E-Security

Systems
UNIT 4
Threats to Computer
Systems and Control
Measures
UNDERSTANDING, IDENTIFYING, AND MANAGING COMPUTER
SYSTEM THREATS
PRESENTED BY: DR. ABHIJEET MOHITE
Introduction

 Overview of Computer Threats and Importance

of Control Measures
 Threats affect both individuals and
organizations.
 Impact: data breaches, financial loss,
operational disruption, reputational damage.
 Control measures are crucial for ensuring
security and mitigating risks.
Types of Threats to
Computer Systems
 Categories of Threats
 Cyber Threats: Viruses, malware, hacking,
phishing, etc.
 Physical Threats: Fire, floods, earthquakes,
vandalism.
 Human Error: Mishandling sensitive data, weak
passwords.
Virus

 Malicious software that replicates and spreads.

 Impact: Corrupt files, steal information, or slow
systems.
 Example: ILOVEYOU Virus, WannaCry
Ransomware.
 Control Measures: Antivirus software, avoid
suspicious attachments, regular backups.
Hacking

 Unauthorized access to systems to steal or

destroy data.
 Impact: Data breaches, financial loss,
reputational damage.
 Example: Target breach, Equifax hack.
 Control Measures: Strong passwords, multi-
factor authentication, firewalls.
Phishing

 Tricking individuals to disclose sensitive

information by pretending to be a legitimate
entity.
 Impact: Identity theft, financial fraud.
 Example: Fake bank emails, spear-phishing
attacks.
 Control Measures: Email filters, avoid suspicious
links, employee awareness.
Spyware

 Software that secretly monitors and collects

user data.
 Impact: Privacy invasion, data theft, system
slowdown.
 Example: Keyloggers, CoolWebSearch.
 Control Measures: Anti-spyware software,
regular monitoring, firewalls.
Spam

 Unsolicited emails or messages sent in bulk.

 Impact: Clutters inbox, spreads malware.
 Example: Fake promotional offers, phishing
spam.
 Control Measures: Email filters, avoid public
sharing of email, don’t respond to spam.
Physical Threats

 Natural or man-made threats to hardware and

infrastructure.
 Fire, floods, earthquakes: Can destroy data
centers and systems.
 Vandalism: Physical destruction of hardware.
 Control Measures: Off-site backups, fire
suppression systems, physical security.
Threat Management

 Steps in Threat Management

 Identify: Recognize potential threats and
vulnerabilities.
 Assess: Measure the risk associated with each
threat.
 Mitigate: Implement control measures to reduce
risk.
 Monitor: Continuously observe systems for
threats.
Proactive Threat
Management
 Preventive Measures
 Regular system updates and patching.
 Threat-hunting tools and monitoring.
 Employee training and incident response plans.
 Intrusion Detection Systems (IDS) and
penetration tests.
IT Risk and
Information
Systems
Security
UNDERSTANDING KEY CONCEPTS AND PRACTICES
IT Risk: Definition

 IT Risk refers to the potential for loss or damage

to information technology assets, arising from
various sources such as technical failures,
human errors, or external threats. It
encompasses risks related to data integrity,
availability, confidentiality, and compliance.
Measuring IT Risk

1. Risk Assessment:
- Identify assets (hardware, software, data).
- Evaluate threats and vulnerabilities.
- Assess impact and likelihood of risk events.

2. Risk Quantification:
- Use qualitative or quantitative methods to estimate
potential losses.
- Calculate risk exposure (Risk = Likelihood x Impact).

