Uttar Pradesh Textile Technology Institute, Kanpur

B. Tech 2nd Year (3rd Sem)

Cyber Security (KNC301)

Unit 1
Introduction

Introduction to Information System

An information system can be defined as a set of interrelated components that collect,
manipulate, store data, distribute information to support decision making and provide a
feedback mechanism to monitor performance. It may also help the manager and workers to
analyse problems, visualize complex subject, and create new products. Software, Hardware,
information system users, computer system connections and information, and the system's
housing are all part of an Information System.

Components of Information System

The components that must be combined together in order to produce information
system are:

People: Peoples are the most essential part of the information system because without them
the system cannot be operated correctly.

Hardware: It is the part of a physical component of an information system which we can

touch. The information system hardware includes the computer, processors, monitors, printer,
keyboards, disk drives, iPads, flash drives, etc.

Software: It is a set of instruction that tells the hardware what to do. It can be used to
organize, process and analyse data in the information system.

Data: Data is a collection of facts. Information systems work with data. These data can be
aggregated, indexed, and organized into tables and files together to form a database. These
databases can become a powerful tool for every businesses information system.

Network: It includes internet, intranet, extranet to provide successful operations for all types
of organizations and computer-based information system.

Procedures: It specifies the policies that govern the operation of an information system. It
describes how specific method of data are processed and analysed to get the answers for
which the information system is designed.

Shashank Saxena (8090315900) Unit 1 - Information Security Page 1 of 14

Feedback: It is the component of an information system which defines that an IS may be
provided with feedback.

Types of Information system

The information systems can be categorized into four types. These are:

1. Executive Information Systems

It is a strategic-level information system which is found at the top of the Pyramid. Its primary
goal is to provide information gathered from both internal and external sources to the senior
executives and management to analyse the environment in which the organization operates,
and to plan appropriate courses of action for identifying the long-term trends. It can also be
used to monitor organization performance as well as to identify opportunities and problems.
EIS is designed in such a way that it can be operated directly by executives without the need
for intermediaries.

The role of Executive Information Systems are:

• It is concerned for ease of use.

• It supports unstructured decisions.
• It concerned with predicting the future.
• It is highly flexible.
• It is effective.
• It uses both internal and external data sources.
• It is used only at the higher levels of authority.

Shashank Saxena (8090315900) Unit 1 - Information Security Page 2 of 14

2. Decision Support Systems
A DSS or Decision Support System is a computer application program used by senior
managers to analyse the business data and presents it in that form in which the users can
make business decisions more easily. These systems are usually interactive and can be used
to solve ill-structured problems in an organization. It helps in exchanging the information
within the organization.

The role of Decision Support System are:

• It supports ill-structured or semi-structured decisions.

• It is used by senior managerial levels.
• It has analytical and/or modeling capacity.
• It is concerned with predicting the future.

3. Management Information Systems

MIS or Management Information System is the use of information technology, people, and
business processes to record, store, manipulate, and process data to produce meaningful
information. These information helps decision makers to make day to day decisions correctly
and accurately. It is used to make a tactical decision (middle-term decision) to ensure the
smooth running of an organization. It also helps to evaluate the organization's performance
by comparing previous outputs with current output.

The role of Management Information System are:

• It is based on internal information flows.

• It supports relatively structured decisions.
• It is inflexible and has a little analytical capacity.
• It is used by lower and middle managerial levels.
• It deals with the past and presents rather than the future.

4. Transaction Processing Systems

TPS or transaction processing system is a type of information processing system for business
transactions that involve the collection, storage, modification and retrieval of all data
transaction of an enterprise. The characteristics of a Transaction Processing System includes
reliability, performance, and consistency. A TPS is also known as real-time processing.

The role of Transaction Processing System are:

• It produces the information for other systems.

• It is used by operational personnel plus supervisory levels.
• It is efficiency oriented.

Development of Information System

An Information System Development is a set of activities, methods, best practices,
deliverables and automated tools that every organization use to develop and continuously
improve information systems and its related software.

