Fundamentals of Information Security (SECCS-02)

Fundamentals of Information Security (SECCS-02)

For PYQ'S (Click Here)

BLOCK I – UNIT 1 : INTERNET

A. Ultra-Short Revision Notes

Important Years

• 1962 → J.C.R. Licklider proposed global computer network.
• 1969 → ARPANET started.
• 1972 → Ray Tomlinson introduced E-mail.
• 1986 → NSFNet created.
• 1989 → Archie developed.
• 1991 → WWW proposed by Tim Berners-Lee.
• 1993 → Mosaic browser developed by Marc Andreessen.

---

Important Personalities

J.C.R. Licklider

Proposed idea of global network.

Leonard Kleinrock

Developed packet switching theory.

Ray Tomlinson

Invented E-mail for ARPANET.

Tim Berners-Lee

Inventor of World Wide Web (WWW).

Marc Andreessen

Developed Mosaic browser.

---

Important Terms

ARPANET

First version of Internet.

WWW

Collection of interconnected web pages.

DNS

Converts domain names into IP addresses.

ISP

Provides Internet access.

IP Address

Unique numerical address of a device.

URL

Address of a web page.

HTTP

Protocol used for web communication.

HTTPS

Secure version of HTTP.

---

Key Facts

• Internet has no owner.
• Internet has no central authority.
• Host names are not case sensitive.
• Two IP versions:
  • IPv4
  • IPv6

---

B. Model Questions with Short Answers

1. Describe the brief history of Internet.

Answer:

Internet began as ARPANET in 1969. It was developed by ARPA to connect computers. Later e-mail, DNS, WWW and web browsers were introduced, leading to today's Internet.

---

2. What is ARPANET?

Answer:

ARPANET (Advanced Research Projects Agency Network) was the first packet-switching network and the foundation of the Internet.

---

3. Name the four universities initially connected by ARPANET.

Answer:

1. UCLA
2. Stanford Research Institute
3. UCSB
4. University of Utah

---

4. Who first proposed TCP/IP architecture?

Answer:

Vinton Cerf and Robert Kahn.

---

5. What is Archie?

Answer:

Archie was the first Internet search/indexing system created in 1989 for FTP sites.

---

6. What is HTTP?

Answer:

HTTP (HyperText Transfer Protocol) is used to transfer web pages over the Internet.

---

7. What do you mean by redundant and fault-tolerant design?

Answer:

A system designed to continue working even if some parts fail.

---

8. What is URL?

Answer:

URL (Uniform Resource Locator) is the address of a webpage on the Internet.

---

9. How is HTTP different from HTTPS?

Answer:

HTTP	HTTPS
Not secure	Secure
No encryption	Uses encryption
Port 80	Port 443

---

10. What is an IP Address?

Answer:

An IP address is a unique numerical identifier assigned to a device connected to a network.

---

11. What is Subnetting?

Answer:

Subnetting is the process of dividing a network into smaller networks.

---

12. Write a short note on IPv4.

Answer:

IPv4 is a 32-bit addressing system and is the most widely used Internet Protocol version.

Example:
192.168.1.1

---

13. What is Classful Network Architecture?

Answer:

A method of dividing IP addresses into Class A, B, C, D and E networks.

---

14. What are Private Addresses?

Answer:

Private IP addresses are used inside local networks and cannot be accessed directly from the Internet.

Example:
192.168.x.x

---

15. Explain IPv6 Addresses.

Answer:

IPv6 is a 128-bit addressing system developed to solve IPv4 address shortage.

Example:
2001:db8::1

---

16. What is a Sticky Dynamic IP Address?

Answer:

A dynamic IP that changes rarely and usually remains assigned to the same user.

---

17. Explain Unicast, Multicast, Anycast and Broadcast Addressing.

Answer:

Unicast

One sender → One receiver

Multicast

One sender → Multiple selected receivers

Anycast

One sender → Nearest receiver

Broadcast

One sender → All devices

---

18. What is an ISP?

Answer:

ISP (Internet Service Provider) provides Internet access services.

Examples:
Jio, Airtel, BSNL.

---

19. Explain different classifications of ISP.

Answer:

1. Access ISP
2. Hosting ISP
3. Transit ISP
4. Virtual ISP

---

20. What is a Virtual ISP?

Answer:

A Virtual ISP provides services through another ISP's infrastructure.

---

21. What is DNS? How does it work?

Answer:

DNS converts domain names into IP addresses.

Example:
google.com → IP Address

---

22. What is the difference between Internet and WWW?

Answer:

Internet	WWW
Global network	Service on Internet
Infrastructure	Collection of websites
Includes email, FTP etc.	Only web pages

---

C. Important MCQ Facts

DARPA =

Defense Advanced Research Projects Agency

SMTP =

Simple Mail Transfer Protocol

DNS =

Domain Name System

ISP =

Internet Service Provider

WWW Inventor =

Tim Berners-Lee

E-mail Inventor =

Ray Tomlinson

First Internet Network =

ARPANET

First Browser =

Mosaic

First Internet Indexing Tool =

Archie

IP Versions =

IPv4 and IPv6

UNIT 2 : MODELS OF E-GOVERNANCE

---

A. Ultra-Short Revision Notes

What is E-Governance?

E-Governance means using Information and Communication Technology (ICT) to provide government services efficiently, transparently, and quickly.

---

Main Goals of E-Governance

• Transparency
• Accountability
• Fast service delivery
• Citizen participation
• Better governance
• Reduced corruption

---

Important Facts

1970

Government of India established the Department of Electronics.

National E-Governance Plan (NeGP)

Main Components:

1. Data Centres
2. State Wide Area Networks (SWAN)
3. Common Service Centres (CSC)

---

Basic Models of E-Governance

G2C (Government to Citizen)

Government services directly to citizens.

Examples:

• Online certificates
• Aadhaar services
• Online tax payment

---

G2G (Government to Government)

Communication between government departments.

Example:

• Information sharing between ministries.

---

G2B (Government to Business)

Services between government and businesses.

Example:

• Online business registration.

---

G2E (Government to Employee)

Services for government employees.

Example:

• Online salary slips.

---

Benefits of E-Governance

• Saves time
• Saves cost
• Improves transparency
• Reduces paperwork
• Better public services

---

Challenges of E-Governance

• Lack of awareness
• Poor internet connectivity
• Digital divide
• Cybersecurity issues
• Lack of technical skills

---

B. Model Questions with Short Answers

1. What is E-Governance?

Answer:

E-Governance is the use of Information and Communication Technology (ICT) to deliver government services efficiently and transparently.

---

2. What are the goals of E-Governance?

Answer:

• Transparency
• Accountability
• Faster services
• Information sharing
• Citizen participation

---

3. What are the benefits of E-Governance?

Answer:

• Faster service delivery
• Reduced corruption
• Improved transparency
• Cost saving
• Better communication

---

4. What are the basic models of E-Governance? Explain.

Answer:

G2C

Government to Citizen services.

G2G

Government to Government communication.

G2B

Government to Business services.

G2E

Government to Employee services.

