Professional Documents
Culture Documents
Have you ever wondered about the privacy and security of your data over the internet? You
might have seen the apple advertisement where they have mentioned that some things
shouldn’t be shared. So what did you understand from that? From this they wanted to convey
that privacy of data is important and they do care of it. This implies that security of data and
applications are important so now questions arise how to protect the data and from whom. After
this module you will get to know how important cybersecurity is in today's life. We will be
covering following topics in this module:
<Video Placeholder>
Questions 10 0
with 1 Attempt
Shashank Bajpai
Shashank is currently working as a Chief Information Security Officer at ECGC Ltd. He has over
10+ years of experience in the cybersecurity domain. He has worked in various companies like
Jio, BSE India, Acko and others. He has a deep knowledge of various tools and technologies
used today.
Everyone is using the internet nowadays. Have you ever wondered how it works? While sending
a text to your close friend in India, have you ever thought about how the internet knows where
your friend is and delivers the text? Why doesn't your text go to Australia and then US and just
travelling here and there and not able to find your friend? All of these things you will be able to
know in this session by learning below mentioned topics:
The Internet plays a very important role in day to day life. Can you imagine a day or a week
without the internet? So in this session we will cover a few important aspects of the internet.
<Video1 placeholder>
Shashank Bajpai
Shashank is currently working as a Chief Information Security Officer at ECGC Ltd. He has over
10+ years of experience in the Cybersecurity domain. He has worked in various companies like
JIO, BSE India, Acko and others. He has a deep knowledge of various tools and technologies
used today.
Sandeep Sinha
Sandeep is a Software Developer with more than two years of experience. He is currently
working under AJIO.com as a Software Development Engineer. He was previously working as a
Software Developer at Capgemini.
The Internet is nothing but a worldwide network of computers all of which work together. It is a
global communication system that links thousands of individual networks. The Internet enables
the transfer of messages through email, chat, video and so on, functioning as a medium to
exchange information between two or more computers. Have you ever wondered how the idea
of the Internet was conceived and what triggered it? Let’s hear from our SME Sandeep in the
next video about the history of the Internet and its definition.
<Video2 placeholder>
In-Video Question
Video 1 - 1:09
The first Internet network was known as?
a. ARPANET
b. DARPA
c. INTRANET
d. INTERNET
Correct Answer: a
Number of attempts: 2
Feedback for option a: ARPANET was the network that became the basis for the Internet.
It was made by the Advanced Research Projects Agency of the United States Department of
Defense.
Feedback for option b: The Defense Advanced Research Projects Agency is a research
and development agency of the United States Department of Defense.
Feedback for option c: An intranet is a computer network used for sharing information,
collaboration tools, operational systems and other computing services within an
organisation, usually to the exclusion of access by outsiders.
Feedback for option d: The Internet is a more comprehensive network that allows
computer networks around the world run by companies, governments, universities and other
organisations to talk to one another.
Platform Text
The Internet can be considered to have two broader categories of devices: clients and servers.
The machines which provide services to others are called servers, and those that consume
such services are called clients. When you connect to the upGrad website, there are a host of
machines working in the background to serve your request, which can be called servers. The
machine from which you are trying to access the upGrad website is known as the client
machine. Let’s understand more about the client-server relationship in the video.
<Video3 placeholder>
In this segment we have understood the history of the internet, how it got evolved and the client
server relationship. In the next segment you will learn about the IP addresses and the need for
them.
Segment 3: IP Address
Platform Text
In the previous segment we have learnt the basics of the internet and now we are going to
understand the Internet Protocol (IP) address.
IP address is a numerical label assigned to each device on a network accessing the Internet. The
IP address helps in sending data/information to the specified computers on the network. IP
addresses can be dynamic or static, depending on the Internet Service Providers (ISP). The range
of the IP addresses is usually represented in the dot-decimal notation, consisting of four decimal
numbers, each ranging from 0 to 255, separated by dots. Let’s learn more about IP addresses in
the video.
