Cyber Security Technique (SECCS-03)

For PYQ'S (Click Here)

BLOCK I – UNIT I

Information Security Basics to Policies

Ultra-Short Exam Notes

Security Policy

A security policy is a set of rules and guidelines that protect an organization's information and systems.

Objectives of Security Policies

Reduce risks
Ensure legal compliance
Maintain confidentiality
Maintain integrity
Ensure operational continuity

Types of Security Policies

Organizational Security Policy
Issue-Specific Policy
System-Specific Policy

Organizational Security Policy Includes

Security goals
Responsibilities
Enforcement methods
Strategic value of security

Physical Security

Protection of hardware, buildings and equipment from theft, damage and unauthorized access.

Economic Security

Stable financial resources and income for maintaining operations.

Online Security

Data at Rest → Protected by Encryption on storage devices.
Data in Transit → Protected through secure encrypted communication channels.

Important Terms

IPSec

Internet Protocol Security
Secures IP communications through encryption and authentication.

PGP

Pretty Good Privacy
Used for secure emails and file encryption.

Malware

Malicious software.

Virus

Attaches to a host file and spreads.

Worm

Self-replicates without host file.

Botnet

Group of infected computers controlled remotely.

Model Questions (Short Answers)

1. What are the basic elements of policy?

Answer:

Purpose
Scope
Responsibilities
Rules
Enforcement

2. What are types of security policy?

Answer:

Organizational Policy
Issue-Specific Policy
System-Specific Policy

3. List out the ways to make policies more effective.

Answer:

Keep policies simple
Update regularly
Train employees
Define responsibilities
Monitor compliance

4. List five differences between policies and procedures.

Policy	Procedure
States what to do	States how to do
General	Detailed
Strategic	Operational
Long-term	Short-term
Created by management	Implemented by staff

5. What is physical security?

Answer:
Protection of buildings, computers, servers and equipment from unauthorized access, theft and damage.

6. Explain IPSec.

Answer:
IPSec is a security protocol used to encrypt and authenticate IP network communications.

7. Explain working of PGP.

Answer:
PGP uses:

Encryption
Public Key
Private Key
Digital Signature

It secures emails and files from unauthorized access.

8. Differentiate Malware, Botnet, Virus and Worm.

Term	Meaning
Malware	Any malicious software
Virus	Needs host file to spread
Worm	Self-replicates automatically
Botnet	Network of infected devices

Most Important MCQs from Unit 1

Q. Security policy is mainly used to:

Ans: Protect information and systems

Q. IPSec stands for:

Ans: Internet Protocol Security

Q. PGP stands for:

Ans: Pretty Good Privacy

Q. Which security protects hardware?

Ans: Physical Security

Q. Data at rest is protected by:

Ans: Encryption

Q. Data in transit is protected by:

Ans: Secure encrypted channel

Q. Which malware requires a host file?

Ans: Virus

Q. Which malware spreads independently?

Ans: Worm

Q. A botnet is:

Ans: Collection of infected computers controlled remotely

Q. Confidentiality is maintained through:

Ans: Encryption

One-Minute Revision

Security Policy = Rules for protection
IPSec = Secure IP communication
PGP = Email/File encryption
Physical Security = Hardware protection
Virus = Needs host
Worm = No host needed
Malware = Malicious software
Botnet = Controlled infected machines
Data at Rest = Stored Data
Data in Transit = Moving Data

UNIT II

Cyber Crime and Different Modes of Attacks

Ultra-Short Exam Notes

Attack

An attack is any attempt to:

Destroy data
Steal information
Alter information
Gain unauthorized access
Disrupt services

Cyber Crime

Any illegal activity using computers, networks, or the Internet.

Cyber Space

The virtual world of interconnected computer networks and the Internet.

Types of Attacks

1. Insider Attack

Attack performed by a person inside the organization.

Examples:

Employee stealing data
Unauthorized access
Data leakage

Advantage of Insider

Authorized access
Knowledge of network
Knows security procedures

2. Outsider Attack

Attack performed by someone outside the organization.

Examples:

Hacking
Phishing
Malware attacks
DoS attacks

Active Attack

Attacker modifies or destroys data.

Examples:

Data modification
Denial of Service (DoS)
Malware infection

Passive Attack

Attacker only monitors information.

Examples:

Eavesdropping
Traffic analysis
Data interception

CIA Triad

Confidentiality

Only authorized users can access data.

Integrity

Data remains accurate and unchanged.

Availability

Data and services remain accessible when needed.

Distributed Attack

An attack launched from multiple systems simultaneously.

Example:

DDoS (Distributed Denial of Service)

Social Engineering

Manipulating people to reveal confidential information.

Examples

Phishing
Fake calls
Fake emails
Impersonation

Computer Security Incident

Any event causing:

Loss of confidentiality
Loss of integrity
Loss of availability

Model Questions (Short Answers)

1. Define an attack. Discuss various types of attacks.

Answer:
An attack is an attempt to gain unauthorized access, steal, modify, or destroy information.

Types:

Insider Attack
Outsider Attack
Active Attack
Passive Attack
Distributed Attack

2. What is an insider attack? Explain different types.

Answer:
An insider attack is performed by an authorized person within an organization.

Types:

Data theft
Privilege misuse
Sabotage
Information leakage

3. How to prevent insider attack?

Answer:

Access control
Monitoring activities
Employee training
Strong authentication
Regular audits

4. What is an outsider attack? Explain types.

Answer:
An attack performed by an unauthorized external person.

Types:

Hacking
Malware attack
Phishing
DoS attack

5. How to prevent outsider attack?

Answer:

Firewall
Antivirus
IDS
Encryption
Security updates

6. What are the challenges of cyber crime?

Answer:

Difficult to trace criminals
Lack of evidence
Cross-border attacks
Rapidly changing technology

7. Define social engineering.

Answer:
Social engineering is the manipulation of people to obtain confidential information.

8. What are the various effects of cyber crime?

Answer:

Financial loss
Data theft
Reputation damage
Privacy violation
Service disruption

9. Differentiate between Active and Passive Attacks.

Active Attack	Passive Attack
Modifies data	Only observes
Easy to detect	Hard to detect
Affects integrity	Affects confidentiality
Example: DoS	Example: Eavesdropping

10. Differentiate between Insider and Outsider Attacks.

Insider	Outsider
Inside organization	Outside organization
Authorized access	Unauthorized access
Knows network	Limited knowledge
Harder to detect	Easier to identify

11. What is CIA?

Answer:
CIA stands for:

Confidentiality
Integrity
Availability

These are the three pillars of information security.

12. What is Distributed Attack?

Answer:
An attack launched simultaneously from multiple computers against a target.

Example:

DDoS Attack

13. Define Cybercrime according to Professor Augustine Odinma.

Answer:
Cybercrime is any unlawful activity involving computers, networks, or digital devices.

14. What is an incident? Write steps to report an incident.

Answer:

An incident is any event that threatens information security.

