UNIT-I

INTRODUCTION TO CYBER SECURITY

CYBERSPACE:
Cyberspace is a virtual space and it is the interconnected space between networks of
computer systems. Bits and Bytes- Zeroes and ones are used to define Cyberspace. It is a
dynamic environment where these values change continuously.
(OR)
Cyberspace refers to the virtual computer world, and more specifically, an electronic medium
that is used to facilitate online communication. Cyberspace typically involves a large
computer network made up of many worldwide computer subnet works that employ TCP/IP
protocol to aid in communication and data exchange activities.
Cyberspace Levels:

Cyberspace can be viewed as three layers (physical, logical, and social) made up of five
components (geographic, physical network, logical network, cyber persona, and persona).

Physical:

The physical layer includes the geographic component and the physical network component.
The geographic component is the physical location of elements of the network. While
geopolitical boundaries can easily be crossed in cyberspace at a rate approaching the speed of
light, there is still a physical aspect tied to the other domains. The physical network
component includes all the hardware and infrastructure (wired, wireless, and optical) that
supports the network and the physical connectors (wires, cables, radio frequency, routers,
servers, and computers)

Logical:

The logical layer contains the logical network component, which is technical and consists of
the logical connections that exist between network nodes. Nodes are any devices connected to
a computer network. Nodes can be computers, personal digital assistants, cell phones, or
various other network appliances. On an Internet protocol (IP) network, a node is any device
with an IP address.

Social:

The social layer comprises the human and cognitive aspects, including the cyber persona and
persona components. The cyber persona component includes a person’s identification or
persona on the network (e-mail address, computer IP address, cell phone number, and others).
The persona component consists of the people actually on the network. An individual can
have multiple cyber personas (for example, different e-mail accounts on different computers)
and a single cyber persona can have multiple users.

OVERVIEW OF COMPUTER AND WEB TECHNOLOGY:

Web Technology refers to the various tools and techniques that are utilized in the process of
communication between different types of devices over the Internet. A web browser is used to
access web pages. Web browsers can be defined as programs that display text, data, pictures,
animation, and video on the Internet. Hyperlinked resources on the World Wide Web can be
accessed using software interfaces provided by Web browsers.

Web Technology can be classified into the following sections:

 World Wide Web (WWW): The World Wide Web is based on several different
technologies: Web browsers, Hypertext Markup Language (HTML), and Hypertext
Transfer Protocol (HTTP).
 Web Browser: The web browser is an application software to explore www (World
Wide Web). It provides an interface between the server and the client and requests to the
server for web documents and services.
 Web Server: Web server is a program which processes the network requests of the users
and serves them with files that create web pages. This exchange takes place using
Hypertext Transfer Protocol (HTTP).
 Web Pages: A webpage is a digital document that is linked to the World Wide Web and
viewable by anyone connected to the internet has a web browser.
 Web Development: Web development refers to the building, creating, and maintaining
of websites. It includes aspects such as web design, web publishing, web programming,
and database management. It is the creation of an application that works over the internet
i.e. websites.

Web Development can be classified into two ways:

Frontend Development: The part of a website that the user interacts directly is termed as
front end. It is also referred to as the ‘client side’ of the application.
Frontend Languages: The front-end portion is built by using some languages which are
discussed below:
 HTML: HTML stands for Hypertext Markup Language. It is used to design the front-
end portion of web pages using a markup language. HTML is the combination of
Hypertext and Markup language. Hypertext defines the link between the web pages.
The markup language is used to define the text documentation within the tag which
defines the structure of web pages.
 CSS: Cascading Style Sheets fondly referred to as CSS is a simply designed language
intended to simplify the process of making web pages presentable. CSS allows you to
apply styles to web pages. More importantly, CSS enables you to do this independent of
the HTML that makes up each web page.
 JavaScript: JavaScript is a famous scripting language used to create magic on the sites
to make the site interactive for the user. It is used to enhancing the functionality of a
website to running cool games and web-based software.
 AJAX: Ajax is an acronym for Asynchronous Javascript and XML. It is used to
communicate with the server without refreshing the web page and thus increasing the
user experience and better performance.
Backend Development: Backend is the server side of a website. It is the part of the website
that users cannot see and interact. It is the portion of software that does not come in direct
contact with the users. It is used to store and arrange data..
Backend Languages: The back end portion is built by using some languages which are
discussed below:
 PHP: PHP is a server-side scripting language designed specifically for web
development. Since PHP code executed on the server-side, so it is called a server-side
scripting language.
 Node.js: Node.js is an open-source and cross-platform runtime environment for
executing JavaScript code outside a browser. You need to remember that NodeJS is not
a framework, and it’s not a programming language. Most people are confused and
understand it’s a framework or a programming language. We often use Node.js for
building back-end services like APIs like Web App or Mobile App. It’s used in
production by large companies such as Paypal, Uber, Netflix, Wallmart, and so on.
 Python: Python is a programming language that lets you work quickly and integrate
systems more efficiently.
 Ruby: Ruby is a dynamic, reflective, object-oriented, general-purpose programming
language. Ruby is a pure Object-Oriented language developed by Yukihiro Matsumoto.
Everything in Ruby is an object except the blocks but there are replacements too for it
i.e procs and lambda. The objective of Ruby’s development was to make it act as a
sensible buffer between human programmers and the underlying computing machinery.
 Java: Java is one of the most popular and widely used programming languages and
platforms. It is highly scalable. Java components are easily available.
 JavaScript: JavaScript can be used as both (front end and back end) programming.
 Golang: Golang is a procedural and statically typed programming language having the
syntax similar to C programming language. Sometimes it is termed as Go Programming
Language.
 C#: C# is a general-purpose, modern and object-oriented programming language
pronounced as “C sharp”.
 DBMS: The software which is used to manage database is called Database
Management System (DBMS).

ARCHITECTURE OF CYBERSPACE:
 Why is a cyber-security architecture needed?

A cyber security architecture is the foundation of an organization’s defense against cyber

threats, and ensures that all components of its IT infrastructure are protected. Environments
that are secured by a cyber-security architecture include:

 Cloud

 Networks

 IoT

 Endpoints

 Mobile

Benefits of a consolidated cyber security architecture:

 Improves overall security

 Prevents known and unknown zero-day threats in real time

 Automates security across all enforcement points

 Provides full visibility into an organization’s threat posture with a single, unified
management console

 Reduces TCO and increases operational efficiency.

COMMUNICATION AND WEB TECHNOLOGY IN CYBER SECURITY:

Cyber security is an ever-evolving field that requires organizations to continuously

update their practices and strategies to stay ahead of potential threats. Effective
communication is crucial to any cyber security strategy, as it helps organizations
protect themselves and their clients from potential cyber-attacks. In this blog post,
we’ll discuss cyber security best practices for effective communication in cyber
security law, along with recent statistics highlighting the importance of these practices.
1. Clear and Consistent Communication
Clear and consistent communication is essential for effective cyber security.
Organizations must ensure that all employees understand the significance of cyber
security and the probable risks of not following proper protocols. Establishing clear
guidelines and procedures for reporting and addressing security breaches and regular
training to keep employees updated on the latest threats is important. The importance
of clear and consistent communication to ensure that all employees understand the
importance of cyber security and how to protect their organization from potential
threats.
2. Collaboration and Information Sharing
Effective communication in cyber security law also involves collaboration and
information sharing. This means that organizations must collaborate to share
information about threats, vulnerabilities, and potential solutions. It’s important to
establish relationships with other organizations, government agencies, and
cybersecurity experts to stay apprised and up to date on the latest hazards. Sharing
information about potential threats and vulnerabilities can help organizations stay
ahead of cybercriminals and protect their client’s sensitive data.
3. Transparency and Accountability
Transparency and accountability are also key components of effective communication
in cybersecurity law. Organizations must be transparent about their cybersecurity
practices, including the measures they take to protect their clients’ data. They must
also be accountable for any breaches or failures to protect that data. If an organization
experiences a data breach, they must be transparent about the breach and take
responsibility for any failures to protect their clients’ data. This can assist in building
confidence with clients and prevent further damage to the organization’s reputation.
4. Effective Communication During a Cyber Attack
Effective communication is also important during a cyber attack. Organizations must
have a strategy in position for communicating with employees, clients, and other
stakeholders in the event of a breach. This includes establishing clear communication
channels and providing regular updates about the status of the breach. The importance
of effective communication during a breach to minimize the damage and protect the
organization’s reputation. Clear communication can help mitigate the impact of a
breach and build trust with clients and stakeholders.
Effective communication is a crucial component of any cyber security strategy. Clear
and consistent communication, collaboration, information sharing, transparency and
accountability, and effective communication during a cyber attack are all key
components of effective communication in cyber security law. Recent statistics
highlight the importance of these practices in today’s digital landscape, and
organizations must prioritize them to mitigate the risks of cyber attacks. By
implementing these best practices, organizations can protect themselves and their
clients from potential threats and build trust with their stakeholders.
WWW:
How does the World Wide Web work?
The way for an internet revolution that has transformed the world in only three decades, the
World Wide Web consists of multiple components that enable users to access various
resources, documents and web pages on the internet. Thus, the WWW is like a vast electronic
book whose pages are stored or hosted on different servers worldwide.

