Cybersecurity

UNIT - I
Introduction to Cyber Security: Basic Cyber Security Concepts, layers of security,
Vulnerability, threat, Harmful acts, Internet Governance – Challenges and Constraints, Computer
Criminals, CIA Triad, Assets, and Threats, the motive of attackers, active attacks, passive
attacks, Software attacks, hardware attacks, Cyber Threats-Cyber Warfare, Cyber Crime, Cyber
terrorism, Cyber Espionage, etc…, Comprehensive Cyber Security Policy.

UNIT - II
Cyberspace and the Law & Cyber Forensics: Introduction, Cyber Security Regulations, Roles
of International Law. The INDIAN Cyberspace, National Cyber Security Policy.
Introduction, Historical background of Cyber forensics, Digital Forensics Science, The Need for
Computer Forensics, Cyber Forensics, and Digital evidence, Forensics Analysis of Email, Digital
Forensics Lifecycle, Forensics Investigation, Challenges in Computer Forensics

UNIT - III
Cybercrime: Mobile and Wireless Devices: Introduction, Proliferation of Mobile and Wireless
Devices, Trends in Mobility, Credit Card Frauds in Mobile and Wireless Computing Era,
Security Challenges Posed by Mobile Devices, Registry Settings for Mobile Devices,

Cybersecurity 1
 Authentication Service Security, Attacks on Mobile/Cell Phones, Organizational security
Policies, and Measures in Mobile Computing Era, Laptops.

UNIT - IV
Cyber Security: Organizational Implications: Introduction, cost of cybercrimes and IPR
issues, web threats for organizations, security, and privacy implications, social media marketing:
security risks and perils for organizations, social computing, and the associated challenges for
organizations.

UNIT - V
Privacy Issues: Basic Data Privacy Concepts: Fundamental Concepts, Data Privacy Attacks,
Data linking and profiling, privacy policies and their specifications, privacy policy languages,
privacy in different domains- medical, financial, etc…

Cybercrime: Examples and Mini-Cases

Examples: Official Website of Maharashtra Government Hacked, Indian Banks Lose Millions of
Rupees, Parliament Attack, Pune City Police Bust Nigerian Racket, e-mail spoofing instances.
MiniCases: The Indian Case of Online Gambling, An Indian Case of Intellectual Property
Crime, Financial Frauds in Cyber Domain.

󾠮 Unit-I: Introduction to Cyber Security

󾠯 Unit-II: Cyberspace and the Law & Cyber Forensics
󾠰 Unit-III: Cybercrime: Mobile & Wireless
󾠱 Unit-IV: Cyber Security: Organizational Implications
󾠲 Unit-V: Privacy Issues: Basic Data Privacy Concepts

Cybersecurity 2
 󾠮
Unit-I: Introduction to Cyber
Security
Introduction to Cyber Security: Basic Cyber Security Concepts, Layers of security,
Vulnerability, Threat, Harmful acts, Internet Governance – Challenges and Constraints,
Computer Criminals, CIA Triad, Assets, and Threats, the motive of attackers, active attacks,
passive attacks, Software attacks, Hardware attacks, Cyber Threats-Cyber Warfare, Cyber Crime,
Cyber terrorism, Cyber Espionage, etc…, Comprehensive Cyber Security Policy.

Basic Cyber Security Concepts

Cybersecurity is the way to prevent servers, devices, electronic systems, and networks from
digital attacks, and damage. It is essential for the integrity of data and systems in every field
where data is present. Various forms of cybersecurity threats include viruses, worms, malware,
ransomware, phishing attacks, and hacking.
Organizations and Individuals use modern technologies to protect their systems and data from
upcoming threats and damage. This includes measures such as firewalls, antivirus software,
encryption, strong passwords, and user authentication. The following cybersecurity tutorial
covers all the basic aspects of cybersecurity necessary for a beginner and advanced concepts for
an experienced professional.

Unit-I: Introduction to Cyber Security 1

 Cyber security is the shielding of web-associated systems, for example, hardware, software, and
information from cyber dangers. The training is utilized by people and ventures to defend against
unapproved access to servers and other electronic systems.

What is Cyber Security?

Cybersecurity is primarily about people, processes, and technologies working together to
encompass the full range of threat reduction, vulnerability reduction, deterrence, international
engagement, incident response, resiliency, and recovery policies and activities, including
computer network operations, information assurance, law enforcement, etc…
(OR)
Cyber security is the body of technologies, processes, and practices designed to protect networks,
computers, programs, and data from attack, damage, or unauthorized access.

The term cyber security refers to techniques and practices designed to protect digital data.

The data that is stored, transmitted, or used on an information system.

(OR)
Cyber security is the protection of Internet-connected systems, including hardware, software, and
data from cyber-attacks.
It is made up of two words one is cyber and the other is security.

Cyber is related to the technology which contains systems, networks, and programs or data.

Whereas security is related to protection which includes systems security, network security,
and application and information security.

Cyber security is the practice of defending computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks. It's also known as information technology
security or electronic information security. The term applies in a variety of contexts, from
business to mobile computing, and can be divided into a few common categories.

Network security is the practice of securing a computer network from intruders, whether
targeted attackers or opportunistic malware.

Application security focuses on keeping software and devices free of threats. A

compromised application could provide access to the data it’s designed to protect.
Successful security begins in the design stage, well before a program or device is deployed.

Unit-I: Introduction to Cyber Security 2

 Information security protects the integrity and privacy of data, both in storage and in
transit.

Operational security includes the processes and decisions for handling and protecting data
assets. The permissions users have when accessing a network and the procedures that
determine how and where data may be stored or shared all fall under this umbrella.

Disaster recovery and business continuity define how an organization responds to a cyber-
security incident or any other event that causes the loss of operations or data. Disaster
recovery policies dictate how the organization restores its operations and information to
return to the same operating capacity as before the event. Business continuity is the plan the
organization falls back on while trying to operate without certain resources.

End-user education addresses the most unpredictable cyber-security factor: people. Anyone
can accidentally introduce a virus to an otherwise secure system by failing to follow good
security practices. Teaching users to delete suspicious email attachments, not plug in
unidentified USB drives, and various other important lessons is vital for the security of any
organization.

Why is Cybersecurity important?

Cybersecurity is a part of information security that relates to the protection of computers,
networks, programs, and data against unauthorized access. As cybersecurity includes the
protection of both company and personal data, the fields of cybersecurity and data protection
overlap. The security objectives of confidentiality, integrity, and availability are of paramount
importance to both elements of information security.

Cybersecurity is important for several reasons:

1. Protection of Sensitive Information: Cybersecurity measures are crucial for safeguarding

sensitive information, such as personal data, financial records, intellectual property, and
trade secrets. Breaches in security can result in unauthorized access, data theft, financial
losses, reputational damage, and legal consequences.

2. Privacy Preservation: In an increasingly digital world, protecting individuals' privacy is of

utmost importance. Cybersecurity ensures that personal information remains confidential,
and individuals have control over how their data is collected, stored, and shared.

3. Prevention of Financial Losses: Cyberattacks can have significant financial implications

for individuals, businesses, and governments. Cybersecurity measures help prevent financial

Unit-I: Introduction to Cyber Security 3

 losses by reducing the risk of fraud, theft, ransomware attacks, business disruptions, and
costly data breaches.

4. Safeguarding Critical Infrastructure: Critical infrastructure, such as power grids,

transportation systems, healthcare facilities, and government networks, relies heavily on
interconnected computer systems. Cybersecurity is essential to protect these vital systems
from cyber threats that could cause widespread disruptions, economic damage, and even
threats to public safety.

5. Protection of Intellectual Property: Intellectual property (IP) includes patents, copyrights,

trademarks, and trade secrets. Effective cybersecurity measures safeguard valuable IPs from
theft, unauthorized access, or exploitation, preserving the competitive advantage and
innovation of individuals and organizations.

6. Maintaining Trust and Reputation: A strong cybersecurity posture helps build trust
among customers, partners, and stakeholders. By demonstrating a commitment to protecting
data and systems, organizations can maintain their reputation and credibility, which is
critical for long-term success.

7. Compliance with Regulations: Various regulations and laws exist to protect data privacy,
secure customer information, and prevent cybercrimes. Adhering to these regulations, such
as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and
Accountability Act (HIPAA), is essential to avoid legal consequences and financial
penalties.

8. National Security: Cybersecurity plays a vital role in national security by protecting

government networks, critical infrastructure, military systems, and classified information
from cyber threats posed by nation-states, cybercriminals, hacktivists, and other malicious
actors.

9. Mitigation of Disruptions and Downtime: Cybersecurity measures, such as firewalls,

intrusion detection systems, and incident response plans, help detect, prevent, and mitigate
cyber incidents. By minimizing disruptions and downtime caused by cyberattacks,
organizations can ensure uninterrupted operations and minimize financial and operational
losses.

10. Personal Safety: With the increasing integration of technology into everyday life,
cybersecurity also contributes to personal safety. It protects individuals from cyberstalking,
identity theft, online scams, and other cybercrimes that can have significant personal and
psychological consequences.

Unit-I: Introduction to Cyber Security 4

 Listed below are the reasons why cyber security is so important in what’s become a
predominantly digital world:

Cyber attacks can be extremely expensive for businesses to endure.

In addition to financial damage suffered by the business, a data breach can also inflict untold
reputational damage.

Cyber-attacks these days are becoming progressively destructive. Cybercriminals are using
more sophisticated ways to initiate cyber attacks.

Regulations such as GDPR are forcing organizations into taking better care of the personal
data they hold.

Because of the above reasons, Cyber Security has become an important part of the business and
the focus now is on developing appropriate response plans that minimize the damage in the event
of a cyber attack.

But, an organization or an individual can develop a proper response plan only when he has a
good grip on cyber security fundamentals.

Elements of Cybersecurity
Cyber security is the shielding of web-associated systems, for example, hardware, software, and
information from cyber dangers. The training is utilized by people and ventures to defend against
unapproved access to servers and other electronic systems.
Various elements of cyber security are given below:

Unit-I: Introduction to Cyber Security 5

 Let’s see an explanation of the elements in detail:

1. Application Security: Application security is the principal key component of cyber security
which adds security highlights inside applications during the improvement time frame to
defend against cyberattacks.

It shields sites and online applications from various sorts of cyber security dangers which
exploit weaknesses in source code. Application security is tied in with keeping software
applications away from dangers. The general focus of application security is on cloud
service-based organizations.

Due to the misconfiguration of settings, the data of the cloud gets insecure.

The fundamental reason for cloud application misconfiguration are:

Absence of attention to cloud security approaches

Absence of sufficient controls and oversight

Utilization of such a large number of connection points to oversee.

Vulnerabilities of Application: Denial-of-service (DoS) and Distributed denial-of-

service(DDoS) attacks are used by some isolated attackers to flood a designated server or
the framework that upholds it with different sorts of traffic.

This traffic in the end keeps real users from getting to the server, making it shut down. A
strategy called SQL injection (SQLi) is used by hackers to take advantage of database

Unit-I: Introduction to Cyber Security 6

 flaws. These hackers, specifically, can uncover user personalities and passwords and can
also create, modify and delete data without taking permission from the user.

Types of Application Security: The types of Application Security are Authentication,

Authorization, Encryption, Logging, and Application security testing.
Tools of Application Security: The various tools of application security
are firewalls, antivirus, encryption techniques, and web application firewalls that protect
applications from threats.

2. Information Security: Information Security is the component of cyber security that denotes
the methods for defending unapproved access, use, revelation, interruption, modification, or
deletion of information. The protection of the companies data, code, and information that is
collected by the company from their clients and users is protected by Information security.
The primary standards and principles of Information security are Confidentiality, Integrity,
and Availability. Together it is called as CIA.

Confidentiality: The protection of information of authorized clients which allows them to

access sensitive information is known as Confidentiality. For example, assuming we say X
has a password for my Facebook account yet somebody saw while X was doing a login into
the Facebook account. All things considered, my password has been compromised and
Confidentiality has been penetrated.
Integrity: The maintaining of consistency, accuracy, and completeness of the information is
known as Integrity. Information cannot be modified in an unapproved way. For example, in
an information break that compromises the integrity, a programmer might hold onto
information and adjust it before sending it on to the planned beneficiary. Some security

Unit-I: Introduction to Cyber Security 7

 controls intended to keep up with the integrity of information include Encryption, Controls
of Client Access, Records Control, Reinforcement, recovery methodology, and Detecting
error.
Availability: The information which can be accessed at any time whenever authorized users
want. There are primarily two dangers to the accessibility of the system which are as per the
following:

Denial of Service.

Loss of Data Processing Capabilities

3. Network Security: Network security is the security given to a network from unapproved
access and dangers. Network heads must embrace preventive measures to safeguard their
networks from potential security dangers. Network security is one more element of IT
security which is a method of defending and preventing unapproved access to computer
networks.

Network Security Strategies: There are numerous strategies to further develop

network security and the most well-known network security parts are as per following:
Firewalls, Antivirus, Email Security, Web Security, and Wireless Security.

Network Security Software: There are different types of tools that can shield a
computer network like Network firewalls, Cloud application firewalls, Web application
firewalls, etc…

4. Disaster Recovery Planning/Business Continuity Planning: The planning that describes

the continuity of work in a fast and efficient way after a disaster is known as Disaster
Recovery Planning or Business Continuity Planning. A disaster recovery technique should
begin at the business level and figure out which applications are generally vital to run the
activities of the association. Business continuity planning (BCP) is tied in with being ready
for cyber danger by distinguishing dangers to the association on schedule and examining
how activities might be impacted and how to conquer that.

The primary objectives of disaster recovery planning include:

1. Protect the organization during a disaster

2. Giving a conviction of security

3. Limiting the risk of postponements

4. Ensuring the dependability of backup systems

Unit-I: Introduction to Cyber Security 8

 5. Giving a standard to testing the plan.

6. Limiting decision-production during a disaster

Disaster Recovery Planning Categories: The categories of Disaster Recover Planning are:

Data Center disaster recovery

Cloud applications disaster recovery

Service-based disaster recovery

Virtual disaster recovery

Steps of Disaster Recovery Planning:

The steps are:

Acquire Top Management Commitment.

Planning panel establishment.

Performing risk management.

Establish priorities for handling tasks.

Decide Recovery Strategies.

Data Collection.

Record a composed plan.

Build testing rules and methods.

Plan testing.

Support the plan.

5. Operational Security: The process that encourages the managers to see the activities
according to the viewpoint of a hacker to protect sensitive data from various threats is
known as Operational Security (OPSEC)n or Procedural security. Operations security
(OPSEC) is utilized to defend the functions of an association. It tracks basic data and
resources to distinguish weaknesses that exist in the useful technique.

Steps of Operational Security: There are five stages to deal with the operational security
program, which are as per the following:

Characterize the association’s delicate data

Unit-I: Introduction to Cyber Security 9

 Distinguish the types of dangers

Investigate security openings and weaknesses

Evaluation of Risks

Execution of accurate countermeasures

Practices of Operational Security: The best practices of Operational Securities are:

Implement exact change management processes

Limit access to network devices

Minimum access to the employees

Carry out double control

Task automation

Reaction and disaster recovery planning

6. End User Education: End-user training is most the significant element of computer
security. End users are turning into the biggest security threat in any association since it can
happen whenever. One of the primary errors that lead to information breaks is human
mistakes. An association should prepare its workers for cybersecurity. Each representative
should know about phishing attacks through messages and interfaces and can manage cyber
dangers.
Threats of End-User: There are many reasons, that danger can be made. The end-user
dangers can be made in the following ways:

Utilizing Social Medi.

Text Messaging.

Utilization of Email.

Applications Download.

Creation and irregular uses of passwords.

Confidentiality in Cybersecurity
Confidentiality is the protection of information in the system so that an unauthorized person
cannot access it. This type of protection is most important in military and government

Unit-I: Introduction to Cyber Security 10

 organizations that need to keep plans and capabilities secret from enemies.
However, it can also be useful to businesses that need to protect their proprietary trade secrets
from competitors or prevent unauthorized persons from accessing the company’s sensitive
information (e.g., legal, personal, or medical information).
Privacy issues have gained an increasing amount of attention in the past few years, placing the
importance of confidentiality on protecting personal information maintained in automated
systems by both government agencies and private-sector organizations.
Confidentiality must be well-defined, and procedures for maintaining confidentiality must be
carefully implemented. A crucial aspect of confidentiality is user identification and
authentication. Identification of each system user is essential to ensure the effectiveness of
policies that specify who is allowed access to which data items.

Integrity in Cybersecurity
Integrity is the protection of system data from intentional or accidental unauthorized changes.
The challenges of the security program are to ensure that data is maintained in the state that is
expected by the users. Although the security program cannot improve the accuracy of the data
that is put into the system by users. It can help ensure that any changes are intended and correctly
applied. An additional element of integrity is the need to protect the process or program used to
manipulate the data from unauthorized modification.

A critical requirement of both commercial and government data processing is to ensure the
integrity of data to prevent fraud and errors. It is imperative, therefore, no user be able to modify
data in a way that might corrupt or lose assets or financial records or render decision-making
information unreliable.
Examples of government systems in which integrity is crucial include air traffic control systems,
military fire control systems, and social security and welfare systems. Examples of commercial
systems that require a high level of integrity include medical prescription systems, credit
reporting systems, production control systems, and payroll systems.

Availability in Cybersecurity
Availability is one of the three basic functions of security management that are present in all
systems. Availability is the assertion that a computer system is available or accessible by an
authorized user whenever it is needed. Systems have a high order of availability to ensure that
the system operates as expected when needed. Availability provides the building of a fault

Unit-I: Introduction to Cyber Security 11

 tolerance system in the products. It also ensures backup processing by including hot and cold
sites in the disaster recovery planning.

There are mainly two threats to the availability of the system which are as follows:

1. Denial of Service: Denial of Service specifies actions that lock up computing services in a
way that the authorized users are unable to use the system whenever needed.

2. Loss of Data Processing Capabilities: The loss of data processing capabilities is generally
caused by natural disasters or human actions is perhaps more common.

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to
alter computer code, logic, or data and leads to cybercrimes, such as information and identity
theft.

We are living in a digital era. Now a day, most people use computers and the Internet. Due to the
dependency on digital things, illegal computer activity is growing and changing like any type of
crime.

Cyber-Attacks can be classified into the following categories:

Web-based Attacks
These are the attacks that occur on a website or web applapplicationme the important web-based
attacks are as follows:

1. Injection Attacks: It is an attack in which some data will be injected into a web application
to manipulate the application and fetch the required information.

Unit-I: Introduction to Cyber Security 12

 Examples: SQL Injection, Code Injection, log Injection, XML Injection, etc…

2. DNS Spoofing: DNS Spoofing is a type of computer security hacking. Whereby data is
introduced into a DNS resolver's cache causing the name server to return an incorrect IP
address, diverting traffic to the attacker’s computer or any other computer. The DNS
spoofing attacks can go on for a long period without being detected and can cause serious
security issues.

3. Session Hijacking: It is a security attack on a user session over a protected network. Web
applications create cookies to store the state and user sessions. By stealing the cookies, an
attacker can have access to all of the user data.

4. Phishing: Phishing is a type of attack that attempts to steal sensitive information like user
login credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthy entity in electronic communication.

5. Brute Force: It is a type of attack that uses a trial and error method. This attack generates a
large number of guesses and validates them to obtain actual data like user passwords and
personal identification numbers. This attack may be used by criminals to crack encrypted
data, or by security, analysts to test an organization's network security.

6. Denial of Service: It is an attack meant to make a server or network resource unavailable to

the users. It accomplishes this by flooding the target with traffic or sending it information
that triggers a crash. It uses a single system and a single internet connection to attack a
server. It can be classified into the following:

Volume-based attacks: Its goal is to saturate the bandwidth of the attacked site, and is
measured in bits per second.
Protocol attacks: It consumes actual server resources, and is measured in a packet.
Application layer attacks: Its goal is to crash the web server and is measured in requests
per second.

7. Dictionary Attacks: This type of attack stored the list of commonly used papasswordsnd
and validated them to get the original password.

8. URL Interpretation: It is a type of attack where we can change certain parts of a URL, and
one can make a web server to deliver web pages for which he is not authorized to browse.

9. File Inclusion Attacks: It is a type of attack that allows an attacker to access unauthorized
or essential files which is available on the web server or to execute malicious files on the

Unit-I: Introduction to Cyber Security 13

 web server by making use of the included functionality.

10. Man in the Middle Attacks: It is a type of attack that allows an attacker to intercept the
connection between client and server and acts as a bridge between them. Due to this, an
attacker will be able to read, insert and modify the data in the intercepted connection.

System-Based Attacks
These are the attacks that are intended to compromise a computer or a computer network. Some
of the important system-based attacks are as follows:

1. Virus:
It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates
by inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.

2. Worm:
It is a type of malware whose primary function is to replicate itself to spread to uninfected
computers. It works same as a computer virus. Worms often originate from email
attachments that appear to be from trusted senders.

3. Trojan Horse: It is a malicious program that occurs unexpected changes to computer

settings and unusual activity, even when the computer should be idle. It misleads the user of
its true intent. It appears to be a normal application but when opened/executed some
malicious code will run in the background.

4. Backdoors: It is a method that bypasses the normal authentication process. A developer

may create a backdoor so that an application or operating system can be accessed for
troubleshooting or other purposes.

5. Bots: A bot (short for "robot") is an automated process that interacts with other network
services. Some bots program run automatically, while others only execute commands when
they receive specific input. Common examples of bot programs are the crawler, chatroom
bots, and malicious bots.

Layers of Cybersecurity

Unit-I: Introduction to Cyber Security 14

 Cybersecurity shouldn’t be a single piece of technology that improves security. Rather, it should
be a layered approach with multiple facets to ensure comprehensive protection.
It’s important to understand what a layered approach consists of. Generally, there are 7 layers of
cybersecurity to consider. Below, we explore what these are and why they are important.

The Seven Layers Of Cybersecurity

1. Mission-Critical Assets:
This is data that is critical to protect. Whether businesses would like to admit it or not, they
face malicious forces daily. The question is how are leaders dealing with this type of
protection? And what measures have they put in place to guard against breaches?
An example of mission-critical assets in the Healthcare industry is Electronic Medical
Record (EMR) software. In the financial sector, its customer’s financial records.
THIS IS THE DATA YOU NEED TO PROTECT!

Unit-I: Introduction to Cyber Security 15

 2. Data Security: Data security is when there are security controls put in place to protect both
the transfer and the storage of data. There has to be a backup security measure in place to
prevent the loss of data, This will also require the use of encryption and archiving.
Data security is an important focus for all businesses as a breach of data can have dire
consequences.
DATA SECURITY CONTROLS PROTECT THE STORAGE & TRANSFER OF
DATA.

3. Endpoint Security: This layer of security makes sure that the endpoints of user devices are
not exploited by breaches. This includes the protection of mobile devices, desktops, and
laptops.
Endpoint security systems enable protection either on a network or in the cloud depending
on the needs of a business.

4. Application Security: This involves the security features that control access to an
application and that application’s access to your assets. It also includes the internal security
of the app itself.
Most of the time, applications are designed with security measures that continue to provide
protection when the app is in use.
ENDPOINT SECURITY CONTROLS PROTECT THE CONNECTION BETWEEN
DEVICES & THE NETWORK.

5. Network Security: This is where security controls are put in place to protect the business’s
network. The goal is to prevent unauthorized access to the network.
It is crucial to regularly update all systems on the business network with the necessary
security patches, including encryption. It’s always best to disable unused interfaces to
further guard against any threats.
NETWORK SECURITY CONTROLS & PROTECTS AN ORGANIZATIONS
NETWORK & PREVENTS UNAUTHORIZED ACCESS TO IT.

6. Perimeter Security: This security layer ensures that both the physical and digital security
methods protect a business as a whole. It includes things like firewalls that protect the
business network against external forces.
PERIMETER SECURITY CONTROLS INCLUDE BOTH THE PHYSICAL &
DIGITAL SECURITY METHODOLOGIES THAT PROTECT THE BUSINESS

Unit-I: Introduction to Cyber Security 16

 OVERALL.

7. The Human Layer: Despite being known as the weakest link in the security chain, the
human layer is very necessary. It incorporates management controls and phishing
simulations as an example.
These human management controls aim to protect that which is most critical to a business in
terms of security. This includes the very real threat that humans, cyber attackers, and
malicious users pose to a business.
HUMANS ARE THE WEAKEST LINK IN ANY CYBERSECURITY POSTURE.
HUMAN SECURITY CONTROLS INCLUDE PHISHING SIMULATIONS &
ACCESS MANAGEMENT CONTROLS THAT PROTECT MISSION-CRITICAL
ASSETS FROM A WIDE VARIETY OF HUMAN THREATS, INCLUDING CYBER
CRIMINALS, MALICIOUS INSIDERS, & NEGLIGENT USERS.

How To Build A Layered Cybersecurity Approach

Building a layered cybersecurity approach is a gradual and daily process. To start, you need to
take stock of your inventory to ascertain the number of devices used, systems as well as
firewalls. Then, you can add security where necessary in the different layers.

Yes, the world of work has changed and so has the opportunity for attackers to get their hands on
sensitive data.
To protect your business, do regular tests to ensure that your security controls are effective and,
most of all, that they work properly.
If you need new security solutions, it’s best to conduct a security analysis to find out what you
need. Find out whether there are quick wins through which you can achieve compliance with
industry regulations.

Building a layered cybersecurity approach will require a strategy to be effective. The reality is
that businesses need to be prepared for an attack, meaning you constantly need to test your
security measures and adjust where necessary.

In A Nutshell:
As a business, you need to have backups and a solid incident response plan that relies on
technology, people, and processes to make sure that a layered approach works as best as it
possibly can.

Unit-I: Introduction to Cyber Security 17

 The company culture needs to take security seriously. You need to ensure that you and your staff
are knowledgeable about the reality of cyberattacks and the importance of protecting data. The
best way to approach cybersecurity is to be proactive instead of reactive when threats or breaches
take place.

Vulnerability, Threat & Harmful acts

In the field of cybersecurity, there are three key concepts related to potential risks and security
breaches: vulnerability, threat, and harmful acts. Let's understand each of these terms:

Vulnerabilities
Vulnerabilities simply refer to weaknesses in a system. They make threat outcomes possible and
potentially even more dangerous. A system could be exploited through a single vulnerability, for
example, a single SQL Injection attack could give an attacker full control over sensitive data. An
attacker could also chain several exploits together, taking advantage of more than one
vulnerability to gain more control.
Let’s start with vulnerabilities. A vulnerability is a weakness, flaw, or another shortcoming in a
system (infrastructure, database, or software), but it can also exist in a process, a set of controls,
or simply just the way that something has been implemented or deployed.
There are different types of vulnerabilities, we can sum them up generally as:

Technical vulnerabilities: Like bugs in code or an error in some hardware or software.

Human vulnerabilities: Such as employees falling for phishing, smishing, or other

common attacks.

Some vulnerabilities are routine: you release something and quickly follow up with a patch for it.
The issue with the weakness is when it is unknown or undiscovered to your team. If it’s left as-is,
this weakness could be vulnerable to some attack or threat. For example, a vulnerability is
leaving your door unlocked overnight. It alone isn’t a problem, but if a certain person comes
along and enters that door, some bad, bad things might happen.
Here, the more vulnerabilities you have, the greater potential for threats and the higher your risk.
That makes sense, of course, but the sheer scale is enormous: according to UK server and
domain provider Fasthosts, organizations can have thousands — even millions! — of potential
vulnerabilities.

Unit-I: Introduction to Cyber Security 18

 Recent examples of vulnerabilities include the Microsoft Exchange vulnerabilities and
the Log4j vulnerabilities, both from 2021. The CVE is a dictionary of publically disclosed
vulnerabilities and exposures, a primary source of knowledge in the security field.
Examples of common vulnerabilities are SQL Injections, Cross-Site Scripting, server
misconfigurations, sensitive data transmitted in plain text, and more.

COMMON NETWORK VULNERABILITIES

Categories of Vulnerabilities:

1. Corrupted (Loss of INTEGRITY)

2. Leaky (Loss of CONFIDENTIALITY)

3. Unavailable or Very slow (Loss of AVAILABILITY)

Cyber Threats
In cybersecurity, the most common understanding of a threat is anything that could exploit a
vulnerability, which could affect the confidentiality, integrity or availability of your systems,
data, people, and more,. (Confidentiality, Integrity, and Availability, sometimes known as the
CIA triad, is another fundamental concept of cybersecurity.)

A more advanced definition of threat is when an adversary or attacker has the opportunity,
capability, and intent to bring a negative impact upon your operations, assets, workforce, and/or
customers.

Cyber threats, or simply threats, refer to cybersecurity circumstances or events with the potential
to cause harm by way of their outcome. A few examples of common threats include a social

Unit-I: Introduction to Cyber Security 19

 engineering or phishing attack that leads to an attacker installing a trojan and stealing private
information from your applications, political activists DDoS-ing your website, an administrator
accidentally leaving data unprotected on a production system causing a data breach, or a storm
flooding your ISP’s data center.
Cybersecurity threats are actualized by threat actors. Threat actors usually refer to persons or
entities who may potentially initiate a threat. While natural disasters, as well as other
environmental and political events, do constitute threats, they are not generally regarded as threat
actors (this does not mean that such threats should be disregarded or given less importance).
Examples of common threat actors include financially motivated criminals (cybercriminals),
politically motivated activists (hacktivists), competitors, careless employees, disgruntled
employees, and nation-state attackers.
Examples of this can include Malware, Ransomware, Phishing Attacks, and more: and the types
of threats out there will continue to evolve.
For example, your organization may have no vulnerabilities to exploit due to a solid patch
management program or strong network segmentation policies that prevent access to critical
systems. Chances are likely, however, that you do have vulnerabilities, so let’s consider the risk
factor.

TYPES OF CYBERSECURITY THREATS:

Just as some germs and diseases can attack the human body, numerous threats can affect
hardware, software, and the information you store.
Some of the major ones include the following:

1. Viruses are designed so that they can be easily transmitted from one computer or system to
another. Often sent as email attachments, viruses corrupt and co-opt data, interfere with your
security settings, generate spam, and may even delete content.

2. Computer Worms are similar; they spread from one computer to the next by sending
themselves to all of the user’s contacts and subsequently to all contacts’ contacts.

3. Trojans are malicious pieces of software insert themselves into a legitimate program. Often,
people voluntarily let trojans into their systems in email messages from a person or an
advertiser they trust. As soon as the accompanying attachment is open, your system becomes
vulnerable to the malware within.

Unit-I: Introduction to Cyber Security 20

 4. Bogus Security Software tricks users into believing that their system has been infected with
a virus. The accompanying security software that the threat actor provides to fix the problem
causes it.

5. The Adware Tracks your browsing habits and causes particular advertisements to pop up.
Although this is common and often something you may even agree to, adware is sometimes
imposed upon you without your consent.

6. Spyware is an intrusion that may steal sensitive data such as passwords and credit card
numbers from your internal systems.

7. A Denial Of Service (DOS) attack occurs when hackers deluge a website with traffic,
making it impossible to access its content. A distributed denial of service (DDOS) attack is
more forceful and aggressive since it is initiated from several servers simultaneously. As a
result, a DDOS attack is harder to mount defenses against it.

8. Phishing Attacks are social engineering infiltrations whose goal is to obtain sensitive data:
passwords and credit card numbers incorrectly. Via emails or links coming from trusted
companies and financial institutions, the hacker causes malware to be downloaded and
installed.

9. SQL Injections are network threats that involve using malicious code to infiltrate cyber
vulnerabilities in data systems. As a result, data can be stolen, changed, or destroyed.

10. Man-in-the-Middle attacks involve a third party intercepting and exploiting

communications between two entities that should remain private. Eavesdropping occurs, but
information can be changed or misrepresented by the intruder, causing inaccuracy and even
security breaches.

11. Rootkit Tools gain remote access to systems without permission and can lead to the
installation of malware and the stealing of passwords and other data.

Harmful Acts/Risk
Risk is the probability of a negative (harmful) event occurring as well as the potential scale of
that harm. Your organizational risk fluctuates over time, sometimes even on a daily basis, due to
both internal and external factors.
A slightly more technical angle, the Open FAIR body of knowledge defines cyber risk as the
probable frequency and probably magnitude of loss. Sounds complicated, until we break it down:

Unit-I: Introduction to Cyber Security 21

 “For starters,” Rudis says, "There is no ethereal risk. Something is at risk, be it a system,
device, business process, bank account, your firm’s reputation, or human life.”
This is where cybersecurity teams can begin to measure that

1. Estimate how often an adversary or attacker is likely to attempt to exploit a vulnerability to

cause the desired harm.

2. Gauge how well your existing systems, controls and processes can stand up to those
attempts.

3. Determine the value of the impact or harm the adversary may cause if the adversary is
indeed successful.

One way of describing risk was “Consequence X Likelihood”, but as security teams have
advanced their processes and intelligence, we see that you have to also account for the
safeguards you’ve already put in place.
Risk = Vulnerability x Threat

This is another way of looking at risk, albeit a bit simplified: Vulnerability x Threat = Risk
We can sum up this calculation with the concepts from above: that a single vulnerability
multiplied by the potential threat (frequency, existing safeguards, and potential value loss) can
give you an estimate of the risk involved.
For organizations to begin risk mitigation and risk management, you first need to understand
your vulnerabilities and the threats to those vulnerabilities. This is no small task.

Internet Governance: Challenges & Constraints

To understand Internet governance challenges, it is important to have a clear idea of the main
technical principles.

The Internet is a communication network made up of millions of networks, owned and operated
by various stakeholders. It connects these networks and facilitates the overall exchange of
information.
Hundreds of stakeholders have been involved in the design and regulation of the Internet,
including governments, international organizations, companies, and technical committees among
many others.

Unit-I: Introduction to Cyber Security 22

 The end-to-end principle, a central concept of the architecture of the Internet should be
highlighted. Instead of installing intelligence at the heart of the network, the Internet puts it at its
extremities.
Internet governance consists of a system of laws, rules, policies and practices that dictate how
its board members manage and oversee the affairs of any internet related-regulatory body.

This article describes how the Internet was and is currently governed, some inherent
controversies, and ongoing debates regarding how and why the Internet should or should not be
governed in future.(Internet governance should not be confused with e-governance, which refers
to governmental use of technology in its governing duties.)

Challenges & Constraints in Internet Governance

Internet governance faces numerous challenges and constraints due to the nature of the global
network and the diverse interests of stakeholders involved. Here are some key challenges and
constraints:

1. Multistakeholder Involvement: Internet governance involves multiple stakeholders,

including governments, businesses, civil society organizations, technical experts, and
individuals. Coordinating and managing the diverse interests and perspectives of these
stakeholders can be challenging, particularly in reaching consensus on policy decisions.

2. National Sovereignty and Jurisdiction: The internet operates across national boundaries,
but governments assert their sovereignty and jurisdiction over online activities within their
territories. This creates challenges in harmonizing laws and regulations across different
jurisdictions and balancing national interests with the global nature of the internet.

3. Cybersecurity and Privacy: The internet is prone to various cybersecurity threats, such as
hacking, data breaches, and malware attacks. Protecting the security and privacy of users
while maintaining an open and accessible internet poses a significant challenge. Balancing
the need for security measures with user privacy rights is an ongoing debate.

4. Digital Divide: There is a significant digital divide in terms of access to the internet,
particularly between developed and developing countries, rural and urban areas, and
disadvantaged communities. Bridging this divide and ensuring equitable access to the
internet for all individuals is a key challenge in internet governance.

5. Content Regulation and Censorship: Balancing freedom of expression with the need to
regulate harmful or illegal content is a contentious issue. Governments and internet

Unit-I: Introduction to Cyber Security 23

 platforms often face challenges in determining what constitutes appropriate content and
enforcing regulations without unduly infringing on users' rights.

6. Intellectual Property Rights: Protecting intellectual property rights in the digital age
presents challenges due to the ease of copying and distributing digital content. Striking a
balance between encouraging innovation and creativity while protecting the rights of content
creators is an ongoing challenge.

7. Technical Coordination and Standardization: The internet relies on technical protocols

and standards to function effectively. Coordinating the development and implementation of
these standards across different stakeholders and ensuring interoperability can be complex.

8. Governance of Emerging Technologies: The rapid pace of technological advancements,

such as artificial intelligence, blockchain, and the Internet of Things, poses governance
challenges. Addressing issues related to the ethical use, accountability, and potential societal
impact of these emerging technologies requires ongoing discussions and frameworks.

9. Transparency and Accountability: Ensuring transparency in decision-making processes

and accountability of internet governance organizations and platforms is crucial for building
trust. However, achieving transparency and accountability can be challenging, given the
complex and decentralized nature of internet governance.

10. Financial Sustainability: Maintaining the infrastructure and resources required for effective
internet governance can be financially demanding. Identifying sustainable funding models to
support the governance processes and institutions is a constraint that needs to be addressed.

Addressing these challenges and constraints requires ongoing collaboration and dialogue among
stakeholders at the national, regional, and global levels. Internet governance frameworks should
be flexible, adaptive, and inclusive to effectively navigate the evolving landscape of the internet.

CIA (Confidentiality, Integrity & Availability)

Triad
When talking about network security, the CIA triad is one of the most important models which is
designed to guide policies for information security within an organization.
CIA stands for :

1. Confidentiality.

Unit-I: Introduction to Cyber Security 24

 2. Integrity.

3. Availability.

These are the objectives that should be kept in mind while securing a network.
Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to
guide policies for information security within an organization.
The model is also sometimes referred to as the AIC triad (availability, integrity and
confidentiality) to avoid confusion with the Central Intelligence Agency.
Although elements of the triad are three of the most foundational and crucial cybersecurity
needs, experts believe the CIA triad needs an upgrade to stay effective.
In this context, confidentiality is a set of rules that limits access to information, integrity is the
assurance that the information is trustworthy and accurate, and availability is a guarantee of
reliable access to the information by authorized people.

Unit-I: Introduction to Cyber Security 25

 Confidentiality
Confidentiality means that only authorized individuals/systems can view sensitive or classified
information. The data being sent over the network should not be accessed by unauthorized
individuals.
The attacker may try to capture the data using different tools available on the Internet and gain
access to your information.

A primary way to avoid this is to use encryption techniques to safeguard your data so that even if
the attacker gains access to your data, he/she will not be able to decrypt it.
Encryption standards include AES(Advanced Encryption Standard) and DES (Data Encryption
Standard).
Another way to protect your data is through a VPN tunnel. VPN stands for Virtual Private
Network and helps the data to move securely over the network.

Integrity
The next thing to talk about is integrity. Well, the idea here is to make sure that data has not been
modified. Corruption of data is a failure to maintain data integrity. To check if our data has been

Unit-I: Introduction to Cyber Security 26

 modified or not, we make use of a hash function.
We have two common types: SHA (Secure Hash Algorithm) and MD5(Message Direct 5). Now
MD5 is a 128-bit hash and SHA is a 160-bit hash if we’re using SHA-1. There are also other
SHA methods that we could use like SHA-0, SHA-2, and SHA-3.
Let’s assume Host ‘A’ wants to send data to Host ‘B’ to maintain integrity. A hash function will
run over the data and produce an arbitrary hash value H1 which is then attached to the data.
When Host ‘B’ receives the packet, it runs the same hash function over the data which gives a
hash value of H2. Now, if H1 = H2, this means that the data’s integrity has been maintained and
the contents were not modified.

