Cybersecurity involves tools, policies, and safeguards for protecting
digital assets. Guidelines, risk management, actions, and training ensure cyber environment security. Assets encompass devices, personnel, information, infrastructure, and telecommunications systems. Main goal: Maintain security properties against internet- related risks. Essential: Technologies shield applications, services, while countering evolving cyber threats. Focus: Uphold integrity, availability, confidentiality, safeguarding overall digital landscape. Cyber crimes Cyber crimes encompass illegal actions in the digital realm. Criminal activities span hacking, fraud, data breaches, and online theft. Targets: Individuals, organizations, systems, sensitive data, financial assets. Motivations: Financial gain, information theft, disruption, espionage, and sabotage. Examples: Phishing, ransomware, identity theft, and distributed denial-of-service (DDoS) attacks. Combating: Requires law enforcement, cybersecurity measures, international collaboration, and public awareness. Cyber Security Goals The objective of Cybersecurity is to protect information from being stolen, compromised or attacked. Cybersecurity can be measured by at least one of three goals- 1. Protect the confidentiality of data. 2. Preserve the integrity of data. 3. Promote the availability of data for authorized users. Types of Cyber Attacks A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer code, logic or data and lead to cybercrimes, such as information and identity theft. We are living in a digital era. Now a day, most of the people use computer and internet. Due to the dependency on digital things, the illegal computer activity is growing and changing like any type of crime. Cyber-attacks can be classified into the following categories: Web-based attacks These are the attacks which occur on a website or web applications. Some of the important web-based attacks are as follows- Injection Attacks: Sneak data, change apps, access databases, trick application behavior. Break into databases, steal or corrupt sensitive information. Examples: SQL, code, log, XML tricks. Use checks, safe coding, data protection to prevent such attacks. DNS Spoofing: Fake DNS data, misguide users to wrong destinations. Divert traffic, lead to data theft, pose serious threats. Generate wrong IP addresses, disrupt network integrity. Boost DNS security, vigilant monitoring to counter spoofing. Session Hijacking: Swipe session cookies, unauthorized entry into user accounts. Impersonate, gain access to sensitive information. Endangers data and accounts, exploit weak session management. Secure sessions, encryption, and regular audits for prevention. Phishing: Trick with fake emails, websites for private data acquisition. Pose as trusted entities, deceive users for sensitive information. Deceptive links, forms mislead, exploit social engineering. Educate users, employ spam filters, verify sources to deter phishing. Brute Force: Repeatedly guess passwords, breach security to gain unauthorized access. Target weak passwords, compromise system integrity. Uses trial and error, crack user accounts, assess network security. Implement account lockouts, CAPTCHAs, and strong authentication. Denial of Service: Overwhelm systems with traffic, making them inaccessible to users. Disrupt services, causing downtime, exploiting system vulnerabilities. Volume, protocol, and application-based attacks disrupt systems. Employ traffic filtering, load balancing, and network monitoring. Dictionary Attacks: Try common passwords, exploit weak passwords for unauthorized access. Crack user accounts, enhance security awareness. Target frequently used passwords, enforce password policies. Strengthen security, multifactor authentication to mitigate risks. URL Interpretation: Manipulate URLs, gain unauthorized access to restricted content. Exploit improper configurations, expose sensitive data. Alter URLs to access unauthorized resources, cause information leakage. Ensure proper access controls, validate inputs, and implement URL filtering. File Inclusion Attacks: Sneak malicious files, compromise servers and data integrity. Unauthorized access, execute harmful code on servers.Exploit insecure file handling in web applications. Prevent using input validation, secure file handling, and code reviews. Man in the Middle Attacks: Intercept communications, secretly modify or steal exchanged data. Act as intermediary, tamper or eavesdrop on information. Compromise sensitive data, prevalent in unencrypted networks. Employ encryption, secure protocols, and digital signatures to prevent MITM attacks. System-based attacks These are the attacks which are intended to compromise a computer or a computer network. Some of the important system-based attacks are as follows- Virus:Spread malware within files, harm computer systems without user knowledge. Self-replicating, can alter, delete, or corrupt data, and software. Transmit through infected files, emails, removable media. Install antivirus software, update systems to prevent virus infection. Worm: Self-replicating malware, spread to uninfected computers via networks. Similar to viruses, don't require user interaction for propagation. Often use network vulnerabilities, emails, or shared resources to spread. Keep systems updated, use firewalls, and network security measures. Trojan Horse: Malicious program disguised as legitimate software, mislead users. Can perform unauthorized actions, steal data, or grant remote access. Users unknowingly install Trojans, posing security threats. Beware of suspicious downloads, use reputable sources, and security software. Backdoors: Unauthorized access points created by developers or attackers. Bypass normal authentication, grant remote control over systems. Intended for troubleshooting but misused by hackers for attacks. Regular security audits, strong access controls to prevent backdoor entry. Bots: Automated processes interacting with networks, can be beneficial or malicious. Examples include web crawlers, chatroom bots, and harmful bots. Can execute commands, spread malware, and launch attacks. Employ security measures, monitor network traffic to detect and mitigate bot activity. Hacking Techniques: Usually a hacker deploys multiple techniques to reach their goal, sometimes the simplest ways are the moste efficient. Using social engineering techniques exploiting human kindness, greed and curiosity to gain access is not uncommon Phishing: Hacker mimics legit site, sends fake email with link to collect login. Targets sign in on fake site, giving hacker access to credentials. Uses human trust, URL similarity to deceive and steal info. Exploits curiosity, greed, kindness to manipulate users into revealing data. SQL Injections: Exploits poorly coded sites, targets user input fields for database access. Hacker manipulates input, gains unauthorized access to website database. Attacks applications communicating with SQL databases through malicious inputs. Takes advantage of coding flaws, executes database-related attacks for data theft. DoS/DDoS: Overwhelms server, causing offline status for all hosted sites. Hacker uses botnet to flood server with traffic, causing overload. Utilizes network of hijacked computers, interrupts target server operations. Massive traffic influx disrupts server, renders websites temporarily inaccessible. Brute Force: Repeatedly guesses passwords to find weak ones for unauthorized access. Hacker uses trial and error, automated tools to crack passwords. Targets users with simple passwords, exploiting security negligence. Persistence and password guessing, commonly used to breach accounts. Fake WAP: Hacker creates fake WiFi, lures users to connect and intercepts data. Exploits free public WiFi spots, tricks users into connecting. Uses imitated Access Point to gather login info, sensitive data. Impersonates legitimate network, captures user data through deceptive hotspot. Sniffing/Snooping: Hacker eavesdrops on unsecured network traffic for future attacks. Monitors unencrypted networks, gathers information for malicious use. Exploits lack of encryption, captures data during network transmission. Gathers relevant data from unsecured connections, enhancing attack capabilities. Bait & Switch: Hacker places malware in appealing ads, infects user upon click. Buys ad space, redirects target to malicious page after appealing ad. Entices users with attractive ads, traps them into accessing malware. Uses legitimate-looking ads to deceive users into clicking harmful links. Cookie Theft: Hacker steals cookies via unsecured connections, impersonates user. Exploits lack of SSL, captures cookies containing sensitive data. Targets browser cookies for authentication, uses stolen data to gain access. Uses unencrypted connections to collect cookies, hijacks user sessions. Waterhole Attacks: Hacker targets favorite spots, combines techniques for trapping target. Studies routine, uses knowledge of frequented locations to set traps. Exploits target's habits, combines methods to compromise security. Lures victim using gathered information, executes attack at familiar locations. UI Redress/ClickJacking:Hacker tricks user to click by disguising link as something else. Deceptive links appear as legitimate buttons, misleading users' clicks. Misrepresents content, entices clicks for malicious purposes. Deceives users through link disguises, often on streaming or download sites. White Hat Hackers: Ethical hackers, work to secure systems and find vulnerabilities. Authorized, protect systems by exposing weaknesses for improvement. Professionals, contribute to cybersecurity, often hired by organizations. Use skills to prevent cybercrimes, maintain digital safety and integrity. Black Hat Hackers: Malicious hackers, exploit vulnerabilities, and commit cybercrimes. Unauthorized, breach systems for personal gain, data theft, or disruption. Criminal intent, target individuals, organizations, and networks for harm. Often engage in illegal activities, pose significant cybersecurity threats. Grey Hat Hackers: Blend of ethical and malicious intent, uncover vulnerabilities but may not seek permission. Can expose weaknesses for a cause without consent, operate in gray area. Seek recognition, may report findings after unauthorized tests. Controversial, use skills to reveal issues but not always legally sanctioned. Script Kiddies: Inexperienced hackers, use pre-made tools to execute attacks. Lack deep technical understanding, target systems without intricate knowledge. Typically young, seek attention and cause disruptions, but limited expertise. Rely on automated tools, pose nuisance rather than severe threats. Firewalls: Security barrier, filters network traffic between trusted and untrusted zones. Monitors incoming/outgoing data, blocks unauthorized access, and potential threats. Shields systems from cyberattacks, malware, and unauthorized communication attempts. Acts as a gatekeeper, enforces security policies, regulates network traffic flow. Essential for network protection, prevents unauthorized access and data breaches. Types of Firewalls: 1. Packet Filtering Firewall: Examines packet attributes, permits/denies based on predefined rules. Filters by IP addresses, ports, protocols, offers basic security. Fast processing, limited protection against advanced threats. Stateless, lacks awareness of context or connection state. Vulnerable to IP spoofing, less suitable for modern complex networks. 