Unit1 CyberSecurity Shared

Noida Institute of Engineering and Technology, Greater Noida Contents/Topics Covered
Introduction to • Information System
Cyber Security •
•
Information security
Information assurance
• Cyber security
Unit: 1 • Security risk analysis
Subject
Cyber Security Devanshu Dube
(AMCANC 0201) MCA
Course Details
MCA – 2nd Semester
20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 2
Topic Contents/Topics Covered
• Information System (IS)

Information System • Need of IS
• Types of IS
• Development of IS
Topic Objective
 To understand the basics of Information System with

its type and need.
1
INFORMATION SYSTEM(CO1) INFORMATION SYSTEM(CO1)
What is Cyber Security What is Cyber Security
• Cybernetics : • Cyber security is the practice of defending computers,
servers, mobile devices, electronic systems, networks, and
• is a transdisciplinary approach for exploring regulatory data from malicious attacks. It's also known as information
systems, their structures, constraints, and possibilities. technology security or electronic information security.
• refers to “the study of mechanical and electronic systems
designed to replace human systems.” • It is the practice of defending information from unauthorized
access, use, disclosure, disruption, modification, perusal
• Cyber inspection, recording or destruction.
is a prefix that denotes a relationship with information
technology (IT). Anything relating to computing, such as the • In computer security a threat is a possible danger that might
exploit a vulnerability to breach security and thus cause
internet, falls under the cyber category.
possible harm.
20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 5 20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 6
What is Information System Information System Resources

• Information System is made up of two terms, namely, People
Information and System.
• Information - Well-structured data with a specific

meaning
Data Network
Information
• System - an arrangement that takes input and provides Systems
output after completing the required process.
Hardware Software
“An arrangement that processes data and provides
meaningful information.”
2
Information System Resources Information System Activities

• An Information System is a set of people, procedures and resources Information System activities:-
that collect, transform, and disseminates information in an
Organization.
1) Input of data Resources : Capture both internal data and external
• Information System Resources: An information system is depend
on following resources: data of the organization and its environment
1) People(End user and Specialist) 2) Processing of data into information : Eg. Calculating, classifying,
2) Hardware( Machines and Media) summarizing
3) Software( Programs and Procedures) 3) Output of Information product : Communicating the processed
4) Data(data and knowledge base) information to the end users. The output of the Information
systems varies on its type
5) Network (communication media and network support)
4) Storage of data resources : Stores the data base items over an
extensive period of time
• An information system (IS) is an organized system for collecting,
organizing, storing and communicating with the information 5) Control of system resources : Based on the user’s need
specifications are deployed

Components of Information System Types of IS
Based on Based on functional Based on Decision

Organizational Level Areas of Management Making Conditions
Strategic IS Marketing IS TPS
Transaction Processing System
Tactical IS Finance IS EIS/ESS

Executive Support System
Knowledge IS Production IS MIS
Operational IS HRM IS DSS
OAS
Office Automation Systems
3
Classification of IS
1. Operations support systems process data generated by
Information Systems
business operations
Based on decision Making
Major categories are:-
i) Transaction processing systems
Operations Management
Support Support ii) Process control systems
System System iii) Office automation systems
Transaction Process Office Management Decision Executive

processing control automation information support information
systems systems systems systems systems systems

1. Operations Support System:-
2. Management Support Systems provide information i) Transaction processing systems
and support needed for effective decision making by • Process business exchanges
managers
• Maintain records about the exchanges
Major categories are:- • Handle routine, critical tasks
i) Management Information System • Perform simple calculations