---

5. Explain legal and policy framework for facilitating ICT in E-Governance.

Answer:

The government uses laws and policies such as:

• Information Technology Act, 2000
• Digital India Programme
• National E-Governance Plan (NeGP)

to support ICT implementation.

---

6. What is the significance of E-Governance?

Answer:

• Improves efficiency
• Makes governance transparent
• Provides citizen-centric services
• Increases accountability

---

7. What are the challenges in implementation of E-Governance?

Answer:

• Lack of infrastructure
• Low digital literacy
• Security threats
• Resistance to change
• High implementation cost

---

8. What is the difference between E-Government and E-Governance?

Answer:

E-Government	E-Governance
Online government services	Complete governance process
Technology focused	Citizen focused
Service delivery	Participation and decision making

---

9. Explain different levels of E-Governance.

Answer:

Information Level

Providing information online.

Interaction Level

Citizens interact with government.

Transaction Level

Online payments and applications.

Transformation Level

Fully integrated digital governance.

---

10. Discuss Digital India Programme.

Answer:

Digital India is a Government of India initiative launched to transform India into a digitally empowered society and knowledge economy.

Main objectives:

• Digital infrastructure
• Digital services
• Digital literacy

---

C. Important MCQ Facts

ICT =

Information and Communication Technology

NeGP =

National E-Governance Plan

SWAN =

State Wide Area Network

CSC =

Common Service Centre

G2C =

Government to Citizen

G2G =

Government to Government

G2B =

Government to Business

G2E =

Government to Employee

Department of Electronics Established =

1970

---

One-Line Revision Before Exam

• E-Governance = ICT in governance.
• Main aim = Transparency + Accountability + Fast Service.
• Models = G2C, G2G, G2B, G2E.
• NeGP Components = Data Centre + SWAN + CSC.
• Digital India = Digital transformation of India.

UNIT 3 : E-READINESS

---

A. Ultra-Short Revision Notes

What is E-Readiness?

E-Readiness means the ability of a government, organization, or country to successfully implement e-governance and digital services.

---

Why E-Readiness is Important?

• Ensures successful e-governance.
• Reduces implementation failures.
• Improves citizen services.
• Helps proper planning.

---

Main Requirements for E-Readiness

1. Infrastructure

• Computers
• Internet
• Networks

2. Skilled Workforce

• Trained employees
• Technical experts

3. Financial Resources

• Funds for digital projects

4. Policy Support

• Government rules and regulations

5. Public Awareness

• Citizens should know how to use digital services.

---

Important Ideas

• Many e-governance projects fail due to poor planning.
• Proper preparation is necessary before implementation.
• Challenges should be identified in advance.
• Digital governance improves government-citizen interaction.

---

B. Model Questions with Short Answers

1. What are the different stages of E-Governance?

Answer:

Stage 1: Information

Government provides information online.

Stage 2: Interaction

Citizens interact with government websites.

Stage 3: Transaction

Online applications and payments.

Stage 4: Transformation

Fully integrated digital governance.

---

2. What are the benefits of E-Governance?

Answer:

• Faster services
• Better transparency
• Reduced corruption
• Improved communication
• Greater citizen participation

---

3. How is digitization helpful in successful implementation of E-Governance?

Answer:

Digitization converts information into electronic form, making storage, access, processing, and service delivery faster and easier.

---

4. Discuss the six key questions used to assess E-Governance readiness.

Answer:

An organization should ask:

1. Is infrastructure available?
2. Are employees trained?
3. Is funding available?
4. Is leadership supportive?
5. Are citizens ready to use services?
6. Is technology secure and reliable?

---

5. How are governments using E-Governance to improve citizen interaction?

Answer:

Governments use:

• Online portals
• Digital payments
• E-services
• Mobile applications
• Online grievance systems

to improve communication and service delivery.

---

C. Important MCQ Facts

E-Readiness =

Preparedness for e-governance implementation.

Main Requirement =

Infrastructure + Skills + Funds + Policies.

Purpose =

Successful digital governance.

Benefits =

Efficiency, transparency, accessibility.

Key Focus =

Preparation before implementation.

---

One-Line Revision Before Exam

• E-Readiness = Readiness for digital governance.
• Good planning is essential.
• Infrastructure and skilled staff are necessary.
• Digitization improves service delivery.
• Proper preparation reduces project failure.

---

Expected MCQs

Q. What does E-Readiness measure?

Ans: Readiness for implementing e-governance.

Q. Why do many e-governance projects fail?

Ans: Poor planning and lack of preparation.

Q. What is the first stage of e-governance?

Ans: Information stage.

Q. What is digitization?

Ans: Converting information into digital form.

Q. What improves government-citizen interaction?

Ans: E-Governance initiatives.

UNIT 4 : E-COMMERCE

---

A. Ultra-Short Revision Notes

What is E-Commerce?

E-Commerce (Electronic Commerce) means buying and selling goods or services through the Internet.

Examples:

• Amazon
• Flipkart
• eBay
• Myntra

---

Key Features

• Online buying and selling
• 24×7 availability
• Global reach
• Electronic payment
• Fast transactions

---

Advantages of E-Commerce

• Saves time
• Lower business cost
• Global customers
• Easy business setup
• Convenient shopping

---

Disadvantages of E-Commerce

• Security risks
• Internet dependency
• No physical inspection
• Fraud possibility

---

E-Commerce Infrastructure

Main components:

Hardware

• Computers
• Servers
• Network devices

Software

• Browsers
• Databases
• Web servers

Communication

• Internet
• Networking technologies

Security

• Encryption
• Authentication
• Firewalls

---

Electronic Payment Methods

E-Cash

Electronic version of money.

Electronic Cheque

Digital form of cheque.

Credit/Debit Cards

Online card payments.

Google Wallet

Digital payment service.

ETF

Electronic Funds Transfer.

---

Important Security Requirements

Authentication

Verifies identity.

Authorization

Grants permission.

Confidentiality

Protects information.

Integrity

Prevents unauthorized changes.

---

B. Model Questions with Short Answers

1. What is E-Commerce?

Answer:

E-Commerce is the buying and selling of goods and services through the Internet.

---

2. Name some famous E-Commerce websites.

Answer:

• Amazon
• Flipkart
• eBay
• Alibaba
• Myntra

---

3. List the advantages and disadvantages of E-Commerce.

Answer:

Advantages

• Fast transactions
• Global market
• Lower cost
• 24×7 access

Disadvantages

• Security risks
• Fraud
• Internet dependency
• Lack of personal interaction

---

4. Discuss E-Commerce models in detail.

Answer:

B2B (Business to Business)

Business sells to another business.

Example:
Manufacturer → Wholesaler

---

B2C (Business to Consumer)

Business sells directly to consumers.

Example:
Amazon

---

C2C (Consumer to Consumer)

Consumers sell to consumers.

Example:
OLX

---

C2B (Consumer to Business)

Consumers offer products/services to businesses.