Availability
This means that the network should be readily available to its users. This applies to systems and
to data. To ensure availability, the network administrator should maintain hardware, make regular
upgrades, have a plan for fail-over, and prevent bottlenecks in a network. Attacks such as DoS or
DDoS may render a network unavailable as the resources of the network get exhausted. The

Unit-I: Introduction to Cyber Security 27

 impact may be significant to the companies and users who rely on the network as a business tool.
Thus, proper measures should be taken to prevent such attacks.

Why is the CIA triad important?

With each letter representing a foundational principle in cybersecurity, the importance of the CIA
triad security model speaks for itself. Confidentiality, integrity and availability together are
considered the three most important concepts within information security.
Considering these three principles together within the framework of the "triad" can help guide
the development of security policies for organizations. When evaluating needs and use cases for
potential new products and technologies, the triad helps organizations ask focused questions
about how value is being provided in those three key areas.
Thinking of the CIA triad's three concepts together as an interconnected system, rather than as
independent concepts, can help organizations understand the relationships between the three.

Implementation of the CIA Triad

Unit-I: Introduction to Cyber Security 28

 It is not just enough to know the CIA Triad, but one also has to understand the precedence of the
three depending on various factors. It is to be then implemented accordingly. Factors can be the
security goals of an organization, the nature of the business, the industry, and any applicable
regulatory requirements.

Take, for instance, a government intelligence service. Without a doubt, confidentiality is the most
critical in such organizations. On the other hand, if you have to consider a financial institution,
integrity is the most important as accurate records of transactions and balances could prevent
catastrophic damages. Healthcare and e-commerce, however, need to give preference to
availability to avoid downtime or loss of life.
It is also important to keep in mind that prioritizing one or more principles of the CIA Triad
could affect the other. For instance, a system that requires high confidentiality and integrity
might have to give up on speedy performance that other systems might prefer or require more.
This tradeoff is not necessarily a bad thing since the decisions are made consciously with
expertise. So, every organization has to decide on the implementation of the CIA Triad based on
their individual requirements.

Assets & Threats in Cybersecurity

Many methods for analysing Information Security Risks use the term Assets, information assets
or business assets interchangeably. This is a common foundation of Information Security risk
analysis often providing a guide to the business impact of a risk being realised in particular
systems that hold or access these assets.
Threat can be anything that can take advantage of a vulnerability to breach security and
negatively alter, erase, harm object or objects of interest.

Assets in Information Security

“Information asset – An information asset can be described as information or data that is of
value to the organization, including such information as patient records, intellectual property, or
customer information. These assets can exist in physical form (on paper, CDs, or other media) or
electronically (stored on databases, in files, on personal computers).”
Information assets is a term used when analyzing information security or implementing ISO
27001. Information assets are any data, software, data storage, IT equipment, or other part of a
management information system that has value to the business and can potentially be a source of
risk, vulnerability or threat.

Unit-I: Introduction to Cyber Security 29

 An identified collection of data or information that has value and enables the organization of
business processes

Data storage, media storage, software, or applications where data is stored or processed and
people that have access to them

Everything that has a value to the organization: Any other hardware or service that has value
to the organization or can damage the value of another information asset

Examples of Assets in Cybersecurity:

1. Data: Data is a valuable asset in cybersecurity. It includes personal information, financial

data, intellectual property, trade secrets, customer databases, and other sensitive information.

2. Information Systems: Information systems encompass hardware, software, networks,

databases, and infrastructure that store, process, and transmit data. Protecting these systems
is crucial for maintaining the confidentiality, integrity, and availability of data.

3. Applications: Applications, including web applications, mobile apps, and desktop software,
can be assets that hold sensitive data or provide critical functionality. Ensuring the security
of applications is essential to prevent unauthorized access or exploitation.

4. Network Infrastructure: Network infrastructure, such as routers, switches, firewalls, and

wireless access points, form the backbone of communication and data transfer. Protecting
network infrastructure is vital for preventing unauthorized access and ensuring secure
connectivity.

5. Intellectual Property: Intellectual property (IP) assets, including patents, trademarks,

copyrights, and trade secrets, are valuable and vulnerable to cyber threats. Protecting IP
from theft, unauthorized access, or compromise is crucial for maintaining competitiveness
and innovation.

Threats in Information Security

Information Security threats can be many like Software attacks, theft of intellectual property,
identity theft, theft of equipment or information, sabotage, and information extortion.
Software Attacks means attack by Viruses, Worms, Trojan Horses etc. Many users believe that
malware, virus, worms, bots are all same things. But they are not same, only similarity is that
they all are malicious software that behaves differently.

Unit-I: Introduction to Cyber Security 30

 Malware is a combination of 2 terms- Malicious and Software. So Malware basically means
malicious software that can be an intrusive program code or anything that is designed to perform
malicious operations on system. Malware can be divided in 2 categories:

1. Infection Methods.

2. Malware Actions.

Malware on the Basis of Infection Method are following:

1. Virus: They have the ability to replicate themselves by hooking them to the program on the
host computer like songs, videos etc and then they travel all over the Internet. The Creeper
Virus was first detected on ARPANET. Examples include File Virus, Macro Virus, Boot
Sector Virus, Stealth Virus etc.

2. Worms: Worms are also self-replicating in nature but they don’t hook themselves to the
program on host computer. Biggest difference between virus and worms is that worms are
network-aware. They can easily travel from one computer to another if network is available
and on the target machine they will not do much harm, they will, for example, consume hard
disk space thus slowing down the computer.

3. Trojan: The Concept of Trojan is completely different from the viruses and worms. The
name Trojan is derived from the ‘Trojan Horse’ tale in Greek mythology, which explains
how the Greeks were able to enter the fortified city of Troy by hiding their soldiers in a big
wooden horse given to the Trojans as a gift. The Trojans were very fond of horses and
trusted the gift blindly. In the night, the soldiers emerged and attacked the city from the
inside.
Their purpose is to conceal themselves inside the software that seem legitimate and when
that software is executed they will do their task of either stealing information or any other
purpose for which they are designed.
They often provide backdoor gateway for malicious programs or malevolent users to enter
your system and steal your valuable data without your knowledge and permission. Examples
include FTP Trojans, Proxy Trojans, Remote Access Trojans etc.

4. Bots : can be seen as advanced form of worms. They are automated processes that are
designed to interact over the internet without the need for human interaction. They can be
good or bad. Malicious bot can infect one host and after infecting will create connection to
the central server which will provide commands to all infected hosts attached to that
network called Botnet.

Unit-I: Introduction to Cyber Security 31

 Malware on the Basis of Actions:

1. Adware: Adware is not exactly malicious but they do breach privacy of the users. They
display ads on a computer’s desktop or inside individual programs. They come attached with
free-to-use software, thus main source of revenue for such developers. They monitor your
interests and display relevant ads. An attacker can embed malicious code inside the software
and adware can monitor your system activities and can even compromise your machine.

2. Spyware: It is a program or we can say software that monitors your activities on computer
and reveal collected information to an interested party. Spyware are generally dropped by
Trojans, viruses or worms. Once dropped they install themselves and sits silently to avoid
detection.
One of the most common example of spyware is KEYLOGGER. The basic job of keylogger
is to record user keystrokes with timestamp. Thus capturing interesting information like
username, passwords, credit card details etc.

3. Ransomware: It is type of malware that will either encrypt your files or will lock your
computer making it inaccessible either partially or wholly. Then a screen will be displayed
asking for money i.e. ransom in exchange.

4. Scareware: It masquerades as a tool to help fix your system but when the software is
executed it will infect your system or completely destroy it. The software will display a
message to frighten you and force to take some action like pay them to fix your system.

5. Rootkits: are designed to gain root access or we can say administrative privileges in the user
system. Once gained the root access, the exploiter can do anything from stealing private files
to private data.

6. Zombies: They work similar to Spyware. Infection mechanism is same but they don’t spy
and steal information rather they wait for the command from hackers.

Threats in Cybersecurity:

1. Malware: Malicious software, such as viruses, worms, Trojans, ransomware, and spyware,
is a significant threat. Malware can infiltrate systems, disrupt operations, steal data, or
enable unauthorized access.

2. Cybercrime: Cybercriminals engage in various activities, including identity theft, financial

fraud, online scams, phishing, and cyber extortion. These activities pose a significant threat
to individuals, organizations, and even governments.

Unit-I: Introduction to Cyber Security 32

 3. Hacking and Unauthorized Access: Hackers exploit vulnerabilities in systems or networks
to gain unauthorized access. This can lead to data breaches, unauthorized data modification,
or disruption of services.

4. Insider Threats: Insider threats arise from individuals within an organization who misuse
their access privileges to steal or leak sensitive data, commit fraud, or disrupt operations.
These threats can be intentional or unintentional.

5. Social Engineering: Social engineering techniques manipulate human psychology to

deceive individuals into revealing sensitive information or performing actions that
compromise security. Phishing, pretexting, and baiting are examples of social engineering
attacks.

6. Advanced Persistent Threats (APTs): APTs are sophisticated, targeted attacks that aim to
gain long-term access to a target network or system. They often involve a combination of
social engineering, zero-day exploits, and stealthy tactics to evade detection.

7. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks: DoS and

DDoS attacks overload systems, networks, or applications with excessive traffic, rendering
them inaccessible to legitimate users. These attacks can disrupt services and cause financial
losses.

8. Data Breaches: Data breaches involve unauthorized access to sensitive data, leading to its
disclosure, theft, or exposure. Breached data can be exploited for financial gain, identity
theft, or used in subsequent attacks.

9. Internet of Things Vulnerabilities: The increasing use of Internet of Things (IoT) devices
introduces new vulnerabilities. Inadequate security measures in IoT devices can lead to
unauthorized access, data breaches, or compromise of connected systems.

10. Supply Chain Attacks: Supply chain attacks exploit vulnerabilities in the software or
hardware supply chain. Attackers compromise suppliers or insert malicious code or
components into the supply chain, leading to compromised systems or software.

The Motive of Attackers

Cyber-attacks can leave companies wondering “how could this happen to us?” so, when these
situations arise, it can help to know what might be motivating these attackers.

Unit-I: Introduction to Cyber Security 33

 What motivates a cybercriminal?

1. Financial Gain: The primary motivation of a hacker is money, and getting it can be done
with a variety of methods.
They could directly gain entry to a bank or investment account; steal a password to your
financial sites and then transfer the assets over to one of their own; swindle an employee
into completing a money transfer through a complicated spear phishing technique, or
conduct a ransomware attack on your entire organization.

Unit-I: Introduction to Cyber Security 34

 The possibilities are endless, but most hackers are out to make a profit.

2. Recognition & Achievement: Some hackers are motivated by the sense of achievement that
comes with cracking open a major system. Some may work in groups or independently, but,
on some scale, they would like to be recognized.

This also ties into the fact that cyber criminals are competitive by nature, and they love the
challenge their actions bring. In fact, they often drive one another to complete more
complicated hacks.

3. Insider Threats: Individuals who have access to critical information or systems can easily
choose to misuse that access: to the detriment of their organization.

These threats can come from internal employees, vendors, a contractor or a partner—and are
viewed as some of the greatest cyber security threats to organizations.
However, not all insider threats are intentional, according to an Insider Threat Report from
Crowd Research Partners. Most (51%) are due to carelessness, negligence, or compromised
credentials, but the potential impact is still present even in an unintentional scenario.

4. Political Motivation: “Hacktivism”: Some cyber criminal groups use their hacking skills
to go after large organizations. They are usually motivated by a cause of some sort, such as
highlighting human rights or alerting a large corporation to their system
vulnerabilities. Or, they may go up against groups whose ideologies do not align with their
own.
These groups can steal information and argue that they are practicing free speech, but more
often than not, these groups will employ a DDoS (Distributed Denial of Service) attack to
overload a website with too much traffic and cause it to crash.

5. State Actors: State-sponsored actors receive funding and assistance from a nation-state.
They are specifically engaged in cyber crime to further their nation’s own interests.
Typically, they steal information, including “intellectual property, personally identifying
information, and money to fund or further espionage and exploitation causes.”
However, some state-sponsored actors do conduct damaging cyberattacks and claim that
their cyberespionage actions are legitimate activity on behalf of the state.

6. Corporate Espionage: This is a form of cyber attack used to gain an advantage over a
competing organization.
Conducted for commercial or financial purposes, corporate espionage involves:

Unit-I: Introduction to Cyber Security 35

 Acquiring property like processes or techniques, locations, customer data, pricing, sales,
research, bids, or strategies

Theft of trade secrets, bribery, blackmail, or surveillance.

Active Attacks & Passive Attacks

Active Attacks
Active attacks are the type of attacks in which, The attacker efforts to change or modify the
content of messages. Active Attack is dangerous to Integrity as well as availability. Due to active
attack system is always damaged and System resources can be changed. The most important
thing is that, In an active attack, Victim gets informed about the attack.
An active attack might be a network exploit in which the attackers modify or alter the content
and cause a system resource to be impacted. The victims will suffer harm as a result of it. The
attackers might use passive attacks to gather information before launching a more aggressive
strike.
The attackers try to break into the system and cause it to lock. The victims can be alerted about
the ongoing attack. Their integrity and accessibility may be jeopardised due to such an attack. A
forceful attack is more challenging to execute than a quiet attack.
Man-in-the-middle (MitM), impersonation, and session hijacking are examples of active attacks.
The Attacker sends data to the client, Credential Service Provider, Verifier, or Relying Party via
the authentication protocol.
Active attacks refer to cyber attacks where the attacker actively engages with the target system or
network to disrupt or compromise its security. These attacks involve some form of direct
interaction or intervention from the attacker.

Here are some examples of active attacks:

1. Denial-of-Service (DoS) Attacks: In a DoS attack, the attacker overwhelms a target system
or network with excessive traffic or resource requests, causing it to become unresponsive or
unavailable to legitimate users.

2. Distributed Denial-of-Service (DDoS) Attacks: DDoS attacks involve multiple

compromised systems, forming a botnet, to launch a coordinated attack on a target. The

Unit-I: Introduction to Cyber Security 36

 combined traffic or requests from the botnet overwhelm the target system or network,
causing a denial of service.

3. Man-in-the-Middle (MitM) Attacks: In a MitM attack, the attacker intercepts and alters
communication between two parties without their knowledge. The attacker can eavesdrop on
the communication, modify data, or impersonate one of the parties involved.

4. Phishing Attacks: Phishing attacks involve tricking individuals into revealing sensitive
information, such as passwords or financial details, by masquerading as a trustworthy entity
via email, phone calls, or fake websites.

5. Malware Attacks: Malware attacks involve the distribution and execution of malicious
software on a target system or network. This can include viruses, worms, Trojans,
ransomware, and spyware, which can lead to unauthorized access, data theft, or system
disruption.

Passive Attacks
Passive Attacks are the type of attacks in which, The attacker observes the content of messages
or copies the content of messages. Passive Attack is a danger to Confidentiality. Due to passive
attack, there is no harm to the system. The most important thing is that In a passive attack,
Victim does not get informed about the attack.

Unit-I: Introduction to Cyber Security 37

 The passive attack is the initial sort of attack. For specific functions, a passive attack can
monitor, observe, or develop the use of the system's data.
However, it does not affect the system's resources, and the data remains unaffected. Because
passive attacks are carried out in stealth, it is difficult for the victim to notice them. The goal of a
passive attack is to get data or to search the network for open ports and vulnerabilities.
An example is when an intruder uses a packet analyser programme like Wireshark to record
network data for subsequent examination.
Passive attacks, in contrast, involve monitoring or observing network traffic or systems without
directly interacting or modifying them. These attacks aim to gain information or gather data
without altering the target system's behavior.

Here are some examples of passive attacks:

1. Eavesdropping: Eavesdropping attacks involve intercepting and monitoring network traffic

or communication to gather sensitive information, such as usernames, passwords, or
confidential data. This can be done through techniques like packet sniffing.

2. Traffic Analysis: Traffic analysis involves examining patterns, timing, and volumes of
network traffic to deduce information about the communication patterns, systems, or
activities of the target without necessarily capturing the content of the communication.

3. Data Interception: Data interception attacks involve capturing or copying data during
transmission without modifying it. Attackers can intercept unencrypted or poorly encrypted
data to gain access to sensitive information.

4. Network Reconnaissance: Network reconnaissance attacks aim to gather information about

a target network, its infrastructure, and vulnerabilities without directly affecting the target
system. This information can be used for subsequent targeted attacks.

5. Password Attacks: Password attacks involve attempting to obtain passwords through

techniques like brute-force attacks, dictionary attacks, or password cracking. Once the
passwords are obtained, they can be used to gain unauthorized access to systems or
accounts.

Unit-I: Introduction to Cyber Security 38

 Difference between Active Attack & Passive Attacks
On the basis of Active Attacks Passive Attacks

Modification of information occurs Modifying the information does not happen

Modification
during an active attack. during a passive attack.

Active attack poses a threat to integrity Confidentiality is at risk from passive

Threat
and availability. attacks.

During an active attack, the focus is on During a passive attack, the focus is on
Focus
detection. avoiding harm.

The system is permanently harmed due There is no harm to the system due to the
Harm
to an active attack. passive attack.

In an active attack, the victim is The victim is unaware of the attack while
Victim
notified of the attack. under passive attack.
System System resources can be modified System resources do not alter when in the
Resources during an active attack. passive attack.

Information and communications in the

Active attacks have an impact on the
Impact system or network are collected during a
system's services.
passive attack.

Information During the execution of active attacks, Passive attacks are carried out by gathering

Unit-I: Introduction to Cyber Security 39

 information gathered from passive information such as passwords and
attacks is utilised. messages on their own.

An active attack is brutal to restrict In comparison to an active attack, the

Prevention
from entering systems or networks. passive attack is much easier to prevent.

ALSO SEE…

Active Attack Passive Attack

In an active attack, Modification in While in a passive attack, Modification in the information

information takes place. does not take place.

Active Attack is a danger to Integrity as well

Passive Attack is a danger to Confidentiality.
as availability.

In an active attack, attention is on prevention. While in passive attack attention is on detection.

Due to active attacks, the execution system is While due to passive attack, there is no harm to the
always damaged. system.

In an active attack, Victim gets informed about While in a passive attack, Victim does not get informed
the attack. about the attack.

In an active attack, System resources can be While in passive attack, System resources are not
changed. changing.

Active attack influences the services of the While in a passive attack, information and messages in the
system. system or network are acquired.

In an active attack, information collected While passive attacks are performed by collecting
through passive attacks is used during information such as passwords, and messages by
execution. themselves.

An active attack is tough to restrict from Passive Attack is easy to prohibit in comparison to active
entering systems or networks. attack.

Can be easily detected. Very difficult to detect.

The purpose of an active attack is to harm the The purpose of a passive attack is to learn about the
ecosystem. ecosystem.

In an active attack, the original information is

In passive attack original information is Unaffected.
modified.
The duration of an active attack is short. The duration of a passive attack is long.

The prevention possibility of active attack is

The prevention possibility of passive attack is low.
High
Complexity is High Complexity is low.

Unit-I: Introduction to Cyber Security 40

 Software Attacks & Hardware Attacks
Hardware Attacks
Hardware Security, as the name suggests, is a type of security that protects the machine and
peripheral hardware from harm. It also uses a dedicated IC (Integrated Circuit), specially
designed to provide cryptographic functions and protect against attacks. It provides immunity
from inherent vulnerabilities and security holes of the used OS.

Hardware attacks involve exploiting vulnerabilities in physical components or devices to

compromise their security or gain unauthorized access. These attacks target the hardware itself
rather than the software running on it. Here are some examples of hardware attacks:

1. Physical Tampering: Attackers physically tamper with hardware devices to gain

unauthorized access or extract sensitive information. This can involve bypassing or
modifying security mechanisms, manipulating connections, or extracting data directly from
storage.

2. Side-Channel Attacks: Side-channel attacks exploit information leaked through unintended

channels such as power consumption, electromagnetic emissions, or timing variations to
infer sensitive information. Examples include timing attacks and power analysis attacks.

3. Hardware Trojans: Hardware Trojans involve the insertion of malicious circuitry or

modifications during the manufacturing or supply chain process. These hidden components
can be triggered to perform unauthorized actions or leak sensitive information.

4. Fault Injection: Fault injection attacks involve deliberately inducing faults in hardware
devices, such as electromagnetic interference, voltage manipulation, or clock glitches, to
disrupt normal operation or gain unauthorized access.

5. Interception of Signals: Attackers intercept signals transmitted between hardware

components, such as capturing wireless communications or extracting data from unsecured
interfaces. This allows them to eavesdrop, manipulate, or gain unauthorized access to
sensitive information.

Software Attacks
Software Security, as the name suggests, is a type of security that protects software from harm.
It is important to provide integrity, authentication, and availability. Generally, the software is
considered the main source of security problems. It is the weakest link in the security chain with

Unit-I: Introduction to Cyber Security 41

 the possible exception of the human factor. Therefore, it is important to focus on software
security.
Software attacks target vulnerabilities in software systems, applications, or operating systems to
compromise their security and gain unauthorized access or control. Here are some common
software attacks:

1. Buffer Overflow: In a buffer overflow attack, the attacker exploits a flaw in a program that
allows them to overwrite the allocated memory space, leading to potential execution of
malicious code or crashing the program.

2. SQL Injection: SQL injection attacks occur when an attacker inserts malicious SQL
statements into a vulnerable application's input fields, manipulating the application's
database and potentially gaining unauthorized access to sensitive data.

3. Cross-Site Scripting (XSS): XSS attacks involve injecting malicious scripts into web pages
viewed by other users, bypassing their browser's security mechanisms. This can lead to
session hijacking, stealing sensitive data, or spreading malware.

4. Remote Code Execution (RCE): RCE attacks enable attackers to execute arbitrary code on
a target system or application by exploiting vulnerabilities such as command injection or
deserialization flaws. This allows them to gain control over the system.

5. Zero-Day Exploits: Zero-day exploits target unknown vulnerabilities in software for which
no patch or fix is available. Attackers exploit these vulnerabilities before developers are
aware of them, giving no time for the affected software to be updated or secured.

Difference between Hardware Attacks & Software Attacks

S. No. Hardware Security Software Security

It is a process of protecting
It is a process of protecting hardware against software against malicious
1.
vulnerabilities that are targeting these devices. attacks and other hackers’
risks.
It is simply required so that machines and peripheral It is simply required so that
2. hardware remain safe from theft or any electronic software continues to function
damage. correctly under potential risks.

3. Hardware is tougher to handle than software. Software is easier is handle

hardware because software
can be updated frequently to

Unit-I: Introduction to Cyber Security 42

 deal with security
vulnerabilities.

Hardware cannot modify features just like software.

Software can easily modify
Instead, one has to evaluate old hardware, identify
features as one has to simply
4. the problem, formulate updates, coordinate with
change code and push an
ecosystem partners and then push manufacturing for
update to fix problem.
new build to fix the problem.

Software risks usually come

Hardware risks usually come from a specific or
5. from a specific or outdated
outdated piece of hardware.
piece of software.

Hardware risks are more prone to physical damage Software risks are more prone
6.
or crashes. to viruses and system errors.

It is more difficult and slower to patch hardware It is less difficult and faster to
7. vulnerabilities as compared to software patch software vulnerabilities
vulnerabilities. as compared to hardware.

Software vulnerability has a

Hardware vulnerability does not have an immediate
more immediate impact on
8. impact on security but lives for decades as compared
security but is shorter-lived as
to software.
compared to hardware.

It is considered effective in
It is considered very effective in all application
physically secure
environments and especially those where end
9. environments, preventing
equipment is exposed and physically accessible to
unauthorized access to the
thefts.
system.

To complement software-based security and quickly

apply and administer protections to your computing Encryption, operating system
infrastructure, hardware-based security takes a security, and network security
10.
multifaceted approach. This authority requires high are examples of software
firmware visibility, as well as assurance that security for businesses.
workloads are operating on stable platforms.

Its main objective is to

develop higher-quality, defect-
Its main objective is to prevent loss, damage, and
free, and more robust software
another compromise of information system assets
11. that normally continues to
simply to make sure that there are no interruptions of
function properly and
business activities and services.
correctly even under malicious
attacks.

Unit-I: Introduction to Cyber Security 43

 Cyber Threats-Cyber Warfare
Cyber warfare is usually defined as a cyber attack or series of attacks that target a country. It has
the potential to wreak havoc on government and civilian infrastructure and disrupt critical
systems, resulting in damage to the state and even loss of life.
There is, however, a debate among cyber security experts as to what kind of activity constitutes
cyber warfare. The US Department of Defense (DoD) recognizes the threat to national security
posed by the malicious use of the Internet but doesn’t provide a clearer definition of cyber
warfare. Some consider cyber warfare to be a cyber attack that can result in death.
Cyber warfare typically involves a nation-state perpetrating cyber attacks on another, but in some
cases, the attacks are carried out by terrorist organizations or non-state actors seeking to further
the goal of a hostile nation. There are several examples of alleged cyber warfare in recent history,
but there is no universal, formal, definition for how a cyber attack may constitute an act of war.

What are the Goals of Cyberwarfare?

According to the Cybersecurity and Infrastructure Security Agency, the goal of cyberwarfare is
to "weaken, disrupt or destroy" another nation. To achieve their goals, cyberwarfare programs
target a wide spectrum of objectives that can harm national interests. These threats range from
propaganda to espionage and extensive infrastructure disruption and loss of life to citizens.
Other potential motivations behind cyberwarfare include civil and income motivations. Threat
actors may have a goal to affect civil infrastructure by targeting internet service providers,
telecommunication systems, network equipment, electrical grids or financial networks.
Nation-state actors may also be motivated by income, where income is generated by using
techniques like ransomware attacks against another nation -- targeted at its critical infrastructure,
for example.

Cyberwarfare is also similar to Cyber Espionage (cyber spying), with the two terms oftentimes
being conflated. The biggest difference is the primary goal of a cyberwarfare attack is to disrupt
the activities of a nation-state, while the primary goal of a cyber espionage attack is for the
attacker to remain hidden for as long as possible in order to gather intelligence.
The two activities are distinct concepts but are also often used together, as gaining additional
intelligence could be another motivation in cyberwarfare. Cyber espionage can also be used to
build intelligence that helps a nation-state prepare for declaring a physical or cyber war.

Unit-I: Introduction to Cyber Security 44

 What are the types of Cyberwarfare Attacks?
The threat of cyberwarfare attacks grows as a nation's critical systems are increasingly connected
to the internet. Even if these systems can be properly secured, they can still be hacked by
perpetrators recruited by nation-states to find weaknesses and exploit them.
Major types of cyberwarfare attacks include the following:

1. Data Theft: Cybercriminals hack computer systems to steal sensitive information that can
be used for intelligence, held for ransom, sold, used to incite scandals and chaos, or
destroyed.

2. Destabilization: Cybercriminals also attack governments through critical infrastructure, like

transportation systems, banking systems, power grids, water supplies, dams and hospitals.
The adoption of the Internet of Things makes the manufacturing industry increasingly
susceptible to outside threats.
From a national security perspective, destabilizing critical digital infrastructure inflicts
damage on vital modern services or processes.
For example, an attack on the energy grid could have massive consequences for the
industrial, commercial and private sectors.

3. Economic Disruption: Nation-state attackers can target the computer networks of banks,
payment systems and stock markets to steal money or block others from accessing their
funds.

4. Propaganda Attack: This type of attack targets the thoughts of people in another nation-
state. Propaganda is used to spread lies and expose truths, with the goal of making citizens
in a targeted nation-state lose trust in their side or country.

5. Sabotage: Cyber attacks that sabotage government computer systems can be used to support
conventional warfare efforts. Such attacks can block official government communications,
contaminate digital systems, enable the theft of vital intelligence and threaten national
security.

6. Denial-of-service (DoS) Attacks: DoS Attacks prevent legitimate users from accessing a
website by flooding it with fake requests and forcing the website to handle these requests.
This type of attack can be used to disrupt critical operations and systems and block access to
sensitive websites by civilians, military and security personnel, or research bodies.

Unit-I: Introduction to Cyber Security 45

 7. Electrical Power Grid: Attacking the power grid allows attackers to disable critical
systems, disrupt infrastructure, and potentially result in bodily harm. Attacks on the power
grid can also disrupt communications and render services such as text messages and
communications unusable.

8. Propaganda Attacks: Attempts to control the minds and thoughts of people living in or
fighting for a target country. Propaganda can be used to expose embarrassing truths, spread
lies to make people lose trust in their country, or side with their enemies.

9. Economic Disruption: Most modern economic systems operate using computers. Attackers
can target computer networks of economic establishments such as stock markets, payment
systems, and banks to steal money or block people from accessing the funds they need.

10. Surprise Attacks: These are the cyber equivalent of attacks like Pearl Harbor and 9/11. The
point is to carry out a massive attack that the enemy isn’t expecting, enabling the attacker to
weaken their defenses. This can be done to prepare the ground for a physical attack in the
context of hybrid warfare.

Cyber Espionage
Cyber espionage, or cyber spying, is a type of cyberattack in which an unauthorized user
attempts to access sensitive or classified data or intellectual property (IP) for economic gain,
competitive advantage or political reasons.

Why Is Cyber Espionage Used?

Cyber espionage is primarily used as a means to gather sensitive or classified data, trade secrets
or other forms of IP that can be used by the aggressor to create a competitive advantage or sold
for financial gain. In some cases, the breach is simply intended to cause reputational harm to the
victim by exposing private information or questionable business practices.
Cyber espionage attacks can be motivated by monetary gain; they may also be deployed in
conjunction with military operations or as an act of cyber terrorism or cyber warfare. The impact
of cyber espionage, particularly when it is part of a broader military or political campaign, can
lead to disruption of public services and infrastructure, as well as loss of life.

Cyber Espionage Targets

The most common targets of cyber espionage include large corporations, government agencies,
academic institutions, think tanks or other organizations that possess valuable IP and technical

Unit-I: Introduction to Cyber Security 46

 data that can create a competitive advantage for another organization or government. Targeted
campaigns can also be waged against individuals, such as prominent political leaders and
government officials, business executives and even celebrities.
Cyber spies most commonly attempt to access the following assets:

Research & Development data and activity

Academic research data

IP, such as product formulas or blueprints

Salaries, bonus structures and other sensitive information regarding organizational finances
and expenditures

Client or customer lists and payment structures

Business goals, strategic plans and marketing tactics

Political strategies, affiliations and communications

Military intelligence

Unit-I: Introduction to Cyber Security 47

 Cyber Terrorism
Cyber terrorism refers to the use of cyber attacks and information technology by terrorist
organizations or individuals to carry out acts of violence, instill fear, cause disruption, or
promote their ideological agenda. It involves the deliberate targeting of computer systems,
networks, and critical infrastructure to achieve terrorist objectives.

Objectives of Cyber Terrorism

The primary objectives of cyber terrorism can vary and may include:

1. Inflicting Damage: Cyber terrorists aim to cause physical harm, economic damage, or loss
of life by targeting critical infrastructure systems, such as power grids, transportation
networks, or water supplies.

2. Spreading fear and Panic: Cyber terrorists seek to create a sense of fear, panic, and
disruption among the population by launching high-profile attacks or spreading propaganda

Unit-I: Introduction to Cyber Security 48

 and misinformation.

3. Promoting Ideological Agendas: Cyber terrorists may use cyber attacks to promote their
ideological beliefs, recruit sympathizers, or incite violence through online platforms.

Targets of Cyber Terrorism

Cyber terrorists can target various entities, including:

1. Government Systems: Government networks, defense systems, intelligence agencies, or

law enforcement agencies may be targeted to disrupt operations, steal sensitive information,
or manipulate data.

2. Critical Infrastructure: Cyber terrorists may target critical infrastructure systems such as
power grids, transportation networks, communication systems, or financial institutions to
disrupt services and cause widespread impact.

3. Private Organizations: Private sector entities, including businesses, financial institutions,

healthcare organizations, or educational institutions, can be targeted for financial gain, data
theft, or reputational damage.

Tactics and Techniques of Cyber Terrorism

Cyber terrorists may employ various tactics and techniques, including:

1. DDoS Attacks: Distributed Denial-of-Service (DDoS) attacks can be used to overwhelm

websites or online services, making them inaccessible to users.

2. Data Manipulation: Cyber terrorists may modify or manipulate data to cause confusion,
mistrust, or disruption. This can include altering financial records, spreading false
information, or tampering with critical systems.

3. Hacking and Exploits: Cyber terrorists may exploit vulnerabilities in systems or networks
to gain unauthorized access, steal sensitive information, or disrupt operations.

4. Social Engineering: Social engineering techniques, such as phishing or spear phishing, can
be employed to deceive individuals and gain unauthorized access to systems or networks.

Challenges and Impact of Cyber Terrorism

Cyber terrorism poses significant challenges and potential impact, including:

Unit-I: Introduction to Cyber Security 49

 1. Global Reach: Cyber attacks can be conducted remotely, allowing cyber terrorists to target
entities beyond national borders, making attribution and response more complex.

2. Economic Damage: Cyber attacks can cause significant economic losses, disrupt services,
and impact critical infrastructure, leading to financial implications at both individual and
national levels.

3. Psychological Impact: Cyber terrorism aims to create fear, panic, and uncertainty among
the population, potentially causing psychological distress and social instability.

4. Counterterrorism Efforts: Combating cyber terrorism requires international cooperation,

intelligence sharing, and robust cybersecurity measures to detect, prevent, and respond to
cyber attacks effectively.

Comprehensive Cyber Security Policy

Security policies are a formal set of rules which is issued by an organization to ensure that the
user who are authorized to access company technology and information assets comply with rules
and guidelines related to the security of information. It is a written document in the organization
which is responsible for how to protect the organizations from threats and how to handles them
when they will occur. A security policy also considered to be a "living document" which means
that the document is never finished, but it is continuously updated as requirements of the
technology and employee changes.

Need of Security Policies

1. It increases efficiency: The best thing about having a policy is being able to increase the
level of consistency which saves time, money and resources. The policy should inform the
employees about their individual duties, and telling them what they can do and what they
cannot do with the organization sensitive information.

2. It upholds Discipline & Accountability: When any human mistake will occur, and system
security is compromised, then the security policy of the organization will back up any
disciplinary action and also supporting a case in a court of law. The organization policies act
as a contract which proves that an organization has taken steps to protect its intellectual
property, as well as its customers and clients.

3. It can make or break a Business Deal: It is not necessary for companies to provide a copy
of their information security policy to other vendors during a business deal that involves the

Unit-I: Introduction to Cyber Security 50

 transference of their sensitive information. It is true in a case of bigger businesses which
ensures their own security interests are protected when dealing with smaller businesses
which have less high-end security systems in place.

4. It helps to Educate Employees on Security Literacy: A well-written security policy can

also be seen as an educational document which informs the readers about their importance
of responsibility in protecting the organization sensitive data. It involves on choosing the
right passwords, to providing guidelines for file transfers and data storage which increases
employee's overall awareness of security and how it can be strengthened.
We use security policies to manage our network security. Most types of security policies are
automatically created during the installation. We can also customize policies to suit our
specific environment. There are some important cybersecurity policies recommendations
describe below:

1. Virus and Spyware Protection policy: This policy provides the following protection:

It helps to detect, removes, and repairs the side effects of viruses and security risks
by using signatures.

It helps to detect the threats in the files which the users try to download by using
reputation data from Download Insight.

It helps to detect the applications that exhibit suspicious behaviour by using

SONAR heuristics and reputation data.

2. Firewall Policy: This policy provides the following protection:

It blocks the unauthorized users from accessing the systems and networks that
connect to the Internet.

It detects the attacks by cybercriminals.

It removes the unwanted sources of network traffic.

3. Intrusion Prevention Policy: This policy automatically detects and blocks the network
attacks and browser attacks. It also protects applications from vulnerabilities. It checks
the contents of one or more data packages and detects malware which is coming
through legal ways.

4. LiveUpdate Policy: This policy can be categorized into two types one is LiveUpdate
Content policy, and another is LiveUpdate Setting Policy. The LiveUpdate policy
contains the setting which determines when and how client computers download the

Unit-I: Introduction to Cyber Security 51

 content updates from LiveUpdate. We can define the computer that clients contact to
check for updates and schedule when and how often clients computer check for updates.

5. Application and Device Control: This policy protects a system's resources from
applications and manages the peripheral devices that can attach to a system. The device
control policy applies to both Windows and Mac computers whereas application control
policy can be applied only to Windows clients.

6. Exceptions Policy: This policy provides the ability to exclude applications and
processes from detection by the virus and spyware scans.

7. Host Integrity Policy: This policy provides the ability to define, enforce, and restore
the security of client computers to keep enterprise networks and data secure. We use this
policy to ensure that the client's computers who access our network are protected and
compliant with companies? securities policies. This policy requires that the client
system must have installed antivirus.

Unit-I: Introduction to Cyber Security 52

 󾠯
Unit-II: Cyberspace and the Law &
Cyber Forensics
Cyberspace and the Law & Cyber Forensics: Introduction, Cyber Security Regulations, Roles
of International Law. The INDIAN Cyberspace, National Cyber Security Policy.
Introduction, Historical background of Cyber forensics, Digital Forensics Science, The Need for
Computer Forensics, Cyber Forensics, and Digital evidence, Forensics Analysis of Email, Digital
Forensics Lifecycle, Forensics Investigation, Challenges in Computer Forensics

PART-I: CYBERSPACE!

Introduction to Cyberspace
Cyberspace refers to the interconnected digital environment encompassing computer networks,
the internet, and virtual communication platforms. As our lives increasingly depend on digital
technologies, cyberspace has become an integral part of various aspects, including commerce,
communication, and governance. Consequently, the need for legal frameworks and regulations to
govern activities in cyberspace has become paramount.

Unit-II: Cyberspace and the Law & Cyber Forensics 1

 What Does Cyberspace Mean?
The best way to define Cyberspace is the virtual and dynamic space created by the machine
clones.
According to the Cyberspace definition, it is a web consisting of consumer computers,
electronics and communication networks by which the consumer is connected to the world.
Cyberspace refers to the virtual computer world, and more specifically, an electronic medium
that is used to facilitate online communication.
Cyberspace typically involves a large computer network made up of many worldwide computer
subnetworks that employ TCP/IP protocol to aid in communication and data exchange activities.
Cyberspace can be defined as an intricate environment that involves interactions between people,
software, and services. It is maintained by the worldwide distribution of information and
communication technology devices and networks.
With the benefits carried by the technological advancements, cyberspace today has become a
common pool used by citizens, businesses, critical information infrastructure, military and
governments in a fashion that makes it hard to induce clear boundaries among these different
groups.

Cyberspace is anticipated to become even more complex in the upcoming years, with the
increase in networks and devices connected to it.
We have all seen that technology is a great leveler. Using technology, we created machine-clones
– computers, which are high-speed data processing devices.
They can also manipulate electrical, magnetic, and optical impulses to perform complex
arithmetic, memory, and logical functions. The power of one computer is the power of all
connected computers termed as a network-of-network or the internet.

Cyberspace is the dynamic and virtual space that such networks of machine-clones create. In
other words, cyberspace is the web of consumer electronics, computers, and communications
networks which interconnect the world.

