PART A

1.0 Aims/Benefits of the micro project

Advancements and applications of Computer Engineering and

Information Technology are ever-changing. Emerging trends aim
at creating awareness about major trends that will define
technological disruption in the upcoming years in the field of
Computer Engineering and Information Technology. These are
some emerging areas expected to generate revenue, increase
demand for IT professionals, and open avenues for
entrepreneurship.

2.0 Course outcome addressed.

Detect Network, Operating systems, and application

vulnerabilities.

3.0 Proposed methodology

In this project, we know about the need for cyber security.

4.0 Action Plan

Sr. Detail of activity Plan Plan Name of

No. start finish responsible team
date date members
1 arrange meetings Rutu Patel
with team members

1|Page
2 collect information Parnika More
from the textbook
3 collect information Shafe Ahmed
from the internet
4 arrange all Dhruvraj Wankhede
information in ms
word
5 discuss with the Sofian Khan
project guide
6 print micro project Rutu Patel

5.0 Resources used

Sr. Name of Specifications Quantity

no. resource
material

1 computer windows 11 8GB RAM 1

2 internet Wikipedia/YouTube

3 textbook Emerging Trends In Computer And 1

Information Technology (22618)

2|Page
 PART B
Need of Cyber security

1.0 Brief Description:-

The term cyber security is utilized to refer to the security offered

through online services to guard your online information. Cyber
Security and Information Security differ only in their response
and Reduction/Prevention. Cyber security encompasses all
aspects of security viz., Physical, Technical, Environmental,
Regulations, and Compliance including Third Parties involved in
delivering an objective With an increasing quantity of people
getting connected to the Internet, the security threats that
generate massive harm are growing also.

Why Cyber security Is Important?

Our world today is headed by technology and we can't do

without it at all. From booking our flight tickets to catching up
with an old friend, technology plays a crucial role in it. However,
the same technology may expose you when it's vulnerable and
could lead to the loss of essential data. Cyber security,
alongside physical commercial security, has thus, slowly and
steadily, become one of the most essential topics in the
business industry to be talked about Cyber security is essential
since it aids in securing data from threats such as data theft or
misuse, also safeguards your system from viruses.

3|Page
Cyber security becomes necessary as Businesses are being
carried out now on a Network of Networks. Computer networks
have always been the target of criminals, and it is likely that the
danger of cyber security breaking will only rise in the future as
these networks grow, but there are reasonable precautions that
organizations can take to minimize losses from those who desire
to do harm.

Cyber Security Objectives

Confidentiality

the property that information is not created available or revealed

to unauthorized individuals, entities, or processes Confidentiality
refers to guarding information against being accessed by
unauthorized parties. In other words, only the people who are
authorized to do so can achieve access to sensitive data. A
failure to maintain confidentiality means that someone who
shouldn't have access has managed to get it, through intentional

4|Page
behavior or by accident. Such a failure of confidentiality is
commonly known as a breach.

Integrity

the property of safeguarding the precision and completeness of

assets Integrity refers to assuring the authenticity of information
—that information is not altered, and that the origin of the
information is authentic. Imagine that you have a website and
you sell products on that site. Now imagine that an attacker can
shop on your website and maliciously alter the prices of your
products so that they can buy anything for whatever price they
decide. That would be a failure of integrity because your data, in
this case, the price of a product has been changed and you
didn't authorize this alteration.

Availability

The property of being obtainable and usable upon request by an

authorized entity Availability means that data is accessible by
authorized users. Information and other necessary assets are
accessible to customers and the business when required. Note,
that information is unavailable not only when it is lost or
destroyed, but also when access to the information is rejected or
delayed.

Each day, there is an enlargement in the number of threats

against our nation's critical infrastructures. These hazards come
in the form of computer intrusion (hacking), denial of service

5|Page
attacks, and virus deployment. In India DEITY-Dept., of
Electronics & Information Technology operating under MCIT-
Ministry of Communication & Information Technology is
accountable for Cyberspace security other than delivering Govt.,
services online and promoting the IT Sector. The National
Information Board (NIB) a policy-making body for cyber security
works independently and is chaired by National Security Advisor
(NSA), CERT-In performs emergency cyber security functions
and releases annual reports on security incidents.

Cyberattack

A malicious attempt, using digital technologies, to cause personal

or property loss or damage, and/or steal or alter confidential
personal or organizational data

Major security problems

• Virus
• Hacker
• Malware
• Trojan horses
• Password cracking

6|Page
1. Viruses and worms

• Virus - malware linked to a carrier such as an email message or

a word processing document
• A Virus is a "program that is crowded onto your a computer
without your understanding and runs
against your desires
• Worm - malware can autonomously circulate itself without a
carrier, using information about connected computers.

Solution

• Install a security suite that protects the computer against threats

such as viruses and worms.

2. Hackers

• In common a hacker is an individual who violates computers,

usually by gaining access to administrative controls.

Types of Hackers

7|Page
• White Hat Hacker
• Grey Hat Hacker
• Black Hat Hacker

a. White Hat Hackers

• The term "white hat" in Internet slang refers to an ethical

computer hacker, or a computer security professional, who
specializes in penetration testing and in other testing
methodologies to ensure the security of an organization's
information systems.

b. Grey Hat Hackers

• The term "grey hat", "grey hat" or "gray hat" refers to a computer
hacker or computer security specialist who may sometimes break
laws or typical ethical standards, but does not have the malicious
intent typical of a black hat hacker.

c. Black Hat Hackers

• A black hat hacker (or black-hat hacker) is a hacker who

"violates computer shield for little cause beyond maliciousness or
for personal gain".
8|Page
How To prevent hacking

• It may be impossible to prevent computer hacking, however

influential security controls including strong passwords, and the
use of firewalls can aid.

