RUC-201:Cyber Security 2021

Syllabus: Unit I
Introduction- Introduction to Information Systems, Types of Information Systems, Development of
Information Systems, Introduction to Information Security, Need for Information Security, Threats
to Information Systems, Information Assurance, Cyber Security, and Security Risk Analysis.

Notes I : Introduction to Information Systems and Security

Cyber-Security:
Cyber-security is the practice of protecting systems, networks, and programs
from digital attacks. These cyber-attacks are usually aimed at accessing,
changing, or destroying sensitive information; extorting money from users; or
interrupting normal business processes.
Implementing effective cyber-security measures is particularly challenging
today because there are more devices than people, and attackers are becoming
more innovative.
What is cyber-security all about?

A successful cyber-security approach has multiple layers of protection spread

across the computers, networks, programs, or data that one intends to keep
safe. In an organization, the people, processes, and technology must all
complement one another to create an effective defence from cyber attacks.

People

Users must understand and comply with basic data security principles like
choosing strong passwords, being wary of attachments in email, and backing up
data. Learn more about basic cyber-security principles.
Processes

Organizations must have a framework for how they deal with both attempted
and successful cyber attacks. One well-respected framework can guide you. It
explains how you can identify attacks, protect systems, detect and respond to
threats, and recover from successful attacks. Watch a video explanation of
the NIST cyber-security framework.
Technology

Technology is essential to giving organizations and individuals the computer

security tools needed to protect themselves from cyber attacks. Three main
entities must be protected: endpoint devices like computers, smart devices, and
routers; networks; and the cloud. Common technology used to protect these
entities include next-generation firewalls, DNS filtering, malware protection,
antivirus software, and email security solutions.

Dr. Abhay Shukla Page 1

 RUC-201:Cyber Security 2021

Why is cyber-security important?

In today’s connected world, everyone benefits from advanced cyber-defence

programs. At an individual level, a cyber-security attack can result in everything
from identity theft, to extortion attempts, to the loss of important data like
family photos. Everyone relies on critical infrastructure like power plants,
hospitals, and financial service companies. Securing these and other
organizations is essential to keeping our society functioning.

Everyone also benefits from the work of cyber-threat researchers, like the team
of 250 threat researchers at Talos, who investigate new and emerging threats
and cyber attack strategies. They reveal new vulnerabilities, educate the public
on the importance of cyber-security, and strengthen open source tools. Their
work makes the Internet safer for everyone.

Information assurance:
Information assurance is the practice of protecting against and managing
risk related to the use, storage and transmission of data and information systems.
Information assurance processes typically ensure the following functions
for data and associated information systems:

Availability ensures information is ready for use by those that are allowed to
access it and at a required level of performance.

Integrity ensures that information and associated systems can only be

accessed or modified by those authorized to do so.

Authentication ensures that users are who they say they are using methods
such as individual user names, passwords, biometrics, digital
certificates and security tokens.

Confidentiality limits access or places restrictions on information such

as PII or classified corporate data.

Non-repudiation ensures that someone cannot deny an action, such as the

receipt of a message or the authenticity of a statement or contract, because the
system provides proof of the action

Dr. Abhay Shukla Page 2

 RUC-201:Cyber Security 2021

Information Assurance (IA) model is an extension of the original 1991 McCumber INFOSEC
Model expanding coverage, responsibilities and accountability of security professionals
and also establishes an additional view of the states of information. IA is defined by the
National Security Telecommunications and Information Systems Security Committee
(NSTISSC) as: “Information operations (IO) that protect and defend information and

3-D model for Information Assurance:

Information systems be ensuring their availability, integrity, authentication,

confidentiality, and non-repudiation. This includes providing for restoration of
information systems by incorporating protection, detection and reaction
capabilities.”

The security model is based on four dimensions:

i. Information States: Information which is referred to as the interpretation of
data can be found in one or more of the three states; stored, processed or
transmitted.

ii. Security Services: This dimension forms the very basis or the fundamental
pillar of the IA security model as it defines five security services; availability,
integrity, confidentiality, authentication and non-repudiation. Of these five, the
first three were also a part of the INFOSEC model. IA model introduced
authentication as a means of verifying an individual’s authorizations to receive
specific categories of information. Non-repudiation provided the sender of data
with proof of delivery and identity.
iii. Security Countermeasures: This dimension safeguards systems from
immediate vulnerability by accounting for technology, operations and people.
People require awareness, literacy, training and education in sound security
practices in order for systems to be secured and updated with the ever evolving
technology.