Steps:

Detect incident
Report immediately
Record details
Inform security team
Take corrective action

15. How does the designated team handle an incident?

Answer:

Identify incident
Analyze impact
Contain threat
Remove cause
Recover systems
Document findings

Most Important MCQs

Q. An attack is an attempt to:

Ans: Gain unauthorized access

Q. Cyber space refers to:

Ans: Internet environment

Q. Authorized employee attack is:

Ans: Insider Attack

Q. Phishing is an example of:

Ans: Social Engineering

Q. DDoS stands for:

Ans: Distributed Denial of Service

Q. Confidentiality means:

Ans: Prevent unauthorized access

Q. Integrity means:

Ans: Data accuracy

Q. Availability means:

Ans: Access when required

Q. Which attack modifies data?

Ans: Active Attack

Q. Which attack only monitors data?

Ans: Passive Attack

Q. Hacking is generally:

Ans: Outsider Attack

Q. Cybercrime is difficult to prove because:

Ans: Lack of traditional evidence trail

One-Minute Revision

✅ Attack = Unauthorized action

✅ Cybercrime = Crime using computers

✅ Cyber Space = Internet world

✅ Insider = Internal attacker

✅ Outsider = External attacker

✅ Active = Changes data

✅ Passive = Watches data

✅ CIA = Confidentiality, Integrity, Availability

✅ Social Engineering = Manipulating people

✅ DDoS = Distributed Denial of Service

UNIT III

Intrusion Detection System (IDS)

Ultra-Short Exam Notes

What is IDS?

IDS (Intrusion Detection System) is a hardware or software system that monitors network or system activities and detects suspicious or malicious activities.

Main Function of IDS

Monitor traffic
Detect attacks
Generate alerts
Report security violations

Components of IDS

1. Sensors

Collect information from network or host.

2. Analyzer

Analyzes collected data and detects attacks.

3. Database

Stores logs and attack information.

4. Management Console

Displays alerts and reports to administrators.

Types of IDS

1. Network IDS (NIDS)

Monitors entire network traffic.

Characteristics

Installed at strategic network locations.
Monitors all incoming and outgoing traffic.
Detects network attacks.

Example

Snort

2. Host IDS (HIDS)

Installed on individual computers.

Characteristics

Monitors a single host.
Checks system files and logs.
Detects suspicious activities on a device.

Example

OSSEC

Detection Methods

1. Signature-Based Detection (Misuse Detection)

Compares activities with known attack signatures.

Advantages

Fast detection
Accurate for known attacks

Disadvantages

Cannot detect new attacks

2. Anomaly-Based Detection

Detects deviations from normal behavior.

Advantages

Detects unknown attacks

Disadvantages

May generate false alarms

Statistical Analysis System

Creates normal behavior profiles and compares current activities against them.

Example

If average login attempts are 3 and suddenly become 100, IDS generates an alert.

Honeypot

A decoy system designed to attract attackers.

Purpose

Study attacker behavior
Detect attacks
Divert attackers from real systems

DMZ (Demilitarized Zone)

A separate network area placed between:

Internal Network
External Network (Internet)

Purpose

Provides additional security.

Incident Handling

Process of identifying and responding to security incidents.

Steps

Preparation
Detection
Analysis
Containment
Eradication
Recovery
Lessons Learned

Model Questions (Short Answers)

1. What is IDS? What are the different components of IDS?

Answer:

IDS is a system that detects malicious activities and policy violations.

Components:

Sensors
Analyzer
Database
Management Console

2. What is a Honeypot?

Answer:

A Honeypot is a fake system used to attract attackers and study their activities.

3. What are the different characteristics of IDS?

Answer:

Continuous monitoring
Attack detection
Alert generation
Traffic analysis
Log maintenance

4. What are the steps to install IDS in an organization?

Answer:

Identify critical assets
Select IDS type
Install sensors
Configure rules
Monitor alerts
Maintain logs

5. What is Incident Handling?

Answer:

Incident handling is the process of detecting, analyzing and responding to security incidents.

6. Differentiate between NIDS and HIDS.

NIDS	HIDS
Monitors network	Monitors host
Covers many devices	Covers one device
Detects network attacks	Detects host attacks
Installed on network	Installed on computer

7. Make diagram of IDS components.

Answer (Simple Diagram)


Traffic
   ↓
Sensors
   ↓
Analyzer
   ↓
Database
   ↓
Management Console

8. Explain characteristics of IDS.

Answer:

Detects attacks
Monitors activity
Generates alerts
Maintains logs
Helps administrators

9. Give examples of Misuse and Anomaly Detection IDS.

Answer:

Misuse Detection

Snort
Suricata

Anomaly Detection

Statistical IDS
AI-based IDS

10. What is DMZ?

Answer:

DMZ (Demilitarized Zone) is a separate network that protects internal systems from external attacks.

11. Explain Lifecycle of Incident Handling.

Answer:

Preparation
Detection
Analysis
Containment
Eradication
Recovery
Review

Most Important MCQs

Q. IDS stands for:

Ans: Intrusion Detection System

Q. Which IDS monitors an entire network?

Ans: NIDS

Q. Which IDS monitors a single computer?

Ans: HIDS

Q. A Honeypot is:

Ans: Decoy system

Q. Signature-based IDS is also called:

Ans: Misuse Detection IDS

Q. Which IDS can detect unknown attacks?

Ans: Anomaly-Based IDS

Q. DMZ stands for:

Ans: Demilitarized Zone

Q. IDS generates:

Ans: Alerts

Q. Which component analyzes collected data?

Ans: Analyzer

Q. Which component stores logs?

Ans: Database

Q. Snort is an example of:

Ans: NIDS

Q. OSSEC is an example of:

Ans: HIDS

PYQ-Focused One-Liners 🔥

IDS = Detects attacks.
NIDS = Network monitoring.
HIDS = Host monitoring.
Honeypot = Fake target system.
DMZ = Secure buffer zone.
Misuse Detection = Known attack detection.
Anomaly Detection = Unknown attack detection.
IDS generates alerts.
Incident handling includes detection, containment and recovery.

One-Minute Revision

✅ IDS = Intrusion Detection System

✅ NIDS = Network IDS

✅ HIDS = Host IDS

✅ Honeypot = Fake system

✅ DMZ = Secure network zone

✅ Signature Detection = Known attacks

✅ Anomaly Detection = Unknown attacks

✅ Analyzer = Detects threats

✅ Database = Stores logs

✅ Incident Response = Detect → Contain → Recover

UNIT IV

IT Assets and Wireless Security

Ultra-Short Exam Notes

What is an IT Asset?

An IT Asset is any company-owned:

Data
Hardware
Software
Network device
Information system

used for business operations.

IT Asset Management (ITAM)

ITAM is the process of managing IT assets throughout their lifecycle.

Objectives

Track assets
Reduce costs
Improve security
Manage inventory
Support decision making

Types of IT Assets

1. Tangible Assets

Physical assets that can be touched.

Examples

Computers
Servers
Routers
Printers

2. Intangible Assets

Non-physical assets.

Examples

Software
Databases
Licenses
Intellectual Property

Steps for Securing an Asset

Identify asset
Classify asset
Control access
Encrypt data
Backup data
Monitor usage
Secure disposal

Hardware Security Module (HSM)

A dedicated hardware device that performs cryptographic operations securely.

Functions

Key generation
Encryption
Decryption
Digital signatures

Features

High security
Tamper resistance
Secure key storage

MAC (Message Authentication Code)

A security mechanism used to verify:

Data integrity
Data authenticity

If MAC verification fails, data may have been modified.

Firewall

A firewall is a security system that controls incoming and outgoing network traffic.

Purpose

Prevent unauthorized access
Protect internal networks

Types of Firewalls

1. Packet Filtering Firewall

Filters packets based on rules.

2. Stateful Firewall

Tracks active connections.

3. Proxy Firewall

Acts as intermediary between user and internet.

4. Hardware Firewall

Dedicated physical firewall device.

5. Software Firewall

Installed on computers.