Example:
Freelancing platforms

---

5. Explain Electronic Commerce Infrastructure.

Answer:

E-Commerce infrastructure includes:

• Hardware
• Software
• Internet
• Payment systems
• Security mechanisms

that support online business transactions.

---

6. What is E-Cash?

Answer:

E-Cash is digital money used for online transactions.

---

7. Discuss Google Wallet.

Answer:

Google Wallet is a digital payment system that allows users to send, receive, and store money electronically.

---

8. Write a short note on ETF.

Answer:

ETF (Electronic Funds Transfer) is the electronic transfer of money from one bank account to another.

Examples:

• NEFT
• RTGS
• IMPS

---

9. What is Google Wallet?

Answer:

Google Wallet is an online payment service used for electronic transactions and digital payments.

---

C. Important MCQ Facts

E-Commerce =

Electronic Commerce

E-Cash =

Digital money

ETF =

Electronic Funds Transfer

B2B =

Business to Business

B2C =

Business to Consumer

C2C =

Consumer to Consumer

C2B =

Consumer to Business

Main Requirement =

Secure electronic payment

Key Security Features =

Authentication + Integrity + Confidentiality

---

Expected MCQs

Q. What does E-Commerce mean?

Ans: Online buying and selling.

---

Q. Which model is Amazon?

Ans: B2C.

---

Q. What is OLX an example of?

Ans: C2C.

---

Q. What is digital money called?

Ans: E-Cash.

---

Q. What does ETF stand for?

Ans: Electronic Funds Transfer.

---

Q. What is required for secure online transactions?

Ans: Authentication and security.

---

Q. What is Google Wallet?

Ans: Digital payment service.

---

One-Line Revision Before Exam

• E-Commerce = Online buying and selling.
• Models = B2B, B2C, C2C, C2B.
• E-Cash = Digital money.
• ETF = Electronic money transfer.
• Amazon = B2C.
• OLX = C2C.
• Security is essential for e-commerce.

BLOCK II – UNIT 1 : INTRODUCTION TO CYBER CRIME

---

A. Ultra-Short Revision Notes

What is Cyber Crime?

Cyber crime is any illegal activity performed using:

• Computer
• Internet
• Mobile phone
• Network
• Digital devices

The computer may be:

• A tool of crime
• A target of crime
• Both

---

Types of Cyber Criminals

Internal Cyber Criminal

Person inside an organization.

Example:
Employee stealing company data.

---

External Cyber Criminal

Person outside an organization.

Example:
Hackers attacking company servers.

---

Types of Cyber Attacks

Insider Attack

Attack by an authorized person.

Example:
Employee leaking data.

---

External Attack

Attack by outsiders.

Example:
Hackers breaking into systems.

---

Structured Attack

• Well planned
• Skilled attackers
• Clear objective

Example:
Cyber terrorism

---

Unstructured Attack

• Random attack
• Less skilled attackers
• Usually for fun or curiosity

---

Malware

Definition

Malware means Malicious Software.

It is designed to:

• Damage systems
• Steal information
• Gain unauthorized access

---

Types of Malware

Virus

Attaches to files and spreads.

---

Worm

Spreads automatically without human action.

---

Trojan Horse

Looks legitimate but performs malicious actions.

---

Spyware

Secretly collects information from users.

---

Ransomware

Locks files and demands payment.

---

Scareware

Shows fake security warnings.

---

B. Model Questions with Short Answers

---

1. What is Cyber Crime? Define.

Answer:

Cyber crime is any unlawful activity that uses computers, networks, or the Internet to commit crimes.

---

2. Classify Cyber Crimes.

Answer:

Cyber crimes can be classified as:

1. Against Individuals
2. Against Property
3. Against Organizations
4. Against Government

---

3. Define the Organizational Hierarchical Structure of Cyber Criminals.

Answer:

Cyber criminals may work individually or in organized groups with different levels such as planners, attackers, programmers, and operators.

---

4. What are the various motivations that lure people into Cyber Crime?

Answer:

• Financial gain
• Revenge
• Curiosity
• Political reasons
• Terrorism
• Fame and recognition

---

5. What is Cyber Espionage?

Answer:

Cyber espionage is the use of computers and networks to secretly obtain confidential information.

---

6. What is Malware?

Answer:

Malware is malicious software designed to damage systems or steal information.

---

7. What are different types of Malware?

Answer:

• Virus
• Worm
• Trojan
• Spyware
• Ransomware
• Scareware

---

8. What is a Virus?

Answer:

A virus is a malicious program that attaches itself to files and spreads to other files.

---

9. How does a Virus harm a Computer?

Answer:

A virus can:

• Delete files
• Corrupt data
• Slow down the system
• Damage software

---

10. What is the difference between a Worm and a Virus?

Answer:

Virus	Worm
Needs host file	No host needed
User action required	Self-spreads
Slower spread	Faster spread

---

11. What is Scareware?

Answer:

Scareware is fake security software that scares users into buying unnecessary software.

---

12. What is the difference between Structured and Unstructured Cyber Attacks?

Answer:

Structured Attack	Unstructured Attack
Planned attack	Random attack
Skilled attackers	Less skilled attackers
Clear objective	Mostly curiosity
More dangerous	Less dangerous

---

C. Important MCQ Facts

Cyber Crime

Illegal activity using computers or networks.

---

Malware

Malicious Software.

---

Spyware

Steals user information secretly.

---

Virus

Needs a host file.

---

Worm

Self-replicates automatically.

---

Trojan Horse

Disguised malicious software.

---

Scareware

Fake security warning software.

---

Insider Attack

Attack by authorized user.

---

External Attack

Attack by outsider.

---

Cyber Espionage

Digital spying.

---

Expected MCQs

Q. What does Malware stand for?

Ans: Malicious Software

---

Q. Which malware secretly steals information?

Ans: Spyware

---

Q. Which malware spreads without a host file?

Ans: Worm

---

Q. Which attack is performed by an employee?

Ans: Insider Attack

---

Q. Which attack is carefully planned by experts?

Ans: Structured Attack

---

Q. Which malware displays fake security alerts?

Ans: Scareware

---

Q. What is digital spying called?

Ans: Cyber Espionage

---

One-Line Revision Before Exam

• Cyber crime = Illegal computer activity.
• Malware = Malicious software.
• Virus needs a host file.
• Worm spreads automatically.
• Spyware steals information.
• Scareware shows fake warnings.
• Insider attack = Internal user.
• External attack = Outside hacker.
• Structured attack = Planned attack.
• Cyber espionage = Digital spying.

BLOCK II – UNIT 2 : KINDS OF CYBER CRIME

---

A. Ultra-Short Revision Notes

What is Cyber Stalking?

Using the Internet to:

• Harass
• Threaten
• Follow
• Monitor

a person repeatedly.

---

What is Phishing?

A fraud technique used to steal:

• Passwords
• Bank details
• Personal information

through fake emails or websites.

---

What is Hacking?

Unauthorized access to a computer system or network.

---

What is Spamming?

Sending unwanted bulk emails.

---

What is Computer Virus?

A malicious program that infects files and spreads to other systems.

---

What is Data Diddling?

Changing data before or during processing.