3. Risk Indicators:
- Key Risk Indicators (KRIs) to monitor risk levels over time.
Risk Mitigation and
Management
1. Risk Avoidance: Alter plans to sidestep potential
risks.
2. Risk Reduction: Implement security measures to
minimize risks.
3. Risk Transfer: Share risk with third parties (e.g.,
insurance).
4. Risk Acceptance: Acknowledge and manage
risks internally.
5. Continuous Monitoring: Regularly review risk
management strategies.
Information Systems
Security: Definition
 Information Systems Security involves
protecting information systems from
unauthorized access, disclosure, disruption,
modification, or destruction. It ensures the
integrity, confidentiality, and availability of
information.
Key Components of
Information Systems Security
1. Security Policies: Establish rules and procedures for maintaining
security.
2. Access Control: Mechanisms to restrict access based on user
identity.
3. Data Protection: Techniques like encryption and secure backups.
4. Incident Response: Procedures for detecting and recovering from
incidents.
5. Network Security: Safeguarding the network infrastructure.
6. End-User Training: Educating users about security best practices.
7. Regulatory Compliance: Adhering to laws related to data
protection.
Internet Security
and E-Business
Risk Management
AN OVERVIEW OF RISKS, ISSUES, AND MITIGATION STRATEGIES
DR. ABHIJEET MOHITE
Network and Website
Security Risks
• Types of Risks:
- Malware: Malicious software designed to harm, exploit, or otherwise
compromise computer systems.
- Phishing Attacks: Deceptive attempts to obtain sensitive information
by masquerading as a trustworthy entity.
- Denial-of-Service (DoS) Attacks: Overwhelming a server with traffic,
making it unavailable to users.
- Data Breaches: Unauthorized access to confidential data, often
leading to identity theft or financial loss.
• Consequences:
- Financial Loss: Costs associated with recovery, legal fees, and
potential fines.
- Reputation Damage: Loss of customer trust can significantly impact
business operations.
- Legal Implications: Non-compliance with regulations can result in
lawsuits and penalties.
Website Hacking and
Issues
• Common Hacking Techniques:
- SQL Injection: Inserting malicious SQL code into a query to
manipulate databases.
- Cross-Site Scripting (XSS): Injecting malicious scripts into
webpages viewed by users.
- Man-in-the-Middle Attacks: Intercepting communication between
two parties to steal information.
• Issues Resulting from Hacking:
- Data Loss: Permanent loss of sensitive or critical information.
- User Trust Erosion: Customers may hesitate to engage with
compromised businesses.
- Compliance and Regulatory Issues: Failing to protect data can lead
to violations of laws like GDPR.
Security and Email

• Email Security Risks:

- Spam and Phishing: Unwanted emails that trick users into
revealing personal information.
- Business Email Compromise (BEC): Scams targeting
businesses to steal money or sensitive information.
- Malware Attachments: Files sent via email that contain
harmful software.
• Security Measures:
- Use of Strong Passwords: Creating complex passwords that
are difficult to guess.
- Two-Factor Authentication: Adding an extra layer of
security by requiring a second form of verification.
- Encryption: Protecting email content to ensure only
intended recipients can read it.
E-Business Risk
Management Issues
• Types of Risks:
- Operational Risks: Risks arising from inadequate internal
processes, people, and systems.
- Compliance Risks: Failure to comply with legal and
regulatory requirements.
- Reputational Risks: Negative public opinion that can
impact business performance.
• Management Strategies:
- Risk Assessment and Analysis: Regularly identifying and
evaluating potential risks.
- Implementation of Security Policies: Establishing guidelines
to mitigate identified risks.
- Regular Audits and Monitoring: Ongoing checks to ensure
compliance and security effectiveness.
Firewall Concept and
Components
• What is a Firewall?
- Definition and Purpose: A security device that monitors and controls
incoming and outgoing network traffic.
• Types of Firewalls:
- Network Firewalls: Protect entire networks by filtering traffic.
- Host-based Firewalls: Installed on individual devices to protect
against local threats.
- Next-Generation Firewalls: Combine traditional firewall capabilities
with advanced features like deep packet inspection.
• Components:
- Packet Filtering: Analyzing packets for predefined security rules.
- Stateful Inspection: Keeping track of active connections and
determining whether incoming packets are part of an established
connection.
- Proxy Services: Acting as an intermediary for requests from clients
seeking resources from other servers.
Benefits of Firewalls

• Key Benefits:
- Network Security and Protection: Acts as a
barrier against unauthorized access.
- Monitoring Traffic and Data: Analyzes and logs
traffic for potential threats.
- Prevention of Unauthorized Access: Blocks
attempts to access sensitive information.
- Customizable Security Policies: Allows
businesses to tailor security settings based on
their needs.
Security on
the Internet
NETWORK AND WEBSITE SECURITY RISKS, HACKING ISSUES, AND
EMAIL SECURITY
PRESENTED BY: DR. ABHIJEET MOHITE
Introduction

 Overview of Internet Security:

 - As more personal and business activities shift
online, security becomes critical.
 - Cyberattacks are increasingly sophisticated
and prevalent.
Network Security Risks

 Definition: Measures to protect network

integrity and usability.
 Common Risks:
 - Unauthorized Access: Intruders accessing
sensitive data (e.g., weak passwords).
 - Data Breaches: High-profile incidents (e.g.,
Equifax breach).
 - Denial of Service Attacks: (e.g., 2016 Dyn
attack).
Website Security Risks