These pages are the primary component or building blocks of the WWW and are linked
through hyperlinks, which provide access from one specific spot in a hypertext or hypermedia
document to another spot within that document or a different one. Hyperlinks are another
defining concept of the WWW and provide its identity as a collection of interconnected
documents.

Hypertext is a method for instant information cross-referencing that supports communications

on the web. Hypertext makes it easy to link content on one web page to content on another
web page or site. Hypertext and HTTP enable people to access the millions of websites active
on the WWW.
The Hypertext Transfer Protocol (HTTP) is another key component of the WWW. It enables
users to access web pages by standardizing communications and data transfer between the
internet's servers and clients.

Most web documents and pages are created using Hypertext Mark-up Language (HTML), a
text-based way of describing how content within an HTML file is structured. HTML
describes the structure of web pages using elements or tags and displays the content of these
pages through a web browser.

To access one of these pages, a user and their client machine supply a universal identifier to
the web server via a browser. This identifier may be a uniform resource locator (URL) or
uniform resource identifier (URI) and is unique to each web page.

History of the World Wide Web

British physicist Tim Berners-Lee invented the World Wide Web. Along with colleagues at
Geneva-based CERN -- the European Organization for Nuclear Research -- Berners-Lee had
been working on the concept since 1989. Their goal was to combine available technologies
and data networks to create a user-friendly system for global communication and information
sharing. At the time, they began work on the first WWW server, which they called httpd.
They also dubbed the first client WWW.

Originally, WWW was a what you see is what you get (WYSIWYG) hypertext
browser/editor that ran in the Next Step environment. In 1990, Berners-Lee demonstrated the
first web server and browser at CERN to explain his idea of a World Wide Web. The web
then entered the public eye in 1991 when Berners-Lee, who also developed hypertext,
announced his creation on the alt.hypertext newsgroup; at the same time, he created the
world's first web page with the address http://info.cern.ch/hypertext/WWW/TheProject.html.

Difference Between World Wide Web and the Internet

The main difference between the World Wide Web and the Internet are:

World Wide Web Internet

All the web pages and web

documents are stored there on the
The Internet is a global network of computers that is
World wide web and to find all that
accessed by the World wide web.
stuff you will have a specific URL
for each website.

The world wide web is a service. The Internet is an infrastructure.

The world wide web is a subset of

The Internet is the superset of the world wide web.
the Internet.
World Wide Web Internet

The world wide web is software-

The Internet is hardware-oriented.
oriented.

The world wide web uses HTTP. The Internet uses IP Addresses.

The world wide web can be

considered as a book from the The Internet can be considered a Library.
different topics inside a Library.

Internet

The Internet is the foremost important tool and the prominent resource that is being used by
almost every person across the globe. It connects millions of computers, webpages,
websites, and servers. Using the internet we can send emails, photos, videos, and messages
to our loved ones. Or in other words, the Internet is a widespread interconnected network of
computers and electronic devices(that support Internet). It creates a communication
medium to share and get information online. If your device is connected to the Internet then
only you will be able to access all the applications, websites, social media apps, and many
more services. The Internet nowadays is considered the fastest medium for sending and
receiving information.