Processing a transaction can be done in two ways
ii) Decision Support Systems
Batch Processing
iii) Executive Information System Online or Real-time processing.
Batch Processing - transactions are stored over a period of time and then
processed.
Real-Time Processing – transactions are processed during their
occurrences. For example, at retail stores, the cash receipts or card
payments are registered and processed simultaneously.
4
1. Operations Support System (contd..):-
2. Management support systems provide information and
support needed for effective decision making by managers
ii) Process control systems monitor and control physical/industrial
processes. Major categories are:-
Example- i) Management information systems (MIS) : It generates
 Making day-to-day decisions information for monitoring performance and maintaining
 Controlling operational processes. coordination.
This system automates the adjustment of a production process.
 Routine information for routine decisions
iii) Office automation systems automate office procedures and enhance  Operational efficiency
office communications and productivity. An office automation system  Use transaction data as main input
is a network of various tools, technologies, and people required to
conduct clerical and managerial tasks.  Databases integrate MIS in different functional areas
Example- Example- Production manager can check the report of cost and time of
Mail production.
Video Conferencing
ii) Decision Support System (DSS): 3. Knowledge Based Systems:

Provides information to users in different business areas when
Supports managerial decision making. required.
 Interactive support for non-routine decisions or problems
 End-users are more involved in creating a DSS than an MIS Expert system: Provides adequate knowledge and expert advice for
making various managerial decisions.
Expert System = knowledge base + software modules
Example -Sales manager can set sales targets for the coming year by
considering the existing market conditions. Knowledge Management System (KMS): For sharing knowledge, KMS
uses a group of collaboration systems, such as the Intranet. Provides
two types of knowledge-
iii) Executive information systems (EIS) or Executive Support i. Explicit knowledge - Information that is documented, stored,
System(ESS) : and coded with the help of an IS.
ii. Tacit knowledge - Information based on processes and
 Provides critical information to the executive and top-level
procedures stored in the human mind.
managers for making strategic decisions.
5
Summary of Information Systems
Other categories of Information Systems :
a) End user computing systems
b) Business information systems
d) Strategic information systems
a) End user computing systems support the direct, hands on use of

computers by end users for operational and managerial applications
b) Business information systems support the operational and
managerial applications of the basic business functions of a firm
c) Strategic information systems provide a firm with strategic products,
services, and capabilities for competitive advantage

INFORMATION SYSTEM(CO1) Development of IS (CO1)

Information Systems Development Development of IS, similar to the application development procedure.
• Information security must be managed in a manner similar to any other major
system implemented in the organization
• Using a methodology
 ensures a rigorous process
 avoids missing steps
• The goal is creating a comprehensive security posture/program
The main approaches are listed as follows:
1. Waterfall model
2. Prototyping model
3. Evolutionary model
4. Spiral model
5. Incremental model
6
Development of IS (CO1) Development of IS (CO1)
Waterfall model: Waterfall Model: Stages of Waterfall Model
This method is also called linear sequential model.
• Feasibility check: Technical and financial feasibility check about
Feasibility Check system development.
• Requirement and specifications: Gathering knowledge about the
Requirement Enquiry required system and developing the specifications needed.
• Design: Converting the requirements and specifications into a
Design system model.
• Coding: Coding is the process of designing a bridge between the
understanding of the user and the system. This is also called
Coding
programming.
• Testing: Ensuring that the system performance is according to the
Testing user requirements. This is done after a system is set for use.
• Maintenance: Changes in the system after testing or use to correct
Maintenance the shortcomings or further requirements.

Waterfall Model: Drawbacks of Waterfall Model Prototyping Model :
• It approaches feasibility analysis before requirement analysis, • The prototype may be a usable program but is not suitable as
which is not practical. the final software product.
• It tests the system after implementing and designing; • The code for the prototype is thrown away. However
therefore, any change required after testing can be hard to be experience gathered helps in developing the actual system.
introduced.
• The development of a prototype might involve extra cost, but
• Any feedback to the previous process has not been overall cost might turnout to be lower than that of an
approached. equivalent system developed using the waterfall model.
7
Prototyping Model :
Changed Evolutionary Model :
Rapid Prototype Requirements
• Evolutionary model approaches to improve the classic
waterfall model by providing scope of feedback and
Analysis improvement at every stage of the system development.
• Therefore, every stage should be taken as a separate

Design
evolutionary phase.
• This model is useful for complex projects where all

Implementation
Development functionality must be delivered at one time, but the
Maintenance requirements are unstable or not well understood at the
Post delivery beginning.
maintenance
Retirement