2. Stateful Inspection Firewall: Maintains connection state, monitors data packets throughout session. Evaluates context, tracks connections for improved security. Offers higher security, examines packet history, port states. Slower processing due to packet tracking, suitable for general networks. Guards against unauthorized connections and session hijacking. 3. Proxy Firewall: Acts as intermediary, hides internal network structure from external entities. Intercepts requests, forwards traffic, masks real IP addresses. Enhances security, offers content filtering and caching capabilities. Manages client-server communication, adds an additional layer of protection. Reduces direct exposure of internal resources, mitigates direct attacks. 4. Next-Generation Firewall (NGFW): Integrates traditional firewall with intrusion prevention, deep packet inspection. Identifies and blocks applications, provides application- layer visibility. Offers advanced threat protection, user identity- based policies. Combines traditional firewall features with modern security capabilities. Defends against sophisticated attacks, suitable for complex networks. 5. Application Layer Firewall: Operates at OSI application layer, inspects full content of packets. Monitors application-specific traffic, enforces strict security policies. Detects and prevents application-specific threats, data leakage. Offers deep inspection, granular control, and content filtering. Provides strong protection for applications and services, may affect performance. VPN (Virtual Private Network): Secure connection, encrypts data traffic between user and remote server. Masks user's IP, enhances online privacy, and anonymity. Enables remote access, secure browsing, and data transmission over public networks. Commonly used for remote work, accessing geographically restricted content. Provides a tunnel for secure communication, protects against cyber threats. Types of VPN: 1. Remote Access VPN: Allows users to connect securely to a private network remotely. Encrypted tunnel ensures safe communication, often used by employees. Utilizes authentication mechanisms, protects data during transmission. Offers secure access to company resources from various locations. Ensures confidentiality of data when accessing sensitive information. 2. Site-to-Site VPN: Connects multiple networks, creates a secure link between remote sites. Encrypts data between sites, facilitates secure interconnectivity between networks. Often used by businesses with multiple locations or branches. Ensures secure data transfer between sites over untrusted networks. Provides a seamless and private connection between geographically dispersed sites. 3. Client-to-Site VPN: Connects individual devices to a corporate network securely. Employees access company resources remotely, similar to remote access VPN. Offers secure communication, requires client software or app installation. Utilizes encryption to safeguard data during transmission over public networks. Enables secure and convenient remote work for employees. 4. SSL/TLS VPN: Operates over HTTPS, secures communication via web browsers. Uses SSL/TLS protocols to create a secure connection. Commonly used for remote access to web applications. Simplifies setup, provides remote access to web-based resources securely.Ensures encrypted data transmission, suitable for accessing online services. 5. IPsec VPN: Uses IPsec protocol suite for secure communication. Encrypts and authenticates data packets, ensuring secure transmission. Suitable for site-to-site and remote access connections. Provides strong security through encryption and tunneling. Commonly used for securing network traffic across public networks. Encryption: Encodes data using an algorithm and a key for secure communication. Transforms plaintext to ciphertext, protecting sensitive information from unauthorized access. Provides confidentiality, authentication, integrity, and non-repudiation of data. Essential for data protection during transmission and storage, preventing cyberattacks. Types of Encryption Algorithms: 1. Symmetric Encryption (Secret Key): Uses a single key for both encryption and decryption. Fast processing, commonly used for large amounts of data. Advanced Encryption Standard (AES) is a widely adopted symmetric cipher. Suitable for confidentiality and data integrity in closed systems. 2. Asymmetric Encryption (Public Key): Employs a pair of linked keys: public key for encryption and private key for decryption. Slower processing, but enables secure key exchange and digital signatures. RSA and Elliptic Curve Cryptography (ECC) are popular asymmetric algorithms. Used for secure communication and authentication in open systems. 3. Quantum Key Distribution (QKD): Generates encryption keys based on entangled photons. Leverages quantum entanglement for secure key exchange. Ensures eavesdropping detection due to quantum characteristics. Enables truly secure communication in quantum environments. 4. Diffie-Hellman Key Exchange: Facilitates secure key exchange without direct transmission. Uses mathematical functions to generate shared secrets. Suitable for securing key exchange protocols. Used in combination with other encryption methods for added security. 5. Hash Functions: Converts data into fixed-size hash values (digests). Used for data integrity verification and digital signatures. Popular hash functions include SHA-256 and MD5. Helps prevent tampering and ensures data integrity in various applications. Intrusion Detection: Definition and Purpose: Identifies unauthorized or malicious activities in systems or networks.Aims to enhance security by detecting potential breaches and attacks. Types: HIDS (Host-based Intrusion Detection System): Monitors individual host behavior and logs. Detects anomalies and changes in file integrity. NIDS (Network-based Intrusion Detection System): Analyzes network traffic for unusual patterns. Focuses on detecting suspicious activities at the network level. Detection Techniques:Signature-based: Compares patterns with known attack signatures. Effective for detecting well-known threats. Anomaly-based: Identifies deviations from normal baseline behavior. Useful for detecting new or evolving threats. Heuristic-based: Applies predefined rules to identify abnormal patterns. Balances known signatures with behavioral analysis. Alert Generation and Response: Generates alerts or notifications upon detection. Alerts can be manual or automated, sent to administrators. Responses include isolating affected hosts or blocking suspicious traffic. Benefits and Limitations: Benefits: Real-time threat detection enhances overall cybersecurity. Aids in incident investigation and prevention of data breaches. Assists in compliance with security standards and regulations. Limitations: False positives can lead to legitimate activities being flagged. False negatives occur when actual intrusions are missed. Continuous updates required to address evolving attack methods. Anti-Malicious Software: Definition and Purpose: Protects systems from malware, including viruses, worms, and ransomware. Detects, prevents, and removes malicious software to ensure system security. Types: Antivirus Software: Scans and removes known viruses and malware from files and software. Provides real-time protection against threats during system operation. Anti-Spyware Software: Detects and removes spyware and adware that track user activities. Safeguards privacy by preventing unauthorized data collection. Firewalls: Blocks unauthorized network access and traffic from potential threats. Monitors and manages incoming and outgoing network communications. Anti-Ransomware Software: Detects and prevents ransomware attacks that encrypt data for extortion. Blocks ransomware before it can encrypt files and demand a ransom. Functionality: Scanning and Removal: Conducts regular scans to identify and remove malware infections. Deletes or quarantines infected files to prevent further spread. Real-time Protection: Monitors system activity to prevent malware execution in real-time. Blocks malicious processes and activities before they can cause harm. Behavior Analysis: Identifies suspicious behavior patterns that could indicate malware. Analyzes activities to detect zero-day threats and new malware variants. Updates and Updates: Regular Updates: Updates virus definitions and databases to recognize new threats. Ensures the software is equipped to detect the latest malware. Security Patches: Provides patches for vulnerabilities in the operating system or software. Prevents exploitation by malware that targets security flaws. Merits: Enhanced Security: Merit: Protects systems from various forms of malware, reducing the risk of data breaches and unauthorized access. Merit: Prevents potential financial losses and reputation damage caused by malware attacks. Real-time Monitoring: Merit: Provides continuous monitoring and immediate response to emerging threats, ensuring timely protection. Merit: Detects and blocks malware execution before it can compromise system integrity. User Privacy: Merit: Guards against spyware and adware that track user activities and collect sensitive data. Merit: Preserves user privacy by preventing unauthorized data harvesting. Customizable Protection: Merit: Allows users to configure settings based on their security preferences. Merit: Offers flexibility to scan specific files, folders, or drives for malware. Demerits: Resource Consumption: Demerit: Anti-malicious software can consume system resources, leading to slower performance. Demerit: Heavy scanning processes may disrupt normal system activities. False Positives: Demerit: Occasionally identifies harmless files or software as malicious (false positives). Demerit: Users may experience inconvenience and confusion due to unnecessary alerts. Dependency on Updates: Demerit: Requires regular updates to maintain effectiveness against evolving malware. Demerit: Outdated definitions may result in inadequate protection against new threats. Limited Protection Against Advanced Threats: Demerit: Some sophisticated malware may evade detection by traditional anti-malicious software. Demerit: Zero-day attacks and targeted threats can bypass standard protection measures. Complexity and Compatibility: Demerit: Configuring and managing settings can be complex for non-technical users. Demerit: Compatibility issues with certain software or conflicting applications can arise. Cost and Performance Impact:Demerit: High-quality anti- malicious software often comes with a subscription cost. Demerit: The cost and potential system slowdowns may deter users from investing in robust protection. Secure Software Definition: Definition: Secure Software is designed to function normally despite malicious attacks. It safeguards systems, removes attacks, and maintains resource safety. Characteristics of Secure Software: Secure Database Protection: Prevent SQL injection attacks by isolating databases from running code. Ensure back-end database security to prevent unauthorized access and manipulation. Data Encoding for Safety: Encode data before execution to counter injection vulnerabilities. Transforms data into unrecognizable formats for secure processing. Input Validation Assurance: Validate input data accuracy and compliance with field requirements. Treat external data as potentially harmful to prevent system vulnerabilities. Access Control Implementation: Implement strict access control rules for resource and functionality