Zero To Mastery In Cybersecurity- Become Zero To Hero In Cybersecurity, This Cybersecurity Book Covers A-Z Cybersecurity Concepts, 2022 Latest Edition
By RAJIV JAIN
()
About this ebook
- This Cybersecurity Book Covers Each And Every Topic Of The Cybersecurity.
- With The Help Of This Cybersecurity Book, You Can Learn Cybersecurity Very Easily, You Don't Need To Learn Cybersecurity The Hard Way.
- This Is One Of The Best Cybersecurity Book For Beginners To Advanced Beca
Related to Zero To Mastery In Cybersecurity- Become Zero To Hero In Cybersecurity, This Cybersecurity Book Covers A-Z Cybersecurity Concepts, 2022 Latest Edition
Related ebooks
Cybersecurity: A Simple Beginner’s Guide to Cybersecurity, Computer Networks and Protecting Oneself from Hacking in the Form of Phishing, Malware, Ransomware, and Social Engineering Rating: 5 out of 5 stars5/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsCybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Cybersecurity: The Hacker Proof Guide To Cybersecurity, Internet Safety, Cybercrime, & Preventing Attacks Rating: 0 out of 5 stars0 ratingsLandscape of Cybersecurity Threats and Forensic Inquiry Rating: 0 out of 5 stars0 ratingsCyber Curiosity: A Beginner's Guide to Cybersecurity Rating: 0 out of 5 stars0 ratingsThe Future and Opportunities of Cybersecurity in the Workforce Rating: 3 out of 5 stars3/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/57 Rules To Become Exceptional At Cyber Security Rating: 5 out of 5 stars5/5Practical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5Cyber Security for Beginners: How to Become a Cybersecurity Professional Without a Technical Background (2022 Guide for Newbies) Rating: 0 out of 5 stars0 ratingsThe Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsThe Language of Cybersecurity Rating: 5 out of 5 stars5/5Hacking for Beginners: Mastery Guide to Learn and Practice the Basics of Computer and Cyber Security Rating: 0 out of 5 stars0 ratingsBeginner's Guide to Information Security Rating: 0 out of 5 stars0 ratingsHacking: Computer Hacking for beginners, how to hack, and understanding computer security! Rating: 5 out of 5 stars5/5Hacking the Hacker: Learn From the Experts Who Take Down Hackers Rating: 3 out of 5 stars3/5The Little Book of Cybersecurity Rating: 0 out of 5 stars0 ratingsHow to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Cybersecurity All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Mindset: A Virtual and Transformational Thinking Mode Rating: 0 out of 5 stars0 ratings7 Rules to Influence Behaviour and Win at Cyber Security Awareness Rating: 5 out of 5 stars5/5Security+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5CompTIA CySA+ Study Guide: Exam CS0-003 Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5The Cybersecurity Playbook: How Every Leader and Employee Can Contribute to a Culture of Security Rating: 0 out of 5 stars0 ratings
Computers For You
Mastering ChatGPT: 21 Prompts Templates for Effortless Writing Rating: 5 out of 5 stars5/5CompTIA Security+ Practice Questions Rating: 2 out of 5 stars2/5Procreate for Beginners: Introduction to Procreate for Drawing and Illustrating on the iPad Rating: 0 out of 5 stars0 ratingsAP Computer Science Principles Premium, 2024: 6 Practice Tests + Comprehensive Review + Online Practice Rating: 0 out of 5 stars0 ratingsCreating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5How to Create Cpn Numbers the Right way: A Step by Step Guide to Creating cpn Numbers Legally Rating: 4 out of 5 stars4/5The ChatGPT Millionaire Handbook: Make Money Online With the Power of AI Technology Rating: 0 out of 5 stars0 ratingsSQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Deep Search: How to Explore the Internet More Effectively Rating: 5 out of 5 stars5/5101 Awesome Builds: Minecraft® Secrets from the World's Greatest Crafters Rating: 4 out of 5 stars4/5CompTIA IT Fundamentals (ITF+) Study Guide: Exam FC0-U61 Rating: 0 out of 5 stars0 ratingsGrokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5Ultimate Guide to Mastering Command Blocks!: Minecraft Keys to Unlocking Secret Commands Rating: 5 out of 5 stars5/5ChatGPT Ultimate User Guide - How to Make Money Online Faster and More Precise Using AI Technology Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Childhood Unplugged: Practical Advice to Get Kids Off Screens and Find Balance Rating: 0 out of 5 stars0 ratingsElon Musk Rating: 4 out of 5 stars4/5Going Text: Mastering the Command Line Rating: 4 out of 5 stars4/5The Professional Voiceover Handbook: Voiceover training, #1 Rating: 5 out of 5 stars5/5Dark Aeon: Transhumanism and the War Against Humanity Rating: 5 out of 5 stars5/5Master Builder Roblox: The Essential Guide Rating: 4 out of 5 stars4/5