Hardware-Based Firewall

Used In

Organizations
Data centers
Corporate networks

Advantages

High performance
Better security
Protects entire network

NAT (Network Address Translation)

Allows private IP addresses to communicate with public networks.

Anonymous Attack Prevention

Methods

Firewall
IDS/IPS
Strong passwords
VPN
Regular updates
Access controls

Wireless Security

Wireless security protects Wi-Fi networks from unauthorized access.

WEP (Wired Equivalent Privacy)

Features

Older wireless security protocol
Uses encryption

Problem

Weak security
Easily cracked

WPA (Wi-Fi Protected Access)

Improved version of WEP.

Features

Stronger encryption
Better authentication

WPA2

Most commonly used secure wireless protocol.

Advantages

Strong security
Better encryption

Model Questions (Short Answers)

1. Define IT Asset Management (ITAM).

Answer:
ITAM is the process of tracking, managing and securing IT assets throughout their lifecycle.

2. Differentiate between tangible and intangible assets.

Tangible Assets	Intangible Assets
Physical assets	Non-physical assets
Computer	Software
Server	Database
Router	License

3. Write down steps for securing an asset.

Answer:

Identify asset
Classify asset
Encrypt data
Control access
Backup data
Monitor usage

4. Full forms of PCSM, SAM, SCD, SSCD, TRSM.

Answer:

PCSM → Personal Computer Security Module
SAM → Secure Application Module
SCD → Secure Cryptographic Device
SSCD → Secure Signature Creation Device
TRSM → Tamper Resistant Security Module

⚠️ Learn these exactly as written in your notes.

5. List key features and types of HSM.

Answer:

Features

Secure key storage
Encryption support
Tamper resistance

Types

LAN-based HSM
PCI-based HSM
USB HSM

6. Define MAC.

Answer:
MAC (Message Authentication Code) verifies data integrity and authenticity.

7. What do you understand by firewall?

Answer:
A firewall is a security system that prevents unauthorized access to a network.

Types:

Packet Filtering
Stateful
Proxy
Hardware
Software

8. When and where to implement hardware-based firewall?

Answer:
Implemented in:

Offices
Data Centers
Corporate Networks

Used where network-wide protection is required.

9. Write points to prevent anonymous attacks.

Answer:

Use firewall
Strong passwords
VPN
IDS/IPS
Security updates

10. Define WEP and WPA.

Answer:

WEP

Wired Equivalent Privacy

WPA

Wi-Fi Protected Access

Both are wireless security protocols.

11. What are the security problems with WEP and WPA?

Answer:

WEP

Weak encryption
Easily hacked

WPA

More secure than WEP
Still vulnerable compared to WPA2

Most Important MCQs 🔥

Q. ITAM stands for:

Ans: IT Asset Management

Q. Physical assets are called:

Ans: Tangible Assets

Q. Software is an example of:

Ans: Intangible Asset

Q. HSM stands for:

Ans: Hardware Security Module

Q. HSM is mainly used for:

Ans: Cryptographic operations

Q. MAC stands for:

Ans: Message Authentication Code

Q. MAC provides:

Ans: Integrity and Authenticity

Q. Firewall is used for:

Ans: Preventing unauthorized access

Q. NAT stands for:

Ans: Network Address Translation

Q. WEP stands for:

Ans: Wired Equivalent Privacy

Q. WPA stands for:

Ans: Wi-Fi Protected Access

Q. Which is more secure?

Ans: WPA2

Q. Hardware firewall protects:

Ans: Entire Network

Q. Proxy Firewall acts as:

Ans: Intermediary

One-Minute Revision

✅ ITAM = IT Asset Management

✅ Tangible = Physical assets

✅ Intangible = Software/Data

✅ HSM = Hardware Security Module

✅ MAC = Message Authentication Code

✅ Firewall = Blocks unauthorized access

✅ NAT = Network Address Translation

✅ WEP = Old wireless security

✅ WPA = Improved WEP

✅ WPA2 = Strong wireless security

BLOCK II – UNIT I

Cyber Security Assurance Framework

Ultra-Short Exam Notes

Information Security Assurance

Information Security Assurance means ensuring that:

Data is secure
Systems are reliable
Risks are controlled
Security objectives are achieved

Secure Software Development

Secure Software Development means building security into software from the beginning of development.

Objectives

Reduce vulnerabilities
Prevent cyber attacks
Improve software reliability
Protect user data

Security in SDLC

Security should be included in:

Requirement Phase
Design Phase
Development Phase
Testing Phase
Deployment Phase
Maintenance Phase

McCumber Cube

McCumber Cube is a cybersecurity framework developed by John McCumber.

Three Dimensions

Security Goals

Confidentiality
Integrity
Availability (CIA)

Information States

Storage
Processing
Transmission

Security Measures

Technology
Policies & Procedures
Human Factors

Purpose

Provides a complete view of information security.

Maturity Model

A maturity model measures how well an organization manages cybersecurity.

Purpose

Assess security level
Identify weaknesses
Improve security practices

Cyber Security Capability Maturity Model (CMM)

Developed to evaluate cybersecurity capabilities.

Benefits

Measures readiness
Improves cybersecurity posture
Guides future improvements

Cyber Exercises

Cyber exercises simulate cyber attacks and incidents to test preparedness.

Objectives

Test response capability
Improve coordination
Identify weaknesses

Types of Cyber Exercises

1. Table-Top Exercise

Discussion-based exercise.

Participants discuss response to a hypothetical cyber incident.

2. Functional Exercise

Tests specific functions and procedures.

3. Full Simulation Exercise

Realistic cyber attack simulation.

Tests complete incident response process.

4. Drill Exercise

Tests a specific security activity.

Cyber Security Self-Assessment

A process where organizations evaluate their own cybersecurity practices.

Benefits

Identifies risks
Measures readiness
Improves security

Government of India Initiatives

Important Initiatives

CERT-In
National Cyber Security Policy
Digital India
Cyber Swachhta Kendra
NCIIPC

Objectives

Improve cyber security
Protect critical infrastructure
Increase awareness

Model Questions (Short Answers)

1. Explain secure software development.

Answer:
Secure software development is the practice of incorporating security throughout the software development lifecycle to reduce vulnerabilities and cyber threats.

2. Explain McCumber Cube.

Answer:
McCumber Cube is a cybersecurity framework based on:

CIA Triad

Confidentiality
Integrity
Availability

Information States

Storage
Processing
Transmission

Security Measures

Technology
Policies
Human Factors

3. Define maturity model.

Answer:
A maturity model is a framework used to measure and improve an organization's cybersecurity capabilities.

4. What is a Full-Simulation Exercise?

Answer:
A full-simulation exercise is a realistic cyber attack simulation used to test an organization's complete incident response capability.

5. Write an attack/scenario for a table-top exercise.

Answer:
Scenario:
A ransomware attack encrypts the organization's servers. Participants discuss how to respond, recover data and notify stakeholders.

6. Explain Cyber Security Capability Maturity Model.

Answer:
A framework used to evaluate and improve cybersecurity readiness and capabilities of an organization.

7. Write a short note on Information Security Assurance.

Answer:
Information Security Assurance ensures confidentiality, integrity and availability of information through effective security controls.

8. Discuss Government of India initiatives for information security assurance.

Answer:
Major initiatives:

CERT-In
Digital India
National Cyber Security Policy
Cyber Swachhta Kendra
NCIIPC

9. What is secure software development?

Answer:
Developing software with security measures integrated at every stage of development.