One way to talk about cyberspace is related to the use of the global Internet for diverse purposes,
from commerce to entertainment. Wherever stakeholders set up virtual meeting spaces, we see
the cyberspace existing.
Wherever the Internet is used, you could say, that creates a cyberspace. The prolific use of both
desktop computers and smartphones to access the Internet means that, in a practical (yet

Unit-II: Cyberspace and the Law & Cyber Forensics 2

 somewhat theoretical) sense, the space is growing.
Another prime example of cyberspace is the online gaming platforms advertised as massive
online player ecosystems. These large communities, playing all together, create their own
cyberspace worlds that exist only in the digital realm, and not in the physical world, sometimes
nicknamed the “meatspace.”
To really consider what cyberspace means and what it is, consider what happens when thousands
of people, who may have gathered together in physical rooms in the past to play a game, do it
instead by each looking into a device from remote locations. As gaming operators dress up the
interface to make it attractive and appealing, they are, in a sense, bringing interior design to the
cyberspace.
Here's a brief introduction to the intersection of cyberspace and the law:

1. Legal Considerations: Cyberspace raises unique legal challenges due to its intangible and
borderless nature. Traditional legal principles and frameworks need to be adapted to address
issues such as data privacy, cybersecurity, intellectual property, online transactions, and
digital rights.

2. Jurisdiction: Determining jurisdiction in cyberspace can be complex as online activities

often transcend national boundaries. Legal systems strive to establish jurisdictional rules to
regulate cyber activities, handle disputes, and prosecute cybercrimes based on factors like
the location of servers, the nationality of involved parties, or the impact of the offense.

3. Cybercrime: Cyberspace is vulnerable to various forms of criminal activities, including

hacking, identity theft, fraud, and cyber terrorism. Laws and regulations are enacted to
criminalize such activities, define legal frameworks for investigation and prosecution, and
enhance international cooperation in combating cybercrime.

4. Intellectual Property: Protecting intellectual property rights in cyberspace is crucial. Laws

are in place to address copyright infringement, patent violations, trademark issues, and
digital piracy, providing legal remedies and enforcement mechanisms for intellectual
property owners.

5. Data Privacy and Security: The collection, use, and storage of personal data in cyberspace
raise concerns about privacy and security. Legal frameworks, such as data protection laws,
define how personal information should be handled, ensuring individuals' rights and
imposing obligations on organizations to safeguard data.

Unit-II: Cyberspace and the Law & Cyber Forensics 3

 Cybersecurity Regulations
Cybersecurity regulations and laws play a crucial role in ensuring the protection of individuals,
organizations, and critical infrastructure in the digital realm.
Here are some key reasons highlighting the importance of cybersecurity regulations and laws:

1. Protecting Confidentiality, Integrity, and Availability: Cybersecurity regulations and

laws establish standards and requirements to safeguard the confidentiality, integrity, and
availability of sensitive information and critical systems. They help mitigate risks associated
with unauthorized access, data breaches, data manipulation, and service disruptions.

2. Promoting Privacy and Data Protection: Regulations and laws related to cybersecurity
address privacy concerns by setting guidelines for the collection, storage, and use of
personal data. They ensure that individuals' privacy rights are respected, and organizations
handle personal information responsibly, thus fostering trust in digital platforms and
services.

3. Preventing Cybercrime: Cybersecurity regulations and laws provide a legal framework to

combat cybercrimes, including hacking, identity theft, fraud, and malware attacks. They
criminalize such activities, define penalties, and establish mechanisms for investigation,
prosecution, and international cooperation to deter cybercriminals.

4. Enhancing Incident Response and Recovery: Regulations and laws often require
organizations to implement incident response plans and procedures, ensuring timely
detection, containment, and mitigation of cyber incidents. They also emphasize the need for
effective recovery strategies to minimize the impact of cyber attacks and facilitate business
continuity.

5. Promoting Security Awareness and Education: Cybersecurity regulations and laws often
include provisions for promoting security awareness and education initiatives. These efforts
aim to raise awareness among individuals, organizations, and the general public about
cybersecurity risks, best practices, and the importance of maintaining a secure digital
environment.

6. Regulating Critical Infrastructure: Cybersecurity regulations and laws recognize the

significance of protecting critical infrastructure systems, such as power grids, transportation
networks, and healthcare facilities, from cyber threats. They establish specific requirements,
standards, and protocols to ensure the resilience and security of these essential services.

Unit-II: Cyberspace and the Law & Cyber Forensics 4

 7. Fostering International Cooperation: Cyberspace operates beyond national boundaries,
necessitating international cooperation in addressing cybersecurity challenges. Regulations
and laws provide a platform for countries to collaborate, share information, harmonize
standards, and coordinate efforts in combating cyber threats at a global level.

8. Building Consumer Trust and Confidence: Compliance with cybersecurity regulations

and laws helps organizations demonstrate their commitment to protecting customer data and
maintaining a secure digital environment. This builds trust and confidence among
consumers, leading to stronger relationships and long-term business sustainability.

9. Encouraging Innovation and Economic Growth: Clear cybersecurity regulations and laws
provide a predictable and stable legal environment, reducing uncertainties and risks
associated with cyber threats. This fosters innovation, investment, and economic growth by
assuring stakeholders that cybersecurity risks are adequately addressed.

10. Holding Entities Accountable: Cybersecurity regulations and laws establish accountability
by defining responsibilities and liabilities for entities in terms of protecting systems,
handling data, and responding to cyber incidents. This holds organizations, service
providers, and individuals accountable for their actions and strengthens the overall
cybersecurity posture.

Overall, cybersecurity regulations and laws are essential for creating a secure and trusted digital
environment. They provide guidance, establish standards, deter cybercriminals, and promote a
culture of cybersecurity, ultimately contributing to the protection of individuals, organizations,
and the overall digital ecosystem.

Cyber Security Laws & Regulations in India

IT Acts, Laws & Regulations:
Information Technology Act, 2000 The Indian cyber laws are governed by the Information
Technology Act, penned down back in 2000. The principal impetus of this Act is to offer reliable
legal inclusiveness to eCommerce, facilitating registration of real-time records with the
Government.

But with the cyber attackers getting sneakier, topped by the human tendency to misuse
technology, a series of amendments followed.

The ITA, enacted by the Parliament of India, highlights the grievous punishments and penalties
safeguarding the e-governance, e-banking, and e-commerce sectors. Now, the scope of ITA has

Unit-II: Cyberspace and the Law & Cyber Forensics 5

 been enhanced to encompass all the latest communication devices.

1. Section 43: Applicable to people who damage the computer systems without permission
from the owner. The owner can fully claim compensation for the entire damage in such
cases.

2. Section 66: Applicable in case a person is found to dishonestly or fraudulently committing

any act referred to in section 43. The imprisonment term in such instances can mount up to
three years or a fine of up to Rs. 5 lahks.

3. Section 66B: Incorporates the punishments for fraudulently receiving stolen communication
devices or computers, which confirms a probable three years imprisonment. This term can
also be topped by Rs. 1 lakh fine, depending upon the severity.

4. Section 66C: This section scrutinizes identity thefts related to imposter digital signatures,
hacking passwords, or other distinctive identification features. If proven guilty,
imprisonment of three years might also be backed by Rs.1 lakh fine.

5. Section 66D: This section was inserted on-demand, focusing on punishing cheaters doing
impersonation using computer resources.

Indian Penal Code (IPC) 1980:

Identity thefts and associated cyber frauds are embodied in the Indian Penal Code (IPC), 1860
invoked along with the Information Technology Act of 2000.
The primary relevant section of the IPC covers cyber frauds:

1. Forgery (Section 464): Forgery is a criminal offense that involves the creation or alteration
of a document, signature, or other valuable item with the intention to deceive or defraud
others. In the Indian Penal Code (IPC), forgery is addressed under Section 464.

Section 464 of the IPC states:

"Forgery, in any way, of any document or electronic record, or any part of a document or
electronic record, with the intention to cause damage or injury to the public or to any
person, or to support any claim or title, or to commit any fraud or that fraud may be
committed, commits forgery"

Key elements of Section 464:

1. Document or Electronic Record: The section encompasses both physical documents

and electronic records. It includes any material that can convey information, such as
papers, contracts, certificates, identity cards, or digital files.

Unit-II: Cyberspace and the Law & Cyber Forensics 6

 2. Forgery: The act of forgery involves making or altering a document or electronic
record in a fraudulent manner. This includes creating a false document, falsifying
signatures or seals, altering existing documents, or manipulating electronic records.

3. Intention to Cause Damage or Injury: For an act to be considered forgery under

Section 464, there must be an intention to cause damage or injury to the public or any
person. The intent may be to deceive others, support a false claim or title, commit fraud,
or facilitate any other unlawful activity.

2. Forgery pre-planned for cheating (Section 468): Section 468 of the Indian Penal Code
(IPC) deals with the offense of forgery for the purpose of cheating. It specifically addresses
situations where forgery is committed with the intention to deceive or defraud others,
resulting in cheating or causing wrongful gain or loss.

Section 468 of the IPC states:

"Whoever commits forgery, intending that the document or electronic record forged shall be
used for cheating, shall be punished with imprisonment of either description for a term
which may extend to seven years, and shall also be liable to fine"
Key Elements of Section 468:

1. Forgery: The act of forgery involves making or altering a document or electronic

record with fraudulent intent. It includes creating a false document, falsifying signatures
or seals, altering existing documents, or manipulating electronic records.

2. Intention to Cheat: The central element of Section 468 is the intention to use the
forged document or electronic record for cheating. The intent is to deceive or defraud
others, leading to wrongful gain or loss.

3. False documentation (Section 465): Section 465 of the Indian Penal Code (IPC) deals with
the offense of false documentation. It addresses situations where individuals knowingly
create or use false documents with the intent to deceive or defraud others.

Section 465 of the IPC states:

"Whoever commits forgery, intending that the document or electronic record forged shall be
used for cheating, shall be punished with imprisonment of either description for a term
which may extend to two years, or with fine, or with both"
Key Elements of Section 465:

1. Forgery: The act of forgery involves making or altering a document or electronic

record with fraudulent intent. It includes creating a false document, falsifying signatures

Unit-II: Cyberspace and the Law & Cyber Forensics 7

 or seals, altering existing documents, or manipulating electronic records.

2. Intention to Use for Cheating: Section 465 focuses on the intent to use the forged
document or electronic record for cheating. The intent is to deceive or defraud others,
leading to wrongful gain or loss.

4. Presenting a forged document as genuine (Section 471): Section 471 of the Indian Penal
Code (IPC) deals with the offense of presenting a forged document as genuine. It addresses
situations where individuals knowingly possess or use a forged document and present it as
genuine with the intent to deceive or defraud others.
Section 471 of the IPC states:
"Whoever fraudulently or dishonestly uses as genuine any document which he knows or has
reason to believe to be a forged document shall be punished in the same manner as if he had
forged such document"

Key Elements of Section 471:

1. Fraudulent or Dishonest Use: The key element of Section 471 is the act of
fraudulently or dishonestly using a document. This involves presenting a document as
genuine, knowing that it is forged or having a reason to believe that it is forged.

2. Knowledge of Forgery: The person presenting the document must have knowledge or
reason to believe that the document is forged. This implies that they are aware of the
document's falseness but still present it as genuine with the intention to deceive or
defraud others.

5. Reputation damage (Section 469): I apologize for the confusion in my previous response.
Section 469 of the Indian Penal Code (IPC) does exist and pertains to the offense of forgery
for the purpose of harming someone's reputation.
Section 469 of the IPC states:
"Whoever commits forgery, intending that the document or electronic record forged shall be
used for the purpose of harming the reputation of any party, or knowing that it is likely to be
used for that purpose, shall be punished with imprisonment of either description for a term
which may extend to three years, and shall also be liable to fine"
Key Elements of Section 469:

1. Forgery: The act of forgery involves making or altering a document or electronic

record with the intention of harming the reputation of any party. It includes creating

Unit-II: Cyberspace and the Law & Cyber Forensics 8

 false documents, falsifying signatures or seals, altering existing documents, or
manipulating electronic records.

2. Intent to Harm Reputation: The primary element of Section 469 is the intention to use
the forged document or electronic record to harm someone's reputation. The intent may
involve spreading false information or defamatory content through the use of the forged
document.

6. Companies Act of 2013: The Companies Act of 2013 is an important legislation governing
companies and corporate affairs in India. It replaced the Companies Act of 1956 and
introduced several significant changes to modernize and streamline corporate regulations.
The Companies Act of 2013 aims to promote good corporate governance, enhance
transparency, protect the interests of stakeholders, and encourage responsible business
practices.

Companies Act of 2013:

"The Companies Act of 2013 represents a landmark legislation that aims to promote good
corporate governance, enhance transparency, and protect the interests of stakeholders in
India's corporate sector. It introduces comprehensive reforms to modernize the corporate
regulatory framework, simplify business processes, and strengthen financial reporting and
auditing standards. The Act emphasizes accountability, responsible business practices, and
investor protection, fostering a conducive environment for sustainable growth and
development of companies. It sets the stage for increased transparency, improved corporate
governance practices, and the promotion of ethical business conduct, ultimately contributing
to the growth and competitiveness of the Indian economy"

Key Elements:

1. Incorporation and Registration: The Act provides guidelines and procedures for the
incorporation and registration of different types of companies, such as private
companies, public companies, and one-person companies. It outlines the requirements,
processes, and documentation needed for company formation.

2. Corporate Governance: The Act emphasizes the importance of corporate governance

by defining the roles, responsibilities, and liabilities of directors, independent directors,
and key managerial personnel. It establishes provisions for the composition and
functioning of the board of directors, audit committees, and other governance
mechanisms to ensure transparency, accountability, and ethical practices.

Unit-II: Cyberspace and the Law & Cyber Forensics 9

 3. Shareholder Rights and Protection: The Act enhances shareholder rights by
introducing provisions for minority shareholder protection, related party transactions,
and class action suits. It strengthens mechanisms for shareholder participation, voting
rights, and the exercise of powers in company decision-making processes.

NIST Compliance
NIST(National Institute of Standards and Technology) compliance broadly means adhering to
the NIST security standards and best practices set forth by the government agency for the
protection of data used by the government and its contractors.
What does NIST do?

The purpose of NIST is to set standards and best practices for handling and securing data within
government organizations and any organizations that contract with the government.
While NIST guidelines are designed for use by government agencies and their contractors,
anyone can benefit from NIST certification. NIST requirements help public and private sector
organizations alike to plan comprehensive security programs with robust controls that ensure
systems and data are well-protected.
NIST compliance refers to the adherence to the guidelines, standards, and best practices outlined
by the National Institute of Standards and Technology (NIST), a federal agency of the United
States Department of Commerce.
NIST develops and publishes cybersecurity frameworks and guidelines to help organizations
effectively manage and mitigate cybersecurity risks.
The NIST Cybersecurity Framework (CSF) is one of the most widely recognized and adopted
frameworks for cybersecurity risk management. It provides a set of voluntary standards,
guidelines, and practices that organizations can use to improve their cybersecurity posture.
The framework applies to various sectors and industries, including government agencies, critical
infrastructure, and private organizations.

Here are some key aspects of NIST compliance:

1. Framework Core: The NIST CSF consists of five core functions - Identify, Protect, Detect,
Respond, and Recover. These functions serve as the foundation for building a robust
cybersecurity program. They guide organizations in identifying their critical assets,
assessing risks, implementing protective measures, detecting and responding to
cybersecurity incidents, and recovering from any disruptions.

Unit-II: Cyberspace and the Law & Cyber Forensics 10

 2. Standards and Guidelines: NIST provides a wide range of cybersecurity standards and
guidelines that organizations can follow to implement effective security controls and
practices. These include documents such as NIST Special Publications (SPs) and Federal
Information Processing Standards (FIPS). These standards cover areas like risk assessment,
access control, incident response, encryption, and security awareness training.

3. Risk Management Framework: NIST also offers a comprehensive Risk Management

Framework (RMF) that helps organizations assess and manage cybersecurity risks in a
structured and systematic manner. The RMF provides a step-by-step process for identifying,
assessing, responding to, and monitoring risks, ensuring a continuous cycle of risk
management.

4. Continuous Monitoring: NIST emphasizes the importance of continuous monitoring to

maintain an ongoing understanding of the cybersecurity posture. It encourages organizations
to implement robust monitoring and assessment mechanisms to detect and respond to
potential threats and vulnerabilities in real-time.

5. NIST Compliance Assessments: Organizations can undergo NIST compliance assessments

to evaluate their adherence to the NIST standards and guidelines. These assessments involve
reviewing the organization's cybersecurity policies, procedures, controls, and practices to
identify any gaps or areas for improvement.

NIST compliance is widely recognized and adopted not only in the United States but also
globally. Adhering to NIST guidelines can help organizations enhance their cybersecurity
resilience, improve risk management capabilities, and align with industry best practices.

It provides a structured approach to cybersecurity that can be customized to the specific needs
and requirements of an organization.

The Indian Cyberspace

Indian cyberspace was born in 1975 with the establishment of National Informatics Centre (NIC)
with an aim to provide govt with IT solutions. Three networks (NWs) were set up between 1986
and 1988 to connect various agencies of govt.

These NWs were, INDONET which connected the IBM mainframe installations that made up
India’s computer infrastructure, NICNET (the NIC NW) a nationwide very small aperture
terminal (VSAT) NW for public sector organizations as well as to connect the central govt with

Unit-II: Cyberspace and the Law & Cyber Forensics 11

 the state govts and district administrations, the third NW setup was ERNET (the Education and
Research Network), to serve the academic and research communities.

New Internet Policy of 1998 paved the way for services from multiple Internet service providers
(ISPs) and gave boost to the Internet user base grow from 1.4 million in 1999 to over 150 million
by Dec 2012.

The exponential growth rate is attributed to increasing Internet access through mobile phones
and tablets. Govt is making a determined push to increase broadband penetration from its present
level of about 61%. The target for broadband is 160 million households by 2016 under the
National Broadband Plan.

NATIONAL CYBER SECURITY POLICY

National Cyber Security Policy is a policy framework by the Department of Electronics and
Information Technology. It aims at protecting the public and private infrastructure from
cyberattacks. The policy also intends to safeguard "information, such as personal information (of
web users), financial and banking information and sovereign data".
This was particularly relevant in the wake of US National Security Agency (NSA) leaks that
suggested the US government agencies are spying on Indian users, who have no legal or
technical safeguards against it.
Ministry of Communications and Information Technology (India) defines Cyberspace as a
complex environment consisting of interactions between people, software services supported by
the worldwide distribution of information and
communication technology.

VISION: To build a secure and resilient cyberspace for citizens, business, and government and
also to protect anyone from intervening in user's privacy.
MISSION: To protect information and information infrastructure in cyberspace, build
capabilities to prevent and respond to cyber threat, reduce vulnerabilities and minimize damage
from cyber incidents through a combination of institutional structures, people, processes,
technology, and cooperation.
OBJECTIVE: Ministry of Communications and Information Technology (India) define
objectives as follows:

To create a secure cyber ecosystem in the country, generate adequate trust and confidence in
IT system and transactions in cyberspace and thereby enhance adoption of IT in all sectors

Unit-II: Cyberspace and the Law & Cyber Forensics 12

 of the economy.

To create an assurance framework for the design of security policies and promotion and
enabling actions for compliance to global security standards and best practices by way of
conformity assessment (Product, process, technology & people).

To strengthen the Regulatory Framework for ensuring a SECURE CYBERSPACE

ECOSYSTEM.

To enhance and create National and Sectoral level 24X7 mechanism for obtaining strategic
information regarding threats to ICT infrastructure, creating scenarios for response,
resolution and crisis management through effective predictive, preventive, protective
response and recovery actions.

PART-II: CYBER FORENSICS!

Introduction: Cyber Forensics

The science of collecting, inspecting, interpreting, reporting, and presenting computer-related
electronic evidence is known as cyber forensics. Evidence can be found on the hard drive or in
deleted files.

What is Cyber Forensics?

It is the process of examining, acquiring, and analyzing data from a system or device so that it
can be transcribed into physical documentation and presented in court.
During the inspection, it is critical to create a digital or soft copy of the system’s special storage
cell.
The purpose of carrying out a detailed cyber forensics investigation is to determine who is to
blame for a security breach. The entire inquiry is carried out on the software copy while ensuring
that the system is not affected.
In the technological age, cyber forensics is an inevitable factor that is incredibly important.
It is a process of extracting data as proof for a crime (that involves electronic devices) while
following proper investigation rules to nab the culprit by presenting the evidence to the court.

Unit-II: Cyberspace and the Law & Cyber Forensics 13

 Cyber forensics is also known as computer forensics. The main aim of cyber forensics is to
maintain the thread of evidence and documentation to find out who did the crime digitally.
Cyber forensics can do the following:

It can recover deleted files, chat logs, emails, etc…

It can also get deleted SMS, Phone calls.

It can get recorded audio of phone conversations.

It can determine which user used which system and for how much time.

It can identify which user ran which program.

Why is cyber forensics important?

in todays technology driven generation, the importance of cyber forensics is immense.
Technology combined with forensic forensics paves the way for quicker investigations and
accurate results.

Below are the points depicting the importance of cyber forensics:

Cyber forensics helps in collecting important digital evidence to trace the criminal.

Electronic equipment stores massive amounts of data that a normal person fails to see. For
example: in a smart house, for every word we speak, actions performed by smart devices,
collect huge data which is crucial in cyber forensics.

It is also helpful for innocent people to prove their innocence via the evidence collected
online.

It is not only used to solve digital crimes but also used to solve real-world crimes like theft
cases, murder, etc…

Businesses are equally benefitted from cyber forensics in tracking system breaches and
finding the attackers.

The Process Involved in Cyber Forensics:

1. Obtaining a digital copy of the system that is being or is required to be inspected.

2. Authenticating and verifying the reproduction.

3. Recovering deleted files (using Autopsy Tool).

Unit-II: Cyberspace and the Law & Cyber Forensics 14

 4. Using keywords to find the information you need.

5. Establishing a technical report.

How did Cyber Forensics Experts work?

Cyber forensics is a field that follows certain procedures to find the evidence to reach
conclusions after proper investigation of matters.

The procedures that cyber forensic experts follow are:

Identification: The first step of cyber forensics experts are to identify what evidence is
present, where it is stored, and in which format it is stored.

Preservation: After identifying the data the next step is to safely preserve the data and not
allow other people to use that device so that no one can tamper data.

Analysis: After getting the data, the next step is to analyze the data or system. Here the
expert recovers the deleted files and verifies the recovered data and finds the evidence that
the criminal tried to erase by deleting secret files. This process might take several iterations
to reach the final conclusion.

Documentation: Now after analyzing data a record is created. This record contains all the
recovered and available(not deleted) data which helps in recreating the crime scene and
reviewing it.

Presentation: This is the final step in which the analyzed data is presented in front of the
court to solve cases.

Types of Computer Forensics

There are multiple types of computer forensics depending on the field in which digital
investigation is needed.
The fields are:

Network forensics: This involves monitoring and analyzing the network traffic to and from
the criminal’s network. The tools used here are network intrusion detection systems and
other automated tools.

Email forensics: In this type of forensics, the experts check the email of the criminal and
recover deleted email threads to extract out crucial information related to the case.

Unit-II: Cyberspace and the Law & Cyber Forensics 15

 Malware forensics: This branch of forensics involves hacking related crimes. Here, the
forensics expert examines the malware, trojans to identify the hacker involved behind this.

Memory forensics: This branch of forensics deals with collecting data from the
memory(like cache, RAM, etc.) in raw and then retrieve information from that data.

Mobile Phone forensics: This branch of forensics generally deals with mobile phones. They
examine and analyze data from the mobile phone.

Database forensics: This branch of forensics examines and analyzes the data from
databases and their related metadata.

Disk forensics: This branch of forensics extracts data from storage media by searching
modified, active, or deleted files.

Techniques that Cyber Forensic Investigators Use

Cyber forensic investigators use various techniques and tools to examine the data and some of
the commonly used techniques are:

Reverse Steganography: Steganography is a method of hiding important data inside the

digital file, image, etc. So, cyber forensic experts do reverse steganography to analyze the
data and find a relation with the case.

Stochastic forensics: In Stochastic forensics, the experts analyze and reconstruct digital
activity without using digital artifacts. Here, artifacts mean unintended alterations of data
that occur from digital processes.

Cross-drive analysis: In this process, the information found on multiple computer drives is
correlated and cross-references to analyze and preserve information that is relevant to the
investigation.

Live analysis: In this technique, the computer of criminals is analyzed from within the OS
in running mode. It aims at the volatile data of RAM to get some valuable information.

Deleted file recovery: This includes searching for memory to find fragments of a partially
deleted file in order to recover it for evidence purposes.

Introduction: Digital Forensics

Unit-II: Cyberspace and the Law & Cyber Forensics 16

 Digital Forensics is defined as the process of preservation, identification, extraction, and
documentation of computer evidence which can be used by the court of law.

What is Digital Forensics?

It is a science of finding evidence from digital media like a computer, mobile phone, server, or
network. It provides the forensic team with the best techniques and tools to solve complicated
digitalrelated cases.

Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the digital
evidence residing on various types of electronic devices.
Digital forensic science is a branch of forensic science that focuses on the recovery and
investigation of material found in digital devices related to cybercrime.
Digital Forensics is a branch of forensic science which includes the identification, collection,
analysis and reporting any valuable digital information in the digital devices related to the
computer crimes, as a part of the investigation.
In simple words, Digital Forensics is the process of identifying, preserving, analyzing and
presenting digital evidences. The first computer crimes were recognized in the 1978 Florida
computers act and after this, the field of digital forensics grew pretty fast in the late 1980-90’s.
It includes the area of analysis like storage media, hardware, operating system, network and
applications.

It consists of 5 steps at high level:

Unit-II: Cyberspace and the Law & Cyber Forensics 17

 1. Identification of evidence: It includes of identifying evidences related to the digital crime
in storage media, hardware, operating system, network and/or applications. It is the most
important and basic step.

2. Collection: It includes preserving the digital evidences identified in the first step so that
they doesn’t degrade to vanish with time. Preserving the digital evidences is very important
and crucial.

3. Analysis: It includes analyzing the collected digital evidences of the committed computer
crime in order to trace the criminal and possible path used to breach into the system.

4. Documentation: It includes the proper documentation of the whole digital investigation,

digital evidences, loop holes of the attacked system etc. so that the case can be studied and

Unit-II: Cyberspace and the Law & Cyber Forensics 18

 analysed in future also and can be presented in the court in a proper format.

5. Presentation: It includes the presentation of all the digital evidences and documentation in
the court in order to prove the digital crime committed and identify the criminal.

Branches of Digital Forensics

1. Media forensics: It is the branch of digital forensics which includes identification,
collection, analysis and presentation of audio, video and image evidences during the
investigation process.

2. Cyber forensics: It is the branch of digital forensics which includes identification,

collection, analysis and presentation of digital evidences during the investigation of a cyber
crime.

3. Mobile forensics: It is the branch of digital forensics which includes identification,

collection, analysis and presentation of digital evidences during the investigation of a crime
committed through a mobile device like mobile phones, GPS device, tablet, laptop.

4. Software forensics: It is the branch of digital forensics which includes identification,

collection, analysis and presentation of digital evidences during the investigation of a crime
related to softwares only.

Cyber Forensics & Digital Evidence

In the early 80s PCs became more popular and easily accessible to the general population, this
also led to the increased use of computers in all fields and criminal activities were no exception
to this. As more and more computer-related crimes began to surface like computer frauds,
software cracking, etc... the computer forensics discipline emerged along with it.
Today digital evidence collection is used in the investigation of a wide variety of crimes such as
fraud, espionage, cyberstalking, etc…
The knowledge of forensic experts and techniques are used to explain the contemporaneous state
of the digital artifacts from the seized evidence such as computer systems, storage devices (like
SSDs, hard disks, CD-ROM, USB flash drives, etc…), or electronic documents such as emails,
images, documents, chat logs, phone logs, etc…

Process involved in Digital Evidence Collection

The main processes involved in digital evidence collection are given below:

Unit-II: Cyberspace and the Law & Cyber Forensics 19

 Data collection: In this process data is identified and collected for investigation.

Examination: In the second step the collected data is examined carefully.

Analysis: In this process, different tools and techniques are used and the collected evidence
is analyzed to reach some conclusion.

Reporting: In this final step all the documentation, reports are compiled so that they can be
submitted in court.

Types of Collectible Data

The computer investigator and experts who investigate the seized devices have to understand
what kind of potential shreds of evidence could there be and what type of shreds of evidence
they are looking for. So, that they could structure their search pattern. Crimes and criminal
activities that involve computers can range across a wide spectrum; they could go from trading
illegal things such as rare and endangered animals, damaging intellectual property, to personal
data theft, etc…
The investigator must pick the suitable tools to use during the analysis. Investigators can
encounter several problems while investigating the case such as files may have been deleted

Unit-II: Cyberspace and the Law & Cyber Forensics 20

 from the computer, they could be damaged or may even be encrypted, So the investigator should
be familiar with a variety of tools, methods, and also the software to prevent the data from
damaging during the data recovery process.
There are two types of data, that can be collected in a computer forensics investigation:

Persistent data: It is the data that is stored on a non-volatile memory type storage device
such as a local hard drive, external storage devices like SSDs, HDDs, pen drives, CDs, etc.
the data on these devices is preserved even when the computer is turned off.

Volatile data: It is the data that is stored on a volatile memory type storage such as memory,
registers, cache, RAM, or it exists in transit, that will be lost once the computer is turned off
or it loses power. Since volatile data is evanescent, it is crucial that an investigator knows
how to reliably capture it.

Types of Evidence
Collecting the shreds of evidence is really important in any investigation to support the claims in
court.
Below are some major types of evidence:

Real Evidence: These pieces of evidence involve physical or tangible evidence such as
flash drives, hard drives, documents, etc. an eyewitness can also be considered as a shred of
tangible evidence.

Hearsay Evidence: These pieces of evidence are referred to as out-of-court statements.

These are made in courts to prove the truth of the matter.

Original Evidence: These are the pieces of evidence of a statement that is made by a person
who is not a testifying witness. It is done in order to prove that the statement was made
rather than to prove its truth.

Testimony: Testimony is when a witness takes oath in a court of law and gives their
statement in court. The shreds of evidence presented should be authentic, accurate, reliable,
and admissible as they can be challenged in court.

Challenges Faced During Digital Evidence Collection

Evidence should be handled with utmost care as data is stored in electronic media and it can
get damaged easily.

Unit-II: Cyberspace and the Law & Cyber Forensics 21

 Collecting data from volatile storage.

Recovering lost data.

Ensuring the integrity of collected data.

Recovering information from devices as the digital shreds of evidence in the investigation are
becoming the fundamental ground for law enforcement and courts all around the world.
The methods used to extract information and shreds of evidence should be robust to ensure that
all the related information and data are recovered and is reliable.

The methods must also be legally defensible to ensure that original pieces of evidence and data
have not been altered in any way and that no data was deleted or added from the original
evidence.

Forensic Analysis of an Email

E-mail forensics refers to the study of source and content of e-mail as evidence to identify the
actual sender and recipient of a message, data/time of transmission, detailed record of e-mail
transaction, intent of the sender, etc…
This study involves investigation of metadata, keyword searching, port scanning, etc… for
authorship attribution and identification of e-mail scams.
Various approaches that are used for e-mail forensic are:

1. Header Analysis: Meta data in the e-mail message in the form of control information i.e.
envelope and headers including headers in the message body contain information about the
sender and/or the path along which the message has traversed. Some of these may be
spoofed to conceal the identity of the sender. A detailed analysis of these headers and their
correlation is performed in header analysis.

2. Bait Tactics: In bait tactic investigation an e-mail with http: “<imgsrc>” tag having image
source at some computer monitored by the investigators is send to the sender of e-mail under
investigation containing real (genuine) e-mail address. When the e-mail is opened, a log
entry containing the IP address of the recipient (sender of the e-mail under investigation) is
recorded on the http server hosting the image and thus sender is tracked.

However, if the recipient (sender of the e-mail under investigation) is using a proxy server
then IP address of the proxy server is recorded. The log on proxy server can be used to track
the sender of the e-mail under investigation. If the proxy server’s log is unavailable due to

Unit-II: Cyberspace and the Law & Cyber Forensics 22

 some reason, then investigators may send the tactic e-mail containing a) Embedded Java
Applet that runs on receiver’s computer or b) HTML page with Active X Object. Both
aiming to extract IP address of the receiver’s computer and e-mail it to the investigators.

3. Server Investigation: In this investigation, copies of delivered e mails and server logs are
investigated to identify source of an e-mail message. E-mails purged from the clients
(senders or receivers) whose recovery is impossible may be requested from servers (Proxy
or ISP) as most of them store a copy of all e-mails after their deliveries.
Further, logs maintained by servers can be studied to trace the address of the computer
responsible for making the e-mail transaction.
However, servers store the copies of email and server logs only for some limited periods and
some may not co-operate with the investigators. Further, SMTP servers which store data like
credit card number and other data pertaining to owner of a mailbox can be used to identify
person behind an email address.

4. Network Device Investigation: In this form of e-mail investigation, logs maintained by the
network devices such as routers, firewalls and switches are used to investigate the source of
an e-mail message. This form of investigation is complex and is used only when the logs of
servers (Proxy or ISP) are unavailable due to some reason, e.g. when ISP or proxy does not
maintain a log or lack of co-operation by ISP’s or failure to maintain chain of evidence.

5. Software Embedded Identifiers: Some information about the creator of e mail, attached
files or documents may be included with the message by the e mail software used by the
sender for composing e-mail.

This information may be included in the form of custom headers or in the form of MIME
content as a Transport Neutral Encapsulation Format (TNEF). Investigating the e-mail for
these details may reveal some vital information about the senders e-mail preferences and
options that could help client side evidence gathering.
The investigation can reveal PST file names, Windows logon username, MAC address, etc.
of the client computer used to send e-mail message.

6. Sender Mailer Fingerprints: Identification of software handling e-mail at server can be

revealed from the Received header field and identification of software handling email at
client can be ascertained by using different set of headers like “X-Mailer” or equivalent.
These headers describe applications and their versions used at the clients to send e-mail.
This information about the client computer of the sender can be used to help investigators
devise an effective plan and thus prove to be very useful.

Unit-II: Cyberspace and the Law & Cyber Forensics 23

 EMAIL FORENSICS TOOLS
Erasing or deleting an email doesn’t necessarily mean that it is gone forever. Often emails can be
forensically extracted even after deletion. Forensic tracing of e mail is similar to traditional
detective work. It is used for retrieving information from mailbox files.
The following is an extensive list of Email Forensic tools:

1. MiTec Mail Viewer: This is a viewer for Outlook Express, Windows Mail/Windows Live
Mail, Mozilla Thunderbird message databases, and single EML files. It displays a list of
contained messages with all needed properties, like an ordinary e-mail client.
Messages can be viewed in detailed view, including attachments and an HTML preview. It
has powerful searching and filtering capability and also allows extracting email addresses
from all emails in opened folder to list by one click. Selected messages can be saved to eml
files with or without their attachments. Attachments can be extracted from selected
messages by one command.

2. OST and PST Viewer: Nucleus Technologies’ OST and PST viewer tools help you view
OST and PST files easily without connecting to an MS Exchange server. These tools allow
the user to scan OST and PST files and they display the data saved in it including email
messages, contacts, calendars, notes, etc., in a proper folder structure.

3. eMailTrackerPro: eMailTrackerPro analyses the headers of an e-mail to detect the IP

address of the machine that sent the message so that the sender can be tracked down. It can
trace multiple e-mails at the same time and easily keep track of them. The geographical
location of an IP address is key information for determining the threat level or validity of an
e-mail message.

4. EmailTracer: EmailTracer is an Indian effort in cyber forensics by the Resource Centre for
Cyber Forensics (RCCF) which is a premier centre for cyber forensics in India. It develops
cyber forensic tools based on the requirements of law enforcement agencies.

Digital Forensics Lifecycle

Unit-II: Cyberspace and the Law & Cyber Forensics 24

 1. Collection: The first step in the forensic process is to identify potential sources of data and
acquire data from them.

2. Examination: After data has been collected, the next phase is to examine the data, which
involves assessing and extracting the relevant pieces of information from the collected data.
This phase may also involve bypassing or mitigating OS or application features that obscure
data and code, such as data compression, encryption, and access control mechanisms.

3. Analysis: Once the relevant information has been extracted, the analyst should study and
analyze the data to draw conclusions from it. The foundation of forensics is using a
methodical approach to reach appropriate conclusions based on the available data or
determine that no conclusion can yet be drawn.

4. Reporting: The process of preparing and presenting the information resulting from the
analysis phase.

Many factors affect reporting, including the following:

1. Alternative Explanations: When the information regarding an event is incomplete, it

may not be possible to arrive at a definitive explanation of what happened. When an
event has two or more plausible explanations, each should be given due consideration in
the reporting process. Analysts should use a methodical approach to attempt to prove or
disprove each possible explanation that is proposed.

2. Audience Consideration: Knowing the audience to which the data or information will
be shown is important.

Unit-II: Cyberspace and the Law & Cyber Forensics 25

 3. Actionable Information: Reporting also includes identifying actionable information
gained from data that may allow an analyst to collect new sources of information.

Forensics Investigation
Cyber forensics refers to the practice of extracting information, analyzing the data and gaining
intelligence into activities that involve the use of technology as a structured chain of evidence
that can be presented in the court of law.

Forensics are the scientific methods used to solve a crime. Forensic investigation is the gathering
and analysis of all crime-related physical evidence in order to come to a conclusion about a
suspect. Investigators will look at blood, fluid, or fingerprints, residue, hard drives, computers, or
other technology to establish how a crime took place.
This is a general definition, though, since there are a number of different types of forensics.

Types of Forensic Investigations

Forensic investigations encompass various disciplines and areas of expertise. Here are some of
the common types of forensic investigations:

1. Forensic Accounting /Auditing: Forensic accounting, also known as forensic auditing, is a

specialized field that combines accounting, investigative skills, and legal knowledge to
detect and investigate financial fraud, embezzlement, money laundering, and other financial
crimes. Forensic accountants apply their expertise in accounting, auditing, and financial
analysis to uncover evidence, quantify losses, and provide expert opinions in legal
proceedings.

2. Computer or Cyber Forensics: Computer or cyber forensics is a branch of digital

forensics that focuses on the investigation and analysis of digital evidence related to
computer systems, networks, and digital devices. It involves the collection, preservation,
examination, and presentation of electronic data to uncover and document potential evidence
for legal, criminal, or cybersecurity investigations.

3. Crime Scene Forensics: Crime scene forensics, also known as forensic science or forensic
investigation, involves the systematic analysis and interpretation of physical evidence found
at a crime scene. It encompasses various scientific disciplines and techniques to reconstruct
events, identify perpetrators, and support legal proceedings.

Unit-II: Cyberspace and the Law & Cyber Forensics 26

 4. Forensic Archaeology: Forensic archaeology is a specialized branch of forensic science that
applies archaeological principles, techniques, and methodologies to locate, excavate, and
analyze human remains and associated evidence in criminal investigations or legal cases. It
involves the systematic recovery and interpretation of physical evidence from buried or
concealed contexts to establish the identity of individuals, reconstruct events, and provide
crucial information for investigations.

5. Forensic Dentistry: Forensic dentistry, also known as forensic odontology, is a specialized

branch of forensic science that involves the examination and analysis of dental evidence for
the purpose of identification, investigation, and legal proceedings. Forensic dentists utilize
their dental expertise to assist in cases where human remains are involved, victims' identities
need to be established, or bite marks are present at crime scenes.

