Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.

K PATHAK

Jai Kisan Polytechnic Institute

Council for Technical Education and Vocational Training
Dharahari, Rautahat(Nepal)

Cyber Security & Ethics

VI –Semester

Complete Solution of CTEVT

Sarbesh Kumar Pathak

HOD of I.T Department
Jay Kisan Polytechnic Institute, Dharahari,
Rautahat (Nepal
1
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK

Unit 1. Introduction to Cyber Security:

1.1 Concept of Cyber Security
1.2 Cyber Crimes
1.3 Types of Attacks in cyber
1.4 Hacker Techniques
Unit 2. Security Technologies:
2.1 Virtual Private Networks
2.2 Encryption
2.3 Intrusion Detection
2.4 Anti-Malicious Software
2.5 Secure Software & Browser Security
2.6 SSL and IPSec
2.7 Firewalls
Unit 3. Information Security and Cryptography
3.1. Cryptography basics
3.2. Classical Encryption/Decryption Method
3.3. Types of cryptography (RSA, DES and AES)
3.4. Asymmetric Key Cryptography
3.5. Digital Signature
Unit 4. Legal Issues in Cyber Crime
4.1. Legal Issues in Information Security
4.2. Cyber Law in Nepal
4.3. Security Policy
4.4. Managing Risk
4.5. Information Security Process
4.6 Information Security Best Practice
Unit 5. Forensics and Incident Analysis
5.1. Forensic Technologies
5.2. Digital Evidence Collection
5.3. Evidentiary Reporting
5.4. Incident Preparation
5.5. Incident Detection and Analysis
5.6. Containment, Eradication, and Recovery
5.7. Proactive and Post Incident Cyber Services
Unit 6. Ethics in Cyber security & Cyber Law
6.1 Privacy
6.2 Intellectual Property
6.3 Professional Ethics
6.4 Freedom of Speech
6.5 Fair User and Ethical Hacking
6.6 Trademarks
6.7 Internet Fraud
6.8 Electronic Evidence
2
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK
Unit 7. Professional and Ethical Responsibilities:
7.1 Community values and the laws by which we live
7.2 The nature of professionalism in IT
7.3 Various forms of professional credentialing
7.4 The role of the professional in public policy 153
7.5 Maintaining awareness of consequences
7.6 Ethical dissent and whistle-blowing
7.7 Codes of ethics, conduct, and practice (IEEE, ACM, SE, AITP, and so forth)
7.8 Dealing with harassment and discrimination
Unit 8. Risks and Liabilities of Computer-Based Systems:
8.1 Software risks
8.2 Safety and the engineers
8.3 Implications of software complexity
8.4 Risk assessment and management
Unit 6 Application Security
6.1. Types
6.2. Security in cloud
6.3. Mobile application security
6.4. Web application security
Unit 7. Professional and Ethical Responsibilities
7.1. Privacy
7.2. Ethical issues in cyber security
7.3. Ethical challenges for cyber security professionals
7.4. Intellectual Property
7.5. Professional Ethics
7.6. Freedom of Speech
7.7. Fair User and Ethical Hacking
7.8. Trademarks
7.9. Internet Fraud
7.10. Electronic Evidence
7.11. Community values and the laws by which we live
7.12. The nature of professionalism in IT
7.13. Various forms of professional credentialing
7.14. The role of the professional in public policy
7.15. Maintaining awareness of consequences
7.16. Ethical dissent and whistle-blowing
7.17. Codes of ethics, conduct, and practice (IEEE, ACM, SE, AITP, and so forth)
7.18. Electronic Transaction Act of Nepal
Practical: [30 Hrs.]
1. Installation of Firewall
2. Blocking and unblocking of websites using Firewall
3. Implement different cryptographic algorithm (RSA, DES, AES) 90
4. Implement Access control

3
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK
5. Implement Digital Signature
6. Installation of VPN and use VPN server.
7. Use of cypher text for encryption.

