Cyber Space &

It’s Importance
CIA & DAD
Cyber Security-
overview

Asset, Types of
Vulnerability Cyber
Risk & Threat Security

Agenda Hacking
vs Types of
Hackers
Ethical
Hacking

Essential
Cyber Terms &
Threats Standards &
Key Challenges
Cyber Space
What is Cyber Space?

► Cyberspace refers to the virtual computer world, and

more specifically, is an electronic medium used to form a
global computer network to facilitate online
communication

Page 2 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

Cyber Space & Today’s Life
Cyber-World: Importance, Relevance & Involvement

► Communication

► Entertainment

► Housing & Lifestyle

► Health Industry

► Education

► Travelling

► Sports

► Banking

Page 3 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

 Cyber Security - Overview

If we see the current market trend, cyber security has taken one of the most important
place. Day by day every thing is getting digitalized from online transaction to online
shopping, so with that cyber attack or digital attack is also increasing. To safe guard this,
cyber security has come to protect computer system, program and network. Just as the
physical security protects a building, cyber security safe guards digital technologies from
digital dangers. This is a challenging field and there is a huge scope in the upcoming
days.

Page 4 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

 Introduction to Cyber Security

Cyber Security is an important aspect of modern business and government operations,

as virtually all organizations rely on digital information and system, to store and process
sensitive data, conduct transactions and communicate with customers.

Page 5 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

 What is Cyber Security?

Cyber Security refers to the practice of protecting computer systems, networks and
digital information from unauthorised access, theft, damage or any other malicious
activity and digital attacks that could compromise their integrity and availability.

Page 6 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

7

Why do we need
Security for
Cyberspace?
 Why do we need Cyber Security?

Cyber Security is important because it protects individuals, organizations and

governments from unauthorised access or attacks on their digital systems, networks and
sensitive data. The increased reliance on digital technologies and the internet has
created new vulnerabilities and threats that can be exploited by cyber criminals, hackers
and other malicious actors. Here are some reasons why we need cyber security –
 Protection of personal information

 Protection of sensitive data

 Prevention of cyber attacks

 Compliance with regulations

 Protection of critical infrastructure

Page 8 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

 Main Purpose of Cyber Security

 The main purpose of Cyber Security is to safeguard all types of data against theft and
loss.
 Sensitive data, protected health information, personal information, intellectual
property, data and government and business information systems are all included.

Page 9 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

 Scope and opportunities of cyber security in future

The scope and opportunities of cyber security in future are vast and growing as more
and more organizations and individuals rely on digital technologies and the internet.
Here are some of the key areas where cyber security is likely to play a critical role –

 Internet of Things (IoT)

 Cloud Security
 Mobile Security
 Artificial Intelligence (AI) Security
 Cyber Security - Consulting
 Cyber Security – Education

Page 10 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

 How Cyber Security is different from Information Security?

Cyber Security and Information Security are related concepts that are often used
interchangeably, but there are some key differences between them.
 Information Security is a broad term that refers to the protection of all forms of
sensitive data, including physical and electronic data, from unauthorised access, use,
disclosure, disruption, modification or destruction. It encompasses various measures
and controls, such as access controls, encryption, backup and recovery, security
policies and awareness training.
 Cyber Security on the other hand is a subset of Information Security that specially
focuses on the protection of digital assets, including networks, devices, systems and
applications, from cyber threats. Cyber Threats may include malware, phishing
attacks, social engineering, DOS attacks and other types of malicious activities
carried out by hackers and cyber criminals.

Page 11 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

Online Activities Stats
What happens online in 60 seconds?

Page 12 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

“
Cyberspace is No Way
IMMUNE to HACKING
CIA Triad – The Base of Cyber Security
What is CIA?