10. Explain significance of maturity models.

Answer:
Maturity models help organizations:

Measure security level
Identify gaps
Improve cybersecurity

11. Write note on Cyber Security Capability Maturity Model.

Answer:
It assesses cybersecurity preparedness and helps organizations improve their security capabilities.

12. Explain Cyber Security Self-Assessment.

Answer:
Self-assessment is the process of evaluating an organization's cybersecurity controls and readiness.

13. Discuss importance of cyber exercises.

Answer:
Cyber exercises:

Test preparedness
Improve response
Identify weaknesses
Increase awareness

14. Discuss types of cyber security exercises.

Answer:

Table-top Exercise
Functional Exercise
Full-Simulation Exercise
Drill Exercise

15. Discuss parameters used for evaluation in cyber exercises.

Answer:

Response time
Communication effectiveness
Decision making
Recovery capability
Incident handling

Most Important MCQs 🔥

Q. McCumber Cube was developed by:

Ans: John McCumber

Q. CIA stands for:

Ans: Confidentiality, Integrity, Availability

Q. Information states in McCumber Cube are:

Ans: Storage, Processing, Transmission

Q. Which exercise is discussion-based?

Ans: Table-Top Exercise

Q. Which exercise simulates a real cyber attack?

Ans: Full-Simulation Exercise

Q. Maturity Model is used for:

Ans: Assessing cybersecurity capability

Q. CERT-In stands for:

Ans: Computer Emergency Response Team – India

Q. NCIIPC stands for:

Ans: National Critical Information Infrastructure Protection Centre

Q. Secure software development means:

Ans: Security throughout SDLC

Q. Cyber Security Self-Assessment helps:

Ans: Measure readiness and identify risks

One-Minute Revision

✅ McCumber Cube = CIA + Information States + Security Measures

✅ CIA = Confidentiality, Integrity, Availability

✅ Secure SDLC = Security at every stage

✅ Maturity Model = Measures cybersecurity level

✅ Table-Top = Discussion exercise

✅ Full Simulation = Realistic attack simulation

✅ CERT-In = National incident response agency

✅ NCIIPC = Critical infrastructure protection

✅ Cyber Exercises = Test preparedness

UNIT II

Desktop Security and Malware

Ultra-Short Exam Notes

What is Malware?

Malware (Malicious Software) is software designed to damage, steal data, spy on users, or gain unauthorized access to systems.

Common Types of Malware

1. Virus

Attaches to a host file/program.
Requires user action to spread.

Example: File-infecting virus.

2. Worm

Self-replicates automatically.
Does not require a host file.

Example: WannaCry Worm.

3. Trojan Horse

Appears legitimate.
Performs malicious activities secretly.

Example: Banking Trojan.

4. Spyware

Secretly monitors user activities.
Steals sensitive information.

Example: Keylogger.

5. Ransomware

Encrypts files.
Demands payment for decryption.

Example: WannaCry, CryptoLocker.

6. Adware

Displays unwanted advertisements.

Desktop Security

Desktop Security means protecting personal computers from cyber threats.

Methods

Antivirus software
Firewall
Strong passwords
Security updates
User awareness
Access controls

Banking Trojan

A Banking Trojan is malware designed to steal:

Banking credentials
Credit card details
Financial information

Examples

Zeus
Dridex
Emotet

Exploit Kit

An Exploit Kit is a toolkit used by attackers to exploit software vulnerabilities automatically.

Purpose

Deliver malware
Exploit unpatched systems
Conduct drive-by downloads

Drive-by Download Attack

A malware infection that occurs when a user visits a compromised website.

No user interaction required.

Preventing Malware

Best Practices

Update software regularly
Install antivirus
Use firewall
Avoid suspicious links
Disable unnecessary services
Limit user privileges

Model Questions (Short Answers)

1. Differentiate between Virus, Worm and Trojan Horse.

Virus	Worm	Trojan Horse
Needs host file	No host needed	Appears legitimate
User action required	Self-spreading	Tricks users
Infects files	Infects networks	Steals information

2. How does spyware exploit user information?

Answer:
Spyware secretly monitors user activities and collects:

Passwords
Banking information
Personal data

without user consent.

3. As a responsible home user, how can you prevent getting infected with malware?

Answer:

Install antivirus
Update software
Use firewall
Avoid suspicious websites
Use strong passwords
Download only trusted software

4. Discuss the modus operandi of Banking Trojan citing examples.

Answer:
Banking Trojans secretly infect systems and steal financial information.

Examples:

Zeus
Dridex
Emotet

They capture login credentials and banking details.

5. How does Exploit Kit infect users? How can one prevent drive-by download attacks?

Answer:

Infection Process

User visits compromised website.
Exploit Kit scans for vulnerabilities.
Malware is downloaded automatically.

Prevention

Install updates
Use antivirus
Use browser security settings
Avoid suspicious websites

Most Important MCQs 🔥

Q. Malware stands for:

Ans: Malicious Software

Q. Which malware requires a host file?

Ans: Virus

Q. Which malware spreads automatically?

Ans: Worm

Q. Which malware disguises itself as legitimate software?

Ans: Trojan Horse

Q. Which malware monitors user activity?

Ans: Spyware

Q. Which malware encrypts files and demands money?

Ans: Ransomware

Q. WannaCry is an example of:

Ans: Ransomware

Q. Zeus is a:

Ans: Banking Trojan

Q. Exploit Kit mainly targets:

Ans: Software Vulnerabilities

Q. Drive-by Download occurs when:

Ans: Visiting a compromised website

Q. Which security tool detects malware?

Ans: Antivirus

Q. Which security tool blocks unauthorized access?

Ans: Firewall

PYQ-Focused One-Liners

✅ Virus = Needs host file

✅ Worm = Self-replicates

✅ Trojan = Looks legitimate

✅ Spyware = Steals information

✅ Ransomware = Encrypts data

✅ Banking Trojan = Steals banking credentials

✅ Zeus = Banking Trojan

✅ Exploit Kit = Exploits vulnerabilities

✅ Drive-by Download = Automatic malware installation

✅ Antivirus = Malware protection

One-Minute Revision

Malware = Malicious software
Virus = Host file required
Worm = Self-spreading
Trojan = Fake legitimate software
Spyware = Monitoring software
Ransomware = Encrypts files
Zeus = Banking Trojan
Exploit Kit = Automated attack tool
Drive-by Download = Infection via website
Antivirus = First line of defense

UNIT III

E-Commerce and Web Application Security

Ultra-Short Exam Notes

What is E-Commerce?

E-Commerce means buying and selling goods or services over the Internet.

Examples

Amazon
Flipkart
eBay

Web Application

A web application is software that runs through a web browser.

Examples

Gmail
Facebook
Online Banking
Amazon

Web Architecture

Basic web architecture consists of:


User (Browser)
       ↓
Web Server
       ↓
Application Server
       ↓
Database

Flow

User Request → Web Server → Application → Database → Response

HTTP

Full Form

Hypertext Transfer Protocol

Purpose

Transfers web pages between browser and server.

Features

Fast
Not encrypted
Less secure

Example


http://example.com

HTTPS

Full Form

Hypertext Transfer Protocol Secure

Purpose

Secure communication between browser and server.

Features

Uses SSL/TLS
Encrypts data
More secure

Example


https://example.com

HTTP vs HTTPS

HTTP	HTTPS
Not Secure	Secure
No Encryption	Uses Encryption
Port 80	Port 443
Faster	Slightly Slower
Less Secure	More Secure

URL

Full Form

Uniform Resource Locator

Purpose

Identifies the location of a resource on the Internet.