<Video4 placeholder>
In-Video Question
Video 4 - 3:43
Which of the following is not a correct IP address?
a. 192.189.124.244
b. 145.233.252.1
c. 119.242.342.65
d. 76.130.230.55
Correct Answer: c
Number of attempts: 2
Feedback for option c: Correct, the range of the IP addresses is usually represented in a
dot-decimal notation, consisting of four decimal numbers, each ranging from 0 to 255,
separated by dots. But in this case, the third number after the dot is greater than 255.
Platform Text
IP address is a unique identifier, it allows computers to send and receive information to and
from specific computers in a given network. If a computer is unable to configure a valid IP
address, it can't connect to a network. Let’s understand more about the need of IP addresses in
the following video.
<Video5 placeholder>
In this segment we have understood the IP addresses and the need for them. In the next
segment you will learn about Caching and Domain Name Servers.
In the last segment we have learnt what are IP addresses and why do we need those and now
we are going to understand what is caching and Domain Name Servers (DNS).
Caching is nothing but a technique by which the copy of a given resource is stored and returned
back when requested. It helps in faster loading of web pages by helping the browser to not
download the content again while revisiting the same web pages. This eases the load on the
server while improving the performance on the client side.
<Video6 placeholder>
Platform Text
And there is another term known as Domain Name System (DNS), which functions as a
phonebook of the Internet. We access the Internet through domain names, like upgrad.com,
youtube.com, etc. The web browsers will utilise the Internet Protocol (IP) address to match with
the domain names to load the internet resources. The IP address will be easily sought with the
help of caching, as discussed earlier. The following video explains the different types of caching
and the concept of DNS briefly and how they both work together to load a website.
<Video7 placeholder>
In-Video Question
Video 7 - 3:44
The function of Domain Name System (DNS) protocol is to _______________.
a. Transfer files across the network.
b. Resolve domain names to IP address.
c. Dynamically assign IP address to any host over the network.
d. Synchronise clock times in a network.
Correct Answer: b
Number of attempts: 2
Feedback for option a: FTP is responsible for transferring files over the network.
Feedback for option b: The DNS protocol is responsible for resolving domain names to a
specific IP address.
Feedback for option c: DHCP is a protocol used to dynamically assign IP addresses to
any host over the network.
Feedback for option d: NTP is a protocol responsible for synchronising clock times in a
network.
Out-of-Video Question
The default port number used by Domain Name Server (DNS) is:
a. 80
b. 21
c. 22
d. 53
Correct Answer: d
Number of attempts: 2
Feedback for option a: Port number 80 is used by HTTP as a default port for establishing
connection between any HTTP clients.
Feedback for option b: Port number 21 is used by FTP as a default port for establishing
connection between two computers.
Feedback for option c: Port number 22 is used by SSH as a default port for client
connections.
Feedback for option d: Port number 53 is used by DNS as a default port for transmitting
DNS queries.
In this segment we have understood the Caching, Domain Name Servers and how they both
work together to find the IP address of a website. In the next segment you will learn about the
need of Secure IP connectivity and DNS security.
In the last segment we have understood what is Caching, DNS and working. Now in this
segment we will understand why we need secure IP connectivity and DNS security.
Have you ever wondered what will happen if your IP address is exposed or not secured? If a
hacker has your IP address, they could harm you with several types of attack. In the following
video we will understand why and how we can ensure the security of IP address and DNS.
<Video8 placeholder>
In-Video Question
Video 8 - 1:12
Which of the following is true about VPN?
a. It is a tool that authenticates the communication between a device and a secure network.
b. VPN creates a secure, encrypted channel across the open internet.
c. It is typically based on IPsec or SSL.
d. All of the above
Correct Answer: d
Number of attempts: 2
Feedback for option a: Correct but incomplete option, this is true that VPN authenticates
the communication between a device and a secure network.
Feedback for option b: Correct but incomplete option, this is true that VPN creates a
secure, encrypted channel.
Feedback for option c: Correct but incomplete option, this is true that VPN is based on
IPSec and SSL.
Feedback for option d: Correct because VPN is an IPsec- or SSL-based tool that
authenticates the communication between a device and a secure network, creating a
secure, encrypted channel across the open internet.
In this segment we have understood the need of secure IP connectivity and DNS security. In
this segment you will learn a few basic networking commands.