iv. Time: Time is a confounding change agent which can be viewed in different

Dr. Abhay Shukla Page 3

 RUC-201:Cyber Security 2021
ways. At any given time the data maybe accessible on-line or off-line or the
information and information system be in a flux.
The Integrated Model for IA provides a framework for questioning as well as
teaching information assurance topics. To understand IA requires understanding
of the interaction of the model components rather than the individual
components themselves. Examining the intersections of the four dimensions
gives the practitioner as well as the student a needed multidimensional view of
the scope of IA as it applies to systems security and provides a framework for
understanding new aspects of IA in the future.
Information system:
Information can be defined as meaningfully interpreted data. If we give you a
number 51225811077, it does not make any sense on its own. It is just a raw
data. However if we say Tel: +91-0512-25811077, it starts making sense. It
becomes a telephone number.
"Information can be recorded as signs, or transmitted as signals. Information is
any kind of event that affects the state of a dynamic system that can interpret
the information.”
Conceptually, information is the message (utterance or expression) being
conveyed. Therefore, in a general sense, information is "Knowledge
communicated or received, concerning a particular fact or circumstance".
Information cannot be predicted and resolves uncertainty."
According to Davis and Olson
"Information is a data that has been processed into a form that is meaningful
to recipient and is of real or perceived value in the current or the prospective
action or decision of recipient."

System: System can be defined as an arrangement that takes input and

provides output after completing the process.
Professor Ray R. Larson of the School of Information at the University of
California, Berkeley, provides an Information Hierarchy, which is −
• Data − the raw material of information.
• Information − Data organized and presented by someone.
• Knowledge − Information read, heard, or seen, and understood.
• Wisdom − Distilled and integrated knowledge and understanding.

Information/Data Collection Techniques

Dr. Abhay Shukla Page 4

 RUC-201:Cyber Security 2021
The most popular data collection techniques include −
• Surveys − A questionnaires is prepared to collect the data from the field.
• Secondary data sources or archival data: Data is collected through old
records, magazines, company website etc.
• Objective measures or tests − An experimental test is conducted on the
subject and the data is collected.
• Interviews − Data is collected by the system analyst by following a rigid
procedure and collecting the answers to a set of pre-conceived questions
through personal interviews.
So, from a system analyst's point of view, information is a sequence of symbols
that can be construed to a useful message.

Types of Information
Based on Anthony's classification of Management, information used in business
for decision-making is generally categorized into three types −
• Strategic Information − Strategic information is concerned with long
term policy decisions that defines the objectives of a business and checks
how well these objectives are met. For example, acquiring a new plant, a
new product, diversification of business etc, comes under strategic
information.
• Tactical Information − Tactical information is concerned with the
information needed for exercising control over business resources, like
budgeting, quality control, service level, inventory level, productivity
level etc.
• Operational Information − Operational information is concerned with
plant/business level information and is used to ensure proper conduction
of specific operational tasks as planned/intended. Various operator
specific, machine specific and shift specific jobs for quality control checks
comes under this category.
Classification by Application
In terms of applications, information can be categorized as −
• Planning Information − These are the information needed for
establishing standard norms and specifications in an organization. This
information is used in strategic, tactical, and operation planning of any
activity. Examples of such information are time standards, design
standards.
• Control Information − This information is needed for establishing
control over all business activities through feedback mechanism. This
information is used for controlling attainment, nature and utilization of
important processes in a system. When such information reflects a

Dr. Abhay Shukla Page 5

 RUC-201:Cyber Security 2021
deviation from the established standards, the system should induce a
decision or an action leading to control.
• Knowledge Information − Knowledge is defined as "information about
information". Knowledge information is acquired through experience and
learning, and collected from archival data and research studies.
• Organizational Information − Organizational information deals with an
organization's environment, culture in the light of its objectives. Karl
Weick's Organizational Information Theory emphasizes that an
organization reduces its equivocality or uncertainty by collecting,
managing and using these information prudently. This information is
used by everybody in the organization; examples of such information are
employee and payroll information.
• Functional/Operational Information − This is operation specific
information. For example, daily schedules in a manufacturing plant that
refers to the detailed assignment of jobs to machines or machines to
operators. In a service oriented business, it would be the duty roster of
various personnel. This information is mostly internal to the organization.
• Database Information − Database information construes large
quantities of information that has multiple usage and application. Such
information is stored, retrieved and managed to create databases. For
example, material specification or supplier information is stored for
multiple users.

An Information System is a system that gathers data and disseminates

information with the sole purpose of providing information to its users.