• Confidentiality assures to prevent

disclosure of information to unauthorized
C people

• Integrity assures that data is trustworthy &

not modified by unauthorized people
I

• Availability assures reliable access to

information by authorized people at right
A time

Page 14 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

CIA Triad – The Base of Cyber Security

• Confidentiality can be achieved through

access controls, encryption
C

• Integrity can be achieved through data

backups, hashing
I

• Availability can be achieved through

backups, redundancy
A

Page 15 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

DAD Triad –
What is DAD?

• Disclosure refers to the unauthorized

disclosure of sensitive information to
D unauthorized individuals

• Alteration refers to the unauthorized

modification or manipulation of
A sensitive data

• Destruction refers to the unauthorized

destruction or deletion of sensitive
D data or IT assets

Page 16 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

Security – Functionality – Usability Triangle
Security vs Functionality vs Usability

Page 17 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

Understanding key
concepts?
 Asset

An asset can be defined as any device, system, application or data that has value to
an organization and requires protection from potential threats. For example –
hardware, software, data, network, cloud, human etc.
 Vulnerability

Vulnerability refers to a weakness in a system or network that can be exploited by

attackers to gain unauthorized access, steal data or disrupt normal operations.
Vulnerability can exist in hardware, software, network infrastructure etc. Common
examples are – weak passwords, social engineering attacks, human error etc.
 Threat

Threats are a constant and ever evolving danger that can cause harm to an
organization’s systems, networks or data. Threats can come from a wide range of
sources including external attackers, insider threats, natural disasters and human
error.
 Risk

Risk is the measure of the potential harm or loss to an organization resulting from a
security breach. For example – Malware attack, Ransomware attack etc
Types of Cyber Security

 Offensive Security
 Defensive Security
 Compliance Security (Proactive Cyber Security and Reactive Cyber Security)
 Offensive Security

This involves attacking an organization’s systems or networks to identify weakness and

vulnerabilities before malicious actors can exploit them. Offensive Security
professionals use techniques like ethical hacking, penetration testing and vulnerability
scanning to identify and exploit vulnerabilities.
 Techniques used – Vulnerability Assessment and Penetration Testing (VAPT),
Secure Config Review.
 Defensive Security

This involves protecting an organization’s systems and networks from cyber attacks.
Defensive Security professionals use techniques like firewalls and security information
and event management to protect against attacks.
 Techniques Used – Access Control List, Zero Trust.
 Compliance Security

This involves meeting regulatory requirements and standards such as GDPR, PCI DSS
etc. Compliance Cyber Security professionals ensure that an organization’s systems
and processes comply with these regulations to avoid legal and financial penalties.

 Proactive Cyber Security – This involves taking measures to prevent cyber attacks
from occurring in the first place. This may include implementing security controls,
providing cyber security training to employees and conducting regular risk
assessments.
 Reactive Cyber Security - This involves responding to cyber attacks, after they
have occurred. This may include disaster recovery, business continuity planning.
 Compliance Security – Standards and Benchmarks

Compliance Cyber Security standards and benchmarks provide guidance and best
practices to organizations for securing their IT systems and infrastructure. Here are
some of the most widely recognized standards and benchmarks –
 Payment Card Industry Data Security Standard (PCI DSS) – This standard is
designed to help organizations that handle credit card data to protect against data
breaches and theft.
 General Data Protection Regulation (GDPR) – This regulation sets out rules for the
protection of personal data of individuals in the European Union.
 CIS Benchmarks – The Center for Internet Security Benchmarks provide a set of
best practices for securing systems and networks.They cover a wide range of
technologies, including operating systems, cloud environments and mobile devices.
 ISO 20000 – This benchmark is a standard for IT service management that focuses
on delivering quality IT services to customers.
Well known Security Standards/Guidelines
Reference Standards to perform Security Testing

OWASP • Open Web Application Security Project

NIST • National Institute of Standards and Technology

SANS • SysAdmin, Audit, Network & Security

OSSTMM • Open Source Security Testing Methodology Manual

ISMS • Information Security Management System

ISSAF • Information System Security Assessment Framework

Page 28 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

29

How do
Organisations Protect
Themselves?
 Organizational aspect of Cyber Security – PEOPLE, PROCESS AND
TECHNOLOGY

