Cyber Security

The technique of protecting internet-connected systems

such as computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks is
known as cyber security.

We can divide cyber security into two parts one is cyber,

and the other is security.

Cyber refers to the technology that includes systems,

networks, programs, and data. And security is concerned
with the protection of systems, networks, applications, and
information..
"Cyber Security is the body of technologies,
processes, and practices designed to protect
networks, devices, programs, and data from attack,
theft, damage, modification or unauthorized
access.“

"Cyber Security is the set of principles and

practices designed to protect our computing
resources and online information against threats."
Types of Cyber Security
Every organization's assets are the combinations of a
variety of different systems. These systems have a strong
cyber security posture that requires coordinated efforts
across all of its systems. we can categorize cyber security
as-
Network Security: It involves implementing the hardware
and software to secure a computer network from
unauthorized access, intruders, attacks, disruption, and
misuse.

This security helps an organization to protect its assets

against external and internal threats.
Application Security: It involves protecting the software
and devices from unwanted threats. Successful security
begins in the design stage, writing source code, validation,
threat modeling, etc., before a program or device is
deployed.

Information or Data Security: It involves implementing a

strong data storage mechanism to maintain the integrity
and privacy of data, both in storage and in transit.

Identity management: It deals with the procedure for

determining the level of access that each individual has
within an organization.
Operational Security: It involves processing and making
decisions on handling and securing data assets.

Mobile Security: It involves securing the organizational

and personal data stored on mobile devices such as cell
phones, computers, tablets, and other similar devices
against various malicious threats. These threats are
unauthorized access, device loss or theft, malware, etc.

Cloud Security: It involves in protecting the information

stored in the digital environment or cloud architectures for
the organization.
Disaster Recovery and Business Continuity Planning: It
deals with the processes, monitoring, alerts, and plans to
how an organization responds when any malicious activity
is causing the loss of operations or data.

User Education: It deals with the processes, monitoring,

alerts, and plans to how an organization responds when any
malicious activity is causing the loss of operations or data.
Cyber Security Goals
Cyber Security's main objective is to ensure data
protection. The security community provides a triangle of
three related principles to protect the data from cyber-
attacks. This principle is called the CIA triad-
Confidentiality, Integrity, and Availability
Confidentiality
Confidentiality is equivalent to privacy that avoids
unauthorized access of information. It involves ensuring
the data is accessible by those who are allowed to use it
and blocking access to others.

It prevents essential information from reaching the

wrong people.
Integrity
This principle ensures that the data is authentic, accurate,
and safeguarded from unauthorized modification by threat
actors or accidental user modification.

If any modifications occur, certain measures should be

taken to protect the sensitive data from corruption or loss
and speedily recover from such an event. In addition, it
indicates to make the source of information genuine.
Availability
This principle makes the information to be available and
useful for its authorized people always. It ensures that
these accesses are not hindered by system malfunction or
cyber-attacks.
Types of Cyber Security Threats
A threat in cyber security is a malicious activity by an
individual or organization to corrupt or steal data, gain
access to a network, or disrupts digital life in general. The
cyber community defines the following threats available
today.
Malware
Malware means malicious software, which is the most
common cyber attacking tool. It is used by the
cybercriminal or hacker to disrupt or damage a legitimate
user's system. The following are the important types of
malware created by the hacker:

Virus: It is a malicious piece of code that spreads from one

device to another. It can clean files and spreads throughout
a computer system, infecting files, stoles information, or
damage device.
Spyware: It is a software that secretly records information
about user activities on their system.
For example, spyware could capture credit card details
that can be used by the cybercriminals for unauthorized
shopping, money withdrawing, etc.

Trojans: It is a type of malware or code that appears as

legitimate software or file to fool us into downloading and
running.
Its primary purpose is to corrupt or steal data from our
device or do other harmful activities on our network.
Ransomware: It's a piece of software that encrypts a user's
files and data on a device, rendering them unusable or
erasing. Then, a monetary ransom is demanded by
malicious actors for decryption.