There are four steps which can be used to develop an information system. These are:
Shashank Saxena (8090315900) Unit 1 - Information Security Page 3 of 14
1. Define and understand the problems

The purpose of the first step is to find the scope of the problem and determine solutions. This
phase also includes and considered resources, time, cost, and other items for the requirements
of the information system.

2. Develop an alternative solution

The purpose of these steps is to find a path to the solution determined by system analysis. In
this phase some solution requires modification in the existing system, some solution does not
require an information system, and some solution requires a new system.

3. Evaluate and choose the best solution

The purpose of the third step is to evaluate the feasibility issues related to financial, technical,
and organizational. It measures the time and cost to design an information system. It
evaluates the business value of a system and finds the best solution for developing an
information system.

4. Implement the solution

The purpose of the last step is to create the detailed design specification for an information
system. This phase provides complete implementations for-

• Hardware selection and acquisition

• Software development and programming
• Testing such as Unit, System, Acceptance testing
• Training and documentation (Online practice, step-by-step instruction)
• Conversion, i.e., Changing from Old to New System
• Production & maintenance (Review, Objectives, Modification)

Information Security
Information Security is not only about securing information from unauthorized access.
Information Security is basically the practice of preventing unauthorized access, use,
disclosure, disruption, modification, inspection, recording or destruction of information.
Information can be physical or electronic one. Information can be anything like your details
or we can say your profile on social media, your data in mobile phone, your biometrics etc.
Thus Information Security spans so many research areas like Cryptography, Mobile
Computing, Cyber Forensics, Online Social Media etc.

During First World War, Multi-tier Classification System was developed keeping in mind
sensitivity of information. With the beginning of Second World War formal alignment of
Classification System was done. Alan Turing was the one who successfully decrypted
Enigma Machine which was used by Germans to encrypt warfare data.

Information Security programs are build around 3 objectives, commonly known as CIA
– Confidentiality, Integrity, Availability.

1. Confidentiality – means information is not disclosed to unauthorized individuals,

entities and process. For example if we say I have a password for my Gmail account
but someone saw while I was doing a login into Gmail account. In that case my
password has been compromised and Confidentiality has been breached.

Shashank Saxena (8090315900) Unit 1 - Information Security Page 4 of 14

 2. Integrity – means maintaining accuracy and completeness of data. This means data
cannot be edited in an unauthorized way. For example if an employee leaves an
organisation then in that case data for that employee in all departments like accounts,
should be updated to reflect status to JOB LEFT so that data is complete and accurate
and in addition to this only authorized person should be allowed to edit employee
data.
3. Availability – means information must be available when needed. For example if one
needs to access information of a particular employee to check whether employee has
outstanded the number of leaves, in that case it requires collaboration from different
organizational teams like network operations, development operations, incident
response and policy/change management. Denial of service attack is one of the factor
that can hamper the availability of information.

Apart from this there is one more principle that governs information security programs. This
is Non repudiation.

• Non repudiation – means one party cannot deny receiving a message or a transaction
nor can the other party deny sending a message or a transaction. For example in
cryptography it is sufficient to show that message matches the digital signature signed
with sender’s private key and that sender could have a sent a message and nobody
else could have altered it in transit. Data Integrity and Authenticity are pre-requisites
for Non repudiation.
• Authenticity – means verifying that users are who they say they are and that each
input arriving at destination is from a trusted source. This principle if followed
guarantees the valid and genuine message received from a trusted source through a
valid transmission. For example if take above example sender sends the message
along with digital signature which was generated using the hash value of message and
private key. Now at the receiver side this digital signature is decrypted using the
public key generating a hash value and message is again hashed to generate the hash
value. If the 2 value matches then it is known as valid transmission with the authentic
or we say genuine message received at the recipient side
• Accountability – means that it should be possible to trace actions of an entity
uniquely to that entity. For example as we discussed in Integrity section not every
employee should be allowed to do changes in other employee’s data. For this there is
a separate department in an organization that is responsible for making such changes
and when they receive request for a change then that letter must be signed by higher
authority for example Director of college and person that is allotted that change will
be able to do change after verifying his bio metrics, thus timestamp with the user
(doing changes) details get recorded. Thus we can say if a change goes like this then it
will be possible to trace the actions uniquely to an entity.