Each of these elements plays an essential role in protecting an organization from cyber
threats.
 People – The first line of defence against cyber threats is people. Employees must
be trained and educated on cyber security best practices. Cyber security training
should be ongoing and updated regularly to keep up with the latest threats.
 Process – Effective cyber security requires a structured and organized approach to
risk management. So processes should be designed to ensure that all assets are
secured and that potential threats are identified and addressed in a timely manner.
 Technology – Cyber Security technology includes tools such as firewalls, antivirus
softwares etc .These tools are designed to protect against cyber threats and are an
essential component of an organization’s cyber security strategy.
By focusing on all the three elements, organizations can improve their overall cyber
security posture and reduce the risk of cyber attacks.
 “
Attack = Motive + Method + Vulnerability
Common Cyber Threats
Cyber threats are any type of malicious activity that targets computers, networks and
digital devices with the intent of causing harm or stealing sensitive data. Some of the
most common cyber threats are –
 Phishing Attacks – An attacker tries to trick the victim into clicking on a link or
downloading an attachment that contains malware. This attack often use email or
social media as a means of communication.
 Malware – A type of software designed to harm or exploit digital devices. Malware can
include viruses, worms, trojans, ransomware and spyware. Malware can be used to
steal sensitive data, damage systems or take control of devices.
 Password Attacks – This involve attempting to crack passwords in order to gain
access to a system or network. This kind of attack can include brute-force attacks, in
which an attacker tries every possible combination of characters, until the correct
password is found.

Page 32 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

 Common Cyber Threats

 Man-in-the-middle Attacks – This involve intercepting communications between two

parties in order to steal sensitive data or manipulate the communication.
 Insider Threats – This refer to any type of threat that comes from within an
organization. This can include employees who steal sensitive data or use their access
to systems and networks for malicious purposes.

Page 33 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

 Few Recent Major Common Cyber Attacks

 SolarWinds supply chain attack (2020)

 Colonial Pipeline ransomware attack (2021)
 Microsoft Exchange server hack (2021)
 JBS Food ransomware attack (2021)

Page 34 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

Hacking
What is Hacking?

► The art to exploit system vulnerabilities and compromising security controls to gain
unauthorized or inappropriate access to the system resource

► Actually, it is the art of modifying system or application features to achieve a goal outside of
the creator’s original purpose

Page 35 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

“
Who is a Hacker?
Hacker’s Classification
Types of Hackers

01 02 03 04

Black Hat White Hat Gray Hat Suicide

Hacker

05 06 07 08

Cyber State
Script Kiddies Sponsored Hacktivist
Terrorists
Hackers

Page 37 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

Ethical Hacking
What is Ethical Hacking?

► It involves the use of hacking tools, tricks, and techniques to identify vulnerabilities so as to
ensure system security

► It focuses on simulating the techniques used by attackers to verify the existence of

exploitable vulnerabilities in the system security

► Ethical hacker performs security assessment of an organisation with the permission of the
concerned authorities

Page 38 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik

Page 39
Info gathering before
launching attack

5 February 2024
Scanning target on
basis of info
gathered during
footprinting
Ethical Hacking – Phases

Obtaining access of the

target system or application
Introduction to Cyber Security – by Sourav Bhaumik
What are the different phases of Ethical Hacking?

Retaining ownership
of the compromised
system or application

Hiding the activities

performed during the
earlier stages
 Key Challenges of Cyber Security

Cyber Security is an ever-evolving field, and organizations face numerous challenges in

their effort to secure their networks, systems and data. Some key challenges include –

o Lack of skilled cyber security professionals

o Insider Threats
o Third-party risk
o Lack of resources
o Compliance and regulatory requirements
o Increasing complexity of IT infrastructure
o Rapidly evolving threat landscape

Page 40 5 February 2024 Introduction to Cyber Security – by Sourav Bhaumik