authorization. Default minimal access levels prevent unauthorized users from accessing sensitive areas. Data Security and Encryption: Enforce encryption (SSL, TLS) for data at rest and in transit. Enhance privacy and protect data against violations and breaches. Browser security Browser security safeguards browsers to prevent data breaches and malware attacks. Exploits involve JavaScript, cross-site scripting (XSS), and Adobe Flash vulnerabilities. All browsers, like Firefox, Chrome, and Safari, are susceptible to security holes. Protection requires updates, secure coding, and user awareness for safer browsing. Browser security is vital for safeguarding sensitive data and ensuring safe internet usage. Web browsers can be breached in one or more of the following ways: Web browsers face various breach risks including OS malware, memory manipulation. Malware in OS background can modify browser memory in privileged mode. Hacking main browser executable and components pose serious threats. Browser plugins vulnerabilities can lead to unauthorized access and attacks. Intercepted network communications put user data at risk outside the machine. Browser unawareness of breaches might mislead users about safe connections. Secure browser communication methods include DNSCrypt, HTTP Secure, and SPDY. SSL: Secure Sockets Layer, ensures encrypted and secure communication online. Protects data integrity, authenticity, and confidentiality between server and client. Uses public-key cryptography to establish secure connection over HTTP. Verified by SSL certificates issued by trusted Certificate Authorities (Cas). Prevents eavesdropping, data tampering, and man-in-the-middle attacks. Enables HTTPS protocol, crucial for secure transactions and data exchange. Evolved to TLS (Transport Layer Security), providing improved security layers. Shields sensitive information during online transactions and data transfers. Padlock icon indicates SSL protection; boosts user trust in websites. Essential for safeguarding user privacy in the modern internet landscape. ipsec IPSec: Internet Protocol Security, secures data transmission across networks. Offers authentication, encryption, and integrity checks for IP packets. Ensures confidential and tamper-proof communication between devices. Implemented in network devices for VPNs and secure data exchange. Operates in two modes: transport (end-to-end) and tunnel (network-to-network). Protects against unauthorized access, eavesdropping, and data alteration. Uses encryption algorithms and key exchange protocols for robust security. Enables secure remote access and site-to-site connections in enterprises. Provides a framework for creating Virtual Private Networks (VPNs) securely. Crucial for maintaining data privacy and integrity in interconnected systems. Classical Encryption Methods: Historical techniques for secure communication before modern cryptography era. Employed substitution, transposition, or both for rudimentary data protection. Lacked robust security against advanced attacks compared to modern methods. Paved the way for development of contemporary encryption techniques. Symmetric Cipher Model: Same key for encryption and decryption processes. Efficient for bulk data encryption and processing. Key distribution challenge requires secure mechanisms. Utilized in DES, AES, and 3DES algorithms. Demands effective key management practices. Substitution Techniques: Replace plaintext with substitutes based on specific algorithms. Caesar, monoalphabetic, and polyalphabetic ciphers are common examples. Vulnerable to frequency analysis, particularly monoalphabetic ciphers. Enhanced security with complex substitution patterns like polyalphabetic ciphers. Building block for more advanced encryption methods. Transposition Techniques: Rearrange characters' positions in the ciphertext. Rail Fence, Columnar Transposition are typical techniques. Adds complexity and confusion, but maintains character frequencies. Combined use of multiple techniques can enhance overall security. Enhances classical encryption methods' resistance to attacks. Product Ciphers: Blend substitution and transposition techniques in multi-layered approach.Strengthen security by combining encryption strategies. Used in modern block cipher designs like DES, AES. Offers resistance against various attack methods. Represents evolution from basic classical encryption methods. Steganography: Conceals information within seemingly innocuous cover media (images, audio, etc.). Ensures covert communication by hiding message presence. Detection necessitates specialized tools or techniques. Safeguards against unauthorized data interception by maintaining confidentiality. Used alongside encryption for enhanced data privacy. Asymmetric Key Cryptography: Utilizes pairs of keys: public and private keys. Based on mathematical one-way functions. Public keys can be openly shared; private keys must remain private. Enables secure communication and digital signatures. Offers encryption and decryption using different keys. Encryption Process: Sender encrypts using recipient's public key. Only recipient with private key can decrypt the message. Allows secure transmission of sensitive data. Key Exchange: Server generates symmetric key for data encryption. Encrypts symmetric key with client's public key. Client decrypts using its private key. Both parties securely share symmetric key. Data Integrity and Authentication: Sender creates digital signature with private key. Recipient verifies authenticity using sender's public key. Ensures message origin and integrity. Advantages: No need for pre-shared symmetric keys. Higher data throughput compared to symmetric encryption. Provides secure data transmission and authentication. Enables secure key exchange and digital signatures. Confidentiality: Safeguards sensitive data through encryption and access controls. Limits information access to authorized users, preserving secrecy. Prevents unauthorized disclosure or data breaches. Shields personal and private information from cyber threats. Maintains confidentiality in data transmission and storage. Ensures privacy compliance with regulations and standards. Integrity: Ensures data accuracy and consistency throughout its lifecycle. Utilizes hashing and digital signatures to detect tampering attempts. Protects against unauthorized modifications or alterations. Ensures the reliability and trustworthiness of digital assets. Guards against corruption and maintains data quality. Upholds data integrity in storage, processing, and transmission. Authentication: Verifies the identity of users and entities accessing a system. Relies on passwords, biometrics, tokens, and smart cards for validation. Enhances security with multi-factor and strong authentication methods. Prevents unauthorized access and reduces risks of data breaches. Confirms user identity before granting access to resources. Strengthens system protection against unauthorized use or intrusion. Non-Repudiation: Ensures accountability by preventing denial of actions or transactions. Uses digital signatures and timestamps to validate interactions. Provides evidence in legal disputes and electronic transactions. Mitigates risks associated with fraud and false claims. Establishes a reliable record of communication and events. Enhances trust in digital communications and transactions. Asymmetric Key Symmetric Key Aspect Cryptography Cryptography Key Uses a pair of keys: Uses a single key for Types public and private. encryption and decryption. Key Public keys can be openly Shared key must be securely Distributi shared. exchanged. on More secure due to Less secure as same key used Security separate keys. for encryption/decryption. Slower due to complex Faster due to simpler Speed mathematical operations. operations. Digital signatures, key Data encryption in bulk, file Use Case exchange. encryption. Key Requires management of Easier management of a Managem key pairs. single key. ent Scalabilit Less scalable for large- More scalable for bulk data y scale encryption. encryption. Performa Higher computational Lower computational load, nce load on systems. faster processing. Examples RSA, ECC, DSA AES, DES, 3DES Digital Signature: Definition: A cryptographic technique to verify the authenticity of digital messages or documents. Process: Combines sender's private key with message's hash to create signature. Verification: Recipient uses sender's public key to verify signature's validity. Purpose: Ensures message integrity, sender authenticity, and non-repudiation. Working of Digital Signature: Hashing: Message hashed to create unique fixed-length value. Signing: Private key encrypts the hash, generating the digital signature. Verification: Recipient decrypts signature with sender's public key, compares hashes. Authenticity: If hashes match, message unaltered and sender verified. Non-Repudiation: Ensures sender can't deny sending the message. Merits of Digital Signatures: Authentication: Validates sender's identity, enhancing trust in digital communication. Data Integrity: Guarantees message content remains unchanged during transmission. Non-Repudiation: Prevents sender from denying sending a message. Efficiency: Faster and more secure than traditional paper-based signatures. Demerits of Digital Signatures: Dependence on Keys: Security relies on safekeeping private keys. Initial Setup: Requires key pair creation and certificate management. Technical Expertise: Users may struggle with setup and key management. Cost: Acquiring digital certificates and implementing infrastructure can be expensive. Limited Legal Framework: Some regions lack comprehensive laws recognizing digital signatures. Cryptography: Definition: Cryptography is the practice and study of techniques for secure communication.n purpose: It ensures confidentiality, integrity, and authentication of information by transforming data. Process: Converts plaintext into ciphertext using encryption algorithms and keys. Application: Used in secure transactions, data protection, and digital signatures. Working: Encryption: Converts plaintext into unreadable ciphertext using encryption algorithms. Decryption: Reverses encryption, transforming ciphertext back into readable plaintext. Key Management: Securely generates, distributes, and stores encryption/decryption keys. Security: Algorithms' complexity and key length provide protection against unauthorized access. Mathematics: Utilizes mathematical operations like modular arithmetic and prime numbers. Merits: Confidentiality: Safeguards sensitive data from unauthorized access. Data Integrity: Detects any tampering or unauthorized changes to data. Authentication: Verifies the identity of the sender or recipient. Non-Repudiation: Prevents parties from denying their actions in communication. Demerits:Complexity: Cryptographic processes can be complex and require specialized knowledge. Encryption/decryption can slow down processing speed. Secure key distribution and management can be challenging. Poorly implemented algorithms or weak keys can lead to vulnerabilities. Losing encryption keys can result in permanent data loss. Legal Issues in Information Security There are many legal issues with regard to information security 1. Breaking into computer is against the law, most of the time. 2. Civil issues of liability and privacy. 