Example:
Changing marks before results are generated.

---

What is Salami Attack?

Stealing small amounts repeatedly.

Each theft is very small and often unnoticed.

Example:
₹1 deducted from thousands of accounts.

---

What is Cross-Site Scripting (XSS)?

Injecting malicious scripts into web pages viewed by users.

---

Types of Hackers

White Hat Hacker

Ethical hacker.

Works legally for security.

---

Black Hat Hacker

Illegal hacker.

Breaks systems for personal gain.

---

Grey Hat Hacker

Between white and black hat.

May break rules without criminal intent.

---

B. Model Questions with Short Answers

---

1. Explain different types of Cyber Crimes.

Answer:

Major cyber crimes include:

• Hacking
• Phishing
• Cyber stalking
• Spamming
• Identity theft
• Virus attacks
• Data diddling
• Salami attacks

---

2. What is Cyber Stalking?

Answer:

Cyber stalking is repeatedly harassing or threatening someone using the Internet or electronic communication.

---

3. What is Phishing?

Answer:

Phishing is a cyber attack that tricks users into revealing personal or financial information through fake emails or websites.

---

4. What is Hacking?

Answer:

Hacking is unauthorized access to a computer system or network.

---

5. Classify Different Types of Hackers.

Answer:

White Hat

Ethical hacker.

Black Hat

Criminal hacker.

Grey Hat

Works between legal and illegal boundaries.

---

6. What is Spamming?

Answer:

Spamming is sending large numbers of unwanted emails or messages.

---

7. Define the criteria based on which an email can be classified as Spam.

Answer:

An email is spam if:

• Unwanted
• Sent in bulk
• Contains advertisements
• Contains suspicious links

---

8. What is Computer Virus?

Answer:

A computer virus is a malicious program that infects files and spreads to other computers.

---

9. Define Various Types of Virus.

Answer:

Boot Sector Virus

Attacks boot sector.

File Virus

Infects files.

Macro Virus

Infects documents.

Multipartite Virus

Attacks multiple areas.

---

10. What is Cross-Site Scripting (XSS)?

Answer:

XSS is a web attack where malicious scripts are inserted into websites and executed in users' browsers.

---

11. What is Data Diddling? Explain with Example.

Answer:

Data diddling means changing data before processing.

Example:
Changing employee salary data before payroll processing.

---

C. Important MCQ Facts

Cyber Stalking

Online harassment.

---

Phishing

Stealing information through fake websites.

---

Hacking

Unauthorized access.

---

Spam

Unwanted bulk email.

---

Data Diddling

Modification of data before processing.

---

Salami Attack

Small repeated thefts.

---

XSS

Cross-Site Scripting.

---

White Hat

Ethical hacker.

---

Black Hat

Malicious hacker.

---

Grey Hat

Semi-authorized hacker.

---

Expected MCQs

Q. What is online harassment called?

Ans: Cyber Stalking

---

Q. Which attack uses fake websites to steal passwords?

Ans: Phishing

---

Q. What is unauthorized access to a system called?

Ans: Hacking

---

Q. What are unwanted bulk emails called?

Ans: Spam

---

Q. What attack steals tiny amounts repeatedly?

Ans: Salami Attack

---

Q. What is modification of data before processing called?

Ans: Data Diddling

---

Q. What does XSS stand for?

Ans: Cross-Site Scripting

---

Q. Which hacker works legally?

Ans: White Hat Hacker

---

Q. Which hacker is criminal?

Ans: Black Hat Hacker

---

One-Line Revision Before Exam

• Cyber stalking = Online harassment.
• Phishing = Fake website/email fraud.
• Hacking = Unauthorized access.
• Spam = Unwanted emails.
• Data diddling = Data modification before processing.
• Salami attack = Small unnoticed thefts.
• XSS = Script injection attack.
• White Hat = Ethical hacker.
• Black Hat = Criminal hacker.
• Grey Hat = Between legal and illegal.

BLOCK II – UNIT 3 : ORGANIZED CYBER CRIME

---

A. Ultra-Short Revision Notes

What is Organized Cyber Crime?

Organized cyber crime refers to cyber crimes committed by a group of people working together in a planned and coordinated manner.

Features

• Well organized
• Planned attacks
• Division of work
• Skilled members
• Financial motive

---

Organized Crime Groups

These groups may include:

• Hackers
• Programmers
• Money handlers
• Recruiters
• Network operators

Some groups operate like large companies.

---

Information Warfare

Information warfare means using information and technology to gain an advantage over an enemy.

Objectives

• Spread propaganda
• Mislead enemies
• Disrupt communication
• Steal information

---

Cyber Terrorism

Use of computers and networks to create fear, panic, or damage national infrastructure.

Targets

• Government systems
• Military networks
• Banking systems
• Critical infrastructure

---

IT Act 2000

Full Name

Information Technology Act, 2000

Enforced

17 October 2000

Purpose

Provides legal recognition to:

• Electronic records
• Digital signatures
• Electronic transactions

---

Digital Signature

An electronic method used to verify:

• Identity
• Authenticity
• Integrity of documents

---

Certifying Authority (CA)

An organization authorized to issue Digital Signature Certificates.

---

Data Privacy

Protection of personal and sensitive information from unauthorized access.

---

B. Model Questions with Short Answers

---

1. What is Organized Cyber Crime? Explain.

Answer:

Organized cyber crime is cyber crime carried out by a group of criminals working together in a structured and coordinated manner.

---

2. Explain Different Types of Organized Crime Groups.

Answer:

Criminal Networks

Temporary groups for specific crimes.

Hierarchical Groups

Organized like companies with leaders and members.

Service Providers

Offer hacking tools and cybercrime services.

---

3. What are the Basic Features of an Organized Crime Group?

Answer:

• Teamwork
• Planning
• Specialized roles
• Financial gain
• Long-term operation

---

4. What is Information Warfare?

Answer:

Information warfare is the use of information and communication systems to gain an advantage over an enemy.

---

5. What is Cyber Terrorism?

Answer:

Cyber terrorism is the use of computers and networks to cause fear, disruption, or damage to critical systems.

---

6. What are the Exceptions in the IT Act 2000?

Answer:

The IT Act does not apply to:

• Wills
• Trusts
• Power of Attorney
• Sale of immovable property
• Negotiable instruments (except cheques)

---

7. List the Basic Characteristics of IT Act 2000.

Answer:

• Legal recognition of electronic records
• Recognition of digital signatures
• E-commerce support
• Cybercrime provisions
• Electronic governance support

---

8. What are the Objectives of IT Act 2000?

Answer:

• Promote e-commerce
• Facilitate e-governance
• Provide legal recognition to digital records
• Prevent cyber crimes

---

9. What is Certifying Authority?

Answer:

A Certifying Authority (CA) is an organization authorized to issue Digital Signature Certificates.

---

10. Define Digital Signature.

Answer:

A digital signature is an electronic signature used to verify the authenticity and integrity of digital documents.

---

11. Why was IT Act 2000 amended in 2008?

Answer:

To address new cyber crimes, strengthen data protection, and improve cyber security provisions.

