be broadly categorized into two main types: system software and application software.
◦ 1. System Software:
• Operating System (OS): The most fundamental system software that manages hardware resources and provides services for computer
programs. Examples include Microsoft Windows, macOS, Linux, and Unix.
• Device Drivers: These are specialized programs that allow the operating system to communicate with hardware components like
printers, graphics cards, and storage devices.
◦ 2. Application Software:
• Productivity Software: Applications designed to help users perform tasks such as word processing, spreadsheet calculations, and
creating presentations. Examples include Microsoft Office (Word, Excel, PowerPoint), Google Workspace, and LibreOffice.
• Media and Entertainment Software: Software for playing, creating, and editing multimedia content. Examples include media players,
video editing software, and graphic design tools.
• Web Browsers: Software that allows users to access and interact with content on the internet. Examples include Google Chrome,
Mozilla Firefox, and Microsoft Edge.
• Communication Software: Applications for communication purposes, including email clients, messaging apps, and video conferencing
tools. Examples include Outlook, WhatsApp, and Zoom.
• Development Software: Tools used by programmers and developers to create, debug, and maintain software applications. Examples
include integrated development environments (IDEs) like Visual Studio and programming languages such as Python, Java, and C++.
• Database Management Systems (DBMS): Software for organizing, storing, and retrieving data. Examples include Microsoft SQL Server,
MySQL, and Oracle Database.
• Gaming Software: Software designed for playing video games, ranging from complex PC and console games to mobile apps.
3. Utility Software:
• Antivirus Software: Protects against malicious software (malware) and other security threats.
• Backup Software: Facilitates the creation and restoration of backups for data protection.
• File Management Utilities: Tools for organizing and managing files and directories on a computer.
4. Embedded Software:
• Software that is embedded within hardware devices, such as the firmware in a printer, the operating system in a smart refrigerator, or
the software in a car's engine control unit.
5. Artificial Intelligence (AI) Software:
• Software that utilizes machine learning algorithms and AI techniques to perform tasks like natural language processing, image
recognition, and decision-making. Examples include chatbots and virtual assistants.
Hardware
Hardware refers to the physical components of a computer system
1. Central Processing Unit (CPU):
• Often referred to as the brain of the computer, the CPU performs calculations and executes instructions. It is a crucial component that
determines a computer's processing power.
2. Memory:
• RAM (Random Access Memory): Provides temporary storage for data that the CPU is actively using or processing. It allows for quick
access to information but is volatile, meaning it is erased when the computer is powered off.
• Storage (Hard Drives, SSDs): Provides long-term storage for the operating system, software, and user data. Unlike RAM, storage is
non-volatile, meaning it retains data even when the power is off.
3. Motherboard:
• The main circuit board that connects and facilitates communication between various hardware components, including the CPU,
memory, and peripheral devices.
4. Input Devices:
• Keyboard: Allows users to input text and commands.
• Mouse: Enables users to interact with graphical user interfaces by pointing and clicking.
• Touchscreen: Common in mobile devices and some laptops, allowing users to interact directly with the display.
• Scanners, Cameras, Microphones: Capture external information and convert it into digital data for the computer.
5. Output Devices:
• Monitor/Display: Outputs visual information to the user.
• Printer: Produces hard copies of documents or images.
• Speakers: Output audio for multimedia applications.
6. Graphics Processing Unit (GPU):
• Specialized hardware designed to accelerate graphics rendering. GPUs are crucial for gaming, video editing, and other graphics-intensive tasks.
7. Networking Hardware:
• Network Interface Card (NIC): Allows the computer to connect to a network, either wired or wirelessly.
• Router: Manages network traffic between devices.
8. Power Supply:
• Converts electrical power from an outlet into a form usable by the computer components.
9. Peripheral Devices:
• Additional devices that can be connected to a computer, such as external hard drives, USB drives, and printers.
10. Expansion Cards:
• Additional cards that can be added to the motherboard to provide extra functionality, such as graphics cards, sound cards, and network cards.
11. Cooling Systems:
• Fans, heat sinks, and liquid cooling systems that prevent the computer's components, especially the CPU and GPU, from overheating.
Classification of Computer
1. Hardware Classification:
1. Computers can be classified based on their size, performance, and functionality. Common categories include:
1. Personal Computers (PCs): Desktops and laptops designed for individual use.
2. Servers: Computers that provide services to other computers in a network.
3. Mainframes: Large, powerful computers used for critical applications in large organizations.
4. Supercomputers: Extremely high-performance computers used for complex calculations.

2. Software Classification:
1. Software can be classified based on its purpose and functionality:
1. System Software: Operating systems, device drivers, and utility programs.
2. Application Software: Productivity software, media and entertainment software, games, and more.
3. Development Software: Tools for software development, including integrated development environments (IDEs) and programming
languages.

3. Data Classification:
1. Data within a computer system can be classified based on its type, sensitivity, or purpose. For example:
1. Structured Data: Organized and formatted data stored in databases.
2. Unstructured Data: Data that doesn't conform to a specific data model or structure, such as text documents or images.
3. Sensitive Data: Information that requires special protection due to privacy or security concerns.
4. Network Classification:
1. Networks can be classified based on their geographical scope and architecture:
1. Local Area Network (LAN): Covers a small geographical area, like an office or a home.
2. Wide Area Network (WAN): Spans a larger geographic area, often connecting LANs across cities or countries.
3. Wireless Networks: Use radio waves or infrared signals for communication.
4. Client-Server Networks: Systems where one central server provides resources or services to multiple client machines.