4
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK

Unit 1. Introduction to Cyber Security:

1.1 Concept of Cyber Security

The technique of protecting internet-connected systems such as computers, servers,
mobile devices, electronic systems, networks, and data from malicious attacks is
known as cyber security. We can divide cyber security into two parts one is cyber, and
the other is security. Cyber refers to the technology that includes systems, networks,
programs, and data. And security is concerned with the protection of systems, net-
works, applications, and information. In some cases, it is also called electronic informa-
tion security or information technology security.
Some other definitions of cyber security are:
"Cyber Security is the body of technologies, processes, and practices designed to pro-
tect networks, devices, programs, and data from attack, theft, damage, modification or
unauthorized access."

"Cyber Security is the set of principles and practices designed to protect our computing
resources and online information against threats."
1.2 Cyber Crimes
As the name says, "cyber" means computer and "crime" means something unfair and
illegal, which collectively means a crime executed using computer technologies. It
could be that the computer may be involved in the crime or a target of a big one. This
could harm someone's privacy and finances. It comprises a wide range of crimes such
as cyber fraud, financial scams, cybersex trafficking, ad scams, etc. Many privacy con-
cerns refer to cyber-crime when the privacy is intercepted and disclosed.
1.3 Types of Attacks in cyber
Cyber-attack is an exploitation of computer systems and networks. It uses malicious
code to alter computer code, logic or data and lead to cybercrimes, such as information
and identity theft. We are living in a digital era. Now a day, most of the people use
computer and internet. Due to the dependency on digital things, the illegal computer
activity is growing and changing like any type of crime. Cyber-attacks can be classified
into the following categories:

Web Based Attacks

1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.
Example- SQL Injection, code Injection; log Injection, XML Injection etc.
2. DNS Spoofing

5
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK
DNS spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic to the attackers computer or any other computer. The DNS spoofing attacks can go
on for a long period of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a trust-
worthy entity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large
number of guesses and validates them to obtain actual data like user password and per-
sonal identification number. This attack may be used by criminals to crack encrypted data,
or by security, analysts to test an organization's network security.
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users.
It accomplishes this by flooding the target with traffic or sending it information that trig-
gers a crash. It uses the single system and single internet connection to attack a server. It
can be classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in
bit per second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in re-
quest per second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get
original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.
9. File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which
is available on the web server or to execute malicious files on the web server by making
use of the include functionality.
10. Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client
and server and acts as a bridge between them. Due to this, an attacker will be able to
read, insert and modify the data in the intercepted connection.

System-based attacks
These are the attacks which are intended to compromise a computer or a computer net -
work. Some of the important system-based attacks are as follows-
1. Virus
It is a type of malicious software program that spread throughout the computer files with-
out the knowledge of a user. It is a self-replicating malicious computer program that repli -
cates by inserting copies of itself into other computer programs when executed. It can also
execute instructions that cause harm to the system.

6
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK
2. Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected
computers. It works same as the computer virus. Worms often originate from email attach-
ments that appear to be from trusted senders.
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will
run in the background.
4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting
or other purposes.
5. Bots
A bot (short for "robot") is an automated process that interacts with other network ser-
vices. Some bots program run automatically, while others only execute commands when
they receive specific input. Common examples of bots program are the crawler, chartroom
bots, and malicious bots.

1.4 Hacker Techniques

Hacking is the process of exploiting vulnerabilities to gain unauthorized access to any
computer, smartphone, tablet, or network system. Hackers use advanced computer
and programming skills to exploit and get into the victim’s system without their
knowledge and gain lots of personal information including personal and financial data
with passwords. Not all hackers use their skills to exploit systems or to gain access to
the victim’s system; rather they use their skills to protect confidential information
from being stolen and are called Ethical Hackers or white hat hackers in the hacker’s
community. Some hackers use their knowledge for their greed, revenge, and also just
for fun. Here are some common techniques used by hackers you should know to pro -
tect yourself from being hacked or at-least use some preventive measures.

1. Social engineering is an attempt to get a potential victim — often someone who

works for a targeted organization — to share personal information, usually by imperson-
ating a trusted source. Social engineering bait frequently comes in the form of phishing
emails, where a threat actor sends a message that looks like it’s from someone you
know. This message asks you to do something — like to click and download an infected
attachment — under the guise of being helpful. If an infected file is downloaded, your
computer can be compromised, giving the threat actor access to your computer, and
sometimes, your entire network.

