Unit 3: Cyber Security

Advanced IT Skills - BBA Semester 2

Table of Contents
1. Introduction to Cyber Security
2. Defining Cyberspace
3. Concept of Cyber Security
4. Issues and Challenges of Cyber Security
5. Classification of Cybercrimes
6. Common Cybercrimes
7. Legal Perspective: IT Act 2000
8. Cybercrime Offences and Penalties
9. Organizations Dealing with Cybercrime in India
10. Summary and Key Takeaways

1. Introduction to Cyber Security

In today's digital era, organizations and individuals are increasingly dependent on technology and
internet connectivity. This growing dependence has led to a parallel increase in cyber threats and
attacks. Cyber security has emerged as a critical field focused on protecting systems, networks, and
programs from digital attacks.

Why Study Cyber Security?

Exponential growth in digital transactions and online interactions
Increasing sophistication of cyber attacks
Rising financial and reputational costs of security breaches
Growing need for professionals who understand cyber security concepts
Regulatory requirements for data protection

As future business professionals, understanding cyber security is essential for making informed
decisions about organizational security, risk management, and compliance with regulations.

Prepared by: Mr. Sharookh, PIET

2. Defining Cyberspace
Cyberspace refers to the virtual environment created by interconnected computers, networks, and
digital infrastructure where online communication takes place and data is exchanged.

Key Definitions of Cyberspace

NIST Definition: "A global domain within the information environment consisting of the
interdependent network of information systems infrastructures."
Legal Definition (USC): "The interdependent network of information technology
infrastructures including the Internet, telecommunications networks, computer systems, and
embedded processors and controllers."
Academic Definition: "A time-dependent set of interconnected information systems and the
human users that interact with these systems."

Characteristics of Cyberspace:
 Global reach:Transcends geographical and political boundaries

 Interconnectedness:Links various networks, devices, and systems

 Time-independence:Allows asynchronous communication and access to information

 Human-machine interaction:Involves both technical systems and human users

 Dynamic nature:Constantly evolving with new technologies and connections

Components of Cyberspace:
Internet infrastructure (routers, servers, data centers)
Telecommunications networks
Computer systems and devices
Software applications and platforms
Data stored, transmitted, or processed digitally
Users and their online interactions

3. Concept of Cyber Security

Cyber security encompasses the technologies, processes, and practices designed to protect
networks, devices, programs, and data from attack, damage, or unauthorized access.

Prepared by: Mr. Sharookh, PIET

 Key Definitions
CISA Definition: "Cybersecurity is the art of protecting networks, devices, and data from
unauthorized access or criminal use."
IBM Definition: "Cybersecurity refers to any technologies, practices and policies for preventing
cyberattacks or mitigating their impact."
NIST Definition: "Measures and controls that ensure confidentiality, integrity, and availability
of the information processed and stored by a computer."

Core Principles of Cyber Security:

Confidentiality

Ensuring that sensitive information is accessed only by authorized individuals and kept private.

Integrity

Maintaining the accuracy, consistency, and trustworthiness of data throughout its lifecycle.

Availability

Ensuring systems and data are accessible to authorized users when needed.

Types of Cyber Security:

Network Security: Protection of network infrastructure from unauthorized access
Application Security: Securing software applications from threats
Information Security: Protecting the integrity and privacy of data
Operational Security: Processes for handling and protecting data assets
End-user Security: Educating users about security practices
Cloud Security: Protecting data stored in cloud environments
IoT Security: Securing Internet of Things devices

4. Issues and Challenges of Cyber Security

Organizations face numerous challenges in maintaining effective cyber security. Understanding
these challenges is essential for developing robust security strategies.

Prepared by: Mr. Sharookh, PIET

Current Challenges:

AI-powered Cyber Attacks

Artificial intelligence is being weaponized to create more sophisticated, targeted, and scalable
attacks that can adapt to defenses.

Growing Attack Surface

The proliferation of IoT devices, cloud services, and remote work has dramatically expanded the
potential entry points for attackers.

Skills Gap

There is a global shortage of cybersecurity professionals, making it difficult for organizations to

build adequate security teams.

Regulatory Complexity

Organizations must navigate an increasingly complex landscape of data protection regulations

across different jurisdictions.

Supply Chain Vulnerabilities

Attacks on supply chain software affect thousands of downstream customers, as seen in the
SolarWinds and Log4j incidents.

Human Error

Despite technological advances, human factors remain a significant vulnerability, with social
engineering exploiting user mistakes.

