Security Risk

Management – Part 1
Lecture 8
Basic Concepts
What is Risk?
In short Risk is the potential for loss, damage or destruction of
assets or data.
Risk Management (RM)
Risk management in information security refers to the process of
identifying, assessing, and mitigating risks to information assets and
systems. It involves systematically analyzing potential threats,
vulnerabilities, and the impact of potential incidents, and implementing
measures to reduce risks to an acceptable level.
What is RM Purpose?
To identify potential problems before they occur and to
ensure the desired business outcomes are achieved

What is Risk level?

levels are used for risk assessment
Criticality Risk Description & Necessary Actions Key
Ratings

High The loss of Confidentiality (C), Integrity (I), or Availability (A) could be H
expected to have a severe or catastrophic adverse effect on organizational
operations, organizational assets or individuals.

Medium The loss of confidentiality, integrity, or availability could be expected to M

have a serious adverse effect on organizational operations, organizational
assets or individuals.

Low The loss of confidentiality, integrity, or availability could be expected to L

have a limited adverse effect on organizational operations, organizational
assets or individuals.
 Identification of Assets
The asset is valued in terms of the impact of total loss of the asset in terms of confidentiality,
integrity and availability.

DIU Asset List For Risk Management

SL Asset Particulars Criticality Location

1. DIU Core Teachers App H Cloud

Software
Attendance App H

HR&Admin App H

2. Network Core Router H Physical

Equipment
IP Phone M

Network Rack L

3. Supporting Fire Extinguisher M Physical

Equipment
Identification of Key Risk Indicators
(KRI)
A key risk indicator (KRI) is a measure used in management to indicate how risky an activity is.
Key risk indicators are metrics used by organizations to provide an early signal of increasing risk
exposures in various areas of the enterprise. Here, the Key risk indicator (KRI) has been identified
based on Bangladesh Bank ICT Security Guideline, PCI DSS and SWIFT etc.
Example: KRI Based on Bangladesh Bank ICT
Security Guideline, PCI DSS and SWIFT

Policy, Guidelines, Framework

Key Risk Indicator (KRI)
Bangladesh Bank SWIFT PCI DSS

1. Authentication token/password 5.2.12, 5.2, 6.5.8, 8.1

theft / misconfigured 5.3.4, 5.4.2, 4.2 (8.1.1-8), 8.2
5.7.21 (8.2.1-6), 8.3

2. Deletion of logs and forensic 5.2.14, 1.2 10.1, 10.2

Evidence 6.1.7, 6.3.3
3. Compromise of trusted backup 7.3 2.5A 9.5,
data 9.6
4. Execution of malicious code 5.2.9 6.1 6.4,
6.5.2
Identification of Risk-Scenarios
Threats are ubiquitous and represent possible sources of negative impact to an organization.
Threats can be natural, environmental, social, technical and medical and can lead to
disruptions in operations which can adversely impact an organization.
Example: Identification of Risk-Scenarios

SN Threat category Threat-sources Risk Scenarios

1. Human Acts Of Human Error Or Failure Accidents, Disclosure Of

Passwords

2. Technical Software Failures OS/Database Crash

Hardware Failures HDD Damages

Obsolescence Outdated
Technologies

3. Forces Of Nature Natural Disaster Flood, Earthquakes

Environmental Pollution, Power Failure

Questions
Thanks!
Security Risk
Management – Part 2
Lecture 5
What is Risk Appetite?
Risk appetite, in short, refers to the level of risk that an organization is willing to accept or tolerate
in its pursuit of objectives. It represents the organization's willingness to take on risks in order to
achieve its goals, considering the potential negative consequences that may arise from those
risks. It defines the organization's comfort zone in terms of risk-taking and helps guide decision-
making processes related to risk management.

What is Risk Tolerance?

Risk tolerance, in short, refers to an organization's or individual's willingness or capacity to accept
and withstand the potential negative impacts or losses associated with a risk. It represents the
level of discomfort or loss that an organization or individual is willing to tolerate before taking
action to mitigate or manage the risk.
Example: Risk Appetite and Risk Tolerance
.