---

12. What is Data Privacy?

Answer:

Data privacy is the protection of personal information from unauthorized access, use, or disclosure.

---

13. What are the Responsibilities of a Company Handling Personal Data?

Answer:

• Protect customer information
• Maintain confidentiality
• Prevent data breaches
• Follow privacy laws

---

14. Who can Conduct Raids and Investigations for Cyber Crimes?

Answer:

Authorized police officers and cyber crime investigation agencies can conduct raids and investigations.

---

C. Important MCQ Facts

IT Act Came Into Force

17 October 2000

---

IT Act Purpose

Legal recognition of electronic records and digital signatures.

---

CA

Certifying Authority

---

Digital Signature

Electronic authentication method.

---

Information Warfare

Use of information as a weapon.

---

Cyber Terrorism

Attack using cyberspace to create fear or damage.

---

Data Privacy

Protection of personal data.

---

Organized Cyber Crime

Crime committed by coordinated groups.

---

Expected MCQs

Q. When did the IT Act 2000 come into force?

Ans: 17 October 2000

---

Q. What does CA stand for?

Ans: Certifying Authority

---

Q. What is used to verify electronic documents?

Ans: Digital Signature

---

Q. What is the purpose of IT Act 2000?

Ans: Legal recognition of electronic transactions.

---

Q. What is cyber terrorism?

Ans: Use of cyberspace to cause fear or damage.

---

Q. What is information warfare?

Ans: Use of information to gain advantage over an enemy.

---

Q. What protects personal information?

Ans: Data Privacy

---

Q. What type of crime is committed by organized cyber groups?

Ans: Organized Cyber Crime

---

One-Line Revision Before Exam

• Organized cyber crime = Group-based cyber crime.
• Information warfare = Information used as a weapon.
• Cyber terrorism = Fear/damage through cyberspace.
• IT Act 2000 enforced on 17 Oct 2000.
• Digital signature verifies authenticity.
• CA issues digital certificates.
• Data privacy protects personal information.

UNIT 4 : CYBER CRIMES – CASE STUDIES

---

A. Ultra-Short Revision Notes

419 Fraud (Nigerian Fraud)

A scam where criminals promise a large amount of money in exchange for an advance payment.

Also Called:

• Advance Fee Fraud
• Nigerian Fraud

---

APWG

Full Form:

Anti-Phishing Working Group

Purpose:

Tracks and fights phishing attacks worldwide.

---

NCRB

Full Form:

National Crime Records Bureau

Purpose:

Collects and analyzes crime data in India.

---

Phishing Attack

A fake email, SMS, or website used to steal:

• Passwords
• Bank details
• Personal information

---

Fast Flux

A technique used by cyber criminals where a domain name changes IP addresses rapidly to hide malicious servers.

---

DNS Phishing

Attackers manipulate DNS records and redirect users to fake websites.

---

Deep Web

Part of the Internet not indexed by search engines.

Examples:

• Private databases
• Academic records
• Banking portals

---

Ransomware

Malware that encrypts files and demands money to unlock them.

---

CryptoLocker

A famous ransomware that encrypts files and asks for ransom.

---

Keylogging

Recording every key pressed on a keyboard secretly.

Used to steal:

• Passwords
• Credit card details
• Login information

---

B. Check Your Progress Answers

1. What is 419 Fraud?

Answer:

A scam where victims are asked to pay money in advance to receive a promised reward.

---

2. APWG Stands For

Answer:

Anti-Phishing Working Group

---

3. What is the Single Best Method of Protection Against Cyber Crimes?

Answer:

User awareness and safe security practices.

---

4. NCRB Stands For

Answer:

National Crime Records Bureau

---

5. PhishTank.com is a

Answer:

Anti-phishing website/database.

---

C. Model Questions with Short Answers

---

1. Write a Short Note on Phishing Attacks.

Answer:

Phishing is a cyber attack that uses fake emails or websites to steal sensitive information such as passwords and banking details.

---

2. Discuss Some Phishing Incidents.

Answer:

Common phishing incidents include:

• Fake bank emails
• Fake PayPal messages
• Fake social media login pages
• Fake lottery winnings

---

3. What is Nigerian Fraud?

Answer:

Nigerian Fraud (419 Fraud) is an advance-fee scam where victims are promised money after paying an initial fee.

---

4. Explain Prevention Tips for Cyber Stalking.

Answer:

• Do not share personal information.
• Use privacy settings.
• Block suspicious users.
• Report harassment.
• Use strong passwords.

---

5. What is Fast Flux?

Answer:

Fast Flux is a technique that frequently changes IP addresses associated with a domain to hide malicious websites.

---

6. Define DNS Phishing.

Answer:

DNS phishing redirects users from legitimate websites to fake websites by manipulating DNS records.

---

7. What is Deep Web?

Answer:

The Deep Web is the part of the Internet that is not indexed by search engines.

---

8. Define Ransomware.

Answer:

Ransomware is malware that locks or encrypts files and demands payment for recovery.

---

9. What is CryptoLocker?

Answer:

CryptoLocker is a ransomware program that encrypts files and demands ransom money.

---

10. What is Keylogging?

Answer:

Keylogging is secretly recording keyboard keystrokes to steal sensitive information.

---

D. Important MCQ Facts

APWG

Anti-Phishing Working Group

---

NCRB

National Crime Records Bureau

---

419 Fraud

Nigerian Fraud

---

PhishTank

Anti-phishing website

---

Fast Flux

Rapidly changing IP addresses

---

DNS Phishing

DNS manipulation attack

---

Deep Web

Not indexed by search engines

---

Ransomware

Demands money after encrypting files

---

CryptoLocker

Famous ransomware

---

Keylogging

Recording keyboard input

---

Expected MCQs

Q. What is another name for 419 Fraud?

Ans: Nigerian Fraud

---

Q. What does APWG stand for?

Ans: Anti-Phishing Working Group

---

Q. What does NCRB stand for?

Ans: National Crime Records Bureau

---

Q. Which malware demands ransom?

Ans: Ransomware

---

Q. Which ransomware became very famous worldwide?

Ans: CryptoLocker

---

Q. What attack redirects users to fake websites through DNS?

Ans: DNS Phishing

---

Q. Which website maintains phishing databases?

Ans: PhishTank

---

Q. What records keyboard activity secretly?

Ans: Keylogger

---

Q. Which part of the Internet is not indexed by Google?

Ans: Deep Web

---

One-Line Revision Before Exam

• 419 Fraud = Nigerian Fraud.
• APWG fights phishing.
• NCRB maintains crime records.
• Phishing steals passwords.
• Fast Flux hides malicious servers.
• DNS Phishing redirects users to fake sites.
• Deep Web is not indexed by search engines.
• Ransomware demands payment.
• CryptoLocker is ransomware.
• Keylogger records keystrokes.

BLOCK III – UNIT 1 : INFORMATION SECURITY

---

A. Ultra-Short Revision Notes

What is Information Security?