3. Risks with regard to employees and other organizations on the network if internal security is lax. 4. Violations of new laws that address banking customers and medical privacy. Cyber Law In Nepal The Electronic Transaction Act, 2063 is Nepal’s first cyber law. It was created in response to the growing usage of the internet in Nepal. It makes provision for the commercial use of computers and networks; authorizes e-transactions and communication in public and private sectors; criminalizes different computer-related unwanted activities: “Whoever publishes or causes to publish, display any material in the electronic form including computer, internet which are prohibited to publish or display by the law in force or which may be contrary to the public morality or decent behavior or any types of materials which may spread hate or jealousy against anyone or which may jeopardize the harmonious relations subsisting among the peoples of various castes, tribes and communities shall be liable to be punished with a fine of up to one hundred thousand rupees or with imprisonment of up to five years or both.” OR, Cyber Law in Nepal This art an overview of cybercrime and cyber laws in Nepal. Nepal has been ranked 147th in the Human Development Index. Nepal has been ranked 147th in the Human Development Index. The rate of crime in Nepal has been high, and cybercrime has especially seen increased occurrence. During the ongoing pandemic, the number of cybercrime cases in Nepal has increased, despite the fact that the disease has not affected the country much. Important Statistics There are a total of 10.21 million people in Nepal who used the internet in 2020. The number of users increased by 315,000 between 2019 and 2020. Around 10 million people in Nepal use social media. It appears that the country’s citizens have been reluctant to report cybercrime, with only 53 cases being registered in 2017. However, 2018 saw a sharp rise in the number of cases to 132. In 2018 and 2019, a total of 180 cases were registered. Out of these 180, 125 cases were from the capital city, Kathmandu, and the rest from others. Different Cyber Laws in Nepal 1.The Electronic Transactions Act, 2008 This was Nepal’s first cyber law. Cybercrimes were dealt with under the Country’s criminal code before this law came into force. Since the cases of cybercrime increased, it became necessary to enact a separate law. Chapter 9 of the Act deals with offenses relating to computers, the main highlights of which are as follows: • Pirating or destroying any computer system intentionally without authority carries imprisonment for three years, or a fine of two hundred thousand rupees, or both. • Accessing any computer system without authority results in imprisonment for three years, or a fine of two hundred thousand rupees, or both. • Intentional damage to or deleting data from a computer system carries imprisonment for three years, or a fine of two hundred thousand rupees, or both. • Publication of illegal material in electronic form carries imprisonment for 5 years, or a fine of one hundred thousand rupees, or both. • Commission of a computer fraud carries imprisonment for two years, or a fine of one hundred thousand rupees, or both. 2.The Children’s Act, 1992 The aim of this Act is to protect and uphold the rights of children. It also prohibits child pornography. Section 16(2) of the Act prohibits individuals from capturing any immoral picture of a child. Section 16(3) of the Act prohibits the publication and distribution of any such photographs of children. 3.The Copyright Act, 2002 This act protects the copyright of ideas, including a computer program. It prohibits people from copying and modifying the original work of others and using it for their own advantage or economic benefits. 4.The Individual Privacy Act, 2018 This act is the first legislation in Nepal to protect the right to privacy of its people and define personal information. It protects the privacy of the body, family life, residence, property, and communication. It puts the responsibility on public entities to protect the personal data of individuals. They cannot transfer such data to anyone without the consent of the owner. The Act prescribes a general punishment for violation of privacy as three years of imprisonment, or a fine of NPR 30,000, or both. Security Policy: Formal set of rules for information system access and protection. Defines authorized actions, roles, and data security responsibilities. Assures compliance, reduces risks, and safeguards sensitive information. Guides threat response and incident handling procedures effectively. Continuously updated to adapt to evolving technology and personnel needs. Need of Security Policy: Consistency and Efficiency: Security policies provide standardized rules, enhancing operational efficiency and minimizing inconsistencies. Accountability and Discipline: These policies foster a culture of responsibility, holding personnel accountable for maintaining security measures. Risk Mitigation: Security policies help identify and counter potential threats, reducing the organization's exposure to security breaches. Legal and Regulatory Compliance: By adhering to security policies, companies ensure alignment with industry regulations and legal requirements. Awareness and Training: Security policies raise employee awareness and knowledge about cybersecurity practices, promoting a stronger security posture. Cybersecurity Policies: Virus and Spyware Protection: Detect, remove, and repair viruses using signatures and behavior analysis. Firewall Policy: Block unauthorized access, detect attacks, and manage network traffic. Intrusion Prevention: Automatically detect and block network and browser attacks, protecting applications. LiveUpdate Policy: Manage content updates, defining download schedules and sources. Application and Device Control: Protect resources, manage peripheral devices, and control application behavior. Exceptions Policy: Exclude certain applications from virus and spyware scans. Host Integrity Policy: Enforce security on client computers, ensuring compliance with company policies. What is cyber risk management? Cyber risk management is the process of identifying, analysing, evaluating and addressing your organisation’s cyber security threats. The first part of any cyber risk management programme is a cyber risk assessment. This will give you a snapshot of the threats that might compromise your organisation’s cyber security and how severe they are. Based on your organisation’s risk appetite, your cyber risk management programme then determines how to prioritise and respond to those risks. Cyber risk management involves: Identification: Recognizing potential cyber threats and vulnerabilities in an organization's systems and processes. Identifying weak points that could be exploited by cyber attackers. Assessment: Evaluating the likelihood and potential impact of identified risks on business operations and data. Quantifying potential damage and financial loss resulting from successful cyber attacks. Mitigation: Implementing security measures to minimize vulnerabilities and enhance the organization's security posture. Strengthening defenses against cyber threats through strategies such as regular updates and employee training. Monitoring: Regularly tracking and analyzing the evolving threat landscape to stay updated on new risks. Adapting cyber risk management strategies based on the changing nature of cyber threats. Response: Developing comprehensive plans to quickly address and recover from cyber incidents. Reducing the impact of cyber attacks by having well-defined procedures and coordination. The information security process involves: Planning: Developing a strategy and framework for safeguarding sensitive data and systems. Identifying risks, potential threats, and vulnerabilities that could compromise security. Implementation: Putting security measures in place based on the identified risks and strategies. Deploying technologies, policies, and procedures to protect information assets. Monitoring: Continuously observing and assessing the security landscape for any signs of potential breaches. Using tools and techniques to detect anomalies or unauthorized access. Response: Creating incident response plans to address security breaches or incidents. Taking swift action to mitigate the impact of security breaches and recover normal operations. Review and Improvement: Regularly evaluating the effectiveness of security measures and processes. Identifying areas for enhancement, updating policies, and adapting to new threats. information security best practices: Consider Biometric Security:Implement biometric authentication methods like fingerprint or facial recognition. Enhance security by relying on unique physical traits for user identification. Reduce the risk of password-related breaches with biometric verification. Form a Hierarchical Cybersecurity Policy: Develop a comprehensive cybersecurity policy tailored to your organization's needs. Define roles and responsibilities for different teams to ensure coordinated security efforts. Establish clear guidelines for incident response and communication during security breaches. Employ a Risk-Based Approach to Security: Prioritize security measures based on identified risks and potential impact. Allocate resources to address vulnerabilities that pose the greatest threat. Continuously assess and adapt security strategies in response to evolving risks. Back Up Your Data: Regularly back up critical data to prevent loss due to cyber incidents. Store backups in secure and separate locations to ensure recovery options. Test data restoration procedures to ensure the integrity of backups. Manage IoT Security: Implement strong security measures for Internet of Things (IoT) devices. Regularly update firmware and software to address vulnerabilities. Segregate IoT devices from critical networks to limit potential impact. Use Multi-Factor Authentication: Require multiple forms of verification for accessing systems and accounts. Combine passwords with additional factors like SMS codes or biometrics. Enhance authentication security, reducing the risk of unauthorized access. Handle Passwords Securely: Encourage strong password creation with complexity and length requirements. Enforce regular password updates and discourage password sharing. Store passwords securely using hashing and salting techniques. Use the Principle of Least Privilege: Limit user access rights to only necessary resources for their roles. Reduce the potential impact of breaches by minimizing access to sensitive data.Control user permissions and monitor access activities. Keep an Eye on Privileged Users: Monitor and audit activities of users with elevated privileges. Detect unusual behavior that may indicate insider threats or misuse of access. Implement additional controls for privileged accounts. Monitor Third-Party Access to Your Data: Regularly assess and audit third-party vendors' security practices. Implement contractual agreements that ensure vendors meet your security standards. Monitor vendor access and data interactions for potential risks. Be Wary of Phishing: Educate employees to recognize phishing attempts and suspicious emails. Implement email filtering and security measures to prevent phishing attacks. Conduct simulated phishing exercises to enhance employee awareness. Raise Employee Awareness: Provide ongoing cybersecurity training to all employees. Foster a culture of security awareness and reporting suspicious incidents. Empower employees to play an active role in maintaining information