SN Threat Risk Scenarios Risk Appetite Risk

Category (Frequency per year) Tolerance
1. Human Accidents, Disclosure Of 15 ± 30%
Passwords

2. Technical OS/Database Crash 5 ± 10%

HDD Damages 5 ± 20%

Outdated 3 ± 20%
Technologies

3. Forces Of Flood, Earthquakes 1 ± 30%

Nature
Pollution, Power Failure 1 ± 30%
Risk Frequency Evaluation Likelihood Scale

Rating Likelihood Likelihood of Occurrence

0.1 Low Not expected, but there's a slight possibility it may occur
at some time

0.5 Moderate The event might occur at some time as there is a history
of casual occurrence

1 High There is a strong possibility the event will occur as there

is a history of frequent occurrence.
Example: Risk Likelihood Scaling
.
DIU Asset List For Risk Management
SL Asset Risk Scenarios Risk Frequency Evaluation Vulnerabilitie Risk
s Frequency
(Yes / No) Rating
1. DIU Core Teachers App Comment Yes 1
Software
Attendance App Comment Yes 1

HR&Admin App Comment No 0.5

2. Network Core Router Comment No 0.5

Equipment
IP Phone Comment No 0.1

Network Rack Comment No 0.1

3. Supporting Fire Extinguisher Comment No 0.1
Equipment
Risk Analysis - Impact Scale
impact – the amount of loss or damage if the risk happened

Likelihood X impact = level of risk (risk score)

Rating Magnitude Impact Definition

of Impact
Occurrence of the risk:
May result in stoppage of the service for DIU’s customer or serious disruption of service;
May result in the loss of resources or sensitive data; or
100 High May significantly harm, or impede the DIU’s mission, reputation or interest.

Occurrence of the risk:

May result disruption of service for the client
or users;
50 Moderate May increase customer dissatisfaction; or
May violate, harm, or impede the DIU’s mission, reputation or interest.

Occurrence of the risk:

May result disruption of service for certain
area of service or the branch;
10 Low May noticeably affect the DIU’s
mission, reputation or interest.
Example: Risk Analysis
. DIU Risk Analysis
SL Asset Risk Scenarios Risk Frequency Impact Level of Risk
Rating

1. DIU Core Teachers App 1 100 100

Software
Attendance App 1 100 100

HR&Admin App 0.5 50 25

X =
2. Network Core Router 0.5 50 25
Equipment
IP Phone 0.1 10 1

Network Rack 0.1 10 1

3. Supporting Fire Extinguisher 0.1 10 1

Equipment
Example: Risk Analysis
SN Level of Risk

1 100

2 100
Overall Risk Rating Calculation
3 25
253 ÷ 700 x 100 = 36.14 %
4 25
5 1

6 1

7 1

Total: 253
Overall Risk Rating - 36.14 %

Rating Value Condition

Strong 1 If the percentage is below 8%

Satisfactory 2 If the percentage is below or equal 16% and above or equal

8%
Fair 3 If the percentage is below or equal 25% and above16%

Marginal 4 If the percentage is below or equal 30% and above 25%

Unsatisfactory 5 Above 30%

36.14 % Unsatisfactory (Above 30%)

Questions
Thanks!
Incident Management
Lecture 6
Incident and Incident Management – IM?
The definition of an incident is something that happens, possibly as a result of something
else. A security incident is an event that may indicate that an organization's systems or
data have been compromised or that measures put in place to protect them have failed.

Incident Management is a set of defined processes to identify, analyze, prioritize, and

resolve security incidents to restore normal service operations as quickly as possible and
prevent future recurrence of the incident.
Incident Management (IM) Plan
1. Define the roles and responsibilities of the team. Ensure everyone on the team knows their role
and what they need to do to resolve an incident.

2. Establish procedures. Make sure that you have clear procedures for responding to different
types of security incidents. This will help ensure that everyone is on the same page when
resolving an incident.

3. Train employees. Train security and other staff to recognize and respond to various incidents.
This will help get the business back up and running with as little downtime as possible.

4. Create a communication plan. Make sure you have a communication plan and incident
response policy in place for sharing information about incidents with employees, customers, and
partners.

5. Test your plan. Testing your plan regularly ensures that it runs smoothly, functions effectively,
and is updated to account for new developments in business operations and cybersecurity.
Roles and Responsibilities of IM Team
1. Identifying incidents The first step in resolving an incident is identifying that it has occurred.
Incident managers must be able to promptly locate any issue that could impact business
operations

2. Resolving incidents. Once an incident has been identified, it is up to the incident manager to
fix it as quickly as possible. This often includes working with other departments to get things back
up and running

3. Reporting incidents Incident managers must provide regular reports on all happenings in their
organization. This helps prevent future incidents and keeps everyone up to date on the latest
information.

