CYBER SECURITY
CHAPTER 1
INTRODUCTION TO CYBER SECURITY
It is the body of technologies, processes, and process designed to protect networks,
devices, programs, and data from ack, the, damage, Modica on or unauthorized access. The eld
is becoming more important due to increase reliance on computer systems, the Internet and
wireless network standards such as Bluetooth and Wi-Fi and due to the growth of smart devices
including smartphones, telephones, and the various devices that constate the “Internet of
things”. Why do we need cyber security? With an increasing amount of people connected to
internet, the security threats that cause massive harm are increasing also. Cyber security is
necessary since it helps in securing data from threats such as data the or misuse, also safeguards
your system from viruses.
In today's digital world, cybersecurity plays a crucial role in protecting sensitive data, systems,
and networks from cyber threats. Cybersecurity encompasses a broad range of practices and
technologies designed to safeguard information from unauthorized access, cyberattacks, and
malicious activities.
Importance of Cybersecurity:
With the rise of cyber threats such as hacking, malware, and phishing, businesses and
individuals must implement robust security measures. Cybersecurity ensures data integrity,
confidentiality, and availability, reducing risks associated with cybercrime.
Key Concepts in Cybersecurity
• Cyber Threats – Includes viruses, ransomware, phishing attacks, and hacking
attempts.

Network Security – Protecting networks from unauthorized access using firewalls,
encryption, and secure protocols.

Authentication & Access Control – Using passwords, biometrics, and multi-factor
authentication to ensure only authorized users access systems.
Why do we need cyber security?
• With an increasing amount of people get connected to internet, the security threats
that cause massive harm are increasing also.
• Cyber security is necessary since it helps in securing data from threats such as data theft
or misuse, also safeguard your system from viruses.
DEPT OF CSE LAEC,BIDAR
1|Page
CYBER SECURITY
Types of Cyber Attacks
A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to
alter computer code, logic or data and lead to cybercrimes, such as information and identity
theft.
Cyber-attacks can be classified into the following categories:
1) Web-based attacks
2) System-based attacks
Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows.
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.
Example - SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting traffic
to the attacker’s computer or any other computer. The DNS spoofing attacks can go on for a
long period of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have access
to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy
entity in electronic communication.
DEPT OF CSE LAEC,BIDAR
2|Page
CYBER SECURITY
5. Brute force
It is a type of attack which uses a trial-and-error method. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in request per
second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get
original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a web
server to deliver web pages for which he is not authorized to browse.
9. File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of
the include functionality.
10. Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert
and modify the data
DEPT OF CSE LAEC,BIDAR
3|Page
CYBER SECURITY
System-based attacks
These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows1. Virus
It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.
2. Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected
computers. It works same as the computer virus. Worms often originate from email attachments
that appear to be from trusted senders.
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It appears
to be a normal application but when opened/executed some malicious code will run in the
background.
4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.
5. Bots
A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they receive
specific input. Common examples of bots program are the crawler, chatroom bots, and
malicious bots.
DEPT OF CSE LAEC,BIDAR
4|Page
CYBER SECURITY
CHAPTER 2
TYPES OF CYBER SECURITY
There are seven types of cyber security, each explained below in detail with uses and functions:
1. Network Security (Protecting Networks from Unauthorized Access)
It focuses on securing computer networks from unauthorized access, data breaches, and other
network-based threats. This involves implementing technologies such as Firewalls, Intrusion
detection systems (IDS), Virtual private networks (VPNs), and Network segmentation as
well as deploying antivirus software.

Using public Wi-Fi in locations like cafes and malls poses significant security risks.
Malicious actors on the same network can potentially intercept your online activity,
including sensitive information. If you use payment gateways on these unsecured
networks, your financial data could be compromised because these open networks don’t
have proper security layers, which means anyone—even hackers—can watch what
you're doing online.

So, use a secure private network or VPN to protect your internal network from
outside threats
2. Application Security (Ensuring Secure Software and Apps)
Concerned with securing software applications and preventing vulnerabilities that could be
exploited by attackers. It involves secure coding practices, regular software updates and
patches, and application-level firewalls.