1. Malware

The word "malware" comes from the term "MALicious softWARE."

Software that has some negative intent and which is installed on a
user's computer without that user's permission. Key loggers -
Software installed on a computer that catches keystrokes and
sends these to a remote system. Accustomed to trying and
getting personal data to achieve access to sites such as banks.
Ransomware- software that operates on a user's computer and
orders that the user pays some other organization. If they don't,
the information on their computer will be ruined. Malware can
usually circulate itself from one computer to another either as a
virus or as a worm.

To Stop Malware

• Download an anti-malware program that also helps stop

infections.
• Do not download from anonymous sources
• Activate Network Threat Protection,
9|Page
2. Trojan Horses

• Trojan horses are email viruses that can reproduce themselves,

steal information, or harm the computer system. These viruses
are the heaviest threats to computers

How to Avoid Trojans

• Security suites, such as Avast Internet Security, will prevent you

from downloading Trojan Horses.
• Do not click unknown links.

3. Password Cracking

• Password attacks are attacks by hackers that are capable to

determine passwords or find passwords to different secure
electronic areas and social network sites.

Securing Password

• Use always a Strong password.

10 | P a g e
•Never use the exact password for two different sites.

Insider attacks

Attacks on an organization are carried out by individual who is

inside that organization either by themselves or with the
connivance of an outsider. Difficult to oppose using technical
processes as the insider may have proper credentials to access
the system.

External attacks

Attacks on an organization carried out by an external agent Need

either accurate credentials or the exploitation of some
vulnerability to gain access to the systems.

Malicious and accidental damage

Cybersecurity is most concerned with Cyberattacks and Cyber

accidents - Accidental events
that can generate loss or damage to a person, business, or public
body. Many of the same technologies utilized to protect against
external attacks also protect against cyber accidents. However,
sometimes protecting against cyber-attacks raises the probability
of cyber accidents.

Latest Trends - Information Security Threats

Hack Hacktivism

11 | P a g e
Hack + Activism = Hacktivism is the usage of legal and/or illegal
digital tools in pursuit of a political/ personal objective

Tools and Attacks are utilized for

 website defacements

Hacking and altering the website of a company's website

 Redirects

 Denial of Service Attacks

Attempt to create a machine or network resource unavailable to

its intended users typically target sites or services hosted on high-
profile web servers such as banks, credit card payment gateways,
and even root nameservers.

 Identity Theft

Stealing someone's identity in which someone pretends to be

someone else by assuming that person's identity

 E-mail Bombing

 Web-Site Mirroring

 Doxing

Process of Gathering and discharging Personally Identifiable

information To gather information using sources on the internet

Key Techniques Used

12 | P a g e
Phishing - attempt to obtain sensitive information, like bank
account information or an account password, by posing as an
honest entity in an electronic communication

You get an email that looks like it comes from your bank, credit
card company, etc. Asking you to "update their records" may be
due to potential scams, or other reasons Provides a hyperlink to a
web page where you enter your personal information The link
takes you to a thief's website that is disguised to look like the
company's.

Most common security mistakes

• Poor password managing

• Not locking the computer while unattended
• Opening email attachments from strange addressees
• Not running anti-virus programs
• Sharing information (and machines)
• Not reporting security violations
• Unattended Paper Documents
• Unprotected Electronic Data (while at rest and in motion). E.g:
Emails, USBs, CDs, etc.
• Improper Information Handling.
• Passing data over the Phone.

Information Security Responsibilities

13 | P a g e
• Employ Information Security teams to support the line of
business, enabling secure solutions for new techniques and
technology
• Work with Information Security teams RISO, RISI to the driveline
of business-specific information security metrics reporting
• Support Regional Information Security teams in mitigating
security threats from Internal Audit report discoveries
• Follow business continuity plans given by the bank, in case of
any disaster/ emergency.
• Report Security Breaches and security incidents
• Stick to Bank's Information Security Policy and guidelines
• Maintain and update the Asset register of your office/dept
• Extend support to RISO during Risk Assessment and Business
Impact Analysis of your office/dept.
• Execute and act in accordance with the organization's
information security policies and procedures
•Protect assets from unauthorized access, disclosure,
modification, destruction, or interference
• Execute defined security processes or activities
•Report security events, potential events, or other security risks by
following approved processes
•Do not use systems or access information without authorization
• Adheres to controls put in place to protect assets.

14 | P a g e
Standards & Regulations

 ISO 27001 (Information Security Management System)

 ISO 22301 (Business Continuity Management System)

 PCI- DSS (Payment Card Industry - Data Security Standard)

 IT Act 2000 & ITAA 2008 (Information Technology Act, India)

 RBI Guidelines (Reserve Bank of India).

15 | P a g e
4.0 Skill Developed / Learning outcomes of this Micro-Project

a.Develop group discussion skills.

b.Communication skills improved.
c. MS WORD skills developed.
d. basic cyber security prevention skills.

16 | P a g e