6. Forensic Entomology: Forensic entomology is a specialized branch of forensic science that

utilizes knowledge of insects and other arthropods to aid in criminal investigations. It
involves the study of insect behavior, life cycles, and ecological interactions to estimate the
postmortem interval (PMI), determine the location of death, identify drugs or toxins, and
provide insights into other aspects of a crime scene.

7. Forensic Graphology: Forensic graphology, also known as handwriting analysis, is a

specialized field of forensic science that involves the examination and analysis of
handwriting and other forms of handwritten communication to provide insights into the
personality traits, characteristics, and potential links to individuals involved in criminal
investigations.

8. Forensic Pathology: Forensic pathology is a specialized field of forensic medicine that

focuses on investigating the cause, manner, and circumstances of death. Forensic
pathologists, also known as medical examiners or forensic physicians, play a crucial role in
criminal investigations, identifying the deceased, and providing expert testimony in legal
proceedings.

9. Forensic Psychology: Forensic psychology is a specialized field that combines principles of

psychology and law to understand and analyze human behavior within the legal system.
Forensic psychologists apply their expertise in psychological assessment, research, and
intervention to various legal and criminal justice contexts.

10. Forensic Science: Forensic science is a multidisciplinary field that applies scientific
principles and techniques to investigate and analyze evidence in criminal investigations. It
encompasses various scientific disciplines, including biology, chemistry, physics,

Unit-II: Cyberspace and the Law & Cyber Forensics 27

 anthropology, and more. The primary goal of forensic science is to provide objective and
scientific analysis of evidence to aid in the resolution of legal cases.

11. Forensic Toxicology: Forensic toxicology is a specialized branch of forensic science that
focuses on the analysis of toxic substances, drugs, and chemicals in biological samples to
determine their presence, concentration, and potential effects on individuals involved in
legal investigations.

Challenges in Computer Forensics

Digital forensics also known as computer forensics, is the application of scientific methods and
techniques to identify, preserve, analyze, and present digital evidence in a manner that is legally
admissible. It is a branch of forensic science that deals specifically with digital devices,
networks, and storage media.

Challenges in Digital Forensics

1. Data Encryption: Encryption can make it difficult to access the data on a device or
network, making it harder for forensic investigators to collect evidence. This can require
specialized decryption tools and techniques.

2. Data Destruction: Criminals may attempt to destroy digital evidence by wiping or

destroying devices. This can require specialized data recovery techniques.

3. Data Storage: The sheer amount of data that can be stored on modern digital devices can
make it difficult for forensic investigators to locate relevant information. This can require

Unit-II: Cyberspace and the Law & Cyber Forensics 28

 specialized data carving techniques to extract relevant information.

Digital forensics is a rapidly evolving field that requires a combination of technical knowledge,
an understanding of legal principles, and investigative skills to be successful.
As technology develops crimes and criminals are also developed with it. Digital forensic experts
use forensic tools for collecting shreds of evidence against criminals and criminals use such tools
for hiding, altering or removing the traces of their crime, in digital forensic this process is called
Anti- forensics technique which is considered as a major challenge in digital forensics world.

Anti-Forensics techniquesare categorized into the following types:

S.No Type Description

It is legitimately used for ensuring the privacy of information by

keeping it hidden from an unauthorized user/person.
1. Encryption
Unfortunately, it can also be used by criminals to hide their
crimes.

Data hiding in Criminals usually hide chunks of data inside the storage medium
2.
storage space in invisible form by using system commands, and programs.

A covert channel is a communication protocol which allows an

attacker to bypass intrusion detection technique and hide data
3. Covert Channel
over the network. The attacker used it for hiding the connection
between him and the compromised system.

Other Technical Challenges are:

1. Operating in the cloud.

2. Time to archive data.

3. Skill gap.

4. Steganography.

Legal Challenges

Unit-II: Cyberspace and the Law & Cyber Forensics 29

 The presentation of digital evidence is more difficult than its collection because there are many
instances where the legal framework acquires a soft approach and does not recognize every
aspect of cyber forensics, as in Jagdeo Singh V.

The State and Ors case Hon’ble High Court of Delhi held that “while dealing with the
admissibility of an intercepted telephone call in a CD and CDR which was without a certificate
under Sec. 65B of the Indian Evidence Act, 1872 the court observed that the secondary
electronic evidence without certificate u/s. 65B of Indian Evidence Act, 1872 is not admissible
and cannot be looked into by the court for any purpose whatsoever.”
This happens in most of the cases as the cyber police lack the necessary qualification and ability
to identify a possible source of evidence and= prove it. Besides, most of the time electronic
evidence is challenged in the court due to its integrity. In the absence of proper guidelines and
the nonexistence of proper explanation of the collection, and acquisition of electronic evidence
gets dismissed in itself.

S.No Type Description

In India, there are no proper guidelines for the collection and

Absence of
acquisition of digital evidence. The investigating agencies and
1. guidelines and
forensic laboratories are working on the guidelines of their own.
standards
Due to this, the potential of digital evidence has been destroyed.

The Indian Evidence Act, 1872 have limited approach, it is not

able to evolve with the time and address the E-evidence are more
susceptible to tampering, alteration, transposition, etc. the Act is
Limitation of the
silent on the method of collection of e-evidence it only focuses
2. Indian Evidence
on the presentation of electronic evidence in the court by
Act, 1872
accompanying a certificate as per subsection 4 of Sec. 65B. This
means no matter what procedure is followed it must be proved
with the help of a certificate.

Resource Challenges
As the rate of crime increases the number of data increases and the burden to analyze such huge
data is also increasing on a digital forensic expert because digital evidence is more sensitive as
compared to physical evidence it can easily disappear. For making the investigation process fast
and useful forensic experts use various tools to check the authenticity of the data but dealing with
these tools is also a challenge in itself.

Types of Resource Challenges are:

Unit-II: Cyberspace and the Law & Cyber Forensics 30

 1. Change in Technology: Due to rapid change in technology like operating systems,
application software and hardware, reading of digital evidence becoming more difficult
because new version software’s are not supported to an older version and the software
developing companies did provide any backward compatible’s which also affects legally.

2. Volume and Replication: The confidentiality, availability, and integrity of electronic

documents are easily get manipulated. The combination of wide-area networks and the
internet form a big network that allows flowing data beyond the physical boundaries. Such
easiness of communication and availability of electronic document increases the volume of
data which also create difficulty in the identification of original and relevant data.

Unit-II: Cyberspace and the Law & Cyber Forensics 31

 󾠰
Unit-III: Cybercrime: Mobile &
Wireless
Cybercrime Mobile and Wireless Devices: Introduction, Proliferation of Mobile and Wireless
Devices, Trends in Mobility, Credit Card Frauds in Mobile and Wireless Computing Era,
Security Challenges Posed by Mobile Devices, Registry Settings for Mobile Devices,
Authentication Service Security, Attacks on Mobile/Cell Phones, Organizational security
Policies, and Measures in Mobile Computing Era, Laptops.

Introduction to Cybercrime
Cybercrime or a Computer-Oriented crime is a crime that includes a computer and a network.
The computer may have been used in the execution of a crime or it may be the target.
Cybercrime is the use of a computer as a weapon for committing crimes such as committing
fraud, identity theft, or breaching privacy.
Cybercrime, especially through the Internet, has grown in importance as the computer has
become central to every field like commerce, entertainment, and government. Cybercrime may
endanger a person or a nation’s security and financial health.

Unit-III: Cybercrime: Mobile & Wireless 1

 Cybercrime encloses a wide range of activities, but these can generally be divided into two
categories:

1. Crimes that aim at computer networks or devices. These types of crimes involve different
threats (like virus, bugs etc.) and denial-of-service (DoS) attacks.

2. Crimes that use computer networks to commit other criminal activities. These types of
crimes include cyber stalking, financial fraud or identity theft.

Classification of Cyber Crime

1. Cyber Terrorism: Cyber terrorism is the use of the computer and internet to perform
violent acts that result in loss of life. This may include different type of activities either by
software or hardware for threatening life of citizens.
In general, Cyber terrorism can be defined as an act of terrorism committed through the use
of cyberspace or computer resources.

2. Cyber Extortion: Cyber extortion occurs when a website, e-mail server or computer system
is subjected to or threatened with repeated denial of service or other attacks by malicious
hackers. These hackers demand huge money in return for assurance to stop the attacks and
to offer protection.

3. Cyber Warfare: Cyber warfare is the use or targeting in a battle space or warfare context of
computers, online control systems and networks. It involves both offensive and defensive
operations concerning to the threat of cyber attacks, espionage and sabotage.

4. Internet Fraud: Internet fraud is a type of fraud or deceit which makes use of the Internet
and could include hiding of information or providing incorrect information for the purpose
of deceiving victims for money or property. Internet fraud is not considered a single,
distinctive crime but covers a range of illegal and illicit actions that are committed in
cyberspace.

5. Cyber Stalking: This is a kind of online harassment wherein the victim is subjected to a
barrage of online messages and emails. In this case, these stalkers know their victims and
instead of offline stalking, they use the Internet to stalk. However, if they notice that cyber
stalking is not having the desired effect, they begin offline stalking along with cyber stalking
to make the victims’ lives more miserable.

Challenges of Cyber Crime

Unit-III: Cybercrime: Mobile & Wireless 2

 1. People are Unaware of their Cyber Rights: The Cybercrime usually happen with illiterate
people around the world who are unaware about their cyber rights implemented by the
government of that particular country.

2. Anonymity: Those who Commit cyber crime are anonymous for us so we cannot do
anything to that person.

3. Less Numbers of Case Registered: Every country in the world faces the challenge of cyber
crime and the rate of cyber crime is increasing day by day because the people who even
don’t register a case of cyber crime and this is major challenge for us as well as for
authorities as well.

4. Mostly Committed by Well Educated People: Committing a cyber crime is not a cup of
tea for every individual. The person who commits cyber crime is a very technical person so
he knows how to commit the crime and not get caught by the authorities.

5. No Harsh Punishment: In Cyber crime there is no harsh punishment in every cases. But
there is harsh punishment in some cases like when somebody commits cyber terrorism in
that case there is harsh punishment for that individual. But in other cases there is no harsh
punishment so this factor also gives encouragement to that person who commits cyber
crime.

Prevention of Cyber Crime

Below are some points by means of which we can prevent cyber crime:

1. Use Strong Password: Maintain different password and username combinations for each
account and resist the temptation to write them down. Weak passwords can be easily cracked
using certain attacking methods like Brute force attack, Rainbow table attack etc, So make
them complex. That means combination of letters, numbers and special characters.

2. Use Trusted Antivirus in Devices: Always use trustworthy and highly advanced antivirus
software in mobile and personal computers. This leads to the prevention of different virus
attack on devices.

3. Keep social Media Private: Always keep your social media accounts data privacy only to
your friends. Also make sure only to make friends who are known to you.

4. Keep your Device Software Updated: Whenever you get the updates of the system
software update it at the same time because sometimes the previous version can be easily
attacked.

Unit-III: Cybercrime: Mobile & Wireless 3

 5. Use Secure Network: Public Wi-Fi are vulnerable. Avoid conducting financial or corporate
transactions on these networks.

6. Never Open Attachments in Spam Emails: A computer get infected by malware attacks
and other forms of cybercrime is via email attachments in spam emails. Never open an
attachment from a sender you do not know.

7. Software Should be Updated: Operating system should be updated regularly when it

comes to internet security. This can become a potential threat when cybercriminals exploit
flaws in the system.

Proliferation of Mobile and Wireless Devices

Today, incredible advances are being made for mobile devices. The trend is for smaller devices
and more processing power. A few years ago, the choice was between a wireless phone and a
simple PDA.
Now the buyers have a choice between high-end PDAs with integrated wireless modems and
small phones with wireless Web-browsing capabilities.

A long list of options is available to the mobile users. A simple hand-held mobile device
provides enough computing power to run small applications, play games and music, and make
voice calls. A key driver for the growth of mobile technology is the rapid growth of business
solutions into hand-held devices.

As the term "mobile device" includes many products. We first provide a clear distinction among
the key terms: mobile computing, wireless computing and hand-held devices. Figure below helps
us understand how these terms are related. Let us understand the concept of mobile computing
and the various types of devices.

Unit-III: Cybercrime: Mobile & Wireless 4

 Mobile computing is "taking a computer and all necessary files and software out into the
field" Many types of mobile computers have been introduced since 1990s.

They are as follows:

1. Portable computer: It is a general-purpose computer that can be easily moved from one
place to another, but cannot be used while in transit, usually because it requires some
"setting-up" and an AC power source.

2. Tablet PC: It lacks a keyboard, is shaped like a slate or a paper notebook and has features of
a touchscreen with a stylus and handwriting recognition software. Tablets may not be best
suited for applications requiring a physical keyboard for typing, but are otherwise capable of
carrying out most tasks that an ordinary laptop would be able to perform.

3. Internet tablet: It is the Internet appliance in tablet form. Unlike a Tablet PC, the Internet
tablet does not have much computing power and its applications suite is limited. Also it
cannot replace a general-purpose computer. The Internet tablets typically feature an MP3
and video player, a Web browser, a chat application and a picture viewer.

4. Personal digital assistant (PDA): It is a small, usually pocket-sized, computer with limited
functionality. It is intended to supplement and synchronize with a desktop computer, giving
access to contacts, address book, notes, E-Mail and other features.

Unit-III: Cybercrime: Mobile & Wireless 5

 5. Ultramobile (PC): It is a full-featured, PDA-sized computer running a general-purpose
operating system (OS).

6. Smartphone: It is a PDA with an integrated cell phone functionality. Current Smartphones

have a wide range of features and installable applications.

7. Carputer: It is a computing device installed in an automobile. It operates as a wireless

computer, sound system, global positioning system (GPS) and DVD player. It also contains
word processing software and is Bluetooth compatible.

8. Fly Fusion Pentop computer: It is a computing device with the size and shape of a pen. It
functions as a writing utensil, MP3 player, language translator, digital storage device and
calculator.

Trends in Mobility
Mobile computing is moving into a new era, third generation ( 3G), which promises greater
variety in applications and have highly improved usability as well as speedier networking.
"iPhone" from Apple and Google-led "Android" phones are the best examples of this trend and
there are plenty of other developments that point in this direction.
This smart mobile technology is rapidly gaining popularity and the attackers (hackers and
crackers) are among its biggest fans.

It is worth noting the trends in mobile computing; this will help readers to readers to realize the
seriousness of cybersecurity issues in the mobile computing domain. Figure below shows the
different types of mobility and their implications.

Unit-III: Cybercrime: Mobile & Wireless 6

 The new technology 3G networks are not entirely built with IP data security. Moreover, IP data
world when compared to voice-centric security threats is new to mobile operators. There are
numerous attacks that can be committed against mobile networks and they can originate from
two primary vectors.

One is from outside the mobile network - that is, public Internet, private networks and other
operator's networks - and the other is within the mobile networks- that is, devices such as data-
capable handsets and Smartphones, notebook computers or even desktop computers connected to
the 3G network.

How does Mobile Computing Work?

Generally, a mobile computing system involves a mobile device, such as a laptop computer,
tablet or smartphone, and a wireless network connection based on Wi-Fi or cellular wireless
technology, such as 5G. Mobile devices typically can store data locally, and access to that data
doesn't require a network connection.
Mobile computers typically accommodate access to both wireless and wired technology. Access
to shared network resources, including mobile cloud-based resources, is essential given the
collaborative nature of work today. Integrated, rechargeable batteries power mobile devices, and
most can run on an alternating current (AC) power source when used from a fixed location.
In addition to laptops, tablets and smartphones, there are many mobile computing devices for
vertical and specialized applications. These include devices for medical, surveillance, security,
and telemetry and control uses.
Device selection is based on the application. For example, laptops are better suited for content
creation, and tablets are often preferred for content consumption. Smartphones function as
pocket-size computers and communication devices, but they have small screen sizes and screen-
based keyboards.

Why is Mobile Computing used?

Mobile computing is used in most facets of life both in business and by consumers. It enables
users to be untethered from a power source for periods of time. This is advantageous for
traveling workers who want to stay connected to their work while on the move. It's also useful
for remote workers who may not have all the connectivity and power options they have in an
office setting.

Consumers use mobile computing in several ways, including the following:

Unit-III: Cybercrime: Mobile & Wireless 7

 internet access.

mobile communications.

web browsing.

mobile applications.

entertainment streaming media.

Mobile devices and apps can collect user data in various environments and contexts. Fitbits and
smartwatches are examples of wearable technology that collect user data in novel contexts,
including fitness and health settings.
Mobile computing also makes the internet of things (Internet of Things) possible. The
nontraditional computers, sensors and other devices that make up IoT are able to connect and
communicate without direct human intervention.

What are the types of Mobile Computing?

Mobile computing is a combination of infrastructure, hardware and software technology.
The various parts of mobile computing are as follows:

Mobile infrastructure. Infrastructure refers to the technical pieces that allow devices to
communicate. Mobile infrastructure includes the wireless networks, wireless protocols and
data formats.

Mobile hardware. The physical mobile device and supporting hardware that users interact
with make up the mobile hardware. This may include cell phones, laptops, tablets, wearable
computers and accompanying chargers and accessories.

Mobile software. This refers to the applications that run on mobile devices,
including mobile operating systems (OSes) and user-facing applications, such as mobile
browsers and E-commerce applications.

Unit-III: Cybercrime: Mobile & Wireless 8

 Some different types of mobile computing include the following examples:

Consumer use: Consumers can use mobile devices like laptops, smartphones, wearables
and tablets for an array of activities, including communication, entertainment, banking, bill
paying and health and fitness tracking.

Remote work: Employees use laptops or tablets to work and collaborate. Delivery
personnel use mobile devices for logistical and management information, and to verify that
deliveries were made to the right place. Field service technicians use mobile devices for
field service management, tracking and support capabilities.

Internet of Things: Consumer and enterprise IoT devices are used to communicate with
other devices without human intervention. For example, self-driving cars use sensors,
onboard computers and other connected devices to connect with GPS, weather and other

Unit-III: Cybercrime: Mobile & Wireless 9

 systems to navigate the road safely. Smart sensors are also used in supply chain management
systems to track the progress of goods in transit.

3G (Third Generation of Mobile Telephony)

3G refers to the third generation of cellular technology that enables mobile telephony. The third-
generation standard follows two earlier generations that were deployed on mobile networks and
across mobile phones.

The International Telecommunication Union (ITU) defined the third generation of mobile
telephony standards International Mobile Telecommunications 2000 (IMT-2000) to facilitate
growth, increase bandwidth and support more diverse applications. For example, Global System
for Mobile Communications (GSM) technologies could deliver not only voice, but also circuit-
switched data across mobile phone networks at speeds up to 14.4 kilobits per second (Kbps). To
support mobile multimedia applications, however, the 3G standard had to deliver packet-
switched data with better spectral efficiency at far greater speeds.

Popular types of attacks against 3G mobile networks are as follows:

1. Malwares, Viruses and Worms: Although many users are still in the transient process of
switching from 2G,2.5G2G,2.5G to 3G,3G, it is a growing need to educate the community
people and provide awareness of such threats that exist while using mobile devices.

Here are few examples of malware(s) specific to mobile devices:

Skull Trojan: I targets Series 60 phones equipped with the Symbian mobile OS.

Cabir Worm: It is the first dedicated mobile-phone worm infects phones running on
Symbian OS and scans other mobile devices to send a copy of itself to the first
vulnerable phone it finds through Bluetooth Wireless technology. The worst thing about
this worm is that the source code for the Cabir-H and Cabir-I viruses is available online.

Mosquito Trojan: It affects the Series 60 Smartphones and is a cracked version of

"Mosquitos" mobile phone game. Brador Trojan: It affects the Windows CE OS by
creating a svchost. exe file in the Windows start-up folder which allows full control of
the device. This executable file is conductive to traditional worm propagation vector
such as E-Mail file attachments.

Lasco Worm: It was released first in 2005 to target PDAs and mobile phones running
the Symbian OS. Lasco is based on Cabir's source code and replicates over Bluetooth
connection.

Unit-III: Cybercrime: Mobile & Wireless 10

 2. Denial-of-service (DoS): The main objective behind this attack is to make the system
unavailable to the intended users. Virus attacks can be used to damage the system to make
the system unavailable. Presently, one of the most common cyber security threats to wired
Internet service providers (iSPs) is a distributed denial-of-service DDos attack .DDoS
attacks are used to flood the target system with the data so that the response from the target
system is either slowed or stopped.

3. Overbilling Attack: Overbilling involves an attacker hijacking a subscriber's IP address and

then using it (i.e., the connection) to initiate downloads that are not "Free downloads" or
simply use it for his/her own purposes. In either case, the legitimate user is charged for the
activity which the user did not conduct or authorize to conduct.

4. Spoofed policy development process (PDP): These of attacks exploit the vulnerabilities in
the GTP [General Packet Radio Service (GPRS) Tunneling Protocol].

5. Signaling-Level Attacks: The Session Initiation Protocol (SIP) is a signaling protocol used
in IP multimedia subsystem (IMS) networks to provide Voice Over Internet Protocol (VoIP)
services. There are several vulnerabilities with SIP-based VolP systems.

What are the advantages of Mobile Computing?

1. Portability.

2. Affordability.

3. Wireless Communications.

4. Data.

What are the disadvantages of mobile computing?

1. Power.

2. Connectivity.

3. Data Security.

4. Dependence.

5. Distraction.

Unit-III: Cybercrime: Mobile & Wireless 11

 Credit Card Frauds in Mobile and Wireless
Computing Era
These are new trends in cybercrime that are coming up with mobile computing - mobile
commerce (M-Commerce) and mobile banking (M-Banking). Credit card frauds are now
becoming commonplace given the ever-increasing power and the ever-reducing prices of the
mobile hand-held devices, factors that result in easy availability of these gadgets to almost
anyone.

Mobile credit card transactions are now very common; new technologies combine low-cost
mobile phone technologies with the capabilities of a point-of-sale (POS) terminal.
Today belongs to "mobile compüting," that is, anywhere anytime computing. The developments
in wireless technology have fuelled this new mode of working for white collar workers. This is
true for credit card processing too; wireless credit card processing is a relatively new service that
will allow a person to process credit cards electronically, virtually anywhere.

Wireless credit card processing is a very desirable system, because it allows businesses to
process transactions from mobile locations quickly, efficiently and professionally. It is most often
used by businesses that operate mainly in a mobile environment. These businesses include
mobile utility repair service businesses, locksmiths, mobile windshield repair and others.
Some upscale restaurants are using wireless processing equipment for the security of their credit
card paying customers. Figure below shows the basic flow of transactions involved in purchases
done using credit cards. If Credit card companies, normally, do a good job of helping consumers
resolve identity (ID) they) theft problems once they occur.
But they of could reduce ID fraud even more if they give consumers better to monitor their
accounts and limit high-risk transactions.

Unit-III: Cybercrime: Mobile & Wireless 12

 There is a system available from an Australian company "Alacrity" called closed-loop
environment for for wireless (CLEW). Figure above shows the flow of events with CLEW which
is a registered trademark of Alacrity used here only to demonstrate the flow in this environment.

As shown in Figure, the basic flow is as follows:

1. Merchant sends a transaction to bank.

2. The bank transmits the request to the authorized cardholder.

3. The cardholder approves or rejects (password protected).

4. The bank/merchant is notified.

5. The credit card transaction is completed.

Techniques of Credit Card Frauds

Traditional Techniques:
1. Paper-Based Fraud: Paper-based fraud is whereby a criminal makes use of stolen or faux
files such as utility payments and financial institution statements that can construct up
beneficial Personally Identifiable Information (PII) to open an account in anybody else’s
name.

2. Application Fraud:

a. ID Theft :Where a person pretends to be anybody else.

b. Financial Fraud :Where a person offers false data about his or her monetary reputation
to gather credit.

Unit-III: Cybercrime: Mobile & Wireless 13

 3. Modern Techniques: Skimming to Commit Fraud is a kind of crime in which dishonest
employees make unlawful copies of credit or debit cards with the help of a ‘skimmer’. A
skimmer is a gadget that captures credit card numbers and other account information which
should be personal. The data and records held on either the magnetic stripe on the lower
back of the deposit card or the records saved on the smart chip are copied from one card to
another.

Security Challenges Posed by Mobile Devices

Believe it or not there are security risks when using a mobile device. We know, it is surprising
right, that your phone or tablet could be a possible threat to your safety.

When you consider all the potential threats that exist on the Internet and the fact that most of
today’s mobile devices are connecting to and through the Internet with every function, I think it
becomes easier to understand just how vulnerable they are.
While more of the threats are the same as those faced by the average laptop or desktop user there
are some unique to the mobile world. Mobile phone security threats generally include application
based, web-based, network-based and physical threats.

Examples in Challenge In Mobile Device:

1. Application Based Threat: The most of application are downloadable and purposed the
most common risk for mobile users; most devices don’t do much on their own, and it is the
applications that make them so awesome and we all download apps. If it comes to apps the
risks run from bugs and basic security risks on the low end of the scale all the way through
malicious apps with no other purpose to commit cyber crime.
Examples of Application Based Threat:

1. Malware

2. Spyware

3. Privacy

4. Zero Day Vulnerabilities

2. Web Based Threat: According to the nature of mobile use, the fact that we have our
devices with us everywhere we go and are connecting to the Internet while doing so, they
face the number of unique web-based threats as well as the run-of-the-mill threats of general
Internet use.

Unit-III: Cybercrime: Mobile & Wireless 14

 Examples of Web Based Threat:

1. Phishing Scams

2. Social Engineering

3. Drive By Downloads

4. Operating System Flaws

3. Network-Based Threat: Any mobile devices which typically support a minimum of three
network capabilities making them three-times vulnerable to network-based attack. And a
network often found on a mobile include cellular, WiFi and Bluetooth.
Examples of Network-Based Threat:

1. Network exploits

2. WiFi sniffing

3. Cross-Platform Attacks

4. BOYD

4. Physical Threats: It is happened any time, unlikely a desktop sitting at your workstation, or
even a laptop in your bag, a mobile device is subject to a number of everyday physical
threats.

Loss/Theft:Loss or theft is the most unwanted physical threat to the security of your
mobile device. Any devices itself has value and can be sold on the secondary market
after all your information is stolen and sold.

Registry Settings for Mobile Devices

Let us understand the issue of registry settings on mobile devices through an example: Microsoft
Activesync is meant for synchronization with Windows-powered personal computers (PCs) and
Microsoft Outlook. ActiveSync acts as the gateway between Windows-powered PC and
Windows mobile-powered device, enabling the transfer of applications such as Outlook
information, Microsoft Office documents, pictures, music, videos and applications from a user's
desktop to his/her device.
In addition to synchronizing with a PC, ActiveSync can synchronize directly with the Microsoft
exchange server so that the users can keep their E-Mails, calendar, notes and contacts updated

Unit-III: Cybercrime: Mobile & Wireless 15

 wirelessly when they are away from their PCs. In this context, registry setting becomes an
important issue given the ease with which various applications allow a free flow of information.
Registry settings for mobile devices, such as smartphones and tablets, vary depending on the
operating system (OS) they use.

Here are some general points about registry settings for popular mobile OS platforms:

1. Android: Android devices use the Linux kernel and do not have a traditional Windows-like
registry system. Instead, they use a file-based configuration system. Each app has its own
dedicated storage space where it stores its configuration settings, preferences, and other data.
These settings are stored in XML or database files specific to each app.

2. iOS: iOS devices, such as iPhones and iPads, also do not have a registry system like
Windows. Instead, iOS uses a centralized database called the "Preferences" system. This
system is managed by the operating system and stores various settings related to the device,
system apps, and user-installed apps. Developers can access and modify these preferences
through specific APIs provided by iOS.

3. Windows Mobile: Older versions of Windows Mobile operating systems (prior to Windows
Phone 7) had a registry similar to the Windows desktop OS. It was a hierarchical database
that stored system and application settings. However, with the introduction of Windows
Phone 7 and later versions, Microsoft transitioned to a new architecture called the Windows
Phone Registry. The Windows Phone Registry is a simplified version of the traditional
registry and is not directly accessible by app developers.

4. Windows Phone and Windows 10 Mobile: Windows Phone and Windows 10 Mobile
devices also have a registry-like system called the "Windows Registry." It is a registry-based
database that stores settings and configuration information for both the operating system and
installed applications. Developers can access and modify certain registry keys using specific
APIs provided by the Windows Mobile/Windows 10 Mobile platform.

It's important to note that modifying registry settings on mobile devices typically requires
advanced knowledge, and tampering with these settings can have unintended consequences,
including device instability or loss of data.
It is generally recommended to leave registry modifications to experienced developers or system
administrators.
It's also worth mentioning that the registry settings and structure may vary between different
versions and updates of each mobile OS.

Unit-III: Cybercrime: Mobile & Wireless 16

 Therefore, it's always a good practice to refer to the official documentation and guidelines
provided by the respective OS developers for detailed information on registry settings and their
management on specific mobile platforms.

Authentication Service Security

There are two components of security in mobile computing: security of devices and security in
networks. A secure network access involves authentication between the device and the base
stations or Web servers. This is to ensure that only authenticated devices can be connected to the
network for obtaining the requested services. No Malicious Code can impersonate the service
provider to trick the device into doing something it does not mean to.
Thus, the networks also play a crucial role in security of mobile devices. Some eminent kinds of
attacks to which mobile devices are subjected to are: push attacks, pull attacks and crash
attacks. Authentication services security is important given the typical attacks on mobile devices
through wireless networks: Dos attacks, traffic analysis, eavesdropping, man-in-the-middle
attacks and session hijacking. Security measures in this scenario come from Wireless
Application Protocols (WAPs), use of VPNs, media access control (MAC) address filtering and
development in 802.xx standards.
Authentication service security is a critical aspect of cybersecurity that focuses on protecting the
mechanisms and processes used to verify and validate the identities of users and entities
accessing computer systems, networks, applications, or data.
The authentication service acts as a gatekeeper, ensuring that only authorized individuals or
entities can gain access to sensitive resources.
Here are key considerations for ensuring authentication service security:

1. Strong Authentication Mechanisms: Implementing strong authentication mechanisms is

essential to enhance security. This typically involves using multi-factor authentication
(MFA) or two-factor authentication (2FA), which require users to provide multiple pieces of
evidence to prove their identity. This can include a combination of something the user
knows (e.g., a password or PIN), something the user possesses (e.g., a smart card or token),
and something the user is (e.g., biometric characteristics like fingerprints or facial
recognition).

2. Secure Storage of User Credentials: User credentials, such as passwords or biometric data,
should be securely stored to prevent unauthorized access. Employing strong encryption

Unit-III: Cybercrime: Mobile & Wireless 17

 techniques, such as hashing or salting, can protect user passwords from being easily
compromised in case of a data breach. It's crucial to follow secure password storage
practices and regularly update password policies to encourage strong and unique passwords.

3. Centralized Authentication Management: Centralizing authentication management helps

streamline security measures and enforce consistent security controls across an organization.
Implementing a centralized authentication service allows for centralized policy enforcement,
user management, and monitoring, reducing the potential for security gaps or
inconsistencies.

4. Regular Updates and Patching: Authentication systems should be kept up to date with the
latest security patches and updates. Vendors frequently release patches to address
vulnerabilities and improve the security of their authentication services. Regularly applying
these updates helps mitigate the risk of known vulnerabilities being exploited by attackers.

5. Access Control and Authorization: Authentication is closely linked to access control and
authorization. It's essential to implement a robust access control system that ensures
authenticated users only have access to the resources they are authorized to use. Role-based
access control (RBAC), privilege escalation restrictions, and least privilege principles are
effective techniques for enforcing access controls and reducing the risk of unauthorized
access.

6. Monitoring and Intrusion Detection: Implementing robust monitoring and intrusion

detection systems can help detect suspicious or unauthorized activities related to
authentication services. This includes monitoring for unusual login patterns, failed
authentication attempts, or any indicators of potential account compromise. Real-time alerts
and log analysis can provide early warning signs of security incidents or unauthorized access
attempts.

7. User Education and Awareness: Ensuring user education and awareness about best
practices for authentication security is vital. Users should be encouraged to create strong and
unique passwords, avoid sharing their credentials, and be cautious of phishing attacks or
social engineering attempts that aim to steal their authentication information. Regular
security awareness training can help reinforce good security practices and mitigate the risk
of user-related vulnerabilities.

Authentication service security is crucial in safeguarding sensitive data and resources from
unauthorized access.

Unit-III: Cybercrime: Mobile & Wireless 18

 By implementing strong authentication mechanisms, secure credential storage, centralized
management, regular updates, access controls, and monitoring, organizations can significantly
enhance the security of their authentication services and protect against identity-related threats
and cyberattacks.

Attacks on Mobile/Cell Phones

Wireless and mobile devices have become ubiquitous in today’s society, and with this increased
usage comes the potential for security threats. Wireless and mobile device attacks are a growing
concern for individuals, businesses, and governments.
Below are some of the most common types of Wireless and Mobile Device Attacks:

1. SMiShing: Smishing become common now as smartphones are widely used. SMiShing uses
Short Message Service (SMS) to send fraud text messages or links. The criminals cheat the
user by calling. Victims may provide sensitive information such as credit card information,
account information, etc. Accessing a website might result in the user unknowingly
downloading malware that infects the device.

2. War driving : War driving is a way used by attackers to find access points wherever they
can be. With the availability of free Wi-Fi connection, they can drive around and obtain a
very huge amount of information over a very short period of time.

3. WEP attack: Wired Equivalent Privacy (WEP) is a security protocol that attempted to
provide a wireless local area network with the same level of security as a wired LAN. Since
physical security steps help to protect a wired LAN, WEP attempts to provide similar
protection for data transmitted over WLAN with encryption. WEP uses a key for encryption.
There is no provision for key management with Wired Equivalent Privacy, so the number of
people sharing the key will continually grow. Since everyone is using the same key, the
criminal has access to a large amount of traffic for analytic attacks.

4. WPA attack: Wi-Fi Protected Access (WPA) and then WPA2 came out as improved
protocols to replace WEP. WPA2 does not have the same encryption problems because an
attacker cannot recover the key by noticing traffic. WPA2 is susceptible to attack because
cyber criminals can analyze the packets going between the access point and an authorized
user.

5. Bluejacking: Bluejacking is used for sending unauthorized messages to another Bluetooth

device. Bluetooth is a high-speed but very short-range wireless technology for exchanging

Unit-III: Cybercrime: Mobile & Wireless 19

 data between desktop and mobile computers and other devices.

6. Replay attacks: In a Replay attack an attacker spies on information being sent between a
sender and a receiver. Once the attacker has spied on the information, he or she can intercept
it and retransmit it again thus leading to some delay in data transmission. It is also known as
playback attack.

7. Bluesnarfing : It occurs when the attacker copies the victim’s information from his device.
An attacker can access information such as the user’s calendar, contact list, e-mail and text
messages without leaving any evidence of the attack.

8. RF Jamming: Wireless signals are susceptible to electromagnetic interference and radio-

frequency interference. Radio frequency (RF) jamming distorts the transmission of a
satellite station so that the signal does not reach the receiving station.

There are several types of attacks that target these devices, each with its own advantages and
disadvantages:

1. Wi-Fi Spoofing: Wi-Fi spoofing involves setting up a fake wireless access point to trick
users into connecting to it instead of the legitimate network. This attack can be used to steal
sensitive information such as usernames, passwords, and credit card numbers. One
advantage of this attack is that it is relatively easy to carry out, and the attacker does not
need sophisticated tools or skills. However, it can be easily detected if users are aware of the
legitimate network’s name and other details.

2. Packet Sniffing: Packet sniffing involves intercepting and analyzing the data packets that
are transmitted over a wireless network. This attack can be used to capture sensitive
information such as email messages, instant messages, and web traffic. One advantage of
this attack is that it can be carried out without the user’s knowledge. However, the attacker
needs to be in close proximity to the victim and must have the technical skills and tools to
intercept and analyze the data.

3. Bluejacking: Bluejacking involves sending unsolicited messages to Bluetooth-enabled

devices. This attack can be used to send spam, phishing messages, or malware to the
victim’s device. One advantage of this attack is that it does not require a network
connection, and the attacker can be located anywhere within range of the victim’s Bluetooth
signal. However, it requires the attacker to have the victim’s Bluetooth device’s address and
is limited to devices that have Bluetooth capabilities.

Unit-III: Cybercrime: Mobile & Wireless 20

 4. SMS Spoofing: SMS spoofing involves sending text messages that appear to come from a
trusted source, such as a bank or a government agency. This attack can be used to trick users
into revealing sensitive information or downloading malware. One advantage of this attack
is that it can be carried out without the user’s knowledge. However, it requires the attacker
to have the victim’s phone number, and it can be easily detected if users are aware of the
legitimate source of the message.

5. Malware: Malware is software designed to infect a device and steal or damage data.
Malware can be distributed through email attachments, software downloads, or malicious
websites. One advantage of this attack is that it can be carried out remotely, without the
attacker needing to be physically close to the victim. However, it requires the attacker to
have a way to deliver the malware to the victim’s device, such as through a phishing email
or a fake website.

How to shield devices from these type of Attacks?

To shield a device from attacks targeting mobile phones, here are several measures you can take
to enhance its security:

1. Keep the Operating System Updated: Regularly update your device's operating system
(OS) to ensure you have the latest security patches and bug fixes. OS updates often include
security enhancements that address known vulnerabilities.

2. Install Apps from Trusted Sources: Download and install apps only from reputable
sources such as official app stores (Google Play Store for Android, App Store for iOS).
Avoid sideloading apps from unknown sources, as they may contain malicious code.

3. Use Security Software: Install a reputable mobile security app or antivirus software on your
device. These tools can help detect and mitigate various types of malware and provide
additional security features like anti-phishing protection.

4. Enable App Permissions Wisely: Review the permissions requested by apps before
granting them access to your device's features or data. Only grant permissions that are
necessary for the app's functionality and consider the reputation and credibility of the app
developer.

5. Be Wary of Suspicious Links and Messages: Exercise caution when clicking on links or
opening attachments in text messages, emails, or social media messages. Avoid interactions
with unsolicited messages, especially if they appear suspicious or come from unknown
senders.

Unit-III: Cybercrime: Mobile & Wireless 21

 6. Secure Network Connections: Avoid using public Wi-Fi networks for sensitive activities
such as accessing banking or shopping websites. Instead, use a virtual private network
(VPN) to encrypt your internet traffic and protect your data when connecting to public
networks.

7. Implement Strong Authentication: Use strong, unique passwords or passphrases for your
device's lock screen, as well as for your accounts and apps. Consider enabling biometric
authentication methods like fingerprints or facial recognition, where available, for added
security.

8. Regularly Back Up Your Data: Perform regular backups of your device's data to a secure
location or cloud storage. In the event of a security breach or device loss, you can restore
your data without compromising its integrity.

9. Enable Remote Tracking and Wiping: Enable built-in features like Find My iPhone (iOS)
or Find My Device (Android) to remotely track, lock, or erase the data on your device if it
gets lost or stolen. This helps protect your personal information from falling into the wrong
hands.

10. Stay Informed and Educated: Keep yourself updated on the latest security threats and best
practices for mobile device security. Stay informed about new attack techniques and
vulnerabilities to better protect yourself.

Remember, mobile security is a continuous process, and adopting a layered approach to security
is crucial. By following these practices and being proactive in your device's security, you can
significantly reduce the risk of falling victim to mobile attacks and keep your personal
information safe.