Most of the Apps that we use on our cell phones are Secured and work under the rules
and regulations of the Google Play Store.

There are 3.553 million applications in Google Play, Apple App Store has 1.642
million, and Amazon App Store has 483 million available for users to download. With
so many choices, it’s easy to assume all apps are safe—but that’s not true.

Some apps pretend to be secure, but once installed, they collect personal data and
secretly share it with third-party companies.

The app must be installed from a trustworthy platform, not from some 3rd party website
in the form of an APK (Android Application Package).
DEPT OF CSE LAEC,BIDAR
5|Page
CYBER SECURITY
3. Information or Data Security (Safeguarding Sensitive Data)
Focuses on protecting sensitive information from unauthorized access, disclosure, alteration,
or destruction. It includes Encryption, Access controls, Data classification, and Data loss
prevention (DLP) measures.

Incident response refers to the process of detecting, analyzing, and responding to
security incidents promptly.

Promoting security awareness among users is essential for maintaining information
security. It involves educating individuals about common security risks, best practices
for handling sensitive information, and how to identify and respond to potential threats
like phishing attacks or social engineering attempts.

Encryption is the process of converting information into an unreadable format
(ciphertext) to protect it from unauthorized access.
4. Cloud Security (Defending Cloud Storage and Applications)
It involves securing data, applications, and infrastructure hosted on cloud platforms, and
ensuring appropriate access controls, data protection, and compliance. It uses various cloud
service providers such as AWS, Azure, Google Cloud, etc., to ensure security against multiple
threats.

Cloud-based data storage has become a popular option over the last decade. It enhances
privacy if configured and managed correctly and saves data on the cloud, making it
accessible from any device with proper authentication.

These platforms offer free tiers for limited usage, and users must pay for additional
storage or services

It is a cloud service provider that offers a wide range of services, including storage,
computing, and security tools.
5. Endpoint Security (Protecting Devices like Laptops & Phones)
Refers to securing individual devices such as computers, laptops, smartphones, and IoT
devices. It includes antivirus software, intrusion prevention systems (IPS), device encryption,
and regular software updates.

Antivirus and Anti-malware software that scans and detects malicious software, such
as Viruses, Worms, Trojans, and Ransomware. These tools identify and eliminate or
quarantine malicious files, protecting the endpoint and the network from potential harm.
DEPT OF CSE LAEC,BIDAR
6|Page
CYBER SECURITY

Firewalls are essential components of endpoint security. They monitor and control
incoming and outgoing network traffic, filtering out potentially malicious data packets.

Keeping software and operating systems up to date with the latest security patches and
updates is crucial for endpoint security.
6. Operational Security (Managing Internal Security Protocols)
Refers to the processes and policies organizations implement to protect sensitive data from
internal threats and human errors. It involves access controls, risk management, employee
training, and monitoring activities to prevent data leaks and security breaches.

Access Controls ensure that only authorized personnel can access critical systems and
sensitive information. This includes role-based access, multi-factor authentication
(MFA), and least privilege principles.

Risk Management involves identifying, analyzing, and mitigating security risks
within an organization. It includes regular security assessments, vulnerability testing,
and compliance audits.

Employee Training is crucial for preventing insider threats and social engineering
attacks. Organizations conduct cybersecurity awareness programs to educate
employees on phishing scams, password security, and data handling best practices.

Monitoring & Incident Response includes tracking user activity, detecting suspicious
behaviour, and responding to security incidents in real time. Security Information and
Event Management (SIEM) tools help organizations analyze and mitigate threats
effectively.
7. Internet of Things (IoT) Security
Refers to protecting internet-connected devices such as smart home gadgets, industrial sensors,
medical equipment, and wearable technology from cyber threats. IoT security ensures that
these devices do not become entry points for hackers to exploit networks and steal sensitive
data.

Device Authentication & Encryption ensures that only authorized devices can
connect to networks. Encryption protects data transmitted between IoT devices and
servers from interception.