In the last segment we have understood the need of secure IP connectivity and DNS security.
Now in this session we will see what are the basic and needful commands for networking.
The networking commands are utilities which are used for network troubleshooting. In the
following video we will see various most important networking commands which are essentials
or useful for every network administrator.
<Video9 placeholder>
Out-of-Video Question
Which command is used to measure the time taken by the packets to return from a specific
destination sent to check connection?
a. nslookup
b. traceroute
c. ping
d. Ifconfig
Correct Answer: c
Number of attempts: 2
Feedback for option a: The nslookup command is used to query DNS for the IP address
of any given domain or domain name specific to any given IP address, e.g., nslookup
www.google.com.
Feedback for option b: The traceroute command is used to find the IP addresses of all the
routers which are pinged in when a packet is transferred from the source to the destination,
e.g., traceroute www.google.com.
Feedback for option c: The ping command is used to check the connectivity between the
source and the destination by measuring the time taken by a packet to return from a
particular destination, e.g., ping www.google.com.
Feedback for option d: The ifconfig command is used to assign an address to a network
interface or configure any network interface, e.g., ifconfig.
Out-of-Video Question
What is the use of tracert command?
a. To trace the url IP address
b. To trace the MAC address
c. To trace the path that an Internet Protocol (IP) packet takes to its
destination
d. None of the above
Correct answer: c
Number of attempts: 2
Feedback for option b: tracert is not used to trace the MAC address.
Feedback for option c: tracert is used to trace the path that an Internet Protocol
(IP) packet takes to its destination.
In the last session we understood the basics of the internet, what are IP addresses and the
DNS. We also learnt the need of secure IP connectivity and DNS security followed by some
basic networking commands. In this session we will introduce cybersecurity and the need for it?
Cyber security is the application of technologies and controls to protect systems, networks,
programs, devices and data from cyber attacks. We will understand why we need cybersecurity
and then we will see how cybersecurity comes in the picture and evolution. Later in this session
we will learn some important terms.
<Video1 placeholder>
Shashank Bajpai
Shashank is currently working as a Chief Information Security Officer at ECGC Ltd. He has over
10+ years of experience in the Cybersecurity domain. He has worked in various companies like
JIO, BSE India, Acko and others. He has a deep knowledge of various tools and technologies
used today.
Segment 2: Importance and need of Cybersecurity
Platform Text
<Video2 placeholder>
Out-of-Video Question
For which of the following purposes can a computer virus be used?
a) Corrupt data in your computer
b) Log users' keystrokes
c) Access private data such as user IDs and passwords
d) All of the above
Correct answer: d
Now we know what role cybersecurity plays in today's world and what exactly is the need. In the
next segment let's understand what exactly cybersecurity is?
Cybersecurity is the state or process of protecting and recovering computer systems, networks,
devices, and programs from any type of cyber attack. So in this segment we will learn what
exactly is cybersecurity and some important definitions. Later in the segment we will understand
the role of cybersecurity in real world application with the help of example.
<Video2 placeholder>
Subjective:
According to you, what is cybersecurity?
5-100 words
Out-of-Video Question
State whether the following statement is true or false.
Computer security is a battle of wits between a perpetrator who tries to find holes
and an administrator who tries to close them.
a) True
b) False
Correct answer: a
In this session we understood what cybersecurity is and why do we need it. In the next session
we will learn the terminologies and the challenges of the cybersecurity domain.
In the last session we understood what is cybersecurity and why do we need it. Like every other
field this field also has some challenges which cybersecurity professionals are facing. So we will
cover a few challenges in this session. Also, we will understand the three principles of
enterprise security and understand the same via case study of real world scenarios.
<Video1 placeholder>
Shashank Bajpai
Shashank is currently working as a Chief Information Security Officer at ECGC Ltd. He has over
10+ years of experience in the Cybersecurity domain. He has worked in various companies like
JIO, BSE India, Acko and others. He has a deep knowledge of various tools and technologies
used today.
Cybersecurity is becoming tougher every year as cybercriminals perform new attacks, exploit
new vulnerabilities, and execute new attacks constantly. While regulatory institutions change
and improve standards. Your task is to be fully prepared to face these challenges. So let's
understand in this segment that what are the things which are helping hackers/attacker to
make cybersecurity challenging.