4. Training employees One of the critical responsibilities of an incident manager is training staff
on how to respond to different types of incidents. This includes teaching them about the
procedures that have been put in place and helping them understand the impact that an
incident can have on business operations
Benefits of an Incident Management Plan
1. Reduced downtime By quickly identifying and resolving incidents, businesses can minimize
the downtime their employees experience. This is especially important for companies that rely
on technology to do their work.

2. Improved customer service If an incident affects customers, companies must resolve the
issue as soon as possible. Incident management can help businesses do this properly and
efficiently.

3. Prevention of future incidents By identifying the root cause of incidents and fixing them,
companies can prevent the same types of incidents from happening again.

4. Improved communication One of the critical purposes of incident management is to

enhance communication between different departments and teams within an organization.
Good communication prevents duplication of efforts and ensures that everyone is on the same
page when responding to incidents.
Summary - Plan, Roles, Responsibilities
and Benefits

Incident Management (IM) Plan Roles and Responsibilities of Benefits of an Incident

IM Team Management Plan

1. Define The Roles And Identifying Incidents Reduced Downtime

Responsibilities Of The Team

2. Establish Procedures Resolving Incidents Improved Customer

Service

3. Train Employees. Reporting Incidents Prevention Of Future

Incidents

4. Create A Communication Plan Training Employees Improved

Communication

5. Test Your Plan

Incident Handling and Response - IH&R
Incident handling and response(IH&R) is the process of taking organized and careful steps
when reacting to a security incident or cyberattack. It’s a set of procedures, actions and
measures taken against an unexpected event occurrence.
Steps of IH&R Process
Step 1: Preparation The preparation phase includes performing an audit of resources and
assets to determine the purpose of security and define the rules, policies, and procedures that
drive the IH&R process. It also includes building and training an incident response team,
defining incident readiness procedures, and gathering required tools as well as training the
employees to secure their systems and accounts.

Step 2: Incident Recording and Assignment In this phase, the initial reporting and recording of
the incident take place. This phase handles identifying an incident and defining proper
incident communication plans for the employees and also includes communication methods
that involve informing IT support personnel or submitting an appropriate ticket.
Steps of IH&R Process
Step 3: Incident Triage In this phase, the identified security incidents are analyzed, validated,
categorized, and prioritized. The IH&R team further analyzes the compromised device to find
incident details such as the type of attack, its severity, target, impact, and method of
propagation, and any vulnerabilities it exploited.

Step 4: Notification In the notification phase, the IH&R team informs various stakeholders,
including management, third-party vendors, and clients, about the identified incident.

Step 5: Containment This phase helps to prevent the spread of infection to other
organizational assets, preventing additional damage.
Steps of IH&R Process
Step 6: Evidence Gathering and Forensic Analysis In this phase, the IH&R team accumulates
all possible evidence related to the incident and submits it to the forensic department for
investigation. Forensic analysis of an incident reveals details such as the method of attack,
vulnerabilities exploited, security mechanisms averted, network devices infected, and
applications compromised.

Step 7: Eradication In the eradication phase, the IH&R team removes or eliminates the root
cause of the incident and closes all the attack vectors to prevent similar incidents in the future.

Step 8: Recovery After eliminating the causes for the incidents, the IH&R team restores the
affected systems, services, resources, and data through recovery. It is the responsibility of the
incident response team to ensure that that the incident causes no disruption to the services or
business of the organization.
Steps of IH&R Process
Step 9: Post-Incident Activities Once the process is complete, the security incident requires
additional review and analysis before closing the matter. Conducting a final review is an
important step in the IH&R process that includes:

- Incident documentation
- Incident impact assessment
- Reviewing and revising policies
- Closing the investigation
- Incident disclosure
Questions
Thanks!
Compliance and Intellectual
Property
Lecture 7
Information Security Compliance
Information security compliance refers to the adherence of an organization or individual to a set of rules, regulations,
standards, and best practices designed to protect the confidentiality, integrity, and availability of sensitive information.
Importance of Information Security Compliance

1. Protection of Sensitive Data: Compliance measures help protect sensitive information from unauthorized access,
disclosure, alteration, or destruction.

2. Legal and Regulatory Requirements: Organizations must comply with various laws and regulations to avoid legal
consequences and penalties.

3. Risk Mitigation: Compliance helps identify and address potential security risks, reducing the likelihood of security
breaches and incidents.

4. Trust and Reputation: Demonstrating compliance can build trust with customers, partners, and stakeholders,
enhancing an organization's reputation.

