INSTITUTE OF AERONAUTICAL

ENGINEERING

AN ASSIGNMENT REPORT OF

Essentials of Cyber Security

COURSE CODE-ACCD01
BY
NAME: P. VARSHITH
ROLL NUMBER:23951A62H1
BRANCH: CSE (cyber security)

INSTITUTE OF AERONAUTICAL ENGINEERING

DUNDIGAL, HYDERABAD-500 043, TELANGANA,
INDIA.
1.Elaborate the need of security policies in cyber
security.
A. The Importance of Security Policies in Cyber Security: Security
policies in cyber security are necessary for laying down the structure
under which companies secure their properties, data, and resources
against different cyber dangers. They lay out the frameworks for
managing sensitive information, defining responsibilities, ensuring
compliance with laws and regulations, and establishing incident
response plans. Serving as a foundational document, these policies
outline acceptable use, access control, and risk management
strategies, as well as security measures to protect an organization’s IT
systems. While these are in place, the absence of forthright security
policies makes an organization more prone to cyber-attacks, data
breaches, and financial losses.

2. Illustrate the Challenges and Constraints in Internet

Governance
A.Issues in Internet Governance: Internet governance is the
formulation and implementation of policies and standards that
govern the functioning of the internet. The challenges and
constraints in this area are as follows:
Global Coordination: As a global network, the internet makes
achieving consensus difficult in countries with varying legal, political
and economic systems.
Regulatory Differences: Nations have different privacy, security and
freedom of expression laws, creating a challenge to design a single
governance framework.
Cyber Security and Privacy: Maintaining internet security and user
privacy without compromising innovation and open access is a major
concern.
Access to Information: Regions without internet, or with limited
access to the same, remain excluded from governance and policy
creation.
Corporate Interests: When it comes to multiple large technology
corporations, there can be influences that limit representation of the
public interest in open internet policies.

3. Discuss about Digital forensics in computer evidence.

A. Computer Digital Forensics: The field of Digital forensics is the act
of analyzing and inspecting computerized devices and systems to
retrieve evidence that could utilize in legal procedures. It
encompasses the collection, preservation, analysis, and presentation
of data from computers, servers, mobile devices, and cloud storage.
Key aspects include:
Data Acquisition: Copying the evidence correctly and placing it in a
secure but accessible environment.
Investigating file systems, network traffic and logs to discover
criminal activity.
Reporting: Recording results in a clear, legally-admissible way. Digital
activity evidence aids in solving crimes such as hacking, fraud,
identity theft, and cyberbullying.

4. Discuss email trackerPro in email forensics tools.

Email TrackerPro in Email Forensics Tools Email TrackerPro is a tool
used to track and analyze email messages in email forensics. This
data provides clues on how the email travelled from the sender to
the recipient and can include metadata such as associated IP
addresses, times, and mail server-related data. This tool is a remote
forensic investigation enabler:
Check Email Authenticity: Identify if the email is true or has been
forged or altered.
Trace Origins: Use IP addresses to trace the sender location or origin.
Detect Phishing Attempts: Detect attempts through malicious email
to steal secure information. The first of these captures email
information useful for the investigation of email-related crimes, like
scams and phishing Email TrackerPro.

5. Explain the process of Installing antitheft software in

mobile phones?
How to Install Anti-Theft Software on a Mobile Phone: The process of
installing anti-theft software on a mobile phone involves the
following steps:
Importantly look for (anti-theft software) You may search for APP
(Find My Device) and download to the APP Store (Android) or APP
(Find My i Phone) or (Prey) (or Cerberus) third-party APP
applications.
Installation:
https://www.mymahdiyoon.com/download#:~:text=Download - A
vodiine vib..
Enable Location services: Make sure GPS and location services are
activated to track.
Remote Access Setup: Set up the app such that it offers remote
tracking, locking, or wiping of data in the event that the phone is lost
or stolen.
。 Help users to track down and find lost or stolen mobile devices, as
well as secure information.

6. What is the importance of Security policies relating

to mobile computing Devices?
Mobile Computing Devices Security Policies ImportanceMobile
computing devices (e.g., smartphones, tablets, and laptops)
introduce unique security risks because they are easily portable and
often connected to multiple networks. Mobile devices security policy
is very important to:
Authentication: Use strong authentication methods, such as PINs,
biometrics, or multi-factor authentication, to control who has access
to sensitive data.
Secure Data: Use encryption to protect data at rest and transit.
Mobile Device Management: Use MDM solutions to control devices
that employees use to access company networks.
In this sense, with no third-party application stores, you get to avoid
malware, as you restrict the installation of unauthorized apps.
Security — Ensure the Organization Meets Industry
RegulationsCostCompliance — Ensure the Organization Meets
Industry Regulations}}} Such policies reduce the risk of data leakage,
loss of intellectual property, and unauthorized access.