History of the Internet

The Internet came in the year 1960 with the creation of the first working model
called ARPANET (Advanced Research Projects Agency) . It allowed multiple computers to
work on a single network which was their biggest achievement at that time. ARPANET
uses packet switching to communicate multiple computer systems under a single network.
In October 1969, using ARPANET first message was transferred from one computer to
another. After that technology continues to grow.
How is the Internet Set Up?
The internet is set up with the help of physical optical fiber data transmission cables or
copper wires and various other networking mediums like LAN, WAN, MAN, etc. For
accessing the Internet even the 2G, 3G, and 4G services and the Wifi require these physical
cable setups to access the Internet. There is an authority named ICANN (Internet
Corporation for Assigned Names and Numbers) located in the USA which manages the
Internet and protocols related to it like IP addresses.
How Does the Internet Work?
The actual working of the internet takes place with the help of clients and servers. Here the
client is a laptop that is directly connected to the internet and servers are the computers
connected indirectly to the Internet and they are having all the websites stored in those
large computers. These servers are connected to the internet with the help of ISP (Internet
Service Providers) and will be identified with the IP address.
Each website has its Domain name as it is difficult for any person to always remember the
long numbers or strings. So, whenever you search for any domain name in the search bar of
the browser the request will be sent to the server and that server will try to find the IP
address from the Domain name because it cannot understand the domain name. After
getting the IP address the server will try to search the IP address of the Domain name in a
Huge phone directory that in networking is known as a DNS server (Domain Name Server) .
For example, if we have the name of a person and we can easily find the Aadhaar number
of him/her from the long directory as simple as that.
So after getting the IP address, the browser will pass on the further request to the respective
server and now the server will process the request to display the content of the website
which the client wants. If you are using a wireless medium of Internet like 3G and 4G or
other mobile data then the data will start flowing from the optical cables and will first reach
towers from there the signals will reach your cell phones and PCs through electromagnetic
waves and if you are using routers then optical fiber connecting to your router will help in
connecting those light-induced signals to electrical signals and with the help of ethernet
cables internet reaches your computers and hence the required information.
Uses of the Internet
Some of the important usages of the internet are:
 Online Businesses (E-commerce): Online shopping websites have made our life easier,
e-commerce sites like Amazon, Flipkart, and Myntra are providing very spectacular
services with just one click and this is a great use of the Internet.
 Cashless Transactions: All the merchandising companies are offering services to their
customers to pay the bills of the products online via various digital payment apps like
Paytm, Google Pay, etc. UPI payment gateway is also increasing day by day. Digital
payment industries are growing at a rate of 50% every year too because of the
INTERNET.
 Education: It is the internet facility that provides a whole bunch of educational material
to everyone through any server across the web. Those who are unable to attend physical
classes can choose any course from the internet and can have point-to-point knowledge
of it just by sitting at home. High-class faculties are teaching online on digital platforms
and providing quality education to students with the help of the Internet.
 Social Networking: The purpose of social networking sites and apps is to connect
people all over the world. With the help of social networking sites, we can talk, and
share videos, and images with our loved ones when they are far away from us. Also, we
can create groups for discussion or for meetings.
 Entertainment: The Internet is also used for entertainment. There are numerous
entertainment options available on the internet like watching movies, playing games,
listening to music, etc. You can also download movies, games, songs, TV Serial, etc.,
easily from the internet.
Security and the Internet
Very huge amount of data is managed across the Internet almost the time, which leads to
the risk of data breaching and many other security issues. Both Hackers and Crackers can
lead to disrupting the network and can steal important information like Login Credentials,
Banking Credentials, etc.

Steps to Protect the Online Privacy

 Install Antivirus or Antimalware.