Firmware & Software Updates are crucial to patch security vulnerabilities. Regular
updates help prevent exploitation by cybercriminals who target outdated IoT firmware.
DEPT OF CSE LAEC,BIDAR
7|Page
CYBER SECURITY
CHAPTER 3
CYBER SECURITY TOOLS
Cybersecurity Trends in 2025
1. Rise of AI and Machine Learning: More cybersecurity tools are using artificial intelligence
(AI) and machine learning to detect and respond to threats faster than humans can. AI in
cybersecurity helps recognize patterns, block suspicious behaviour, and even predict future
threats—making it one of the most powerful tools to protect sensitive information.
2. Increase in Ransomware Attacks: Ransomware, where hackers lock you out of your data
until you pay a ransom, is becoming more common. Companies and individuals alike need to
back up their data regularly and invest in security measures to avoid falling victim to these
attacks.
3. Cloud Security: As more businesses move their data to the cloud, ensuring this data is
secure is a top priority. This includes using strong authentication methods and regularly
updating security protocols to protect against breaches.
4. Internet of Things (IoT) Vulnerabilities: With more devices connected to the internet, like
smart home gadgets and wearable tech, there's an increased risk of cyberattacks. Ensuring these
devices have updated security features is crucial.
5. Zero Trust Security: This approach assumes that threats could come from inside or outside
the network, so it constantly verifies and monitors all access requests. It's becoming a standard
practice to ensure a higher level of security.
6. Cybersecurity Skills Gap: There is a growing need for skilled cybersecurity professionals.
As cyber threats become more sophisticated, the demand for experts who can protect against
these threats is higher than ever.
7. Regulatory Compliance: New regulations are being introduced worldwide to protect
personal data. Companies must stay informed about these laws to ensure they comply and avoid
hefty fines.
Cybersecurity Best Practices
There are several steps you can take to protect yourself from cyber threats, including:

Use strong passwords: Use unique and complex passwords for all of your accounts,
and consider using a password manager to store and manage your passwords.
DEPT OF CSE LAEC,BIDAR
8|Page
CYBER SECURITY

Keep your software up to date: Keep your operating system, software applications,
and security software up to date with the latest security patches and updates.

Enable two-factor authentication: Enable two-factor authentication on all of your
accounts to add an extra layer of security.

Be aware of suspicious emails: Be cautious of unsolicited emails, particularly those
that ask for personal or financial information or contain suspicious links or attachments.

Educate yourself: Stay informed about the latest cybersecurity threats and best
practices by reading cybersecurity blogs and attending cybersecurity training programs.
Challenges of Cybersecurity

Constantly Evolving Threat Landscape: Cyber threats are constantly evolving, and
attackers are becoming increasingly sophisticated. This makes it challenging for
cybersecurity professionals to keep up with the latest threats and implement effective
measures to protect against them.

Lack of Skilled Professionals: There is a shortage of skilled cybersecurity
professionals, which makes it difficult for organizations to find and hire qualified staff
to manage their cybersecurity programs.

Limited Budgets: Cybersecurity can be expensive, and many organizations have
limited budgets to allocate toward cybersecurity initiatives. This can result in a lack of
resources and infrastructure to effectively protect against cyber threats.

Insider Threats: Insider threats can be just as damaging as external threats. Employees
or contractors who have access to sensitive information can intentionally or
unintentionally compromise data security.