<Video2 placeholder>
Segment 3: CIA Triad : Three principle of enterprise
security
Platform Text
In the information security domain “CIA” has nothing to do with a US Central Intelligence
Agency. These three letters stand for confidentiality, integrity and availability. This is
considered the core factor of the majority of IT security. In this segment we will understand
what each of them mean and the role they play.
<Video3 placeholder>
Out-of-Video Question
Which of the following means that you are protecting your data from getting
disclosed?
a) Confidentiality
b) Integrity
c) Authentication
d) Availability
Correct answer: a
<Video4 placeholder>
Out-of-Video Question
Fill in the blank with the appropriate option.
Correct answer: d
Out-of-Video Question
Fill in the blank with the appropriate option.
Correct answer: a
Feedback for option a: Data encryption is a method of converting plaintext to
cipher text, and only authorised users can decrypt the message back to plain text.
This preserves the confidentiality of data.
Feedback for option b: This option is incorrect because sharing does not make
sure that data is confidential as it can be accessed by multiple people.
Feedback for option c: This option is incorrect because deleting data does not
make it confidential; rather, it will make it inaccessible.
Feedback for option d: This option is incorrect because backup can guarantee the
availability of data even if something happens to data but not confidentiality.
In this session we got to know about the challenges of this domain. Also we understood the
three principles of enterprise security with the help of ATM case study. In the next session we
will learn about the hacking/hackers and their types.
In the last session we understood the cybersecurity challenges and the CIA triad.
You may have heard the news that this company website got hacked or someone precious data
got leaked. So have you ever wondered/thought who are the persons responsible for and what
are their intentions? In this session you will learn what is hacking or who is a hacker along with
the different types. Later in this session you will learn about the different teams in this
cybersecurity domain and the relation between threat, vulnerability, and risks.
<Video1 placeholder>
Shashank Bajpai
Chief Information Security Officer at ECGC Ltd.
Shashank is currently working as a Chief Information Security Officer at ECGC Ltd. He has over
10+ years of experience in the Cybersecurity domain. He has worked in various companies like
JIO, BSE India, Acko and others. He has a deep knowledge of various tools and technologies
used today.
Hacking is the unauthorised access or control over computer network security systems for
some illegal purpose. This is done through cracking of passwords and codes which gives access
to the systems. There are many reasons or intentions behind this. Let’s hear from our SME
Shashank what is hacking and why people do it or the motive behind this.
<Video2 placeholder>
Out-of-Video Question
State whether the following statement is true or false.
Correct answer: b
Feedback for option a: This option is incorrect because a hacker can get trapped
in security controls if they are not aware of the target systems.
Feedback for option b: Information gathering is important so that a hacker can
get to know the target system or victim well.
Have you thought about why Windows or Android devices are more targeted by the hackers.
There is a very interesting reason behind this. Let’s get the answer in the video below.
<Video3 placeholder>
People generally attract more towards common/popular things. Same thing applies to hacking,
we understand that more the number of users, more will be the hacking activities towards that
particular user group. In the coming segment we will understand who does these kinds of
activities and their types.
In the last segment we have understood the hacking and purpose or motive behind these kinds
of activities. So now the question arises: who carries out hacking attacks? If it is done by normal
people so how to segregate those from normal people. Are there any types by which we can
differentiate them. Let’s see the video and find the answers.
<Video4 placeholder>
We generally level people in the workplace on their skills basis. Skills come with time or
experience. In general, we notice that freshers are less skilled as compared to people who are
working from past few years in the same domain. Hackers also have varied skills - some have
less skills and some have more skills. Let’s understand in the video what are the different levels
of hackers.
<Video5 placeholder>
Out-of-Video Question
State whether the following statement is true or false.
An ethical hacker must have the skills of understanding the problem, have
networking knowledge and know how the technology works.
a) True
b) False
Correct answer: a
Feedback for option a: He needs to have the skills of understanding the problem,
have networking knowledge and know how the technology works.
Feedback for option b: This option is incorrect because without skills, it is
difficult for any hacker to gain unauthorised control and/or perform breaches.