Dr. Abhay Shukla Page 6

 RUC-201:Cyber Security 2021
The main object of an information system is to provide information to its users.
Information systems vary according to the type of users who use the system.
Types of Information system

Knowledge based system:

A KBS is a computer program that uses artificial intelligence to solve problems
within a specialized domain that ordinarily requires human expertise.
1- Expert System: Expert systems are a type of knowledge-based system
designed to embody expertise in a particular specialized domain such as
diagnosing faulty equipment . An expert system is intended to act like a
human expert who can be consulted on a range of problems within his or
her domain of expertise. Typically, the user of an expert system will enter
into a dialogue in which he or she describes the problem – such as the
symptoms of a fault – and the expert system offers advice, suggestions,
or recommendations.
2- Rule based system: Rules are one of the most straightforward means of
representing knowledge in a KBS. The simplest type of rule is called a
production rule and takes the form
3- Knowledge management System ( KMS): Provides knowledge and
expertise for making various management level decision.

Secure Data Disposal

In order to prevent unauthorized access, restricted data on computers,
electronic devices, and electronic media must be securely erased or destroyed
prior to disposal, re-use or return to vendor. This includes workstations,
laptops, portable devices, printers, copy machines, faxes, data sticks, external
hard drives, CDs/DVDs, tapes, etc. -- basically anything with a hard drive or
external storage that is used with restricted data.

Dr. Abhay Shukla Page 7

 RUC-201:Cyber Security 2021

Threats:
In computer security, a threat is a possible danger that might exploit
a vulnerability to breach security and therefore cause possible harm.

A threat, in the context of computer security, refers to anything that has the potential
to cause serious harm to a computer system. A threat is something that may or may
not happen, but has the potential to cause serious damage. Threats can lead to
attacks on computer systems, networks and more.

The most common security Threats:

1. Computer virus

A computer virus is a malicious piece of executable code that propagates

typically by attaching itself to a host document that will generally be an
executable file.

We’ve all heard about them, and we all have our fears. For everyday Internet
users, computer viruses are one of the most common threats to cybersecurity.
Statistics show that approximately 33% of household computers are affected
with some type of malware, more than half of which are viruses.

Computer viruses are pieces of software that are designed to be spread from
one computer to another. They’re often sent as email attachments or
downloaded from specific websites with the intent to infect your computer —
and other computers on your contact list — by using systems on your network.
Viruses are known to send spam, disable your security settings, corrupt and
steal data from your computer including personal information such as
passwords, even going as far as to delete everything on your hard drive.

Dr. Abhay Shukla Page 8

 RUC-201:Cyber Security 2021
2. Rogue security software

Leveraging the fear of computer viruses, scammers have a found a new way to
commit Internet fraud.

Rogue security software is malicious software that mislead users to believe

there is a computer virus installed on their computer or that their security
measures are not up to date. Then they offer to install or update users’ security
settings. They’ll either ask you to download their program to remove the alleged
viruses, or to pay for a tool. Both cases lead to actual malware being installed
on your computer.

3. Trojan horse

Metaphorically, a “Trojan horse” refers to tricking someone into inviting an

attacker into a securely protected area. In computing, it holds a very similar
meaning — a Trojan horse, or “Trojan,” is a malicious bit of attacking code or
software that tricks users into running it willingly, by hiding behind a legitimate
program.

They spread often by email; it may appear as an email from someone you
know, and when you click on the email and its included attachment, you’ve
immediately downloaded malware to your computer. Trojans also spread when
you click on a false advertisement.

Once inside your computer, a Trojan horse can record your passwords by
logging keystrokes, hijacking your webcam, and stealing any sensitive data you
may have on your computer.

4. Adware and spyware

By “adware” we consider any software that is designed to track data of your

browsing habits and, based on that, show you advertisements and pop-ups.
Adware collects data with your consent — and is even a legitimate source of
income for companies that allow users to try their software for free, but with
advertisements showing while using the software. The adware clause is often
hidden in related User Agreement docs, but it can be checked by carefully
reading anything you accept while installing software. The presence of adware
on your computer is noticeable only in those pop-ups, and sometimes it can
slow down your computer’s processor and internet connection speed.

When adware is downloaded without consent, it is considered malicious.

Dr. Abhay Shukla Page 9

 RUC-201:Cyber Security 2021
Spyware works similarly to adware, but is installed on your computer without
your knowledge. It can contain keyloggers that record personal information
including email addresses, passwords, even credit card numbers, making it
dangerous because of the high risk of identity theft.

5. Computer worm

Computer worms are pieces of malware programs that replicate quickly and
spread from one computer to another. A worm spreads from an infected
computer by sending itself to all of the computer’s contacts, then immediately
to the contacts of the other computers.

A worm spreads from an infected computer by sending itself to all of the

computer’s contacts,, then immediately to the contacts of the other computers

Interestingly, they are not always designed to cause harm; there are worms
that are made just to spread. Transmission of worms is also often done by
exploiting software vulnerabilities.