Evolutionary Model : Spiral Model:
• It is a combination of the features of the waterfall and
prototype models.
• This idea was given by Boehm.
Source: software engineering k k aggarwal

Source: software engineering k k aggarwal
8
Spiral Model : Stages of Spiral Model Incremental Model
• User/client communication: Interaction with the client or users of • Incremental model approaches system development through
the system to identify the requirements and specifications in the
system various incremental steps, where every step tries to add more
functions in the system development process.
• System planning: Planning the system to be developed and
preparing a rough draft and schedule of the development process
• Each step of system development is a separate group of
• Risk analysis: Identifying the problems in the plan and developing
solutions to check them activities.
• Engineering: Involves system hardware and software design,
coding and testing the system • This model can also be called Continuous Improvement
Model.
• Construction and finalization: Involves system building and
testing to release it for use
• System evaluation: Evaluation by user or client to use the system.
Note- All these phases are repeated in the process of system
development until users approve the system.
Development of IS (CO1) Introduction to Information Security (CO1)

Incremental Model
• Information security refers to the protection of information.
• It is the process of securing, protecting, and safeguarding the
information from an unauthorized access, use, and
modification.
• Information is an important part of an organization or a
business that requires more attention to preserve its integrity,
privacy, and availability.
Goals of information security -

1. Confidentiality
2. Integrity
3. Availability
Source: software engineering k k aggarwal Source: Swayam

9
INFORMATION SYSTEM(CO1) Faculty Video Links, Youtube & NPTEL
Video Links and Online Courses Details
IS as Discipline
IS is an interdisciplinary field influenced by Computer Science,
• Youtube/other Video Links:
Political Science, Psychology, Operations Research, Linguistics,
Sociology, and Organizational Theory. ₋ https://www.youtube.com/watch?v=Y3zoHFdzQbs
₋ https://www.youtube.com/watch?v=cILODMGbtbk
Noida Institute of Engineering and Content

Technology, Greater Noida
• Introduction to information security
• Need for Information security
• Threats to Information Systems
INFORMATION SECURITY
CO1
10
Information Security(CO1) INTRODUCTION TO INFORMATION
SECURITY(CO1)
In today’s Session you will be aware of INFORMATION SECURITY
 The quality or state of being secure to be free from danger
• Information Security
 Security is achieved using several strategies
• Need and Importance of Information Security
• Threats, Types and Impact  Security is achieved using several strategies simultaneously or
used in combination with one another
• Vulnerability and Risk
 Security is recognized as essential to protect vital processes and
the systems that provide those processes
 Security is not something you buy, it is something you do
WHAT IS INFORMATION SECURITY(CO1) INTRODUCTION TO INFORMATION

SECURITY(CO1)
 The architecture where an integrated combination of

appliances, systems and solutions, software, alarms, and PEOPLE
vulnerability scans working together
 Monitored 24x7 PROCESSES
 Having People, Processes, Technology, policies, procedures,
 Security is for PPT and not only for appliances or devices TECHNOLOGY
Devanshu Dube AMCANC0201 CYBER

20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 43 20 April 2022 44
SECURITY UNIT 1
11
INTRODUCTION TO INFORMATION INTRODUCTION TO INFORMATION
SECURITY(CO1) SECURITY(CO1)
People “Who we are” Process “what we do”
People who use or interact with the Information The processes refer to "work practices" or workflow.
P include: P Processes are the repeatable steps to accomplish business
objectives. Typical process in our IT Infrastructure could
E  Share Holders / Owners R include:
O  Management  Helpdesk / Service management
O
 Employees 
P C
Incident Reporting and Management
 Business Partners  Change Requests process
L  Service providers E  Request fulfillment
E  Contractors S  Access management
 Customers / Clients  Identity management
S
 Regulators etc…  Service Level / Third-party Services Management
 IT procurement process etc...