Information Security (InfoSec) means protecting information from:

• Unauthorized access
• Modification
• Disclosure
• Destruction

---

CIA Triad

The basic model of Information Security.

C – Confidentiality

Information should be accessible only to authorized persons.

Example:

Password-protected files.

---

I – Integrity

Information should remain accurate and unchanged.

Example:

Preventing unauthorized editing of records.

---

A – Availability

Information should be available when needed.

Example:

Website remains accessible to users.

---

Parkerian Hexad

Extended version of CIA Triad.

Contains:

1. Confidentiality
2. Integrity
3. Availability
4. Possession/Control
5. Authenticity
6. Utility

---

Possession/Control

Ownership or control of information.

---

Authenticity

Ensures information is genuine.

---

Utility

Information should be useful and usable.

---

Threat

Anything that can cause harm to information.

Examples:

• Hacker
• Virus
• Natural disaster

---

Vulnerability

A weakness that can be exploited.

Example:

Weak password.

---

Risk

Risk exists when:

Threat + Vulnerability

---

Security Controls

1. Physical Controls

Protect physical assets.

Examples:

• Locks
• CCTV
• Security guards

---

2. Logical Controls

Software-based protection.

Examples:

• Passwords
• Antivirus
• Firewalls

---

3. Administrative Controls

Policies and procedures.

Examples:

• Security policies
• Employee training

---

Defense in Depth

Using multiple layers of security.

Example:

• Firewall
• Antivirus
• Passwords
• Encryption

If one layer fails, others still provide protection.

---

B. Model Questions with Short Answers

---

1. Explain the Difference Between Vulnerability and Threat.

Answer:

Threat	Vulnerability
Potential danger	Weakness
Causes harm	Allows harm

Example:
Hacker = Threat
Weak password = Vulnerability

---

2. List Six Items That Might Be Considered Logical Controls.

Answer:

• Passwords
• Firewalls
• Antivirus
• Encryption
• Access control
• Intrusion Detection System (IDS)

---

3. What Term Might We Use to Describe the Usefulness of Data?

Answer:

Utility

---

4. Which Category of Attack is an Attack Against Confidentiality?

Answer:

Unauthorized disclosure or data theft.

---

5. How Do We Know at What Point We Can Consider Our Environment Secure?

Answer:

No system is completely secure; security means reducing risk to an acceptable level.

---

6. Using Defense in Depth, What Layers Might We Use to Secure Confidential Data on a USB Drive?

Answer:

• Physical security
• Password protection
• Encryption
• Antivirus
• User awareness

---

7. Based on Parkerian Hexad, What Principles are Affected if Encrypted Backup Tapes are Lost?

Answer:

• Possession/Control
• Availability

---

8. If Our Servers Use IIS and a Worm Attacks Apache Servers, What Do We Not Have?

Answer:

We do not have that specific vulnerability.

---

9. If We Use Extremely Long Passwords, What Will Be Adversely Impacted?

Answer:

Usability and productivity.

---

10. What are the Advantages and Disadvantages of CIA Triad and Parkerian Hexad?

Answer:

CIA Triad

Advantages:

• Simple
• Easy to understand

Disadvantages:

• Limited scope

Parkerian Hexad

Advantages:

• More comprehensive

Disadvantages:

• More complex

---

C. Important MCQ Facts

CIA Triad

• Confidentiality
• Integrity
• Availability

---

Parkerian Hexad

CIA +

• Possession
• Authenticity
• Utility

---

Threat

Potential danger.

---

Vulnerability

Weakness in system.

---

Risk

Threat + Vulnerability

---

Physical Controls

Locks, CCTV, guards.

---

Logical Controls

Passwords, antivirus, firewalls.

---

Administrative Controls

Policies and procedures.

---

Defense in Depth

Multiple layers of security.

---

Expected MCQs

Q. What are the three components of CIA Triad?

Ans: Confidentiality, Integrity, Availability

---

Q. What is a weakness in a system called?

Ans: Vulnerability

---

Q. What is a potential danger called?

Ans: Threat

---

Q. Risk occurs due to?

Ans: Threat + Vulnerability

---

Q. Which security model extends CIA Triad?

Ans: Parkerian Hexad

---

Q. What is the usefulness of data called?

Ans: Utility

---

Q. What is the purpose of Defense in Depth?

Ans: Multiple layers of protection.

---

Q. CCTV belongs to which control category?

Ans: Physical Control

---

Q. Firewall belongs to which control category?

Ans: Logical Control

---

Q. Security policies belong to which control category?

Ans: Administrative Control

---

One-Line Revision Before Exam

• Information Security = Protection of information.
• CIA = Confidentiality, Integrity, Availability.
• Parkerian Hexad = CIA + Possession + Authenticity + Utility.
• Threat = Danger.
• Vulnerability = Weakness.
• Risk = Threat + Vulnerability.
• Controls = Physical, Logical, Administrative.
• Defense in Depth = Multiple security layers.

UNIT 2 : INFORMATION SECURITY MANAGEMENT SYSTEMS (ISMS)

---

A. Ultra-Short Revision Notes

What is ISMS?

ISMS (Information Security Management System) is a systematic approach to managing and protecting an organization's information assets.

Purpose

• Protect information
• Manage risks
• Ensure confidentiality
• Ensure integrity
• Ensure availability

---

Information Assets

Information assets are valuable information resources owned by an organization.

Examples

• Customer records
• Employee data
• Databases
• Software
• Documents
• Intellectual property

---

Information Security According to Standard

Information Security means preserving:

Confidentiality

Only authorized users can access information.

Integrity

Information remains accurate and complete.

Availability

Information is available when needed.

---

Information Security Policy

A document that defines:

• Security objectives
• Rules
• Responsibilities
• Procedures

for protecting information.

---

Threat

Anything capable of causing harm to information assets.

Examples

• Hackers
• Malware
• Fire
• Flood

---

Attack

An attempt to exploit a vulnerability.

Example

Using a weak password to access a system.

---

Vulnerability

A weakness in an asset or system.

Example

Outdated software.

---

Risk

Possibility of loss when a threat exploits a vulnerability.

Formula

Risk = Threat + Vulnerability

---

PDCA Cycle

A continuous improvement model used in ISMS.

---

P – Plan

Identify risks and plan controls.

---

D – Do

Implement security controls.

---

C – Check

Monitor and evaluate effectiveness.

---

A – Act

Make improvements.

---

Importance of Asset Prioritization

Not all assets have equal value.

Organizations prioritize assets to:

• Protect critical data first
• Allocate resources effectively

---

B. Model Questions with Short Answers

---

1. List the Main Kinds of Information a Typical Organization Requires.

Answer:

• Customer information
• Employee information
• Financial records
• Operational data
• Legal documents

---

2. How is Information Security Characterized in the Standard?

Answer:

By preserving:

• Confidentiality
• Integrity
• Availability

---

3. How is Information Security Achieved According to the Standard?

Answer:

Through policies, procedures, controls, risk management, and continuous improvement.

---

4. What Does Ethical Conduct Mean in Practice?

Answer:

Acting honestly, responsibly, and respecting laws and organizational rules.