5. Competitive Advantage: Compliance can be a competitive advantage, as customers may prefer doing business with
organizations that prioritize security.
Common Frameworks and Regulations
The concept of information security compliance is prevalent in various industries and often involves complying with
specific laws, regulations, or industry standards that are relevant to the handling of sensitive data. Some of the well-
known regulations and standards include:

1. General Data Protection Regulation (GDPR): A European Union (EU) law that focuses on data protection and privacy
for individuals within the EU. Organizations that handle the personal data of EU citizens need to comply with GDPR
requirements.

2. Health Insurance Portability and Accountability Act (HIPAA): Applicable to healthcare providers in the United
States, HIPAA sets standards for protecting patients' medical records and other personal health information.

3. Payment Card Industry Data Security Standard (PCI DSS): This standard applies to organizations that handle credit
card transactions and aims to protect cardholders' data from unauthorized access.
Common Frameworks and Regulations
4. ISO/IEC 27001: A widely recognized international standard that provides a systematic approach to managing
sensitive company information securely.

5. National Institute of Standards and Technology (NIST) Cybersecurity Framework: A set of guidelines and best
practices developed by NIST to improve the cybersecurity posture of organizations.
PCI DSS v4.0
The standard consists of 12 main requirements, which are grouped into six primary control objectives:

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data

across open, public networks

5. Use and regularly update anti-virus software or programs

6. Develop and maintain secure systems and applications

PCI DSS v4.0 (Cont.)
7. Restrict access to cardholder data by business need to know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

12. Maintain a policy that addresses information security for all personnel
Intellectual Property - IP
Intellectual property (IP) refers to creations of the mind, such as inventions, literary and artistic works, designs,
symbols, names, and images used in commerce. Intellectual property plays a crucial role in information security, as it
helps protect valuable assets and sensitive information from unauthorized use, copying, or distribution. The four
primary elements of intellectual property are as follows:
Elements of Intellectual Property
The four primary elements of intellectual property are as follows:

1. Copyright: Copyright protects original works of authorship fixed in a tangible medium of expression. The works
eligible for copyright protection include literary works (e.g., books, articles), artistic works (e.g., paintings,
photographs), music, films, software code, and other creative expressions. Copyright grants the creator exclusive
rights to reproduce, distribute, perform, display, and create derivative works based on their original work.

2. Patents: Patents provide inventors with exclusive rights to their inventions, typically for a limited period. To be
eligible for a patent, an invention must be novel, non-obvious, and useful. Patents cover new and useful processes,
machines, compositions of matter, or improvements to existing inventions. By obtaining a patent, inventors can
prevent others from making, using, selling, or importing their patented invention without permission.
Elements of Intellectual Property (Cont.)
3. Trademarks: Trademarks are symbols, names, phrases, logos, or other distinctive signs used to identify and
distinguish goods or services in the marketplace. They are essential for brand recognition and consumer trust.
Trademark protection grants the owner exclusive rights to use the mark in connection with specific goods or services
and to prevent others from using confusingly similar marks in the same or related business sectors.

4. Trade Secrets: Trade secrets are confidential business information that provides a competitive advantage. Unlike
other forms of intellectual property, trade secrets are not registered or publicly disclosed. Instead, their protection
relies on maintaining secrecy. Examples of trade secrets include manufacturing processes, customer lists, marketing
strategies, and proprietary formulas.
Questions
Thanks!
AI ML in Information
Security
Lecture 8
About AI and ML
AI (Artificial Intelligence) is the broader field of computer science focused on creating intelligent
machines that can perform tasks requiring human-like intelligence.

ML (Machine Learning) is a subset of AI that involves developing algorithms to enable machines

to learn from data and improve their performance without being explicitly programmed for
specific tasks.
Difference between AI and ML
The primary difference between AI and ML is their scope.
AI analyzes relationships between threats like malicious files, suspicious IP addresses
in seconds or minutes.
Machine learning can detect malware in encrypted traffic by analyzing encrypted traffic data
elements in common network telemetry.
AI and ML in Information Security
1. Threat Detection and Prevention: AI and ML algorithms are used to analyze vast amounts of
data from various sources, such as network traffic, system logs, and user behavior, to identify
patterns indicative of potential cyber threats. These technologies can detect anomalies and
suspicious activities in real-time, allowing security teams to respond swiftly and prevent
potential breaches.