Worms: It is a piece of software that spreads copies of

itself from device to device without human interaction. It
does not require them to attach themselves to any program
to steal or damage the data.
Adware: It is an advertising software used to spread
malware and displays advertisements on our device. It is
an unwanted program that is installed without the user's
permission. The main objective of this program is to
generate revenue for its developer by showing the ads on
their browser.

Botnets: It is a collection of internet-connected malware-

infected devices that allow cybercriminals to control them.
It enables cybercriminals to get credentials leaks,
unauthorized access, and data theft without the user's
permission.
Phishing
Phishing is a type of cybercrime in which a sender seems
to come from a genuine organization like PayPal, eBay,
financial institutions, or friends and co-workers. They
contact a target or targets via email, phone, or text message
with a link to persuade them to click on that links.

This link will redirect them to fraudulent websites to

provide sensitive data such as personal information,
banking and credit card information, social security
numbers, usernames, and passwords.

Clicking on the link will also install malware on the target

devices that allow hackers to control devices remotely.
Man-in-the-middle (MITM) attack
A man-in-the-middle attack is a type of cyber threat (a
form of eavesdropping attack) in which a
cybercriminal intercepts a conversation or data transfer
between two individuals.

Once the cybercriminal places themselves in the middle of

a two-party communication, they seem like genuine
participants and can get sensitive information and return
different responses.

The main objective of this type of attack is to gain access

to our business or customer data.
Distributed denial of service (DDoS)
It is a type of cyber threat or malicious attempt where
cybercriminals disrupt targeted servers, services, or
network's regular traffic by fulfilling legitimate requests to
the target or its surrounding infrastructure with Internet
traffic.

Here the requests come from several IP addresses that can

make the system unusable, overload their servers, slowing
down significantly or temporarily taking them offline, or
preventing an organization from carrying out its vital
functions.
Brute Force
A brute force attack is a cryptographic hack that uses a
trial-and-error method to guess all possible combinations
until the correct information is discovered.

Cybercriminals usually use this attack to obtain personal

information about targeted passwords, login info,
encryption keys, and Personal Identification Numbers
(PINS).
SQL Injection (SQLI)
SQL injection is a common attack that occurs when
cybercriminals use malicious SQL scripts for backend
database manipulation to access sensitive information.

Once the attack is successful, the malicious actor can view,

change, or delete sensitive company data, user lists, or
private customer details stored in the SQL database.
Domain Name System (DNS) attack
A DNS attack is a type of cyber attack in which cyber
criminals take advantage of flaws in the Domain Name
System to redirect site users to malicious websites (DNS
hijacking) and steal data from affected computers.

It is a severe cyber security risk because the DNS system is

an essential element of the internet infrastructure.
Cyberwarfare is the use of digital attacks against an
enemy state, causing comparable harm to actual warfare
and/or disrupting the vital computer systems.

Cyber warfare typically involves a nation-state

perpetrating cyber attacks on another, but in some cases,
the attacks are carried out by terrorist organizations or non-
state actors seeking to further the goal of a hostile nation.

1834 — French Telegraph System — A pair of thieves

hack the French Telegraph System and steal financial
market information, effectively conducting the world's first
cyber attack.
7 Types of Cyber Warfare Attacks
Espionage
Refers to monitoring other countries to steal secrets. In
cyber warfare, this can involve using botnets or spear
phishing attacks to compromise sensitive computer
systems.

Sabotage
Government organizations must determine sensitive
information and the risks if it is compromised. Hostile
governments or terrorists may steal information, destroy it.
Denial-of-service (DoS) Attacks
DoS attacks prevent legitimate users from accessing a
website by flooding it with fake requests and forcing the
website to handle these requests.

This type of attack can be used to disrupt critical

operations and systems and block access to sensitive
websites by civilians, military and security personnel, or
research bodies.
Electrical Power Grid
Attacking the power grid allows attackers to disable critical
systems, disrupt infrastructure, and potentially result in
bodily harm.

Propaganda Attacks
Attempts to control the minds and thoughts of people
living in or fighting for a target country. Propaganda can be
used to expose embarrassing truths, spread lies to make
people lose trust in their country, or side with their
enemies.
Economic Disruption
Most modern economic systems operate using computers.
Attackers can target computer networks of economic
establishments such as stock markets, payment systems,
and banks to steal money or block people from accessing
the funds they need.