5. Algorithm Classification:
1. In the context of computer science and programming, algorithms can be classified based on their purpose and structure:
1. Sorting Algorithms: Arrange data in a specific order.
2. Searching Algorithms: Find a specific piece of information in a dataset.
3. Machine Learning Algorithms: Classify data or make predictions based on patterns.

6. Security Classification:
1. Information security often involves classifying data based on its sensitivity or confidentiality level:
1. Public: Information that is not sensitive and can be freely shared.
2. Internal: Information intended for internal use within an organization.
3. Confidential: Highly sensitive information requiring strict access controls.
Computer Input Devices:
1. Keyboard: Allows users to input alphanumeric characters and commands.
2. Mouse: Provides a pointing device for graphical user interfaces, enabling users to click, drag, and interact with on-screen
elements.
3. Touchscreen: Common in smartphones, tablets, and some computers, it allows direct input by touching the display.
4. Trackpad: Common in laptops, it functions similarly to a mouse, providing a touch-sensitive surface for navigation.
5. Scanner: Converts physical documents or images into digital format by capturing their content.
6. Webcam: Captures video or images, commonly used for video conferencing or online communication.
7. Microphone: Converts sound waves into electrical signals, enabling audio input for applications like voice recording and
communication.
8. Digital Cameras: Capture still or moving images and store them in digital format.
9. Joystick and Gamepads: Input devices for gaming, providing control over characters or elements in video games.
10.Graphics Tablets: Used by artists and designers, it allows for digital drawing or handwriting.
Computers Output Devices:
1. Monitor/Display:
Displays visual information, including text, graphics, and videos, to the user.

2. Printer:
Produces hard copies of documents or images on paper.

3. Speakers:
Output audio for music, videos, and other multimedia applications.

4. Headphones:
Provide private audio output and are commonly used for listening to music or participating in virtual meetings.

5. Projector:
Projects images or videos onto a larger screen or surface.

6. Plotters:
Used in technical drawing and design, they produce high-quality, precise prints of detailed graphics.

7. Haptic Devices:
Provide tactile feedback to the user, such as vibrating controllers in gaming consoles or virtual reality systems.

8. LED/LCD Screens:
Used in various devices, including TVs, monitors, and digital signage, to display information with high resolution and color quality.

9. Braille Displays:
Output devices for individuals with visual impairments, converting digital text into Braille.
 Windows
Windows in the context of computers can refer to several different things. Here are a few possible interpretations:
1. Microsoft Windows Operating System:
Microsoft Windows is a popular operating system (OS) for personal computers. As of my last knowledge update in January 2022, some of the
recent versions include Windows 10 and Windows 11. The Windows OS provides a graphical user interface (GUI), support for a wide range of
software applications, and compatibility with various hardware configurations.

2. Graphical User Interface (GUI) Elements:

The term "windows" is commonly used to describe the graphical elements in an operating system where applications are displayed. In a GUI,
these windows can be moved, resized, minimized, or closed.

3. Microsoft Windows Software:

Besides the operating system, "Windows" may also refer to software applications developed by Microsoft for the Windows OS. This includes
the Microsoft Office suite (Word, Excel, PowerPoint, etc.), Microsoft Edge (web browser), and other productivity tools.

4. Windows in Computing Terminology:

In a broader sense, "windows" can refer to the concept of multiple overlapping, resizable areas on a computer screen where different
applications or documents can be displayed simultaneously. This concept is foundational to the graphical user interface.

5. Window Management:
Operating systems, including Windows, provide features for managing open windows. This includes taskbars, window snapping, and virtual
desktops, enhancing user productivity and organization.

6. Windowed Applications:
Applications designed for Windows OS are often referred to as "Windows applications" or "windowed applications" because they run within
the graphical environment provided by the Windows operating system.
Dos Prompt Commands
The DOS (Disk Operating System) prompt, also known as the command prompt or MS-DOS prompt, provides a command-line
interface to interact with the operating system. While modern versions of Windows have moved away from MS-DOS as the
primary operating system, they still include a command prompt for running various commands.

1. DIR: Lists the files and directories in the current directory. Dir

2. CD (Change Directory): Changes the current working directory. cd [directory_path]

3. MD (Make Directory): Creates a new directory md [directory_name]

4. RD (Remove Directory): Deletes an existing directory rd [directory_name]

5. COPY: Copies one or more files from one location to another copy [source] [destination]

6. DEL (Delete): Deletes one or more files. del [file_name]

7. REN (Rename): Renames a file or directory ren [old_name] [new_name]

8. CLS (Clear Screen): Clears the screen. Cls

9. TYPE: Displays the contents of a text file. type [file_name]

10. ECHO: Displays messages, or enables or disables the echoing of command lines. echo [message]
11. DATE: Displays or sets the system date. date [mm-dd-yy]