2. Behavioral Analysis: Machine learning models can be trained to understand typical user
behavior within an organization. Deviations from normal patterns can signal unauthorized
access or insider threats. Behavioral analysis helps identify abnormal behavior and potential
security risks.

3. Malware Detection: AI-powered antivirus and anti-malware solutions can identify and block
new and previously unknown malware strains based on their behavior, code analysis, and other
characteristics. ML allows these solutions to evolve and adapt to new threats without requiring
constant manual updates.
AI and ML in Information Security (Cont.)
4. Phishing and Fraud Detection: AI can be used to analyze email content, URLs, and user
behavior to detect phishing attempts and fraudulent activities. Machine learning models can
recognize phishing patterns and reduce the likelihood of successful phishing attacks.

5. Network Security: AI can be used to monitor and analyze network traffic, identifying patterns
that indicate potential intrusions or suspicious activities. ML-based Intrusion Detection Systems
(IDS) and Intrusion Prevention Systems (IPS) can respond to threats in real-time.

6. Automated Incident Response: AI can assist in automating certain aspects of incident

response, such as prioritizing and categorizing incidents, performing initial triage, and
recommending remediation actions. This allows security teams to respond more efficiently to a
large number of incidents.
AI and ML in Information Security (Cont.)
7. User Authentication and Access Control: AI and ML can enhance user authentication
processes by continuously learning and verifying user behavior and devices to detect
anomalies or potential unauthorized access attempts.

8. Vulnerability Management: AI can help analyze and prioritize vulnerabilities in an

organization's systems by considering various factors such as the criticality of assets, the
likelihood of exploitation, and potential impact on the business.

9. Security Analytics and Reporting: AI can assist in generating security reports, identifying
trends, and providing insights into the overall security posture of an organization.
Example: Google Utilize AI And ML To
Secure User Data
1. Anomaly Detection: Google uses ML algorithms to analyze user behavior and account activity,
identifying patterns and detecting anomalies that may indicate suspicious or unauthorized access.

2. Account Protection: If a login attempt is deemed risky, additional security measures such as two-
factor authentication may be triggered to ensure the account's safety.

3. Password Security: Google's Password Manager uses AI to help users create strong and unique
passwords, as well as to detect and warn users about compromised or weak passwords.

4. Phishing and Malware Detection: AI is employed to analyze email content, URLs, and attachments
to detect and prevent phishing attempts and malware-laden messages in Gmail

5. Account Recovery and Identification: AI is used to analyze various data points during the account
recovery process to verify the account owner's identity and prevent unauthorized access.
Example: Google Utilize AI And ML To
Secure User Data

6. Suspicious Activity Alerts: If suspicious activity is detected, such as multiple login attempts from
different locations, Google can alert the user through email or notifications.

7. Spam and Fraud Detection: ML algorithms help detect and filter spam messages, fraudulent
activities, and potential scams across various Google services, ensuring a safer user experience.

8. Device Recognition: AI helps, If a new or unknown device is detected, additional authentication

steps may be required to ensure account security.

9. CAPTCHA and bot protection: AI assists in developing and improving CAPTCHA mechanisms that
can differentiate between human users and automated bots, ensuring that bots cannot easily
bypass security measures.
Thanks!
 Daffodil International University
Dept. of CSE
Information Security

Lecture 15
Personal Device Security (Antivirus and Firewall)
 Personal Device Security

Device security refers to the protection of a devices'

hardware and the data that it holds. It can be
implemented using antivirus, passwords, encryption,
and firewalls, and denying physical access to a
computer's location.
What is Antivirus

❏ Antivirus is a kind of software / type of computer program

❏ Designed to seek out and remove computer viruses that have infected your
computer.
❏ They can also block your system from getting infected with new viruses.
❏ Antivirus software, also known as a virus scanner
How Antivirus Works

❏ When you install any antivirus software, it usually comes with preloaded information of the existing and
popular viruses in the world.
❏ When you run antivirus software, it matches your computer’s information and the preloaded information.
When there is a match, you will be notified of the same. You can delete the affected files manually by
choosing the clean, clear, or delete option in the antivirus software.
❏ In addition, you can change the settings to automatically delete such malware or viruses in the future as
well.
Features of Antivirus Software:

❏Background Scanning or on-access scanning

❏Complete System Scan
❏Virus Definition
How does an Antivirus work?
How traditional antivirus works?

