Professional Documents
Culture Documents
Department of Computer
of Computer Science&
Science & Engineering
Engineering
Regulation-R18
Regulation-R18
A.Y: 2022-23 Sem-I
A.Y: 2022-23 Sem-I
UNIT-I
III Year CSE
Subject: Fundamentals of Cyber Security
(18MC0CS02)
Prepared by
Mr. P. HARI SHANKAR,
Assistant Professor - CSE.
Fundamentals of Cyber
Security
UNIT-I
• Introduction to Cyber Security: Basic Cyber Security Concepts, Motive
of
Attackers, Active Attacks, Passive Attacks, Cyber Crime and
Information Security, Computer Criminals,
• Defamation,
Classification Internet Time Threat,
of Cyber Crimes: Salami
E-mailAttack, Data Diddling,
Spoofing, Spamming,
Web Jacking, Newsgroup Spam, Industrial Espionage, Hacking, Online
Forgery,
Cyber Software Piracy, Computer Sabotage, Email Bombing, Usenet
Frauds,
Newsgroup as The Source Of Cybercrimes, Computer Network
Intrusions, Password Sniffing, Identity Theft,
• Cyber Threats-cyber Warfare, Cia Traid
Classifications of Cybercrimes
Forgery
Cyber terrorism
Web jacking
To deal with this type of crime, a company must implement policies and internal controls.
This may include performing regular audits, using software with built-in features to combat
s u c h problems, and supervising employees.
Mr. P. HARI SHANKAR, ASST. PROF., CSE, GNITC
UNIT Classification Of Cyber Crimes
🠶-IForgery
The act of forging something, especially the unlawful act of counterfeiting a
document or object for the purposes of fraud or deception.
Something that has been forged, especially a document that has been copied
or remade to look like the original.
Counterfeit currency notes, postage, revenue sta m p s , m arks sheets,
etc., can be forged using sophisticated computers, printers and scanners.
Confidentiality
Secure
Integrity Availability
🠶 Integrity
🠶 The ability to ensure that data is an accurate and unchanged representation of the original secure
information.
🠶 One type of security attack is to intercept some important data and make changes to it before sending it on to
the intended receiver.
🠶 Availability
🠶 It is important to ensure that the information concerned is readily accessible to the authorised viewer at
all times.
🠶 S ome types of secu rity attack attem pt to deny access to the appropriate u ser, either for the
sake of
inconveniencing them, or because there is some secondary effect.
Mr. P. HARI SHANKAR, ASST. PROF., CSE, GNITC
UNIT Introduction to Cyber Security
🠶-IComprehensive C yber Security Policy
At country level:
🠶 Policy directives on data security and privacy protection -
Compliance, liabilities and enforcement (ex. Information Technology Act 2000)
🠶 S tandards and guidelines for com pliance (ex: IS O 27001, IS O 20001 & C E RT-In
guidelines)
🠶 Conformity assessment infrastructure (enabling and endorsement actions concerning
security product – I S O 15408, security process – I S O 27001 and security manpower –
C I SA , C I S S P, ISMS-LA, DISA etc.)
🠶 Security incident - early warning and response (National cyber alert system and crisis
management)
• Information sharing and cooperation (M oU s with vendors and overseas C E R Ts
and security forums).
• Pro-active actions to deal with and contain malicious activities on the net by way of net
traffic monitoring, routing and gateway controls
• Lawful interceptions and Law enforcement.
• Nation wide security awareness campaign.
• Security research and development focusing on tools, technology, products and services.
Mr. P. HARI SHANKAR, ASST. PROF., CSE, GNITC
UNIT Introduction to Cyber Security
🠶-IComprehensive C yber Security Policy
🠶 Actions at network level
🠶 Compliance to security best practices (ex. ISO27001), service quality (ISO 20001) and
service level agreements (SLAs) and demonstration.
🠶 Pro-active actions to deal with and contain malicious activities, ensuring quality of services
and protecting average end users by way of net traffic monitoring, routing and gateway
controls
🠶 Keeping pace with changes in security technology and processes to remain current
(configuration, patch and vulnerability management)
🠶 C o nform to legal obligations and cooperate with law
enforcement activities including prompt actions on alert/advisories issued by
CERT-In.
🠶 Use of secure product and services and skilled manpower.
🠶 Crisis management and emergency response.