At the core of Information Security is Information Assurance, which means the act of
maintaining CIA of information, ensuring that information is not compromised in any way
when critical issues arise. These issues are not limited to natural disasters, computer/server
malfunctions etc.

Thus, the field of information security has grown and evolved significantly in recent years. It
offers many areas for specialization, including securing networks and allied infrastructure,
securing applications and databases, security testing, information systems auditing, business
continuity planning etc.

Shashank Saxena (8090315900) Unit 1 - Information Security Page 5 of 14

Need of Information Security
Information system means to consider available countermeasures or controls stimulated
through uncovered vulnerabilities and identify an area where more work is needed. The
purpose of data security management is to make sure business continuity and scale back
business injury by preventing and minimizing the impact of security incidents. The basic
principle of Information Security is:

• Confidentially
• Authentication
• Non-Repudiation
• Integrity

The need for Information security:

1. Protecting the functionality of the organization:

The decision maker in organizations must set policy and operates their organization in
compliance with the complex, shifting legislation, efficient and capable applications.

2. Enabling the safe operation of applications:

The organization is under immense pressure to acquire and operates integrated,

efficient and capable applications. The modern organization needs to create an
environment that safeguards application using the organizations IT systems,
particularly those application that serves as important elements of the infrastructure of
the organization.

3. Protecting the data that the organization collect and use:

Data in the organization can be in two forms are either in rest or in motion, the motion
of data signifies that data is currently used or processed by the system. The values of
the data motivated the attackers to seal or corrupt the data. This is essential for the
integrity and the values of the organization’s data. Information security ensures the
protection of both data in motion as well as data in rest.

4. Safeguarding technology assets in organizations:

The organization must add intrastate services based on the size and scope of the
organization. Organizational growth could lead to the need for public key
infrastructure, PKI an integrated system of the software, encryption methodologies.
The information security mechanism used by large organizations is complex in
comparison to a small organization. The small organization generally prefers
symmetric key encryption of data.

Threats to Information Security

Information Security threats can be many like Software attacks, theft of intellectual property,
identity theft, theft of equipment or information, sabotage, and information extortion.

Shashank Saxena (8090315900) Unit 1 - Information Security Page 6 of 14

Threat can be anything that can take advantage of a vulnerability to breach security and
negatively alter, erase, harm object or objects of interest.

Software attacks means attack by Viruses, Worms, Trojan Horses etc. Many users believe
that malware, virus, worms, bots are all same things. But they are not same, only similarity is
that they all are malicious software that behaves differently.

Malware is a combination of 2 terms- Malicious and Software. So Malware basically

means malicious software that can be an intrusive program code or anything that is designed
to perform malicious operations on system. Malware can be divided in 2 categories:

1. Infection Methods
2. Malware Actions

Malware on the basis of Infection Method are following:

1. Virus – They have the ability to replicate themselves by hooking them to the program
on the host computer like songs, videos etc and then they travel all over the Internet.
The Creeper Virus was first detected on ARPANET. Examples include File Virus,
Macro Virus, Boot Sector Virus, Stealth Virus etc.
2. Worms – Worms are also self-replicating in nature but they don’t hook themselves to
the program on host computer. Biggest difference between virus and worms is that
worms are network-aware. They can easily travel from one computer to another if
network is available and on the target machine they will not do much harm, they will,
for example, consume hard disk space thus slowing down the computer.
3. Trojan – The Concept of Trojan is completely different from the viruses and worms.
The name Trojan is derived from the ‘Trojan Horse’ tale in Greek mythology, which
explains how the Greeks were able to enter the fortified city of Troy by hiding their
soldiers in a big wooden horse given to the Trojans as a gift. The Trojans were very
fond of horses and trusted the gift blindly. In the night, the soldiers emerged and
attacked the city from the inside.
Their purpose is to conceal themselves inside the software that seem legitimate and
when that software is executed they will do their task of either stealing information or
any other purpose for which they are designed.
They often provide backdoor gateway for malicious programs or malevolent users to
enter your system and steal your valuable data without your knowledge and
permission. Examples include FTP Trojans, Proxy Trojans, Remote Access Trojans
etc.
4. Bots –: can be seen as advanced form of worms. They are automated processes that
are designed to interact over the internet without the need for human interaction. They
can be good or bad. Malicious bot can infect one host and after infecting will create
connection to the central server which will provide commands to all infected hosts
attached to that network called Botnet.