Surprise Attacks
The point is to carry out a massive attack that the enemy
isn’t expecting, enabling the attacker to weaken their
defences. This can be done to prepare the ground for a
physical attack in the context of hybrid warfare.
Conducting Risk Assessments with Cyber Wargames
The best way to assess a nation’s readiness for cyber
warfare is to conduct a real-life exercise or simulation, also
known as a cyber wargame.

A wargame can test how governments and private

organizations respond to a cyber warfare scenario, expose
gaps in defences, and improve cooperation between
entities. Most importantly, a wargame can help defenders
learn how to act quickly to protect critical infrastructure
and save lives.
Cyber wargames can help cities, states, or countries
improve readiness for cyber warfare by:

Testing different situations – such as detecting attacks in

early stages, or mitigating risks after critical infrastructure
has already been compromised.

Testing unusual scenarios – attacks are never conducted

“by the book”. By establishing a red team that acts as the
attackers and tries to find creative ways to breach a target
system, the defenders can learn how to mitigate real
threats.
Division of labour and cooperation mechanisms – cyber
warfare requires many individuals from different
organizations and government units to collaborate. A cyber
wargame can bring together those people, who may not
know each other, and help them decide how to work
together in the event of a crisis.

Improving policies – governments may establish cyber

warfare policies, but need to test them in practice. A cyber
wargame can test the effectiveness of policies and provide
an opportunity for improving them.
Cyberterrorism-
Cyberterrorism is the use of the Internet to conduct
violent acts that result in, or threaten, the loss of life or
significant bodily harm, in order to achieve political or
ideological gains through threat or intimidation.

Acts of deliberate, large-scale disruption of computer

networks, especially of personal computers attached to the
Internet by means of tools such as computer
viruses, computer worms, phishing, malicious software,
hardware methods, programming scripts can all be forms
of internet terrorism
Security Policies-
Security policies are a formal set of rules which is issued
by an organization to ensure that the user who are
authorized to access company technology and information
assets comply with rules and guidelines related to the
security of information.

It is a written document in the organization which is

responsible for how to protect the organizations from
threats and how to handles them when they will occur. A
security policy also considered to be a "living document"
which means that the document is never finished, but it is
continuously updated as requirements of the technology
and employee changes.
Need of Security policies-
•It increases efficiency.
The best thing about having a policy is being able to
increase the level of consistency which saves time, money
and resources.

The policy should inform the employees about their

individual duties, and telling them what they can do and
what they cannot do with the organization sensitive
information.
• It upholds discipline and accountability
When any human mistake will occur, and system security
is compromised, then the security policy of the
organization will back up any disciplinary action and also
supporting a case in a court of law.

• It helps to educate employees on security literacy

A well-written security policy can also be seen as an
educational document which informs the readers about
their importance of responsibility in protecting the
organization sensitive data.
There are some important cybersecurity policies
recommendations describe below-

Virus and Spyware Protection policy-

This policy provides the following protection:
•It helps to detect, removes, and repairs the side effects of
viruses and security risks by using signatures.

•It helps to detect the threats in the files which the users try
to download by using reputation data from Download
Insight.
Firewall Policy-
This policy provides the following protection:
•It blocks the unauthorized users from accessing the
systems and networks that connect to the Internet.

•It detects the attacks by cybercriminals.

•It removes the unwanted sources of network traffic.

Intrusion Prevention policy
This policy automatically detects and blocks the network
attacks and browser attacks. It also protects applications
from vulnerabilities. It checks the contents of one or more
data packages and detects malware which is coming
through legal ways.
Host Integrity policy
This policy provides the ability to define, enforce, and
restore the security of client computers to keep enterprise
networks and data secure.

We use this policy to ensure that the client's computers

who access our network are protected and compliant with
companies? securities policies. This policy requires that the
client system must have installed antivirus.
Cyber Security Principles-
The UK internet industry and Government recognized the
need to develop a series of Guiding Principles for
improving the online security of the ISPs' customers and
limit the rise in cyber-attacks.