12. TIME: Displays or sets the system time time [hh:mm:ss]

13. CHKDSK (Check Disk): Checks a disk and displays a status report. chkdsk [drive_letter:]

14. FORMAT: Formats a disk for use with Windows. format [drive_letter:]

15. TASKLIST: Displays a list of currently running processes. Tasklist

16. TASKKILL: Terminates a running process. taskkill /F /IM [process_name]

Basic computer terminology
◦ Certainly! Here are some basic computer terminology: 10.Peripheral: Additional hardware devices connected to a
computer, such as printers, scanners, and external drives.
1. Computer: An electronic device that processes data according
to a set of instructions called a program. 11.Motherboard: The main circuit board of a computer, which
holds the CPU, memory, and other essential components.
2. Hardware: The physical components of a computer, such as the
central processing unit (CPU), memory, storage devices, and 12.Graphical User Interface (GUI): A visual interface that allows
input/output devices. users to interact with a computer using graphical elements such as icons
and windows.
3. Software: Programs or applications that run on a computer,
including operating systems, word processors, and web 13.File: A collection of data or information stored under a specific name on a
browsers. computer.
4. Operating System (OS): Software that manages computer 14.Folder/Directory: A location on a computer where files can be stored and
hardware and provides services for computer programs. organized.
Examples include Windows, macOS, and Linux.
15.Browser: A software application used to access and view information on the
5. Central Processing Unit (CPU): The "brain" of the computer that World Wide Web.
performs instructions from a program.
16.Internet: A global network that connects millions of private, public,
6. Memory (RAM): Temporary storage that the CPU uses to store academic, business, and government networks.
data that is actively being used or processed.
17.Wi-Fi: A technology that allows devices to connect to the internet wirelessly.
7. Storage: Devices that store data permanently, such as hard
drives and solid-state drives (SSDs). 18.Firewall: A security system that monitors and controls incoming and
outgoing network traffic to prevent unauthorized access.
8. Input Device: Hardware that allows users to input data into the
computer, such as a keyboard or mouse. 19.Virus: Malicious software designed to damage or disrupt a computer
system.
9. Output Device: Hardware that allows the computer to
communicate information to the user, such as a monitor or 20.Backup: A copy of files or data that is created to prevent data loss in case of
printer. hardware failure, accidental deletion, or other disasters.
what is the Computer Security models
◦ Computer security models are frameworks or approaches that define how computer systems should be secured. These
models help organizations and individuals implement security measures to protect their information systems from
unauthorized access, data breaches, and other security threats. Here are some common computer security models: 9
1.Bell-LaPadula Model:
• Type: Mandatory Access Control (MAC)
• Focus: Confidentiality
• Description: This model enforces access controls based on security labels. It prevents users from reading data at a higher
security level (no read-up) and writing data to a lower security level (no write-down). It is often used in government and
military contexts.
2.Biba Model:
• Type: Mandatory Access Control (MAC)
• Focus: Integrity
• Description: The Biba model, like the Bell-LaPadula model, is a MAC model. It focuses on maintaining data integrity by
preventing users from corrupting data. Users are not allowed to write to objects at a higher integrity level (no write-up) and
are not allowed to read from objects at a lower integrity level (no read-down).
3.Clark-Wilson Model:
•Type: Integrity Model
•Focus: Integrity and Well-formed Transactions
•Description: This model emphasizes well-formed transactions and separation of duties. It ensures that only
authorized individuals can make changes to data and that changes adhere to specific rules (integrity constraints). It is
often used in commercial environments.

4.Distributed Bell-LaPadula Model:

•Type: Mandatory Access Control (MAC)
•Focus: Confidentiality in Distributed Systems
•Description: An extension of the Bell-LaPadula model designed for distributed systems. It addresses issues related to
information flow between different levels of security in a distributed environment.

5.Lattice Model:
•Type: Mandatory Access Control (MAC)
•Focus: Confidentiality and Integrity
•Description: The lattice model represents security levels as points in a lattice structure. It allows data to flow
between points in the lattice based on certain rules, ensuring both confidentiality and integrity.
6. Access Control List (ACL) Model:
•Type: Discretionary Access Control (DAC)
•Focus: Access Permissions
•Description: In this model, access permissions are assigned to individuals or groups, allowing them to control access to their own resources. It is
widely used in systems where users have more control over their resources.

7.Role-Based Access Control (RBAC):

•Type: Discretionary Access Control (DAC)
•Focus: Access based on Roles
•Description: Access permissions are assigned based on roles, and users are assigned to specific roles based on their job responsibilities. This simplifies
access management and is often used in large organizations.

8.Non-Interference Model:
•Type: Security Model
•Focus: Confidentiality
•Description: Non-interference models aim to ensure that the behavior of high-security users does not interfere with the low-security users. This is
particularly important in multi-level security systems.

9.Reference Monitor Concept:

•Type: Security Concept
•Focus: Enforcing Security Policies
•Description: The reference monitor is an integral part of many security models. It is a mechanism that enforces access controls and ensures that all
accesses to objects are authorized.
 what is Computer Security Terms
Computer security, also known as cybersecurity or information security, involves the protection of computer systems,
networks, and data from theft, damage, or unauthorized access. Various terms and concepts are associated with
computer security. Here are some key terms:
1.Authentication: The process of verifying the identity of a user, system, or application.
2.Authorization: Granting or denying access to resources based on authenticated identities and their level of
permissions.
3.Encryption: The process of converting information into a code to prevent unauthorized access.
4.Firewall: A network security system that monitors and controls incoming and outgoing network traffic based on
predetermined security rules.
5.Malware: Malicious software designed to harm or exploit computer systems. Includes viruses, worms, trojan horses,
ransomware, and spyware.
6.Phishing: A type of cyber attack where attackers use deceptive emails or websites to trick individuals into revealing
sensitive information.
7.Vulnerability:Weaknesses in a system that can be exploited by attackers to compromise its security
8. Patch: A piece of software designed to update or fix problems with a computer program or its supporting data.
9.Two-Factor Authentication (2FA): A security process in which a user provides two different authentication factors to
verify their identity.
10.Intrusion Detection System (IDS):A system that monitors network or system activities for malicious activities or
policy violations.
11.Incident Response: A structured approach to addressing and managing the aftermath of a security breach or cyber
attack.
12.Access Control: The process of regulating access to computer systems or data.
13.Cybersecurity Framework: A set of guidelines or best practices designed to manage and improve an organization's
cybersecurity posture.
14.Endpoint Security: The protection of computer networks that are remotely bridged to client devices, such as
laptops, desktops, and mobile devices.
15.Network Security: Measures to protect data during transfer over a network, including the use of firewalls, VPNs,
and intrusion prevention systems.
16. Zero-Day Exploit: A cyber attack that targets a previously unknown vulnerability in software before the vendor

releases a patch.

17. Cyber Threat Intelligence: Information collected, analyzed, and disseminated regarding potential and current cyber

threats.

18. Social Engineering: Manipulating individuals to divulge confidential information or perform actions that may

compromise security.

19. Penetration Testing: Simulating cyber attacks to evaluate the security of a system or network.

20. Data Breach: Unauthorized access, acquisition, disclosure, or use of sensitive information.
What is the Computer Ethic
◦ Computer ethics refers to the moral principles and guidelines that govern the use of computers and technology. It involves considering the ethical
implications of how individuals, organizations, and society interact with computers, software, and digital information. Computer ethics addresses
issues such as privacy, security, intellectual property, access to information, and the impact of technology on individuals and communities. Key
aspects of computer ethics include:

1. Privacy: Protection of personal information, surveillance, and the responsible handling of data.

2. Security: Measures to prevent unauthorized access, protect against cyber threats, and ensure the integrity of computer systems.

3. Intellectual Property: Respect for copyrights, patents, and trademarks; ethical use of software and digital content.

4. Access to Information: Ensuring equitable access to information and technology, addressing the digital divide.

5. Cybercrime: Ethical considerations related to hacking, identity theft, online fraud, and other malicious activities.

6. Digital Rights: Advocacy for individuals' rights in the digital realm, including freedom of expression and digital privacy.

7. Ethical Use of Technology: Considering the potential impact of technological innovations on society, environment, and human well-being

8. Computer and Internet Addiction: Addressing issues related to excessive use of computers and the internet, and promoting healthy online behavior.

9. Artificial Intelligence (AI) Ethics: Ethical considerations in the development and use of artificial intelligence, including bias, transparency, and
accountability.
10. Social Media Ethics: Responsible use of social media platforms, addressing issues of cyberbullying, misinformation,
and online harassment.

11.Professional Responsibility: Ethical conduct within the computing profession, including honesty, integrity, and
accountability.

12.Environmental Impact: Consideration of the environmental impact of computing technologies and efforts to
promote sustainability.

13.E-Waste Management: Ethical disposal and recycling of electronic waste to minimize environmental harm.

14.Surveillance Ethics: Balancing the need for security with concerns about the erosion of privacy through surveillance
technologies.

15.Autonomous Systems Ethics: Ethical considerations in the development and deployment of autonomous systems,
including robots and self-driving cars
What is the Business and Professional Ethics
◦ Business and professional ethics refer to the principles and standards that guide ethical behavior in the business and professional world.
These ethical guidelines help individuals and organizations make decisions that are morally sound and socially responsible. Here are key
aspects of business and professional ethics.

1. integrity: Upholding honesty and truthfulness in all business dealings and professional interactions.

2. Honesty and Transparency: Providing accurate and truthful information to stakeholders, clients, employees, and the public.

3. Fairness and Equity: Ensuring impartiality and fairness in decision-making processes, treating all individuals with respect and without
discrimination.

4. Respect for Others: Valuing the dignity, diversity, and rights of all individuals, and treating them with respect and courtesy.

5. Corporate Social Responsibility (CSR): The commitment of businesses to contribute positively to society, including environmental
sustainability and community well-being.

6. Conflict of Interest: Avoiding situations where personal interests may conflict with professional responsibilities, and maintaining objectivity.

7. Whistleblowing: Reporting unethical or illegal practices within an organization to appropriate authorities, without fear of retaliation.