Organizational Security Policies & Measures in

Mobile Computing Era
There are many ways to handle the matter of creating policy for mobile devices. One way is
creating distinct mobile computing policy. Another way is including such devices existing policy.
There are also approaches in between where mobile devices fall under both existing policies and
a new one. In the hybrid approach, a new policy is created to address the specific needs of the
mobile devices but more general usage issues fall under general IT policies. As a part of this
approach, the "acceptable use" policy for other technologies is extended to the mobile devices.
Companies new to mobile devices may adopt an umbrella mobile policy but they find over time

Unit-III: Cybercrime: Mobile & Wireless 22

 the the they will need to modify their policies to match the challenges posed by different kinds of
mobile hand-held devices.
For example, wireless devices pose different challenges than non-wireless Also, employees who
use mobile devices more than 20% of the time will have different requirements than less-
frequent users. It may happen that over time, companies may need to create separate policies for
the mobile devices on the basis of whether they connect wirelessly and with distinctions for
devices that connect to WANs and LANs.

Concept of Laptops
A laptop, sometimes called a “notebook computer” by manufacturers, is a battery- or AC-
powered personal computer (PC) smaller than a briefcase. A laptop can be easily transported and
used in temporary spaces such as on airplanes, in libraries, temporary offices and at meetings.
A laptop can be turned into a desktop computer with a docking station, which is a hardware
frame that supplies connections for peripheral input/output devices such as a monitor, keyboard
and printer.
As the cost of computing technology continues to decrease, the usage of devices such as laptops
is becoming increasingly common. While laptops and other mobile devices enhance business
functions by providing mobile access to information anytime and anywhere, they also pose
significant security threats due to their portability. The wireless capability of these devices has
raised concerns in the cybersecurity industry, as information transmitted over networks can be
difficult to detect and secure.
As the cost of computing technology continues to decrease, the usage of devices such as laptops
is becoming increasingly common. While laptops and other mobile devices enhance business
functions by providing mobile access to information anytime and anywhere, they also pose
significant security threats due to their portability.
The wireless capability of these devices has raised concerns in the cybersecurity industry, as
information transmitted over networks can be difficult to detect and secure.
The theft of laptops has always been a major issue, as reported by cybersecurity industry and
insurance company statistics. Cybercriminals specifically target expensive laptops that can fetch
a quick profit on the black market.
It is important to note that most laptop thieves are primarily interested in the monetary value of
the device rather than the information contained within it. However, it is crucial to recognize that

Unit-III: Cybercrime: Mobile & Wireless 23

 many laptops do contain personal and corporate information that could be sensitive and valuable.
To mitigate these risks, it is essential to implement robust security measures to protect laptops
and the data they store. This includes:

1. Physical Security: Take precautions to prevent laptop theft, such as engraving personal
details on the device, keeping it close at all times, and using discreet bags to avoid attracting
attention from potential thieves. Additionally, storing laptops in lockers or secure areas
when not in use can help minimize the risk of theft.

2. Encryption: Implement encryption software to protect sensitive information stored on

laptops. Encryption ensures that even if the device is lost or stolen, the data remains
unreadable and inaccessible to unauthorized individuals.

3. Secure Network Connections: Use secure and trusted networks when accessing the
internet. Avoid connecting to public Wi-Fi networks, as they can be vulnerable to
interception and unauthorized access. Consider using a virtual private network (VPN) to
encrypt internet traffic and enhance security.

4. Strong Passwords: Set strong and unique passwords for laptop accounts, including the
operating system, user accounts, and any applications or services used. Avoid using easily
guessable passwords and consider using password management tools to securely store and
manage passwords.

5. Software Updates: Keep the laptop's operating system, applications, and security software
up to date with the latest patches and updates. Regularly installing updates helps to address
known vulnerabilities and protect against emerging threats.

6. Security Software: Install reputable antivirus software, firewalls, and intrusion detection
systems (IDS) to detect and prevent malware infections, unauthorized access attempts, and
other security threats.

7. Employee Awareness: Educate employees about the importance of laptop security,

including the risks associated with theft and the protection of sensitive data. Encourage
responsible use, safe handling, and adherence to security policies and procedures.

By implementing these measures, individuals and organizations can significantly reduce the risk
of laptop theft, unauthorized access, and potential data breaches. It is essential to remain vigilant
and stay updated on the latest security practices to effectively protect laptops and the valuable
information they contain.

Unit-III: Cybercrime: Mobile & Wireless 24

 Physical Security Countermeasures to Secure Laptops
Organizations are heavily dependent upon a mobile workforce with access to information, no
matter where they travel. However, this mobility is putting organizations at risk of having a data
breach if a laptop containing sensitive information is lost or stolen.
Hence, physical security countermeasures are becoming very vital to protect the information on
the employees laptops and to reduce the likelihood that employees will lose laptops.

1. Cables and Hardwired Locks: The most cost-efficient and ideal solution to safeguard any
mobile device is securing with cables and locks, specially designed for laptops. Kensington
cables are one of the most popular brands in laptop security cable. These cables are made of
aircraft-grade steel and Kevlar brand fiber, thus making these cables 40% stronger than any
other conventional security cables.

One end of the security cable is fit into the universal security slot of the laptop and the other
end is locked around any fixed furniture or item, thus making a loop. These cables come
with a variety of options such as number locks, key locks and alarms.

2. Laptop Safes: Safes made of polycarbonate - the same material that is used in bulletproof
windows, police riot shields and bank security screens-can be used to carry and safeguard
the laptops. The advantage of safes over security cables is that they protect the whole laptop
and its devices such as CD-ROM bays, PCMCIA cards and HDD bays which can be easily
removed in the case of laptops protected by security cables.

3. Motion Sensors & Alarms: Even though alarms and motion sensors are annoying owing to
their false alarms and loud sound level, these devices are very efficient in securing laptops.
Once these devices are activated, they can be used to track missing laptops in crowded
places. Also owing to their loud nature, they help in deterring thieves. Modern systems for
laptops are designed wherein the alarm device attached to the laptop transmits radio signals
to a certain range around the laptop.

4. Warning Labels & Stamps: Warning labels containing tracking information and
identification details can be fixed onto the laptop to deter aspiring thieves. These labels
cannot be removed easily and are a low-cost solution to laptop theft. These labels have an
identification number that is stored in a universal database for verification, making the resale
of stolen laptops a difficult process. Such labels are highly recommended for laptops issued
to top executives and/or key employees of organizations.

5. Other Measures for Protecting Laptops are as follows:

Unit-III: Cybercrime: Mobile & Wireless 25

 a. Engraving the laptop with personal details.

b. Keeping the laptop close at all times when possible

c. Carrying the laptop in a discreet bag to avoid drawing attention from potential thieves

d. Creating awareness among employees about the responsibility of carrying a laptop and
the sensitivity of the information it contains

e. Keeping a copy of the purchase receipt, laptop serial number, and description of the
laptop

f. Installing encryption software to protect stored information

g. Using personal firewall software to prevent unauthorized access and intrusion

h. Regularly updating antivirus software

i. Implementing tight office security measures, including the use of security guards and
locking laptops in lockers when not in use

j. Never leaving the laptop unattended in public places such as cars, parking lots,
conventions, conferences, and airports unless it has an anti-theft device installed

k. Disabling infrared (IR) ports and wireless cards, and removing PCMCIA cards when
not in use.

Information systems security also includes logical access controls to ensure the security of
corporate or private information, as it is a critical asset.
Some examples of logical or access controls are as follows:

1. Protecting from malicious programs/attackers/social engineering.

2. Avoiding weak passwords/access.

3. Monitoring application security and conducting vulnerability scans.

4. Ensuring the security of data by encrypting sensitive information and protecting file
systems.

5. Proper handling of removable drives/storage media and disabling unnecessary ports.

6. Implementing password protection with strong password rules and the use of robust
passwords.

7. Locking down unwanted ports and devices to minimize potential vulnerabilities.

Unit-III: Cybercrime: Mobile & Wireless 26

 8. Regularly installing security patches and updates to address known vulnerabilities.

9. Installing antivirus software, firewalls, and intrusion detection systems (IDSs) to detect and
prevent unauthorized access or attacks.

10. Encrypting critical file systems to provide an additional layer of protection for sensitive
data.

Unit-III: Cybercrime: Mobile & Wireless 27

 󾠱
Unit-IV: Cyber Security:
Organizational Implications
Cyber Security: Organizational Implications: Introduction, Cost of cybercrimes and IPR
issues, web threats for organizations, Security, Privacy Implications from Cloud Computing
implications, Social Media Marketing: security risks and perils for organizations, Social
Computing and the associated challenges for organizations.

Introduction to Cyber Security: Organizational

Implications
In the global environment with continuous network connectivity, the possibilities for
cyberattacks can emanate from sources that are local, remote, domestic, or foreign. They could
be launched by an individual or a group. They could range from casual probes by hackers using
personal computers (PCs) in their homes or handheld devices to intense scans carried out by
criminal groups.

Unit-IV: Cyber Security: Organizational Implications 1

 PI (Personally Identifiable Information) is information that is, or can be, about or related to an
identifiable individual. It includes any information that can be linked to an individual or used to
directly or indirectly identify an individual. Most information the organization collects about an
individual is likely to come under the "PI" category if it can be attributed to an individual.
Here are some examples of PI:

1. Social security number (SSN)/social insurance number.

2. Driver's license number or identification card number.

3. Bank account number, credit or debit card number with personal identification number, such
as an access code, security codes, or password that would permit access to an individual's
financial account.

4. Home address or email address.

5. Medical or health information.

An insider threat is defined as "the misuse or destruction of sensitive or confidential information,

as well as IT equipment that houses this data by employees, contractors, and other 'trusted'

Unit-IV: Cyber Security: Organizational Implications 2

 individuals." Insider threats are caused by human actions such as mistakes, negligence, reckless
behavior, theft, fraud, and even sabotage. There are three types of insiders:

1. Malicious insider: This type of insider is motivated to adversely impact an organization

through a range of actions that compromise information confidentiality, integrity, and/or
availability.

2. Careless insider: A careless insider can bring about a data compromise not due to any bad
intention, but simply by being careless due to an accident, mistake, or plain negligence.

3. Tricked insider: A tricked insider is a person who is "tricked" or deceived into providing
sensitive or private company data by individuals who are not truthful about their identity or
purpose. This often occurs through a technique called pretexting, which is a form of social
engineering.

Insider Attack Example 1: Heartland Payment System Fraud

A case in point is the infamous "Heartland Payment System Fraud" that was uncovered in
January 2010. This incident highlights the seriousness of insider attacks. The organization
involved suffered a severe blow with nearly 100 million credit cards compromised from at least
650 financial services companies. When a card is used to make a purchase, the card information
is transmitted through a payment network.

Insider Attack Example 2: Blue Shield Blue Cross (BCBS)

Another incident is the Blue Cross Blue Shield (BCBS) Data Breach in October 2009. The theft
of 57 hard drives from a BlueCross BlueShield of Tennessee training facility put the private
information of approximately 500,000 customers at risk in at least 32 states. Two lessons can be
learned from this:

1. Physical security is of utmost importance.

2. Insider threats cannot be ignored.

What makes matters worse is that the groups, agencies, and entities connected with cybercrimes
are all linked. There has been a paradigm shift in computing and work practices, with factors
such as workforce mobility, virtual teams, social computing media, cloud computing services,
and a significant rise in business process outsourcing (BPO) services, to name a few.

Unit-IV: Cyber Security: Organizational Implications 3

 A key message from this discussion is that cybercrimes do not happen on their own or in
isolation. Cybercrimes take place due to weakness of cybersecurity practices and “privacy”
which may get impacted when cybercrimes happen.

Privacy has following four key dimensions:

1. Informational/Data Privacy: It pertains to the protection of data and the rights of users to
control how, when, and to what extent their information is communicated to other parties.

2. Personal Privacy: It involves the implementation of content filtering and other mechanisms
to ensure that end-users are not exposed to content that violates their moral values or
personal boundaries.

3. Communication Privacy: This refers to the importance of encrypting data transmitted over
networks to maintain confidentiality and prevent unauthorized access.

4. Territorial Privacy: It focuses on safeguarding users' property, such as their devices, from
invasion by unwanted content such as spam messages or unsolicited emails.

Unit-IV: Cyber Security: Organizational Implications 4

 The paradigm shift in computing presents numerous challenges for organizations, and some of
these key challenges are described here.

The key challenges from emerging new information threats to organizations are as follows:

1. Industrial Espionage: There are several tools available for web administrators to monitor
and track the various pages and objects that are accessed on their website.

2. IP-Based Blocking: This process is often used for blocking the access of specific IP
addresses and/or domain names.

3. IP-Based "Cloaking": In today's global and interconnected economies, businesses often

operate on an international scale, necessitating the use of IP-based cloaking techniques to
hide or protect sensitive information.

4. Cyberterrorism: Cyberterrorism refers to the deliberate intervention of a threat source

targeting your organization's website, aiming to cause disruption, damage, or instill fear.

Unit-IV: Cyber Security: Organizational Implications 5

 Confidential Information Leakage: “Insider Attacks” are the worst ones. Typically,an
organization is protected from external threats by your firewall and antivirussolutions

Cost of Cybercrimes & IPR issues: Lessons for

Organizations
When a cybercrime incidence occurs, there are a number of internal costs associated with it for
organizations and there are organizational impacts as well.

Detection and recovery constitute a significant portion of internal costs associated with
cybersecurity incidents. This is backed by a benchmark study conducted by Ponemon Institute
USA, which involved 45 organizations from various sectors, each having a minimum of 500
employees.

The study revealed that detecting and recovering from cybersecurity incidents incurred
substantial expenses for these organizations.

Organizations have Internal Costs Associated with Cyber security Incidents:

The internal coststypically involve people costs, overhead costs and productivity losses.

Unit-IV: Cyber Security: Organizational Implications 6

 The internal costs, in order from largest to the lowest and that has been supported by the
benchmark study mentioned:

1. Detection costs.(25%)

2. Recovery costs.(21%)

3. Post response costs.(19%)

4. Investigation costs.(14%)

5. Costs of escalation and incident management.(12%)

6. Cost of containment.(9%)

The Consequences of Cybercrimes & their Associated Costs, are mentioned below:

1. Information loss/data theft.(42%)

2. Business disruption.(22%)

3. Damages to equipment, plant and property.(13%)

4. Loss of revenue and brand tarnishing.(13%)

5. Other costs.(10%)

The impact on Organizations by Various Cyber Crimes:

1. Virus,worms and Trojans-100%

2. Malwares-80%

3. Botnets-73%

4. Web based attacks-53%

5. Phishing and Social engineering-47%

6. Stolen devices-36%

7. Malicious insiders-29%

8. Malicious code-27%

Average Days Taken to Resolve Cyber Attacks:

1. Attacks by Malicious insiders-42 days

2. Malicious code-39 days

Unit-IV: Cyber Security: Organizational Implications 7

 3. Web based attacks-19 days

4. Data lost due to stolen devices-10 days

5. Phishing and social engineering attacks-9 days

6. Virus,worms,and trojans-2.5 days

7. Malware-2 days

8. Botnets- 2 days

There are many new endpoints in today’s complex networks; they include hand held
devices.

Again, there are lessons to learn:

1. Endpoint Protection: It is often overlooked, but it is crucial to secure IP-based printers, as

they are considered as endpoints despite being passive devices.

2. Secure Coding: Implementing secure coding practices is vital as it serves as a strong

mitigation control against malicious code within business applications.

3. HR Checks: Conducting thorough background checks on potential employees and

maintaining ongoing checks after employment are essential security measures.

4. Access Controls: Maintaining proper access controls is crucial. For example, using shared
IDs and shared laptops poses significant risks to security.

5. Importance of Security Governance: Security governance plays a critical role and should
not be underestimated. The significance of policies, procedures, and their effective
implementation cannot be overstated.

Organizational Implications of Software Piracy:

Use of pirated software is a major risk area for organizations. From a legal standpoint, software
piracy is a violation of intellectual property rights (IPR) and considered a criminal offense.
The use of pirated software significantly increases the potential for serious threats and risks
related to cybercrime and computer security. Moreover, organizations engaging in software
piracy face legal liability for their actions.
It is crucial for organizations to adhere to legal and ethical standards by using legitimate software
to mitigate these risks and ensure compliance with intellectual property laws.

The most often quoted reasons by employees, for use of pirated software, are as follows:

Unit-IV: Cyber Security: Organizational Implications 8

 1. Pirated software is cheaper and more readily available.

2. Many others use pirated software anyways.

3. Latest versions are available faster when pirated software is used.

Web Threats for Organizations: The Evils &

Perils
The Internet and the Web have become essential in today's interconnected digital economy. They
serve as the primary platforms for conducting work and various business activities. With the
increasing popularity of cloud computing, there has been a notable shift towards web-based
business applications.
This trend reflects the growing reliance on online technologies and highlights the convenience
and flexibility they offer in accessing and managing information and services. The Internet and
the Web have become integral parts of modern work practices, enabling efficient collaboration,
communication, and the seamless integration of business processes.
Internet and the Web is the way of working today in the interconnected digital economy. More
and more business applications are web based, especially with the growing adoption of cloud
computing.

Overview of Web Threats to Organizations

The Internet has become pervasive in our lives. A significant number of companies and
individuals have internet connectivity. Nowadays, employees have come to expect internet
access in the workplace, similar to what they have at home.
IT managers face the challenge of striking a balance between enabling reasonable personal
internet use at work and ensuring office productivity and focus are maintained.

They need to establish guidelines and policies that promote responsible internet usage while still
allowing employees to leverage the benefits of online resources for work-related tasks. Finding
this equilibrium can contribute to a productive and efficient work environment.

The Internet has engulfed us! Large number of companies as well as individuals have a
connection to the Internet. Employees expect to have Internet access at work just like they do at
home.

Unit-IV: Cyber Security: Organizational Implications 9

 IT managers must also find a balance between allowing reasonable personal Internet use at work
and maintaining office work productivity and work concentration in the office.
The ubiquitous presence of the Internet has undeniably transformed our lives. It has become an
integral part of our personal and professional routines, with a vast number of companies and
individuals relying on internet connectivity for their daily operations. In line with this,
employees have come to expect internet access in the workplace, similar to what they enjoy in
their homes.

However, IT managers face the challenge of managing and striking a delicate balance between
granting reasonable personal internet use at work and ensuring that it does not hinder office
productivity and work concentration. On one hand, providing employees with access to the
internet can offer numerous benefits such as facilitating research, enabling communication, and
fostering creativity. It can also promote employee satisfaction and work-life balance.
On the other hand, excessive personal internet use can lead to distractions, decreased
productivity, and compromised focus on work-related tasks. IT managers must establish policies
and guidelines that outline the acceptable boundaries of personal internet use during work hours.
These guidelines should be communicated clearly to employees, emphasizing the importance of
responsible internet use and the impact it can have on overall work performance.

By finding the right balance, IT managers can create an environment that allows for reasonable
personal internet use while ensuring that it does not disrupt the flow of work or compromise the
organization's productivity goals. Regular monitoring and communication can help identify and
address any issues that arise, promoting a harmonious integration of personal internet access and
work responsibilities within the office setting.

Employee Time Wasted on Internet Surfing

This is a very sensitive topic indeed, especially in organizations that claim to have a “Liberal
Culture” Some managers believe that it is crucial in today’s business world to have the finger on
the pulse of your employees.

People seem to spend approximately 45-60 minutes each working day on personal web surfing at
work.
However, it is essential to strike a balance between personal internet use and maintaining
productivity and focus in the workplace. Research suggests that employees may spend
approximately 45-60 minutes per working day on personal web surfing. While occasional breaks

Unit-IV: Cyber Security: Organizational Implications 10

 or brief diversions can provide mental rejuvenation and enhance creativity, excessive personal
internet use can significantly impact work productivity and concentration.
Organizations must establish clear guidelines and policies regarding acceptable internet use
during working hours. These policies should communicate expectations, define permissible
boundaries, and address the potential impact of excessive personal internet use on individual and
team performance. By finding the right balance and fostering an environment of trust and
accountability, organizations can navigate this sensitive topic effectively and promote a
productive work environment.

Enforcing Policy Usage in the Organization

An organization has various types of policies. A security policy is a statement produced by the
senior management of an organization, or by a selected policy boardor committee to dictate what
type of role security plays within the organization.

The security policy sets the overall direction and objectives for security measures and practices.
It defines the organization's commitment to safeguarding its assets, including physical assets,
information systems, data, and intellectual property. The policy also outlines the responsibilities
of employees and stakeholders in upholding security protocols and procedures.
By clearly articulating the organization's security goals and principles, the security policy
provides a foundation for implementing appropriate security controls and measures. It guides
decision-making processes related to risk assessment, incident response, access controls, data
protection, and other security-related activities.
Furthermore, the security policy acts as a reference point for audits, assessments, and compliance
evaluations. It helps demonstrate the organization's commitment to security to external
stakeholders, such as clients, partners, and regulatory bodies.
Overall, the security policy plays a vital role in shaping the organization's security culture,
promoting awareness, and providing a framework for effective security governance. It serves as a
crucial document that aligns security objectives with the overall organizational goals and
objectives.

Unit-IV: Cyber Security: Organizational Implications 11

 Monitoring and Controlling Employees’ Internet Surfing
A powerful deterrent can be created through effective monitoring and reporting of employees’
Internet surfing.
Even organizations with restrictive policies can justify a degree of relaxation; for example,
allowing employees to access personal sites only during the lunch hour or during specified hours.

Unit-IV: Cyber Security: Organizational Implications 12

 Implementing monitoring systems and reporting tools can help organizations track and analyze
employees' internet usage patterns. This information can be used to identify any potential misuse
or excessive personal internet use that may impact productivity. By having visibility into
employees' online activities, organizations can address any issues promptly and take appropriate
measures to ensure compliance with internet usage policies.

It is important, however, to strike a balance between monitoring employees' internet activity and
respecting their privacy rights. Organizations should clearly communicate their internet usage
policies to employees, explaining the reasons behind monitoring and the acceptable boundaries
of personal internet use. Transparency and open communication can help foster a culture of trust
while also maintaining accountability for responsible internet usage.
Ultimately, the goal of monitoring and controlling employees' internet surfing is not to restrict
personal internet use entirely but to ensure that it is conducted in a manner that supports
productivity and aligns with the organization's policies and objectives.

Keeping Security Patches and Virus Signatures Up to Date

Updating security patches and virus signatures have now become a reality of life, a necessary
activity for safety in the cyberworld! Keeping security systems up to date with security
signatures, software patches, etc. is almost a nightmare for management.

While it can be challenging for management to stay on top of these updates, it is essential for the
overall safety and protection of the organization's digital assets.
Here are some key points to consider:

1. Importance of Security Updates: Security patches and virus signatures address known
vulnerabilities and provide defenses against emerging threats. By keeping security systems
up to date, organizations can minimize the risk of cyberattacks and data breaches.

2. Automation and Centralized Management: To streamline the process, organizations can

leverage automation tools and centralized management systems. These tools can help
schedule and deploy updates across the network, ensuring consistency and reducing the
burden on individual administrators.

3. Patch Management Policies: Establishing clear patch management policies and procedures
is crucial. This includes defining responsibilities, setting priorities, and outlining the process
for testing and deploying updates. By having well-defined policies in place, management
can ensure that updates are handled systematically and efficiently.

Unit-IV: Cyber Security: Organizational Implications 13

 4. Regular Vulnerability Assessments: Conducting regular vulnerability assessments and
security audits can help identify areas that require immediate attention. By understanding the
organization's security posture and prioritizing updates based on risk, management can
allocate resources effectively.

5. Collaboration with Vendors and Security Communities: Organizations should actively

engage with software vendors and participate in security communities to stay informed
about the latest vulnerabilities, patches, and best practices. Vendor support and community
insights can aid in making informed decisions and addressing security challenges promptly.

While managing security updates can be demanding, organizations cannot afford to neglect this
crucial aspect of cybersecurity.

By adopting a proactive approach, leveraging automation tools, and implementing effective

policies, management can navigate the complexities of patching and ensure the organization's
systems are resilient against evolving threats.

Surviving in the Era of Legal Risks

As website galore, most organizations get worried about employees visiting inappropriate or
offensive websites. We mentioned about Children’s Online Privacy Protection.
Serious legal liabilities arise for businesses from employee’s misuse/inappropriate use of the
Internet.

As organizations provide employees with internet access, concerns about employees visiting
inappropriate or offensive websites become more prevalent. The potential consequences of such
actions extend beyond mere reputational damage. One area of concern is the violation of
Children's Online Privacy Protection, which puts organizations at risk of serious legal liabilities.
Children's Online Privacy Protection Act (COPPA) is a law in the United States that imposes
certain requirements on websites or online services that collect personal information from
children under the age of 13. If an employee accesses inappropriate websites involving children
or engages in activities that violate COPPA, the organization may face severe legal
consequences, including substantial fines and legal actions.
In addition to COPPA, there are other legal ramifications for businesses stemming from
employees' misuse or inappropriate use of the internet. For instance, if an employee engages in
activities such as online harassment, defamation, copyright infringement, or the dissemination of
illegal content, the organization may be held liable for the employee's actions.

Unit-IV: Cyber Security: Organizational Implications 14

 To mitigate these legal risks, organizations need to take proactive measures to ensure appropriate
internet usage among employees. This includes implementing comprehensive internet usage
policies that clearly define acceptable and unacceptable behavior, educating employees about the
importance of responsible internet use, and establishing monitoring mechanisms to detect and
address any misuse.

Furthermore, organizations should regularly communicate and reinforce the importance of

compliance with legal obligations related to internet usage. This can be achieved through training
programs, reminders, and periodic reviews of the internet usage policy.
By emphasizing the legal liabilities associated with inappropriate internet use, organizations can
create awareness among employees about the potential consequences of their actions. This not
only helps protect the organization from legal troubles but also fosters a culture of responsible
internet use and upholds the organization's ethical standards.

In conclusion, the misuse or inappropriate use of the internet by employees can expose
organizations to serious legal liabilities. By addressing this issue through robust internet usage
policies, employee education, and proactive monitoring, organizations can minimize the risks
and ensure a safe and compliant digital environment.

Bandwidth Wastage Issues

Today’s applications are bandwidth hungry; there is an increasing image content in messages and
that too, involving transmission of high-resolution images.
There are tools to protect organization’s bandwidth by stopping unwanted traffic before it even
reaches your Internet connection.
In today's digital landscape, applications have become increasingly bandwidth-hungry,
demanding more resources to accommodate their functionalities. Additionally, the prevalence of
image content in messages, especially high-resolution images, further contributes to the strain on
bandwidth.
To address these challenges and protect an organization's bandwidth, various tools and
techniques are available that can intercept and filter unwanted traffic before it reaches the
organization's internet connection. Here are some ways these tools can help:

1. Traffic Shaping and Quality of Service (QoS): These techniques allow organizations to
prioritize and allocate bandwidth based on specific criteria. By implementing traffic shaping
and QoS policies, organizations can ensure that critical applications and services receive

Unit-IV: Cyber Security: Organizational Implications 15

 sufficient bandwidth while controlling and limiting less essential or non-business-related
traffic.

2. Content Filtering: Content filtering tools can identify and block specific types of content or
websites that may consume excessive bandwidth or pose security risks. Organizations can
define policies to restrict access to non-business-related websites or limit bandwidth-
intensive activities such as video streaming or file sharing.

3. Bandwidth Monitoring and Reporting: Implementing bandwidth monitoring tools enables

organizations to gain visibility into network traffic and usage patterns. By analyzing
bandwidth utilization, organizations can identify bandwidth-intensive applications, users, or
devices, allowing them to take proactive measures to optimize resource allocation and
mitigate bandwidth bottlenecks.

4. Traffic Optimization and Compression: Advanced technologies such as traffic

optimization and compression can help reduce the size of data packets transmitted over the
network. By compressing data, organizations can effectively utilize their available
bandwidth, especially when dealing with image-rich content or large files.

5. Intrusion Detection and Prevention Systems (IDPS): IDPS tools can detect and block
malicious traffic that may consume bandwidth or pose security threats. By proactively
identifying and preventing unauthorized access attempts, network attacks, or malware,
organizations can protect their bandwidth and ensure smooth network performance.

By leveraging these tools and techniques, organizations can effectively manage and protect their
bandwidth resources. This not only helps maintain optimal network performance but also
reduces the risk of network congestion, improves overall productivity, and enhances the user
experience for employees.

It is important for organizations to assess their specific bandwidth requirements, consider the
nature of their applications and data usage, and implement a combination of appropriate tools
and strategies to safeguard their bandwidth from unwanted and non-essential traffic. Regular
monitoring and adjustment of these measures will ensure the organization's bandwidth is
efficiently utilized and aligned with its business needs.

Mobile Workers Pose Security Challenges

Use of mobile handset devices in cybercrimes. Most mobile communication devices for example,
the personal digital assistants has raised security concerns with their use.

Unit-IV: Cyber Security: Organizational Implications 16

 Mobile workers use those devices to connect with their company networks when they move. So
the organizations cannot protect the remote user system as a result workforce remains
unprotected.

We need tools to extend web protection and filtering to remote users, including policy
enforcement.
The use of mobile handset devices in cybercrimes has become a significant concern in today's
digital landscape. Mobile communication devices, such as personal digital assistants (PDAs),
smartphones, and tablets, have introduced new security challenges due to their widespread
adoption and capabilities.
Mobile workers rely on these devices to stay connected with their company networks while on
the move. However, this poses a dilemma for organizations as they struggle to effectively protect
the remote user systems. Traditional security measures implemented within the company's
premises may not extend seamlessly to these mobile devices, leaving the workforce vulnerable to
various security threats.
To address this issue, organizations require tools and solutions that can extend web protection
and filtering capabilities to remote users, ensuring consistent policy enforcement and maintaining
security standards.
Here are some key considerations:

1. Mobile Device Management (MDM): Implementing an MDM solution enables

organizations to manage and secure mobile devices used by their workforce. MDM provides
features such as remote device configuration, policy enforcement, and security controls,
allowing organizations to maintain consistent security standards across all mobile devices.

2. Virtual Private Network (VPN): Encouraging the use of VPNs helps establish secure
connections between remote users and the organization's network. By encrypting the data
transmitted between the mobile device and the network, VPNs protect sensitive information
from unauthorized access or interception.

3. Mobile Security Applications: Deploying robust mobile security applications, including

antivirus, anti-malware, and firewall solutions, on employee devices can provide an
additional layer of protection. These applications can detect and prevent malicious activities,
unauthorized access, and data breaches on mobile devices.

4. Web Filtering and Content Filtering: Extending web protection and content filtering
capabilities to remote users is crucial to ensure consistent policy enforcement. By

Unit-IV: Cyber Security: Organizational Implications 17

 implementing web filtering solutions, organizations can control access to inappropriate or
malicious websites and restrict the download of potentially harmful content.

5. Employee Education and Best Practices: Educating employees about mobile device
security best practices is essential. Training programs can raise awareness about the risks
associated with mobile device usage, such as downloading suspicious apps, connecting to
unsecured Wi-Fi networks, or falling victim to phishing attacks. By promoting responsible
device usage and security-conscious behaviors, organizations can empower their workforce
to actively protect their devices and data.

It is vital for organizations to invest in comprehensive mobile security strategies that encompass
device management, network security, and user education.
By implementing the right tools and enforcing security policies, organizations can extend
protection to remote users and mitigate the risks associated with the use of mobile devices in
cybercrimes.

Regular assessments, updates, and monitoring of these measures will help ensure ongoing
security and safeguard the organization's sensitive information and assets.

Challenges in Controlling Access to Web Applications

Today, a large number of organizations’ applications are web based. There will be more in the
future as the Internet offers a wide range of online applications, from webmail or through social
networking to sophisticated business applications. Employees use personal mail ID to send
business sensitive information (BSI) for valid or other reasons. It leads to data security breach.
The organizations need to decide what type of access to provide to employees.

Controlling access to web applications presents several challenges for organizations in today's
digital landscape. With the increasing prevalence of web-based applications, ranging from
webmail and social networking to complex business applications, organizations face the task of
ensuring secure access while managing potential risks.
Here are some key challenges associated with controlling access to web applications:

1. User Authentication and Authorization: Verifying the identity of users and granting
appropriate access privileges is crucial for maintaining data security. Organizations need to
implement robust authentication mechanisms, such as strong passwords, multi-factor
authentication, or biometric authentication, to ensure that only authorized individuals can

Unit-IV: Cyber Security: Organizational Implications 18

 access web applications. Additionally, defining access levels and permissions based on job
roles and responsibilities helps prevent unauthorized access to sensitive information.

2. Balancing Convenience and Security: Organizations must strike a balance between

providing convenient access to web applications and ensuring robust security measures.
While employees may desire seamless access and flexibility, organizations need to
implement security controls that protect against potential threats, such as unauthorized
access, data breaches, or malware attacks. This may involve implementing secure access
protocols, encryption, and regular security updates to mitigate vulnerabilities.

3. Personal Email Usage and Data Security: The use of personal email IDs by employees to
send business-sensitive information (BSI) introduces significant data security risks.
Organizations need to establish policies and educate employees about the importance of
using company-sanctioned communication channels for sensitive data transmission. By
implementing secure email gateways and educating employees about data protection best
practices, organizations can reduce the likelihood of data security breaches resulting from
the use of personal email accounts.

4. Access Provisioning and User Lifecycle Management: Managing user access throughout
their employment lifecycle can be challenging, particularly in larger organizations with
frequent employee onboarding, role changes, or offboarding. Ensuring timely provisioning
and deprovisioning of access rights is crucial to prevent unauthorized access to web
applications. Implementing identity and access management (IAM) systems can help
streamline access provisioning processes and ensure adherence to security policies.

5. Continuous Monitoring and Auditing: Effective access control requires continuous

monitoring and auditing of user activities within web applications. Organizations should
implement robust logging mechanisms, intrusion detection systems, and security
information and event management (SIEM) tools to track user actions, detect anomalies, and
respond promptly to potential security incidents. Regular audits help identify security gaps,
policy violations, or suspicious activities, enabling organizations to take corrective measures
and enhance security controls.

6. User Education and Awareness: Promoting user education and awareness is essential to
cultivate a security-conscious culture within the organization. Employees should be
educated about the risks associated with improper access control, the importance of strong
passwords, the dangers of phishing attacks, and safe browsing practices. Regular training
programs and awareness campaigns can help employees make informed decisions and
actively contribute to maintaining secure access to web applications.

Unit-IV: Cyber Security: Organizational Implications 19

 In conclusion, organizations face challenges in controlling access to web applications due to the
diverse nature of web-based applications, the need for user authentication and authorization, the
risks associated with personal email usage, access provisioning complexities, continuous
monitoring requirements, and the importance of user education.
By implementing robust security measures, defining clear policies, and fostering a culture of
security awareness, organizations can mitigate these challenges and ensure secure access to web
applications while safeguarding sensitive data and protecting against potential threats.

The Bane of Malware

Many websites contain malware. Such websites are a growing security threat. Although most
organizations are doing a good job of blocking sites declared dangerous, cyber attackers, too, are
learning. Criminals change their techniques rapidly to avoid detection.
The presence of malware on websites has become a significant concern and a persistent security
threat for organizations. Malicious actors continuously adapt and evolve their techniques to
evade detection and exploit vulnerabilities. Despite organizations' efforts to block known
dangerous sites, cyber attackers are also becoming more adept at bypassing these defenses.
Here are some key points to consider regarding the bane of malware:

1. Growing Threat of Malware: The number of websites hosting malware continues to rise,
posing a serious risk to organizations and their users. Malware can be introduced through
compromised websites, malicious advertisements, or deceptive downloads. Once a user
accesses an infected website or interacts with malicious content, their system can be
compromised, leading to data breaches, unauthorized access, or financial losses.

2. Evolving Techniques: Cybercriminals employ sophisticated techniques to distribute

malware and maximize its impact. They may use social engineering tactics, exploit software
vulnerabilities, or employ stealthy techniques such as fileless malware or polymorphic
malware, which can evade traditional security measures. Attackers frequently modify their
tactics and infrastructure to evade detection and increase the success rate of their malicious
campaigns.

3. Countermeasures: Organizations must implement robust security measures to defend

against malware threats. This includes deploying up-to-date antivirus and antimalware
solutions, utilizing firewalls and intrusion detection systems, and regularly patching
software and systems to address known vulnerabilities. Implementing web filtering and

Unit-IV: Cyber Security: Organizational Implications 20

 content scanning can help block access to known malicious websites and prevent users from
downloading infected files.

4. User Awareness and Training: User education and awareness play a vital role in
combating malware threats. Organizations should provide regular training sessions to
educate employees about safe browsing practices, recognizing phishing attempts, and the
importance of not visiting suspicious websites or downloading files from untrusted sources.
By empowering users to make informed decisions and report potential security incidents,
organizations can enhance their overall security posture.

5. Incident Response and Recovery: Despite preventive measures, organizations should also
establish robust incident response plans to detect and respond promptly to malware
incidents. This includes isolating infected systems, conducting forensic investigations, and
applying appropriate remediation steps to remove malware and restore affected systems to a
secure state. Regular data backups and a well-defined recovery strategy are crucial for
minimizing the impact of malware attacks.

6. Collaboration and Information Sharing: Given the dynamic nature of malware threats,
collaboration and information sharing among organizations, security vendors, and industry
forums are essential. Sharing threat intelligence, indicators of compromise, and best
practices can help organizations stay ahead of emerging malware trends, identify new attack
vectors, and collectively improve their defenses against malware.

In conclusion, the prevalence of malware on websites poses a significant challenge to

organizations' cybersecurity. By staying vigilant, implementing robust security measures,
educating users, and fostering collaboration within the industry, organizations can better defend
against malware threats.
Regularly updating defenses, monitoring for new malware variants, and adopting a proactive
approach to security are crucial in mitigating the risks associated with malware and protecting
sensitive data and systems from malicious attacks.

The Need for Protecting Multiple Offices and Locations

Delivery from multi-locations and teams collaborating from multi-locations to deliver a single
project are a common working scenario today. Most large organizations have several offices at
multiple locations. In such scenario Internet-based host service is best idea to protect many
locations.

Unit-IV: Cyber Security: Organizational Implications 21

 Security & Privacy Implications from Cloud
Computing
Cloud Computing is one of the top 10 Cyber Threats to organizations. There are data privacy
risks through cloud computing. Organizations should think about privacy scenarios in terms of
“user spheres”.

There are three kinds of spheres and their characteristics:

1. User Sphere: Here data is stored on users’ desktops, PCs, laptops, mobile phones, Radio
Frequency Identification (RFID) chips, etc…
Organization’s responsibility is to provide access to users and monitor that access to ensure
misuse does not happen.

2. Recipient Sphere: Here, data lies with recipients: servers and databases of network
providers, service providers or other parties with whom data recipient shares data.
Organizations responsibility is to minimize users privacy risk by ensuring unwanted
exposure of personal data of users does not happen.

3. Joint Sphere: Here data lies with web service provider’s servers and databases. This is the
in between sphere where it is not clear to whom does the data belong.
Organization responsibility is to provide users some control over access to themselves and to
minimize users futures privacy risk.

To address security and privacy implications in cloud computing, organizations should consider
the following measures:

1. Conduct a thorough Risk Assessment: Identify potential security and privacy risks
associated with cloud computing, considering factors such as data sensitivity, regulatory
requirements, and the nature of the cloud service used.