Emerging Challenges
Quantum Computing Threats: Future quantum computers could break current encryption
methods

Prepared by: Mr. Sharookh, PIET

 5G Security: The expanded connectivity of 5G networks introduces new security
considerations
Deepfakes: AI-generated fake content creates new avenues for fraud and misinformation
IoT Security: Proliferation of insecure IoT devices creates new attack vectors
Cloud Security: Moving data to the cloud creates new security challenges

5. Classification of Cybercrimes
Cybercrimes can be classified in various ways based on targets, methods, perpetrators, and impact.
Understanding these classifications helps in developing appropriate defense strategies.

Classification Based on Targets:

Crimes Against Individuals

Targeting specific persons through harassment, stalking, identity theft, etc.

Crimes Against Property

Targeting computers, networks, or data through hacking, malware, etc.

Crimes Against Government

Targeting government systems or services (cyber terrorism, espionage).

Classification Based on Method:

Computer as a Tool: Using computers to commit traditional crimes (fraud, theft, etc.)
Computer as a Target: Attacking computer systems directly (hacking, DDoS attacks)
Computer as Incidental: Using computers in crimes where they are not the primary target or
tool

Classification Based on Perpetrators:

Individual Hackers: Acting alone for personal gain, recognition, or ideological reasons
Organized Criminal Groups: Operating with financial motivation
State-sponsored Actors: Working on behalf of governments for espionage or sabotage
Hacktivists: Driven by political or social causes
Insiders: Employees or contractors with legitimate access who misuse it
Prepared by: Mr. Sharookh, PIET
Classification Based on Impact:
Financial Impact: Direct monetary losses
Data Impact: Loss, theft, or corruption of data
Operational Impact: Disruption of business operations
Reputational Impact: Damage to brand and customer trust
National Security Impact: Threats to critical infrastructure or government operations

6. Common Cybercrimes
Understanding common cybercrimes helps individuals and organizations recognize threats and
implement appropriate preventive measures.

Hacking
Unauthorized access to computer systems or networks, often to steal data, plant malware, or
disrupt operations.

Types:

White Hat (Ethical)

Black Hat (Criminal)
Grey Hat (Mixed motives)

Prevention:

Strong access controls and authentication

Regular security updates
Network monitoring

Phishing
Fraudulent attempts to obtain sensitive information by disguising as a trustworthy entity in
electronic communication.

Types:

Email phishing
Spear phishing (targeted)
Whaling (targeting executives)
Smishing (SMS phishing)
Vishing (voice phishing)

Prepared by: Mr. Sharookh, PIET

Prevention:

Email filtering
User awareness training
Multi-factor authentication

Malware
Malicious software designed to harm or exploit computers, servers, or networks.

Types:

Viruses: Self-replicating programs that attach to legitimate files

Worms: Self-replicating programs that spread independently
Trojans: Malware disguised as legitimate software
Spyware: Collects information without user consent
Adware: Displays unwanted advertisements
Rootkits: Hides the existence of certain processes or programs

Prevention:

Antivirus/anti-malware software
Regular system updates
Careful downloading practices

Ransomware
Malware that encrypts victims' files and demands payment for decryption.

Impact:

Data loss or exposure

Financial losses from ransom payments
Operational disruption
Reputational damage

Prevention:

Regular data backups

Email filtering
User training
Patch management

Prepared by: Mr. Sharookh, PIET

Financial Frauds
Deceptive practices conducted online to obtain financial gain.

Types:

Credit card fraud

Investment scams
Online auction fraud
Banking fraud
Fake shopping websites

Prevention:

Using secure payment methods

Verifying website legitimacy
Monitoring financial statements
Strong authentication for financial accounts

Social Engineering Attacks

Manipulating people into divulging confidential information or performing actions that
compromise security.

Types:

Pretexting (creating a fabricated scenario)

Baiting (offering something enticing)
Quid pro quo (offering a service in exchange for information)
Tailgating (physically following someone into a secure area)

Prevention:

Security awareness training

Verification procedures
Limiting publicly available information
Creating a security-conscious culture

Important Note
Most successful cyber attacks involve multiple techniques. For example, a phishing email might
deliver ransomware, or social engineering might be used to facilitate unauthorized access.

Prepared by: Mr. Sharookh, PIET

 Understanding the interconnected nature of these attack vectors is crucial for comprehensive
security.

7. Legal Perspective: IT Act 2000

The Information Technology Act, 2000 (amended in 2008) is the primary legislation in India that
deals with cybercrime and electronic commerce.