---

5. Which Information Assets Contribute Most to Coca-Cola's and Microsoft's Value?

Answer:

Coca-Cola

Secret formula and brand information.

Microsoft

Software, source code, and intellectual property.

---

6. What Precautions Can Be Taken Against Spyware?

Answer:

• Install antivirus
• Update software
• Avoid suspicious downloads
• Use firewalls

---

7. Find Out About Your Organization's Current Position on Spyware.

Answer:

Organizations generally use antivirus software, firewalls, and security policies to prevent spyware.

---

8. How Much Control Does an Organization Have Over Shareability and Scarcity of Information Assets?

Answer:

Organizations can control access and distribution through security policies and access controls.

---

9. What are the Possible Results of a Breach of Security Requirements?

Answer:

• Data loss
• Financial loss
• Reputation damage
• Legal issues

---

10. Explain How Shareability and Scarcity Can Be Achieved.

Answer:

Through proper management of:

• Confidentiality
• Integrity
• Availability

---

11. Who Should Be Involved in Developing an Information Security Policy?

Answer:

• Management
• IT staff
• Security team
• Employees

---

12. Whom Should the Policy Cover?

Answer:

Everyone in the organization.

---

13. Describe the Possible Scopes of an ISMS.

Answer:

ISMS may cover:

• Entire organization
• Specific department
• Particular business process

---

14. Define Threat and Attack.

Answer:

Threat

Potential danger.

Attack

Actual attempt to exploit a weakness.

---

15. Distinguish Between Outcome of a Threat and Impact of an Attack.

Answer:

Outcome

Possible result.

Impact

Actual damage caused.

---

16. Describe Types of Threats.

Answer:

• Human threats
• Malware
• Natural disasters
• Technical failures

---

17. Possible Outcomes of Threats to Information Assets.

Answer:

• Loss of confidentiality
• Loss of integrity
• Loss of availability

---

18. Define Vulnerability of an Information Asset.

Answer:

A weakness that can be exploited by threats.

---

19. Define a Risk Combination Table Suitable for an Organization.

Answer:

A table that ranks risks as:

• Low
• Medium
• High

based on likelihood and impact.

---

20. Why Must Information Assets and Organizational Objectives Be Related?

Answer:

To ensure security supports business goals.

---

21. Why Must Information Assets Be Prioritized?

Answer:

To focus protection on the most valuable assets.

---

22. Explain PDCA Cycle.

Answer:

Plan

Identify risks.

Do

Implement controls.

Check

Review results.

Act

Improve system.

---

C. Important MCQ Facts

ISMS

Information Security Management System

---

CIA

Confidentiality, Integrity, Availability

---

Threat

Potential danger

---

Attack

Attempt to exploit weakness

---

Vulnerability

Weakness in system

---

Risk

Threat + Vulnerability

---

PDCA

P = Plan

D = Do

C = Check

A = Act

---

Information Asset Examples

• Database
• Customer records
• Software
• Documents

---

Expected MCQs

Q. What does ISMS stand for?

Ans: Information Security Management System

---

Q. What are the three pillars of information security?

Ans: Confidentiality, Integrity, Availability

---

Q. What is a weakness in an asset called?

Ans: Vulnerability

---

Q. What is a potential danger called?

Ans: Threat

---

Q. What does PDCA stand for?

Ans: Plan, Do, Check, Act

---

Q. Which phase implements security controls?

Ans: Do

---

Q. Which phase reviews performance?

Ans: Check

---

Q. What is the purpose of ISMS?

Ans: Protect information assets.

---

One-Line Revision Before Exam

• ISMS protects information assets.
• Information assets include data, software, and documents.
• Information security = CIA.
• Threat = danger.
• Attack = actual attempt.
• Vulnerability = weakness.
• Risk = threat + vulnerability.
• PDCA = Plan → Do → Check → Act.
• Security policy applies to all employees.

UNIT 3 : CYBER SECURITY TECHNIQUES FOR SECURE E-COMMERCE

---

A. Ultra-Short Revision Notes

What is Secure E-Commerce?

Secure E-Commerce means protecting online business transactions from:

• Unauthorized access
• Data theft
• Fraud
• Modification

---

Main Security Requirements

1. Confidentiality

Information should remain secret.

Example:

Credit card details should not be visible to others.

---

2. Integrity

Data should not be altered during transmission.

---

3. Authentication

Verifies identity.

Example:

Username and Password.

---

4. Authorization

Determines what a user is allowed to do.

---

5. Non-Repudiation

A person cannot deny performing a transaction.

---

Authentication vs Authorization

Authentication	Authorization
Who are you?	What can you do?
Identity verification	Permission granting

---

Digital Certificate

An electronic document used to verify identity on the Internet.

Issued by:

Certifying Authority (CA)

---

Digital Signature

Electronic signature used to verify:

• Authenticity
• Integrity
• Sender identity

---

Firewall

A security system that monitors and controls network traffic.

Purpose:

Blocks unauthorized access.

---

Antivirus

Software used to detect, prevent, and remove malware.

Examples:

• Quick Heal
• Norton
• McAfee

---

Security Token

A device or code used for authentication.

Example:

OTP received on mobile.

---

Biometrics

Authentication based on physical characteristics.

Examples:

• Fingerprint
• Face Recognition
• Iris Scan

---

Hand Geometry Authentication

Uses the shape and size of a person's hand for identification.

---

Secure Electronic Transaction (SET)

A protocol developed to secure online credit card transactions.

---

B. Model Questions with Short Answers

---

1. What is E-Commerce?

Answer:

E-Commerce is buying and selling goods and services over the Internet.

---

2. What is a Business Model?

Answer:

A business model describes how a company creates, delivers, and earns revenue.

---

3. Explain the Revenue Model of an E-Commerce Company.

Answer:

Common revenue models:

• Sales
• Subscription
• Advertising
• Commission fees

---

4. Discuss the Concerns That Must Be Addressed Before Starting an E-Commerce Company.

Answer:

• Security
• Privacy
• Payment systems
• Customer trust
• Legal compliance

---

5. Define Data Integrity.

Answer:

Data integrity means information remains accurate and unchanged.

---

6. What are the Different Techniques to Address Access Control?

Answer:

• Passwords
• Biometrics
• Smart cards
• Security tokens

---

7. What is a Digital Certificate?

Answer:

A digital certificate is an electronic document that verifies a person's or organization's identity.

---

8. What is the Difference Between Identification, Authentication and Authorization?

Answer:

Identification

Claiming an identity.

Authentication

Verifying identity.

Authorization

Granting permissions.

---

9. What are the Different Types of E-Commerce Authentication?

Answer:

• Password authentication
• Token authentication
• Biometric authentication
• Smart card authentication

---

10. What is a Security Token?

Answer:

A security token is a device or code used to verify identity.

Example:
OTP.

---

11. What are the Different Types of Biometric Authentication?

Answer:

• Fingerprint
• Face recognition
• Iris scan
• Voice recognition
• Hand geometry

---

12. What is Hand Geometry Authentication?

Answer:

A biometric method that identifies users based on the shape and size of their hands.