security. WHAT IS COMPUTER FORENSICS? Definition: Computer forensics involves systematically examining computer media for evidence, including hard disks and tapes. Process: It encompasses collection, preservation, analysis, and presentation of computer-related evidence. Aliases: Also known as electronic discovery, digital discovery, data recovery, and computer examination. USE OF COMPUTER FORENSICS IN LAW ENFORCEMENT Data Recovery: Recovers deleted files, graphics, and documents from computer media. Unallocated Space: Searches hidden data-rich areas on hard drives for valuable evidence. Artifact Tracing: Identifies operating system artifacts, aiding in evidence discovery. Expert Evaluation: Forensic experts assess the value of recovered data and artifacts. Hidden File Processing: Reconstructs and analyzes hidden files for past usage information. String-Search for E-mail: Searches for e-mails even when an e- mail client isn't obvious. BENEFITS OF PROFESSIONAL FORENSIC METHODOLOGY Evidence Integrity: Ensures evidence is not damaged, destroyed, or compromised during investigation. Virus Prevention: Guards against introducing viruses during the analysis process. Evidence Protection: Handles and safeguards extracted evidence from potential damage. Chain of Custody: Establishes and maintains a traceable record of evidence handling. Minimal Impact: Minimizes disruption to business operations during the forensic examination. Confidentiality: Ethically and legally respects any sensitive information acquired during exploration. steps taken by computer forensics specialists Evidence Identification: Specialists identify potential sources of digital evidence, such as devices, storage media, and network logs. Evidence Collection: Forensics experts gather and preserve evidence using specialized tools to ensure data integrity. Evidence Analysis: They meticulously examine collected data, searching for hidden information, artifacts, and traces of unauthorized activity. Data Recovery: Specialists use advanced techniques to recover deleted or damaged files and piece together fragmented data. Forensic Reporting: They create comprehensive reports detailing findings, methodologies, and the significance of discovered evidence. Expert Testimony: Forensics specialists provide expert testimony in legal proceedings, explaining their findings and methodologies to support investigations and court cases. TYPES OF LAW ENFORCEMENT COMPUTER FORENSIC TECHNOLOGY ::::Digital Evidence Collection Tools: Specialized hardware and software tools used to acquire data from various devices, ensuring its integrity and admissibility in legal proceedings. Forensic Imaging Software: Software that creates bit-by-bit copies (forensic images) of digital storage media, preserving original data for analysis and preventing contamination. Network Forensics Tools: Software and appliances used to monitor and analyze network traffic, identifying potential security breaches, unauthorized access, and data exfiltration. Mobile Device Forensics Tools: Software designed to extract and analyze data from smartphones, tablets, and other mobile devices, uncovering evidence related to communications, location, and more. Memory Forensics Tools: Tools that allow specialists to analyze a computer's volatile memory, uncovering running processes, open files, and potentially malicious activities. Data Recovery Software: Software used to recover deleted or lost data from storage devices, helping investigators retrieve critical information even when it has been intentionally erased. Evidence Collection and Data Seizure: Collecting evidence is vital for future prevention and holding attackers accountable. Different types of evidence include real evidence, testimonial evidence, and hearsay. Rules of evidence include admissibility, authenticity, completeness, reliability, and believability. Types of Evidence: 1. Real Evidence: Self-sufficient: Stands on its own, independent of other evidence. Electronic example: Uncontaminated audit logs that directly reflect events. 2. Testimonial Evidence: Witness-based: Provided by reliable individuals. Strength: Can hold significant weight if witness credibility is established. 3. Hearsay: Indirect source: Evidence from a non-direct witness. Court admissibility: Generally not accepted in court due to potential lack of reliability. 4. Documentary Evidence: Written records: Documents, contracts, emails, etc. Establishing facts: Helps establish facts or events through recorded communication. The Rules of Evidence: Admissible: Evidence should be usable in court proceedings. Authentic: Evidence must relate directly to the incident. Complete: Collect comprehensive evidence to present all perspectives. Reliable: Ensure collection methods maintain evidence credibility. Believable: Present evidence in a clear, understandable manner for a jury. Methods of Collection: 1. Freezing the Scene: Snapshot compromised system: Capture the system's state at the time of compromise. Data collection: Gather essential data onto removable media in a standard format. Data integrity: Maintain data authenticity through cryptographic message digests and verification. 2. Honeypotting: Replica system: Create a duplicate system to attract and monitor attackers. Misleading information: Insert deceptive data to gauge attacker's reaction and motives. Motive identification: Analyze attacker's behavior within the replica environment. Collection Steps: Use a checklist to find and collect evidence systematically. Identify relevant data within the evidence for the case. Establish an order of volatility to prioritize evidence preservation. Prevent external changes to the original data during collection. Use appropriate tools to collect evidence and document procedures. Computer Evidence Processing Steps: Shut down the computer swiftly and document its hardware configuration. Transport the system to a secure location to prevent compromise. Create bit stream backups of storage devices for evidence processing. Mathematically authenticate data on storage devices for integrity. Document the system date and time settings for accurate timestamps. Compile a list of key search words for efficient automated searching. Evidentiary Reporting Summary: Timely Reporting: Report all incidents promptly to management to preserve evidence. Internal Reporting: Swift internal reporting is crucial to gather and protect potential evidence. Limited Access: Limit access to investigation details to minimize the risk of leaks. Need-to-Know Basis: Share information on a need-to-know basis to maintain confidentiality. Out-of-Band Communications: Use separate, secure channels for incident-related communication. Avoid Compromised Systems: Refrain from discussing investigations via compromised email systems. Notification Considerations: Depending on the type of crime and organization, notify executive management, infosec, physical security, internal audit, and legal departments. Incident Response Definition: NIST Definition: National Institute of Standards and Technology defines incident response as mitigating security policy violations. SANS Institute: SANS defines incident handling as an action plan for dealing with security incidents. Incident Response Life Cycle: Preparation Phase: Establish necessary tools, resources, and training for incident response. Identify risks, develop policies, and collaborate with outsourced IT. Train the incident response team and ensure communication procedures. Set up the infrastructure, including asset management and investigative tools. Detection and Analysis Phase: Accurately detect and assess incidents to identify potential threats. Analyze the nature and scope of the incident to understand its impact. Determine the cause, scope, and severity of the incident for appropriate response. Containment, Eradication, and Recovery Phase: Contain the incident to prevent further spread across the network. Eradicate the threat by completely removing it from affected systems. Execute recovery procedures to restore systems to normal functionality. Post-Event Activity Phase: Analyze the incident and response efforts to identify areas of improvement. Implement measures to prevent similar incidents in the future. Learn from the incident to enhance future incident response strategies. Continuously refine and update incident response procedures based on lessons learned. Incident Preparation involves: Identifying risks and vulnerabilities for proactive security measures. Creating robust security policies for effective incident response planning. Training the response team to handle various cyber threats effectively. Allocating resources and tools necessary for rapid response actions. Ensuring the infrastructure is ready for thorough incident analysis. Collaborating with outsourced IT partners to enhance response capabilities. Incident Detection and Analysis includes: Accurate identification of security breaches and potential threats. Analyzing incident details to understand the extent of the compromise. Determining the impact on systems, data, and operations. Investigating the attack vector and identifying the attacker's tactics. Collecting evidence for further action and response planning. Collaborating with experts to assess the threat's severity and scope. Containment, Eradication, and Recovery involve: Swift containment to prevent further spread of the incident. Eradicating threats completely from systems and networks. Recovering affected systems to restore normal operations efficiently. Implementing security measures to prevent similar incidents in the future. Regularly assessing the effectiveness of the recovery process. Collaborating with IT teams to ensure seamless restoration and security enhancement. Proactive and Post-Incident Cyber Services encompass: Identifying vulnerabilities before threats occur for enhanced security. Establishing a baseline cybersecurity level with necessary processes and tools. Automating threat reporting and incident response for real-time actions. Addressing regulatory concerns and data protection to avoid penalties. Recognizing the growing value of digital assets for stronger defenses. Balancing proactive strategies with reactive incident handling for comprehensive security. CYBER LAW AND ETHICS 1. Cyber law refers to all the legal and regulatory aspects of Internet and World Wide Web. It is important because for the following reasons: i. It is required to overcome the cybercrime in the internet. ii. It is important for the eradication of the illegal activities done in the internet. iii. It touches all the aspects of transactions and activities on and concerning the internet and Cyberspace. 2. The provisions provided by the Cyber Law 2061 B.S. are as follows: i. It has a strong provision for punishment against cyber-crimes. The cyber-criminal can be fined up to Rs. 5, 00,000 or liable to imprisonment of up to five years or both. ii. The act has provision for office of the controllers that issue license of certification to the IT facilities. 3. Digital Signature is the mathematical scheme for demonstrating the authenticity of a digital message or document. It is important in e commerce because it provides a legal framework to facilitate and safeguard electronic transactions in electric medium. 4. Computer ethics is the branch of practical principles that deals with how the computer experts should make decisions in regard to the social and professional behavior. It is a set of moral principles that regulates the use of computers. 