5. Explain the process of Installing antitheft software in mobile

phones?
How to Install Anti-Theft Software on a Mobile Phone: The process of
installing anti-theft software on a mobile phone involves the
following steps:
Importantly look for (anti-theft software) You may search for APP
(Find My Device) and download to the APP Store (Android) or APP
(Find My i Phone) or (Prey) (or Cerberus) third-party APP
applications.
Installation:
https://www.mymahdiyoon.com/download#:~:text=Download - A
vodiine vib..
Enable Location services: Make sure GPS and location services are
activated to track.
Remote Access Setup: Set up the app such that it offers remote
tracking, locking, or wiping of data in the event that the phone is lost
or stolen.
。 Help users to track down and find lost or stolen mobile devices, as
well as secure information.

6. What is the importance of Security policies relating

to mobile computing Devices?
A. Mobile Computing Devices Security Policies Importance Mobile
computing devices (e.g., smartphones, tablets, and laptops)
introduce unique security risks because they are easily portable and
often connected to multiple networks. Mobile devices security policy
is very important to:
Authentication: Use strong authentication methods, such as PINs,
biometrics, or multi-factor authentication, to control who has access
to sensitive data.
Secure Data: Use encryption to protect data at rest and transit.
Mobile Device Management: Use MDM solutions to control devices
that employees use to access company networks.
In this sense, with no third-party application stores, you get to avoid
malware, as you restrict the installation of unauthorized apps.
Security — Ensure the Organization Meets Industry Regulations Cost
Compliance — Ensure the Organization Meets Industry Regulations}}}
Such policies reduce the risk of data leakage, loss of intellectual
property, and unauthorized access.

7. Write a short note on the overview of web threats to

organizations
A. Types of Web Threats to Privately Owned Organizations Web
threats pose risks specific to an organization’s web systems, from
websites, and applications, to online services. Common web threats
include:
Cross-Site Scripting (XSS): Malicious scripts are injected into web
pages by attackers, who can then steal cookies or session information
from users.
SQL Injection: When database queries are manipulated by
cybercriminals to access sensitive data.
Denial of Service (DoS) Attacks — where attackers inundate websites
with traffic resulting in the sites becoming inaccessible.
Phishing and Social Engineering: malicious websites trick users to
expose sensitive information such as login credentials
Malware and Ransomware: Websites can contain malicious software
that infects users’ devices when they access it. This can lead to
financial loss, reputational damage, and legal repercussions for
businesses.
8. Discuss the flow and connections of Cybercrimes in
an organization with neat sketch
A. Flow and Interconnections of Cybercrimes in an Organization
(along with sketch): Cybercrimes in an entity flow through different
stages starting with a cyberattack and ending with data theft or
system disruption. One way to simplify this flow would be:
Step 1 – The Initial Attack: The attacker gains entry through phishing
emails, malware or social engineering.
To exploit vulnerabilities to achieve further access or control of
systems.
Data Exfiltration/Destruction: The attacker steals or corrupts or
encrypts critical data.
Financially motivated crimes: Use of stolen data for personal financial
gain (e.g., wire fraud, identity theft).
Covering Tracks: Attackers attempt to cover their tracks either by
erasing logs or using proxies to hide their identity. Sketch: flow
through stages (each stage connected by path for actions -> phishing
(entry)/exfiltration/fraud.

9. Illustrate the Financial Frauds in Cyber Domain

The key topics include - Cyber 1: Financial Frauds in Cyber Domain:
Financial frauds in the cyber domain violate ethical standards and
ultimately result in loss of money or sensitive data. Cyber-financial
fraud is mainly of the following types:
Phishing: Scammers pose as legitimate organizations to lure you into
providing sensitive financial information such as bank account
numbers.
Identity Theft: The thieves in this case steal personal information to
open false accounts or carry out transactions without permission.
Carding: Where scammer buys stuff with stolen credit card details.
Investment Frauds: Phony internet investment schemes deceive
victims into sending money.
Ransomware attacks: Threat actors encrypt financial data and
demand a ransom for decryption. Such frauds can lead to huge
monetary losses for both individuals and organisations.

10. Describe how the American teenager made millions

of dollars through email spoofing
A. However, a formula to be obtained in thanks to speed and taste of
humor : American Teenager Making Millions By Email Spoofing: An
American teenager made millions of dollars with email spoofing, by
sending emails that are fake, but appeared to be from trusted
entities, such as banks, companies or even government
organizations. He would deceive victims into sending money or
releasing sensitive personal details. In many cases, the teenager used
social engineering techniques to convince victims to believe the
emails were valid. Spoofing was when you created a fraudulent email
address that was similar enough to a real one that would make it
more likely for a recipient to fall for the scam. The Case of the
Nigerian Prince: A Reminder to Be Wary of Email Scam Nigeria Prince
Case: Awareness in online scams