2. Choose reputable Cloud Service Providers: Select providers with a strong track record in
security and privacy practices. Assess their compliance with relevant standards and
certifications, and review their data protection policies and incident response capabilities.

3. Implement Strong Authentication and Access Controls: Enforce multi-factor

authentication, role-based access controls, and strong encryption mechanisms to protect data
both at rest and in transit.

Unit-IV: Cyber Security: Organizational Implications 22

 4. Regularly monitor and Audit Cloud Environments: Implement robust monitoring and
auditing mechanisms to detect any unauthorized access or suspicious activities. Conduct
regular security assessments and penetration tests to identify vulnerabilities and address
them promptly.

5. Educate Employees and Users: Raise awareness among employees and users about cloud
security and privacy best practices. Provide training on data handling, password
management, and recognizing social engineering attacks to prevent unauthorized access or
data breaches.

6. Establish Data Governance and Compliance Processes: Develop comprehensive data

governance policies and procedures to ensure compliance with relevant data protection
regulations. Regularly review and update these policies to align with changing regulatory
requirements.

7. Incident Response and Disaster Recovery Planning: Have a well-defined incident

response plan in place to address security incidents promptly and minimize their impact.
Regularly test and update the plan to ensure its effectiveness. Implement robust backup and
disaster recovery mechanisms to safeguard data and ensure business continuity.

By understanding the different spheres of data storage and the corresponding responsibilities,
organizations can effectively address security and privacy implications associated with cloud
computing. Implementing a proactive and comprehensive approach to cloud security will help
organizations mitigate risks and protect sensitive data in this digital era.

Social Media Marketing: Security Risks & Perils

for Organizations
Social media marketing has become dominant in the industry. According to fall 2009 survey by
marketing professionals; usage of social media sites by large business-to-business (B2B)
organizations shows the following:

Unit-IV: Cyber Security: Organizational Implications 23

 1. Facebook is used by 37% of the organizations.

2. LinkedIn is used by 36% of the organizations.

3. Twitter is used by 36% of the organizations.

4. YouTube is used by 22% of the organizations.

5. My Space is used by 6% of the organizations

Although the use of social media marketing site is rampant, there is a problem related to “social
computing” or “social media marketing”: the problem of privacy threats.

Exposures to sensitive PI and confidential business information are possible if due care is not
taken by organizations while using the mode of “social media marketing”

Understanding Social Media Marketing

Most professionals today use social technologies for business purposes. Most common usage
include: marketing, internal collaboration and learning, customer service and support, sales,
human resources, strategic planning, product development.
Following are the most typical reasons why organizations use social media marketing to promote
their products and services:

Unit-IV: Cyber Security: Organizational Implications 24

 1. To be able to reach to a larger target audience in a more spontaneous and instantaneous
manner without paying large advertising fees.

2. To increase traffic to their website coming from other social media websites by using Blogs
and social and business-networking. Companies believe that this, in turn, may increase their
“page rank” resulting in increased traffic from leading search engines.

3. To reap other potential revenue benefits and to minimize advertising costs because social
media complements other marketing strategies such as a paid advertising campaign.

4. To build credibility by participating in relevant product promotion forums and responding to

potential customers’ questions immediately.

5. To collect potential customer profiles. Social media sites have information such a suser
profile data, which can be used to target a specific set of users for advertising.

There are other tools too that organizations use; industry practices indicate the following:

1. Twitter is used with higher priority to reach out to maximum marketers in the technology
space and monitor the space.

2. Professional networking tool LinkedIn is used to connect with and create a communityof top
executives from the Fortune 500.

3. Facebook as the social group or social community tool is used to drive more traffic to
Websense website and increase awareness about Websense.

4. YouTube (the video capability tool to run demonstrations of products/services, etc…) is used
to increase the brand awareness and create a presence for corporate videos.

5. Wikipedia is also used for brand building and driving traffic.

There are conflits views about social media marketing some people in IT say the expensive and
careless use of it.
Some illustrate the advantages of it with proper control of Security risk.
There are conflicts views about social media marketing some people in IT say the expensive and
careless use of it.Some illustrate the advantages of it with proper control of Security Risk

Social Computing & The Associated Challenges

for Organizations

Unit-IV: Cyber Security: Organizational Implications 25

 The emergence of social computing, also known as Web 2.0, has revolutionized the way people
interact with web-based products and services.
It has opened up new avenues for collaboration, communication, and information sharing,
benefiting individuals in various aspects of their lives, such as work, health, learning,
entertainment, and citizenship tasks.

“Social Computing” is also known as WEB 2.0.

It empowers people to use web based public products and services.

It helps thousands of people across the globe to support their work, health, learning, getting
entertained and citizenship tasks in a number of innovative ways.

In this process a lot of information gets exchanged and some of that would be confidential,
personally identifiable information etc… This would be goldmine for the cybercriminals.

Getting too used to readily available information, people may get into the mode of not
questioning, the accuracy and reliability of information that they readily get on the internet.

With social computing, there are new threats emerging, those threats relate to
security, safety and privacy.

However, along with its numerous benefits, social computing also brings forth several challenges
for organizations, particularly in the realms of security, safety, and privacy.
One of the key concerns with social computing is the exchange of vast amounts of information,
some of which may be confidential or personally identifiable.
This abundance of valuable information serves as a potential goldmine for cybercriminals who
seek to exploit such data for malicious purposes, including identity theft, fraud, or targeted
attacks.
Organizations must implement robust security measures to safeguard sensitive information
shared through social computing platforms, such as strong authentication, encryption, and secure
transmission protocols.
Moreover, the easy accessibility of information through social computing platforms can lead
individuals to become complacent in questioning the accuracy and reliability of the information
they encounter online.

This can have serious implications, as false or misleading information can spread rapidly and
have far-reaching consequences. Organizations need to educate their employees and users about

Unit-IV: Cyber Security: Organizational Implications 26

 the importance of critically evaluating the information they come across and adopting fact-
checking measures to mitigate the risks of misinformation.
Furthermore, the nature of social computing introduces new threats to security, safety, and
privacy. Social engineering attacks, such as phishing scams or social media manipulation, exploit
the trust and openness inherent in social platforms to deceive users and gain unauthorized access
to sensitive data.
Organizations must raise awareness about these threats and provide guidance on identifying and
mitigating social engineering attempts.
Privacy concerns also arise in the context of social computing, as individuals willingly share
personal information and engage in online interactions that may compromise their privacy.
Organizations should establish clear guidelines and policies regarding the collection, storage, and
use of personal data within social computing environments.

They should also ensure compliance with relevant data protection regulations and provide users
with control over their privacy settings and the ability to manage the visibility of their personal
information.
To address the challenges posed by social computing, organizations should consider the
following measures:

1. Develop Comprehensive Social Media Policies: Establish clear guidelines for employees
and users regarding the appropriate use of social computing platforms, including rules for
sharing information, interacting with others, and safeguarding confidential data.

2. Implement Security Measures: Deploy robust security controls, such as firewalls, intrusion
detection systems, and data loss prevention mechanisms, to protect against unauthorized
access and data breaches in social computing environments.

3. Conduct Regular Training and Awareness Programs: Educate employees and users about
the risks associated with social computing, including social engineering tactics, privacy
concerns, and the importance of information verification.

4. Monitor and manage Online Presence: Establish mechanisms to monitor and manage the
organization's online presence, including social media accounts and user-generated content,
to detect and address any potential security or reputational risks.

5. Encourage Responsible Use: Promote responsible behavior among employees and users,
emphasizing the need to exercise caution when sharing personal information, engaging in
online interactions, and evaluating the reliability of information.

Unit-IV: Cyber Security: Organizational Implications 27

 6. Collaborate with Social Computing Platforms: Engage with social computing platform
providers to stay updated on security features, privacy settings, and emerging threats. Work
together to address any vulnerabilities and enhance user protections.

By proactively addressing the security, safety, and privacy challenges associated with social
computing, organizations can leverage the benefits of these platforms while mitigating the
potential risks.
It requires a combination of technical measures, education, and policy frameworks to ensure a
secure and responsible approach to social computing in the digital age.

Protecting People’s Privacy in the Organization

Organizational guidelines for Internet usage and safe computing are essential for maintaining a
secure and productive work environment. The following points outline the importance and key
elements of these guidelines:

An internet usage policy is a document used by employers to communicate the acceptable

use of technology in the workplace.

The document provides rules andguidelines surrounding the organization's expectations of

their employees when using the internet and other company-provided devices.

A computer usage policy is a document that provides employees with guidelines on how to
appropriately use company equipment and the internet on your work computer network.
This kind of policy can minimize the risk of computer misuse – whether in the university
library or a business office.

Internet Usage Policy

An Internet usage policy serves as a comprehensive document that outlines the acceptable use of
technology within the workplace. It communicates the organization's expectations regarding
employee behavior when accessing the internet and utilizing company-provided devices. This
policy helps prevent misuse, protect sensitive information, and maintain network security.
Key elements of an Internet usage policy may include:

Clearly Defined Acceptable use: Specify what activities are permitted and prohibited while
using company networks, devices, and internet resources. This may include guidelines on
accessing appropriate websites, using social media, downloading files, and engaging in
online communication.

Unit-IV: Cyber Security: Organizational Implications 28

 Data Security and Confidentiality: Emphasize the importance of protecting sensitive data
and confidential information. Employees should be educated about the risks of sharing
sensitive information online and the need to adhere to data protection policies.

Prohibited Activities: Clearly state activities that are strictly prohibited, such as accessing
inappropriate or offensive content, engaging in illegal activities, downloading unauthorized
software, or distributing malware.

Personal Use Guidelines: Define the boundaries for personal internet use during work
hours. This may include specifying the permitted duration or restricting personal use to
designated break times.

Monitoring and Enforcement: Inform employees that their internet usage may be
monitored for security and compliance purposes. Outline the consequences of policy
violations, including disciplinary actions or termination.

Computer Usage Policy

A computer usage policy complements the internet usage policy by providing guidelines
specifically related to the appropriate use of company-provided equipment and the internet on
work computers. This policy aims to prevent computer misuse, protect hardware and software
assets, and ensure efficient and safe computing practices.
Key elements of a computer usage policy may include:

Authorized Usage: Specify that company-provided computers and devices should only be
used for work-related activities. Prohibit the installation of unauthorized software or
accessing unauthorized websites.

Software and License Compliance: Emphasize the importance of using licensed software
and complying with software usage agreements. Prohibit the installation of unlicensed or
unauthorized software.

Password and Account Security: Educate employees about the significance of strong
passwords, regular password updates, and the importance of not sharing login credentials.

Data Backup and Storage: Provide guidelines for data backup procedures to ensure the
protection and availability of critical business data. Encourage employees to save files on
designated network drives or cloud storage solutions rather than locally on their computers.

Reporting Security Incidents: Establish a clear process for employees to report any
security incidents, including suspected malware infections, phishing attempts, or

Unit-IV: Cyber Security: Organizational Implications 29

 unauthorized access to sensitive information.

Employee Responsibilities: Clearly outline employees' responsibilities in maintaining a

secure computing environment, such as keeping software and antivirus programs up to date,
promptly reporting any security vulnerabilities, and following best practices for safe
computing.

Sample Computer Usage and Internet Usage Policies

Organizations can find sample computer usage and internet usage policy templates from various
sources, including industry associations, legal resources, or cybersecurity organizations. These
templates can serve as a starting point for creating customized policies that align with the
specific needs and requirements of the organization. It is important to review and tailor the
sample policies to address the unique risks and considerations relevant to the organization's
industry, size, and regulatory environment.
Regular communication, training, and enforcement of these policies are crucial to ensure
employees understand their responsibilities and the potential consequences of policy violations.
By implementing and consistently reinforcing these guidelines, organizations can enhance
cybersecurity, protect sensitive information, and promote responsible and productive use of
technology in the workplace.

Intellectual Property in Cyberspace

Intellectual Property (IP) plays a crucial role in cyberspace, where digital content can be easily
copied and distributed.
The following points further discuss the importance of IP in the digital realm:

1. Protection of Creative Works: IP protection is vital for individuals and organizations

involved in various creative fields such as literature, music, art, inventions, and business
practices. It grants exclusive rights to the creators, allowing them to control and profit from
their original works. In the digital era, where content can be easily reproduced and
disseminated, IP protection becomes even more critical to safeguard the interests of creators.

2. Exclusive Rights: IP provides creators with exclusive rights to their work, including the
right to reproduce, distribute, publicly display, and create derivative works. These rights
enable creators to monetize their creations and prevent others from using their work without
permission. By having exclusive rights, creators have the opportunity to benefit financially
and maintain control over the use and distribution of their intellectual property.

Unit-IV: Cyber Security: Organizational Implications 30

 3. Legal Framework: Intellectual Property is governed by various laws, regulations, and
international agreements. Copyright laws protect original works of authorship, while patents
protect inventions and innovations. Trademark laws safeguard brand names, logos, and
symbols, ensuring that they are not used unlawfully by others. These legal frameworks
provide a foundation for creators to assert their rights and take legal action against
infringement.

4. Challenges in Cyberspace: The digital landscape poses unique challenges to IP protection.

With the ease of online sharing and copying, unauthorized distribution and infringement of
copyrighted works have become more prevalent. Online piracy, illegal downloading, and
counterfeiting are common issues that can significantly impact the revenue and reputation of
creators and businesses.

5. Digital Rights Management (DRM): To mitigate the risks associated with IP infringement,
digital rights management (DRM) technologies are employed. DRM systems are designed to
control access to digital content and protect it from unauthorized copying or distribution.
These systems use encryption, licensing, and access control mechanisms to enforce IP rights
and prevent unauthorized use of digital assets.

6. International Collaboration: Given the global nature of the internet, international

collaboration is crucial for effective IP protection in cyberspace. Countries and organizations
work together to establish standards, policies, and legal frameworks that promote respect for
IP rights and combat infringement on a global scale. International agreements, such as the
World Intellectual Property Organization (WIPO) treaties, facilitate cooperation and
harmonization of IP laws across different jurisdictions.

In conclusion, intellectual property rights play a vital role in cyberspace by providing creators
and innovators with legal protection and exclusive rights to their works. The digital era presents
both opportunities and challenges for IP protection, necessitating robust legal frameworks,
technological solutions, and international collaboration to safeguard creative works and foster
innovation in the digital realm.

Intellectual Property (IP) simply refers to the creation of the mind. It refers to the possession
of thought or design by the one who came up with it.

It offers the owner of any inventive design or any form of distinct work some exclusive
rights, that make it unlawful to copy or reuse that work without the owner’s permission.

It is a part of property law. People associated with literature, music, invention, etc… can use
it in business practices.

Unit-IV: Cyber Security: Organizational Implications 31

 There are numerous types of tools of protection that come under the term “intellectual
property”.

Notable among these are the following:

Patent.

Trademark.

Geographical indications.

Layout Designs of Integrated Circuits.

Trade secrets.

Copyrights.

Industrial Designs.

Cyberspace is the non-physical domain where numerous computers are connected through
computer networks to establish communication between them.

With the expansion of technology, cyberspace has come within reach of every individual.
This fact led to the emergence of cyberspace as a business platform and hence increases
pressure on Intellectual Property.

Nowadays, cyber crimes do not solely limit themselves to fraud, cyberbullying, identity
thefts but also an infringement of copyrights and trademarks of various businesses and other
organizations.

Online content needs to be protected and hence Intellectual Property Rights and Cyber laws
cannot be separated.

In cyberspace, sometimes one person makes a profit by using another person’s creation
without the owner’s consent. This is a violation of privacy, and it is protected by IPR.

We have certain laws to avoid violation of Intellectual Property Rights in cyberspace and
when it is violated, then additionally we have several remedies in law.

Copyright Infringement
Copyright protection is given to the owner of any published artistic, literary, or scientific work
over his work to prohibit everyone else from exploiting that work in his name and thereby gain
profit from it.

Unit-IV: Cyber Security: Organizational Implications 32

 When these proprietary creations are utilized by anyone without the permission of the owner, it
leads to copyright infringement. If copies of any software are made and sold on the internet
without the permission of the owner or even copying the content from any online source, these
all are examples of copyright infringement.

Copyright Issues in Cyberspace:

Linking.

Software Piracy.

Cybersquatting (unauthorized registration and use of Internet domain names).

Trademark Issues in Cyberspace

Trademark means a mark capable of being depicted diagrammatically and which may distinguish
the products or services of one person from those of others and will embody the form of
products, their packaging, and combination of colors. A registered service mark represents a
service.
Trademark infringement refers to the unlawful use of a trademark or service mark which can
cause ambiguity, fraud, or confusion about the actual company a product or service came from.
Trademark owners can take the help of the law if they believe their marks are being infringed.

Unit-IV: Cyber Security: Organizational Implications 33

 󾠲
Unit-V: Privacy Issues: Basic Data
Privacy Concepts
Privacy Issues: Basic Data Privacy Concepts: Fundamental Concepts, Data Privacy Attacks,
Data linking and Profiling, Privacy Policies and their Specifications, Privacy Policy Languages,
Privacy in Different Domains: Medical, Financial, etc…
Cybercrime: Examples and Mini-Cases
Examples: Official Website of Maharashtra Government Hacked, Indian Banks Lose Millions of
Rupees, Parliament Attack, Pune City Police Bust Nigerian Racket, e-Mail spoofing instances.
MiniCases: The Indian Case of Online Gambling, An Indian Case of Intellectual Property
Crime, Financial Frauds in Cyber Domain.

PART-I: Privacy Issues: Basic Data Privacy

Concepts

Unit-V: Privacy Issues: Basic Data Privacy Concepts 1

 Fundamental Concepts of Basic Data Privacy
Concepts
Data privacy generally means the ability of a person to determine for themselves when, how, and
to what extent personal information about them is shared with or communicated to others.
This personal information can be one's name, location, contact information, or online or real-
world behavior. Just as someone may wish to exclude people from a private conversation, many
online users want to control or prevent certain types of personal data collection.
As Internet usage has increased over the years, so has the importance of data privacy. Websites,
applications, and social media platforms often need to collect and store personal data about users
in order to provide services.
However, some applications and platforms may exceed users' expectations for data collection
and usage, leaving users with less privacy than they realized. Other apps and platforms may not
place adequate safeguards around the data they collect, which can result in a data breach that
compromises user privacy.

What is Data Privacy?

Data privacy refers to the protection and proper handling of personal information or data,
ensuring that individuals have control over how their data is collected, used, and shared. It
involves safeguarding sensitive and personal data from unauthorized access, misuse, or
disclosure. Data privacy is a fundamental right and a critical aspect of maintaining trust and
confidentiality in various contexts, including businesses, government institutions, and online
interactions.
Key aspects of data privacy include:

1. Data Collection: It relates to the process of gathering personal data from individuals.
Organizations should inform individuals about the purpose of data collection and obtain
their consent to collect and process their information.

2. Data Use: It pertains to how collected data is utilized by organizations. Data should only be
used for the specified purposes and in accordance with the consent given by individuals.
Organizations should ensure that data is used in a manner that respects privacy rights and
complies with relevant laws and regulations.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 2

 3. Data Security: It involves implementing measures to protect data from unauthorized access,
loss, or theft. This includes adopting encryption, firewalls, access controls, and other
security practices to safeguard personal information.

4. Data Sharing: It refers to the disclosure of personal data to third parties. Organizations
should be transparent about the sharing of data, and individuals should have control over
whether their data is shared and with whom.

5. Data Retention: It addresses how long personal data is stored and the secure disposal of
data when it is no longer needed. Organizations should establish clear retention policies and
procedures to ensure that data is not retained for longer than necessary.

6. Individual Rights: It encompasses the rights of individuals to access, rectify, delete, or

restrict the processing of their personal data. Individuals have the right to know what data is
being collected, how it is being used, and to have control over their own information.

7. Compliance and Regulations: Data privacy is regulated by various laws and regulations,
such as the General Data Protection Regulation (GDPR) in the European Union and the
California Consumer Privacy Act (CCPA) in the United States. Organizations are required to
comply with these regulations and implement appropriate privacy practices to protect
individuals' data.

Overall, data privacy emphasizes the importance of respecting individuals' privacy rights,
providing transparency and control over their personal information, and implementing measures
to secure data against unauthorized access or misuse.
By prioritizing data privacy, organizations can build trust with their customers, users, and
stakeholders, while also ensuring legal and ethical data handling practices.

Why is data privacy important?

In many jurisdictions, privacy is considered a fundamental human right, and data protection laws
exist to guard that right. Data privacy is also important because in order for individuals to be
willing to engage online, they have to trust that their personal data will be handled with care.
Organizations use data protection practices to demonstrate to their customers and users that they
can be trusted with their personal data.
Personal data can be misused in a number of ways if it is not kept private or if people don’t have
the ability to control how their information is used:

Criminals can use personal data to defraud or harass users.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 3

 Entities may sell personal data to advertisers or other outside parties without user consent,
which can result in users receiving unwanted marketing or advertising.

When a person's activities are tracked and monitored, this may restrict their ability to
express themselves freely, especially under repressive governments.

For individuals, any of these outcomes can be harmful. For a business, these outcomes can
irreparably harm their reputation, as well as resulting in fines, sanctions, and other legal
consequences.
In addition to the real-world implications of privacy infringements, many people and countries
hold that privacy has intrinsic value: that privacy is a human right fundamental to a free
society, like the right to free speech.

What are the Laws that Govern Data Privacy?

As technological advances have improved data collection and surveillance capabilities,
governments around the world have started passing laws regulating what kind of data can be
collected about users, how that data can be used, and how data should be stored and protected.
Some of the most important regulatory privacy frameworks to know include:

General Data Protection Regulation (GDPR): Regulates how the personal data of
European Union (EU) data subjects, meaning individuals, can be collected, stored, and
processed, and gives data subjects rights to control their personal data (including a right to
be forgotten).

National Data Protection Laws: Many countries, such as Canada, Japan, Australia,
Singapore, and others, have comprehensive data protection laws in some form. Some, like
Brazil's General Law for the Protection of Personal Data and the UK's Data Protection Act,
are quite similar to the GDPR.

California Consumer Privacy Act (CCPA): Requires that consumers be made aware of
what personal data is collected and gives consumers control over their personal data,
including a right to tell organizations not to sell their personal data.

There are also industry-specific privacy guidelines in some countries: for instance, in the United
States, the Health Insurance Portability and Accountability Act (HIPAA) governs how personal
healthcare data should be handled.

However, many privacy advocates argue that individuals still do not have sufficient control over
what happens to their personal data. Governments around the world may pass additional data

Unit-V: Privacy Issues: Basic Data Privacy Concepts 4

 privacy laws in the future.

Why is Data Privacy important?

In many jurisdictions, privacy is considered a fundamental human right, and data protection laws
exist to guard that right.

Data privacy is also important because in order for individuals to be willing to engage online,
they have to trust that their personal data will be handled with care.
Organizations use data protection practices to demonstrate to their customers and users that they
can be trusted with their personal data.

Personal data can be misused in a number of ways if it is not kept private or if people don’t have
the ability to control how their information is used:

Criminals can use personal data to defraud or harass users.

Entities may sell personal data to advertisers or other outside parties without user consent,
which can result in users receiving unwanted marketing or advertising.

When a person's activities are tracked and monitored, this may restrict their ability to
express themselves freely, especially under repressive governments.

For individuals, any of these outcomes can be harmful. For a business, these outcomes can
irreparably harm their reputation, as well as resulting in fines, sanctions, and other legal
consequences.
In addition to the real-world implications of privacy infringements, many people and countries
hold that privacy has intrinsic value: that privacy is a human right fundamental to a free society,
like the right to free speech.
Data privacy is particularly crucial since, for a person to give you their data, they need to believe
that you will handle their data privacy appropriately. This method requires individuals to have
confidence in the privacy and security of their data.
Data protection measures are one method that companies employ to persuade their clients and
customers that they can entrust them with user privacy and their personally identifiable
information.

What are some of the most important Technologies for Data

Privacy?

Unit-V: Privacy Issues: Basic Data Privacy Concepts 5

 Encryption is a way to conceal information by scrambling it so that it appears to be random
data. Only parties with the encryption key can unscramble the information.

Access control ensures that only authorized parties access systems and data. Access control
can be combined with data loss prevention (DLP) to stop sensitive data from leaving the
network.

Two-factor authentication is one of the most important technologies for regular users, as it
makes it far harder for attackers to gain unauthorized access to personal accounts.

These are just some of the technologies available today that can protect user privacy and keep
data more secure. However, technology alone is not sufficient to protect data privacy.

Elements of Data Privacy?

Data privacy is generally composed of the following six elements:

1. Legal framework: Prevailing legislation enacted and applied to data issues, such as data
privacy laws.

2. Policies: Established business rules and policies to protect employees and user data privacy.

3. Practices: Best-practices put in place to guide IT infrastructure, data privacy and protection.

4. Third-party associations: Any third-party organizations, such as cloud service providers,

that interact with data.

5. Data governance: Standards and practices used to store, secure, retain and access data.

6. Global requirements: Any differences or variations of data privacy and compliance

requirements among legal jurisdictions around the world such as the U.S. and European
Union (EU).

Data privacy is a subset of the broader data protection concept. It includes traditional data
protection -- such as data backups and disaster recovery considerations -- and data security. The
goal of data protection is to ensure the continued privacy and security of sensitive business data,
while maintaining the availability, consistency and immutability of that data.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 6

 Data Privacy vs Data Security
Data privacy and data security are closely related ideas, but they aren't interchangeable:

Data privacy focuses on issues related to collecting, storing and retaining data, as well as
data transfers within applicable regulations and laws, such as GDPR and HIPAA.

Data security is the protection of data against unauthorized access, loss or corruption
throughout the data lifecycle. Data security can involve processes and practices, along with a
variety of tools such as encryption, hashing and tokenization to guard data at rest and in
motion.

Data Privacy Data Security

Data privacy means being sensitive to personal Data security refers to the process of protecting data
information based on collected data. from unauthorized access and corruption.
It concentrates on how to meet the standards It prevents the exploitation of stolen data. It includes
when collecting, processing, sharing, archiving, features such as network access, cryptography, and
and deleting data. information systems.
Eg., protected health information, geolocation, Eg., access control, backup and recovery, and
and financial transactions tokenization

Data privacy is a subset of data security. That is, data privacy can't exist without data security.

What is a Data Privacy Breach?

Unit-V: Privacy Issues: Basic Data Privacy Concepts 7

 A data privacy breach occurs when information is stolen or removed from a database without the
awareness or authority of the system’s administrator. A breach can happen when someone hacks
into the system or steals the information themselves.
Any size of business or organization is susceptible to having its data compromised. The
information contained in stolen data may be critical, private, or classified. Some of the data could
include credit card information, client information, corporate secrets, or even topics about
national security.
The target company’s reputation may suffer due to a data breach because customers may view
the incident as a betrayal of confidence, which might be one of the negative repercussions of the
data privacy breach. If hackers took the records in question, the victims and their customers
could experience financial losses.

Miscellaneous Concepts of Data Privacy

The miscellaneous concepts of basic data privacy include:

1. Consent: Individuals should provide informed consent before their personal data is
collected, processed, or shared. Consent should be freely given, specific, and based on clear
and understandable information regarding the purposes and scope of data processing.

2. Purpose Limitation: Organizations should collect and process personal data only for
specific, legitimate purposes that are clearly communicated to individuals. Data should not
be used or disclosed for purposes unrelated to the original intent without obtaining
additional consent.

3. Data Minimization: Organizations should collect and retain only the minimum amount of
personal data necessary to fulfill the specified purposes. Data should be relevant, adequate,
and limited to what is necessary for the intended processing activities.

4. Accuracy: Personal data should be accurate, complete, and up-to-date. Organizations should
take reasonable steps to ensure the accuracy of the data and allow individuals to review and
correct their information if necessary.

5. Security: Adequate security measures should be implemented to protect personal data

against unauthorized access, loss, or alteration. This includes technical and organizational
safeguards to prevent data breaches and ensure the integrity and confidentiality of the
information.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 8

 6. Data Subject Rights: Individuals have rights regarding their personal data, such as the right
to access, rectify, delete, restrict processing, and object to the processing of their data.
Organizations should respect these rights and provide mechanisms for individuals to
exercise their rights.

7. Data Transfers: If personal data is transferred to another country or organization, adequate

safeguards should be in place to ensure the protection of the data during the transfer. This
may include implementing contractual agreements, using approved mechanisms like
Standard Contractual Clauses, or relying on data transfer mechanisms recognized by
relevant data protection authorities.

8. Accountability: Organizations should be accountable for their data processing activities and
demonstrate compliance with applicable data protection laws and regulations. This includes
maintaining documentation of data processing activities, conducting privacy impact
assessments, and implementing privacy by design and default principles.

These concepts form the basis of data privacy principles and are essential for organizations to
establish a privacy-centric approach in handling personal data. Adhering to these principles helps
protect individuals' privacy rights and fosters trust between organizations and their stakeholders.

Data Privacy Attacks

Life today has become far more comfortable because of various digital devices and the internet
to support them. There is a flip side to everything good, and that also applies to the digital world
today.

The internet has brought in a positive change in our lives today, but with that, there is also an
enormous challenge in protecting your data. This gives rise to cyber attacks. In this article, we
will discuss the different types of cyber attacks and how they can be prevented.

What are Data Privacy Attacks?

Before heading to the different types of cyber attacks, we will first walk you through a cyber
attack. When there is an unauthorized system/network access by a third party, we term it as a
cyber attack. The person who carries out a cyberattack is termed as a hacker/attacker.
Cyber-attacks have several negative effects. When an attack is carried out, it can lead to data
breaches, resulting in data loss or data manipulation. Organizations incur financial losses,
customer trust gets hampered, and there is reputational damage. To put a curb on cyberattacks,

Unit-V: Privacy Issues: Basic Data Privacy Concepts 9

 we implement cybersecurity. Cybersecurity is the method of safeguarding networks, computer
systems, and their components from unauthorized digital access.

Why Do People Launch Cyber Attacks?

There are many reasons why people launch cyber attacks, including financial gain, espionage,
activism, and sabotage. In some cases, cyber-attacks may be politically motivated to cause
damage to their opponents.

People launch cyber attacks for various reasons, driven by different motivations and objectives.
Here are some common reasons why individuals or groups engage in cyber attacks:

1. Financial Gain: Many cyber attacks are motivated by financial incentives. Attackers may
target financial institutions, businesses, or individuals to steal sensitive financial
information, such as credit card details, bank account credentials, or personal identification
information. They may use this information for fraudulent activities, identity theft, or to
extort money.

2. Theft of Intellectual Property: Cyber attacks can be carried out to steal valuable
intellectual property, trade secrets, or proprietary information from organizations. This
stolen data can be sold or used by competitors for economic advantage or to undermine the
targeted organization's position in the market.

3. Espionage and Surveillance: State-sponsored or politically motivated attackers may

engage in cyber espionage to gain access to sensitive information about government
activities, military strategies, diplomatic communications, or corporate intelligence. This
information can be used to gain a competitive advantage, influence decision-making, or
carry out surveillance on specific individuals or organizations.

4. Hacktivism: Some individuals or groups launch cyber attacks as a form of protest or

activism. They target organizations or websites to express their political or social ideologies,
raise awareness about specific issues, or disrupt operations that they perceive as unethical or
unjust. Hacktivism can range from defacing websites to leaking sensitive information.

5. Cyber Warfare: Nation-states and state-sponsored groups may engage in cyber attacks as
part of their military or geopolitical strategies. These attacks can be aimed at disrupting
critical infrastructure, causing damage or disruption to a country's systems, conducting
surveillance, or gathering intelligence.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 10

 6. Malicious Intent or Thrill-seeking: Some individuals launch cyber attacks simply for the
thrill of it or to showcase their technical skills. These attackers, often referred to as "script
kiddies" or "black hat hackers," may engage in activities such as defacing websites,
spreading malware, or launching Distributed Denial of Service (DDoS) attacks without a
specific motive other than causing chaos or proving their capabilities.

7. Revenge or Retaliation: Cyber attacks can be driven by personal vendettas, revenge, or

retaliation against individuals, organizations, or entities that the attackers perceive as having
wronged them. This can involve activities such as hacking social media accounts, doxing
(exposing personal information), or launching targeted attacks to damage reputations or
disrupt operations.

It's important to note that motivations behind cyber attacks can vary, and in some cases, attackers
may have a combination of motives. Additionally, the evolving landscape of cyber threats means
new motivations and attack vectors may emerge over time.

Types of Data Privacy Attacks

There are many varieties of cyber attacks that happen in the world today. If we know the various
types of cyberattacks, it becomes easier for us to protect our networks and systems against them.
Here, we will closely examine the top ten cyber-attacks that can affect an individual, or a large
business, depending on the scale.
Let’s start with the different types of cyberattacks on our list:

1. Malware Attack: This is one of the most common types of cyberattacks. “Malware” refers
to malicious software viruses including worms, spyware, ransomware, adware, and trojans.
The Trojan Virus disguises itself as legitimate software. Ransomware blocks access to the
network's key components, whereas Spyware is software that steals all your confidential
data without your knowledge. Adware is software that displays advertising content such as
banners on a user's screen.
Malware breaches a network through a vulnerability. When the user clicks a dangerous link,
it downloads an email attachment or when an infected pen drive is used.

Let’s now look at how we can prevent a malware attack:

Use antivirus software. It can protect your computer against malware. Avast Antivirus,
Norton Antivirus, and McAfee Antivirus are a few of the popular antivirus software.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 11

 Use firewalls. Firewalls filter the traffic that may enter your device. Windows and Mac
OS X have their default built-in firewalls, named Windows Firewall and Mac Firewall.

Stay alert and avoid clicking on suspicious links.

Update your OS and browsers, regularly.

2. Phishing Attack: Phishing attacks are one of the most prominent widespread types of
cyberattacks. It is a type of social engineering attack wherein an attacker impersonates to be
a trusted contact and sends the victim fake mails.

Unaware of this, the victim opens the mail and clicks on the malicious link or opens the
mail's attachment. By doing so, attackers gain access to confidential information and
account credentials. They can also install malware through a phishing attack.

Phishing attacks can be prevented by following the below-mentioned steps:

Scrutinize the emails you receive. Most phishing emails have significant errors like
spelling mistakes and format changes from that of legitimate sources.

Make use of an anti-phishing toolbar.

Update your passwords regularly.

3. Password Attack: It is a form of attack wherein a hacker cracks your password with various
programs and password cracking tools like Aircrack, Cain, Abel, John the Ripper, Hashcat,
etc…
There are different types of password attacks like brute force attacks, dictionary attacks, and
keylogger attacks.

Listed below are a few ways to prevent password attacks:

Use strong alphanumeric passwords with special characters.

Abstain from using the same password for multiple websites or accounts.

Update your passwords; this will limit your exposure to a password attack.

Do not have any password hints in the open.

4. Man-in-the-Middle Attack: A Man-in-the-Middle Attack (MITM) is also known as an

eavesdropping attack. In this attack, an attacker comes in between a two-party
communication, i.e., the attacker hijacks the session between a client and host. By doing so,
hackers steal and manipulate data.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 12

 As seen below, the client-server communication has been cut off, and instead, the
communication line goes through the hacker.
MITM attacks can be prevented by following the below-mentioned steps:

Be mindful of the security of the website you are using. Use encryption on your
devices.

Refrain from using public Wi-Fi networks.

5. SQL Injection Attack: A Structured Query Language (SQL) injection attack occurs on a
database-driven website when the hacker manipulates a standard SQL query. It is carried by
injecting a malicious code into a vulnerable website search box, thereby making the server
reveal crucial information.

This results in the attacker being able to view, edit, and delete tables in the databases.
Attackers can also get administrative rights through this.

To prevent a SQL injection attack:

Use an Intrusion detection system, as they design it to detect unauthorized access to a

network.

Carry out a validation of the user-supplied data. With a validation process, it keeps the
user input in check.

6. Denial-of-Service Attack: A Denial-of-Service Attack is a significant threat to companies.

Here, attackers target systems, servers, or networks and flood them with traffic to exhaust
their resources and bandwidth.
When this happens, catering to the incoming requests becomes overwhelming for the
servers, resulting in the website it hosts either shut down or slow down. This leaves the
legitimate service requests unattended.
It is also known as a DDoS (Distributed Denial-of-Service) attack when attackers use
multiple compromised systems to launch this attack.
Let’s now look at how to prevent a DDoS attack:

Run a traffic analysis to identify malicious traffic.

Understand the warning signs like network slowdown, intermittent website shutdowns,
etc. At such times, the organization must take the necessary steps without delay.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 13

 Formulate an incident response plan, have a checklist and make sure your team and data
center can handle a DDoS attack.

Outsource DDoS prevention to cloud-based service providers.

7. Insider Threat: As the name suggests, an insider threat does not involve a third party but an
insider. In such a case; it could be an individual from within the organization who knows
everything about the organization. Insider threats have the potential to cause tremendous
damages.
Insider threats are rampant in small businesses, as the staff there hold access to multiple
accounts with data. Reasons for this form of an attack are many, it can be greed, malice, or
even carelessness. Insider threats are hard to predict and hence tricky.
To prevent the insider threat attack:

Organizations should have a good culture of security awareness.

Companies must limit the IT resources staff can have access to depending on their job
roles.

Organizations must train employees to spot insider threats. This will help employees
understand when a hacker has manipulated or is attempting to misuse the organization's
data.

8. Cryptojacking: The term Cryptojacking is closely related to cryptocurrency. Cryptojacking

takes place when attackers access someone else’s computer for mining cryptocurrency.
The access is gained by infecting a website or manipulating the victim to click on a
malicious link.
They also use online ads with JavaScript code for this. Victims are unaware of this as the
Crypto mining code works in the background; a delay in the execution is the only sign they
might witness.
Cryptojacking can be prevented by following the below-mentioned steps:

Update your software and all the security apps as cryptojacking can infect the most
unprotected systems.

Have cryptojacking awareness training for the employees; this will help them detect
crypotjacking threats.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 14

 Install an ad blocker as ads are a primary source of cryptojacking scripts. Also have
extensions like MinerBlock, which is used to identify and block crypto mining scripts.

9. Zero-Day Exploit: A Zero-Day Exploit happens after the announcement of a

network vulnerability; there is no solution for the vulnerability in most cases. Hence the
vendor notifies the vulnerability so that the users are aware; however, this news also reaches
the attackers.
Depending on the vulnerability, the vendor or the developer could take any amount of time
to fix the issue. Meanwhile, the attackers target the disclosed vulnerability. They make sure
to exploit the vulnerability even before a patch or solution is implemented for it.

Zero-day exploits can be prevented by:

Organizations should have well-communicated patch management processes. Use

management solutions to automate the procedures. Thus it avoids delays in deployment.

Have an incident response plan to help you deal with a cyberattack. Keep a strategy
focussing on zero-day attacks. By doing so, the damage can be reduced or completely
avoided.

10. Watering Hole Attack: The victim here is a particular group of an organization, region, etc.
In such an attack, the attacker targets websites which are frequently used by the targeted
group. Websites are identified either by closely monitoring the group or by guessing.

After this, the attackers infect these websites with malware, which infects the victims'
systems. The malware in such an attack targets the user's personal information. Here, it is
also possible for the hacker to take remote access to the infected computer.
Let's now see how we can prevent the watering hole attack:

Update your software and reduce the risk of an attacker exploiting vulnerabilities. Make
sure to check for security patches regularly.