6. DOS and DDOS attack

Have you ever found yourself waiting impatiently for the online release of a
product, one that you’re eagerly waiting to purchase? You keep refreshing the
page, waiting for that moment when the product will go live. Then, as you press
F5 for the last time, the page shows an error: “Service Unavailable.” The server
must be overloaded!

There are indeed cases like these where a website’s server gets overloaded with
traffic and simply crashes, sometimes when a news story breaks. But more
commonly, this is what happens to a website during a DoS attack, or denial-of-
service, a malicious traffic overload that occurs when attackers overflood a
website with traffic. When a website has too much traffic, it’s unable to serve its
content to visitors.

A DoS attack is performed by one machine and its internet connection, by

flooding a website with packets and making it impossible for legitimate users to
access the content of flooded website. Fortunately, you can’t really overload a
server with a single other server or a PC anymore. In the past years it hasn’t
been that common if anything, then by flaws in the protocol.

A DDoS attack, or distributed denial-of-service attack, is similar to DoS, but is

more forceful. It’s harder to overcome a DDoS attack. It’s launched from

Dr. Abhay Shukla Page 10

 RUC-201:Cyber Security 2021
several computers, and the number of computers involved can range from just
a couple of them to thousands or even more.

Since it’s likely that not all of those machines belong to the attacker, they are
compromised and added to the attacker’s network by malware. These
computers can be distributed around the entire globe, and that network of
compromised computers is called botnet.

Since the attack comes from so many different IP addresses simultaneously, a

DDoS attack is much more difficult for the victim to locate and defend against.

7. Phishing

Phishing is a method of a social engineering with the goal of obtaining sensitive

data such as passwords, usernames, credit card numbers.

The attacks often come in the form of instant messages or phishing emails
designed to appear legitimate. The recipient of the email is then tricked into
opening a malicious link, which leads to the installation of malware on the
recipient’s computer. It can also obtain personal information by sending an
email that appears to be sent from a bank, asking to verify your identity by
giving away your private information.

Uncovering phishing domains can be done easily with SecurityTrails.

8. Rootkit

Rootkit is a collection of software tools that enables remote control and

administration-level access over a computer or computer networks. Once
remote access is obtained, the rootkit can perform a number of malicious
actions; they come equipped with keyloggers, password stealers and antivirus
disablers.

Rootkits are installed by hiding in legitimate software: when you give

permission to that software to make changes to your OS, the rootkit installs
itself in your computer and waits for the hacker to activate it. Other ways of
rootkit distribution include phishing emails, malicious links, files, and
downloading software from suspicious websites.

9. SQL Injection attack

We know today that many servers storing data for websites use SQL. As
technology has progressed, network security threats have advanced, leading us
to the threat of SQL injection attacks.

Dr. Abhay Shukla Page 11

 RUC-201:Cyber Security 2021
SQL injection attacks are designed to target data-driven applications by
exploiting security vulnerabilities in the application’s software. They use
malicious code to obtain private data, change and even destroy that data, and
can go as far as to void transactions on websites. It has quickly become one of
the most dangerous privacy issues for data confidentiality. You can read more
on the history of SQL injection attacks to better understand the threat it poses
to cybersecurity.

10. Man-in-the-middle attacks

Man-in-the-middle attacks are cybersecurity attacks that allow the attacker to

eavesdrop on communication between two targets. It can listen to a
communication which should, in normal settings, be private.

As an example, a man-in-the-middle attack happens when the attacker wants

to intercept a communication between person A and person B. Person A sends
their public key to person B, but the attacker intercepts it and sends a forged
message to person B, representing themselves as A, but instead it has the
attackers public key. B believes that the message comes from person A and
encrypts the message with the attackers public key, sends it back to A, but
attacker again intercepts this message, opens the message with private key,
possibly alters it, and re-encrypts it using the public key that was firstly
provided by person A. Again, when the message is transferred back to person
A, they believe it comes from person B, and this way, we have an attacker in
the middle that eavesdrops the communication between two targets.

Here are just some of the types of MITM attacks:

• DNS spoofing
• HTTPS spoofing
• IP spoofing
• ARP spoofing
• SSL hijacking
• Wi-Fi hacking

Spoofing:
Spoofing is a malicious practice employed by cyber scammers and hackers to
deceive systems, individuals, and organizations into perceiving something to be
what it is not. Communication is initiated by the spoofer to the victim or system
from an unknown source but disguised to present itself as an authentic and safe
sender. If you have ever received an email from a seemingly familiar source
asking you to update your profile details because some funny system upgrade
was necessary, then you have experienced spoofing.
Types of Spoofing:

Dr. Abhay Shukla Page 12

 RUC-201:Cyber Security 2021
IP Address Spoofing Attacks
ARP Spoofing Attacks
DNS Server Spoofing Attacks

Dr. Abhay Shukla Page 13