Out-of-Video Question
Which of the following types of hackers helps in finding bugs and vulnerabilities in
a system and do not intend to crack it?
a) Black hat hackers
b) White hat hackers
c) Grey hat hackers
d) Red hat hackers
Correct answer: b
Feedback for option a: This option is incorrect because black hat hackers are
involved in exploiting bugs, which leads to data breaches.
Feedback for option b: White Hat Hackers are cybersecurity professionals who
have the intent to identify the loopholes to secure a system and help firms and
governments.
Feedback for option c: This option is incorrect because grey hat hackers
intentionally hack the systems but do not disclose their methodologies.
Feedback for option d: This option is incorrect because red hat Hackers is not a
concept.
In the last segment we got to know about the hackers and different types/levels. That was from
a hacker perspective, do we have any team or specific names allotted to people working in
different organisations on the defensive side? In this session we will get to know about the
teams who are working from the cybersecurity side to ensure the security of cyberspace.
<Video6 placeholder>
In the last segment we have learnt the teams who are working for cybersecurity to ensure the
security of cyberspace. In this session we will understand the relationship between threat,
vulnerability and risk. We will also understand the different types of threat, vulnerability and
risk.
<Video7 placeholder>
Vulnerability: These are the weaknesses or gaps in a security that can be exploited by threats
to gain unauthorized access to an asset.
Risk: These are the potentials for loss, damage or destruction of an asset as a result of a threat
exploiting a vulnerability.
Out-of-Video Question
Which of the following is a danger leading to compromise in cybersecurity?
a) Threat
b) Vulnerability
c) Exploit
d) Attack
Correct answer: a
Feedback for option a: A threat is a danger that may lead to breach of
cybersecurity and may cause possible harm to the system or the network.
Feedback for option b: This option is incorrect because vulnerability is the
existing flaw in the system that may or may not be exploited.
Feedback for option c: This option is incorrect because exploit is a successful
cyber breach of vulnerability by a hacker.
Feedback for option d: This option is incorrect because attack is the overall
scenario of hacking.
In this session we understood what is hacking or who are hackers and what are the different
types of each. Also the various teams working for cyber security and the relationship between
threat, vulnerability and risk. In the next session we will understand the security technologies
and different domains of cyber security.
In the last session we understood what is hacking or who are hackers and what are the
different types of each. Also the various teams working for cyber security and the relationship
between threat, vulnerability and risk. Now in this session we will understand the layered
approach which every industry follows to prevent the organisation from cyber attacks. First we
will understand each layer and what are the technologies used in that layer and then we will
understand what kind of attacks these layers prevent. We will also understand the organisation
wise team structure and what are their roles and responsibilities.
<Video1 placeholder>
Shashank is currently working as a Chief Information Security Officer at ECGC Ltd. He has over
10+ years of experience in the Cybersecurity domain. He has worked in various companies like
JIO, BSE India, Acko and others. He has a deep knowledge of various tools and technologies
used today.
In winters, we often wear multiple layers of clothes to protect us from the cold. The same goes
for IT network security: more the layers you have, better will be the protection. Let’s here from
our SME Shashank about the layers of security and what are the roles of each.
<Video2 placeholder>
Correct answer: a
In the last segment we understood all the 5 layers of security. In this session let’s understand
what kind of attack each layer prevents. We will understand how an organisation implements
all 5 layers to prevent itself from cyber attacks.
<Video3 placeholder>
We have understood the purpose and the different technologies used at each layer. Let’s
understand the positions available in each organisation to defend from hackers/outsiders in the
next segment.
In-Video Question
Which of the following is examined by a hardware (HW) firewall?
a) Email users
b) Updates
c) Data packets
d) Connections
Correct answer: c
Out-of-Video Question
Which of the following is a data security consideration?
a. Backups
b. Archival storage
c. Disposal of data
d. All of the above
Correct answer: d
Feedback for option a: Backups are part of security considerations because you
can access data from the backup if the original data is compromised.
Feedback for option b: Archival storage is a source for data that is not needed for
an organisation's everyday operations but may have to be accessed occasionally.