Complexity of Technology: With the rise of cloud computing, IoT, and other
technologies, the complexity of IT infrastructure has increased significantly. This
complexity makes it challenging to identify and address vulnerabilities and implement
effective cybersecurity measures.
DEPT OF CSE LAEC,BIDAR
9|Page
CYBER SECURITY
CHAPTER 4
CYBER THREATS – CYBER WARFARE
Cyber warfare refers to the use of digital attacks -- like computer viruses and hacking -- by one
country to disrupt the vital computer systems of another, with the aim of creating damage,
death and destruction. Future wars will see hackers using computer code to attack an enemy's
infrastructure, fighting alongside troops using conventional weapons like guns and missiles.
Cyber warfare involves the actions by a nation-state or international organization to attack and
attempt to damage another nation's computers or information networks through, for example,
computer viruses or denial-of-service attacks.
Cyber Crime:
Cybercrime is criminal activity that either targets or uses a computer, a computer network or a
networked device. Cybercrime is committed by cybercriminals or hackers who want to make
money. Cybercrime is carried out by individuals or organizations. Some cybercriminals are
organized, use advanced techniques and are highly technically skilled. Others are novice
hackers.
Cyber Terrorism:
Cyber terrorism is the convergence of cyberspace and terrorism. It refers to unlawful attacks
and threats of attacks against computers, networks and the information stored therein when
done to intimidate or coerce a government or its people in furtherance of political or social
objectives.
Examples: hacking into computer systems, introducing viruses to vulnerable networks, web
site defacing, Denial-of-service attacks, or terroristic threats made via electronic
communication.
Cyber Espionage:
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and information
without the permission and knowledge of the holder of the information from individuals,
competitors, rivals, groups, governments and enemies for personal, economic, political or
military advantage using methods on the Internet.
DEPT OF CSE LAEC,BIDAR
10 | P a g e
CYBER SECURITY
Security Policies:
Security policies are a formal set of rules which is issued by an organization to ensure that the
user who are authorized to access company technology and information assets comply with
rules and guidelines related to the security of information. A security policy also considered to
be a "living document" which means that the document is never finished, but it is continuously
updated as requirements of the technology and employee changes. We use security policies to
manage our network security. Most types of security policies are automatically created during
the installation. We can also customize policies to suit our specific environment.
Need of Security policies –
1) It increases efficiency.
2) It upholds discipline and accountability.
3) It can make or break a business deal.
4) It helps to educate employees on security literacy.
There are some important cyber security policies recommendations describe belowVirus and Spyware Protection policy:
 It helps to detect threads in files, to detect applications that exhibits suspicious behaviour.
 Removes, and repairs the side effects of viruses and security risks by using signatures.
Firewall Policy:
 It blocks the unauthorized users from accessing the systems and networks that connect to the
Internet.
 It detects the attacks by cybercriminals and removes the unwanted sources of network traffic.
Intrusion Prevention policy:
 This policy automatically detects and blocks the network attacks and browser attacks.
 It also protects applications from vulnerabilities and checks the contents of one or more data
packages and detects malware which is coming through legal ways.
Application and Device Control:
 This policy protects a system's resources from applications and manages the peripheral
devices that can attach to a system.
DEPT OF CSE LAEC,BIDAR
11 | P a g e
CYBER SECURITY
CHAPTER 5
CYBERSPACE AND THE LAW & CYBER FORENSICS
CYBERSPACE
Cyberspace can be defined as an intricate environment that involves interactions between
people, software, and services. It is maintained by the worldwide distribution of information
and communication technology devices and networks.
With the benefits carried by the technological advancements, the cyberspace today has
become a common pool used by citizens, businesses, critical information infrastructure,
military and governments in a fashion that makes it hard to induce clear boundaries among
these different groups. The cyberspace is anticipated to become even more complex in the
upcoming years, with the increase in networks and devices connected to it.
REGULATIONS
There are five predominant laws to cover when it comes to cybersecurity:
Information Technology Act, 2000 The Indian cyber laws are governed by the Information
Technology Act, penned down back in 2000. The principal impetus of this Act is to offer