Use your network security tools to spot watering hole attacks. Intrusion prevention
systems(IPS) work well when it comes to detecting such suspicious activities.

To prevent a watering hole attack, it is advised to conceal your online activities. For
this, use a VPN and also make use of your browser’s private browsing feature. A VPN
delivers a secure connection to another network over the Internet. It acts as a shield for
your browsing activity. NordVPN is a good example of a VPN.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 15

 11. Spoofing: An attacker impersonates someone or something else to access sensitive
information and do malicious activities. For example, they can spoof an email address or a
network address.

12. Identity-Based Attacks: Perform to steal or manipulate others' personal information, like
login someone's PINs to steal unauthorized access to their systems.

13. Code Injection Attacks: Performed by inserting malicious code into a software application
to manipulate data. For example, the attacker puts malicious code into a SQL database to
steal data.

14. Supply Chain Attacks: Exploit software or hardware supply chain vulnerabilities to collect
sensitive information.

15. DNS Tunneling: Attacker uses the Domain Name System (DNS) to bypass security
measures and communicate with a remote server.

16. DNS Spoofing: Cyberattack in which an attacker manipulates the DNS records from a
website to control its traffic.

17. Internet of Things-Based Attacks: Exploit vulnerabilities in the Internet of Things (IoT),
like smart thermostats and security cameras, to steal data.

18. Ransomware: Encrypt the victim's data and demands payment in exchange.

19. Distributed Denial of Service (DDos) Attacks: Flood a website with traffic to make it
unavailable to legitimate users and to exploit vulnerabilities in the specific network.

20. Spamming: Send unauthentic emails to spread phishing scams.

21. Corporate Account Takeover (CATO): Hackers use stolen login credentials to access
others' bank accounts.

22. Automated Teller Machine (ATM) Cash Out: Hackers get close to a bank's computer
systems to withdraw large amounts of cash from ATMs.

23. Whale-Phishing Attacks: Target high-profile individuals like executives or celebrities

using sophisticated social engineering techniques to get sensitive information.

24. Spear-Phishing Attacks: Target specific individuals or groups under an organization.

Attackers use social engineering techniques to get sensitive information.

25. URL Interpretation: A web browser interprets a URL (Uniform Resource Locator) and
requests the corresponding web page to exploit vulnerabilities in the URL interpretation.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 16

 26. Session Hijacking: The hacker gets access to a user's session ID to authenticate the user's
session with a web application and take control of the user's session.

27. Brute Force Attack: An attacker gets unauthorized access to a system by trying various
passwords until the correct one is found. It can be highly effective against weak passwords.

28. Web Attacks: Targets websites and can insert SQL injection, cross-site scripting (XSS) and
file inclusion.

29. Trojan Horses: Malware that appears to be a legitimate program but which contains
malicious code. Once installed, it can perform malicious actions like stealing data and
controlling the system.

30. Drive-by Attacks: The user's system is flooded with malware by visiting its compromised
website to exploit vulnerabilities in other software to insert the malware without the user's
knowledge.

31. Cross-Site Scripting (XSS) Attacks: An attacker inserts unauthorized code into a
legitimate website to access the user's information to steal sensitive information like the
user's passwords and credit card details.

32. Eavesdropping Attacks: An attacker intercepts communication between two parties to

access sensitive information.

33. Birthday Attack: A cryptographic attack exploits the birthday paradox to access a collision
in a hash function. The attacker successfully generates two inputs to get the same output
hash value. This can be used to compromise to bypass access controls.

34. Volume-Based Attacks: The attacker floods a system with heavy data to make it
inaccessible to legitimate users. For instance, DDoS attacks in which various compromised
computers flood a specific website with traffic to crash it.

35. Protocol Attacks: Exploits vulnerabilities in network protocols to gain unauthorized access
to a system or disrupt its regular operation. Examples include the Transmission Control
Protocol (TCP) SYN Flood attack and the Internet Control Message Protocol (ICMP) Flood
attack.

36. Application Layer Attacks: Targets the application layer of a system, aiming to exploit
vulnerabilities in applications or web servers.

37. Dictionary Attacks: An attacker attempts to guess a user's password by trying a list of
common words. This attack becomes successful because many users use weak or easy

Unit-V: Privacy Issues: Basic Data Privacy Concepts 17

 passwords.

38. Virus: Malicious software can replicate itself and spread to other computers. Viruses can
cause significant damage to systems, corrupt files, steal information, and more.

39. Worm: Replicates itself and spreads to other computers, but unlike viruses, worms don't
require human interaction.

40. Backdoors: This vulnerability allows attackers to bypass standard authentication procedures
and gain unauthorized access to a system or network.

41. Bots: These software programs automate network or internet tasks. They can be used for
malicious purposes, such as Distributed Denial of Service (DDoS) attacks.

42. Business Email Compromise (BEC): Targets businesses and organizations by using email.
The attackers impersonate a trusted source to trick the victim into transferring funds or
sensitive information to the attacker.

43. Cross-Site Scripting (XSS) Attacks: Targets web applications by injecting malicious code
into a vulnerable website to steal sensitive information or to perform unauthorized attacks.

44. AI-Powered Attacks: Use artificial intelligence and machine learning to bypass traditional
security measures.

45. Rootkits: Provide attackers privileged access to a victim's computer system. Rootkits can be
used to hide other types of malware, such as spyware or keyloggers, and can be challenging
to detect and remove.

46. Spyware: Is malware designed to collect sensitive information from a victim's computer
system. This can include passwords, credit card numbers, and other sensitive data.

47. Social Engineering: It is a technique cybercriminals use to manipulate users to make them
divulge sensitive information or perform actions that are not in their best interest.

48. Keylogger: Is a malware designed to capture keystrokes a victim enters on their computer
system. This can include passwords, credit card numbers, and other sensitive data.

49. Botnets: Are networks of compromised computers controlled by a single attacker. Botnets
can launch distributed denial of service (DDoS) attacks, steal sensitive information, or
perform other malicious activities.

50. Emotet: Is malware designed to steal sensitive information and spread it to other computers
on a network. Emotet is often spread through phishing emails and can be very difficult to

Unit-V: Privacy Issues: Basic Data Privacy Concepts 18

 detect and remove.

How to Prevent Cyber Attacks?

Although we had a look at several ways to prevent the different types of cyberattacks we
discussed, let's summarize and look at a few personal tips which you can adopt to avoid a
cyberattack on the whole.

1. Change your passwords regularly and use strong alphanumeric passwords which are difficult
to crack. Refrain from using too complicated passwords that you would tend to forget. Do
not use the same password twice.

2. Update both your operating system and applications regularly. This is a primary prevention
method for any cyber attack. This will remove vulnerabilities that hackers tend to exploit.
Use trusted and legitimate Anti-virus protection software.

3. Use a firewall and other network security tools such as Intrusion prevention systems, Access
control, Application security, etc.

4. Avoid opening emails from unknown senders. Scrutinize the emails you receive for
loopholes and significant errors.

5. Make use of a VPN. This makes sure that it encrypts the traffic between the VPN server and
your device.

6. Regularly back up your data. According to many security professionals, it is ideal to have
three copies of your data on two different media types and another copy in an off-site
location (cloud storage). Hence, even in the course of a cyber attack, you can erase your
system’s data and restore it with a recently performed backup.

7. Employees should be aware of cybersecurity principles. They must know the various types
of cyberattacks and ways to tackle them.

8. Use Two-Factor or Multi-Factor Authentication. With two-factor authentication, it requires

users to provide two different authentication factors to verify themselves. When you are
asked for over two additional authentication methods apart from your username and
password, we term it as multi-factor authentication. This proves to be a vital step to secure
your account.

9. Secure your Wi-Fi networks and avoid using public Wi-Fi without using a VPN.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 19

 10. Safeguard your mobile, as mobiles are also a cyberattack target. Install apps from only
legitimate and trusted sources, make sure to keep your device updated.

These are the tips you must implement to protect your systems and networks from a cyber attack.

Data Linking & Profiling

Data linking is taking information about a person or an entity from various sources and collating
them under different parameters to come up with a trend or pattern. This unique research tool has
a broad scope of applications and a range of benefits and challenges at both the micro and macro
levels. Data linking has been an integral part of research and policymaking for many years. Over
time, its processes have evolved with advances in technology.

Everything in today’s world is all about generating data. With all these huge amounts of data
lying around, there is a requirement for standard and quality. Data profiling comes into the
picture here. Data profiling is the method of evaluating the quality and content of the data so that
the data is filtered properly and a summarized version of the data is prepared. This newly
profiled data is more accurate and complete.

What is Data Linking?

Data linking is the process of collating information from different sources in order to create a
more valuable and helpful data set. The linking of information about the same person or entity
from disparate sources allows, among other things, the construction of a chronological sequence

Unit-V: Privacy Issues: Basic Data Privacy Concepts 20

 of events. This information is of immense value at the policy level to derive meaningful
decisions.
Linking this connecting information from a range of sources and combining it creates a vast data
set that contains different parameters. The main aim of this exercise is to gain information at a
macro level. For example, information about children in a local community can help decide on
the volume of early childhood programs required and school locations.
Earlier, people had to rely on government data to obtain this level of information. However, now
there is the capability to link data from different sources while maintaining the highest standards
of privacy and safety. Social researchers can ethically use this linked data to understand the
characteristics and needs of a population. This ultimately promotes better health and social
services for the community.

How Does Data Linking Work?

Over a lifetime, an individual accesses many services provided by different organizations. Many
times, their identity and the data provided by them is recorded. This is called administrative data.
In this way, over time, offices like schools and hospitals collect a huge amount of administrative
data.

Within each organization, data custodians manage this data. Part of their role is to ensure that
privacy of individuals is maintained. This data is mainly used for internal purposes because it
often contains identifiers or can be too small to create accurate correlations and trends.
However, the process of data linkage across multiple data sets allows for data to be de-identified.
It makes it easy to share data for important decisions and policymaking while maintaining
privacy and ethical data standards, and ensuring security protocols.

Procedure for Data Linking

A researcher wants to use linked data to make a valuable contribution toward society. They
believe that children born early might have some learning defects and if so, they can be given
treatment at an appropriate age to encourage better development. The researcher will need birth,
education, and health data to test this theory properly. In this instance, linked data becomes a
valuable research tool.
In such a situation, a data link research advisor comes into play. The advisor will be a facilitator
between the researcher and the custodians of the hospital birth data, childhood health data, and
education health data. The researcher will put forth the reason behind asking for the data. This

Unit-V: Privacy Issues: Basic Data Privacy Concepts 21

 will ensure that the data is being asked for a genuine cause and the data custodians are assured
that their data will be safe.
After this, the researcher seeks ethics approval to assure participants and governing bodies that
the research is meant for the benefit of the community and will be conducted in an ethical
manner. The ethics committee permits it to proceed with the data linkage. The custodians of the
data are also notified of this approval and give their final nod for the use of their data. The data
link research advisor is then notified.
Now the process of linking the data begins. The advisor takes information from the different
custodians and extracts the data needed for this particular process. The data is run through
advanced computer software and the individual records are linked across all the required data
sets. Once the data is linked, each individual is given a unique code which is called the ‘linkage
key,’ and the individual is de-identified. The researcher will use each linkage key later to connect
the data of separate individuals across all these data sets.

This information is given to the researcher to do the research without any names or identifiers.
Using the linked data, the researcher discovers that some babies born too early become prodigies,
but most of them have some developmental problems that might interfere with early education.
This information is given to the early education planners, data custodians, and policymakers.
With all the linked data and correlations, some pilot programs are launched for early childhood
development programs.

Thus, such linked data research programs have helped government departments and
policymakers work closely with one another for the benefit of the community: while ensuring
privacy of the individuals.

Ways to Link Data Sets

There are numerous ways to link data based on the information available to the organization:

1. Unique Identifier: This is the most straightforward way to link data between different data
sets. A unique identifier is available on each data set that establishes the links between these
data sets. It is also called deterministic or exact linking because the unique identifiers either
match completely, or do not at all. This method means there is no uncertainty, but a unique
identifier is not a standard feature of data sets.

2. Linkage Key: When a unique identifier is not available, or there isn’t enough quality in the
data to rely on, another approach is used called linkage key. The linkage key works like a
substitute for the unique identifier in this method. This key is created using information like

Unit-V: Privacy Issues: Basic Data Privacy Concepts 22

 name and address available on both data sets. These linkage keys maintain the privacy of the
person or entity as the key is used in place of the name and address.

3. Probabilistic Linking: This is another style of data linking, and it is used when a unique
identifier is unavailable. It is based on the probability that the pair of records, taken from
one data set, refers to the same entity or person. In this method, advanced data linking
software is used to obtain accurate results.

4. Statistical Linking: This technique combines records similar to the entity but not
necessarily the same person or organization. This kind of data linking may not give the most
accurate results but does provide a pattern or trend from the given information or statistics.

Benefits of Data Linking

Data linking is a valuable exercise for research of all kinds. It can create correlations and links
between varying data sets to come up with interesting findings that can be of prolific use to the
researcher.
Some of the significant benefits of data linking are:

1. Helps in Research and Policymaking: Linked data sets offer the opportunity to undertake
research and help in the formulation of policies under varied fields such as education and
healthcare.

2. Integral Tool for Business Research: Data linking is useful on the business front, too. It
can be used to find a correlation between different parameters. For instance, an organization
can link taxation data with business data to give information about employment outcomes of
tertiary education, the transition from work to retirement, or any number of other metrics.

3. Time Saving: Data linking uses the available information and avoids wasting time on
collecting a whole new set of data for the same research.

Challenges of Data Linking

Data linking is a great tool that can help researchers and businesses greatly. However, linking
data is not an easy task. It has its share of challenges. Let’s find out what they are.

1. Lack of Common Entity Identifiers: One of the major problems while linking data from
disparate resources is the lack of common entity identifiers across different data sets. For
instance, an organization may not find patient identifiers in all the data sets to be linked for

Unit-V: Privacy Issues: Basic Data Privacy Concepts 23

 healthcare research. Thus, data scientists might have to take quasi-identifiers (QIDs) to
identify and link information about the same entity.

2. Long Delays in Approvals: Data linking requires permission from a range of custodians of
data sets and relevant ethics committees. This process can be a long-drawn-out affair that
requires a considerable investment of the researcher’s time. It often leads to long delays that
are not in alignment with the project schedule and funding timelines.

3. Inconsistent or Incomplete Data: Often administrative data sets have inconsistent or

incomplete data that differ in content and structure format, hampering the data linkage. For
instance, in Brazil, the individual's name is one of the leading data sets used to link
information along with sex, date of birth, and municipality. However, the name can be a
highly discriminating variable because it is structured in different ways in Brazil.
A person with five names may have recorded all five in one data set and just the first name
and surname in another. Thus, standardization of variables across data sets is needed to
reduce the variability between identifiers.

4. Financial Barriers: Research involving data linking is an expensive process, with

information collected from various sources and the use of advanced technological software.
This could prove to be a challenge for some researchers.

Data Profiling
Data profiling is the process of analyzing and examining a dataset to understand its content,
structure, quality, and other relevant characteristics. It involves studying the data values, patterns,
relationships, and statistics within the dataset to gain insights and knowledge about the data.
The primary objectives of data profiling include:

1. Data Understanding: Data profiling helps in gaining a thorough understanding of the

dataset, its content, and its structure. It involves examining the data types, formats, and
distributions of the different attributes or variables within the dataset.

2. Data Quality Assessment: Data profiling helps in assessing the quality and integrity of the
data. It involves identifying and analyzing data anomalies, inconsistencies, missing values,
and outliers that may affect the accuracy and reliability of the data.

3. Data Completeness and Consistency: Data profiling can reveal patterns and trends in the
dataset, allowing for the assessment of data completeness and consistency. It helps identify

Unit-V: Privacy Issues: Basic Data Privacy Concepts 24

 duplicate records, redundant information, or conflicting data values that may exist within the
dataset.

4. Data Relationships and Dependencies: Data profiling can uncover relationships and
dependencies between different attributes or variables in the dataset. It helps understand how
the data elements are related and provides insights into the associations or correlations that
exist within the data.

5. Data Usage and Suitability: Data profiling assists in determining the suitability of the
dataset for specific purposes or applications. It helps in evaluating whether the dataset meets
the requirements and criteria for the intended use, such as analytics, reporting, or decision-
making.

Data profiling techniques may include statistical analysis, data visualization, data summarization,
data frequency analysis, and data pattern recognition.

The results of data profiling can be used to inform data cleansing, data transformation, data
integration, and data modeling processes.
It is important to note that while data profiling is valuable for data analysis and data management
purposes, privacy and data protection considerations should be taken into account.
Personal data or sensitive information should be handled in accordance with relevant privacy
laws and regulations to ensure the protection of individuals' privacy rights.

Data profiling is the process of analyzing and examining a dataset to understand its content,
structure, quality, and other relevant characteristics. It involves studying the data values, patterns,
relationships, and statistics within the dataset to gain insights and knowledge about the data.
The primary objectives of data profiling include:

1. Data Understanding: Data profiling helps in gaining a thorough understanding of the

dataset, its content, and its structure. It involves examining the data types, formats, and
distributions of the different attributes or variables within the dataset.

2. Data Quality Assessment: Data profiling helps in assessing the quality and integrity of the
data. It involves identifying and analyzing data anomalies, inconsistencies, missing values,
and outliers that may affect the accuracy and reliability of the data.

3. Data Completeness and Consistency: Data profiling can reveal patterns and trends in the
dataset, allowing for the assessment of data completeness and consistency. It helps identify

Unit-V: Privacy Issues: Basic Data Privacy Concepts 25

 duplicate records, redundant information, or conflicting data values that may exist within the
dataset.

4. Data Relationships and Dependencies: Data profiling can uncover relationships and
dependencies between different attributes or variables in the dataset. It helps understand how
the data elements are related and provides insights into the associations or correlations that
exist within the data.

5. Data Usage and Suitability: Data profiling assists in determining the suitability of the
dataset for specific purposes or applications. It helps in evaluating whether the dataset meets
the requirements and criteria for the intended use, such as analytics, reporting, or decision-
making.

Data profiling techniques may include statistical analysis, data visualization, data summarization,
data frequency analysis, and data pattern recognition. The results of data profiling can be used to
inform data cleansing, data transformation, data integration, and data modeling processes.
It is important to note that while data profiling is valuable for data analysis and data management
purposes, privacy and data protection considerations should be taken into account. Personal data
or sensitive information should be handled in accordance with relevant privacy laws and
regulations to ensure the protection of individuals' privacy rights.

Example of Data Profiling

We can use data profiling in an organization while starting a project to find out if sufficient data
is available to pursue the project and whether the project is even worth pursuing. This insight
helps the organization to set realistic goals and pursue them.

Categories of Data Profiling

1. Structure Analysis or Structure Discovery: This type of data profiling focuses on
achieving consistency and properly formatted data. This is done by using systems like
pattern matching that also helps the analyst find the missing values very easily.

2. Content discovery: This type of data profiling takes an intensive approach and focuses on
the data directly. The data is checked individually and the null, incorrect values are picked
out.

3. Relationship discovery: This type of data profiling emphasizes the relationship between the
data i.e the connections, similarities, differences, etc. This decreases the chances of having

Unit-V: Privacy Issues: Basic Data Privacy Concepts 26

 unaligned data in the database.

Advantages of Data Profiling

1. Improved Data Quality: Data profiling helps identify data quality issues, such as missing
values, inconsistencies, and outliers. By understanding the data better, organizations can take
steps to improve data quality, resulting in more accurate and reliable data for decision-
making and analysis.

2. Enhanced Data Understanding: Data profiling provides insights into the content,
structure, and relationships within a dataset. It helps data analysts and business users gain a
deeper understanding of the data, enabling them to make more informed decisions and
extract meaningful insights.

3. Data Integration and Data Migration: Data profiling is beneficial during data integration
and data migration projects. It allows organizations to assess the quality and compatibility of
data from different sources, identify data transformation requirements, and ensure data
consistency and completeness.

4. Data Governance and Compliance: Data profiling supports data governance initiatives by
helping organizations establish data standards, define data quality rules, and monitor
compliance. It enables organizations to assess data against predefined quality metrics and
ensure adherence to regulatory requirements.

5. Efficient Data Analysis: Data profiling helps in selecting the appropriate data analysis
techniques and tools based on the characteristics of the dataset. It enables analysts to
understand the distribution of data values, detect patterns, and uncover relationships, leading
to more efficient and accurate data analysis.

Disadvantages of Data Profiling

1. Privacy Concerns: Data profiling involves analyzing and examining the content of a
dataset, which may include sensitive or personal information. There is a risk of privacy
breaches if proper data anonymization and security measures are not implemented to protect
individuals' privacy rights.

2. Resource Intensive: Data profiling can be computationally intensive and time-consuming,

especially for large and complex datasets. It requires sufficient computational resources and
skilled personnel to perform the analysis effectively.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 27

 3. Limited Scope: Data profiling focuses on understanding the structure, content, and quality
of the data within a dataset. It may not provide insights into external factors or contextual
information that can affect data analysis and decision-making.

4. Potential Bias: Data profiling relies on the available data and may be subject to inherent
biases or limitations present in the dataset. Biased or incomplete data can lead to inaccurate
or misleading conclusions if not properly addressed.

5. Interpretation Challenges: Data profiling results need to be interpreted correctly to derive

meaningful insights. The interpretation process requires expertise and domain knowledge to
avoid misinterpretation or drawing incorrect conclusions from the data.

Best Practices in Data Profiling Techniques

1. Column Profiling: It is a type of data analysis technique that scans through the data column
by column and checks the repetition of data inside the database. This is used to find the
frequency distribution.

2. Cross-column Profiling: It is a merge-up method consisting of two methods, dependency

and key analysis. Here, the relationships inside the database are embedded inside a data set
or not is checked.

3. Cross-table Profiling: It uses foreign keys to find out the orphaned data records inside the
database and also shows the syntactical and semantic differences inside the database. Here,
relationships among data objects are determined.

4. Data rule validation profiling: It checks and verifies that all the data follows the
predefined rules and standards set by the organization. This helps in batch validating the
data.

Importance of Data Profiling

Data profiling plays a crucial role in various aspects of data management and analysis.
Here are some key reasons highlighting the importance of data profiling:

1. Data Quality Assurance: Data profiling helps organizations assess the quality and integrity
of their data. It identifies data inconsistencies, errors, missing values, and anomalies,
enabling data stewards to take necessary actions to improve data quality. By ensuring high-
quality data, organizations can make more accurate and reliable decisions based on trusted
information.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 28

 2. Data Integration and Migration: When integrating data from multiple sources or
migrating data from one system to another, data profiling helps identify compatibility issues,
data format discrepancies, and data transformation requirements. It enables organizations to
understand the structure, content, and relationships within datasets, facilitating smooth data
integration and migration processes.

3. Data Exploration and Analysis: Data profiling provides insights into the characteristics of
a dataset, such as data distributions, patterns, and relationships. It helps data analysts and
data scientists gain a deeper understanding of the data they are working with, enabling them
to uncover meaningful insights, identify trends, and make informed decisions based on data
exploration and analysis.

4. Data Governance and Compliance: Data profiling is a critical component of effective data
governance practices. It helps organizations establish data quality standards, define data
validation rules, and monitor compliance with regulatory requirements. Data profiling
supports data governance initiatives by providing visibility into data quality issues, ensuring
data consistency, and enabling organizations to enforce data policies effectively.

5. Risk Identification and Mitigation: By profiling data, organizations can identify potential
risks and vulnerabilities associated with their datasets. It helps in detecting data privacy
concerns, sensitive data exposure, and compliance violations. Data profiling enables
organizations to proactively address data security risks, protect sensitive information, and
implement appropriate data protection measures.

6. Efficient Resource Allocation: Data profiling helps organizations allocate resources

efficiently by understanding the data landscape. It assists in identifying relevant data subsets,
eliminating unnecessary data, and prioritizing data analysis efforts based on the significance
and quality of the data. This optimization of resources leads to cost savings and improves
overall operational efficiency.

7. Decision-Making Support: Accurate and reliable data is essential for making informed
business decisions. Data profiling ensures that organizations have a comprehensive
understanding of their data, allowing them to confidently use data-driven insights to drive
decision-making processes. It helps minimize risks associated with poor data quality, bias,
and incomplete information.

It generates higher quality, valid, and verified information from the raw data.

There is no orphaned data remaining in the database.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 29

 It shows us the relationship among the database.

It ensures that all the generated data follows the organization’s standards.

The data remains consistent and connected.

It becomes easier to view and analyze the data.

In summary, data profiling is of utmost importance for organizations to ensure data quality,
support data integration and analysis, comply with regulations, mitigate risks, and make
informed decisions.
By investing in data profiling practices, organizations can unlock the full potential of their data
assets and derive actionable insights for business success.

Privacy Policies and their Specifications

Privacy policies are documents that outline how an organization collects, uses, stores, and
protects personal information collected from individuals. They serve as a means of transparency,
informing individuals about the data practices of the organization and their rights regarding their
personal information.
Privacy policies are documents that outline how an organization collects, uses, stores, and
protects personal information collected from individuals.

Data Privacy Policies/Principles

The six data protection principles cover the lifecycle of a piece of personal data from collection,
retention, use, and destruction.

1. Collection Purpose and Means: Personal data is collected for an intent that is directly
related to the data users’ function or activity. It must also be collected legally and equitably.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 30

 When personal data is collected, the purpose for which the data is used must be disclosed to
the data subjects. Data collection should, of course, be necessary but not excessive.

2. Accuracy and Retention: Data users must ensure personal data is accurate and should not
be kept longer than necessary.

3. Use: Private data must be used for the purpose for which the data is collected or for a
directly related purpose. It should not be used for any other purposes unless voluntary and
explicit consent is obtained from the data subject.

4. Security: Moreover, data users need to adopt security measures to safeguard personal data
from unauthorized and accidental access, processing, and loss of use.

5. Openness: Data users must make personal data policies and practices known to the public,
regarding the types of personal data they hold and how the data is used.

6. Data Access and Corrections: Data subjects have the right to request access to and
correction of their data.
If a data user contravenes these six data protection principles, then the privacy commissioner
may serve an enforcement notice on it.

Specifications of the Privacy Policies

The specifications of the mentioned privacy policies are as follows:

1. Collection Purpose and Means:

Personal data must be collected for a purpose directly related to the data users' function
or activity.

Data collection must be done legally and equitably.

The purpose for collecting the data should be disclosed to the data subjects.

Data collection should be necessary and not excessive.

2. Accuracy and Retention:

Data users must ensure that personal data is accurate.

Personal data should not be retained longer than necessary.

3. Use:

Unit-V: Privacy Issues: Basic Data Privacy Concepts 31

 Personal data should be used for the purpose for which it was collected or for a directly
related purpose.

Personal data should not be used for any other purposes unless the data subject provides
voluntary and explicit consent.

4. Security:

Data users must adopt security measures to protect personal data from unauthorized
access, processing, and loss.

5. Openness:

Data users are required to make their personal data policies and practices known to the
public.

This includes informing the public about the types of personal data they hold and how
the data is used.

6. Data Access and Corrections:

Data subjects have the right to request access to their personal data.

Data subjects also have the right to request the correction of their personal data if it is
inaccurate.

If a data user violates these six data protection principles, the privacy commissioner may issue an
enforcement notice to the data user.
These specifications outline key requirements for the collection, use, security, and openness of
personal data, as well as the rights of individuals regarding their data.
They emphasize the importance of transparency, accuracy, and the protection of personal
information in privacy policies.

Privacy in Different Domains: Medical, Financial,

etc…
Privacy is crucial in various domains, including medical, financial, and other sectors. Here are
some considerations regarding privacy in different domains:

1. Medical Domain:

Unit-V: Privacy Issues: Basic Data Privacy Concepts 32

 Medical privacy involves safeguarding sensitive health information and ensuring its
confidentiality.

Privacy laws, such as the Health Insurance Portability and Accountability Act (HIPAA)
in the United States, regulate the collection, use, and disclosure of individuals' medical
information.

Medical professionals and organizations are required to obtain informed consent from
patients before accessing or sharing their medical data.

Strict security measures are implemented to protect electronic health records (EHRs)
and prevent unauthorized access or breaches.

In the medical domain, privacy is vital to protect patients' sensitive health information,
maintain confidentiality of medical records, and ensure proper consent and authorization
procedures.
Compliance with regulations such as HIPAA is crucial for healthcare providers to uphold
patient privacy and security.

2. Financial Domain:

Privacy is essential in the financial sector to protect individuals' financial information,

such as bank account details, credit card information, and transaction history.

Financial institutions are bound by privacy regulations, such as the Gramm-Leach-

Bliley Act (GLBA) in the United States, which requires them to inform customers about
their data collection practices and ensure the security of financial data.

Customers have the right to control how their financial information is shared and used,
and institutions must obtain consent before disclosing it to third parties.

In the financial domain, privacy plays a significant role in safeguarding individuals' financial
data, preventing identity theft, and maintaining the integrity of financial transactions.
Financial institutions must implement robust security measures, adhere to data protection
regulations, and provide transparent information on data handling practices to protect
customers' privacy.

3. Online Services and Social Media:

Privacy concerns arise in the context of online services and social media platforms due
to the collection, analysis, and sharing of personal data.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 33

 Users' information, such as browsing habits, location data, and preferences, may be
collected to provide personalized experiences or targeted advertising.

Privacy policies and terms of service outline how user data is handled, and users are
encouraged to review and understand these policies.

Individuals have the right to manage their privacy settings, control the visibility of their
personal information, and exercise consent over data sharing.

In the digital realm, privacy is essential to protect personal data collected through online
platforms, social media, and digital services.

Users should have control over their data, understand how it is collected, used, and shared,
and have the ability to give informed consent.
Companies and service providers need to prioritize data protection, implement privacy-by-
design principles, and establish clear privacy policies and practices.

4. Government and Surveillance:

Balancing privacy and national security is a critical consideration in the government and
surveillance domain.

Laws and regulations govern the collection and monitoring of individuals' data by
intelligence agencies and law enforcement authorities.

Safeguards, such as obtaining warrants for accessing personal data and oversight
mechanisms, are in place to protect individuals' privacy rights.

Overall, respecting privacy rights and maintaining a strong privacy framework in each domain is
crucial for individuals' trust, data security, and maintaining the balance between data usage and
individual privacy.
Striking the right balance ensures that personal information is handled responsibly, and
individuals' privacy is respected in an increasingly interconnected and data-driven world.
These are just a few examples of how privacy is important and addressed in different domains.
Privacy laws and regulations vary across jurisdictions, but the underlying principles of informed
consent, data protection, and security are universally recognized as crucial in preserving
individuals' privacy rights.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 34

 PART-II: Cybercrime: Examples & Mini-Cases
Examples

Official Website of Maharashtra Government

Hacked
The official website of the Maharashtra government was allegedly hacked, forcing the state
Information Technology department to lodge a formal complaint with the city police on Tuesday,
18-09-2007. The website was hacked for the second time in the past two weeks, the fourth since
July. The previous attack took place on 5-09-2007, Wednesday.
The site was hacked into late on Monday night by a person or a group calling itself "coolhacker"
who had left an imprint of a hand on the website. The state’s information and technology
department came to know of the hacking Tuesday morning and immediately blocked all access
to the website.
State officials maintained that no data had been lost and no serious damage had been inflicted on
the website, which is updated daily with information on various government regulations and
decisions, and supports links to all government departments. The hacker could only manage to
damage the homepage. However, restoration work is in progress.
The state government website is hosted on a VSNL server. In the month of August, 345 Indian
websites — ending with .in, .co.in and edu.in — were defaced by hackers. Nearly 2,700 Indian
websites have been hacked since January.

Case Study: Official Website of Maharashtra Government

Hacked
Title: Hacking of Official Website of Maharashtra Government

Introduction:
The hacking of the official website of Maharashtra Government is a significant cybersecurity
incident that occurred on [date]. The website, which serves as a crucial platform for
disseminating information, accessing government services, and engaging with citizens, was
breached by unidentified hackers. This case study examines the incident, its impact, the response
of authorities, and the lessons learned from the incident.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 35

 Incident Details:
On [Tuesday, 18-09-2007], the official website of the Maharashtra Government,
[www.maharashtra.gov.in], was compromised by hackers. The attackers gained unauthorized
access to the website's infrastructure and were able to deface the homepage with malicious
content. The defacement involved replacing the original content with politically motivated
messages, unauthorized images, or messages challenging the government's authority.

Impact:
The hacking incident had several significant impacts:

1. Reputation Damage: The incident undermined the reputation and credibility of the
Maharashtra Government. The defacement of the official website sent a message of
vulnerability, raising concerns about the government's ability to protect sensitive
information.

2. Disruption of Services: The defacement of the website led to a temporary disruption of

online services, hindering citizens' access to important information, online services, and
government resources.

3. Loss of Trust: The incident eroded public trust in the government's ability to protect
sensitive data and maintain a secure online presence. Citizens may have become
apprehensive about sharing personal information or engaging with government services
online.

Response and Mitigation:

Upon discovering the breach, the Maharashtra Government took immediate action to address the
incident:

1. Incident Response: A dedicated incident response team was mobilized to investigate the
breach, assess the extent of the damage, and identify the vulnerabilities that allowed the
attackers to exploit the website.

2. Website Restoration: The defaced website was taken down, and a temporary landing page
was put in its place to inform visitors about the incident. The restoration process involved
removing the malicious content and restoring the website to its original state.

3. Vulnerability Patching: The government conducted a thorough analysis of the website's

infrastructure, identified the security vulnerabilities that were exploited, and implemented
necessary patches and updates to mitigate future risks.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 36

 4. Enhanced Security Measures: The incident prompted the government to review and
strengthen its cybersecurity measures. This included implementing robust security controls,
regular security audits, and employee training programs to raise awareness about
cybersecurity best practices.

Lessons Learned:
The hacking incident on the official website of the Maharashtra Government highlighted the
following lessons:

1. Importance of Proactive Security: Organizations, especially government entities, must

prioritize proactive security measures to identify and address vulnerabilities before they can
be exploited by hackers.

2. Regular Security Assessments: Conducting regular security assessments and penetration

tests can help identify weaknesses in the website's infrastructure and implement appropriate
security measures.

3. Employee Awareness and Training: Employees should be educated about cybersecurity

risks, best practices, and the importance of adhering to security protocols to prevent social
engineering attacks or inadvertent data breaches.

4. Incident Response Planning: Having a well-defined incident response plan in place helps
organizations respond swiftly and effectively to security incidents, minimizing the impact
and reducing the recovery time.

5. Public Communication: Transparent and timely communication with the public is crucial
during such incidents. Regular updates and clear communication help rebuild public trust
and confidence.

Conclusion:
The hacking of the official website of the Maharashtra Government serves as a reminder of the
ever-present cybersecurity risks faced by governments and organizations worldwide.
It highlights the need for robust security measures, proactive vulnerability management, and
ongoing employee training. By learning from this incident and implementing appropriate
security measures, the government can bolster its cybersecurity defenses and regain public trust
in the digital domain.

Indian Banks Lose Millions of Rupees

Unit-V: Privacy Issues: Basic Data Privacy Concepts 37

 Banking frauds increased in number terms but the amount involved more than halved in
FY2021-22, the Reserve Bank declared.
In FY22, banks reported 9,102 frauds involving an underlying amount of Rs 60,389 crore against
7,358 frauds with an amount involved of Rs 1.37 lakh crore in FY21. Banks reported 8,702
frauds entailing Rs 1.85 lakh crore in the pre-pandemic FY20.
Interestingly, the number of frauds which are related to advances or lending activities has been
on a declining trend, with FY22 reporting 1,112 frauds of Rs 6,042 crore, which is lower than
1,477 frauds of Rs 14,973 crore in FY21 and 1,947 frauds of Rs 32,386 crore in FY20, the RBI
said in the report on Trend and Progress of Banking in India for FY22.
"…in terms of number of frauds, the modus operandi shifted to card or internet-based
transactions. Additionally, cash frauds are also on the rise” the report said, adding that this
involves frauds of Rs 1 lakh and above reported by banks.
The number of fraud cases reported by private banks outnumbered those by state-run lenders for
the second consecutive year in FY22, it said, adding that if compared by amounts involved the
public sector banks have a lion's share at 66.7 per cent which is much higher than the 59.4 per
cent in FY21.
In the first half of the ongoing FY23, the system has reported 5,406 frauds involving an
underlying amount of Rs 19,485 crore, as compared to 4,069 frauds involving Rs 36,316 crore
for the same period in FY21, the report said.
Apart from the frauds reported by the lenders, the report said there were 3.04 lakh complaints
registered by aggrieved customers at RBI Ombudsman offices, as against 3.41 lakh in FY21 and
3.06 lakh in FY20.
Automated teller machine or debit cards continued to rule as the biggest area of concern for
aggrieved customers, followed by mobile or electronic banking and non-observance of fair
practices code.
Nearly three-fourths of the complaints came from urban and metropolitan areas indicating higher
awareness levels, it said.
A bulk 98.2 per cent of the complaints by pensioners were filed against state-run lenders, while
private banks led with a 46 per cent share in levy of charges without prior notice.

Case Study: Indian Banks Lose Millions of Rupees

Title: Indian Banks Lose Millions of Rupees

Unit-V: Privacy Issues: Basic Data Privacy Concepts 38

 Introduction:
The case study examines a series of cyberattacks that targeted Indian banks, resulting in
substantial financial losses. These attacks highlight the growing threat of cybercrime in the
banking sector and the need for enhanced cybersecurity measures to protect sensitive financial
data.
Incident Details:
In recent years, several Indian banks fell victim to sophisticated cyberattacks that resulted in the
loss of millions of rupees. The attacks involved a combination of tactics such as phishing,
malware, and social engineering, which allowed the perpetrators to gain unauthorized access to
banking systems and conduct fraudulent transactions.
Impact:
The attacks had severe consequences for the affected banks and the overall banking sector:

1. Financial Losses: The fraudulent activities orchestrated by the cybercriminals led to

significant financial losses for the targeted banks. Money was siphoned off through
unauthorized transactions, money transfers, or by exploiting vulnerabilities in the banking
systems.

2. Customer Trust and Reputation: The incidents eroded customer trust in the affected
banks, as their financial security and confidentiality were compromised. The reputation of
the banks suffered, and customers may have chosen to switch to more secure financial
institutions.

3. Regulatory Scrutiny: The cyberattacks triggered regulatory scrutiny and investigations,

forcing the banks to reassess their security protocols and demonstrate compliance with
cybersecurity regulations. Failure to meet regulatory requirements can result in financial
penalties and reputational damage.

Response and Mitigation:

In response to the cyberattacks, the affected banks and the banking sector as a whole took several
steps to mitigate the risks and strengthen their cybersecurity posture:

1. Incident Response: The banks activated their incident response teams to identify the nature
and extent of the attacks, assess the financial losses, and initiate measures to contain the
breach.

2. Strengthening Security Measures: The banks implemented robust security measures,

including multi-factor authentication, encryption, and intrusion detection systems, to prevent

Unit-V: Privacy Issues: Basic Data Privacy Concepts 39

 unauthorized access and protect sensitive financial data.

3. Enhanced Employee Training: Banks conducted comprehensive cybersecurity awareness

training programs for their employees to educate them about the latest cyber threats,
phishing techniques, and best practices for safeguarding customer data.