Feedback for option c: Whether you are planning to discard, recycle, reuse or
maybe even sell your computer, this ensures that the information stored on your
system is either removed or ‘sanitised’ or completely deleted or destroyed.
Feedback for option d: All of the above are data security considerations.
Segment 4: - Organisation team structure - |
Platform Text
In the last segment, we understood how an organisation implements all 5 layers to prevent
itself from cyber attacks. Each domain has specific positions and roles in the organisation, so
also the cybersecurity have its own position/team structure. In this session we will understand
what are the teams/positions in each organisation for the cybersecurity domain and their
responsibilities.
<Video4 placeholder>
We have understood the positions and the role of each position inside the organisation but there
are more things which also play important roles in the security of organisation. Let’s understand
more things in the next segment.
Out-of-Video Question
Which of the following ways CISOs often expected to represent the company?
a. Compliance
b. Marketing
c. Finance
d. Operations
Correct answer: a
<Video5 placeholder>
In this session we understood the layers of security and the different technologies used in each
layer. We also got to know about the different teams working in the organisation to improve
the security and prevent the organisation from hackers/outsiders. In the next session we will
understand the cyber attacks and the different types of it.
In the last session we understood the layers of security and the organisation wise cybersecurity
team/positions with their responsibilities. you might have received a fake email including some
interesting offer or some email like you won some x amount in this lautory please provide your
bank details. So have you ever wondered why we get these emails? In this session we will
understand about such types of cyber attack. Later we will also understand the famous attack
that happened on the nuclear program of Iran via a case study.
<Video1 placeholder>
Shashank is currently working as a Chief Information Security Officer at ECGC Ltd. He has over
10+ years of experience in the Cybersecurity domain. He has worked in various companies like
JIO, BSE India, Acko and others. He has a deep knowledge of various tools and technologies
used today.
An attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to
or make unauthorized use of an asset. There are a variety of cyber attacks but in this video we
will understand what are some most common attacks and how they are carried out. So let’s
here from our SME Shashank what are cyber attacks and some most common attacks.
<Video2 placeholder>
Out-of-Video Question
State whether the following statement is true or false.
Trojan-Spy software can keep an eye on how you are using your system.
a) True
b) False
Correct answer: a
Feedback for option a: Trojan-Spy software is the most silent observer software
that tracks your browsing data; they keep track of all the programs that you use.
Feedback for option b: This option is incorrect because Trojan-Spy software can
keep track of users activities.
<Video3 placeholder>
In-Video Question
What is Stuxnet?
a) Worm
b) Virus
c) Firewall
d) Antivirus software
Correct answer: a
Feedback for option a: It is a popular and powerful worm that came into
existence in mid-2010 and is accountable for causing huge damage to Iran’s
nuclear program.
Feedback for option b: This option is incorrect because a virus is a software or
computer program that connects itself to another software or computer program to
harm the computer system.
Feedback for option c: This option is incorrect because a firewall is a security
control for data packet monitoring.
Feedback for option d: This option is incorrect because an antivirus software is
designed to detect and destroy computer viruses.
Out-of-Video Question
Which of the following becomes evident in the Stuxnet attack?
Feedback for option a: This option is incorrect because this is not in the context
of the cyber hacking case study of Stuxnet.
Feedback for option b: SCADA systems are legacy-embedded systems with
no/the least internet connectivity. However, there exists multiple vulnerabilities in
those systems.
Feedback for option c: This option is incorrect because this is not in the context
of the cyber hacking case study of Stuxnet.
Feedback for option d: This option is incorrect because this is not in the context
of the cyber hacking case study of Stuxnet.
In the last segment we understood the stuxnet and why/how it was done. In this segment we
will learn about an open source community which produces freely-available articles,
methodologies, documentation, tools, and technologies in the field of web application security.
Also we will understand the top-10 attacks on web applications.
<Video4 placeholder>
Out-of-Video Question
Which of the following is in the OWASP Top 10 list?
Correct answer: d
Feedback for option a: This option is incorrect because this is a web language or
technology used to create web applications.
Feedback for option b: This option is incorrect because this is a web language or
technology used to create web applications.
Feedback for option c: This option is incorrect because this is a web language or
technology used to create web applications.