8. Confidentiality: Protecting sensitive information and respecting the privacy of clients, customers, and colleagues.
9. Professional Competence: Continuing education and maintaining the necessary skills and knowledge to perform
professional duties competently.
10. Accountability: Taking responsibility for one's actions and decisions, acknowledging mistakes, and working to
rectify them.
11. Corporate Governance: Establishing and maintaining systems of accountability and oversight within organizations
to ensure ethical conduct.
12. Compliance with Laws and Regulations: Adhering to local and international laws and regulations governing
business practices and professional conduct.
13. Bribery and Corruption: Rejecting the offering or acceptance of bribes and avoiding any form of corruption in
business transactions.
14. Customer Satisfaction: Prioritizing the needs and satisfaction of customers and clients, providing quality products
and services.
15.Environmental Sustainability: Adopting practices that minimize the negative impact of business operations on the
environment.
16.Ethical Leadership: Leading by example, promoting ethical behavior within the organization, and fostering a culture
of integrity.
17.Social Justice: Considering the social impact of business decisions and contributing to the well-being of
communities.
18.Professional Independence:Maintaining independence and objectivity in professional judgment and decision-
making processes.
Need for cyber security
◦ The need for cybersecurity arises from the increasing reliance on digital technologies and the internet in various aspects of our
personal and professional lives. As technology advances, so do the threats and risks associated with it.
1. Protection of Sensitive Information: Organizations and individuals store a vast amount of sensitive data online, including
personal information, financial data, and intellectual property. Cybersecurity measures are crucial to protect this
information from unauthorized access, theft, or misuse.
2. Prevention of Unauthorized Access: Cybersecurity helps prevent unauthorized access to computer systems, networks, and
devices. Unauthorized access can lead to data breaches, financial losses, and damage to an individual's or organization's
reputation.
3. Financial Protection: Cyberattacks can result in significant financial losses for businesses and individuals. Cybersecurity
measures help mitigate the risk of financial fraud, ransomware attacks, and other financially motivated cybercrimes.
4. Preservation of Privacy: Individuals and organizations have a right to privacy. Cybersecurity measures safeguard personal
and sensitive information, ensuring that it is not unlawfully collected, disclosed, or exploited.
5. Protection Against Cybercrime: Cybercrime, including hacking, phishing, identity theft, and online fraud, continues to
evolve. Cybersecurity measures are essential to detect, prevent, and respond to these types of cyber threats.
6. National Security: Critical infrastructure, government systems, and military networks are prime targets for cyber threats.
Cybersecurity is crucial for safeguarding national security interests and ensuring the integrity of critical systems.
7. Business Continuity: Cybersecurity measures are vital for ensuring the continuity of business operations. Cyberattacks can disrupt
services, cause downtime, and result in financial losses. Robust cybersecurity helps organizations recover quickly from such
incidents.

8.Protection of Intellectual Property: Businesses invest heavily in research and development to create intellectual property such as
patents, trade secrets, and proprietary software. Cybersecurity safeguards these valuable assets from theft and unauthorized access.

9.Global Interconnectedness: In an interconnected world, a cyberattack on one entity can have ripple effects across the globe.
Cybersecurity measures help prevent the spread of malware and limit the impact of cyber threats on a global scale.

10.Compliance with Regulations: Many industries are subject to regulations that mandate the protection of sensitive data and the
implementation of cybersecurity measures. Compliance with these regulations is essential to avoid legal consequences and penalties.

11.Trust and Reputation: A cybersecurity breach can erode trust in organizations and individuals. Protecting against cyber threats
helps maintain trust with customers, clients, and partners, preserving the reputation of businesses and individuals alike.

12.Emerging Technologies: The adoption of emerging technologies like the Internet of Things (IoT), artificial intelligence (AI), and cloud
computing introduces new cybersecurity challenges. Robust cybersecurity practices are essential to mitigate the risks associated with
these technologies.
What is the Cyber Frauds and crimes

Cyber frauds and crimes refer to illegal activities conducted through or against computer systems, networks, and
digital technologies. With the growth of the internet and increased reliance on digital platforms, cybercriminals exploit
vulnerabilities to commit various forms of fraud and criminal acts.

1.Phishing: Cybercriminals use deceptive emails, messages, or websites to trick individuals into revealing sensitive information, such as passwords or
financial details.

2.Ransomware: Malicious software that encrypts a user's files, demanding payment (usually in cryptocurrency) for their release. Victims are often
threatened with permanent data loss if the ransom is not paid.

3.Identity Theft: Cybercriminals steal personal information, such as Social Security numbers or credit card details, to impersonate individuals for
financial gain or to commit other crimes.

4.Online Fraud: Various scams and fraudulent schemes conducted over the internet, including auction fraud, investment fraud, and fake online stores.

5.Credit Card Fraud: Unauthorized use of credit or debit card information to make fraudulent transactions or purchases.

6.Cyber Extortion: Threatening to reveal sensitive information, launch a cyberattack, or damage systems unless a ransom is paid.

7.Data Breaches: Unauthorized access to and theft of sensitive data from databases, often leading to the exposure of personal information.

8.Malware: Malicious software, including viruses, worms, and trojan horses, designed to harm computer systems, steal information, or gain
unauthorized access.
9. Cyber Espionage: Covert activities conducted by individuals, organizations, or governments to gain unauthorized access to sensitive information for
political, economic, or military purposes.

10.Denial-of-Service (DoS) Attacks: Overloading a computer system, network, or website with traffic to disrupt normal functioning and deny access to
legitimate users.

11.Man-in-the-Middle (MitM) Attacks: Intercepting and potentially altering communications between two parties without their knowledge, often to
steal sensitive information.

12.Cyberstalking: Harassment or stalking conducted online, involving persistent and unwanted communication or threats.

13.Online Scams: Various deceptive schemes conducted online, such as lottery scams, inheritance scams, and romance scams, aimed at defrauding
individuals.

14.Social Engineering: Manipulating individuals into divulging confidential information or performing actions that may compromise security, often
through psychological manipulation.

15.Cryptojacking: Illegally using someone else's computer to mine cryptocurrency without their knowledge or consent.