T Technology “what we use to improve what we do” Technology “what we use to improve what we do”
Application software:
E  Finance and assets systems, including Accounting packages, Inventory
Network Infrastructure:
C management, HR systems, Assessment and reporting systems
 Cabling, Data/Voice Networks and equipment
 Software as a service (Sass) - instead of software as a packaged or custom-
H  Telecommunications services (PABX), including VoIP services , made product. Etc..
ISDN , Video Conferencing Physical Security components:
N
 Server computers and associated storage devices  CCTV Cameras
O  Operating software for server computers  Clock in systems / Biometrics
L  Communications equipment and related hardware.  Environmental management Systems: Humidity Control, Ventilation ,
Air Conditioning, Fire Control systems
O  Intranet and Internet connections
 Electricity / Power backup
 VPNs and Virtual environments Access devices:
G
 Remote access services  Desktop computers
Y  Wireless connectivity  Laptops, ultra-mobile laptops and PDAs
 Thin client computing.
20 April 2022
SECURITY UNIT 1
47
 Digital cameras, Printers, Scanners, Photocopier etc.
20 April 2022 48
Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1
12
ISO 27002:2005 defines Information Security as the preservation of: Security breaches leads to…
Ensuring that information is • Reputation loss
– Confidentiality accessible only to those • Financial loss
authorized to have access
• Intellectual property loss
Safeguarding the accuracy • Legislative Breaches leading to legal actions (Cyber Law)
and completeness of
information and processing • Loss of customer confidence
– Integrity
methods • Business interruption costs
Ensuring that authorized
users have access to LOSS OF GOODWILL
– Availability information and associated
assets when required
20 April 2022 49 20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 50
SECURITY UNIT 1

SECURITY(CO1) SECURITY(CO2)1
Terminology
• Threat---a potential cause of an incident that may result in harm to a
system or organization
• Vulnerability---a weakness of an asset (resource) or a group of assets
that can be exploited by one or more threats
Threats, • Risk---potential for loss, damage, or destruction of an asset as a result of a
Vulnerabilities, threat exploiting a vulnerability
and • Example: In a system that allows weak passwords,

– Vulnerability---password is vulnerable for dictionary or exhaustive key
Risks attacks
– Threat---An intruder can exploit the password weakness to break into
the system
– Risk---the resources within the system are prone for illegal
access/modify/damage by the intruder.
• Threat agent---entities that would knowingly seek to manifest a threat
13
Components of a Threat
Types of Damage – Threat agents---criminals, terrorists, subversive or secret groups, state
sponsored, disgruntled employees,, hackers, pressure groups, commercial
• Interruption---destroyed/unavailable services/resources groups
• Interception---unauthorized party snooping or getting access to a – Capability---software, technology, facilities, education and training, methods,
resource books and manuals
– Threat inhibitors---fear of capture, fear of failure, level of technical difficulty,
• Modification--- unauthorized party modifying a resource cost of participation, sensitivity to public perception, law enforcement
• Fabrication---unauthorized party inserts a fake asset/resource activity, target vulnerability, target profile, public perception, peer perception
– Threat amplifiers---peer pressure, fame, access to information, changing high
technology, deskilling through scripting, skills and education levels, law
enforcement activity, target vulnerability, target profile, public perception,
peer perception
– Threat catalysts---events, technology changes, personal circumstances
– Threat agent motivators---political, secular, personal gain, religion, power,
terrorism, curiosity