Cybersecurity for these purposes encompasses the

protection of essential information, processes, and systems,
connected or stored online, with a broad view across the
people, technical, and physical domains
Some of the essential cybersecurity principles are
described below-
•Economy of mechanism
•Fail-safe defaults
•Least Privilege
•Open Design
•Complete mediation
•Separation of Privilege
•Least Common Mechanism
•Psychological acceptability
•Work Factor
•Compromise Recording
Economy of mechanism-
The Economy of mechanism principle simplifies the
design and implementation of security mechanisms. If the
design and implementation are simple and small, fewer
possibilities exist for errors.

The checking and testing process is less complicated so

that fewer components need to be tested.
Fail-safe defaults
The Fail-safe defaults principle states that the default
configuration of a system should have a conservative
protection scheme.

This principle also restricts how privileges are initialized

when a subject or object is created. Whenever access,
privileges/rights, or some security-related attribute is not
explicitly granted, it should not be grant access to that
object.
Least Privilege-
This principle states that a user should only have those
privileges that need to complete his task. Its primary
function is to control the assignment of rights granted to
the user, not the identity of the user.

Open Design-
This principle states that the security of a mechanism
should not depend on the secrecy of its design or
implementation. It suggests that complexity does not add
security.
Complete mediation-
The principle of complete mediation restricts the caching
of information, which often leads to simpler
implementations of mechanisms. The idea of this principle
is that access to every object must be checked for
compliance with a protection scheme to ensure that they
are allowed.

As a consequence, there should be wary of performance

improvement techniques which save the details of previous
authorization checks, since the permissions can change
over time.
Example: An online banking website should require users
to sign-in again after a certain period like we can say,
twenty minutes has elapsed.
Separation of Privilege-
This principle states that a system should grant access
permission based on more than one condition being
satisfied. This principle may also be restrictive because it
limits access to system entities.

Thus before privilege is granted more than two verification

should be performed.

Example: To Sam (change) to root, two conditions must

be met-
•The user must know the root password.
•The user must be in the right group (wheel).
Least Common Mechanism-
This principle states that in systems with multiple users,
the mechanisms allowing resources shared by more than
one user should be minimized as much as possible.

This principle may also be restrictive because it limits the

sharing of resources.
Psychological acceptability-
The psychological acceptability principle recognizes the
human element in computer security. If security-related
software or computer systems are too complicated to
configure, maintain, or operate, the user will not employ
the necessary security mechanisms.

For example, if a password is matched during a password

change process, the password changing program should
state why it was denied rather than giving a cryptic error
message.
Work Factor-
This principle states that the cost of circumventing a
security mechanism should be compared with the resources
of a potential attacker when designing a security scheme.
In some cases, the cost of circumventing ("known as work
factor") can be easily calculated. In other words, the work
factor is a common cryptographic measure which is used to
determine the strength of a given cipher.
It does not map directly to cybersecurity, but the overall
concept does apply.
Compromise Recording-
The Compromise Recording principle states that
sometimes it is more desirable to record the details of
intrusion that to adopt a more sophisticated measure to
prevent it.

Example-
The Internet-connected surveillance cameras are a typical
example of a compromise recording system that can be
placed to protect a building.
Types of Cyber Attacks
A cyber-attack is an exploitation of computer systems and
networks. It uses malicious code to alter computer code,
logic or data and lead to cybercrimes, such as information
and identity theft.
Web-based attacks-
These are the attacks which occur on a website or web
applications. Some of the important web-based attacks are
as follows-

•Injection attacks:
It is the attack in which some data will be injected into a
web application to manipulate the application and fetch the
required information.

Example- SQL Injection, code Injection, log Injection,

XML Injection etc.
DNS Spoofing-
DNS Spoofing is a type of computer security hacking.
Whereby a data is introduced into a DNS resolver's cache
causing the name server to return an incorrect IP address,
diverting traffic to the attackers computer or any other
computer.