2. Malware-Injecting Devices
Cybercriminals can use hardware to sneak malware onto your computer. For example,
compromised USB sticks can give hackers remote access to your device as soon as they’re
plugged into your computer. All it takes is for one person to give you a malware-ridden USB
stick, and your whole organization could be at risk. Plus, clever hackers are now using
cords — like USB cables and mouse cords — to inject malware.
3. Missing Security Patches

7
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK
Security tools can become outdated as the hacking landscape advances. They require fre-
quent updates to protect against new threats. However, some users ignore update notifica-
tions or security patches, leaving them vulnerable.
4. Cracking Passwords
Hackers can obtain your credentials through a number of means, such as keylogging, in
which undetected software — accidentally downloaded by the victim of a social engineer-
ing attack — can record keystrokes for the threat actor to use at their will. This includes
saving usernames and passwords as they are entered on the infected computer.
5. Distributed Denial-of-Service (DDOS)
This hacking technique is aimed at taking down a website so that a user cannot access it or
deliver their service. Denial-of-Service (DoS) attacks work by hitting the target’s server
with large influxes of traffic. The amount is so frequent and high that it overloads the
server by giving it more requests than it can handle. Ultimately, your server crashes and
your website goes down with it.

8
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK

Unit 2. Security Technologies:

2.1 Virtual Private Networks

VPN stands for Virtual Private Network. It refers to a safe and encrypted network that al -
lows you to use network resources in a remote manner. Using VPN, you can create a safe
connection over a less secure network, e.g. internet. It is a secure network as it is com-
pletely isolated from rest of the internet. The government, businesses, military can use this
network to use network resources securely. VPN is free to use and it uses site-to-site and
remote access methods to work. It uses an arrangement of encryption services to establish
a secure connection. It is an ideal tool for encryption.

2.2 Encryption
Encryption helps us to secure data that we send, receive, and store. It can consist text
messages saved on our cell-phone, logs stored on our fitness watch, and details of
banking sent by your online account. It is the way that can climb readable words so
that the individual who has the secret access code or decryption key can easily read it.
For diplomatic information to help in providing data security.
Types of Encryption
There are various types of encryption, and every encryption type is created as per the
needs of the professionals and keeping the security specifications in mind. The most
common encryption types are as follows.
1. Data Encryption Standard (DES)
The Data Encryption Standard is example of a low-level encryption. In 1977, the U.S.
government set up the standard. DES is largely redundant for securing confidential
data due to advancements in technology and reductions in hardware costs.
2. Triple DES
The Triple DES works 3* times the encryption of DES. It means, it first encrypts the
data, decrypts the data, and again encrypts the data. It improves the original DES stan-
dard, which for sensitive data has been considered too poor a form of encryption.
3. RSA (Remote Access Server)
The RSA holds its name from three computer scientists' ancestral initials. For encryp -
tion, it utilises a powerful and common algorithm. Because of its main length, RSA is
common and thus commonly used for safe data transmission.
2.3 Intrusion Detection
Intrusion Detection System (IDS) is a powerful tool that can help businesses in detect -
ing and prevent unauthorized access to their network. By analyzing network traffic
9
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK
patterns, IDS can identify any suspicious activities and alert the system administrator.
IDS can be a valuable addition to any organization’s security infrastructure, providing
insights and improving network performance.
Benefits of IDS
 Detects malicious activity: IDS can detect any suspicious activities and alert the
system administrator before any significant damage is done.
 Improves network performance: IDS can identify any performance issues on the
network, which can be addressed to improve network performance.
 Compliance requirements: IDS can help in meeting compliance requirements by
monitoring network activity and generating reports.

2.4 Anti-Malicious Software

Antimalware is a type of software program created to protect information technology
(IT) systems and individual computers from malicious software, or malware. Antimal-
ware programs scan a computer system to prevent, detect and remove malware.
2.5 Secure Software & Browser Security
Security software is any type of software that secures and protects a computer, net-
work or any computing-enabled device. It manages access control, provides data pro-
tection, secures the system against viruses and network/Internet based intrusions, and
defends against other system-level security risks. Types of security software include
anti-virus software, firewall software, network security software, Internet security soft-
ware, malware/spamware removal and protection software, cryptographic software,
and more.