5. The cyber law that enforces the discipline of usage of computer, world-wide is called the International Cyber Law. The International Cyber Law is illustrated below: i. Freedom of Information Act 1970: This act states that, each individual has the rights to view each information provided by the state. ii. Video Privacy Act 1988: This act states that the individual record cannot be viewed by any other without the permission of the court. iii. Fair credit reporting Act 1970: This act ensures that each individual can view rights to view their credit information in free of cost basis. iv. Federal Privacy Act 1974: This act states enforces the concept that a state can view any record if it is needed. 6. Formation of an efficient information technology will place country's disadvantages as the result of its geographical conditions towards the minority. There remains the prominent economic disparity between the countries with and without sufficient development. So, it is very much possible that the international community will extend its support to developing countries for the development of information technology. Such assistance will definitely be significant for the national development of a developing country like Nepal. Hence, Information Technology (IT) policy is essential for the development of information technology. Development of IT in turn will upgrade the standard of the national economy. 7.Objectives i. To make information technology accessible to the general public and increase employment through this means. ii. To build a knowledge through this means. iii. To establish knowledge-based industries. Strategies i. Legalize and promote e-commerce. ii. Assists in e-governance by using information technology. iii. Include computer education in curriculum from the school level. Action Plan i. Infrastructure Development ii. Promotion Of E-Commerce iii. Human Resource Development. 8. Computer ethics is the branch of practical principles that deals with how the computer experts should make decisions in regard to the social and professional behavior. It is a set of moral principles that regulates the use of computers. The computer ethics are as follows: i. One should not interfere with other computer's work. ii. One should not provide fake information. iii. One should not use the computer to steal. iv. One should not copy or use proprietary software for which they have not paid. v. One should not create a virus and use it. 9. Cyber Law was implemented in Nepal in 2061 B.S. It was implemented to stop cyber-crimes, hacking, piracy, harassments etc. 10. The points of ethics to be followed by the computer users are as follows: i. Hacking: Computer hacking is the transferring illegal items through the internet (such as encryption technology) that is banned in some locations. It is the activity of breaking into a computer system to gain an unauthorized access. Privacy: Privacy safeguards personal information from unauthorized access or use. Infringement on privacy can lead to cyber-crime if data is misused. Privacy involves controlling personal information's exposure to unauthorized parties. It includes aspects like secrecy, anonymity, and solitude to protect information. Secrecy refers to safeguarding personalized data from free distribution. Anonymity ensures protection from unwanted attention and identity exposure. Solitude maintains physical distance to uphold privacy. Violation of privacy can lead to cyber-crimes and breaches. iii. Piracy: Piracy involves unauthorized copying or distribution of software or media. Cyber security extends to customs officers and agencies protecting consumers. Piracy involves unauthorized copying or theft of software, intellectual property, or media. Examples include software piracy and copying licensed content without permission. Security personnel, custom officers, and agencies combat piracy to protect creators and consumers. Piracy negatively impacts industries like entertainment, software, and publishing. Measures against piracy include digital rights management and legal actions. Piracy undermines intellectual property rights and fair compensation for creators. iv. Copyright: Copyright grants exclusive rights to copy an original work. Limited duration and specific usage are covered by copyright law. Copyright grants exclusive rights to creators of original works, limiting their use by others. Covers literary, artistic, and creative works like books, music, films, and software. Provides legal protection against unauthorized copying, distribution, and use. Rights are time-limited, encouraging innovation while protecting creators' interests. Copyright infringement can lead to legal action, damages, and loss of revenue. Balances between protecting creators and promoting the exchange of knowledge and culture. Cyber Law Standards (Nepal): i. Facilitates and safeguards electronic transactions and records. ii. Enables electronic filing and efficient government services. iii. Regulates Certifying Authorities under the Controller's oversight. iv. Grants legal status to digital signatures, supporting e-banking. v. Recognizes electronic signatures for global economic activities. Cyber Law Sufficiency (Nepal): Cyber Law 2061 and IT Policy 2002 may not sufficiently cover all electronic data transmissions. Effective implementation and potential law modifications are crucial for combating cyber-crimes. Cyber Law Subjects: I. Intellectual Property protection. II. Jurisdiction considerations. III. Privacy preservation. IV. Combatting Computer Crime. v. Regulation of Digital Signatures. vi. Safeguarding Freedom of Expression. Intellectual Property: Intellectual property (IP) encompasses creations of the mind, including inventions, designs, art, and symbols. Protects creators' rights, encouraging innovation and creativity in various fields. IP can be classified into copyrights, patents, trademarks, and trade secrets. Copyrights protect artistic and literary works, patents safeguard inventions, and trademarks identify products. Trade secrets safeguard confidential business information, contributing to a competitive advantage. IP laws balance protection and dissemination, fostering innovation and cultural development. Types of Intellectual Property: Copyright: Protects original literary, artistic, and creative expressions. Grants exclusive rights to creators for a limited time. Covers works like books, music, software, and artistic creations. Balances the rights of creators with public access to information. Patent: Grants inventors exclusive rights to their inventions for a set period. Encourages innovation by providing legal protection and incentive. Different types include utility, design, and plant patents. Requires public disclosure of the invention's details. Trademark: Protects distinctive signs, symbols, names, or designs identifying products. Ensures consumers can distinguish between different brands. Offers brand recognition and prevents confusion in the marketplace. Must be registered and maintained to retain protection. Trade Secret: Protects confidential business information, not publicly disclosed. Offers competitive advantage by keeping valuable information hidden. Involves maintaining secrecy through contracts and security measures. Does not have a limited duration like patents or copyrights. Professional Ethics in Cybersecurity: Uphold integrity, honesty, and transparency in all actions and decisions. Safeguard client confidentiality and respect agreements regarding data protection. Maintain competence through ongoing skill development and accurate service provision. Address conflicts of interest impartially, prioritizing clients' welfare. Take accountability for decisions, acknowledge mistakes, and correct them responsibly. Adhere to legal and regulatory requirements, abstaining from illicit activities. Requirements of a Professional: Expertise and Knowledge: Possess advanced skills and deep domain knowledge. Blend practical experience with formal education for proficiency. Autonomy and Power Balance: Maintain a power balance in client-service relationships. Professionals hold more influence due to specialized expertise. Adherence to Codes of Conduct: Observe professional, personal, institutional, and community codes. Professional codes guide ethical behavior for both image and individual integrity. Professional Code:Guideline set by the profession, outlining expected behavior. Protects the profession's reputation and members' actions. Personal Morals: Individual moral guidelines influenced by cultural and religious beliefs. Complements and enhances the professional code's values. Institutional Standards: Adhere to the code imposed by employing institutions. Builds public trust and confidence in both the professional and the institution. Community Standards: Abide by local community norms, influenced by religion or culture. Reflects the societal expectations, legal requirements, and regional values. Four Pillars of Professionalism: 1. Commitment: Demonstrating dedication to one's role and responsibilities in the profession. Striving for excellence in cybersecurity practices and continuous self-improvement. Maintaining a strong work ethic and contributing positively to the field. 2. Integrity: Upholding honesty and ethical behavior in all professional interactions. Building trust by adhering to high moral principles and values. Avoiding conflicts of interest and ensuring transparency in decision-making. 3. Responsibility: Acknowledging and fulfilling obligations towards clients, users, and the community. Taking ownership of one's actions and decisions in cybersecurity matters. Promoting security awareness and advocating for responsible digital behavior. 4. Accountability: Being answerable for the outcomes of cybersecurity actions and decisions. Taking responsibility for mistakes or oversights and learning from them. Adhering to professional codes of conduct and legal regulations to maintain credibility. Professional Ethics in Cybersecurity: Integrity and Honesty: Uphold truthfulness, transparency, and sincerity in all activities. Avoid deceptive practices and misrepresentation of information. Client Confidentiality: Safeguard client's sensitive data and proprietary information. Respect confidentiality agreements and legal obligations. Competence and Skill: Maintain proficiency through continuous learning and skill development. Provide accurate, reliable, and effective cybersecurity services. Conflict of Interest: Disclose and manage conflicts to ensure unbiased decision-making. Prioritize clients' interests over personal or external influences. Accountability: Accept responsibility for actions, decisions, and their consequences. Acknowledge mistakes and take appropriate corrective actions. Respect for Law: Adhere to legal frameworks and regulations governing cybersecurity practices. Refrain from engaging in illegal activities or supporting illicit actions. Freedom of Speech in Cyberspace: Embraces online speech and accessing information while raising governance concerns. Variation based on laws, culture, society; sparks debate over control. National vs. international oversight: a dilemma in digital governance. Countries asserting content regulation within their online borders. Cyber sovereignty and autonomy concerns in the digital landscape. Advocates argue for global authority due to internet's boundarylessness. Legal content disparities across nations highlight internet's