 Create random and difficult passwords, so that it becomes difficult to guess.
 Use a private browsing window or VPN for using the Internet.
 Try to use HTTPS only for better protection.
 Try to make your Social Media Account Private.
 If you are not using any application, which requires GPS, then you can turn GPS off.
 Do not simply close the tab, first log out from that account, then close the tab.
 Try to avoid accessing public Wifi or hotspots.
 Try to avoid opening or downloading content from unknown sources.
There is an element of the Internet called the Dark Web, which is not accessible from
standard browsers. To keep safe our data, we can use Tor and I2P, which helps in keeping
our data anonymous that helps in protecting user security, and helps in reducing
cybercrime.
Advantages of the Internet
 Online Banking and Transaction: The Internet allows us to transfer money online
through the net banking system. Money can be credited or debited from one account to
the other.
 Education, Online Jobs, Freelancing: Through the Internet, we are able to get more
jobs via online platforms like LinkedIn and to reach more job providers. Freelancing on
the other hand has helped the youth to earn a side income and the best part is all this can
be done via the INTERNET.
 Entertainment: There are numerous options for entertainment online we can listen to
music, play games can watch movies, and web series, and listen to podcasts, youtube
itself is a hub of knowledge as well as entertainment.
 New Job Roles: The Internet has given us access to social media, and digital products
so we are having numerous new job opportunities like digital marketing and social
media marketing online businesses are earning huge amounts of money just because the
Internet is the medium to help us to do so.
 Best Communication Medium: The communication barrier has been removed from
the Internet. You can send messages via email, Whatsapp, and Facebook. Voice
chatting and video conferencing are also available to help you to do important meetings
online.
 Comfort to humans: Without putting any physical effort you can do so many things
like shopping online it can be anything from stationeries to clothes, books to personal
items, etc. You can books train and plane tickets online.
 GPS Tracking and google maps: Yet another advantage of the internet is that you are
able to find any road in any direction, and areas with less traffic with the help of GPS
on your mobile.
Disadvantages of the Internet
 Time Wastage: Wasting too much time on the internet surfing social media apps and
doing nothing decreases your productivity rather than wasting time on scrolling social
media apps one should utilize that time in doing something skillful and even more
productive.
 Bad Impacts on Health: Spending too much time on the internet causes bad impacts on
your health physical body needs some outdoor games exercise and many more things.
Looking at the screen for a longer duration causes serious impacts on the eyes.
 Cyber Crimes: Cyber bullying , spam, viruses, hacking, and stealing data are some of
the crimes which are on the verge these days. Your system which contains all the
confidential data can be easily hacked by cybercriminals.
 Effects on Children: Small children are heavily addicted to the Internet watching
movies, and games all the time is not good for their overall personality as well as social
development.
 Bullying and Spreading Negativity: The Internet has given a free tool in the form of
social media apps to all those people who always try to spread negativity with very
revolting and shameful messages and try to bully each other which is wrong.

The Infrastructure of the Internet:

The hardware infrastructure of the Internet happens at layers 1 and 2 of the OSI model. Layer
1 provides the cable and radio wave media that interconnect devices, along with the network
interface controller (NIC) installed within the computing device to which media connects.
When formally connected to an Internet Protocol (IP)network the NIC becomes a node on
the network. Layer two of the OSI model provides the identification mechanisms for the
node. A computing device can have one or more than one NIC. For instance, your laptop may
be simultaneously connected to a network with both a wired Ethernet media & NIC and a
WiFi media & NIC, and your smartphone a cell radio wave media & NIC and also a WiFi
media & NIC. Each NIC is uniquely identifiable so that information is correctly disseminated
to the appropriate device. To direct the flow of information between nodes, there must be
an interconnect device or a combination of devices to facilitate communications. The only
exception is when two nodes use the NIC, node identifiers, and media to do direct peer-to-
peer communications.

Nodes interconnect with other nodes in different ways, depending on how far they reach
geographically, how many people are meant to use them, and who primarily owns or controls
them. Some cover a very small area and may be used for very specific devices, while others
are more general, cover larger areas, and are especially effective for use on the Internet.

The backbone of the Internet, that part serviced by Network Service Providers and Backbone
Providers, is constructed using a fiber optic cable infrastructure. To carry signals, rather than
using electrical signals, glass fibers are used to carry light, with upwards of a thousand fibers
being located within a single cable cladding. It is often the case that more fibers are included
within a cable than are needed at the time of installation (called dark fiber) to allow for
future growth without additional installation expense. Further, Wave Division Multiplexing
(WDM) is further used to allow multiple different wavelengths of light to be distributed on
each strand of fiber (multiplexed) and then later separated (de-multiplexed), transmitting
multiple communication streams simultaneously though a single light pulse. As technology
continues to improve, replacement of multiplexers for newer models is allowing for still
further data to be transferred over existing lines without additional installation expense of the
cables themselves. The data itself is transferred using pulses of light transmitted using light-
emitting diodes (LEDs) or small lasers. This can be done at very high speeds and over very
long distances with less susceptibility to interference. A few different techniques are used to
separate different wavelengths of light in ways that allow multiple communication streams,
each at high frequencies, supporting higher capacity in addition to high frequencies. This
opens up data transfer rates using fiber optics that are 20 to 1,000 times faster than cable and
outdoor WiFi Internet service and for a larger customer base. As Susan Crawford points out
in her 2018 book Fiber: The coming tech revolution—and why America might miss it, “If the
information-carrying capacity of copper wire is like a two-inch-wide pipe, fiber optic is like a
river fifteen miles wide.