The DNS spoofing attacks can go on for a long period of

time without being detected and can cause serious security
issues.
Session Hijacking
It is a security attack on a user session over a protected
network. Web applications create cookies to store the state
and user sessions.
By stealing the cookies, an attacker can have access to all
of the user data.
Phishing-
Phishing is a type of attack which attempts to steal
sensitive information like user login credentials and credit
card number.
It occurs when an attacker is masquerading as a
trustworthy entity in electronic communication.
Brute force
It is a type of attack which uses a trial and error method.
This attack generates a large number of guesses and
validates them to obtain actual data like user password and
personal identification number.

This attack may be used by criminals to crack encrypted

data, or by security, analysts to test an organization's
network security.
Denial of Service
It is an attack which meant to make a server or network
resource unavailable to the users. It accomplishes this by
flooding the target with traffic or sending it information
that triggers a crash. It uses the single system and single
internet connection to attack a server.
It can be classified into the following-
Volume-based attacks- Its goal is to saturate the
bandwidth of the attacked site, and is measured in bit per
second.
Protocol attacks- It consumes actual server resources, and
is measured in a packet.
Application layer attacks- Its goal is to crash the web
server and is measured in request per second.
Dictionary attacks
This type of attack stored the list of a commonly used
password and validated them to get original password.

URL Interpretation
It is a type of attack where we can change the certain parts
of a URL, and one can make a web server to deliver web
pages for which he is not authorized to browse.
File Inclusion attacks
It is a type of attack that allows an attacker to access
unauthorized or essential files which is available on the
web server or to execute malicious files on the web server
by making use of the include functionality.

Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the
connection between client and server and acts as a bridge
between them. Due to this, an attacker will be able to read,
insert and modify the data in the intercepted connection.
System-based attacks-
These are the attacks which are intended to compromise a
computer or a computer network. Some of the important
system-based attacks are as follows-

Virus-
It is a type of malicious software program that spread
throughout the computer files without the knowledge of a
user. It is a self-replicating malicious computer program
that replicates by inserting copies of itself into other
computer programs when executed. It can also execute
instructions that cause harm to the system.
Worm
It is a type of malware whose primary function is to
replicate itself to spread to uninfected computers. It works
same as the computer virus. Worms often originate from
email attachments that appear to be from trusted senders.

Trojan horse
It is a malicious program that occurs unexpected changes
to computer setting and unusual activity, even when the
computer should be idle. Some malicious code will run in
the background.
Backdoors
It is a method that bypasses the normal authentication
process. A developer may create a backdoor so that an
application or operating system can be accessed for
troubleshooting or other purposes.

Bots
A bot (short for "robot") is an automated process that
interacts with other network services. Some bots program
run automatically, while others only execute commands
when they receive specific input.
Example: of bots program are the crawler, chatroom bots,
and malicious bots.
Types of Cyber Attackers-
In computer and computer networks, an attacker is the
individual or organization who performs the malicious
activities to destroy, expose, alter, disable, steal or gain
unauthorized access to or make unauthorized use of an
asset.
Cyber Criminals-
Cybercriminals are individual or group of people who use
technology to commit cybercrime with the intention of
stealing sensitive company information or personal data
and generating profits.
Cybercriminals use computers in three broad ways to do
cybercrimes-

Select computer as their target- In this, they attack other

people's computers to do cybercrime, such as spreading
viruses, data theft, identity theft, etc.

Uses the computer as their weapon- In this, they use the

computer to do conventional crime such as spam, fraud,
illegal gambling, etc.

Uses the computer as their accessory- In this, they use

the computer to steal data illegally.
Hacktivists-
Hacktivists are individuals or groups of hackers who carry
out malicious activity to promote a political agenda,
religious belief, or social ideology.

Hacktivists are not like cybercriminals who hack computer

networks to steal data for the cash.

They are individuals or groups of hackers who work

together and see themselves as fighting injustice.
State-sponsored Attacker-
State-sponsored attackers have particular objectives
aligned with either the political, commercial or military
interests of their country of origin. These type of attackers
are not in a hurry.

The government organizations have highly skilled hackers

and specialize in detecting vulnerabilities and exploiting
these before the holes are patched.