❏ Signature-based detection -
❏ This is most basic in any traditional antivirus programming
❏ This is a very effective approach as it prevents from all existing viruses but as
it works only on the stored definitions of viruses, it is not effective for new virus
(or that are not stored in the library) so a regular updation is required for such
antiviruses.
How traditional antivirus works?

❏ For example a program 10235 is considered as virus and stored in the library of
antivirus as a virus signature then if the computer finds a program 10235 in the
computer while scanning then it considers it as a virus and alerts the user to
choose the required action on the virus (like remove, repair or no action).
How traditional antivirus works?

❏ Heuristic-based detection –
❏ The heuristic-based detection generally works better in combination with
signature-based detection.
❏ Both Hueristic and signature-based detection, when combined, make the
antivirus more effective.
❏ The Heuristic-based detection has been most used in all the antivirus
software.
How traditional antivirus works?
Behavioral-based recognition
❏ Behavioral-based recognition -
❏ This is also one of the main detection technique to search the virus
❏ Which is also called as intrusion detection mechanism.
❏ This detects the behavior of malware
❏ This will only detect the malware when malware tries to corrupt other
files of your computer
❏ For example, code that attempts to perform unauthorized or abnormal
actions would indicate the object is malicious, or at least suspicious.
Some examples of behaviors that potentially signal danger include
modifying or deleting large numbers of files, monitoring keystrokes,
changing settings of other programs and remotely connecting to
computers.
Data mining techniques

❏ Data mining strategies - This is one of the most recent patterns in recognizing
a malware. With an arrangement of the traits of a program, Data mining finds
if the file or an application is a malware.
How to Infect Systems Using a Fake Antivirus
Firewall
In computing, a Firewall is a network security system that monitors and controls
incoming and outgoing network traffic based on predetermined security rules.
A firewall typically establishes a barrier between a trusted network and an
untrusted network, such as the Internet.

Fig: Firewall allowing Good Traffic

Fig: Firewall blocking Bad Traffic

How Does a Firewall Work
Think of the firewall like a gatekeeper at your computer’s entry point which only
allows trusted sources, or IP addresses, to enter your network.

• Distinguishes between good and malicious traffic

• Allows or blocks specific data packets on pre-established security rules.
• Rules are based on several aspects indicated by the packet data, like their
source, destination, content, and so on
• Blocks traffic coming from suspicious sources to prevent cyberattacks.
Types of Firewall
Five types of firewall include the following:
● packet filtering firewall
● circuit-level gateway
● application-level gateway (aka proxy firewall)
● stateful inspection firewall
● next-generation firewall (NGFW)
Packet filtering firewall :
 Circuit-level gateway

● Circuit-level gateways work at the session layer of the OSI model.

● Circuit level firewall verifies TCP and UDP connections between source and destination before
data is exchanged.
● These firewalls do not check the packet itself. So, if a packet contains malware, it would pass
right through.
 Application-level gateway

● Proxy firewall (Application layer) operates at the application layer (application layer protocols
HTTP, SMTP, DHCP, FTP, etc…) to filter incoming traffic between your network and outside
network.
● A proxy firewall is configured to allow only certain types of traffic to pass (for example, HTTP
files, or web pages).
● It is also called web application firewall.
● Like a security guard, it monitors incoming data. If no problem is detected, the data is allowed to
enter.
Stateful inspection firewall
 Next generation Firewall

● Next generation Firewall are evolved to block modern threats such as advanced malware
and application-layer attacks.
● They have the capabilities of traditional firewalls but also have some additional features.
● Deep packet inspection allows firewall to inspects packet payloads and application
accessed by the packets
● Application awareness: Enables firewall to check which applications are running and
which ports are open.
● Encrypted traffic inspection.
● Intrusion prevention systems to automatically stop attacks against your network.
Differences between Anti-virus and Firewall
Thank You
Daffodil International University
Dept. of CSE
Information Security

Lecture
Personal Device Security(Contd.)
Personal Device Security-Intrusion Detection System (IDS)
An Intrusion Detection System (IDS) is a monitoring system that detects suspicious
activities and generates alerts when they are detected.
How an IDS detects an intrusion?
Personal Device Security-Intrusion Prevention System (IPS)
An intrusion prevention system (IPS) is a network security technology that
continuously monitors network traffic for suspicious activity and takes steps to
prevent it.
Personal Device Security- Honeypot
A honeypot in cyber security is a trap set to lure or trap hackers. This can be
done by using a decoy or false data, a fake server, or a false user. A honeypot can
help an administrator learn more about their hacker and attack patterns.