reliable legal inclusiveness to eCommerce, facilitating registration of real-time records with
the Government.
But with the cyber attackers getting sneakier, topped by the human tendency to misuse
technology, a series of amendments followed.
The ITA, enacted by the Parliament of India, highlights the grievous punishments and
penalties safeguarding the e-governance, e-banking, and e-commerce sectors. Now, the scope
of ITA has been enhanced to encompass all the latest communication devices.
The IT Act is the salient one, guiding the entire Indian legislation to govern cybercrimes
rigorously:
Section 43 - Applicable to people who damage the computer systems without permission
from the owner. The owner can fully claim compensation for the entire damage in such cases.
Section 66 - Applicable in case a person is found to dishonestly or fraudulently committing
any act referred to in section 43. The imprisonment term in such instances can mount up to
three years or a fine of up to Rs. 5 lakh.
DEPT OF CSE LAEC,BIDAR
12 | P a g e
CYBER SECURITY
Section 66B - Incorporates the punishments for fraudulently receiving stolen communication
devices or computers, which confirms a probable three years imprisonment. This term can also
be topped by Rs. 1 lakh fine, depending upon the severity.
Section 66C - This section scrutinizes the identity thefts related to imposter digital signatures,
hacking passwords, or other distinctive identification features. If proven guilty, imprisonment
of three years might also be backed by Rs.1 lakh fine.
Section 66 D - This section was inserted on-demand, focusing on punishing cheaters doing
impersonation using computer resources.
THE INDIAN CYBERSPACE
Indian cyberspace was born in 1975 with the establishment of National Informatics Centre
(NIC) with an aim to provide govt with IT solutions. Three networks (NWs) were set up
between 1986 and 1988 to connect various agencies of govt. These NWs were, INDONET
which connected the IBM mainframe installations that made up India’s computer
infrastructure, NICNET (the NIC NW) a nationwide very small aperture terminal (VSAT) NW
for public sector organisations as well as to connect the central govt with the state govts and
district administrations, the third NW setup was ERNET (the Education and Research
Network), to serve the academic and research communities.
New Internet Policy of 1998 paved the way for services from multiple Internet service
providers (ISPs) and gave boost to the Internet user base grow from 1.4 million in 1999 to over
150 million by Dec 2012. Exponential growth rate is attributed to increasing Internet access
through mobile phones and tablets. Govt is making a determined push to increase broadband
penetration from its present level of about 6%1. The target for broadband is 160 million
households by 2016 under the National Broadband Plan.
NATIONAL CYBER SECURITY POLICY
National Cyber Security Policy is a policy framework by Department of Electronics and
Information Technology. It aims at protecting the public and private infrastructure from
cyberattacks. The policy also intends to safeguard "information, such as personal information
(of web users), financial and banking information and sovereign data". This was particularly
relevant in the wake of US National Security Agency (NSA) leaks that suggested the US
government agencies are spying on Indian users, who have no legal or technical safeguards
against it. Ministry of Communications and Information Technology (India) defines
Cyberspace as a complex environment consisting of interactions between people, software
services supported by worldwide distribution of information and communication technology.
DEPT OF CSE LAEC,BIDAR
13 | P a g e
CYBER SECURITY
CYBER FORENSICS
Computer forensics is the application of investigation and analysis techniques to gather and
preserve evidence.
Forensic examiners typically analyse data from personal computers, laptops, personal digital
assistants, cell phones, servers, tapes, and any other type of media. This process can involve
anything from breaking encryption, to executing search warrants with a law enforcement team,
to recovering and analysing files from hard drives that will be critical evidence in the most
serious civil and criminal cases.
The forensic examination of computers, and data storage media, is a complicated and highly
specialized process. The results of forensic examinations are compiled and included in reports.
In many cases, examiners testify to their findings, where their skills and abilities are put to
ultimate scrutiny.
DIGITAL FORENSICS:
Digital Forensics is defined as the process of preservation, identification, extraction, and
documentation of computer evidence which can be used by the court of law. It is a science of
finding evidence from digital media like a computer, mobile phone, server, or network. It
provides the forensic team with the best techniques and tools to solve complicated digital
related cases.