16.IoT (Internet of Things) Exploitation: Exploiting vulnerabilities in connected devices, such as smart home devices or industrial IoT systems, to gain
unauthorized access or control
What is the Digital Payments
◦ Digital payments refer to transactions conducted through electronic means without the use of physical cash or checks. These
payments leverage digital technologies and various electronic platforms to transfer money or make financial transactions. Digital
payments have become increasingly popular due to their convenience, speed, and efficiency.

1. Mobile Wallets: Mobile wallets are digital applications that allow users to store payment information, such as credit/debit card
details or bank account information, on their mobile devices. Users can then make payments by scanning QR codes, tapping their
devices, or entering payment details directly into the app.
2. Online Banking Transfer: Users can initiate digital payments through online banking platforms, transferring funds between
accounts or making payments to merchants or individuals.
3. Credit and Debit Cards: Traditional plastic cards with embedded microchips or magnetic stripes can be used for digital payments
by swiping, tapping, or inserting the card into a point-of-sale (POS) terminal.
4. Contactless Payments: Payments made by tapping or waving a contactless-enabled card, mobile device, or wearable over a
contactless-enabled POS terminal. Near Field Communication (NFC) technology is commonly used for contactless payments.
5. Peer-to-Peer (P2P) Transfers: Digital payments made directly between individuals using P2P payment services. Users can transfer
money to friends, family, or colleagues using mobile apps or online platforms.
6. Digital Wallets: Digital wallets go beyond mobile wallets and often include a broader range of features. They may store payment
cards, loyalty cards, boarding passes, and more. Examples include Apple Pay, Google Pay, and Samsung Pay.
7. Cryptocurrency Transactions: Digital or virtual currencies, such as Bitcoin and Ethereum, can be used for peer-to-
peer transactions or to make purchases from merchants that accept cryptocurrencies.

8.Online Payment Platforms: Platforms like PayPal, Venmo, and Square enable users to make digital payments for
goods and services, as well as send money to friends or family.

9.Prepaid Cards: Cards that are preloaded with a specific amount of money, allowing users to make purchases up to
the card's value. These cards can be physical or digital.

10.Biometric Payments: Payments authenticated using biometric data such as fingerprints, facial recognition, or iris
scans. Biometric payment methods enhance security and reduce the reliance on traditional authentication methods
like passwords.

11.Subscription Payments: Regular, automated payments made on a recurring basis for services or subscriptions. This
is often used for streaming services, software subscriptions, and other ongoing services.
What is the Various Search Engines
◦ There are several search engines available on the internet, each with its own algorithms and features. Here are some of the most popular search engines.
1. Google: Google is the most widely used search engine globally. It uses a complex algorithm to deliver relevant and accurate search results. Google also offers
various other services, including Google Images, Google Maps, and Google Scholar.
2. Bing: Bing is Microsoft's search engine and serves as the default search engine for Microsoft Edge. It provides web search, image search, video search, and maps.
3. Yahoo: Yahoo is a web services provider that includes a search engine. While it is not as popular as Google, it offers a range of services, including Yahoo Mail, Yahoo
Finance, and Yahoo News.
4. Baidu: Baidu is a Chinese search engine and the most popular in China. It provides web search, image search, video search, and other services.
5. Yandex: Yandex is a Russian search engine that also operates in other countries. It offers web search, images, videos, and maps, and is known for its focus on
providing relevant results for users in Russia.
6. DuckDuckGo: DuckDuckGo is a privacy-focused search engine that emphasizes user anonymity and does not track or store personal information. It provides web
search results and has gained popularity among users who prioritize privacy.
7. Ask.com: Formerly known as Ask Jeeves, Ask.com allows users to ask questions in a natural language format. It provides answers based on web pages, images, and
videos.
8. AOL Search: AOL Search is the search engine associated with AOL (America Online). It provides web search and integrates with AOL's other services.
9. Ecosia: Ecosia is a search engine that focuses on environmental sustainability. It uses revenue generated from ads to fund tree-planting projects around the world.
10.Startpage: Startpage is another privacy-focused search engine that emphasizes user anonymity. It provides Google search results without tracking users' personal
information.
11.Qwant: Qwant is a privacy-oriented search engine that aims to provide neutral and unbiased search results. It does not track users or filter content based on user
profiles.
12.Swisscows: Swisscows is a family-friendly search engine developed in Switzerland. It uses artificial intelligence and semantic data recognition to provide search
results.
 Introduction to Auditing
Auditing of computer security, also known as cybersecurity auditing or information systems auditing, involves a
systematic examination of an organization's computer systems, networks, and information security practices to assess
their effectiveness, identify vulnerabilities, and ensure compliance with security policies and standards. This type of
audit aims to safeguard digital assets, protect against cyber threats, and ensure the confidentiality, integrity, and
availability of information.
1.Purpose of Auditing:
1. Verification: Auditing verifies the accuracy and reliability of financial statements, ensuring that they present a true and fair view of an
organization's financial position.
2. Compliance: Auditors assess whether an entity adheres to applicable laws, regulations, and internal policies.
3. Operational Efficiency: Audits can evaluate the efficiency and effectiveness of operations, identifying areas for improvement.