Background and Evolution:

Enacted in 2000 with significant amendments in 2008
Based on the UNCITRAL Model Law on Electronic Commerce, 1996
First comprehensive legislation in India to address IT and cybercrime issues

Objectives of the IT Act:

Provide legal recognition to electronic transactions
Facilitate electronic filing of documents
Create a legal framework for e-governance
Prevent computer-based crimes
Establish procedures for data protection

Structure of the IT Act:

The Act consists of 13 chapters and 90 sections covering various aspects of electronic governance,
digital signatures, electronic records, and cybercrime offenses.

Important Amendments in 2008

Introduction of new cybercrimes like child pornography and cyber terrorism
Enhanced penalties for various offenses
Introduction of electronic signatures alongside digital signatures
Addition of corporate responsibility provisions
Introduction of provisions for data protection

Key Features:
Legal Recognition of Electronic Records: Electronic records and communications are given
legal validity
Digital Signatures: Framework for authentication of electronic records
Offenses and Penalties: Defines various cybercrimes and prescribes punishments
Regulatory Framework: Establishes authorities to regulate and certify electronic transactions
Intermediary Liability: Defines the responsibilities of service providers
Prepared by: Mr. Sharookh, PIET
 Privacy Protection: Provisions for protecting sensitive personal data

8. Cybercrime Offences and Penalties

The IT Act 2000 (as amended in 2008) defines various cyber offenses and prescribes penalties for
them. Here are the key offenses and their corresponding penalties:

Section Offence Punishment

Tampering with computer source Imprisonment up to 3 years or fine up

65
documents to Rs 2 lakh or both

Imprisonment up to 3 years or fine up

66 Computer related offences
to Rs 5 lakh or both

Dishonestly receiving stolen computer Imprisonment up to 3 years or fine up

66B
resource or communication device to Rs 1 lakh or both

Identity theft (using electronic signature, Imprisonment up to 3 years or fine up

66C
password, etc. of another person) to Rs 1 lakh or both

Cheating by personation using computer Imprisonment up to 3 years or fine up

66D
resource to Rs 1 lakh or both

Violation of privacy (capturing, publishing Imprisonment up to 3 years or fine up

66E
or transmitting private images) to Rs 2 lakh or both

66F Cyber terrorism Life imprisonment

First conviction: Imprisonment up to 3

years and fine up to Rs 5 lakh
Publishing or transmitting obscene material
67 Subsequent conviction: Imprisonment
in electronic form
up to 5 years and fine up to Rs 10
lakh

First conviction: Imprisonment up to 5

Publishing or transmitting material years and fine up to Rs 10 lakh
67A containing sexually explicit act in electronic Subsequent conviction: Imprisonment
form up to 7 years and fine up to Rs 10
lakh

Prepared by: Mr. Sharookh, PIET

 Section Offence Punishment

First conviction: Imprisonment up to 5

years and fine up to Rs 10 lakh
Publishing or transmitting material
67B Subsequent conviction: Imprisonment
depicting children in sexually explicit act
up to 7 years and fine up to Rs 10
lakh

Misrepresentation to Controller or Imprisonment up to 2 years or fine up

71
Certifying Authority to Rs 1 lakh or both

Imprisonment up to 2 years or fine up

72 Breach of confidentiality and privacy
to Rs 1 lakh or both

Disclosure of information in breach of Imprisonment up to 3 years or fine up

72A
lawful contract to Rs 5 lakh or both

Imprisonment up to 2 years or fine up

73 Publishing false digital signature certificate
to Rs 1 lakh or both

Creating/publishing false electronic Imprisonment up to 2 years or fine up

74
signature certificate for fraudulent purpose to Rs 1 lakh or both

Extraterritorial Jurisdiction
Section 75 of the IT Act provides that the Act applies to offenses or contraventions committed
outside India by any person if the act involves a computer, computer system, or network
located in India.

Related Provisions in Other Laws:

Indian Penal Code (IPC): Many cybercrimes can also be prosecuted under traditional IPC
sections
Copyright Act: For software piracy and intellectual property violations
POCSO Act: For offenses related to child sexual abuse material
Banking Regulations: For financial cybercrimes

9. Organizations Dealing with Cybercrime in India

Prepared by: Mr. Sharookh, PIET

Several organizations in India are responsible for preventing, investigating, and prosecuting
cybercrimes. Understanding their roles and functions is important for reporting incidents and
seeking assistance.

Indian Cybercrime Coordination Centre (I4C)

A nodal agency established by the Ministry of Home Affairs to deal with cybercrimes in a
coordinated and comprehensive manner.

