Gokhale Education Society'S R. H. Sapat College of Enginnering, Management Studies and Research, Nashik-05
Gokhale Education Society'S R. H. Sapat College of Enginnering, Management Studies and Research, Nashik-05
Gokhale Education Society'S R. H. Sapat College of Enginnering, Management Studies and Research, Nashik-05
AUDIT REPORT
ON
Cyber Security
SUBMITTED BY:-
T.E (COMPUTER)
2017 – 2018
1
INDEX
Table of contents:-
Course Objectives:
2
To assess the current security landscape, including the nature of the
threat, the general status of common vulnerabilities, and the likely
consequences of security failures;
To critique and assess the strengths and weaknesses of general cyber
security models, including the CIA triad
To appraise the interrelationships among elements that comprise a
modern security system, including hardware, software, policies, and
people;
To assess how all domains of security interact to achieve effective
system-wide security at the enterprise level.
Course Outcome:
3
Compare the interrelationships among security roles and responsibilities
in a modern
information-driven enterprise—to include interrelationships across
security do mains (IT,
physical, classification, personnel, and so on)
Assess the role of strategy and policy in determining the success of
information security;
Estimate the possible consequences of misaligning enterprise strategy,
security policy, and security plans;
Introduction:
4
The threat of terrorism has posed an immense challenge in the post Cold
War period. Terror attacks in major cities, towns and tourist resorts across the
globe have demonstrated the inadequacy of the State mechanisms to address
this challenge. Serious attempts have been made by Nations to address this
challenge by designing counter terrorism strategies and anti terror mechanisms.
However, most of there are designed in a conventional paradigm, which might
be effective in a conventional terror attack. However, there are limitations when
it comes to a terror attack of an unconventional nature.
Information technology (IT) has exposed the user to a huge data bank of
information regarding everything and anything. However, it has also added a
new dimension to terrorism. Recent reports suggest that the terrorist is also
getting equipped to utilize cyber space to carryout terrorist attacks. The
possibility of such attacks in future cannot be denied. Terrorism related to cyber
is popularly known as 'cyber terrorism'.
In the last couple of decades India has carved a niche for itself in IT.
Most of the Indian banking industry and financial institutions have embraced IT
to its full optimization. Reports suggest that cyber attacks are understandably
directed toward economic and financial institutions. Given the increasing
dependency of the Indian economic and financial institutions on IT, a cyber
attack against them might lead to an irreparable collapse of our economic
structures. And the most frightening thought is the ineffectiveness of reciprocal
arrangements or the absence of alternatives.
5
Fig-1: States the number of increasing Cyber Crimes in India
(g) Recommendations. –
6
a) Definition of Cyber Terrorism:
7
b) Methods of Attacks:
8
Fig-2: Types of Malware
10. Cyber terrorists use certain tools and methods to unleash this new age
terrorism.
These are :
9
(e) E-Mail Related Crime. Usually worms and viruses have to
attach themselves to a host programme to be injected. Certain emails are used as
host by viruses and worms. E-mails are also used for spreading disinformation,
threats and defamatory stuff.
10
Social Engineering Concept:
11
d) Challenges to India's National Security
As brought out earlier India has carried a niche for itself in the IT Sector.
India's reliance on technology also reflects from the fact that India is shifting
gears by entering into facets of e-governance. India has already brought sectors
like income tax, passports" visa under the realm of e -governance. Sectors like
police and judiciary are to follow. The travel sector is also heavily reliant on
this. Most of the Indian banks have gone on full-scale computerization. This has
also brought in concepts of e-commerce and e-banking. The stock markets have
also not remained immune. To create havoc in the country these are lucrative
targets to paralyze the economic and financial institutions. The damage done
can be catastrophic and irreversible.
12
e) Existing Counter Cyber Security Initiatives.
Highlights are :
(d) All organizations to be subject to a third party audit from this panel
once a year.
(b) Setting up India Anti Bot Alliance to raise awareness about the
emerging threats in cyberspace by the Confederation of Indian Industry (CII).
13
(c) Ongoing cooperation between India's Standardization Testing and
Quality Certification (STQC) and the US National Institute of Standards and
Technology (NIST) would be expanded to new areas.
(d) The R&D group will work on the hard problems of cyber security.
Cyber forensics and anti spasm research.
(e) Chalked the way for intensifying bilateral cooperation to control cyber
crime - between the two countries.
14
f) Challenges and Concerns:
(a) Lack of awareness and the culture of cyber security at individual as well as
institutional level.
(c) Too many information security organisations which have become weak due
to 'turf wars' or financial compulsions.
(d) A weak IT Act which has became redundant due to non exploitation and age
old cyber laws.
(e) No e-mail account policy especially for the defence forces, police and the
agency personnel.
(f) Cyber attacks have come not only from terrorists but also from
neighbouring countries inimical to our National interests.
15
Fig-6: Today’s Scenario
16
g) Recommendations:
(c) Cyber security not to be given more lip service and the
organisations dealing with the same should be given all support. No
bureaucratic dominance should be permitted.
(f) Indian agencies working after cyber security should also keep a
close vigil on the developments in the IT sector of our potential
adversaries.
17
Conclusions:
There is a growing nexus between the hacker and the terrorist. The day is
not far - when terrorists themselves will be excellent hackers. That will change
the entire landscape of terrorism. A common vision is required to ensure cyber
security and prevent cyber crimes. The time has come to prioritize cyber
security in India's counter terrorism strategy.
18