Browser Security
Browser security is the application of Internet security to web browsers in order to pro-
tect networked data and computer systems from breaches of privacy or malware. Secu-
rity exploits of browsers often use JavaScript, sometimes with cross-site scripting
(XSS) .
How to keep browser secure
• Keep your browser software up-to-date.
• Review your browser's security settings and preferences.
• If you do not need pop-ups, disable them or install software that will prevent pop-up
windows. Pop-ups can be used to run malicious software on your computer.
• Install an adblocker.
• Install browser add-ons, plug-ins, toolbars, and extensions sparingly and with care.
• Private Web Browsing.
• Use VPN

2.6 SSL and IPSec

SSL
SSL is a networking protocol that is used at the transport layer to provide a secure
connection between the client and the server over the internet. It is a transparent
protocol that requires little interaction from the end-user when establishing a secure
10
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK
session. SSL Tunneling involves a client that requires an SSL connection to a backend
service or secure server via a proxy server. For Example, For securing the communi -
cation between a web browser and a web server, the SSL is used.
IPSec Protocol is an Internet Engineering Task Force standard suite of protocols be-
tween two communication points. It can also be defined as encrypted, decrypted, and
authenticated packets. It generally uses cryptographic security services to protect
communications. It can be seen that network-level peer and data origin authentica -
tion, data integrity, data encryption, and protection are supported by IPsec. For Exam -
ple, IPSec can be used in between two routers in order to create a site-to-site VPN and
between a firewall and windows host for a remote access VPN.
2.7 Firewalls
A Firewall is a network security device that monitors and filters incoming and outgoing
network traffic based on an organization’s previously established security policies. At its
most basic, a firewall is essentially the barrier that sits between a private internal net-
work and the public Internet. A firewall’s main purpose is to allow non-threatening traffic
in and to keep dangerous traffic out.

11
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK
Unit 3. Information Security and Cryptography
3.1. Cryptography basics
Cryptography is the process of hiding or coding information so that only the person a mes-
sage was intended for can read it. The art of cryptography has been used to code mes-
sages for thousands of years and continues to be used in bank cards, computer passwords,
and ecommerce. Modern cryptography techniques include algorithms and ciphers that en-
able the encryption and decryption of information, such as 128-bit and 256-bit encryption
keys. Modern ciphers, such as the Advanced Encryption Standard (AES), are considered vir-
tually unbreakable.
3.2. Classical Encryption/Decryption Method
Classical cryptography is based on the mathematics and it relies on the computational
difficulty of factorizing large number. Encryption is the process of converting normal mes-
sage (plaintext) into meaningless message (Cipher text). Whereas Decryption is the
process of converting meaningless message (Cipher text) into its original form (Plaintext).
The major distinction between secret writing associated secret writing is that the conver-
sion of a message into an unintelligible kind that’s undecipherable unless decrypted.
Whereas secret writing is that the recovery of the first message from the encrypted infor-
mation.
Difference between Encryption and Decryption
Parameter Encryption Decryption
Definition The process of converting plaintext into ci- The process of converting ciphertext back
phertext using an algorithm and a key. into plaintext using a decryption algorithm
and a key.
Purpose To protect data confidentiality and prevent To revert encrypted data back to its original
unauthorized access. form for authorized access and understand-
ing.
Input Plaintext (original data) and encryption key. Ciphertext (encrypted data) and decryption
key.
Output Ciphertext (encrypted data). Plaintext (original data).
Key A key is used during encryption to transform A key is used during decryption to reverse the
plaintext into ciphertext. It is known only to encryption process and retrieve the original
the sender and authorized recipients. plaintext. It should match the encryption key
used.
Security Encryption provides data confidentiality by Decryption allows authorized users to access
making the encrypted data unreadable with- and understand the encrypted data by using
out the proper decryption key. the correct decryption key.
Communica- Encryption is typically used during data Decryption is used at the receiving end to re-
tion transmission to secure sensitive information cover the original data and make it usable.
from interception and unauthorized access.
Examples HTTPS communication, encrypting files, se- Decrypting received emails, accessing en-
cure messaging apps, etc. crypted databases, decrypting encrypted
files, etc.