Key Functions:

Act as a central point for cybercrime reporting

Coordinate with state/UT law enforcement agencies
Provide technical expertise and resources
Maintain the National Cyber Crime Reporting Portal
Research and development in cybercrime prevention

Cyber Crime Cells

Specialized units within state police departments dedicated to handling cybercrimes.

Key Functions:

Investigate cybercrime complaints

Gather digital evidence
Coordinate with technical experts
File charges against cybercriminals
Provide awareness and training to local communities

CERT-In (Computer Emergency Response Team - India)

The national nodal agency for responding to computer security incidents.

Key Functions:

Collect, analyze, and disseminate information on cyber incidents

Issue alerts and advisories regarding vulnerabilities
Emergency response support for cyber incidents
Technical advice on cyber security
Security quality management services

Prepared by: Mr. Sharookh, PIET

National Critical Information Infrastructure Protection Centre (NCIIPC)
A designated agency to protect critical information infrastructure in India.

Key Functions:

Protect critical information infrastructure

Develop strategies and policies
Conduct research on protection strategies
Coordinate with other agencies
Information sharing and training

National Cyber Security Coordinator (NCSC)

Coordinates cybersecurity activities across different agencies and ministries.

Key Functions:

Coordinate among various agencies

Develop cybersecurity policies
Create standards and frameworks
Advise on national security matters related to cyber

Cyber Security Education Organizations

Several organizations focus on cybersecurity education and awareness.

Examples:

Data Security Council of India (DSCI)

Centre for Development of Advanced Computing (C-DAC)
Information Sharing and Analysis Centres (ISACs)
ISAC Foundation
National Institute of Electronics and Information Technology (NIELIT)

Reporting Cybercrimes
Citizens can report cybercrimes through:

National Cyber Crime Reporting Portal: cybercrime.gov.in

Cyber Crime Helpline: 1930
Local Police Stations: FIR can be filed at any police station
Prepared by: Mr. Sharookh, PIET
 State Cyber Crime Cells: Direct reporting to specialized units

10. Summary and Key Takeaways

Understanding Cyber Security

Cyber security protects systems, networks, and data from digital attacks
Based on CIA triad: Confidentiality, Integrity, Availability
Various types include network, application, information security
Essential for individuals and organizations in the digital age

Cyberspace and Its Components

Virtual environment created by interconnected networks
Includes physical infrastructure, software, data, and users
Transcends geographical boundaries
Dynamic and constantly evolving environment

Cybercrime Classification
Can be classified by target (individuals, property, government)
Also classified by method, perpetrator, and impact
Understanding categories helps in developing defenses
Most attacks combine multiple techniques

Common Cybercrimes
Hacking: Unauthorized access to systems
Phishing: Deceptive attempts to steal sensitive information
Malware: Software designed to harm systems
Ransomware: Encrypts data and demands payment
Financial Frauds: Online scams for monetary gain
Prepared by: Mr. Sharookh, PIET
 Social Engineering: Manipulating people to compromise security

Legal Framework
IT Act 2000 (amended 2008) is the primary legislation in India
Defines various cybercrimes and prescribes penalties
Covers digital signatures, electronic records, intermediary liability
Has extraterritorial jurisdiction for offenses affecting Indian systems

Cyber Security Infrastructure

Multiple organizations handle different aspects of cybersecurity
I4C coordinates national cybercrime response
CERT-In handles emergency responses
State-level cyber cells investigate local crimes
Multiple reporting channels available for citizens

Future Trends in Cyber Security

AI and Machine Learning: Both as tools for defense and vectors for attacks
Zero Trust Security: Moving away from perimeter-based security to verification at every
step
Cloud Security: Evolving approaches for protecting data and applications in the cloud
IoT Security: Addressing vulnerabilities in connected devices
Privacy-enhancing Technologies: Implementing solutions that protect personal data

Best Practices for Personal Cyber Security

Use strong, unique passwords and password managers
Enable multi-factor authentication where possible
Keep software and devices updated
Be cautious of suspicious emails and links
Regularly back up important data
Use reputable security software
Be mindful of privacy settings on social media

Prepared by: Mr. Sharookh, PIET

 Use secure connections (HTTPS, VPN) when necessary

Advanced IT Skills - BBA Semester 2 | Prepared by Mr. Sharookh, PIET

Reference Books: Internet and Web Technologies by Rajaraman V., Digital India: Understanding E-Governance by Vivek
Sood, Advanced IT Skills by Kaushik and Kaushik

Prepared by: Mr. Sharookh, PIET