Within the United States, most Internet Service Providers, on the other hand, make use of
existing communication technologies developed for phone and cable television to also
provide Internet access. Indeed, it has often been marketed as the “triple play,” a discounted
package providing these three at a discounted price compared to the purchase of each one
individually from the provider, or from several different providers. In some cases, a provider
primarily uses one technology, such as the cable Internet used by Xfinity/Comcast. On the
other hand, depending on geographic location you can get Internet service from AT&T via
copper Digital Subscriber Line (DSL) or fiber optics Internet lines, as well as via radio waves
through their wireless phone services.
For most homes, community organizations, and small office/home office contexts,
a gateway router is used that provides a WAN port used to connect the media leading to the
first router of the Internet Service Provider. While sometimes this WAN port may need to
first connect to a DSL/Cable modem or a fiber optics Optical Network Terminal (ONT), in
other cases this interconnect device is integrated into the router. Typically, a gateway router
will also incorporate both wired Ethernet switch and WiFi access point interconnect devices
for interconnectivity on the LAN side of the router. In addition, a gateway router typically
integrates a Dynamic Host Configuration Protocol (DHCP) server that dynamically or
statically assigns IP addresses to connected nodes on the LAN. The router will be configured
to route essential Internet “phone book” type lookups to a designated ISP or third-
party Domain Name System (DNS) server that contains a database of public IP
addresses and associated IP names. All of these additional services facilitate its core
function as the router between the LAN and the WAN.
INTERNET SOCIETY:

The Internet Society (ISOC) supports and promotes the development of the Internet as a
global technical infrastructure, as a resource to enrich people’s lives, and a force for good
in society.

Their work aligns with goals for the Internet to be open, globally-connected, secure, and
trustworthy. They do so by building and supporting communities that make the Internet
work; advancing the development and application of Internet infrastructure, technologies,
and open standards; and advocating for policy.

In 1991, the National Science Foundation (NSF) contract with the Corporation for National
Research Initiatives (CNRI) to operate the Internet Engineering Task Force (IETF) expired.
The then Internet Activities Board (IAB) sought to create a non-profit institution which could
take over the role. In 1992 Vint Cerf, Bob Kahn and Lyman Chapin announced the formation
of the Internet Society as "a professional society to facilitate, support, and promote the
evolution and growth of the Internet as a global research communications infrastructure,"
which would incorporate the IAB, the IETF, and the Internet Research Task Force (IRTF),
plus the organization of the annual INET meetings. By mid-2000, the Internet Society's
finances became precarious, and several individuals and organizations stepped forward to fill
the gap. Until 2001, there were also trustees elected by individual members of the Internet
 Society. Those elections were "suspended" in 2001. This was ostensibly done as a fiscal
measure due to the perception that the elections were too expensive for the precarious
financial state of the organization. In later Bylaw revisions, the concept of individual
member-selected trustees went from "suspended" to being deleted altogether
In late 2001, leaders from Afilias (a domain name registry) approached the Internet Society
CEO Lynn St.Amour, to propose a novel partnership to jointly bid for the .org registry. In this
model, the Internet Society would become the new home of .org, and all technical and service
functions would be managed by Afilias. Afilias would pay for all bid expenses and would
contribute towards the Internet Society payroll while the bid was under consideration by
ICANN. The Internet Society Board approved this proposal at their Board meeting in 2001.
In 2002 ISOC successfully bid for the .org registry and formed the Public Interest
Registry (PIR), to manage and operate it.
In 2010, ISOC launched its first community network initiative to deploy five wireless mesh
based networks in rural locations across India.[21]
In 2012, on ISOC's 20th anniversary, it established the Internet Hall of Fame, an award to
"publicly recognize a distinguished and select group of visionaries, leaders, and luminaries
who have made significant contributions to the development and advancement of the global
Internet".
In 2016 Deploy 360 extended its campaigns to include Mutually Agreed Norms for Routing
Security(MANRS) and DNS-based Authentication of Named Entities (DANE).
.
REGULATION OF CYBERSPACE:
The following are the proposed models of cyberspace regulation :

 Regulation by code and architecture

The use of code and architecture for regulating cyberspace. They believe that since internet
was invented for research and not for commerce, its founding protocols are inherently
unsecure and are primarily designed for sharing the data, rather than concealing it. This
provides a breeding ground for cybercrime activities.