Malware on the basis of Actions:

1. Adware – Adware is not exactly malicious but they do breach privacy of the users.
They display ads on a computer’s desktop or inside individual programs. They come
attached with free-to-use software, thus main source of revenue for such developers.
They monitor your interests and display relevant ads. An attacker can embed
malicious code inside the software and adware can monitor your system activities and
can even compromise your machine.
Shashank Saxena (8090315900) Unit 1 - Information Security Page 7 of 14
 2. Spyware – It is a program or we can say software that monitors your activities on
computer and reveal collected information to an interested party. Spyware are
generally dropped by Trojans, viruses or worms. Once dropped they install
themselves and sits silently to avoid detection.
One of the most common example of spyware is KEYLOGGER. The basic job of
keylogger is to record user keystrokes with timestamp. Thus capturing interesting
information like username, passwords, credit card details etc.
3. Ransomware – It is type of malware that will either encrypt your files or will lock
your computer making it inaccessible either partially or wholly. Then a screen will be
displayed asking for money i.e. ransom in exchange.
4. Scareware – It masquerades as a tool to help fix your system but when the software is
executed it will infect your system or completely destroy it. The software will display
a message to frighten you and force to take some action like pay them to fix your
system.
5. Rootkits – are designed to gain root access or we can say administrative privileges in
the user system. Once gained the root access, the exploiter can do anything from
stealing private files to private data.
6. Zombies – They work similar to Spyware. Infection mechanism is same but they
don’t spy and steal information rather they wait for the command from hackers.

• Theft of intellectual property means violation of intellectual property rights like

copyrights, patents etc.
• Identity theft means to act someone else to obtain person’s personal information or
to access vital information they have like accessing the computer or social media
account of a person by login into the account by using their login credentials.
• Theft of equipment and information is increasing these days due to the mobile
nature of devices and increasing information capacity.
• Sabotage means destroying company’s website to cause loss of confidence on part of
its customer.
• Information extortion means theft of company’s property or information to receive
payment in exchange. For example ransomware may lock victims file making them
inaccessible thus forcing victim to make payment in exchange. Only after payment
victim’s files will be unlocked.

These are the old generation attacks that continue these days also with advancement every
year. Apart from these there are many other threats. Below is the brief description of these
new generation threats.

• Technology with weak security – With the advancement in technology, with every
passing day a new gadget is being released in the market. But very few are fully
secured and follow Information Security principles. Since the market is very
competitive Security factor is compromised to make device more up to date. This
leads to theft of data/ information from the devices
• Social media attacks – in these cyber criminals identify and infect a cluster of
websites that persons of a particular organization visit, to steal information.
• Mobile Malware –There is a saying when there is connectivity to Internet there will
be danger to Security. Same goes for Mobile phones where gaming applications are
designed to lure customer to download the game and unintentionally they will install
malware or virus on the device.
Shashank Saxena (8090315900) Unit 1 - Information Security Page 8 of 14
 • Outdated Security Software – With new threats emerging everyday, updation in
security software is a prerequisite to have a fully secured environment.
• Corporate data on personal devices – These days every organization follows a rule
BYOD. BYOD means Bring your own device like Laptops, Tablets to the
workplace. Clearly BYOD pose a serious threat to security of data but due to
productivity issues organizations are arguing to adopt this.
• Social Engineering – is the art of manipulating people so that they give up their
confidential information like bank account details, password etc. These criminals can
trick you into giving your private and confidential information or they will gain your
trust to get access to your computer to install a malicious software- that will give them
control of your computer. For example email or message from your friend, that was
probably not sent by your friend. Criminal can access your friends device and then by
accessing the contact list, he can send infected email and message to all contacts.
Since the message/ email is from a known person recipient will definitely check the
link or attachment in the message, thus unintentionally infecting the computer.

