COMPUTER TRAINING

FOR WBSEDCL ,
GOVT. OF WEST BENGAL ENTERPRISE

Conducted by
ACES INFOTECH PVT LIMITED
 Computer Application on IT
Security,Cyber laws & Its application.
 INTRODUCTION TO
CYBERSECURTY

 Why do we need Cyber security

 What is Cyber security
 The CIA Triad
Cybersecurity Protect You From
Hackers And Identity Theft
What do we need Cyber security?

• Protects personal data

• Protects business reputation
• Enhances productivity
• Improves cyber posture
• Help educate the workforce
• Prevents website crashes
• Maintain trust and
credibility
• Better data management
What is Cyber security?

Cyber security is the application of technologies,

processes, and controls to protect systems, networks,
programs, devices and data from cyber attacks
From business to mobile computing, and can be
divided into a few common categories.

• Application security
• Network security
• Information security
Implementing effective cyber security measures is particularly
challenging today because there are more devices than people,
and attackers are becoming more innovative
CIA
 THE CIA TRIAD

Confidentiality

Standard measures to establish

confidentiality include:

Data encryption
 Two-factor authentication
 Biometric verification
Security tokens
 THE CIA TRIAD

Integrity

Integrity refers to protecting information from being

modified by unauthorized parties.

Standard measures to guarantee integrity include:

 Cryptographic checksums
 Using file permissions
 Uninterrupted power supplies
 Data backups
 THE CIA TRIAD

Availability

Availability is making sure that authorized parties are

able to access the information when needed.

Standard measures to guarantee availability include:

 Backing up data to external drives

 Implementing firewalls
 Having backup power supplies
 Data redundancy
THREATS VULNERABILITIE RISK
S

• Software • Business
• Dishonest bugs disruption
employees • Broken • Financial
• Criminals processes losses
• Using The • Ineffective • Loss of
Government controls privacy
s • Hardware • Damage to
• Terrorists flaws reputation
• The press • Business • Loss of
• Competitors change confidence
• Hackers • Legacy • Legal
• Nature system penalties
• Human error • Loss of file
• Inadequate
BCP
Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and

networks. It uses malicious code to alter computer code,
logic or data and lead to cybercrimes, such as information
and identity theft.

Cyber-attacks can be classified into the following

categories:

1) Web-based attacks
2) System-based attacks
WHO IS DOING THE HACKING?

A Hacker is a person who finds and exploits the weakness

in computer systems and/or networks to gain access.
Hackers are usually skilled computer programmers with
knowledge of computer security.
 HACKING

• Financial (theft, fraud, blackmail)

• Political /state (state level/ military)
• Fame/ kudos (fun/ status)
• Hacktivism (cause)
• Pen testers (legal hacking)
• Police
• Insider
• Business
 Malware
 Malware is intrusive software that is designed to
damage and destroy computers and computer
systems.

 Malware is a short form of “Malicious

Software.”

 Examples of common malware

viruses, worms, Trojan viruses, spyware, adware,

and ransomware.
 COMMON THREATS - RANSOMWARE

• A ransomware attack is defined as a form of malware

attack in which an attacker seizes the user’s data, folders,
or entire device until a ‘ransom’ fee is paid.
• Normally loaded onto a computer via a
download/attachment/link from an email or website.
• Will either lock the screen or encrypt your data.
• Once Ransomware is uploaded on your
computer/tablet/phone it is very difficult to remove
without removing all of the data
Best Solutions to Put in Place to Stop Ransomware
Attacks.

•Antivirus and anti-malware. ...

•Backup and file management. ...

•Employee training. ...

•Multi-factor authentication. ...

•Policy of least privilege. ...

•Ransomware detection. ...

•Software updates and patch management. ...

•Strong passwords.
 PHISHING
Phishing is an act of sending and email to a user; misleading him to
believe that it is from a frustrate person or organisation.

Phishing is a type of online fraud that involves tricking people into

providing sensitive information, such as passwords or credit card numbers,
by masquerading as a trustworthy source

How to tackle the problem

• Don’t click any links on an email unless you can guarantee who its
from.
• Use a trusted method of contacting the company via a phone number,
app or website.
• Mark the email as spam and contact the organisation.
How to Phishing…..
WHAT TO LOOK OUT FOR WHEN SHOPPING
ON THE INTERNET?
• Ensure you’re on the correct website

• HTTPS and the padlock- The ‘S’

stands for secure, this means you
have a secure connection to the
website. This should prevent a ‘man
in the middle’ attack.

• It encrypts your data and the

receiver will be able to decrypt it but
if it is a fraudulent website they will
still obtain your information.

• Use a credit card/ PayPal when

conducting online transactions.
 PUBLIC WI-FI

• May not be trustworthy. They could share your information to other companies
who operate in countries without any data protection.
• You may not know who is watching you whilst you’re online.

Nation Cyber Security Centre (NCSC)

What to do and not do to

• Don’t use online banking. Use your own data.

• Don’t conduct any purchases
• Use a virtual private network (VPN)
 PASSWORDS ADVICE

• Use 1 password per account.