Threat Agents Major Security Threats on Information Systems
1. Intrusion or Hacking---gaining access to a computer system without the knowledge
 Types of its owner---Tools: . Poor Implementation of Shopping Carts, Hidden fields in the
html forms, Client-side validation scripts, Direct SQL attack, Session Hijacking, Buffer
– Natural---fire, floods, power failure, earth quakes, etc. Overflow Forms, Port Scan
– Unintentional---insider, outsider---primarily non-hostile 2. Viruses and Worms--- programs that make computer systems not to work properly---
– Intentional---Insider, outsider---hostile or non-hostile (curious) Polymorphic Virus, Stealth Virus, Tunneling Virus, Virus Droppers, Cavity Virus
• Foreign agents, industrial espionage, terrorists, organized 3. Trojan Horse--- These programs are having two components; one runs as a server
and another one runs as a client; data integrity attack, steal private information on the
crime, hackers and crackers, insiders, political dissidents,
target system, store key strokes and make it viewable for hackers, sending private
vendors and suppliers local as an email attachment.
4. Spoofing---fooling other computer users to think that the source of their information
is coming from a legitimate user---IP Spoofing, DNS Spoofing, ARP Spoofing
5. Sniffing---used by hackers for scanning login_ids and passwords over the wires.
TCPDUmp and Snoop are better examples for sniffing tools.
6. Denial of Service---The main aim of this attack is to bring down the targeted network
and make it to deny the service for legitimate users. In order to do DoS attacks, people
20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 55 do not need to be an expert. They can do this attack with simple ping command
14
INTRODUCTION TO INFORMATION Noida Institute of Engineering and
SECURITY(CO1) Technology, Greater Noida
Vulnerabilities
• “Some weakness of a system that could allow security
to be allowed.”
• Types of vulnerabilities INFORMATION ASSURANCE
– Physical vulnerabilities
– Natural vulnerabilities CO1
– Hardware/software vulnerabilities
– Media vulnerabilities (e.g., stolen/damaged disk/tapes)
– Emanation vulnerabilities---due to radiation
– Communication vulnerabilities
– Human vulnerabilities
Content INFORMATION ASSURANCE AND CYBER

SECURITY(CO1)
• Information Assurance What is IA?
• Cyber Security • Information operations that protect and defend data and
information systems by ensuring their availability, integrity,
authentication, confidentiality, and non-repudiation.
• This includes providing restoration of IS by incorporating protection,
detection, and reaction capabilities.
15
INFORMATION ASSURANCE AND CYBER INFORMATION ASSURANCE AND CYBER
The Role of Operations Security Attributes of IA
• Balance ease of use against required mechanisms needed
Confidentiality - Render the information unintelligible except by
for system controls. authorized entities
• Value of data (monetary value) Integrity - Data has not been altered in an unauthorized manner
since it was created, transmitted, or stored.
• Ongoing operational need for the data
• Reduced vulnerabilities and threats to ongoing
Availability - Timely, reliable access to data and information
operations services for authorized users
Non-repudiation - assurance the sender of data is provided
with proof of delivery and the recipient is provided with proof of
the sender’s identity, so neither can later deny having processed
the data.
Authentication - Establishes the validity of a transmission,
message, or originator, or a means of verifying an individual’s
authorization to receive specific categories of information.

The CIA Triad
Confidentiality: Ensures that information is not compromised
The CIA Triad or shared amongst unauthorized participants:
• While data is on the source device
• While data is in transit on the network
• Upon data reaching its intended target
Integrity: Ensures that data is not damaged or modified while
either in transit or storage.
• Protects against both malicious intentional damage
and accidental damage by authorized users.
• Ensures data is consistent and is a true reflection of
real information
Availability: Ensures that information is always available at the time
authorized users need it.
Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 63 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT
20 April 2022 20 April 2022 64
1
16
What is cyber security?
• Cyber security standards are security standards which enable
organizations to practice safe security techniques to minimize the
number of successful cyber security attacks.
Cyber Security
• Cyber security refers to the technologies and processes designed to
protect computers, networks and data from unauthorized access,
vulnerabilities and attacks delivered via the Internet by cyber
Action against cyber crime criminals.
• Though, cyber security is important for network, data and

application security.

What is cyber crime? Cyber crimes includes
• The former descriptions were "computer crime", "computer-related • Illegal access
crime" or "crime by computer". With the pervasion of digital • Illegal Interception
technology, some new terms like "high-technology" or • System Interference
"information-age" crime were added to the definition. Also,
Internet brought other new terms, like "cybercrime" and "net" • Data Interference
crime. • Misuse of devices
• Fraud
• Other forms include "digital", "electronic", "virtual" , "IT", "high-
tech" and technology-enabled" crime .
17
Why should we care? How can we protect?
• It is a criminal activity committed on the internet. • Read Privacy policy carefully when you submit the data through
internet.
• Cyber crime-Where computer is either a tool or target or both.
• Encryption: lots of website uses SSL (secure socket layer)to encrypt
a data.
• Disable remote connectivity.