legal complexities. Struggle to find equilibrium between expression and jurisdictional restrictions. Fair Use in Digital Content: Balances copyright law with limited use for education, criticism, commentary. Subject to interpretation; considers factors like purpose, amount, effect. Enables transformative works, fostering creativity and cultural discourse. Avoids infringing on creators' rights while allowing valuable derivative works. Protects free expression, yet legal battles often arise due to ambiguity. Essential for innovation, research, education, and public interest purposes. Varied interpretations across jurisdictions highlight complex copyright landscape. Continual evolution as technology shapes how content is shared and used. Ethical Hacking and Cybersecurity: Authorized hacking to expose vulnerabilities, enhance security, and prevent breaches. Protects systems by identifying weaknesses and suggesting improvements. Legal, responsible hacking; contrasts with malicious cyberattacks and cybercrime. Required skills include coding, networking, and deep understanding of vulnerabilities. Enhances digital defense through proactive identification and mitigation of risks. Maintains ethical standards; respects privacy and gains explicit permissions. Supports organizations' efforts to safeguard sensitive data and user trust. Rapidly evolving field, vital in an increasingly digitized and interconnected world. Definition of Internet Fraud:the use of a computer or computer system to help execute a scheme or illegal activity and the targeting of a computer with the intent to alter, damage, or disable it. Types of Internet Fraud: 1. Theft of Information: Unauthorized access to secure systems for data theft (trade secrets, copyrighted content). Targets sensitive information; government, trade secrets, copyrighted materials. Includes digital duplication of movies, games, music without permission. 2. Theft of Service: Unauthorized use of web services or internet connections without payment. Involves gaining free access to long- distance systems or services. Often classified as Internet fraud, includes fake online auctions, offering non-existent goods. 3. Denial of Service: Deliberate overload of target's system to disrupt services. "Mailbombing": Flooding email account with excessive messages to disable it. Also used as an extortion tactic, demanding payment to stop the attack. 4. Hacking and Hardware Damage: Unauthorized access to computer hardware, often for malicious intent. Hackers steal passwords, delete data, or create programs to capture sensitive information. Infiltration through posing as repairmen or spreading dangerous computer viruses. 5. Online Sex Crimes: Involves stalking, child pornography, and other illegal activities. Exploits digital platforms for criminal activities related to sexual offenses. PUNISHMENTS FOR COMPUTER OR INTERNET FRAUD A perpetrator of computer or Internet fraud may be found guilty of a felony and face a fine of up to $250,000 and/or up to 20 years in jail. Often, those charged with computer and/or Internet fraud are also charged with wire fraud, mail fraud, conspiracy, identity theft, or other white collar crimes Electronic Evidence: Digital Data: Electronic evidence refers to digital information collected from electronic devices like computers, smartphones, and servers. Admissibility: It must meet legal criteria to be admissible in court, including authenticity, integrity, and relevance. Types: Examples include emails, text messages, computer logs, social media posts, and digital documents. Collection: Proper collection methods ensure preservation and prevent tampering to maintain its credibility. Legal Proceedings: Electronic evidence is used in various legal proceedings, such as criminal cases, civil litigation, and digital forensics investigations. Laws Governing Electronic Evidence: Fourth Amendment Protection: Protects privacy against unreasonable searches and seizures. Searches with a warrant: Police can seize and search with a valid search warrant. Searches without a warrant: Warrantless searches are allowed in specific cases. Statutory Privacy Laws: Electronic Communications Privacy Act (ECPA): Regulates obtaining stored account records from service providers and limits electronic surveillance. The Patriot Act: Expands police power for electronic evidence collection. Use of Electronic Evidence: Crime Elements: Prosecutors use electronic evidence to establish elements of the charged crime. Emails and conversations as evidence in cyberbullying or stalking cases. Browser histories to link research to the crime. Documents for white-collar crime elements. Visual Evidence: Digital photos or videos can serve as evidence, e.g., revenge porn cases. Living Values: Rediscovering and developing human potential for better living. Reflects internal self-worth and recognition of the value of human life. Trains the mind to focus on the positive aspects of individuals. Faith in Dignity and Potential: Reaffirms faith in human dignity and worth. Expands one's potential beyond current limits. Recognizes inherent worth not dictated by external factors. Basic Human Values: Inherent values fundamental to being human. Include truth, honesty, loyalty, love, peace, etc. Promote goodness in individuals and society. Importance of Human Values: Understanding attitudes, behaviors, and motivation. Shapes perception of the world and concepts of right and wrong. Provides insight into individuals and organizations. Five Essential Human Values: Right Conduct: Includes self-help, social, and ethical skills. Embraces values like modesty, good behavior, courage, and efficiency. Peace: Encompasses qualities such as equality, humility, patience, and optimism. Truth: Involves fairness, honesty, quest for knowledge, and determination. Peaceful Co-existence: Combines psychological values like compassion and morality. Social values include brotherhood, equality, and respect for others. Discipline: Involves regulation, direction, and order. Professionalism in Information Technology Professionalism in Information Technology involves adhering to accepted principles, including competence, knowledge, and ethical behavior. It is crucial not only in IT but also in other fields, emphasizing soft skills, certification, and reputation building. Teaching and practicing professionalism and ethics should begin at the secondary school level to instill these values. IT professionalism contributes to organizational reputation, ethical practices, and overall value in various industries. Professionalism's impact extends beyond IT, playing a vital role in fostering ethical behavior and enhancing organizational worth. Code of ethics Professional ethics encompass accepted standards of behavior and values established by organizations to guide members in their roles. These codes ensure consistent ethical principles across professions and are created by experts within the field. The purpose of professional ethics is to promote uniform and sound ethical conduct in various professions. Notable examples include the Hippocratic Oath for medical students, reflecting enduring ethical commitments. Key components of professional ethics include integrity, honesty, transparency, respectfulness, confidentiality, and objectivity. Professional ethics serve as a framework for individuals to uphold while performing their job functions. Let us look at some of the qualities which describe a professional (ACM, 2000) 1. Trustworthiness: Professional trusts himself in whatever he does and trusts other people. 2. Honesty: Professional is honest when working and follows right code of conduct. 3. Punctuality: It is one of the most important aspects of professionalism. 4. Responsibility: Professional is responsible towards his work and handles work effectively. 5. Leadership: Professional has good leadership skills and is a good team player. 6. Confidentiality: Maintains confidentiality of information in an organization. 7. Competency: Professional is technically competent in his field A computing professionalshould... Strive to achieve high quality in both the processes and products of professional work. Maintain high standards of professional competence, conduct, and ethical practice. Know and respect existing rules pertaining to professional work. Accept and provide appropriate professional review. Give comprehensive and thorough evaluations of computersystems and their impacts, including analysis of possible risks. Perform work only in areas of competence. Foster public awareness and understanding of computing, related technologies, and their consequences. Access computing and communication resources only when authorized or when compelled by the public good. Design and implementsystemsthat are robustly and usably secure. Various forms of professional credentialing Credentialing involves granting designations like licenses or certificates to assess an individual's competence in a specific field. Licensure is the strictest form, mandated by governments, allowing individuals to practice a profession after meeting standardized criteria (e.g., Licensed Nurse, Professional Engineer). Certification, a voluntary process by non-governmental bodies, provides time-limited recognition after verifying predetermined criteria (e.g., Certified Project Manager, Certified Association Executive). Registration, the least restrictive type, requires individuals to apply for credentials through governmental or private agencies. These types of credentialing—licensure, certification, and registration—vary in terms of requirements and governmental involvement. Credentialing serves to assure the public of an individual's competence and adherence to standards within a profession or occupation. The role of professionals in public policy involves: Expertise and Analysis: Professionals provide in-depth expertise and analysis on complex issues, offering insights into the potential impacts of policies. Evidence-Based Recommendations: They contribute evidence- based recommendations, guiding policymakers toward effective and informed decisions. Ethical Considerations: Professionals bring ethical considerations to the forefront, ensuring policies align with moral principles and societal values. Stakeholder Engagement: They facilitate engagement with diverse stakeholders, fostering inclusive discussions and incorporating a range of perspectives. Implementation Planning: Professionals assist in planning policy implementation, considering logistical challenges and resource allocation. Continuous Evaluation: They contribute to ongoing policy evaluation, identifying areas for improvement and adaptation based on real-world outcomes. Maintaining awareness of consequences involves: Anticipating Effects: Professionals foresee potential outcomes of decisions, both intended and unintended, to prevent negative repercussions. Assessing Impact: They analyze the short-term and long-term effects of actions, ensuring comprehensive understanding of consequences. Accounting for Stakeholders: Professionals consider how decisions affect various stakeholders, promoting equitable and fair outcomes. Addressing Risks: They identify and address potential risks and challenges associated with choices, aiming to mitigate potential harm. Adapting Strategies: Professionals remain adaptable, ready to modify approaches if consequences deviate from the expected course. Learning from Experience: They learn from past successes and failures, using insights to refine decision-making and anticipate consequences more effectively. Ethical dissent and whistle-blowing ethical dissent is a process, not a single action. Ethical dissent refers to the act of expressing opposition or disagreement with prevailing norms, practices, or decisions on moral grounds, emphasizing ethical principles and promoting critical discourse The IEEE has guidelines for ethical dissent that include: 1. Establish a clear technical foundation 2. Be professional, impersonal, objective. 