Example


https://www.google.com

Components:

Protocol
Domain Name
Path

Application Security

Application Security means protecting applications from threats and vulnerabilities.

Objectives

Confidentiality
Integrity
Availability

Web Shell

A Web Shell is a malicious script uploaded to a web server.

Purpose

Allows attackers to:

Execute commands
Upload files
Control the server

Malicious File Upload

Attackers upload harmful files to compromise a web application.

Examples

Web Shells
Malware files
Executable scripts

Security Integration within SDLC

SDLC

Software Development Life Cycle

Security should be included in:

Requirements
Design
Development
Testing
Deployment
Maintenance

Benefit

Finds vulnerabilities early.

Manual Security Testing

Manual testing means security experts manually identify vulnerabilities.

Examples

Checking authentication flaws
Testing access controls
Testing input validation

OWASP Top 10

OWASP = Open Web Application Security Project

List of most critical web application vulnerabilities.

Important Vulnerabilities

Broken Access Control
Cryptographic Failures
Injection Attacks
Insecure Design
Security Misconfiguration
Vulnerable Components
Authentication Failures
Software Integrity Failures
Logging Failures
SSRF

Security is a Continuous Process

Security is not a one-time activity.

Requires

Regular monitoring
Updates
Testing
Audits

Model Questions (Short Answers)

1. Write a note on Web Architecture.

Answer:

Web Architecture consists of:

Browser
Web Server
Application Server
Database

It handles user requests and responses.

2. What is HTTP and HTTPS?

Answer:

HTTP

Hypertext Transfer Protocol

HTTPS

Hypertext Transfer Protocol Secure

HTTPS uses encryption and is more secure.

3. Explain URL.

Answer:

URL (Uniform Resource Locator) is the address of a resource on the Internet.

Example:
https://www.google.com

4. Explain Application Security.

Answer:

Application Security protects software applications from attacks and vulnerabilities.

5. What is a Web Shell?

Answer:

A Web Shell is a malicious script uploaded to a server that allows attackers to control it remotely.

6. Write a note on Malicious File Upload.

Answer:

Malicious File Upload occurs when attackers upload harmful files such as malware or web shells to a web application.

7. Security is a continuous process – Explain.

Answer:

Security requires continuous monitoring, testing, patching and improvement because threats keep changing.

8. What is OWASP Top 10?

Answer:

OWASP Top 10 is a list of the most critical web application security vulnerabilities.

9. Write a note on Security Integration within SDLC.

Answer:

Security integration within SDLC means adding security controls during every phase of software development.

10. What is Manual Security Testing?

Answer:

Manual Security Testing is the process of manually checking applications for vulnerabilities and security weaknesses.

Most Important MCQs 🔥

Q. HTTP stands for:

Ans: Hypertext Transfer Protocol

Q. HTTPS stands for:

Ans: Hypertext Transfer Protocol Secure

Q. HTTPS uses:

Ans: SSL/TLS

Q. URL stands for:

Ans: Uniform Resource Locator

Q. Port number of HTTP:

Ans: 80

Q. Port number of HTTPS:

Ans: 443

Q. OWASP stands for:

Ans: Open Web Application Security Project

Q. Web Shell is:

Ans: Malicious script on web server

Q. Malicious File Upload can lead to:

Ans: Server compromise

Q. Application Security protects:

Ans: Software applications

Q. Security should be integrated into:

Ans: SDLC

Q. Security is:

Ans: A continuous process

PYQ-Focused One-Liners

✅ HTTP = Not Secure

✅ HTTPS = Secure

✅ HTTPS uses SSL/TLS

✅ URL = Website Address

✅ Web Shell = Remote server control

✅ OWASP = Web security organization

✅ OWASP Top 10 = Common web vulnerabilities

✅ Security in SDLC = Every phase

✅ Manual Security Testing = Human testing

One-Minute Revision

HTTP = Port 80
HTTPS = Port 443
HTTPS uses SSL/TLS
URL = Resource address
Web Architecture = Browser → Server → Database
Web Shell = Malicious server script
File Upload Attack = Upload harmful files
OWASP Top 10 = Critical vulnerabilities
SDLC Security = Security at every stage
Security = Continuous process

UNIT IV

Social Engineering

Ultra-Short Exam Notes

What is Social Engineering?

Social Engineering is a technique used by attackers to manipulate people into revealing confidential information.

Target Information

Passwords
Bank details
OTPs
Personal information
Company secrets

Why Social Engineering is Dangerous?

Because it attacks people, not computers.

Humans are often the weakest link in security.

Common Social Engineering Attacks

1. Phishing

Fake emails or websites designed to steal information.

Example

Fake bank email asking for login credentials.

2. Spear Phishing

A targeted phishing attack aimed at a specific person or organization.

Characteristics

Personalized
More convincing
Higher success rate

Example

Email using employee's name and company details.

3. Vishing

Voice Phishing

Attackers use phone calls to obtain information.

Example

Fake bank officer asking for OTP.

4. Smishing

SMS Phishing

Attackers use text messages.

Example

"Your bank account is blocked. Click here."

5. Impersonation

Pretending to be someone else.

Example

Attacker pretending to be IT support staff.

6. Tailgating

Unauthorized person follows an authorized employee into a secure area.

7. Baiting

Offering something attractive to lure victims.

Example

Infected USB drive labeled "Salary Data".

Reverse Social Engineering

A technique where attackers create a problem and then pretend to offer help.

Process

Create a problem
Victim seeks help
Attacker acts as helper
Victim reveals information

Example

Attacker disables a printer.

Then pretends to be IT support and asks for login credentials.

Social Engineering Tools

Attackers may use:

Social Media
Fake Emails
Phone Calls
Company Websites
Public Records
Search Engines

Why Spear Phishing is More Successful?

Because:

Personalized
Uses victim's information
Builds trust
Appears legitimate

Defense Against Social Engineering

1. Security Awareness Training

Educate employees.

2. Verify Identity

Never trust unknown requests.

3. Strong Policies

Follow security procedures.

4. Multi-Factor Authentication (MFA)

Adds extra protection.

5. Report Suspicious Activity

Inform security team immediately.

6. Avoid Sharing Sensitive Information

Never share passwords or OTPs.

SETA

Full Form

Security Education, Training and Awareness

Purpose

Educates users about security threats and safe practices.

Model Questions (Short Answers)

1. What is Social Engineering? If my name is Sani Abhilash and I am working at Ministry of IT, what tools and techniques could be used to gather information?

Answer:

Social Engineering is manipulating people to reveal confidential information.

Possible sources:

Social media profiles
Company website
Public records
Search engines
Email addresses
LinkedIn profiles

2. What is Reverse Social Engineering?

Answer:

Reverse Social Engineering is an attack where the attacker creates a problem and then pretends to solve it to gain information.

3. What is Spear Phishing? Why is it more successful?

Answer:

Spear Phishing is a targeted phishing attack directed at a specific individual.

It is more successful because it uses personal information and appears trustworthy.