Advantage of cyber security
Safety tips …
• It will defend from hacks and virus.
• Use antivirus software
• Insert firewalls , pop up blocker
• The application of cyber security used in our PC needs update every
• Uninstall unnecessary software
week.
• Maintain backup
• Check security settings
• The security developers will update their database every week
once. Hence the new virus also deleted. • Use secure connection
• Open attachments carefully
• Use strong passwords , don’t give personal information
unless required
18
INFORMATION ASSURANCE AND CYBER Old Question Papers
SECURITY(CO1)
Conclusion • http://www.aktuonline.com/papers/mca-3-sem-cyber-security-
• The only system which is truly secure is one which is switched off rca305-2020.html
and unplugged. • http://www.aktuonline.com/papers/mca-3-sem-cyber-security-rca-
305-2018-19.html
• So , only way to be safe is Pay attention and Act smart. • http://www.aktuonline.com/papers/mca-3-sem-cyber-security-rca-
305-2017-18.html
Noida Institute of Engineering and Content

Technology, Greater Noida
• Definition
• Risk
• RMMM
• Categories of Risk
RISK ANALYSIS AND MANAGEMENT • Risk Management
• Security Risk Analysis
CO1 • Types of Risk Analysis
• Risk Impact
• Risk Control Strategy
19
RISKS(CO1) RISK(Contd…)
Risks Risks
• Risks are potential problem/uncertainty that might affect the • Two risk Strategies :
successful completion of a software project. 1. Reactive strategy
• Risk analysis and management are intended to help a software Software team does nothing till the risk becomes real.
team understand and manage uncertainty during the development
process. 2. Proactive strategy
• The work product is called a Risk Mitigation, Monitoring, and Risk management begins long before technical work starts.
Management Plan (RMMM). Risks are identified and prioritized by importance. Then team builds
a plan to avoid risks if they can or minimize their probability of
occurrence or establish plan if risks become real.
RISK(Contd…) RISK(Contd…)
Risks Risks
 Categories of risks 3.Business risk
1. Project risks • Threatens the viability of the software to be built.
o Threatens the project plan. • Eg of business risk
o If project risk becomes real, it is likely project schedule will slip
and the costs will increase 1. Building an excellent product that no one wants.
o Identifies problems related to budgetary, schedule , personnel 2. Building a product that no longer fits into the overall business
and resource strategy.
3. Building a product that the sales force do not how to sell.
2. Technical risk 4. Change of management
o Threatens the quality of the software to be produced. 5. Losing budgetary
o Identifies problems related to design, implementation,
maintenance etc
20
RISK MANAGEMENT(CO1) RISK MANAGEMENT(Contd…)
Risk management Risk management
• Risk management
• Risk is the potential that a given threat will exploit vulnerabilities of – Risk assessment
an asset or group of assets and thereby cause harm to the
• Risk identification---decision driver analysis, assumption
organization
analysis, decomposition
• Risk management--- “Process of identifying, controlling and • Risk analysis---cost models, network analysis, decision
minimizing or eliminating security risks that may affect information analysis, quality factor analysis
systems, for an acceptable cost.” --- assessment of risk and the
• Risk prioritization---risk leverage, component risk reduction
implementation of procedures and practices designed to control
the level of risk – Risk control
• Risk assessment--- “ assessment of threats to, impact on and • Risk management planning---risk avoidance, transfer,
vulnerabilities of information and information processing facilities reduction, element planning, plan integration
and the likelihood of their occurrence.”---identification of the risk, • Risk resolution---Simulations, benchmarks, analysis, staffing
analysis of the risk in terms of performance, cost, and other quality • Risk monitoring---Top 10 tracking, risk assessment,
factors; risk prioritization in terms of exposure and leverage corrective action
RISK MANAGEMENT RISK MANAGEMENT