Reviews for Zero To Mastery In Cybersecurity- Become Zero To Hero In Cybersecurity, This Cybersecurity Book Covers A-Z Cybersecurity Concepts, 2022 Latest Edition
0 ratings0 reviews
Book preview
Zero To Mastery In Cybersecurity- Become Zero To Hero In Cybersecurity, This Cybersecurity Book Covers A-Z Cybersecurity Concepts, 2022 Latest Edition - RAJIV JAIN
Zero to Mastery in CYBER SECURITY
Chapter-1
INFORMATION SYSTEM
In this age of information, almost all fields of endeavor such as education, manufacturing, research, games, entertainment, and business treat information systems as a need. Indeed, every activity in our daily life today requires people to get involved in the use of information systems.
First, to understand the system, there is a need to understand the three concepts.
1. Data.
2. Process.
3. Information.
4. System.
Data
Data is a raw material. Data refers to the raw facts on any thing or entities like student names, courses and marks. The raw data that has not yet been provided can be processed to become more useful information.
For example:
• In addition of two numbers, we need more than one data. Such as a (a=2) and b (b=4).
• In a class, student name, roll number, age and their marks are the data.
Process
Process or procedure explains the activities performed by users. Process is a guide consisting of orderly steps, which need to be implemented in order to get a certain decision on a certain matter.
Information
The data after processing is called information.
Image 1Fig. 1.1
Information is an organized, meaningful and useful interpretation of data such as a company performances or a student’s academic performance. Information systems change data after perform some process into information, which is useful and capable of giving a certain meaning to its users.
For example: - In addition of two number the data (Raw material) is a (a=2)and b (b=4) and after addition of these data the result is c (c=6). The information c (c=6) is getting after the processing over the data.
In a class, student name, roll number, age and their marks are the data and performing some process like mathematical calculation (average formula). We get the information about the class. Such as the class’s performance.
Hardware
Hardware is the physical component of the computer which can be touch and feel by the user.
These component include the following-
1. Input Devices.
2. Output Devices
3. Storage Devices.
Software
Computer software, or just software, is a collection of computer programs and related data that provides the instructions for telling a computer what to do and how to do it.
The program is the sequence of instruction that are designed to accomplish a particular task. The collection of programs that are designed for a specific purpose is called the software.
System
A system is simply a group of activities and elements and all activities are executed in a manner to achieve the specific task or purpose.
Information System
The information system is the collection of hardware and software and designed to achieve the specific task. Information system helps people for making the business decisions.
In the current era of globalization, the success of a business depends on the information system.
Many organizations today use information systems to offer services with greater satisfaction to customers, to access a wider range of information, to handle business changes at a greater speed, and to increase the productivity of workers. Based on a number of researches, an effective information system should be able to exceed customer expectations and fulfill business needs.
Types of Information System
Image 2Fig. 1.2
Transaction Processing System (TPS)
- TPS can access information about all transactions related to the organization.
- Transactions occur whenever there exist activities involving sales order processing, accounts receivable, accounts payable, inventory and ordering as well as payroll.
- These transactions involve credit and debit in the company ledger account.
- The output from this transaction is the account statement, which is used to generate financial reports.
- TPS now uses the latest technology which uses the E-commerce concept. This is a new challenge in the field of transaction processing which begins to shift to the on-line transaction processing system.
Management Information System (MIS)
- This system will take the information that has been extracted form
- TPS and generate reports which are required by the management for planning and controlling a Company’s business.
- This system is capable of fulfilling the needs of management in acquiring the information that: (a) is brief and useful.
(b) can be obtained and processed at the right time to make a decision.
Executive Information System (EIS)
- A decision support system specifically used by the executive management in making strategic decisions.