Fig: Honeypot Placement in a System

Thank You
Daffodil International University
Dept. of CSE
Information Security

Lecture 17
Introduction to Cryptography
Cryptography
Cryptography is the practice of concealing information by converting
plaintext (readable format) into ciphertext (unreadable format) using a key
or encryption scheme.

Fig 1: Encryption Process

Types of Cryptography

Cryptography is categorized into two types according to the number of keys employed for
encryption and decryption.

Symmetric Encryption Asymmetric Encryption

Symmetric Encryption
• Sender and receiver use same digital key to encrypt and decrypt message
• Requires different set of keys for each transaction
• Strength of encryption
-Fixed Length of binary key used to encrypt data
• Sending secret key is a challenge
• Faster and consumes less computational energy than asymmetric key
■ Data Encryption Standard (DES)
• The plaintext and cipher text is of 64 bits and 56 bit encryption key.
• 3DES is used to ensure security
■ Advanced Encryption Standard (AES)
• Most widely used symmetric key encryption
• Uses 128-, 192-, and 256-bit plaintext, cipher text and encryption keys
• Other standards use keys with up to 2,048 bits
Asymmetric Encryption
• Uses two mathematically related digital keys
❖ Public key (widely disseminated)
❖ Private key (kept secret by owner)
• Both keys used to encrypt and decrypt message
• Once key used to encrypt message, same key cannot be used to decrypt message
• Sender uses recipient’s public key to encrypt message; recipient uses private key to
decrypt it
• Slower and consumes more computational energy
• Ex: RSA, DSA Algorithm
Message Digest (One way Hash Function)
• Mathematical algorithm that produces fixed-length number called message or hash
digests. Ex: MD5, SHA.
Thank You
Lecture 18
BlockChain
 Blockchain

A blockchain is a constantly growing distributed ledger which keeps

a permanent record of all the transactions that have taken place in a
secure, chronological, and immutable way.

2
 Features of Blockchain

Transparency Integrity
. 01 04

Security Features of Anonymity

. 02 05
Blockchain

Immutability Decentralization
03 06

3
 Features of Blockchain
1.Transparency is a key feature of blockchain technology, contributing to its trustworthiness
and widespread appeal across various sectors. It refers to the ability of all participants in a
blockchain network to view transactions and data stored on the distributed ledger. This
openness ensures that users can verify and audit transactions independently, promoting
accountability and trust without the need for intermediaries.

2. Security - Cryptographic hashing algorithm is used for hashing. Further fixed-length has
output value is generated irrespective of the input data length. This makes it difficult to hack.
Also, the components that go into block generation increases the difficulty level for hacking.
Immutability is another factor adding to securing information. Thus the systemic aspect of
BCT inherently provides security.

3. Immutability means something that can’t be changed or altered. This is one of the top
blockchain features that help to ensure that the technology will remain as it is – a permanent,
unalterable network.
4
 Features of Blockchain
4. Integrity : By design, blockchains are inherently resistant to the modification of data. Blockchain
ledgers are immutable, meaning that if data additions or transactions have been made, it cannot be
edited or deleted. Moreover, blockchains are not only a data structure, but also a timekeeping
mechanism for the data structure. Therefore, proof of the history of data is easily reportable and
updated to the second.
One aspect of blockchain technology that is particularly important for improved data integrity is the
Merkle Tree. This ensures the integrity of the data in the blockchain. A Merkle Tree is a fundamental
component of blockchains which uses cryptographic hash functions.

5. Anonymity : Blockchain offers the feature of anonymity as well. The identity of all the
participating entities is kept anonymous or pseudo anonymous

6. Decentralization : Blockchain technology is a decentralized system, which means that there is no

central authority controlling the network. Instead, the network is made up of a large number of nodes
that work together to verify and validate transactions. Each and every node in the blockchain network
will have the same copy of the ledger.
5
 Chain of blocks
Genesis Block

● Decentralized , Distributed ledger

● Chain of Blocks
● Each block has
○ Data Hash : 2Zb1

○ Hash
Hash : 7B2Z Hash : 3DF5
Previous Hash : 000
Previous Hash : 2ZB1 Previous Hash : 7B2Z

○ Hash of the previous block

6
Hashing and public key cryptography in Blockchain

Malicious user

: 7B2Z

● Each block contains the hash of previous block

● Public key : User identity
● Private key : Sign in Password

7
 Bitcoin
● Is an application of blockchain technology

● Enabled online payments to be transferred directly, without an intermediary.