Risk Management Steps Risk Management Steps
• Process of: assessing risk, taking steps to reduce it to an acceptable level,
– III. Implement appropriate policies and related controls
and maintaining that level of risk
– Link policies to business risks
• Five principle:
– Differentiate policies and guidelines
– I. Assess risk and determine needs
– Support polices via the central IA group
• Recognize the importance of protecting information resource assets
– IV Promote awareness
• Develop risk assessment procedures that link IA to business needs
• Educate user and others on risks and related policies
• Hold programs and managers accountable
• Use attention-getting and user-friendly techniques
• Manage risk on a continuing basis
– V Monitor and evaluate policy and control effectiveness
– II. Establish a central management focus
• Monitor factor that affect risk and indicate IA effectiveness
• Designate a central group for key activities
• Use results to direct future efforts and hold managers accountable
• Provide independent access to senior executives to the group
• Be on the lookout for new monitoring tools and techniques
• Designate dedicated funding and staff
• Periodically, enhance staff technical skills Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1
20 April 2022 84
21
SECURITY RISK ANALYSIS(CO1) SECURITY RISK ANALYSIS
Security Risk Analysis
Guidelines
• Security risk analysis, otherwise known as risk assessment, is Risk Analysis (cont.....)
fundamental to the security of any organization. It is essential in
ensuring that controls and expenditure are fully commensurate • There are a number of distinct approaches to risk analysis.
with the risks to which the organization is exposed.
• However, many conventional methods for performing security risk – Quantitative
analysis are becoming more and more untenable in terms of – Qualitative.
usability, flexibility, and critically... in terms of what they produce for
the user.
20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 85 20 April 2022 86
SECURITY RISK ANALYSIS SECURITY RISK ANALYSIS

RISK ANALYSIS RISK ASSESSMENT
QUANTATIVE QUALITATIVE  BUSINESS OBJECTIVE  POSITIVE FACTORS

• This approach employs two • This is by far the most widely
fundamental elements; the used approach to risk analysis. • FOCUS on key assets
• Enables security risks to be
probability of an event Probability data is not required • PROTECT against likely threats managed
occurring and the likely loss and only estimated potential • PRIORITISE future actions
• Maximises cost effectiveness
should it occur. loss is used. • BALANCE cost with benefits
• Safeguards information assets
• The problems with this type of • Most qualitative risk analysis • IDENTIFY / JUSTIFY
appropriate • Enables IT risks to be taken
risk analysis are usually methodologies make use of a
more safely
associated with the number of interrelated
unreliability and inaccuracy of elements:
the data. o Threats, Vulnerabilities
& Controls
22
SECURITY RISK ANALYSIS INFORMATION SYSTEM(CO1)
What is Cyber Security
Balancing the Risk • Job Opportunities: At the time of placement with traditional degree,
knowledge of cyber security will be added advantage. Below are listed some
job areas where students can be placed once they attain expert knowledge in
security
Cost of Cost of
Security Insecurity
SECURITY RISK ANALYSIS SECURITY RISK ANALYSIS
Risk Impact Risk Control Strategy

• Monetary losses • Risk prevention
• Loss of personal privacy • Reduction of impact
• Loss of commercial confidentiality • Reduction of likelihood
• Legal actions • Early detection
• Public embarrassment • Recovery
• Danger to personal safety • Risk transfer
23
SECURITY RISK ANALYSIS Old Question Papers
BENEFITS OF SRA • http://www.aktuonline.com/papers/mca-3-sem-cyber-security-

rca305-2020.html
• Cost Justification • http://www.aktuonline.com/papers/mca-3-sem-cyber-security-rca-
• Productivity: Audit/Review Savings 305-2018-19.html
• Breaking Barriers - Business Relationships • http://www.aktuonline.com/papers/mca-3-sem-cyber-security-rca-
• Self-Analysis 305-2017-18.html
• Security Awareness
• Targeting Of Security
• 'Baseline' Security and Policy.
• Consistency.
• Communication.
20 April 2022 93 20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 94
Summary References
• In this digital era when everything is accessed and operated