- It is a tool that provides online access directly to the relevant information, in the format that is useful and can be browsed.
- Relevant information is timely, precise and useful in business aspects, according to the interest of certain managers.
- Useful format, and can be browsed easily; will mean that the system has been specially built for the use of individuals who have little time to spare, are less skilful in using the keyboard and less experienced with computers.
- This system can be surfed easily so that managers can identify strategic issues and can then explore information for getting the sources about those issues.
- It is also an information system that combines the features of information reporting system and decision support system. It focuses on fulfilling the strategic information needs of the top management.
Decision Support System (DSS)
-
The main focus of this information system is for the effectiveness of the manager in analyzing the information and making a decision.
-
It is used for handling decisions that are not structured, i.e. decisions which are made when an emergency happens.
-
This system uses a database management system, query language, financial modeling, electronic spread sheet, statistical analysis program, report generator or graphic software for supplying the information needed.
Office Information System (OIS)
- Office automation is wider than word processing and form processing.
- This information system covers activities in the office, which can improve work flow and communication among workers, whether inside or outside the office.
- The focus of this system is on the collection of information for who ever needs it.
- The functions of this system are word processing, e-mails, work group programming, work group scheduling, facsimile processing, e-document, imaging and management of work flow.
Expert System (ES)
- It is a program that produces a decision which is almost similar to decisions made by an expert in a certain discipline.
- This information system can imitate the way humans think and consider in making a decision.
- An expert system will combine the use of knowledge, facts and techniques to make a decision.
- An expert can always give a certain decision which is accurate as well as ensuring maximum benefit to all the people concerned. Unfortunately, the sources for expert services are limited.
- Realizing the high value of knowledge and the expertise owned by the expert, researchers have tried to transfer and save in the computers the knowledge and expertise owned by the experts.
- Through this work, the expert system is made.
Information System Participants / Individuals in IS
Image 3Fig. 1.3
System Owner
The systems owner bears the cost of system development and maintenance. He has the right over the system, determines the interest over the system and determines the policies over its use. The system owner is also responsible for system justification and system acceptance. In certain situations, the system owner is also a system user.
System owners always think of the return value, which can be obtained by developing the information system. This return is valued from various aspects such as:
- What are the benefits of the system?
- What are the mission and objectives?
- What is the cost of developing the system?
- What is the cost of operating the system?
- Can the investment pay back the capital?
System Designer
Systems designers are experts in the technical field who would design a system for fulfilling the needs of users. They are responsible for manipulating the needs of business users and the constraints in technical solutions. They design computer files, databases, input, output, screen, networks, and programs that can fulfill the needs of system users. They are also responsible for integrating the technical solutions into the daily business environment.
Systems designers understand the technological environment better when compared to systems owners and systems users. They always provide alternatives and design systems based on technological constraints at that time. Now, systems designers give more attention to technical experts such as:
- Database designers who provide focus on the data.
- Programmers and software engineers who provide focus on the process.
- Systems integrators who provide focus on the system interfaces.
- Telecommunication and network experts who provide focus on the geographic locations.
System Developer
Systems developers are the experts in the technical field who would develop, test and produce a system, which can operate successfully. They build the system components based on the design specifications of the system designers. In many situations, system designers are the system developers.
They use technology to develop information systems.
Among the individuals who get involved directly in information system development, you maybe ask what is the role of the systems analyst? In actual fact, the systems analysts are really acting as facilitators for information systems development. The system analyst has the expertise that is owned by all the above individuals. They should feel comfortable with the views of all the individuals mentioned above. For the systems owners and users, the systems analyst should develop and update their views.
The duty of the systems analyst is to ensure that the technical knowledge of systems designers and developers are consistent with the current business needs.
System User
The system user is an individual who uses the system for producing something, or uses the system to help him in his daily jobs. Directly, users are the ones who get the benefits from the system that has been developed. Besides being the initiators for the new information system request, users also determine:
- The problems to be solved.
- Opportunities to be exploited.
- The needs to be fulfilled.
- Business constraints to be overcome by the system.
- Whether the information system that has been developed is easy or difficult to use.
Internal User
Employees who work in the company to develop the information system. Internal users constitute the highest percentage among those who use the said system. They include the support and administrative staff, the technical and professional staff, supervisors, the management and the executives.