---

13. What is Secure Electronic Transaction (SET)?

Answer:

SET is a protocol designed to secure online credit card transactions.

---

14. Explain the Working of a Digital Signature.

Answer:

A digital signature uses cryptography to verify the authenticity and integrity of electronic documents.

---

15. Compare Digital Signatures with Ink-on-Paper Signatures.

Answer:

Digital Signature	Ink Signature
Electronic	Physical
More secure	Less secure
Uses cryptography	Uses handwriting

---

16. What is an Antivirus?

Answer:

Antivirus is software that detects and removes malware.

---

17. What is a Firewall?

Answer:

A firewall is a security system that blocks unauthorized network access.

---

C. Important MCQ Facts

Authentication

Identity verification

---

Authorization

Permission granting

---

Digital Certificate

Identity verification document

---

Digital Signature

Electronic authentication method

---

Firewall

Blocks unauthorized access

---

Antivirus

Detects malware

---

Security Token

Authentication device/code

---

SET

Secure Electronic Transaction

---

Biometrics

Physical characteristic-based authentication

---

Hand Geometry

Biometric authentication using hand shape

---

Expected MCQs

Q. What verifies a user's identity?

Ans: Authentication

---

Q. What grants user permissions?

Ans: Authorization

---

Q. What is used to secure online credit card transactions?

Ans: SET

---

Q. What verifies authenticity of electronic documents?

Ans: Digital Signature

---

Q. What is issued by a Certifying Authority?

Ans: Digital Certificate

---

Q. What blocks unauthorized network traffic?

Ans: Firewall

---

Q. What removes malware?

Ans: Antivirus

---

Q. OTP is an example of?

Ans: Security Token

---

Q. Fingerprint authentication belongs to?

Ans: Biometrics

---

Q. Hand shape recognition is called?

Ans: Hand Geometry Authentication

---

One-Line Revision Before Exam

• Secure E-Commerce protects online transactions.
• Authentication = Identity verification.
• Authorization = Permission granting.
• Digital certificate verifies identity.
• Digital signature verifies authenticity.
• Firewall blocks unauthorized access.
• Antivirus removes malware.
• SET secures credit card transactions.
• Biometrics use physical characteristics.
• OTP is a security token.

UNIT 4 : ETHICAL ASPECT OF INFORMATION SECURITY

---

A. Ultra-Short Revision Notes

What are Ethics?

Ethics are moral principles that help us decide what is right and wrong.

Examples

• Honesty
• Responsibility
• Respect for privacy
• Fair use of technology

---

Privacy

Privacy means a person's right to control access to their personal information.

Examples

• Personal data
• Medical records
• Bank details
• Passwords

---

Why is Privacy Important?

• Protects personal information
• Prevents misuse of data
• Maintains individual freedom

---

Computer Security

Computer security protects:

• Data
• Systems
• Networks

from unauthorized access, damage, or theft.

---

Ethical Issues in Computer Security

• Hacking
• Privacy violations
• Data theft
• Unauthorized surveillance
• Software piracy

---

Hacking vs Cracking

Hacking

Accessing systems to find weaknesses, often for security improvement.

Cracking

Illegal access with harmful intentions.

---

Safety-Critical Systems

Systems whose failure can cause:

• Injury
• Loss of life
• Major damage

Examples

• Aircraft systems
• Medical equipment
• Nuclear plant controls

---

Ubiquitous Computing

Computing available everywhere and anytime through interconnected devices.

Example

Smart homes and smart devices.

---

Ambient Intelligence

Technology that intelligently responds to people's needs and environment.

Example

Smart lights that turn on automatically.

---

Freeware and Open Source Software

Freeware

Free software available without cost.

Open Source Software

Software whose source code is publicly available for modification.

---

B. Model Questions with Short Answers

---

1. What are Ethics?

Answer:

Ethics are moral principles that guide human behavior and help distinguish right from wrong.

---

2. What is the Moral Importance of Computer Security?

Answer:

Computer security protects privacy, property, personal information, and public safety.

---

3. How Does Computer Security Pose Ethical Issues?

Answer:

Security measures may affect privacy, freedom, and access to information, creating ethical concerns.

---

4. What are Safety-Critical Systems?

Answer:

Systems whose failure can result in serious injury, death, or major damage.

Examples:
Aircraft and medical systems.

---

5. How Can Compromises of Confidentiality Violate Privacy Rights?

Answer:

Unauthorized access to personal information can expose sensitive data and violate privacy.

---

6. What are the Moral Responsibilities of Information Security Professionals?

Answer:

• Protect data
• Respect privacy
• Follow laws
• Maintain confidentiality
• Act ethically

---

7. What are the Ethical Issues in Computer Security?

Answer:

• Hacking
• Data theft
• Privacy invasion
• Surveillance
• Software piracy

---

8. What is Hacking? How is it Different from Cracking?

Answer:

Hacking

Finding system weaknesses, often legally.

Cracking

Illegal access with malicious intent.

---

9. What are the Two Kinds of Privacy Issues Raised by the Internet?

Answer:

• Collection of personal information
• Unauthorized sharing of information

---

10. What is Ubiquitous Computing?

Answer:

Computing technology available everywhere through connected devices.

---

11. Define Ambient Intelligence.

Answer:

Technology that intelligently adapts to user needs and surroundings.

---

12. What are the Different Tactics to Ensure Computer Security and Maintain Privacy?

Answer:

• Strong passwords
• Encryption
• Firewalls
• Antivirus software
• Access controls
• User awareness

---

C. Important MCQ Facts

Ethics

Moral principles

---

Privacy

Protection of personal information

---

Computer Security

Protection of systems and data

---

Safety-Critical Systems

Failure can cause serious harm

---

Hacking

Authorized or ethical system testing

---

Cracking

Illegal system intrusion

---

Ubiquitous Computing

Computing everywhere

---

Ambient Intelligence

Smart environment technology

---

Open Source Software

Source code publicly available

---

Freeware

Free software

---

Expected MCQs

Q. What are ethics?

Ans: Moral principles guiding behavior.

---

Q. What protects personal information?

Ans: Privacy.

---

Q. What is illegal access to a system called?

Ans: Cracking.

---

Q. Which systems can cause loss of life if they fail?

Ans: Safety-Critical Systems.

---

Q. What is computing available everywhere called?

Ans: Ubiquitous Computing.

---

Q. What is technology that adapts intelligently to users called?

Ans: Ambient Intelligence.

---

Q. What type of software has publicly available source code?

Ans: Open Source Software.

---

Q. What protects systems from unauthorized access?

Ans: Computer Security.

---

One-Line Revision Before Exam

• Ethics = Moral principles.
• Privacy = Protection of personal information.
• Computer security protects systems and data.
• Hacking = Ethical testing.
• Cracking = Illegal intrusion.
• Safety-critical systems can affect life and safety.
• Ubiquitous computing = Computing everywhere.
• Ambient intelligence = Smart responsive technology.
• Open source software = Public source code.