through cyber space, security is the very important feature. To
understand the need for cyber security, different incidents and
statistical reports are presented. Lack of security may lead to set
backs in financial matters, personal and professional operations.
Important terms related to Cyber Security are also discussed in this
module. Different types of Cyber threats, the methods of Cyber
Attacks are also explained. The four important fundamentals of
security and the other essentials in securing the computers are also
explored to understand the basic operations in cyberspace.
• Cyber security is a broader term which protects all the hardware
(devices, routers, and switches), software, information, and data
that are part of the cyber space. Cyber Security cannot be
misguided with data security.
24

Unit1 CyberSecurity Shared

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unit1 CyberSecurity Shared

Uploaded by

Copyright:

Available Formats

Noida Institute of Engineering and Technology, Greater Noida Contents/Topics Covered

Introduction to • Information System

20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 2

Topic Contents/Topics Covered

• Information System (IS)

 To understand the basics of Information System with

20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 4

INFORMATION SYSTEM(CO1) INFORMATION SYSTEM(CO1)

What is Information System Information System Resources

• Information - Well-structured data with a specific

Information System Resources Information System Activities

INFORMATION SYSTEM(CO1) INFORMATION SYSTEM(CO1)

Based on Based on functional Based on Decision

Tactical IS Finance IS EIS/ESS

Operational IS HRM IS DSS

Transaction Process Office Management Decision Executive

INFORMATION SYSTEM(CO1) INFORMATION SYSTEM(CO1)

i) Management Information System • Perform simple calculations

INFORMATION SYSTEM(CO1) INFORMATION SYSTEM(CO1)

ii) Decision Support System (DSS): 3. Knowledge Based Systems:

a) End user computing systems support the direct, hands on use of

20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 22

INFORMATION SYSTEM(CO1) Development of IS (CO1)

The main approaches are listed as follows:

Development of IS (CO1) Development of IS (CO1)

• Therefore, every stage should be taken as a separate

• This model is useful for complex projects where all

Development of IS (CO1) Development of IS (CO1)

Source: software engineering k k aggarwal

Development of IS (CO1) Introduction to Information Security (CO1)

Goals of information security -

Source: software engineering k k aggarwal Source: Swayam

Noida Institute of Engineering and Content

20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 40

WHAT IS INFORMATION SECURITY(CO1) INTRODUCTION TO INFORMATION

 The architecture where an integrated combination of

 Monitored 24x7 PROCESSES

 Having People, Processes, Technology, policies, procedures,

Devanshu Dube AMCANC0201 CYBER

INTRODUCTION TO INFORMATION INTRODUCTION TO INFORMATION

INTRODUCTION TO INFORMATION INTRODUCTION TO INFORMATION

and • Example: In a system that allows weak passwords,

INTRODUCTION TO INFORMATION INTRODUCTION TO INFORMATION

20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 57

Content INFORMATION ASSURANCE AND CYBER

INFORMATION ASSURANCE AND CYBER INFORMATION ASSURANCE AND CYBER

• Though, cyber security is important for network, data and

20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 66

INFORMATION ASSURANCE AND CYBER INFORMATION ASSURANCE AND CYBER

• Disable remote connectivity.

INFORMATION ASSURANCE AND CYBER INFORMATION ASSURANCE AND CYBER

Noida Institute of Engineering and Content

20 April 2022 Devanshu Dube AMCANC0201 CYBER SECURITY UNIT 1 76

RISK MANAGEMENT RISK MANAGEMENT

SECURITY RISK ANALYSIS SECURITY RISK ANALYSIS

QUANTATIVE QUALITATIVE  BUSINESS OBJECTIVE  POSITIVE FACTORS

SECURITY RISK ANALYSIS SECURITY RISK ANALYSIS

Risk Impact Risk Control Strategy

BENEFITS OF SRA • http://www.aktuonline.com/papers/mca-3-sem-cyber-security-

• In this digital era when everything is accessed and operated

You might also like