 Definition: Protecting websites from cyber

threats.
 Common Vulnerabilities:
 - SQL Injection: (e.g., Heartland Payment
Systems breach).
 - Cross-Site Scripting (XSS): (e.g., MySpace
Samy worm).
 - Cross-Site Request Forgery (CSRF): (e.g.,
unauthorized fund transfers).
Website Hacking

 Definition: Unauthorized access or manipulation

of websites.
 Motivations: Data theft, disruption of services,
political agendas.
 Common Methods:
 - Exploiting Software Vulnerabilities: (e.g.,
WordPress vulnerabilities).
 - Phishing Attacks: (e.g., Google Docs phishing
scam).
 - Credential Stuffing: (e.g., Reddit breach).
Issues Related to Website
Hacking
 Consequences:
 - Data Loss and Leakage: (e.g., Target breach).
 - Reputational Damage: (e.g., financial losses
from breaches).
 - Importance of Incident Response Plans:
Mitigate damage efficiently.
Security Measures for
Websites
 Best Practices:
 - Regular Software Updates: (e.g., WordPress
updates).
 - Using HTTPS: Securing data in transit.
 - Web Application Firewalls (WAF): (e.g.,
Cloudflare WAF).
 - Security Audits and Penetration Testing:
Identify weaknesses.
Email Security Risks

 Overview: Email as a primary communication

tool.
 Common Threats:
 - Phishing: Fraudulent emails tricking users.
 - Malware Attachments: (e.g., WannaCry
ransomware).
 - Spoofing and Impersonation: CEO fraud
examples.
Security Measures for
Email
 Best Practices:
 - Strong Passwords and Two-Factor
Authentication.
 - Regular Software Updates.
 - Cautious with Attachments and Links.
 - User Training: Recognizing phishing attempts.
E-Business Risk
Management and
Security
Framework
FIREWALL CONCEPTS AND ENTERPRISE-WIDE SECURITY
PRESENTED BY: DR. ABHIJEET MOHITE
Introduction

Overview of E-Business Risk Management:

- Definition: Identifying, assessing, and addressing
risks associated with online business operations.
- Importance: Effective risk management
strategies safeguard sensitive information and
ensure business continuity.
E-Business Risk
Management Issues
- Definition: Proactive approach to managing risks
in online transactions.
- Common Issues:
- Data Breaches: Example: Equifax data breach
(2017).
- Cyberattacks: Example: WannaCry ransomware
attack (2017).
- Compliance Risks: Adhering to GDPR, PCI-DSS.
- Reputation Risks: Damage from significant data
breaches.
Key Risk Management
Strategies
- Risk Assessment: Identify vulnerabilities and
assess potential impacts.
- Risk Mitigation: Implement controls like
encryption and secure payment gateways.
- Incident Response Planning: Develop a clear plan
for security incidents.
- Employee Training: Educate staff on
cybersecurity best practices.
Firewall Concept and
Components
- What is a Firewall?
- Definition: Monitors and controls network traffic.
- Components:
- Packet Filtering: Inspects data packets for rules.
- Stateful Inspection: Monitors active
connections.
- Proxy Service: Acts as an intermediary.
- Next-Generation Firewalls: Advanced features
like deep packet inspection.
Benefits of Firewalls

- Protection Against Threats: Blocks unauthorized

access.
- Traffic Monitoring: Monitors network for unusual
patterns.
- Access Control: Defines rules for resource access.
- Network Segmentation: Creates secure zones
within the network.
Understanding
Enterprise-Wide Security
Framework
- Definition: Comprehensive approach to
protecting information assets.
- Components:
- Policies and Procedures: Establish security
guidelines.
- Risk Management: Ongoing identification and
response.
- Security Architecture: Designing a secure
infrastructure.
- Incident Management: Procedures for handling
security incidents.
Importance of an Enterprise
Security Framework

- Holistic Security Approach: Security integrated

across all levels.
- Compliance and Regulatory Requirements: Meet
legal requirements (GDPR, etc.).
- Continuous Improvement: Promote security
awareness and best practices.
- Risk Mitigation: Reduces the likelihood of security
breaches.
Information Security
Environment in India
REAL-TIME APPLICATIONS IN BUSINESS
DR. ABHIJEET MOHITE
Introduction