Information Assurance Model in Cyber

Security
Information Assurance concerns implementation of methods that focused on protecting and
safeguarding critical information and relevant information systems by assuring
confidentiality, integrity, availability, and non-repudiation. It is strategic approach focused
which focuses more on deployment of policies rather than building infrastructures.

Information Assurance Model :

The security model is multidimensional model based on four dimensions:

1. Information States – Information is referred to as interpretation of data which can be

found in three states stored, processed, or transmitted.
2. Security Services – It is fundamental pillar of the model which provides security to
system and consists of five services namely availability, integrity, confidentiality,
authentication, and non-repudiation.
3. Security Counter measures – This dimension has functionalities to save
system from immediate vulnerability by accounting for technology, policy & practice,
and people.
4. Time – This dimension can be viewed in many ways. At any given time data may be
available offline or online, information and system might be in flux thus, introducing
risk of unauthorized access. Therefore, in every phase of System Development
Cycle, every aspect of Information Assurance model must be well defined and well
implemented in order to minimize risk of unauthorized access.

Cyber Security and Cyber Crimes

Shashank Saxena (8090315900) Unit 1 - Information Security Page 9 of 14

We live in a digital world where cyber security and cyber crimes are buzzwords. Everyone
using the cyberspace should consider cyber security as a vital part of a well- ordered and
well- preserved digital world.

1. Cyber Security: Cyber security also known as “Information Technology

Security” or “Computer Security” means safeguarding information, equipment,
devices, computer, computer resources, communication devices and information
stored therein from unauthorized access, use, disclosure, disruption, modification or
revelation; according to IT Act, 2000.

Cyber security can also be defined as a set of principles and practices that keeps us safe from
hackers, cyber criminals and other agents of fraud. It primarily focuses on people, processes
and technologies which aid in reduction of vulnerability, online threats, deterrence, online
frauds and attacks.

Cyber security is directly related to Cyber crimes. How?

More the number of Cyber crimes taking place lesser will be the cyber security. This can also
be asserted as: “As the number of cyber security breaches increases, cyber security of the
users keeps on decreasing.” Consequently when cyber attacks increases, apprehension of
various organizations and companies grows, especially those dealing with the sensitive
information.

2. Cyber crime : Cyber crimes are also referred as computer-oriented crimes as

they involve computer and network over the cyberspace. Any criminal activity done
using computer (or other similar devices like tablet, mobile phones etc.) and internet
is entitled as a cyber crime.

In other words, cyber crime is any unlawful act where the computer devices and internet is
used either as a tool or target or both.

Need of cyber security:

Today in the epoch of technology, all aspects of a life including professional, personal,
finance & educational are gravitating towards digitalization. Because of this heavy
dependency on computers (and other similar computing devices) and networks, we store and
transmit profuse data on regular basis. A portion of this data can be private and sensitive
which has to be kept in such a way that it’s privacy, confidentiality and integrity shouldn’t
get altered. But many users fail to maintain this privacy while following the path of
digitalization. A lot of users forget to take the notice of an important aspect of cyberspace
known as cyber security, which makes them more vulnerable than ever to malicious attacks,
invasions of privacy, fraud and other unpleasantries.

How Cyber Security looks like?

Large number of cyber security attacks like Denial of Services (DoS), Man-in-the-Middle
(MitM) Attack, phishing attacks, malware attacks, password attacks, SQL injection
attacks, banking and digital payment frauds, social media crimes etc. are taking place in this
era of digitalization. This escalating list of cyber security threats/attacks themselves affirm
the significance of cyber security. But fortunately there some are practices which users can
embrace to safeguard themselves in the online world.