However, it is argued by these scholars that the internet is, by far, the most reliable space,
since, through its architecture, it can reveal who someone is, where they are and what they
are doing. The code and architecture of the technology can very easily help in identifying the
wrongdoer by tracing the Internet Protocol (IP) address of the computer used for the
commission of cybercrime.

However, merely relying on codes and architecture can, although help in identifying the
cybercriminal, but it will not play a key role in preventing cybercrimes and ensuring
prosecution of such cybercriminals.

 Regulation by the Government

The role of government in the regulation of cyberspace comes in picture by virtue of

sovereignty, territoriality (over its subjects who might be victim of cybercrime), public
interest (addressing cybersecurity issues which are posed to its subjects) and national
security.

Government is considered to have a primary responsibility for formulating cyberspace

policies which govern the cyberspace and stimulate the rights, liabilities and remedies
available to the parties involved. It is also obligated to take steps for international co-
operation in the field of cyberspace regulation, owing to the borderless nature of the
cyberspace and the jurisdictional issues stemming from it.

However, the model of governance where just the government is responsible for regulating
the cyberspace fails to take into consideration the ineffectiveness of government in
addressing the issues faced in the real world. If the state is not competent to regulate its
territorial limits itself, how can it be expected to single-handedly regulate the cyberspace,
which has no territorial limits. Further, the state might not have appropriate strategies to
tackle these issues, owing to the technical nature of such activities.

CONCEPT OF CYBER SECURITY:

Cyber Security Basics: Cyber security is the most concerned matter as cyber threats and
attacks are overgrowing. Attackers are now using more sophisticated techniques to target the
systems. Individuals, small-scale businesses or large organization, are all being impacted. So,
all these firms whether IT or non-IT firms have understood the importance of Cyber Security
and focusing on adopting all possible measures to deal with cyber threats. What is cyber
security? "Cyber security is primarily about people, processes, and technologies working
together to encompass the full range of threat reduction, vulnerability reduction, deterrence,
international engagement, incident response, resiliency, and recovery policies and activities,
including computer network operations, information assurance, law enforcement, etc.

OR

cyber security is the body of technologies, processes, and practices designed to protect
networks, computers, programs and data from attack, damage or unauthorized access.

 The term cyber security refers to techniques and practices designed to protect digital data.

 The data that is stored, transmitted or used on an information system. OR Cyber security is
the protection of Internet-connected systems, including hardware, software, and data from
cyber attacks. It is made up of two words one is cyber and other is security.

 Cyber is related to the technology which contains systems, network and programs or data. 
Whereas security related to the protection which includes systems security, network security
and application and information security. Why is cyber security important? Listed below are
the reasons why cyber security is so important in what’s become a predominant digital world:

 Cyber attacks can be extremely expensive for businesses to endure.

 In addition to financial damage suffered by the business, a data breach can also inflict
untold reputational damage.
 Cyber-attacks these days are becoming progressively destructive. Cybercriminals are using
more sophisticated ways to initiate cyber attacks.

 Regulations such as GDPR are forcing organizations into taking better care of the personal
data they hold. Because of the above reasons, cyber security has become an important part of
the business and the focus now is on developing appropriate response plans that minimize the
damage in the event of a cyber-attack. But, an organization or an individual can develop a
proper response plan only when he has a good grip on cyber security fundamentals.

Cyber security Fundamentals –

Confidentiality:

Confidentiality is about preventing the disclosure of data to unauthorized parties. It also

means trying to keep the identity of authorized parties involved in sharing and holding data
private and anonymous. Often confidentiality is compromised by cracking poorly encrypted
data, Man-in-the-middle (MITM) attacks, disclosing sensitive data. Standard measures to
establish confidentiality include:  Data encryption  Two-factor authentication  Biometric
verification  Security tokens

Integrity

Integrity refers to protecting information from being modified by unauthorized parties.