2008 2009 2011

Idea was published under Start of the Bitcoin Fist cryptocurrency stock
the pseudonym Satoshi Network
Nakamoto exchange is launched

8
 Bitcoin

● A Peer-to-Peer Electronic Cash System

● Every single person on the network has a copy of the ledger.

9
 Ethereum

● Second-largest cryptocurrency platform

● Extends blockchain capabilities with smart contracts
● Smart contract = code running as part of transactions

2013 2014

Vitalik Buterin publishes the The development of the

ethereum whitepaper. Ethereum platform was publicly
announced.

10
 Smart Contract

● Self-operating computer program

● Automatically executes when specific conditions are met.
● Facilitate the exchange of money, content, property, shares, or anything of

value.
Example :

11
Smart Contract

12
Ethereum Vs Bitcoin

13
Thank You
Lecture 19

Cyber Law
 Cyber Law
Cyber law, also known as Internet Law. It is any law that applies to the internet and internet-related technologies.
Cyber law is one of the newest areas of the legal system. This is because internet technology develops at such a rapid
pace. Cyber law provides legal protections to people using the internet.

Cyber law covers a fairly broad area, encompassing:

■ Freedom of expression
■Access to and usage of the Internet
■ Online privacy
Cyber Law in Bangladesh
 Cyber Law in Bangladesh- Digital Security Act-2023
The Digital Security Act 2023 in Bangladesh is the latest amendment or continuation of the previous Digital
Security Act 2018, designed to regulate and address issues related to cybersecurity, online safety, and digital
crimes.

Section 18:
Unauthorized Access and Assistance in Unauthorized Access

1) If any person, with intent, 2) a. If anyone commits an offense under subsection

a. Gains unauthorized access to any (1) (a), they shall face imprisonment of up to six
computer, digital device, computer (6) months or a fine of up to 200,000 BDT, or both.
system, or computer network, or
assists someone in doing so; or b. If anyone commits an offense under subsection
(1)(b), they shall face imprisonment of up to three
b. Attempts unauthorized access or (3) years or a fine of up to 1,000,000 BDT, or both.
assists in attempting unauthorized
access to any computer, digital device, 3) If the offense committed under subsection (1)
computer system, or computer network results in substantial harm or breach of security in
with the intent of committing an any computer, digital device, or computer network,
offense, then such actions shall the offender shall face imprisonment of up to three
constitute an offense. (3) years or a fine of up to 1,000,000 BDT, or both.
 Cyber Law in Bangladesh- Digital Security Act-2023
Section 19:
Damage to Computer, Computer System, and Digital Information

1) If any person intentionally: d. Attempts to create or spread any virus or harmful

a. Damages, modifies, tampers with, or attempts code that could damage a computer, computer system,
unauthorized access to any computer, computer or network;
system, or computer network, including
disrupting data, interfering with stored or e. Illegally produces, distributes, or attempts to
location-based information, or obstructing distribute
access to a computer or data; any unauthorized product or service intended to harm
computer systems, devices, or networks;
b. Attempts to introduce any harmful code, f. Accesses a computer, computer system, or network
malware, or ransomware in order to cause without authorization to gather, alter, or tamper with data
damage or interfere with any computer, system, for personal gain or any other improper purpose,
or network;
c. Deliberately damages or attempts to damage -then such actions shall constitute an offense.
or corrupt any data, device, system, or network
by means of any tool, device, or method 2) If an individual commits any offense under subsection (1),
intended to compromise the security or integrity they may face imprisonment for up to seven (7) years, or a fine
of the digital information, computer, or system; of up to 11,000,000 BDT, or both.
Cyber Law in Bangladesh- Digital Security Act 2023
Cyber Law in Bangladesh- Digital Security Act-2023
Cyber Law in Bangladesh- Digital Security Act-2023
Section 32:
Hacking-Related Offense and Penalty

1) If any person commits hacking, it shall be considered an offense. The

individual may face imprisonment for up to fourteen (14) years, or a
fine of up to 10 million BDT, or both.

2) For the purposes of this section, “hacking” is defined as:

a. Illegally accessing, stealing, deleting, modifying, altering, or
tampering with any data or information in a computer, computer
system, or network without authorization, with the intention to harm,
degrade, or disrupt its functionality or value.

b. Accessing any computer, server, computer network, or other

electronic systems without permission to cause intentional damage,
harm, or interference.