3. Catch problems early, keep issues at lowest managerial level possible 4. Make sure you think the issue is important enough to make your case 5. Help establish and use organizational dispute resolution mechanisms 6. Keep records Whistleblowing Whistleblowing involves a member or ex-member of an organization revealing internal wrongdoing or threats to the public. It includes going outside normal channels to expose ethical violations knowingly or unknowingly committed. Whistleblowers face the challenge of breaking with their organizational group, potentially destabilizing their own lives. Disclosure can be internal, within the organization's channels, or public, alerting a wider audience. The motivation behind whistleblowing is a concern for ethics and the safety and well-being of both the organization and the public. Conditions justifying whistleblowing: Public Harm: When a policy or product poses significant harm to the public. Stakeholder Safety: Identifying threats to consumers, employees, or stakeholders against personal moral concerns. Exhausted Channels: When internal procedures fail and no action is taken, even escalating to the board of directors. Substantial Evidence: Backed by compelling documented evidence that can withstand legal scrutiny. Change Catalyst: Belief that public disclosure will prompt necessary organizational changes, balancing risk with potential success. Focus Areas: Avoiding divulging confidential data, maintaining professional conduct, refraining from personal motives, and addressing ethical rather than managerial incompetence. Association of International Certified Professional Accountants (AICPA): Represents accountancy profession globally, known for strict educational requirements and ethical standards. AICPA's Code of Professional Conduct emphasizes public interest, requiring state boards to adopt its ethical standards. Six principles guide CPAs, covering safety, competence, truthful communication, fiduciary responsibility, and avoiding deception. National Society of Professional Engineers (NSPE): Founded in 1934, dedicated to non-technical concerns of licensed professional engineers. NSPE's Code of Ethics for engineers includes rules like prioritizing public welfare, competence, honesty, fiduciary responsibility, and avoiding deception. Emphasis on safety, professional competence, truthful communication, fiduciary duty, and avoiding deceptive practices. Institute of Electrical and Electronic Engineers (IEEE): IEEE's Code of Ethics and Code of Conduct ensure respectful, fair, and lawful behavior. Guidelines focus on respecting privacy, fairness, preventing harm, avoiding retaliation, and compliance with laws. IEEE encourages members to treat others fairly, respect privacy, prevent harm, and promote lawful and ethical conduct. Association for Computing Machinery (ACM): Established in 1947, ACM focuses on computing and ethical conduct. ACM's Code of Ethics emphasizes contributing to society, avoiding harm, honesty, fairness, respecting intellectual property, and ensuring privacy. Professional responsibilities include striving for quality, acquiring competence, adhering to laws, giving comprehensive evaluations, and authorized resource usage. Dealing with Harassment and Discrimination: Harassment: Harassment involves creating a hostile, offensive, or intimidating environment based on attributes like race, religion, gender, age, etc. It is a form of discrimination that negatively impacts individuals and organizations. Signs include unhappiness, anxiety, stress, and lifestyle changes in affected individuals. Awareness is crucial to identify and address harassment. Discrimination: Discrimination involves decisions negatively affecting individuals due to attributes like race, religion, gender, etc. It can be difficult to detect, but decisions based on discriminatory factors signify discrimination. Both harassment and discrimination are serious human rights violations. Prevention and Steps to Address: Awareness and Education: Recognize signs of harassment and discrimination such as changes in behavior, stress, or discomfort. Policy Framework: Organizations should have clear, written policies outlining procedures for handling harassment and discrimination cases. Complaint Process: Establish a structured process for reporting harassment and discrimination incidents confidentially. Sanctions: Define appropriate consequences for those found guilty of harassment or discrimination, promoting accountability. Redress: Provide mechanisms for affected individuals to seek resolution and remedy for the harm caused. Prevention: Create a culture that values diversity and inclusivity, promoting respect and understanding among all members. Dealing with Harassment and Discrimination in Nepal: Legal Awareness: Educate people about Nepal's anti-harassment and anti-discrimination laws to ensure their rights and protections. Education and Sensitization: Conduct workshops and training sessions to raise awareness about recognizing, reporting, and addressing harassment and discrimination. Reporting Channels: Establish confidential and accessible reporting channels for incidents, fostering open dialogue and protecting whistleblowers. Policy Implementation: Develop and implement clear policies in workplaces, schools, and public spaces, outlining reporting procedures, investigations, and consequences. Support and Accountability: Offer emotional and legal support for victims, while holding perpetrators accountable through thorough investigations and appropriate sanctions. Public Awareness Campaigns: Launch campaigns to promote public awareness, discourage discriminatory behaviors, and encourage collective efforts against harassment and discrimination. Risk Assessment and Management Summary: Risk Management Process: Risk management estimates risks' impact, measuring assets and vulnerabilities, assessing threats, and monitoring security. Design and Use: Risk management applies to software during design and usage phases, focusing on assessment, planning, implementation, and monitoring. Components of Risk Management: It comprises assessment and control, necessitating risk assessment and control evaluation before project delivery. Assessment Documentation: Documenting hazards and accidents helps identify risks, listing potential dangers, their probabilities, potential losses, and rankings. Control Documentation: Control involves techniques to mitigate high-order risks, their implementation, effectiveness monitoring, and adjusting throughout the design process. Phases of Risk Management: After design, phases involve assessment, planning, implementation, and monitoring, adapting to ongoing changes and new security needs. Calculation of Risk: Risk can be calculated using the equation: Risk = Assets X Threats X Vulnerabilities. Workplace Risks: Workplace systems involve hardware, software, and humanware components, with accidents resulting from their intertwined interactions. The risk associated with workplaces includes commuting, hardware, software, and humanware factors, and effective training can mitigate humanware-related risks. Software Risks: Software risks stem from a range of factors, including human error, software complexity, and misinterpretation of design specifications. These factors contribute to poor software performance and potential failures Human Error: Memory lapses and attentional failures due to oversight or forgetfulness. Rushing to meet deadlines, leading to incomplete testing and overlooked issues. Overconfidence in untested algorithms or approaches. Malicious intent, where malicious code or malware is inserted by individuals. Complacency from previous experience, leading to missing error control measures. Complexity of Software: Software's complexity compared to hardware engineering contributes to risks. Unlike hardware, software can have billions of potential outcomes for the same input sequence. Difficult testing due to the inability to exhaustively test for all possible bugs. Ease of programming encourages untrained individuals to develop software, often without proper error checks. Misunderstood Specifications: Misunderstanding design specifications leads to improper coding, documentation, and testing. Ambiguous specifications result in poorly defined internal structures. Improperly chosen design components affect the overall functionality and performance. Implications of Software Complexity: Dealing with software complexity necessitates strategic testing, skilled professionals, and a focus on user experience and ongoing improvement. Unpredictable Outcomes: Software's intricate nature leads to uncertainty in foreseeing all potential outcomes. Incomplete understanding of scenarios can lead to unexpected errors and issues. Testing Challenges: Comprehensive testing for all complex scenarios becomes impractical. Certain bugs might go undetected, causing problems post-release. Resource Intensiveness: Addressing complex software demands extra time, resources, and expertise. Testing and debugging efforts can extend development timelines and increase costs. Maintenance Complexity: Complex software is harder to maintain and update. Evolving software becomes intricate, making modifications challenging. Quality Assurance Strain: Ensuring software quality becomes tougher due to numerous potential scenarios. Issues might arise in real-world usage despite stable testing results. Skill Requirements: Developing and managing complex software demands advanced skills and training. Proficiency in understanding intricacies is vital for effective management. Safety and Engineers: Primary Responsibility: Engineers hold a primary responsibility for ensuring the safety of products, systems, and structures they design. Risk Assessment: Engineers must conduct thorough risk assessments to identify potential hazards and mitigate associated risks. Adherence to Regulations: Compliance with safety regulations and industry standards is crucial to prevent accidents and ensure public welfare. Continuous Learning: Engineers should stay updated with the latest safety practices and technologies to implement effective safety measures. Ethical Obligations: Engineers have an ethical duty to prioritize safety over other considerations during design, development, and operation. Collaboration and Communication: Effective communication among engineering teams and stakeholders is essential to address safety concerns comprehensively. Balancing Innovation and Safety: Engineers must find a balance between innovation and safety, ensuring that new technologies do not compromise well-established safety protocols. Accountability: Engineers are accountable for the safety outcomes of their designs, requiring accountability for any potential failures. Engineers play a critical role in maintaining public safety by conducting risk assessments, adhering to regulations, and upholding ethical standards throughout the design, development, and operation of products and systems.