 Definition of Information Security: Protects

sensitive information from unauthorized access.
 Importance in the Indian Context: Critical due to
digital transformation.
 Overview of Real-Time Applications in Business:
Systems that respond immediately.
Information Security
Environment in India
 Regulatory Framework: IT Act 2000, GDPR.
 Cybersecurity Initiatives: National Cyber
Security Policy.
 Role of CERT-In: Responds to cybersecurity
incidents.
Types of Real-Time
Systems
 Hard Real-Time Systems: Critical timing (e.g.,
medical devices).
 Soft Real-Time Systems: Important but not
critical (e.g., multimedia).
 Firm Real-Time Systems: Degraded service upon
missed deadlines (e.g., manufacturing control).
Distinction Between Real-
Time, Online, and Batch
Processing Systems

 Real-Time Systems: Immediate data processing

(e.g., ATMs).
 Online Processing Systems: Continuous data
input/output (e.g., e-commerce).
 Batch Processing Systems: Scheduled
processing (e.g., payroll).
Real-Time Applications

 Railway Reservation Systems: Real-time

booking and security measures.
 Airline Reservation Systems: Similar to railways
with added complexities.
 Hotel Reservation Systems: Real-time
management and data privacy.
ATMs and EDI
Transactions
 Automated Teller Machines: Secure transactions
with PIN encryption.
 Electronic Data Interchange: Streamlined
processes and security measures.
E-Cash and Safe E-
Payments
 E-Cash: Digital cash with instant transactions.
 Security Requirements: 2FA, encryption, and
fraud detection mechanisms.
Security Measures in
International and Cross-
Border
RegulatoryTransactions
Compliance: FATF and GDPR.
 Best Practices: Data encryption, multi-factor
authentication.
Challenges and Risks

 Cybersecurity Threats: Hacking and phishing.

 Data Privacy Concerns: Protecting personal
data.
 Compliance Challenges: Navigating
international regulations.
Threat
Hunting
Software
UNDERSTANDING THREAT HUNTING IN CYBERSECURITY
DR. ABHIJEET MOHITE
[INSERT DATE]
Introduction to Threat
Hunting
 Definition: Proactive approach to detect threats
that evade traditional security measures.
 Importance: Enhances security posture and
reduces detection time.
 Objective: Identify hidden threats before they
can cause harm.
Overview of Threat
Hunting Software
 Definition: Tools designed to assist security
analysts in identifying and mitigating threats.
 Key Features: Real-time monitoring, anomaly
detection, data analysis and visualization.
 Examples: Elastic Security, Microsoft Defender,
CrowdStrike Falcon.
Types of Threat Hunting
Software
 Behavioral Analytics Tools: Analyze user and
entity behavior.
 Endpoint Detection and Response (EDR):
Monitor endpoints for threats.
 Network Traffic Analysis Tools: Monitor network
traffic for suspicious activities.
 Threat Intelligence Platforms: Aggregate threat
intelligence data.
Key Features of Threat
Hunting Software
 Real-time Monitoring: Continuous monitoring of
systems.
 Automated Alerts: Generate alerts based on
predefined patterns.
 Data Visualization: Graphical representation of
data.
 Integration Capabilities: Work seamlessly with
other security tools.
Process of Threat
Hunting
 Hypothesis Development: Formulate
hypotheses based on threat intelligence.
 Data Collection: Gather data from various
sources.
 Analysis: Use software to analyze collected
data.
 Response: Investigate findings and take actions.
 Feedback Loop: Update detection methods.
Challenges in Threat
Hunting
 Data Overload: Excessive data can hinder
analysis.
 Skill Gap: Requires skilled personnel.
 Integration Issues: Difficulty in integrating with
existing systems.
 Evolving Threat Landscape: Constantly
changing threats.
Best Practices for Threat
Hunting
 Establish Clear Objectives: Define specific
goals.
 Use Threat Intelligence: Leverage intelligence
data.
 Collaborate: Work with different teams.
 Continuous Learning: Stay updated with the
latest threats.
Case Studies of
Successful Threat
Hunting

Case Study 1: Company A detected an APT
through unusual behavior, preventing a data
breach.
 Case Study 2: Company B used EDR tools to
identify compromised endpoints, minimizing
damage.
Future Trends in Threat
Hunting
 AI and Machine Learning: Increased use for
automation.
 Threat Hunting as a Service: Outsourcing to
specialized firms.
 Integration with SOAR: Enhancing incident
response.