Standard measures to guarantee integrity include:  Cryptographic checksums  Using file
permissions  Uninterrupted power supplies  Data backups

Availability

Availability is making sure that authorized parties are able to access the information when
needed. Standard measures to guarantee availability include:  Backing up data to external
drives  Implementing firewalls  Having backup power supplies  Data redundancy

ISSUES AND CHALLENGES OF CYBER SECURITY:

Issues :

 1. Social Engineering
 2. Third-Party Exposure
 3. Configuration Mistakes
 4. Poor Cyber Hygiene
 5. Cloud Vulnerabilities
 6. Mobile Device Vulnerabilities
 7. Internet of Things
 8. Ransom ware
 9. Poor Data Management
 10. Inadequate Post-Attack Procedures
CYBER SECURITY CHALLENGES

Today cybersecurity is the main component of the country's overall national security and
economic security strategies. In India, there are so many challenges related to cybersecurity.
With the increase of the cyber-attacks, every organization needs a security analyst who makes
sure that their system is secured. These security analysts face many challenges related to
cybersecurity such as securing confidential data of government organizations, securing the
private organization servers, etc.

The recent important cybersecurity challenges are described below:

1. Ransomware Evolution

Ransomware is a type of malware in which the data on a victim's computer is locked, and
payment is demanded before the ransomed data is unlocked. After successful payment, access
rights returned to the victim. Ransomware is the bane of cybersecurity, data professionals, IT,
and executives.

Ransomware attacks are growing day by day in the areas of cybercrime. IT professionals and
business leaders need to have a powerful recovery strategy against the malware attacks to
protect their organization. It involves proper planning to recover corporate and customers'
data and application as well as reporting any breaches against the Notifiable Data Breaches
scheme. Today's DRaaS solutions are the best defence against the ransomware attacks. With
DRaaS solutions method, we can automatically back up our files, easily identify which
backup is clean, and launch a fail-over with the press of a button when malicious attacks
corrupt our data.

2. Blockchain Revolution

Blockchain technology is the most important invention in computing era. It is the first time in
human history that we have a genuinely native digital medium for peer-to-peer value
exchange. The blockchain is a technology that enables cryptocurrencies like Bitcoin. The
blockchain is a vast global platform that allows two or more parties to do a transaction or do
business without needing a third party for establishing trust.

It is difficult to predict what blockchain systems will offer in regards to cybersecurity. The
professionals in cybersecurity can make some educated guesses regarding blockchain. As the
application and utility of blockchain in a cybersecurity context emerges, there will be a
healthy tension but also complementary integrations with traditional, proven, cybersecurity
approaches.

3. IoT Threats

IoT stands for Internet of Things. It is a system of interrelated physical devices which can be
accessible through the internet. The connected physical devices have a unique identifier
(UID) and have the ability to transfer data over a network without any requirements of the
human-to-human or human-to-computer interaction. The firmware and software which is
running on IoT devices make consumer and businesses highly susceptible to cyber-attacks.

When IoT things were designed, it is not considered in mind about the used in cybersecurity
and for commercial purposes. So every organization needs to work with cybersecurity
professionals to ensure the security of their password policies, session handling, user
verification, multifactor authentication, and security protocols to help in managing the risk.

4. AI Expansion

AI short form is Artificial intelligence. According to John McCarthy, father of Artificial

Intelligence defined AI: "The science and engineering of making intelligent machines,
especially intelligent computer programs."

It is an area of computer science which is the creation of intelligent machines that do work
and react like humans. Some of the activities related to artificial intelligence include speech
recognition, Learning, Planning, Problem-solving, etc. The key benefits with AI into our
cybersecurity strategy has the ability to protect and defend an environment when the
malicious attack begins, thus mitigating the impact. AI take immediate action against the
malicious attacks at a moment when a threats impact a business. IT business leaders and
cybersecurity strategy teams consider AI as a future protective control that will allow our
business to stay ahead of the cybersecurity technology curve.

5. Serverless Apps Vulnerability

Serverless architecture and apps is an application which depends on third-party cloud

infrastructure or on a back-end service such as google cloud function, Amazon web services
(AWS) lambda, etc. The serverless apps invite the cyber attackers to spread threats on their
system easily because the users access the application locally or off-server on their device.
Therefore it is the user responsibility for the security precautions while using serverless
application.

The serverless apps do nothing to keep the attackers away from our data. The serverless
application doesn't help if an attacker gains access to our data through a vulnerability such as
leaked credentials, a compromised insider or by any other means then serverless.
We can run software with the application which provides best chance to defeat the
cybercriminals. The serverless applications are typically small in size. It helps developers to
launch their applications quickly and easily. They don't need to worry about the underlying
infrastructure. The web-services and data processing tools are examples of the most common
serverless apps.