Following are the practices which should be kept in mind to reduce the likelihood of having a
cyber crime at your hand.

Shashank Saxena (8090315900) Unit 1 - Information Security Page 10 of 14

 • Two-Factor Authentication –

Two-factor authentication (2FA) can save you from hackers and it is a best way to
protect your online accounts. It adds an extra layer of security to the authentication
process as it adds a second step in your usual log-in process. Hence, it becomes
difficult for the attacker to gain access to a person’s device or online accounts because
knowing the victim’s password alone is not enough to pass the authentication check.

• Safely use Bluetooth and GPS –

Hackers can penetrate in your system by using GPS or Bluetooth of your device. They
can be used by hackers to get access of your device and exploit it. If your GPS is on,
hackers can track your exact location, so turn it off when not in use.

• Avoid Suspicious Emails and Texts –

If you aren’t able to recognize the email address or the phone number of the sender,
don’t open it, don’t reply. It may be an attempt to a phishing scam or identity theft
attack. If you open any suspicious link in your device it can lead to a ransomware
attack or data theft. So avoid opening such suspicious links.

• Use a good quality Antivirus Software –

Antivirus safeguards your device against malware and cyber criminals. It searches for
pre-identified threats and if any suspicious behavior if found, antivirus flags it.

• Don’t Lose Track of your Devices –

Easiest way for the hackers to get into your device is to physically grab it and
access/tamper your data. To avoid this always keep an eye on your devices and
protect them using strong passwords. Also if you lost it, don’t forget to report
immediately.

• Keep Yourself Updated –

Keeps yourself updated about what is going on in the field of cyber security and what
type of cyber crimes are taking place because there are new cyber crimes taking place
every other day. The more you keep yourself updated about cyber crimes and more
you know about the advancements in the field of cyber security, the better you can
protect yourself in cyberspace.

Are you a victim of any Cyber Crime?

If you’ve ever faced any cyber crime you can immediately report it to
https://cybercrime.gov.in/. Here you can report cyber crime against children and women both
anonymously and with your identity. You can also report other crimes.

Cyber Security Risk Analysis

Risk analysis refers to the review of risks associated with the particular action or event. The
risk analysis is applied to information technology, projects, security issues and any other
Shashank Saxena (8090315900) Unit 1 - Information Security Page 11 of 14
event where risks may be analysed based on a quantitative and qualitative basis. Risks are
part of every IT project and business organizations. The analysis of risk should be occurred
on a regular basis and be updated to identify new potential threats. The strategic risk analysis
helps to minimize the future risk probability and damage.

Enterprise and organization used risk analysis:

• To anticipates and reduce the effect of harmful results occurred from adverse events.
• To plan for technology or equipment failure or loss from adverse events, both natural
and human-caused.
• To evaluate whether the potential risks of a project are balanced in the decision
process when evaluating to move forward with the project.
• To identify the impact of and prepare for changes in the enterprise environment.

Benefits of risk analysis

Every organization needs to understand about the risks associated with their information
systems to effectively and efficiently protect their IT assets. Risk analysis can help an
organization to improve their security in many ways. These are:

• Concerning financial and organizational impacts, it identifies, rate and compares the
overall impact of risks related to the organization.
• It helps to identify gaps in information security and determine the next steps to
eliminate the risks of security.
• It can also enhance the communication and decision-making processes related to
information security.
• It improves security policies and procedures as well as develop cost-effective methods
for implementing information security policies and procedures.
• It increases employee awareness about risks and security measures during the risk
analysis process and understands the financial impacts of potential security risks.

Steps in the risk analysis process

The basic steps followed by a risk analysis process are:

Conduct a risk assessment survey:

Getting the input from management and department heads is critical to the risk assessment
process. The risk assessment survey refers to begin documenting the specific risks or threats
within each department.