3.3. Types of cryptography (RSA, DES and AES)

12
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK

Rivest-Shamir-Adleman (RSA)
The RSA algorithm (Rivest-Shamir-Adleman) is the basis of a cryptosystem a suite of cryp-
tographic algorithms that are used for specific security services or purposes which enables
public key encryption and is widely used to secure sensitive data, particularly when it is be-
ing sent over an insecure network such as the internet.
RSA was first publicly described in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman of
the Massachusetts Institute of Technology, though the 1973 creation of a public key algo-
rithm by British mathematician Clifford Cocks was kept classified by the U.K.
What is DES?
It stands for Data Encryption Standard, developed in 1977. It is a multi-round cipher that
divides the full text into 2 parts and then work on each part individually. It includes vari -
ous functionality such as Expansion, Permutation, and Substitution, XOR operation with a
round key.
What is AES?
It stands for Advanced Encryption Standard, developed in 2001. As triple-DES was found
to be slow, AES was created and is six times faster than the triple DES. It is one of the
most widely used symmetric block cipher algorithm used nowadays. It works on bytes
rather than bits.
3.4. Asymmetric Key Cryptography
Asymmetric encryption, also known as public-key cryptography, is a type of encryption
that uses a pair of keys to encrypt and decrypt data. The pair of keys includes a public key,
which can be shared with anyone, and a private key, which is kept secret by the owner. In
asymmetric encryption, the sender uses the recipient’s public key to encrypt the data. The
recipient then uses their private key to decrypt the data. This approach allows for secure
communication between two parties without the need for both parties to have the same
secret key.

3.5. Digital Signature

A digital signature is a virtual stamp that proves who sent a digital message or file and that
it hasn’t been tampered with. It works like a lock and key: the sender uses a secret key to
create the signature, which is a unique code for that message. Others can use the sender’s
public key to unlock and check the signature. If the code matches, it means the message is
authentic and hasn’t been changed. This is crucial for online security and trust because it
ensures that information comes from the right source and hasn’t been altered after sign-
ing.

13
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK
Unit 4. Legal Issues in Cyber Crime