Feedback for option d: XSS is one of the OWASP Top 10 where hackers attack
the client-side functionality to execute malware scripts.
In this session we understood what are cyber attacks and the different types of attacks. Also we
understood the stuxnet attack happened on Iran's nuclear facilities. Later we understood the
OWASP framework. In the next session we will understand what cyber crimes are and some
laws to tackle these attacks.
In the last session we understood cyber attacks and some common attacks. Also we understood
the OWASP framework. In this session we will understand what cyber crimes are. By word
crime you might be thinking about the crime which is an illegal act for which someone can be
punished by the government or some higher authority but there is a difference between crime
and cybercrime. Let’s hear it from our SME Shashank what are crimes and laws.
<Video1 placeholder>
Shashank Bajpai
Shashank is currently working as a Chief Information Security Officer at ECGC Ltd. He has over
10+ years of experience in the Cybersecurity domain. He has worked in various companies like
JIO, BSE India, Acko and others. He has a deep knowledge of various tools and technologies
used today.
Like we have crime in the normal world we also have crime in the cyber field too. Cybercrime,
or computer-oriented crime, that use a computer as an instrument to committing fraud,
trafficking in child pornography and intellectual property, stealing identities, or violating
privacy. Let’s hear from our SME Shashank what is cybercrime and how it can be classified.
<Video2 placeholder>
Out-of-Video Question
Which of the following can be a source of cybercrime: Internal Attack?
Correct answer: b
Feedback for option a: This option is incorrect because this is a type of cyber
attack and can not be a source.
Feedback for option b: An employee is an internal user and can perform an
internal attack.
Feedback for option c: This option is incorrect because this is a type of cyber
attack and can not be a source.
Feedback for option d: This option is incorrect because this is a manipulation
technique that exploits human error to gain useful information.
In the last segment we understood the cyber crimes and the classification. We do have some
laws in the normal world to punish those who commit some illegal activities. So we do need
such laws in the field of computer or internet world. Let’s understand in this segment what are
the needs of cyber laws and what are the different laws which exist in this domain.
<Video2 placeholder>
Out-of-Video Question
Which of the following is a cyber law that India has in the Indian Legislature?
Correct answer: c
Feedback for option a: This option is incorrect because this is a US-based cyber
law and standard.
Feedback for option b: This option is incorrect because GDPR is the European
Union Law for Privacy.
Feedback for option c: The Indian Legislature brought India’s Information
Technology (IT) Act, 2000, which deals with different cybercrimes and their
associated laws.
Feedback for option d: This option is incorrect because this is a US-based cyber
law and standard.
In this session we understood the cyber crimes and what are the different laws which are made
to tie the people hand from committing the illegal activities in the cyber domain.
Session 9: Module summary
Segment 1: Summary
Platform Text
We have covered the introduction to almost all the aspects of cybersecurity. Let’s hear from our
SME Shashank what all we have covered in this module.
<Video1 placeholder>
You might have seen around you that nowadays everything is coming online. Some time back
people used to store everything on local computers and nowadays they don’t prefer to store
data on local machines as online cloud storages are providing the facilities of accessing data
from anywhere. Such facilities are giving more room for hackers to do illegal activities. It’s not
the only case there are many more things like that. With the increase of online facilities the
changes of hacking or fraud will increase. To tackle such things cybersecurity came in picture.
To understand the cybersecurity we have covered the below mentioned topics in this module.
1. Basics of the Internet : We understood what the internet is and how it works.
2. Basics of cybersecurity : We understood the need of it and then we got to know some
useful definitions
3. Terminologies and Challenges : We understood what are the things which makes this
field more challenging nowadays. Also understood the three principles of enterprise
security with the help of ATM case study.
4. Hacking: This whole cybersecurity is around hacking and hackers because if we do not
have these things then we don’t require cybersecurity. We understood the hacking,
what is this and why do people do it. We also understood what are the teams in
cybersecurity domain to tackle such situations
5. Security technologies and domain: Cybersecurity is a big domain, there are many people
and technologies working at different levels. Here we understood the 5 layers of
security and the positions available in this domain with the responsibilities of each
6. Cyber Attack: Nowadays we are seeing that someone/some company is getting attacked
or data got stolen. These are the activities which come under this. We understood what
cyber attacks are with some common/famous attacks.