Digital Forensics helps the forensic team to analyses, inspect, identifies, and preserve the
digital evidence residing on various types of electronic devices.
Digital forensic science is a branch of forensic science that focuses on the recovery and
investigation of material found in digital devices related to cybercrime.
THE NEED FOR COMPUTER FORENSICS
Computer forensics is also important because it can save your organization money. ... From a
technical standpoint, the main goal of computer forensics is to identify, collect, preserve, and
analyse data in a way that preserves the integrity of the evidence collected so it can be used
effectively in a legal case.
DEPT OF CSE LAEC,BIDAR
14 | P a g e
CYBER SECURITY
CHAPTER 6
CYBER ETHICS
Cyberethics refers to a set of moral rules or a code of behaviour applied to the
online environment. As a responsible netizen, one should observe these rules to
help make the cyberspace a safe place. Cyberethics is a branch of applied ethics
that examines the impact that the moral, legal, and social issues have at the
intersection of computer/information and communication technologies. This is
also referred to as internet ethics, computer ethics, and information ethics [1, 2].
Computer ethics is a field of applied ethics that addresses ethical issues in the use,
design and management of information technology and in the formulation of
ethical policies for its regulation in society [3].
Core Principles of Cyberethics
Cyber Ethics focuses on the following:
1. Privacy: It ensures that personal data and information are kept secure and protected from
unauthorized access or misuse. Individuals' privacy rights must be respected in the digital
world.
2. Integrity: Promoting honesty and accuracy in digital communications, transactions, and
content. This includes avoiding the creation or spread of false information and ensuring data is
not altered without authorization.
DEPT OF CSE LAEC,BIDAR
15 | P a g e
CYBER SECURITY
3. Accountability: Individuals and organizations should be held accountable for their actions
in the digital space. This includes taking responsibility for digital content, behavior, and the
consequences of online actions.
4. Security: Protecting systems, networks, and data from cyberattacks, unauthorized access,
and vulnerabilities. Cybersecurity measures must be implemented to safeguard the digital
environment.
5. Access: Ensuring equal access to digital resources and technology for everyone, regardless
of socioeconomic status, geographic location, or other barriers. The digital divide should be
minimized to promote inclusivity.
6. Digital Responsibility: Encouraging ethical behavior in the use of technology, including
respecting others' intellectual property rights, avoiding cyberbullying, and ensuring the
responsible use of online platforms and tools.
Trademarks
Trademarks are the marks that are external to the goods to make the public identify a certain
quality and image related with that product or service. It is an important way of promoting
goodwill of the company or organisation with its clients or customers. It has a legal protection
to prevent others from using it. Few examples of trademarks are Tata, Godrej, IIM etc.
Trademarks can be classified into 4 types:
1. Trademark - It is a mark which includes any word, name, symbol, or any combination
which is used in commerce to identify and differentiate the products of a manufacturer
from products of others. In short, Trademark is a brand name.
2. Service Mark - It is a mark which includes any word, name, symbol, or any
combination which is used in commerce to identify and differentiate the services
provided by one provider from services provided by others. It is used in service
business.
3. Certification Mark - It is a mark which includes any word, name, symbol, or any
combination which is used in commerce by other persons with owner's consent and
certifies them regional, material, mode of manufacture, or other characteristics of
owner's goods .
4. Collective Mark - It is a mark which includes any word, name, symbol, or any
combination which is used in commerce by members of an association or group or
organization.
DEPT OF CSE LAEC,BIDAR
16 | P a g e
CYBER SECURITY
Ethical Hacking
Ethical hacking involves the probing and testing of computer systems, networks, and
applications purposely to identify and make amends on security vulnerabilities, an ethical
hacker alias white-hat or pen tester, is mandated with similar goals to enhance security within
an organization. The proactive approach of ethical hacking ensures the strength of
organizational defences against cyberattacks, protection of sensitive information, and
compliance with security standards and regulations, this understanding and subsequent
simulation of techniques used by cybercriminals make ethical hackers pivotal in maintaining a
good state of cybersecurity and the protection of digital assets.
Types of Ethical Hacking
Depending on the focus of the security testing, ethical hacking can be broken down into a
number of different categories:

Hacking the network: involves testing the infrastructure of the network in order to
find flaws in the protocols, configurations, and devices of the network

Hacking Web Applications: Centres around distinguishing shortcomings in web
applications, for example, SQL injection or cross-website prearranging (XSS)
weaknesses

Hacking the system: Targets working frameworks and programming to find security
defects that could be taken advantage of.

Social Designing: attempts to manipulate individuals into revealing confidential
information or performing actions that could compromise security, putting the human
element to the test.

Hacking into wireless networks: involves identifying potential dangers in wireless
communications and evaluating the security of wireless networks.
DEPT OF CSE LAEC,BIDAR
17 | P a g e
CYBER SECURITY
CHAPTER 7
ADVANTAGES AND DISADVANTAGES
Advantages:
Cybersecurity offers significant advantages like protecting sensitive information,
mitigating financial losses, and building trust with customers. However, it also
presents challenges including high implementation costs, complexity, and the
constant need to adapt to evolving threats.

Protection of sensitive information:
Cybersecurity safeguards personal details, financial records, and intellectual property from
unauthorized access, theft, or exposure.

Financial protection:
It helps organizations avoid significant financial losses from cyberattacks like fraud,
ransomware, and data breaches.

Business continuity:
Ensuring that business operations continue smoothly, even in the face of cyber threats, is a key
benefit.

Building trust:
A strong cybersecurity framework demonstrates an organization's commitment to protecting
customer data, fostering trust and loyalty.

Compliance:
Cybersecurity measures help organizations comply with various legal and regulatory
requirements.

Enhanced reputation:
Protecting sensitive information and building customer trust enhances an organization's
reputation and credibility.

Data security:
Cybersecurity measures, such as encryption and data loss prevention tools, protect data from
unauthorized access and theft.
DEPT OF CSE LAEC,BIDAR
18 | P a g e
CYBER SECURITY
Disadvantages:

High costs:
Implementing and maintaining cybersecurity measures can be expensive, especially for
organizations with complex IT environments.

Complexity:
Cybersecurity solutions can be complex to manage, requiring specialized skills and expertise.

Constant vigilance:
The threat landscape is constantly evolving, requiring ongoing monitoring and adaptation of
security measures.

Potential for false sense of security:
While cybersecurity measures offer protection, they can also create a false sense of security if
not properly implemented and maintained.

Compatibility issues:
Cybersecurity solutions may not be compatible with all systems and networks, requiring careful
planning and integration.

Inconvenience to users:
Security measures can sometimes inconvenience users, requiring them to follow complex
procedures or use restrictive tools.

Human error:
Human errors, such as falling for phishing scams or using weak passwords, can still lead to
security breaches despite robust technology.

Limited effectiveness against insider threats:
Cybersecurity measures may be less effective at preventing threats from internal sources, such
as employees with malicious intent.
DEPT OF CSE LAEC,BIDAR
19 | P a g e
CYBER SECURITY
CHAPTER 8
CONCLUSION
Cybersecurity is a dynamic and ever-evolving field that calls for the collective responsibility
of individuals, developers, and organizations. As we've explored, the threats are multi-faceted,
ranging from sophisticated state-sponsored attacks to the risks posed by insider vulnerabilities
and employee negligence. Therefore, robust cybersecurity is about more than just
implementing high-end technological solutions. It also involves human diligence in
maintaining password hygiene, staying updated on the latest threats, and adhering to best
practices in cyber hygiene.
Organizations must blend advanced security tools and human vigilance to create a holistic
cybersecurity strategy. Whether it's the meticulous design of secure network architecture or
regular employee training, each aspect plays a vital role in safeguarding our digital world. As
the threat landscape continues to evolve, so must our strategies for digital protection.
In today’s interconnected world, cyber security has become a cornerstone of personal safety,
business integrity, and national security. As digital technologies continue to evolve and become
more embedded in every aspect of our lives—from communication and banking to healthcare
and education—the risks associated with cyber threats have grown exponentially. Cyber
attacks are no longer limited to isolated incidents; they are global challenges that can disrupt
economies, compromise sensitive information, and even endanger lives.
DEPT OF CSE LAEC,BIDAR
20 | P a g e
CYBER SECURITY
CHAPTER
DEPT OF CSE LAEC,BIDAR
21 | P a g e