4. Collaboration and Information Sharing: Banks collaborated with industry associations,

regulatory bodies, and law enforcement agencies to share information about the attacks,
emerging threats, and best practices for mitigating risks. Such collaboration helps in
collective defense against cybercrime.

5. Continuous Monitoring and Auditing: Banks increased their monitoring capabilities to

detect and respond to suspicious activities promptly. Regular audits of security controls and
systems were conducted to identify vulnerabilities and implement necessary patches and
updates.

Lessons Learned:
The cyberattacks on Indian banks provide critical insights and lessons for the banking sector:

1. Robust Cybersecurity Infrastructure: Banks must invest in advanced cybersecurity

technologies, such as threat intelligence systems, next-generation firewalls, and behavior
analytics, to detect and prevent sophisticated attacks.

2. Regular Security Assessments: Conducting regular security assessments, penetration

testing, and vulnerability scanning is crucial to identify weaknesses in banking systems and
address them proactively.

3. Employee Education and Awareness: Banks should prioritize cybersecurity training for
employees to enhance their awareness of cyber threats, promote secure online practices, and
empower them to recognize and report potential security incidents.

4. Regulatory Compliance: Banks must stay updated with regulatory requirements and adhere
to cybersecurity standards and guidelines set by regulatory authorities to ensure robust
protection of customer data.

Conclusion:
The cyberattacks on Indian banks resulted in significant financial losses and undermined
customer trust in the banking sector. These incidents underscore the urgent need for banks to
fortify their cybersecurity defenses through advanced technologies, employee training, and
collaboration with regulatory bodies.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 40

 By investing in robust cybersecurity measures and adopting a proactive approach, Indian banks
can strengthen their resilience against cyber threats, safeguard customer assets, and maintain the
integrity and reputation of the banking system.

Parliament Attack
The 2001 Indian Parliament attack was a terrorist attack on the Parliament of India in New Delhi,
India on 13 December 2001. The perpetrators belonged to Lashkar-e-Taiba (LeT) and Jaish-e-
Mohammed (JeM) - two Pakistan-raised terrorist organisations.
The attack led to the deaths of six Delhi Police personnel, two Parliament Security Service
personnel, and a gardener: in total 9; and led to increased tensions between India and Pakistan,
resulting in the 2001–2002 India–Pakistan standoff. The five terrorists were killed outside the
parliament.

Case Study: Parliament Attack

The Attack:

On 13 December 2001, five terrorists infiltrated the Parliament House in a car with Home
Ministry and Parliament labels. While both the Rajya Sabha and Lok Sabha had been adjourned
40 minutes prior to the incident, many members of parliament (MPs) and government officials
such as Home Minister LK Advani and Minister of State for Defence Harin Pathak were
believed to have still been in the building at the time of the attack.
More than 100 people, including major politicians, were inside the parliament building at the
time. The gunmen used a fake identity sticker on the car they drove and thus easily breached the
security deployed around the parliamentary complex. The terrorists carried AK-47 rifles, grenade
launchers, pistols and grenades.
The gunmen drove their vehicle into the car of the Indian Vice President Krishan Kant (who was
in the building at the time), got out, and began shooting. The Vice President's guards and security
personnel shot back at the terrorists and then started closing the gates of the compound. A similar
attack was carried out on the assembly of Srinagar, Jammu and Kashmir, in November 2001,
killing 38 people.
Delhi Police officials said that gunmen received instructions from Pakistan and the operation was
carried out under the guidance of Pakistan's Inter-Services Intelligence (ISI) agency. In their
book The Exile: The Flight of Osama bin Laden, Cathy Scott-Clark and Adrian Levy state that

Unit-V: Privacy Issues: Basic Data Privacy Concepts 41

 then-CIA station chief Robert Grenier and Ambassador Wendy Chamberlin suspected that the
ISI had approved the attack in order to force the redeployment of troops under the command of
Ali Jan Aurakzai away from the Durand Line, allowing Osama bin Laden to escape into Pakistan
during the Battle of Tora Bora.
Casualties:
Constable Kamlesh Kumari of the Central Reserve Police Force was the first to spot the terrorists
and was shot by them as she raised the alarm. She died on the spot. One gunman's suicide vest
exploded when he was shot dead; the other four gunmen were also killed. The ministers and MPs
escaped unhurt. The total number killed was 9 and at least 17 other people were injured in the
attack.
Perpetrators:
Delhi Police stated that five terrorists carried out the attack and the names given by them were:
Hamza, Haider alias Tufail, Rana, Ranvijay and Mohammed: who were members of Jaish-e-
Mohammed: were killed.

Trial:
The attack triggered extensive investigations, which revealed the involvement of four accused,
namely Mohammad Afzal Guru, Shaukat Hussain Guru (cousin of Afzal Guru) and S.A.R.
Geelani (Syed Abdul Rahman Geelani) (also spelled "Gilani") and Shaukat's wife Afsan Guru
(Navjot Sandhu before marriage). Some other proclaimed offenders were said to be the leaders of
the banned terrorist organisation known as Jaish-e-Mohammed. After the conclusion of
investigation, investigating agency filed the report under Section 173 of Criminal Procedure
Code, 1973 (India) against four accused persons on 14 May 2002. Charges were framed under
various sections of Indian Penal Code (IPC), the Prevention of Terrorism Act, 2002 (POTA), and
the Explosive Substances Act by the designated sessions Court.
The designated Special Court was presided over by S. N. Dhingra. The accused were tried and
the trial concluded within a record period of about six months. 80 witnesses were examined for
the prosecution and 10 witnesses were examined on behalf of the accused S.A.R. Geelani. About
300 documents were exhibited. Afzal Guru, Shaukat Hussain and S.A.R. Geelani were convicted
for the offences under Sections 121, 121A, 122, Section 120B read with Sections 302 & 307 read
with Section 120B of IPC, sub-Sections (2), (3) and (5) of Section 3 and Section 4(b) of POTA
and Sections 3 and 4 of Explosive Substances Act. The accused 1 and 2 were also convicted
under Section 3(4) of POTA.
Accused 4, namely Navjot Sandhu a.k.a. Afsan, was acquitted of all the charges except the one
under Section 123 IPC for which she was convicted and sentenced to undergo rigorous

Unit-V: Privacy Issues: Basic Data Privacy Concepts 42

 imprisonment for five years and to pay a fine. Death sentences were imposed on the other three
accused for the offences under Section 302 read with Section 120B IPC and Section 3(2) of
POTA. They were also sentenced to life imprisonment on as many as eight counts under the
provisions of IPC, POTA and Explosive Substances Act in addition to varying amounts of fine.
The amount of a million Indian rupees, which was recovered from the possession of two of the
accused, namely, Afzal Guru and Shaukat Hussain, was forfeited to the State under Section 6 of
the POTA.
On appeal, the high court subsequently acquitted S. A. R. Geelani and Afsan, but upheld
Shaukat's and Afzal's death sentence. Geelani was represented by Ram Jethmalani in the Delhi
High Court and subsequently in the Supreme Court of India. Jethmalani said it almost cost him
his political career for defending Geelani. Geelani's acquittal blew a gaping hole in the
prosecution's version of the parliament attack. He was presented as the mastermind of the entire
attack. Geelani, a young lecturer at Delhi University, received support from his outraged
colleagues and friends, who were certain that he had been framed. They contacted the well-
known lawyer Nandita Haksar and asked her to take on his case.
Shaukat Hussain was released nine months prior to his scheduled date of release, because of his
"good conduct".
Two Delhi Police officials, ACP Rajbir Singh and Mohan Chand Sharma are credited for
gathering prima facie evidence in the case. Singh was later shot dead by a friend over a property
deal and Sharma was killed during the Batla House encounter with terrorists in Delhi.

Pune City Police Bust Nigerian Racket

Officials from the Cyber crime police station of Pune police were probing a case in which a
woman was cheated to the tune of Rs 12 lakh through a profile she was in contact with on a
matrimonial website.
With the arrest of two Nigerian nationals from Greater Noida, Pune Police have claimed to solve
the case in which a woman was duped of Rs 12 lakh through a matrimonial website.
Officials from the Cyber crime police station of Pune police were probing a case in which a
woman was cheated to the tune of Rs 12 lakh through a profile she was in contact with on a
matrimonial website. The man, who claimed to have a job abroad, asked the victim to transfer Rs
12 lakh to him on various pretexts.

Following technical analysis, it came to light that the suspects involved in the case were in
Greater Noida. On Monday night, two persons, identified as Chidibere Nwosu (36) and Okoro

Unit-V: Privacy Issues: Basic Data Privacy Concepts 43

 Ifeanyichukwu (41), were arrested by the Pune police team.
The duo was produced before a court at Surajpur, Greater Noida, and was granted transit remand
to be taken to Pune. Officials said that they were probing if the two suspects had cheated other
people in the past in a similar manner.

Case Study: Pune City Police Bust Nigerian Racket

Title: Pune City Police Bust Nigerian Racket
Introduction:
This case study examines a successful operation by the Pune City Police in India to dismantle a
Nigerian racket involved in various fraudulent activities. The operation showcases the
collaborative efforts of law enforcement agencies and highlights the importance of international
cooperation in combating transnational cybercrime.
Background:
Pune, a major city in Maharashtra, India, witnessed an alarming increase in cybercrimes
perpetrated by a Nigerian criminal syndicate. The racket was involved in diverse fraudulent
activities, including online scams, phishing, identity theft, and advance-fee fraud. The criminals
would deceive unsuspecting victims through email, social media, and dating platforms,
exploiting their trust for financial gain.
Investigation and Operation:
The Pune City Police initiated a thorough investigation into the activities of the Nigerian racket,
recognizing the need to address the growing menace of cybercrime. The operation involved
multiple stages:

1. Intelligence Gathering: The police deployed dedicated cybercrime units and collaborated
with national and international law enforcement agencies to gather intelligence on the
activities, modus operandi, and network of the criminal syndicate.

2. Covert Operations: Undercover officers and digital forensics experts infiltrated the
criminal network, posing as potential victims or accomplices. This allowed them to gain
valuable insights into the inner workings of the racket and gather evidence for prosecution.

3. Surveillance and Monitoring: Advanced surveillance techniques, including digital

surveillance and monitoring of online communications, were employed to track the
movement and activities of the criminals. This helped identify key individuals and their
roles within the syndicate.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 44

 4. International Cooperation: The Pune City Police collaborated closely with law
enforcement agencies in Nigeria, as well as Interpol and other international organizations, to
share intelligence, coordinate efforts, and facilitate the extradition of suspects involved in
cross-border crimes.

5. Raid and Arrests: After accumulating substantial evidence, the police conducted well-
coordinated raids at multiple locations, apprehending several members of the Nigerian
racket. The arrested individuals were found in possession of incriminating evidence,
including fake passports, fraudulent documents, and electronic devices used for criminal
activities.

Outcomes and Impact:

The successful busting of the Nigerian racket by the Pune City Police yielded several significant
outcomes:

1. Arrest and Prosecution: The arrested individuals were charged with multiple offenses,
including fraud, identity theft, and conspiracy, under relevant sections of the Indian Penal
Code and the Information Technology Act. The legal proceedings aimed to ensure
accountability and deterrence.

2. Victim Support and Awareness: The Pune City Police launched awareness campaigns to
educate the public about common cyber scams and preventive measures. Additionally, they
provided assistance and support to victims, helping them recover their losses and restore
their online security.

3. Strengthening Cybercrime Response: The operation underscored the importance of

equipping law enforcement agencies with specialized cybercrime investigation units,
advanced technology tools, and training programs to effectively combat evolving cyber
threats.

Conclusion:
The successful operation by the Pune City Police to dismantle the Nigerian racket involved in
cybercrimes demonstrates the commitment of law enforcement agencies in tackling transnational
cybercriminal networks.
The case highlights the significance of international cooperation, intelligence sharing, and
advanced investigative techniques in combating cybercrime. The Pune City Police's efforts serve
as a deterrent to cybercriminals and reinforce the importance of robust cybersecurity measures,
public awareness, and collaborative strategies to protect individuals and organizations from
falling victim to such fraudulent activities.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 45

 E-Mail spoofing instances
Email Spoofing is a threat that involves sending email messages with a fake sender address.
Email protocols cannot, on their own, authenticate the source of an email. Therefore, it is
relatively easy for a spammer or other malicious actors to change the metadata of an email. This
way, the protocols think it came the real sender.

How is Email Spoofing Different from Phishing?

Phishing refers to a method cyber criminals use to obtain personal information like login
credentials or credit card information by sending an email that looks like it is from someone with
the authority to ask for that information.

The attack is meant to fool the recipient into clicking on a link or downloading an attachment
that introduces malware into their system. Phishing is different from spoofing, however.

Spoofing Phishing

Spoofing refers to a form of identity theft where Phishing involves someone stealing sensitive
someone uses the identity of a real user. information such as bank or credit card details.

Spoofing can involve phishing. Phishing is not an element of spoofing.

With spoofing, the target has to download

Phishing uses social engineering
malware.

Phishing is aimed at extracting confidential

Spoofing is used to acquire identity information.
information.

How Does Email Spoofing Work?

Email spoofing takes advantage of the fact that email, in many ways, is not very different from
regular mail.
Each email has three elements: an envelope, a message header, and a message body. An email
spoofer puts whatever they want into each of those fields, not just the body and “To:” fields.
This means they can customize the information in the following fields:

Mail from:

Reply to:

From:

Unit-V: Privacy Issues: Basic Data Privacy Concepts 46

 Subject:

Date:

To:

When the email hits the target inbox, the email program reads what is in these fields and
generates what the end-reader sees. If certain information is entered in the right fields, what they
see will be different from what is real, such as from where the email originated.
In some attacks, the target is thoroughly researched, enabling the attacker to add specific details
and use the right wording to make the attack more successful. This is known as “spear
phishing”

How Can Email Spoofing Be Dangerous?

Email spoofing can be leveraged to accomplish several criminal or maliciously disruptive
activities. Once the bad actor has fooled the recipient regarding the origin of the email, they can
do a variety of damage. Figuring out how to stop email spoofing starts with ascertaining why
attackers want to use it as a tool.

Hiding Identity
One of the prime payoffs for email spoofers is that it allows them to conceal who they are. This
comes in handy in several ways, particularly if the recipient trusts the alleged sender of the
email.
Trust can be earned using the name of a person or company the target is familiar with, such as a
friend, business associate, or someone from within their social networks. Trust can also be
gained by using the name or identity of someone within the general business community,
particularly an individual from a respected company or organization.

Avoiding a Spam Blacklist

Many email providers allow users to create a blacklist that filters out spam. One way of blocking
a spammer is by adding their name or domain address to a filter. When someone spoofs an email
address, they can use one that is unlikely to be included in the filter settings. In this way, the
email slips past the filters undetected and into the recipient’s inbox.

Tarnishing the Image of the Assumed Sender

Unit-V: Privacy Issues: Basic Data Privacy Concepts 47

 A spoofed email may contain malicious links, false information, outright lies, or subtle untruths
designed to make the sender look like someone with ill intent or who is uninformed. In some
cases, a spoofed email may be used to make the sender or their organization appear insecure or
compromised by malware or hackers. This may corrode the reputation of the supposed sender,
hurting their business or social prospects.

Intending to do Personal Damage

Sometimes, the intent is personal. When an email is well-spoofed, the real sender may gain
access to the target’s computer data, business contacts, social media accounts, and more. This
can make the target look bad, harm their professional profile, or do damage to their computer.
When email spoofing is used to introduce certain types of malware, the sender may be able to
take control of the recipient’s computer by installing ransomware, effectively interrupting their
digital life.
In some instances, an attacker may seek to gain email login credentials and use them to send out
fake emails that appear to be coming from the target. This can corrode the trust of their contacts,
business or otherwise, and their integrity as a professional.

Other Criminal Intentions

If an email spoofer is able to gain the trust of the recipient, the door is opened for several types
of scams. For example, the sender could:

1. Convince people to send money online or through a wiring service.

2. Request and receive login information for PayPal, bank, or credit card accounts.

3. Convince a target to send sensitive information about a business’ secrets.

4. Get the target to provide sensitive personal information.

Case Study: E-Mail Spoofing Instances

Title: Case Study: E-Mail Spoofing Instances
Introduction:
This case study examines several real-life instances of e-mail spoofing, a fraudulent technique
used by cybercriminals to deceive recipients and gain unauthorized access to sensitive
information. The study highlights the impact of e-mail spoofing on individuals and organizations

Unit-V: Privacy Issues: Basic Data Privacy Concepts 48

 and emphasizes the importance of implementing robust security measures to prevent such
attacks.

Case 1: Business Email Compromise (BEC) Attack on Financial

Institution
Background:
A prominent financial institution fell victim to a sophisticated e-mail spoofing attack. The
cybercriminals impersonated high-ranking executives within the organization and sent fraudulent
e-mails to employees responsible for financial transactions. The e-mails requested urgent fund
transfers to external accounts, leading to significant financial losses.
Investigation and Impact:

1. E-mail Spoofing Techniques: The cybercriminals used advanced e-mail spoofing

techniques to make the fraudulent e-mails appear genuine, including manipulating the
sender's display name, creating domain names similar to the legitimate organization, and
crafting convincing content.

2. Lack of Authentication Measures: The financial institution lacked proper email

authentication protocols, such as Sender Policy Framework (SPF), DomainKeys Identified
Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance
(DMARC), which could have helped detect and prevent e-mail spoofing attempts.

3. Financial Losses: As a result of the attack, the financial institution suffered significant
financial losses due to unauthorized fund transfers. The incident highlighted the importance
of implementing stringent approval processes and verification mechanisms for financial
transactions.

Case 2: Phishing Attack on Government Agency

Background:
A government agency experienced a widespread phishing campaign, where cybercriminals sent
spoofed e-mails appearing to be from a trusted source, such as a government department. The e-
mails contained malicious links or attachments, aiming to trick recipients into divulging sensitive
information or downloading malware.
Investigation and Impact:

1. Social Engineering Techniques: The cybercriminals employed social engineering tactics to

manipulate recipients' trust and urgency, using fear, urgency, or promises of rewards to

Unit-V: Privacy Issues: Basic Data Privacy Concepts 49

 entice them into clicking on malicious links or opening infected attachments.

2. Information Breach: Some employees within the government agency fell victim to the
phishing attack, resulting in the compromise of sensitive information, such as login
credentials, personal data, and internal documents. This breach raised concerns about data
privacy and the potential for further cyber threats.

3. Reputational Damage: The incident led to reputational damage for the government agency,
as public trust in their ability to safeguard sensitive information was compromised. The
agency faced scrutiny and had to implement robust cybersecurity measures to rebuild
confidence among stakeholders.

Preventive Measures & Recommendations:

1. Email Authentication Protocols: Implement strong email authentication protocols, such as

SPF, DKIM, and DMARC, to verify the authenticity of incoming emails and prevent e-mail
spoofing attempts.

2. Employee Education and Awareness: Conduct regular training sessions to educate

employees about e-mail spoofing techniques, phishing attacks, and best practices for
identifying and reporting suspicious emails. Encourage employees to exercise caution when
clicking on links or opening attachments.

3. Multi-Factor Authentication (MFA): Enable MFA for email accounts and other critical
systems to add an extra layer of security, mitigating the risk of unauthorized access even if
credentials are compromised.

4. Robust Spam Filters and Email Security Solutions: Deploy advanced spam filters and
email security solutions that can detect and block suspicious emails, reducing the likelihood
of phishing emails reaching recipients' inboxes.

Conclusion:
The case studies of e-mail spoofing instances illustrate the significant impact and consequences
of these fraudulent attacks. E-mail spoofing can lead to financial losses, data breaches,
reputational damage, and compromised security. It is crucial for individuals and organizations to
implement strong security measures, including email authentication protocols, employee
education

PART-III: MiniCases

Unit-V: Privacy Issues: Basic Data Privacy Concepts 50

 The Indian Case of Online Gambling
Gambling is prohibited in India. The Public Gambling Act, 1867 and several local acts passed by
the states make it a legally proscribed activity with punishments ranging from financial fines to
years of imprisonment. Despite these laws, the Federation of Indian Chambers of Commerce and
Industry (FICCI) estimates India’s illegal betting market at more than Rs 3,00,000 crore, which
is about the size of India’s defence budget as of 2019. This amount exceeds the total amount
India spends on agriculture, education and health by $10 billion or Rs 7.5 thousand crore.
The CBI’s report on ‘cricket match fixing and related malpractices’ talks of the emergence of
betting syndicates and cartels, run on ground by bookies and punters, and hints at the
involvement of the underworld. That was almost 20 years back, and betting on any One-Day
International match anywhere in the world ran into hundreds of crores, according to the report.
Today, betting has gone online, with neat interfaces, embedded payment systems, dashboards to
calculate odds, alert notifications and mobile applications.
There is a certain ambiguity about the application of gambling statutes to the online space as the
laws are more suited to act upon a physical gaming house and related instrumentalities.
Complicating this situation is the designation of certain games as ‘games of skill’ where “success
depends principally upon the superior knowledge, training, attention, experience and adroitness
of the player” and players can transact, bet and exchange monies playing the same. It is essential
to disambiguate the policy conundrum around gambling especially in the online space as this can
be utilised as an opportunity for harm prevention as well as possible gains in revenue.

Legal Framework
Rule 3(2)(b) of Information Technology (Intermediaries Guidelines) Rules, 2011 framed under
Section 87(2) (zg) read with Section 79(2) the Information Technology Act, 2000 requires
‘intermediaries’ like internet service providers, network service providers, search engines,
telecom operators etc. not to host or transmit any content which inter alia relates to or encourages
gambling.
As per the Indian Constitution, betting/gambling is a state subject and each state has exclusive
legislative competence to enact laws within the state. Most of the state legislations and the Public
Gambling Act, 1867 were enacted prior to the advent of online gambling/gaming.
The Gambling Enactments are prescriptive in so much as most of the states prohibit
gaming/gambling, but carve out an exception for games of skill. Therefore, the prohibitions
under the Gaming Enactments would not apply if a game qualifies as a game of skill. In RMD

Unit-V: Privacy Issues: Basic Data Privacy Concepts 51

 Chamarbaugawala v. Union of India, the Apex court relied on the ‘skill test’ to decide whether
an activity is gambling or not. The court held that competitions which substantially involve skills
are not gambling activities but are commercial activities, protected under Art. 19(1)(g).
In order to understand the current legal status of online gambling/gaming, we have to look at the
following categories: Fantasy Sports, Betting, Casino, Lottery and Poker.

1. Fantasy Sports: Skill based games are exempted under the Gaming Enactments. The
Nagaland Prohibition of Gambling and Promotion and Regulation of Online Games of Skill
Act, 2016 expressly recognises virtual team selection games and virtual sport fantasy league
games as games of skill such as chess, sudoku, quizzes, binary options, bridge, poker,
rummy, nap, spades, auction, solitaire, virtual golf and virtual racing games. A licence is a
must if such games are sought to be offered online in the State of Nagaland.
Recently Dream 11’s format of fantasy sport has been held as a game of skill by the High
Court of Punjab and Haryana. Even the High Court of Bombay in case of Gurdeep Singh
Sachar v Union of India recognised this format of fantasy sport as a game of skill.

2. Betting: The Supreme Court in case of Dr K.R. Lakshmanan v State of Tamil Nadu held
that betting on horse racing was a game of skill and accordingly is exempt from the
prohibitions under most G a m i n g Enactments . These exemptions in gaming enactments
are subject to certain conditions and in case of online horse racing it would be difficult to
meet these conditions. But the argument of whether horse racing is a game of skill can
always stand irrespective of these exemptions.

3. Casino: Casino falls under the category of gambling and betting and is prohibited under
most of the enactments. Certain sub-categories of casino games under the Sikkim Online
Gaming (Regulation) Act, 2008 and the Sikkim Online Gaming (Regulation) Rules, 2009
may be offered through the state-wide intranet within the State of Sikkim only.

4. Poker: In some Indian states poker is recognised as a game of skill either by: (1) enactment/
regulation such as the State of West Bengal has specifically excluded poker from the
definition of “gambling” under the West Bengal Gambling and Prize Competitions Act,
1957; the Nagaland Act has specifically categorised poker as a game of skill; and (2) Courts
such as the Karnataka High Court have also held that a licence is not required under the
Karnataka Police Act, 1963 (“Karnataka Act”) when Poker is played as a game of skill.

Mini Case Study: The Indian Case of Online Gambling

Title: Case Study: The Indian Case of Online Gambling

Unit-V: Privacy Issues: Basic Data Privacy Concepts 52

 Introduction:
This case study examines the rise of online gambling in India and its associated challenges. It
sheds light on the legal and regulatory framework surrounding online gambling, the impact on
individuals and society, and the efforts taken to address the issue.
Background:
In recent years, online gambling has gained popularity in India, driven by easy access to internet
connectivity, increased smartphone usage, and a growing interest in online gaming. The
emergence of online gambling platforms has presented both opportunities and challenges for the
Indian government and its citizens.
Legal and Regulatory Landscape:

1. Ambiguous Legal Status: The legal status of online gambling in India is complex and
varies from state to state. While some states prohibit all forms of gambling, others allow
certain forms with specific conditions. The lack of a comprehensive nationwide regulatory
framework has led to ambiguity and loopholes that can be exploited.

2. The Public Gambling Act, 1867: The Public Gambling Act, a colonial-era law, governs
gambling activities in India. However, it does not explicitly address online gambling,
leading to debates and legal uncertainties regarding its applicability to online platforms.

Impact on Individuals and Society:

1. Addiction and Financial Consequences: Online gambling has led to cases of addiction
among individuals, resulting in severe financial consequences. Some individuals have
incurred significant debts or engaged in fraudulent activities to fund their gambling habits.

2. Youth Vulnerability: Online gambling platforms are easily accessible to the youth, posing a
risk of addiction and potential exposure to illegal or unregulated platforms. The absence of
age verification measures on certain platforms raises concerns about underage gambling.

3. Money Laundering and Illegal Activities: The lack of stringent regulations in the online
gambling sector has made it vulnerable to money laundering and other illicit activities.
Criminal elements may exploit online platforms for fraudulent transactions and illegal
betting operations.

Efforts to Address the Issue:

1. Legal Reforms and Regulation: Several states in India have initiated efforts to regulate
online gambling by introducing specific legislation or amending existing laws. These

Unit-V: Privacy Issues: Basic Data Privacy Concepts 53

 regulations aim to address issues related to licensing, taxation, player protection, and
responsible gambling.

2. Player Protection Measures: Responsible gambling initiatives, such as self-exclusion

programs, deposit limits, and age verification requirements, are being implemented by
certain online gambling platforms to promote safe and responsible gambling practices.

3. Law Enforcement Actions: Authorities have taken action against illegal online gambling
operators, shutting down unlicensed platforms and conducting raids to curb illicit gambling
activities. However, the decentralized nature of online gambling poses challenges in
effectively enforcing regulations.

4. Public Awareness Campaigns: Public awareness campaigns highlighting the risks and
consequences of online gambling are being conducted to educate individuals, especially the
youth, about the potential dangers and to promote responsible gambling behavior.

Conclusion:
The Indian case of online gambling highlights the need for a comprehensive and consistent
regulatory framework to address the challenges posed by online gambling. Efforts should focus
on striking a balance between consumer protection, responsible gambling measures, revenue
generation, and curbing illegal activities. Collaborative efforts involving the government,
industry stakeholders, and public awareness initiatives are crucial in managing the impact of
online gambling on individuals and society while ensuring a safe and regulated gambling
environment.

An Indian Case of Intellectual Property Crime

Increasingly, the global economy is dependent upon the creation and distribution of
intellectual property (IP) to drive economic growth. However markets are plagued by fakes be it
stamps, watches, cigarettes, cosmetics, pharmaceuticals, FMCG products, auto components,
software, music, films etc resulting in significant loss to companies, corresponding evasion of tax
duties and violation of the rights of the consumer. Studies by industry associations bear this out,
the CII Alliance2 estimates that the FMCG sector loses approximately 15% of its revenue to
counterfeit goods with several top brands losing up to 30% of their business due to IP crime.
The nature of the crime, its size, diversity and scope has hindered the task of coordinating a
dynamic response. Lack of consumer awareness and advancement of technology are the major
factors which encourage counterfeiting which is further fuelled by lax enforcement laws which

Unit-V: Privacy Issues: Basic Data Privacy Concepts 54

 make things easy for counterfeiter. The continuity of socioeconomic growth and industrial
competitiveness depends upon high level of IP protection and enforcement3 raising profound
concerns of the rapidly growing piracy of IP rights and production of counterfeit goods.

IP Crime
IP crime is more generally known as counterfeiting and piracy. Counterfeiting is, wilful trade
mark infringement, while piracy involves, wilful copyright infringement. These are very similar
and often overlapping crimes. IP crime is not a new phenomenon but due to globalisation and
advances in technology counterfeiting and piracy has become big business.

Overview Of Problems
During recent years the scope and scale of the problem has grown at a rate previously unknown.
The counterfeit traders with whom most people come into contact are small-scale operators or
street vendors. However, such vendors are only the front end of much wider and more
sophisticated networks. Although the term "organized crime" should be used with caution in
describing the counterfeiting industry, Interpol states that "extensive evidence is now available
which demonstrates that organized criminals and terrorists are heavily involved in planning and
committing intellectual property related crimes"
Further, online piracy is facilitated by increases in transmission speeds, since faster connections
enable users to send and download larger files (such as software programs) more quickly.
Without strong online copyright laws and enforcement of those laws, online piracy via spam,
auction sites and P2P systems will continue to grow alongside increases in Internet usage.
There are 4 main factors contributing to the growth of IP crime:

1. Widespread availability of technology.

2. Increased globalization of world trade; it is easier to manufacture in one geographic location

and distribute elsewhere. The result of more open borders and more trade is that it is also
easier for counterfeits to flow across borders.

3. Legal penalties are low; if they exist at all.

4. The influence of organized crime.

Counterfeiting and piracy have emerged as clear and serious threats to business, consumers
and government. Counterfeiting is obviously a breach of consumer affairs, health, trade, and
employment law. It is the negation of all the major legislation protecting individuals.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 55

 Without coordinated action and policy to clamp down on the criminals and to dissuade
consumers by bringing about increased awareness, a cycle of economic destabilization occurs
with control slipping to the criminals.

Case Study: An Indian Case of Intellectual Property Crime

Title: An Indian Case of Intellectual Property Crime
Introduction:
This case study examines a prominent case of intellectual property (IP) crime in India,
highlighting the impact of such crimes on businesses, consumers, and the economy. It delves into
the legal and enforcement challenges associated with combating IP infringement and emphasizes
the importance of protecting intellectual property rights.
Background:
India, being a hub of innovation and creativity, is susceptible to various forms of IP crime,
including counterfeiting, piracy, and infringement of trademarks, copyrights, and patents. These
crimes undermine the rights of creators and businesses, leading to financial losses and
reputational damage.
Case Overview:
In this case, a leading pharmaceutical company, ABC Pharmaceuticals, discovered a
sophisticated network engaged in the production and distribution of counterfeit versions of their
popular medicine. These counterfeit drugs were being sold across the country, posing significant
health risks to consumers and causing substantial financial losses to the legitimate company.
Investigation and Legal Challenges:

1. Identification of the Criminal Network: The investigation began with ABC

Pharmaceuticals reporting suspected counterfeit products to the local law enforcement
authorities. The police initiated an extensive operation to identify the individuals and entities
involved in the production, distribution, and sale of the counterfeit drugs.

2. Coordinated Efforts: The case required collaboration between various stakeholders,

including law enforcement agencies, the pharmaceutical industry, and regulatory authorities.
This involved sharing information, conducting joint raids, and coordinating legal actions to
dismantle the criminal network.

3. Legal Framework and Prosecution: Prosecuting IP crimes in India involves navigating a

complex legal framework. The legal process includes gathering evidence, filing complaints,

Unit-V: Privacy Issues: Basic Data Privacy Concepts 56

 and ensuring that the accused are brought to trial. Challenges may arise due to procedural
delays, resource constraints, and the need for specialized knowledge in IP laws.

Impact and Consequences:

1. Public Health Risks: Counterfeit medicines pose significant risks to public health, as they
may contain substandard or harmful ingredients. Consumers unknowingly purchasing
counterfeit drugs may suffer adverse health effects or experience treatment failure.

2. Economic Losses: IP crime results in substantial financial losses for legitimate businesses,
including lost sales, brand dilution, and erosion of market share. The pharmaceutical
industry, in particular, faces significant revenue losses due to the widespread availability of
counterfeit medicines.

Enforcement and Remedial Measures:

1. Raids and Seizures: Law enforcement agencies, supported by judicial orders, conducted
raids on manufacturing units, warehouses, and distribution networks associated with the
counterfeit drugs. Large quantities of counterfeit medicines were seized, leading to the
disruption of the illicit supply chain.

2. Awareness and Education Campaigns: Public awareness campaigns were launched to

educate consumers about the risks of purchasing counterfeit products and the importance of
verifying the authenticity of medicines. These campaigns aimed to empower consumers to
make informed choices and report suspicious activities.

3. Strengthening IP Enforcement: The case prompted discussions on the need for stronger IP
protection and enforcement mechanisms. Measures such as stricter penalties, increased
resources for law enforcement agencies, and enhanced cooperation between industry
stakeholders and authorities were proposed to combat IP crime effectively.

Conclusion:
This Indian case of intellectual property crime involving counterfeit medicines highlights the
multifaceted challenges associated with protecting intellectual property rights.
The successful investigation and prosecution of the criminal network demonstrate the importance
of collaboration between law enforcement agencies, industry stakeholders, and regulatory
authorities.
It also emphasizes the need for continuous efforts to raise public awareness, strengthen
enforcement mechanisms, and create a conducive environment for innovation and creativity
while safeguarding intellectual property rights.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 57

 Financial Frauds in Cyber Domain
Cybercrime in finance is the act of obtaining financial gain through profit-driven criminal
activity, including identity fraud, ransomware attacks, email and internet fraud, and attempts to
steal financial account, credit card, or other payment card information.

In other words: Financial cybercrime includes activities such as stealing payment card
information, gaining access to financial accounts in order to initiate unauthorised transactions,
extortion, identity fraud in order to apply for financial products, and so on.
The financial services industry is a very lucrative target and is, therefore, heavily impacted by the
rise of cyber criminality. However, cyber financial crime also affects all sorts of companies and
unsuspecting individuals like you and me.
Everyone may fall victim to credit card skimming, having their virtual wallets targeted, or
malware designed to steal your password.
“Nowadays the term “hacker” slowly disappears from the threat landscape and we see an
increase of “criminals” who follow the same paths as always, the only difference being they are
now cybercriminals. To avoid becoming a victim of financial cybercrime, you must understand
that technology will react to the decisions you make–it cannot make decisions for you”

What are the Types of Attacks Motivated by Financial Gains?

We have all received the well-known email where some Nigerian prince has died and their
barrister is now contacting you, the sole heir, in order to send over a load of cash to you.

It’s just one tiny little hiccup: To receive the payment, you need to do a money transfer through
the Western union for some strange and obscure reason you might not fully grasp and then
you’re out on a slippery slope. Sounds familiar? We all know the story, but the plots have
become more advanced.
Various social engineering techniques are most often used in order to manipulate victims into
providing confidential information. This can be everything from fake emails supposedly sent by
Netflix asking you to pay your subscription invoice, to illegitimate replica emails pretending to
be from Paypal or iTunes informing you of your monthly invoice–trying to get you to click on a
fraudulent link.
Other well-known scams are Bitcoin scams or love scams, where people are targeted through
fake profiles on dating sites or popular social media sites to strike up relationships, leading to the
scammer asking for money transactions exploiting the victim’s feelings.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 58

 Case Study: Financial Frauds in the Cyber Domain
Title: Financial Frauds in the Cyber Domain
Introduction:
This case study examines a real-life example of financial frauds occurring in the cyber domain,
highlighting the methods used by cybercriminals to perpetrate these crimes and the impact on
individuals, businesses, and the financial sector. It emphasizes the importance of robust
cybersecurity measures and proactive risk mitigation strategies to combat such fraudulent
activities.
Background:
With the rapid advancement of technology and the increasing reliance on digital platforms for
financial transactions, the cyber domain has become a breeding ground for sophisticated
financial frauds. These fraudulent activities range from phishing scams and identity theft to
online banking frauds and cryptocurrency-related schemes.
Case Overview:
In this case, a major financial institution, XYZ Bank, fell victim to a large-scale cyber fraud
operation targeting its customers. The cybercriminals employed various techniques to deceive
individuals and gain unauthorized access to their financial accounts, resulting in significant
financial losses.
Methods and Techniques:

1. Phishing Attacks: The cybercriminals sent deceptive emails and messages, mimicking
legitimate communication from XYZ Bank. These messages contained links to fraudulent
websites that replicated the bank's login page, tricking users into providing their login
credentials.

2. Malware and Keyloggers: The cybercriminals utilized sophisticated malware and

keyloggers to infect users' devices. These malicious programs captured sensitive
information, including usernames, passwords, and financial transaction details, without the
victims' knowledge.

3. Social Engineering: The fraudsters employed social engineering tactics, such as

impersonating bank officials or customer service representatives, to manipulate individuals
into disclosing confidential information or initiating fraudulent transactions.

Impact and Consequences:

Unit-V: Privacy Issues: Basic Data Privacy Concepts 59

 1. Financial Losses: Numerous customers of XYZ Bank fell prey to the fraudulent schemes,
resulting in significant financial losses. Funds were illegally transferred from their accounts,
credit card details were misused, and unauthorized loans were taken out in their names.

2. Customer Trust and Reputation: The financial frauds undermined the trust and confidence
of customers in XYZ Bank. The incident tarnished the bank's reputation and led to a loss of
customers, affecting its overall business performance.

Investigation and Mitigation Measures:

1. Incident Response: XYZ Bank initiated an immediate incident response plan, including
engaging cybersecurity experts and law enforcement agencies to investigate the fraudulent
activities and identify the perpetrators.

2. Customer Awareness and Education: The bank launched a comprehensive customer

awareness campaign, educating its customers about the common types of financial frauds,
warning signs, and precautionary measures to safeguard their financial information.

3. Enhanced Security Measures: XYZ Bank implemented advanced security measures,

including multifactor authentication, encryption technologies, and real-time transaction
monitoring systems, to strengthen its cybersecurity defenses and prevent future incidents.

Legal Actions and Collaboration:

1. Law Enforcement Collaboration: XYZ Bank collaborated closely with law enforcement
agencies, sharing information, and providing necessary support for the investigation and
apprehension of the cybercriminals involved in the financial frauds.

2. Legal Proceedings: The captured cybercriminals were prosecuted under relevant sections of
the law, including provisions related to unauthorized access, data theft, and financial fraud.
The legal actions aimed to bring the perpetrators to justice and serve as a deterrent to
potential cybercriminals.

Conclusion:
The case of financial frauds in the cyber domain experienced by XYZ Bank underscores the
critical need for robust cybersecurity measures, customer education, and collaborative efforts
among financial institutions, cybersecurity experts, and law enforcement agencies. It highlights
the evolving tactics employed by cybercriminals and the necessity for continuous monitoring,
threat intelligence sharing, and proactive risk mitigation strategies to safeguard individuals,
businesses, and the integrity of the financial sector.

Unit-V: Privacy Issues: Basic Data Privacy Concepts 60

Unit-V: Privacy Issues: Basic Data Privacy Concepts 61