7. Cyber crime & laws: Cyber crime and laws are the same as the normal crimes and laws
with one big difference that cybercrimes are done with the help of/in the field of
computer/network. We understood how cyber crimes are classified and what are the
laws to prevent crimes.
Overall we got to know about almost everything of this cybersecurity domain. In later modules
we will go deeper into these.
Graded Question
(MCQ)
Heading: Introduction to the Internet and Infrastructure
Which of the following is the best way to secure your router?
a. Change the default name and password of the router
b. Turn off the router’s remote management
c. Log out as the administrator once the router is set up
d. All of the above
Correct answer: d
Correct answer: a
Graded Question
(MCQ)
Heading: Terminologies and Challenges in Cyber Security
Graded Question
(MCQ)
Heading: Terminologies and Challenges in Cyber Security
Correct answer: b
Feedback for option a: This option is incorrect because active Threat Profiling is
an activity conducted by security administrators to keep monitoring known threats.
Feedback for option b: APT means advanced persistent threat, an attack in which
an unauthorized user gains access to a system or network and remains there for an
extended period of time without being detected
Feedback for option c: This option is incorrect because there is no such concept
as Advanced Penetration of Trust.
Feedback for option d: This option is incorrect because actual proof of
theory/concept is a mechanism of implementation of technology, not
cybersecurity.
Graded Question
(MCQ)
Heading: Introduction to Hackers and Types
Correct answer: b
Feedback for option a: This option is incorrect because threat is a danger that
may lead to a breach of cybersecurity and may cause possible harm to the system
or the network.
Feedback for option b: Vulnerability is used to define weakness in any network
or system that can get exploited by an attacker.
Feedback for option c: This option is incorrect because exploit is the successful
cyber breach of vulnerability by a hacker.
Feedback for option d: This option is incorrect because attack is the overall
scenario of hacking.
Graded Question
(MCQ)
Heading: Introduction to Hackers and Types
Correct answer: a
Feedback for option a: Criminal organisations, malware developers, Black hat
hackers and cyberterrorists can deploy any malware to any target system or
network in order to deface it.
Feedback for option b: This option is incorrect because white hat hackers help
firms in getting the loopholes fixed.
Feedback for option c: This option is incorrect because software developers help
in developing systems.
Feedback for option d: This option is incorrect because grey hat hackers and
penetration testers also hack the system but do not harm the network by deploying
any malware.
Graded Question
(MCQ)
Heading: Introduction to Security Technologies and Domains
Correct answer: c
Feedback for option a: This option is incorrect because Firewall is used in L1.
Feedback for option b: This option is incorrect because IPS is used in L0.
Feedback for option c: The Web Application Firewall belongs to the Application
Security layer which is layer 3 (L3) of security.
Feedback for option d: This option is incorrect because DB Encryption is used in
L4.
Graded Question
(MCQ)
Heading: Introduction to Cyber Attacks
Correct answer: d
Feedback for option a: This option is incorrect because eavesdropping is the act
of secretly or stealthily listening to private conversations or communications and
can be done wirelessly.
Feedback for option b: This option is incorrect because MAC Spoofing is a
technique for changing a factory-assigned MAC address of a network interface on
a networked device and can be done wirelessly.
Feedback for option c: This option is incorrect because this is a type of a network
security attack in which the attacker takes control of communication and can be
done wirelessly.
Feedback for option d: Wireless attacks are malicious activities conducted in
wireless systems, networks or devices. Phishing can be done wirelessly/remotely.
Graded Question
(MCQ)
Heading: Introduction to Cyber Crime & Laws
Correct answer: d
Feedback for option a: This option is incorrect because this task is done by
cybercriminals
Feedback for option b: This option is incorrect because this task is done by
cybercriminals
Feedback for option c: This option is incorrect because this task is done by
cybercriminals
Feedback for option d: Cybercriminals do not report any bug found in a system;
instead, they exploit it for their profit.
Graded Question
(MCQ)
Heading: Introduction to Cyber Crime & Laws
Correct answer: c