2.Types of Audits:
1. Financial Audits: Focus on examining an organization's financial statements and reporting to ensure accuracy, completeness, and compliance
with accounting standards.
2. Operational Audits: Assess the efficiency and effectiveness of an organization's operations and internal processes.
3. Compliance Audits: Verify adherence to laws, regulations, and internal policies.
4. Information Systems (IS) Audits: Evaluate the security and reliability of an organization's information systems.
5. Internal Audits: Conducted by internal auditors within an organization to assess and improve internal controls and operational efficiency.
6. External Audits: Conducted by independent external auditors to provide an unbiased assessment, often for regulatory or statutory purposes.
3. Key Participants in Auditing:
1. Auditors: Professionals responsible for conducting audits. They can be internal auditors employed by the organization or
external auditors from independent audit firms.
2. Management: The individuals responsible for the day-to-day operations and financial reporting of the organization being
audited.
3. Audit Committee: A committee of the board of directors responsible for overseeing the organization's financial reporting and
audit processes.

4.Audit Process:
1. Planning: Establishing the scope, objectives, and methodology for the audit.
2. Fieldwork: Conducting the actual audit, gathering evidence, and testing controls and processes.
3. Reporting: Communicating the findings and conclusions of the audit through an audit report.
4. Follow-Up: Monitoring the implementation of recommendations and corrective actions.

5. Audit Standards:
1. Generally Accepted Auditing Standards (GAAS): A set of guidelines and principles that auditors should follow when
conducting audits. These standards help ensure consistency and quality in audit processes.

6.Independence and Objectivity:

1. Independence: Auditors must maintain independence from the entity being audited to ensure impartiality and objectivity.
2. Objectivity: Auditors should approach their work with an unbiased and impartial mindset, free from conflicts of interest.
7. Ethical Considerations:
1. Professional Ethics: Auditors adhere to a code of professional ethics, emphasizing integrity, confidentiality,
and professional competence.

8.Audit Report:
1. Findings: The results of the audit, including any material misstatements, non-compliance issues, or
operational inefficiencies.
2. Opinion: The auditor's overall assessment of the fairness and accuracy of the financial statements.
What is the Deep Web
◦
The deep web, sometimes also called the dark web, refers to parts of the internet that are not indexed by traditional search engines and are
not easily accessible to the general public. It is important to note that the deep web is distinct from the dark web, although the terms are
sometimes used interchangeably.
1. Deep Web:
• Definition: The deep web refers to all parts of the internet that are not indexed by conventional search engines like Google, Bing, or Yahoo.
This includes databases, password-protected websites, academic databases, personal email accounts, and other content that is not accessible
through typical web searches.
• Characteristics:
• Content is not indexed by search engines, making it non-searchable.
• Requires specific access credentials, such as login credentials, to access.
• Encompasses a significant portion of the internet, including private databases, academic resources, and other legitimate content.

2. Dark Web:
• Definition: The dark web is a small portion of the deep web that has been intentionally hidden and is often associated with illegal activities. It
requires specific software, configurations, or authorization to access. Cryptocurrencies are commonly used for transactions on the dark web
to maintain anonymity.
• Characteristics:
• Inaccessible through standard web browsers.
• Often associated with illegal activities, including the sale of drugs, hacking tools, stolen data, and other illicit goods and services.
• Provides a degree of anonymity for users.
What is the VAPT
◦ VAPT stands for Vulnerability Assessment and Penetration Testing. It is a comprehensive security testing approach used to identify and
address vulnerabilities in computer systems, networks, and applications. VAPT involves two main components: vulnerability assessment
and penetration testing.
1. Vulnerability Assessment:
• Objective: To identify and quantify vulnerabilities in a system, network, or application.
• Process:
• Scanning and Analysis: Automated tools are often used to scan the target for known vulnerabilities. This includes using vulnerability scanners to
identify weaknesses such as outdated software, misconfigurations, and other common issues.
• Assessment of Security Controls: Reviewing and assessing the effectiveness of security controls and measures in place, such as firewalls, access
controls, and encryption.
• Risk Prioritization: Assessing the identified vulnerabilities based on their potential impact and likelihood of exploitation.

2. Penetration Testing:
• Objective: To simulate real-world cyberattacks and attempt to exploit vulnerabilities to understand the potential impact on the system.
• Process:
• Manual Testing: Skilled ethical hackers, also known as penetration testers, use various techniques to exploit vulnerabilities. This involves attempting
to gain unauthorized access, escalate privileges, or execute specific attacks.
• Simulation of Attacks: Simulating different types of cyberattacks, such as phishing, denial-of-service (DoS), or SQL injection, to test the system's
resilience.
• Reporting: Providing detailed reports on successful and unsuccessful attack attempts, along with recommendations for mitigating vulnerabilities
and improving security.
3. Benefits of VAPT:
3. Identification of Weaknesses: VAPT helps identify vulnerabilities and weaknesses in a proactive manner,
allowing organizations to address them before they can be exploited by malicious actors.
4. Security Improvement: By understanding the potential risks and weaknesses, organizations can take steps to
improve their overall security posture.
5. Compliance: VAPT is often required for compliance with industry regulations and standards to ensure that
security measures are in place and effective.
6. Risk Management: VAPT assists in identifying and managing cybersecurity risks, allowing organizations to
make informed decisions about their security investments.