• Three random words is the NCSC’s advice. Capitals,
special characters and numbers is your own choic.
• brute force attack.
• Password managers can be helpful to store your passwords.
 FIREWALLS

• A Firewall is a network security device that monitors and filters

incoming and outgoing network traffic based on an
organization’s previously established security policies.

• A firewall is essentially the barrier that sits between a private

internal network and the public Internet.

• A firewall’s main purpose is to allow non-threatening traffic in

and to keep dangerous traffic out.
 NMAP

• Nmap, short for Network Mapper, is a free and open source

tool used for vulnerability checking, port scanning and, of
course, network mapping.

• It is used to scan IP addresses and ports in a network and

to detect installed applications.

• Nmap allows network admins to find which devices are

running on their network, discover open ports and services,
and detect vulnerabilities.
Step 1: Visit the official website using the URL https://nmap.org/download.html
on any web browser the click on nmap-7.92-setup.exe
Step 2: Now check for the executable file in downloads in your system and
run it.
Step 3: It will
prompt confirmation
to make changes to
your system. Click
on Yes.

Step 4: The next

screen will be of
License Agreement,
click on I Agree.
Step 5: Next screen
is of choosing
components, all
components are
already marked so
don’t change
anything just click
on the Next button.
Step 6: In this step, we choose
the installation location of
Nmap. By default, it uses the C
drive but you can change it into
another drive that will have
sufficient memory space for
installation. It requires 84.3
MB of memory space.
Step 7: After this
installation process
it will take a few
minutes to complete
the installation.
Step 8: Npcap
installation will also occur
with it, the screen of
License Agreement will
appear, click on I Agree.
Step 9: Next screen is
of installation options
don’t change anything
and click on
the Install button.
Step 10: After
this installation
process it will take
a few minutes to
complete the
installation.
Step 11: After
completion of
installation click on
the Next button.
Step 12: Click on
the Finish button to
finish the installation of
Npcap.
 CYBER ETHICS

Cyberethics is a branch of computer technology behavior

that defines the best practices that must be adopted by a
user when he uses the computer system.

In simple terms, cyberethics refers to the basic ethics and

etiquette that must be followed while using a computer
system.
 What is Cyberspace?

 Cyberspace can be defined as an intricate environment that

involves interactions between people, software, and services. It
is maintained by the worldwide distribution of information
and communication technology devices and networks.
 With the benefits carried by the technological advancements,
the cyberspace today has become a common pool used by
citizens, businesses, critical information infrastructure,
military and governments in a fashion that makes it hard to
induce clear boundaries among these different groups. The
cyberspace is anticipated to become even more complex in the
upcoming years, with the increase in networks and devices
connected to it.
 REGULATIONS OF CYBERSPACE
Rules Offence
REGULATIONS Punishment
OF CYBERSPACE
Section 43 Applicable to people who The owner can fully claim
damage the computer systems compensation for the entire
without permission from the damage in such cases.
owner

Section 66A Applicable in case a person is The imprisonment term in

found to dishonestly or such instances can mount up
fraudulently committing any to three years or a fine of up
act referred to in section 43 to Rs. 5 lakh.

Section 66B Incorporates the punishments This term can also be topped
for fraudulently receiving by Rs. 1 lakh fine, depending
stolen communication devices upon the severity.
or computers, which confirms
a probable three years
imprisonment.
 REGULATIONS OF CYBERSPACE

Rules Offence Punishment

Section 66D Phishing, i.e., punishment Imprisonment which may

for cheating by personation extend up to 3 years along
by the use of computer’s with a fine that may
resources extend up to rupee 1 lakh.

Section 66E Voyeurism, i.e. punishment Imprisonment for 3 years

for violating privacy of an along with a fine which
individual may be extended up to 2
lakh rupees or both.

Section 66F Cyber Terrorism Life imprisonment

 REGULATIONS OF CYBERSPACE

Rules Offence Punishment

Section 67A Publishing/ or Imprisonment up to 5

transmitting material in years along with a fine
electronic form that could extend up to
containing sexually 10 lakh rupees in the
explicit contents first convict; and
imprisonment can be
extended up to 7 years
with fine of 20 lakh
rupees in the second
conviction
 ADVICE

• Update and migrate Data

• Create strong password
• Make transaction in secure way
• Clear personal data from web bowser
• Use antivirus
• Activate your firewall
• Staff awareness
• Prepare Plan
 YOU ARE THE BEST DEFENCE!

• Technology is only a small part of Cyber Defence

• You are the most important person – protect yourself
• For businesses the most important and best defence is Cyber Security
Aware employees – train your staff

Always be aware!
Always be on your guard!
 REPORTING CYBERCRIME

• Online fraud is to be reported to Action Fraud. They’re the national

reporting mechanism for fraud. Via;
www.actionfraud.police.uk
Or 0300 123 2040
• Can be reported 24/7 via the website.
NATION CYBER SECURITY CENTRE (NCSC)

National Cyber Security Centre

https://www.ncsc.gov.uk/
https://www.ncsc.gov.uk/smallbusiness
●

51