4. Explain different types of Social Engineering attacks.

Answer:

Types:

Phishing
Spear Phishing
Vishing
Smishing
Baiting
Tailgating
Impersonation
Reverse Social Engineering

5. How to defend against Social Engineering attacks?

Answer:

Security awareness training
Verify requests
Use MFA
Strong security policies
Report suspicious activity
Never share passwords

Most Important MCQs 🔥

Q. Social Engineering primarily targets:

Ans: People

Q. Phishing uses:

Ans: Fake emails/websites

Q. Spear Phishing is:

Ans: Targeted phishing attack

Q. Vishing means:

Ans: Voice Phishing

Q. Smishing means:

Ans: SMS Phishing

Q. Tailgating refers to:

Ans: Following an authorized person into a restricted area

Q. Baiting often uses:

Ans: Infected USB drives

Q. Reverse Social Engineering involves:

Ans: Creating a problem and offering help

Q. MFA stands for:

Ans: Multi-Factor Authentication

Q. SETA stands for:

Ans: Security Education, Training and Awareness

Q. Most successful phishing attack type:

Ans: Spear Phishing

PYQ-Focused One-Liners

✅ Social Engineering = Manipulating people

✅ Phishing = Fake email attack

✅ Spear Phishing = Personalized phishing

✅ Vishing = Voice attack

✅ Smishing = SMS attack

✅ Baiting = Fake attractive offer

✅ Tailgating = Physical access attack

✅ Reverse Social Engineering = Create problem → Offer help

✅ MFA = Extra authentication layer

✅ SETA = Security awareness program

One-Minute Revision

Social Engineering attacks people.
Phishing uses fake emails.
Spear Phishing targets specific victims.
Vishing = Phone call scam.
Smishing = SMS scam.
Baiting = Infected USB or fake reward.
Tailgating = Unauthorized physical entry.
Reverse Social Engineering = Problem + Fake help.
MFA improves security.
SETA = Security Education, Training and Awareness.

BLOCK III – UNIT I

Cyber Security Risk Management

Ultra-Short Exam Notes

What is Risk?

Risk is the possibility that a threat will exploit a vulnerability and cause damage.

Formula

Risk = Threat × Vulnerability × Impact

What is Cyber Security Risk Management?

Cyber Security Risk Management is the process of:

Identifying risks
Assessing risks
Controlling risks
Monitoring risks

to reduce security threats to an acceptable level.

Importance of Risk Management

Benefits

Protects information assets
Reduces losses
Improves security
Supports business continuity
Helps decision making

Risk Assessment

Risk Assessment is the process of identifying and evaluating security risks.

Steps

Identify Assets
Identify Threats
Identify Vulnerabilities
Analyze Risk
Evaluate Risk
Recommend Controls

Risk Mitigation

Risk Mitigation means reducing the likelihood or impact of risks.

Methods

Firewalls
Encryption
Antivirus
Backups
Employee Training

Residual Risk

Residual Risk is the risk that remains even after security controls are implemented.

Example

Even after installing a firewall, some risk still exists.

Common Risk Assessment Methods

1. Qualitative Risk Assessment

Uses terms like:

Low
Medium
High

Advantages

Simple
Fast

2. Quantitative Risk Assessment

Uses numerical values.

Example

Financial loss estimation.

OCTAVE

Full Form

Operationally Critical Threat, Asset and Vulnerability Evaluation

Purpose

Risk assessment framework that helps organizations identify and manage information security risks.

Focus

Assets
Threats
Vulnerabilities

COBIT

Full Form

Control Objectives for Information and Related Technologies

Purpose

Framework for IT governance and management.

Benefits

Better control
Improved security
Risk management

NIST Cyber Security Framework

NIST

National Institute of Standards and Technology

Five Core Functions

Identify
Protect
Detect
Respond
Recover

Purpose

Provides a structured approach for managing cyber security risks.

FAIR

Full Form

Factor Analysis of Information Risk

Purpose

Framework for measuring and analyzing information security risks.

Benefits

Quantifies risk
Improves decision making
Supports risk management

Model Questions (Short Answers)

1. Explain Risk and Risk Management.

Answer:

Risk is the possibility of loss due to threats exploiting vulnerabilities.

Risk Management is the process of identifying, assessing, controlling and monitoring risks.

2. Write a short note on the importance of Cyber Risk Management.

Answer:

Cyber Risk Management:

Protects assets
Reduces losses
Improves security
Supports business continuity

3. Explain the process for conducting Risk Assessment.

Answer:

Steps:

Asset Identification
Threat Identification
Vulnerability Analysis
Risk Analysis
Risk Evaluation
Risk Treatment

4. What is Risk Mitigation?

Answer:

Risk Mitigation is the process of reducing the impact or probability of risks using security controls.

5. Define Residual Risk.

Answer:

Residual Risk is the remaining risk after implementing security controls.

6. Discuss common methods of conducting Risk Assessment.

Answer:

Methods:

Qualitative Assessment
Quantitative Assessment

7. What is OCTAVE?

Answer:

OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation) is a risk assessment framework.

8. Write a note on COBIT.

Answer:

COBIT is a framework for IT governance, risk management and information security.

9. Write a note on NIST Cyber Security Framework.

Answer:

NIST Framework provides five functions:

Identify
Protect
Detect
Respond
Recover

10. Define FAIR.

Answer:

FAIR (Factor Analysis of Information Risk) is a framework used to analyze and quantify information security risks.

Most Important MCQs 🔥

Q. Risk is the combination of:

Ans: Threat + Vulnerability + Impact

Q. Risk Assessment starts with:

Ans: Asset Identification

Q. Residual Risk means:

Ans: Remaining risk after controls

Q. OCTAVE stands for:

Ans: Operationally Critical Threat, Asset and Vulnerability Evaluation

Q. COBIT stands for:

Ans: Control Objectives for Information and Related Technologies

Q. NIST stands for:

Ans: National Institute of Standards and Technology

Q. First function of NIST Framework:

Ans: Identify

Q. Last function of NIST Framework:

Ans: Recover

Q. FAIR stands for:

Ans: Factor Analysis of Information Risk

Q. Quantitative assessment uses:

Ans: Numerical values

Q. Qualitative assessment uses:

Ans: Low, Medium, High ratings

PYQ-Focused One-Liners

✅ Risk = Threat + Vulnerability + Impact

✅ Risk Management = Identify → Assess → Control → Monitor

✅ Residual Risk = Remaining risk

✅ OCTAVE = Risk assessment framework

✅ COBIT = IT governance framework

✅ NIST = Cyber security framework

✅ NIST Functions = Identify, Protect, Detect, Respond, Recover

✅ FAIR = Information risk analysis

One-Minute Revision

Risk = Possibility of loss
Risk Assessment = Identify & evaluate risks
Risk Mitigation = Reduce risk
Residual Risk = Remaining risk
OCTAVE = Risk assessment
COBIT = IT governance
NIST = Cyber framework
FAIR = Risk analysis
Qualitative = Low/Medium/High
Quantitative = Numbers

UNIT II

Computer Forensics Fundamentals and Collection of Digital Evidence

Ultra-Short Exam Notes

What is Computer Forensics?

Computer Forensics is the process of:

Identifying
Collecting
Preserving
Examining
Analyzing
Presenting

digital evidence for legal purposes.

Objective

To investigate cyber crimes and present valid evidence in court.

Digital Evidence

Definition

Any information stored or transmitted in digital form that can be used as evidence.

Examples

Emails
Documents
Images
Videos
Log files
Hard disks
Mobile data
USB drives

Importance of Computer Forensics

Investigates cyber crimes
Recovers deleted files
Identifies attackers
Supports legal proceedings
Preserves evidence integrity

Forensic Process

1. Identification

Identify potential evidence sources.

2. Collection

Collect evidence carefully.

3. Preservation

Protect evidence from modification.

4. Examination

Extract relevant data.

5. Analysis

Analyze collected evidence.

6. Presentation

Present findings in court.

Write Blocker

Definition

A write blocker is a device that prevents any modification of original digital evidence during forensic analysis.