It is very challenging to defeat these attackers due to the

vast resources at their disposal.
Insider Threats-
The insider threat is a threat to an organization's security or
data that comes from within. These type of threats are
usually occurred from employees or former employees, but
may also arise from third parties, including contractors,
temporary workers, employees or customers.
Malicious-
Malicious threats are attempts by an insider to access and
potentially harm an organization's data, systems or IT
infrastructure.

These insider threats are often attributed to dissatisfied

employees or ex-employees who believe that the
organization was doing something wrong with them in
some way, and they feel justified in seeking revenge.
Accidental-
Accidental threats are threats which are accidently done by
insider employees. In this type of threats, an employee
might accidentally delete an important file or inadvertently
share confidential data with a business partner going
beyond companies policy or legal requirements.

Negligent-
These are the threats in which employees try to avoid the
policies of an organization put in place to protect endpoints
and valuable data.
Cyber Security Tools-
There are numbers of hacking attacks which affecting
businesses of all sizes. Hackers, malware, viruses are some
of the real security threats in the virtual world.

It is essential that every company is aware of the

dangerous security attacks and it is necessary to keep
themselves secure.
Different types of cyber security tools are-
Firewalls-
Its job is to prevent unauthorized access to or from a
private network. It can be implemented as hardware,
software, or a combination of both. The firewalls are used
to prevent unauthorized internet users from accessing
private networks connected to the Internet.

All messages are entering or leaving the intranet pass

through the firewall. The firewall examines each message
and blocks those messages that do not meet the specified
security criteria.
Antivirus Software-
Antivirus software is a program which is designed to
prevent, detect, and remove viruses and other malware
attacks on the individual computer, networks, and IT
systems.

It also protects our computers and networks from the

variety of threats and viruses such as Trojan horses,
worms, keyloggers, browser hijackers, rootkits, spyware,
botnets, adware, and ransomware
PKI Services-
PKI stands for Public Key Infrastructure. This tool
supports the distribution and identification of public
encryption keys. It enables users and computer systems to
securely exchange data over the internet and verify the
identity of the other party.

We can also exchange sensitive information without PKI,

but in that case, there would be no assurance of the
authentication of the other party.
Managed Detection and Response Service (MDR)-
Today's cybercriminals and hackers used more advanced
techniques and software to breach organization security So,
there is a necessity for every businesses to be used more
powerful forms of defences of cybersecurity.

MDR is an advanced security service that provides threat

hunting, threat intelligence, security monitoring, incident
analysis, and incident response.
Penetration Testing-
Penetration testing, or pen-test, is an important way to
evaluate our business's security systems and security of an
IT infrastructure by safely trying to exploit vulnerabilities.
These vulnerabilities exist in operating systems, services
and application, improper configurations or risky end-user
behavior.

In Penetration testing, cybersecurity professionals will

use the same techniques and processes utilized by
criminal hackers to check for potential threats and areas
of weakness.
 Staff Training-
Staff training is not a 'cybersecurity tool' but ultimately,
having knowledgeable employees who understand the
cybersecurity which is one of the strongest forms of
defence against cyber-attacks. Today's many training tools
available that can educate company's staff about the best
cybersecurity practices.

Every business can organize these training tools to educate

their employee who can understand their role in
cybersecurity.
Cyber Security Risk Analysis-
Risk analysis refers to the review of risks associated with
the particular action or event. The risk analysis is applied
to information technology, projects, security issues and any
other event where risks may be analysed based on a
quantitative and qualitative basis.

Risks are part of every IT project and business

organizations
Enterprise and organization used risk analysis:
•To anticipates and reduce the effect of harmful results
occurred from adverse events.

•To plan for technology or equipment failure or loss from

adverse events, both natural and human-caused.

•To evaluate whether the potential risks of a project are

balanced in the decision process when evaluating to move
forward with the project.

•To identify the impact of and prepare for changes in the

enterprise environment.
Steps in the risk analysis process-
Conduct a risk assessment survey:
Getting the input from management and department heads
is critical to the risk assessment process. The risk
assessment survey refers to begin documenting the specific
risks or threats within each department.