4.Challenges:
1. False Positives and Negatives: Automated tools may produce false positives (identifying vulnerabilities that
don't exist) or false negatives (missing actual vulnerabilities). Manual testing helps mitigate these issues.
2. Resource Intensive: VAPT can be resource-intensive and may disrupt normal business operations. Proper
planning and coordination are essential to minimize disruptions.

VAPT is an integral part of a comprehensive cybersecurity strategy, providing organizations with insights into their
security vulnerabilities and helping them establish effective countermeasures to protect against potential cyber
threats. Regular VAPT assessments are crucial for maintaining a strong and resilient security posture
Smartphone Operating systems
Smartphones use various operating systems (OS) to manage the device's hardware and software. Different manufacturers may use different operating systems for their
smartphones. As of my knowledge cutoff in January 2022, here are some of the major smartphone operating systems:
1. Android:
1. Developed by: Google
2. Description: Android is an open-source operating system based on the Linux kernel. It is widely used by many smartphone manufacturers. Google provides
the Android OS, and it offers a high level of customization for device manufacturers.
2. iOS:
1. Developed by: Apple Inc.
2. Description: iOS is the operating system exclusively used by Apple's iPhone, iPad, and iPod Touch devices. It is a closed-source system, tightly integrated
with Apple's hardware and software ecosystem. iOS is known for its user-friendly interface and smooth user experience.
3. HarmonyOS:
1. Developed by: Huawei
2. Description: HarmonyOS is developed by Huawei and is designed to work across a range of devices, including smartphones, tablets, smart TVs, and other
smart devices. It aims to provide a seamless and consistent experience across various platforms.
4. KaiOS:
1. Developed by: KaiOS Technologies
2. Description: KaiOS is a lightweight, web-based operating system designed for feature phones and entry-level smartphones. It focuses on providing
essential smartphone functionality while being resource-efficient.
5. Samsung One UI (formerly Tizen):
1. Developed by: Samsung
2. Description: Originally Tizen, Samsung has shifted towards using its One UI interface, based on Android. However, Samsung still uses Tizen for some of its
smartwatches, smart TVs, and other smart devices.
6. Windows 10 Mobile (Discontinued):
1. Developed by: Microsoft
2. Description: Windows 10 Mobile was the mobile version of Microsoft's Windows 10 operating system. However, Microsoft announced the end of support
for Windows 10 Mobile, and it is no longer actively developed.
Introduction to compliances
◦ In the context of computer security, compliance refers to adhering to and meeting specific standards, regulations, or guidelines that are
established to ensure the confidentiality, integrity, and availability of information and systems. Compliance in computer security is
essential for organizations to demonstrate their commitment to protecting sensitive data, maintaining a secure environment, and
mitigating the risks of cybersecurity threats.
1. Purpose of Compliance:
1. Legal and Regulatory Requirements: Governments and industry regulators establish laws and regulations that mandate specific cybersecurity
practices to protect personal and sensitive information. Compliance ensures that organizations meet these legal obligations.
2. Data Protection and Privacy: Compliance frameworks often include requirements for safeguarding personal data and respecting individual privacy
rights.
3. Risk Management: Following established security standards helps organizations identify and mitigate cybersecurity risks, reducing the likelihood of
data breaches and security incidents.
4. Industry Standards: Many sectors have industry-specific standards that organizations must adhere to. Compliance demonstrates a commitment to
meeting these industry-specific security requirements.

2. Common Compliance Standards and Frameworks:

1. General Data Protection Regulation (GDPR): Enforced by the European Union (EU), GDPR focuses on protecting the privacy and personal data of EU
citizens.
2. Health Insurance Portability and Accountability Act (HIPAA): Applies to the healthcare industry in the United States, ensuring the security and
privacy of patients' health information.
3. Payment Card Industry Data Security Standard (PCI DSS): A set of requirements for organizations that handle credit card transactions, ensuring the
secure processing of payment card data.
4. ISO/IEC 27001: An international standard for information security management systems, providing a framework for establishing, implementing,
maintaining, and continually improving security measures.
5. National Institute of Standards and Technology (NIST) Cybersecurity Framework: Developed by NIST, this framework provides guidelines for
improving and assessing an organization's cybersecurity posture.
3. Key Components of Compliance:
1. Risk Assessment: Identifying and assessing cybersecurity risks to determine the measures needed for effective risk management.
2. Security Policies and Procedures: Establishing and documenting security policies, procedures, and guidelines to guide the organization's
security practices.
3. Security Controls: Implementing technical and organizational controls to protect information and systems. This includes access controls,
encryption, and monitoring.
4. Incident Response and Reporting: Developing plans and procedures for responding to and reporting security incidents, ensuring a timely and
effective response.
5. Training and Awareness: Providing security training and awareness programs for employees to enhance their understanding of security risks
and best practices.

4.Consequences of Non-Compliance:
1. Legal Penalties: Non-compliance with applicable regulations can result in legal consequences, including fines and legal action.
2. Reputational Damage: Failure to meet compliance standards can lead to reputational damage, loss of customer trust, and negative publicity.
3. Financial Loss: Security incidents resulting from non-compliance can lead to financial losses, including the costs associated with incident
response, recovery, and potential legal actions.

5.Audits and Assessments:

1. Internal Audits: Organizations conduct internal audits to assess their compliance with established standards and identify areas for
improvement.
2. External Audits: Independent third-party auditors may perform external audits to validate an organization's compliance and provide assurance
to stakeholders.
Globalization and border less world