Purpose

Protect evidence
Maintain integrity
Ensure admissibility in court

Metadata

Definition

Metadata means:

"Data about Data."

It provides information about a file.

Examples

File name
Creation date
Modification date
File size
Owner information

Digital Evidence Bag

Definition

A Digital Evidence Bag is a special format used to securely collect and store digital evidence.

Purpose

Preserve evidence
Maintain chain of custody
Ensure integrity

Importance of Not Turning Off a System

Sometimes turning off a computer may result in loss of:

RAM contents
Active sessions
Running processes
Encryption keys

These are called Volatile Data.

Volatile vs Non-Volatile Data

Volatile Data	Non-Volatile Data
Lost when power is off	Remains after shutdown
RAM	Hard Disk
Running Processes	Files
Network Connections	Databases

Model Questions (Short Answers)

1. What is the purpose of a Write Block Protection Device?

Answer:

A Write Blocker prevents changes to original digital evidence during forensic examination and preserves evidence integrity.

2. What types of digital media devices can potentially hold data?

Answer:

Hard Disk
SSD
USB Drive
CD/DVD
Mobile Phones
Memory Cards
Tablets
Servers

3. In computer forensic methodology, what do you infer by "Metadata"?

Answer:

Metadata is "Data about Data."

It includes:

Creation date
Modification date
File size
Owner information

4. Does turning off a machine impact a forensic analyst?

Answer:

Yes.

Turning off a system may destroy volatile evidence such as:

RAM contents
Running processes
Active network connections
Encryption keys

Therefore forensic analysts often collect volatile data before shutdown.

Most Important MCQs 🔥

Q. Computer Forensics is used for:

Ans: Investigating cyber crimes

Q. Digital Evidence refers to:

Ans: Information stored in digital form

Q. Write Blocker is used to:

Ans: Prevent modification of evidence

Q. Metadata means:

Ans: Data about Data

Q. RAM contains:

Ans: Volatile Data

Q. Hard Disk contains:

Ans: Non-Volatile Data

Q. First step in forensic investigation:

Ans: Identification

Q. Last step in forensic investigation:

Ans: Presentation

Q. Which device stores digital evidence?

Ans: USB Drive

Q. Creation date and modification date are examples of:

Ans: Metadata

Q. Turning off a computer may destroy:

Ans: Volatile Data

PYQ-Focused One-Liners

✅ Computer Forensics = Investigation of digital crimes

✅ Digital Evidence = Electronic evidence

✅ Write Blocker = Protects evidence

✅ Metadata = Data about Data

✅ RAM = Volatile Data

✅ Hard Disk = Non-Volatile Data

✅ Digital Evidence Bag = Stores evidence securely

✅ Identification = First forensic step

✅ Presentation = Final forensic step

One-Minute Revision

Computer Forensics = Cyber crime investigation
Digital Evidence = Electronic evidence
Write Blocker = No modification
Metadata = File information
RAM = Volatile
Hard Disk = Non-Volatile
Digital Evidence Bag = Evidence storage
Forensic Steps = Identify → Collect → Preserve → Examine → Analyze → Present

UNIT III

Cyber Security Initiatives in India

Ultra-Short Exam Notes

Why Cyber Security Initiatives?

The Government of India has launched several programs and organizations to:

Prevent cyber attacks
Protect critical infrastructure
Handle cyber incidents
Increase cyber awareness
Improve national cyber security

CERT-In

Full Form

Computer Emergency Response Team – India

Established

2004

Nodal Agency

Ministry of Electronics and Information Technology (MeitY)

Functions

Respond to cyber incidents
Issue security alerts
Coordinate cyber security efforts
Conduct cyber security training
Publish security guidelines

Importance

CERT-In is India's national agency for cyber incident response.

Digital India Programme

Launched

2015

Objective

Transform India into a:

Digitally empowered society
Knowledge economy

Major Services

DigiLocker
e-Hospital
e-Governance
Digital Payments
Online Citizen Services

NCIIPC

Full Form

National Critical Information Infrastructure Protection Centre

Objective

Protect Critical Information Infrastructure (CII).

Critical Sectors

Banking
Power
Telecom
Defence
Transportation

Functions

Risk assessment
Incident response
Infrastructure protection
Security advisories

NCRB

Full Form

National Crime Records Bureau

Established

1986

Functions

Collect crime data
Maintain cyber crime records
Assist investigations
Support law enforcement agencies

DSCI

Full Form

Data Security Council of India

Established by

NASSCOM

Functions

Promote data protection
Cyber security awareness
Security best practices
Skill development

Information Security Audit Empanelment by CERT-In

Purpose

To authorize organizations for conducting information security audits.

Benefits

Standardized audits
Improved security compliance
Better risk management

National Cyber Security Exercises

Purpose

Test preparedness against cyber attacks.

Benefits

Improve response capability
Identify weaknesses
Train organizations

Department of Electronics and Information Technology (DeitY / MeitY)

Functions

Develop IT policies
Promote cyber security
Implement Digital India
Support e-Governance

Government Email Policy – User Responsibilities

Users should:

Use strong passwords
Protect credentials
Avoid suspicious links
Report incidents
Follow email policies

Model Questions (Short Answers)

1. Write a note on Cyber Security Initiatives in India.

Answer:

Major initiatives include:

CERT-In
NCIIPC
Digital India
NCRB
DSCI
National Cyber Security Policy

These initiatives strengthen cyber security and protect digital infrastructure.

2. Write note on Digital India Programme.

Answer:

Digital India was launched in 2015 to transform India into a digitally empowered society through e-governance and digital services.

3. Discuss Roles and Functions of CERT-In.

Answer:

CERT-In:

Responds to cyber incidents
Issues alerts
Provides advisories
Conducts training
Coordinates cyber security activities

4. Explain process of empanelment of Information Security Auditing Organizations by CERT-In.

Answer:

CERT-In evaluates organizations based on expertise, infrastructure and compliance before authorizing them to conduct security audits.

5. Discuss National Cyber Security Exercises.

Answer:

These exercises simulate cyber attacks to test preparedness, response capability and coordination among organizations.

6. Discuss role of Department of Electronics and IT, Government of India.

Answer:

The department develops IT policies, promotes e-governance and supports cyber security initiatives.

7. Write note on NCRB.

Answer:

NCRB collects, analyzes and maintains crime and cyber crime records in India.

8. What is NCIIPC?

Answer:

NCIIPC is the National Critical Information Infrastructure Protection Centre responsible for protecting critical infrastructure.

9. Discuss user responsibilities specified in Government email policy.

Answer:

Users should:

Keep passwords secure
Avoid suspicious emails
Follow security guidelines
Report incidents immediately

10. Write a note on DSCI.

Answer:

DSCI (Data Security Council of India) promotes cyber security, privacy and data protection practices.

Most Important MCQs 🔥

Q. CERT-In stands for:

Ans: Computer Emergency Response Team – India

Q. CERT-In works under:

Ans: MeitY

Q. Digital India was launched in:

Ans: 2015

Q. NCIIPC stands for:

Ans: National Critical Information Infrastructure Protection Centre

Q. NCRB stands for:

Ans: National Crime Records Bureau

Q. DSCI was established by:

Ans: NASSCOM

Q. DigiLocker is a part of:

Ans: Digital India

Q. Which agency handles cyber incidents in India?

Ans: CERT-In

Q. NCIIPC protects:

Ans: Critical Information Infrastructure

Q. Cyber security exercises are conducted to:

Ans: Test preparedness

Q. Government email users should:

Ans: Use strong passwords

PYQ-Focused One-Liners

✅ CERT-In = National cyber incident response agency

✅ Digital India = Digital transformation program

✅ NCIIPC = Protects critical infrastructure

✅ NCRB = Crime records bureau

✅ DSCI = Data Security Council of India

✅ MeitY = Ministry of Electronics and Information Technology

✅ DigiLocker = Digital India service

✅ Cyber Exercises = Preparedness testing

One-Minute Revision

CERT-In = Cyber incident response
Digital India = 2015
NCIIPC = Critical infrastructure protection
NCRB = Crime records
DSCI = Cyber security promotion
MeitY = IT ministry
DigiLocker = Digital India service
Cyber Exercises = Readiness testing

UNIT IV

Cyber Security Strategies and Policies

Ultra-Short Exam Notes

What is a Cyber Security Strategy?