Identify the risks:

This step is used to evaluate an IT system or other aspects
of an organization to identify the risk related to software,
hardware, data, and IT employees. It identifies the possible
adverse events that could occur in an organization such as
human error, flooding, fire, or earthquakes.
Analyse the risks:
Once the risks are evaluated and identified, the risk
analysis process should analyse each risk that will occur, as
well as determine the consequences linked with each risk

Develop a risk management plan:

After analysis of the Risk that provides an idea about
which assets are valuable and which threats will probably
affect the IT assets negatively, we would develop a plan for
risk management to produce control recommendations that
can be used to mitigate, transfer, accept or avoid the risk.
Implement the risk management plan:
The primary goal of this step is to implement the measures
to remove or reduce the analyses risks. We can remove or
reduce the risk from starting with the highest priority and
resolve or at least mitigate each risk so that it is no longer a
threat.

Monitor the risks:

This step is responsible for monitoring the security risk on
a regular basis for identifying, treating and managing risks
that should be an essential part of any risk analysis process
Types of Risk Analysis-

Qualitative Risk Analysis

The qualitative risk analysis process is a project
management technique that prioritizes risk on the project
by assigning the probability and impact number.

Probability is something a risk event will occur whereas

impact is the significance of the consequences of a risk
event.
Quantitative Risk Analysis-
The objectives of performing quantitative risk analysis
process provide a numerical estimate of the overall effect
of risk on the project objectives.

It is used to evaluate the likelihood of success in achieving

the project objectives and to estimate contingency reserve,
usually applicable for time and cost.
Need for a Nodal Authority-
The Indian Computer Emergency Response
Team (CERT-IN or ICERT) is an office within
the Ministry of Electronics and Information Technology of
the Government of India.

It is the nodal agency to deal with cyber security threats

like hacking and phishing. It strengthens security-related
defence of the Indian Internet domain.
CERT-IN was formed in 2004 by the Government of India
under Information Technology Act, 2000 Section (70B)
under the Ministry of Communications and Information
Technology.

CERT-IN has overlapping on responsibilities with other

agencies such as National Critical Information
Infrastructure Protection Centre (NCIIPC) which is under
the National Technical Research Organisation (NTRO) that
and National Disaster Manage comes under Prime
Minister's Office ment Authority (NDMA) which is under
Ministry of Home Affairs.
In December 2013, CERT-In reported there was a rise in
the cyber attacks on Government organisations
like banking and finance, oil and gas and emergency
services.

How many cyber attacks in 2021 in India?

More than 11.5 lakh incidents of cyber attacks were
tracked and reported to India's Computer Emergency
Response Team (CERT-In) in 2021. According to official
estimates, ransomware attacks have increased by 120 per
cent in India
Need for an International Convention on Cyberspace-
Over the past three decades, a convergence of information
and communication technologies (ICTs), together with
various governance policies, have created what we now
call “cyberspace.” Today cyberspace is a living reality,
influencing all aspects of human behavior.

The need to create a universal and transparent global

framework to ensure the effective security and utilization
of cyberspace “for the economic and social advancement
of all peoples” has become paramount. How can this be
achieved?
Governments addressed this issue more than two decades
ago, when the UN General Assembly (UNGA) adopted its
first resolution on ICTs in December 1998.

The four main stakeholders in cyberspace acknowledged

by the UNGA are governments, businesses, academia,
and civil society.

These stakeholders are active in varying degrees.

The Global Conferences on Cyberspace
At the global level, issues in cyberspace that require
effective international cooperation have been raised by the
five multi-stakeholder Global Conferences on Cyber Space
held so far, beginning with the London Conference in
2011.
The London Conference identified five broad themes for
international cooperation in cyberspace. These were
economic growth and development, social benefits,
international security, tackling cybercrime and ensuring
safe and reliable access to cyberspace.
The Fifth Global Conference on Cyber Space was hosted
by India in 2017, with a focus on “a secure and inclusive
cyberspace for sustainable development.”

The intent of the conference was to promote the

importance of inclusiveness and human rights in global
cyber policy, interoperable and unregimented cyberspace,
to create political commitment for capacity building
initiatives to address the digital divide and assist
countries, and to develop security solutions