Identify the risks:

This step is used to evaluate an IT system or other aspects of an organization to identify the
risk related to software, hardware, data, and IT employees. It identifies the possible adverse
events that could occur in an organization such as human error, flooding, fire, or earthquakes.

Analyse the risks:

Once the risks are evaluated and identified, the risk analysis process should analyse each risk
that will occur, as well as determine the consequences linked with each risk. It also
determines how they might affect the objectives of an IT project.

Shashank Saxena (8090315900) Unit 1 - Information Security Page 12 of 14

Develop a risk management plan:

After analysis of the Risk that provides an idea about which assets are valuable and which
threats will probably affect the IT assets negatively, we would develop a plan for risk
management to produce control recommendations that can be used to mitigate, transfer,
accept or avoid the risk.

Implement the risk management plan:

The primary goal of this step is to implement the measures to remove or reduce the analyses
risks. We can remove or reduce the risk from starting with the highest priority and resolve or
at least mitigate each risk so that it is no longer a threat.

Monitor the risks:

This step is responsible for monitoring the security risk on a regular basis for identifying,
treating and managing risks that should be an essential part of any risk analysis process.

Qualitative Risk Analysis

• The qualitative risk analysis process is a project management technique that
prioritizes risk on the project by assigning the probability and impact number.
Probability is something a risk event will occur whereas impact is the significance of
the consequences of a risk event.
• The objective of qualitative risk analysis is to assess and evaluate the characteristics
of individually identified risk and then prioritize them based on the agreed-upon
characteristics.
• The assessing individual risk evaluates the probability that each risk will occur and
effect on the project objectives. The categorizing risks will help in filtering them out.
• Qualitative analysis is used to determine the risk exposure of the project by
multiplying the probability and impact.

Quantitative Risk Analysis

• The objectives of performing quantitative risk analysis process provide a numerical
estimate of the overall effect of risk on the project objectives.
• It is used to evaluate the likelihood of success in achieving the project objectives and
to estimate contingency reserve, usually applicable for time and cost.
• Quantitative analysis is not mandatory, especially for smaller projects. Quantitative
risk analysis helps in calculating estimates of overall project risk which is the main
focus.

Shashank Saxena (8090315900) Unit 1 - Information Security Page 13 of 14

 Difference between Cyber Security and
Information Security
The terms Cyber Security and Information Security are often used interchangeably. As
they both are responsible for security and protecting the computer system from threats and
information breaches and often Cyber security and information security are so closely linked
that they may seem synonymous and unfortunately, they are used synonymously.

If we talk about data security it’s all about securing the data from malicious user and threats.
Now another question is that what is the difference between Data and Information? So one
important point is that “not every data can be an information” data can be informed if it is
interpreted in a context and given meaning. For example “100798” is data and if we know
that it’s the date of birth of a person then it is information because it has some meaning. So
information means data which has some meaning.

Cyber Security Information Security

It is all about protecting information from unauthorized

It is the practice of protecting the data from outside
user, access and data modification or removal in order to
the resource on the internet.
provide confidentiality, integrity, and availability.

It is about the ability to protect the use of

It deals with protection of data from any form of threat.
cyberspace from cyber attacks.

Cyber Security to protect anything in the cyber Information Security is for information irrespective of the
realm. realm.

Cyber Security deals with danger against Information Security deals with the protection of data from
cyberspace. any form of threat.

Cyber Security strikes against Cyber crimes, cyber Information Security strives against unauthorised access,
frauds and law enforcement. disclosure modification and disruption.

On the other hand cyber security professionals with Information Security professionals is the foundation of data
cyber security deals with advanced persistent security and security professionals associated with it
threat. prioritize resources first before dealing with threats.

It deals with threats that may or may not exist in

It deals with information Assets and integrity confidentiality
the cyber realm such as a protecting your social
and availability.
media account, personal information, etc.

https://www.geeksforgeeks.org/need-of-information-security/?ref=lbp

Shashank Saxena (8090315900) Unit 1 - Information Security Page 14 of 14