A Cyber Security Strategy is a national plan designed to:

Protect cyberspace
Secure critical infrastructure
Prevent cyber attacks
Improve cyber resilience
Promote cyber awareness

What is a Cyber Security Policy?

A Cyber Security Policy is a set of rules and guidelines that define how cyber security should be managed.

Objectives

Protect information assets
Reduce cyber risks
Improve cyber security awareness
Ensure secure cyberspace

National Cyber Security Policy of India (NCSP)

Introduced

2013

Vision

To create a secure and resilient cyberspace for citizens, businesses and government.

Main Objectives

Protect critical information infrastructure
Create cyber security workforce
Encourage cyber security research
Strengthen incident response
Improve public awareness

Key Features

Capacity building
Cyber security education
Public-private partnership
Information sharing
Protection of critical infrastructure

Importance of National Cyber Security Policy

Benefits

Protects national interests
Enhances cyber resilience
Improves incident response
Secures critical infrastructure
Encourages cyber awareness

ITU (International Telecommunication Union)

Role

A United Nations agency responsible for information and communication technologies.

ITU Global Cyber Security Index (GCI)

Purpose

Measures the cyber security commitment of countries.

Evaluation Areas

Legal Measures
Technical Measures
Organizational Measures
Capacity Building
Cooperation

Importance

Compares countries
Encourages cyber security improvements
Provides international benchmarks

ITU Cyber Wellness Profile

Purpose

Measures a country's cyber wellness and cyber security preparedness.

Focus Areas

Cyber awareness
Policy framework
Education
Infrastructure protection

Cyber Security Index Parameters

Countries are evaluated based on:

1. Legal Measures

Cyber laws and regulations.

2. Technical Measures

CERTs, standards and technical controls.

3. Organizational Measures

Policies and strategies.

4. Capacity Building

Training and awareness programs.

5. Cooperation

National and international collaboration.

India's Cyber Security Position

India has strengthened its cyber security through:

CERT-In
NCIIPC
Digital India
National Cyber Security Policy
Cyber Security Exercises

United States Cyber Security Strategy

Main Focus

National security
Critical infrastructure protection
Incident response
International cooperation

Features

Strong cyber defense
Public-private partnerships
Advanced cyber capabilities

Estonia Cyber Security Strategy

Why Estonia?

Estonia is one of the world's most digitally advanced countries.

Main Focus

Digital governance
Secure digital services
Cyber resilience
Public awareness

Special Achievement

Estonia is considered a global leader in cyber security and e-governance.

Model Questions (Short Answers)

1. Write a note on Cyber Security Strategies and Policies.

Answer:

Cyber security strategies and policies provide a framework for protecting cyberspace, reducing cyber risks and ensuring national security.

2. Discuss the importance of National Cyber Security Policies.

Answer:

National cyber security policies:

Protect critical infrastructure
Improve cyber resilience
Enhance national security
Promote cyber awareness

3. Discuss National Cyber Security Policy of India.

Answer:

India's National Cyber Security Policy (2013) aims to create a secure cyberspace through awareness, workforce development and infrastructure protection.

4. Discuss vision and objectives of National Cyber Security Policy of India.

Answer:

Vision

Secure and resilient cyberspace.

Objectives

Infrastructure protection
Workforce development
Incident response
Awareness creation

5. What is ITU Cyber Wellness Profile?

Answer:

ITU Cyber Wellness Profile measures a country's cyber security preparedness and cyber wellness status.

6. What is ITU Global Cyber Security Index?

Answer:

GCI is a global ranking system that measures countries' cyber security commitment.

7. Discuss Cyber Security Index and Wellness Profile of India.

Answer:

India is evaluated on:

Legal measures
Technical measures
Organizational measures
Capacity building
Cooperation

through the ITU framework.

8. Write note on Cyber Security Strategy of United States.

Answer:

The U.S. strategy focuses on:

National security
Critical infrastructure protection
Incident response
International cooperation

9. Write note on Cyber Security Strategy and Policy of Estonia.

Answer:

Estonia focuses on:

Secure digital services
Cyber resilience
Digital governance
Public awareness

10. Discuss categories and parameters on which Cyber Security Index is calculated.

Answer:

The Cyber Security Index is based on:

Legal Measures
Technical Measures
Organizational Measures
Capacity Building
Cooperation

Most Important MCQs 🔥

Q. National Cyber Security Policy of India was introduced in:

Ans: 2013

Q. ITU stands for:

Ans: International Telecommunication Union

Q. GCI stands for:

Ans: Global Cyber Security Index

Q. GCI measures:

Ans: Cyber security commitment of countries

Q. First parameter of GCI:

Ans: Legal Measures

Q. NCIIPC protects:

Ans: Critical Information Infrastructure

Q. CERT-In handles:

Ans: Cyber incidents

Q. Estonia is famous for:

Ans: Digital Governance

Q. India's cyber policy vision is:

Ans: Secure and resilient cyberspace

Q. Capacity Building refers to:

Ans: Training and awareness

Q. Cooperation is one parameter of:

Ans: Global Cyber Security Index

PYQ-Focused One-Liners

✅ NCSP = National Cyber Security Policy

✅ India Cyber Policy = 2013

✅ ITU = International Telecommunication Union

✅ GCI = Global Cyber Security Index

✅ GCI has 5 parameters

✅ Legal Measures = Cyber laws

✅ Technical Measures = CERTs & standards

✅ Capacity Building = Training

✅ Estonia = Digital governance leader

✅ USA = Strong cyber defense strategy

One-Minute Revision

NCSP India = 2013
Vision = Secure cyberspace
ITU = UN ICT agency
GCI = Country cyber security ranking
GCI Parameters = Legal, Technical, Organizational, Capacity Building, Cooperation
CERT-In = Incident response
NCIIPC = Critical infrastructure protection
Estonia = E-governance leader
USA = National cyber defense focus

🎯 CYBER SECURITY TECHNIQUES – COMPLETE SYLLABUS FINISHED

Most Repeated Exam Topics (Must Memorize)

Block I

Security Policy
IPSec
PGP
CIA Triad
Insider vs Outsider Attack
IDS, NIDS, HIDS
Honeypot
DMZ
HSM
Firewall
WEP, WPA, WPA2

Block II

McCumber Cube
Secure Software Development
Virus, Worm, Trojan
Spyware
Ransomware
Banking Trojan
HTTP vs HTTPS
URL
OWASP Top 10
Phishing
Spear Phishing
Reverse Social Engineering

Block III

Risk Management
OCTAVE
COBIT
NIST Framework
FAIR
Computer Forensics
Metadata
Write Blocker
CERT-In
NCIIPC
NCRB
DSCI
Digital India
National Cyber Security Policy
ITU GCI
Estonia & USA Cyber Strategies