4.1. Legal Issues in Information Security

There are many legal issues with regard to information security.
1. Breaking into computer is against the law, most of the time.
2. Civil issues of liability and privacy.
3. Risks with regard to employees and other organizations on the network if internal security is lax.
4. Violations of new laws that address banking customers and medical privacy.
Issues of copyright and trademarks:
• Internet Copyright and trademark violation fall under intellectual property law.
• Intellectual property includes software, music, videos, books, trademarks, copyright
and web pages.
• Copyright is ownership of an original work created by the author.
• Trademark represents a symbol or picture that identifies the product or service is in-
tellectual property.
Issue of jurisdiction:
• Jurisdiction is the official power to make legal decisions and judgements.
• The internet is beyond geographic borders, there are no laws or border on the inter-
net.
• Different countries have a different legal system, criminal laws and consumer pro-
tection laws which makes e-commerce business difficult to run business over the in-
ternet.
4.2. Cyber Law in Nepal
Cyber law is the part of the overall legal system that deals with the Internet, cy -
berspace, and their respective legal issues. Cyber law covers a fairly broad area, en-
compassing several subtopics including freedom of expression, access to and usage of
the Internet, and online privacy. Generically, cyber law is referred to as the Law of the
Internet. The first cyber law was the Computer Fraud and Abuse Act, enacted in 1986.
Known as CFAA, this law prohibits unauthorized access to computers and includes detail
about the levels of punishment for breaking that law.
Provision of Cyber law in Nepal
 It has strong provision for the punishment against cyber-crime.
 It provides legal status to digital signature and electronics record which is term are
used in electronics. Banking, shopping and e-commerce.
 It provides law for formation of judicial system that operates only for crime related to
computer (internet and cyber space).
Important Statistics
There are a total of 10.21 million people in Nepal who used the internet in 2020. The num-
ber of users increased by 315,000 between 2019 and 2020. Around 10 million people in
Nepal use social media. It appears that the country’s citizens have been reluctant to re-
port cyber crime, with only 53 cases being registered in 2017. However, 2018 saw a sharp
rise in the number of cases to 132. In 2018 and 2019, a total of 180 cases were regis -
tered. Out of these 180, 125 cases were from the capital city, Kathmandu and the rest
from others.
Internet law and regulations
14
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK
 Telecommunication laws
 Software laws
 International laws
 Criminal law
 Intellectual property law etc.
And puts them into the context of computers. Generically, cyber law is referred to as
the Law of the Internet.
 Nepal’s Cyber world is ruled by the Electronic Transaction Act (ETA) 2063 that pro-
tects users online against cybercrimes.
 The Act is dived into 12 sections and 80 clauses. This law keeps an eye on issues
which are related to computer networks and cybercrime.
 It brings cyber criminals under the justice of law and penalizes them just like other
crimes. As per the Act, if anyone is found violating cybercrime, he/she will be pun-
ished for a minimum of 6 months to a maximum of 3 years in jail and has to pay
minimum 50 thousand to maximum 3 lakhs as a penalty.
Some of the major provisions are:
1. It has the provision relating to electronic records and digital signature.
2. It has the provision relating to dispatch, receive an acknowledgement of electronic
records.
3. It has the provision relating to government use of the digital signature.
4. It has a provision relating to the computer network and network services providers.
5. It has the provision relating to computer-related crimes and punishments.
4.3. Security Policy
Security policies are a formal set of rules which is issued by an organization to ensure
that the user who are authorized to access company technology and information assets
comply with rules and guidelines related to the security of information. It is a written
document in the organization which is responsible for how to protect the organizations
from threats and how to handles them when they will occur. A security policy also con-
sidered to be a "living document" which means that the document is never finished,
but it is continuously updated as requirements of the technology and employee
changes.
4.4. Managing Risk
Risk management is the action of prioritizing cybersecurity measures in regards to possible consequences of
vulnerabilities within the process.
• IT professionals depend on technologies and combinations of strategies to protect their organization
against cybercrime.
• Cybersecurity risk management is similar to real-world risk management, but takes place in the cyber
world.
• The need for cybersecurity risk management grows as the volume of compromised systems, stolen data,
and damaged reputation increases with hundreds of cybercrimes happening every day.

4.5. Information Security Process

• Information security process is a process that moves through phases building and strengthening itself
along the way.
15
Jay Kisan Polytechnic Institute, Dharahari, Rautahat Composed By S.K PATHAK
• Although the Information Security process has many strategies and activities, we can group them all into
three distinct phases - prevention, detection, and response. Each phase requiring strategies and activities
that will move the process to the next phase.
• The ultimate goal of the information security process is to protect three unique attributes of informa-
tion. They are:
Prevention: Preventing an incident requires careful analysis and planning. Information is an asset that
requires protection commensurate with its value. Security measures must be taken to protect informa-
tion from unauthorized modification, destruction, or disclosure whether accidental or intentional. During
the prevention phase, security policies, controls and processes should be designed and implemented.
Detection: Detection of a system compromise is extremely critical. With the ever-increasing threat envi-
ronment, no matter what level of protection a system may have, it will get compromised given a greater
level of motivation and skill. Intrusion detection systems (IDS) are utilized for this purpose. IDS have the
capability of monitoring system activity and notify responsible persons when activities warrant investiga-
tion.
Response: For the detection process to have any value there must be a timely response. The response to
an incident should be planned well in advance. Making important decisions or developing policy while
under attack is a recipe for disaster. Many organizations spend a tremendous amount of money and time
preparing for disasters such as tornados, earthquakes, fires and floods. A Computer Security Incident Re-
sponse Team (CSIRT) should be established with specific roles and responsibilities identified. These roles
should be assigned to competent members of the organization. A team leader/manager should be ap-
pointed and assigned the responsibility of declaring an incident, coordinating the activities of the CSIRT,
and communicating status reports to upper management.
4.6 Information Security Best Practice
 Consider biometric security
 Form a hierarchical cybersecurity policy.
 Employ a risk-based approach to security.
 Back up your data.
 Manage IoT security.
 Use multi-factor authentication.
 Handle passwords securely.
 Use the principle of least privilege
 Keep an eye on privileged users
 Monitor third-party access to your data
 Be wary of phishing
 Raise employee awareness

16