External User
The information system can no connect the system to other individuals as users of the system.
Due to global competition, businesses are redesigned to enable connectivity with other organizations, partners, suppliers, customers and end users.
As an example, you need not fill up any form to apply for entry into OUM. With the information system provided by OUM, you just need to go to the OUM website, fill up the application form online, and send the form online. Now, the facility is provided, but in future it may be necessary to change our way of life.
Development of Information System
An information system can be developed in phases and the order in which phases are to be executed.
Each phase produces deliverables required by the next phase in the life cycles of the Information System.
There are following phases in the development of the Information System.
1. Requirement gathering and analysis: Business requirements are gathered in this phase. The main focus in this phase on the requirements like:
Who is going to use the system?
How will they use the system?
What data should be input into the system?
What data should be output by the system?
These are the general questions that get answered during the requirement gathering phase. Requirement specification document is created which serves the purpose of guideline for the next phase of the development of Information System.
2. Design: In this phase the system design is prepared from the requirement specifications which were studied in the first phase. System design helps in specifying hardware and system requirements and also helps in defining overall architecture. The system design specification serve as input for the next phase of the Information system.
3. Implementation / coding: On receiving system design documents, the work is divided into modules/ units and actual coding is started. This is longest phase of the development of information system.
4. Testing: After the code is developed it is tested against the requirements to make sure that the product is actually solving the needs addressed and gathered during the requirement phase. Testing is the activity performed to check the quality of the information system against defect. In testing phase the system is testing with intent of finding errors.
5. Deployment: After successful testing the product is delivered / deployed to the customer for their use .
6. Maintenance: Once, when the customers start using the developed system then the actual problems up and needs to be solved from time to time. This process where the care is taken for the developed product is known as maintenance.
Questions
Q.1. What is information system and give the components of information system?
Q.2. Define information system and what are the types of information system?
Q.3. Write a short notes of the following:
( i) Management Information System
( ii) Executive Information System
( iii) Decision Support system
( iv) Expert System
Q.4. Explain in details information system participants?
Q.5. Explain in details development of information system?
Q.6. What is Information System? How does information system relate to business and help them?
Chapter 2
INFORMATION SECURITY
According to the UK Government, Information security is: The practice of ensuring information is only read, heard, changed, broadcast and otherwise used by people who have the right to do so.
(Source: UK Online for Business)
Information systems need to be secure if they are to be reliable. Since many businesses are critically reliant on their information systems for key business processes (e.g. websites, production scheduling, transaction processing), security can be seen to be a very important area for management to get right.
Need for Information Security
Computer security is the process of preventing and detecting unauthorized use of your computer.
Prevention measures help you to stop unauthorized users from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.
Security Requirements
Needs for information systems security and trust can be formulated in terms of several major requirements:
- Data confidentiality - controlling who gets to read information in order to keep sensitive information from being disclosed to unauthorized recipients - e.g., preventing the sclosure of classified information to an adversary.
- Data integrity - assuring that information and programs are changed, altered, or modified only in a specified and authorized manner - e.g., preventing an adversary from modifying orders given to combat units so as to shape battlefield events to his advantage.
- System availability - assuring that authorized users have continued and timely access to information and resources - e.g., preventing an adversary from flooding a network with bogus traffic that delays legitimate traffic such as that containing new orders from being transmitted.
- System configuration- assuring that the configuration of a system or a network is changed only in accordance with established security guidelines and only by authorized users.
-
Authentication - ascertaining that the identity claimed by a party is indeed the identity of that party.Authentication is generally based on what a party knows (e.g., a password), what a party has (e.g., hardware computer-readable token), or what a party is (e.g., a fingerprint).
-
Authorization - granting of permission to a party to perform a given action (or set of actions)
-
Auditing - recording each operation that is invoked along with the identity of the subject performing it and the object acted upon (as well as later examining these records).
-
Non-repudiation - the use of a digital signature procedure affirming both the integrity of a given message and the identity of its creator to protect against a subseqeuent attempt to deny authenticity.
Information System threats / attacks
There are mainly two types of threats in Information System.
Image 4Fig. 2.1
Passive Threats
Security threats are in the nature of monitoring of transmission of many types. The goal of this attack or the hacker doing the attack is to gain information or the information that is being transmitted in the message to gain a edge of other party.
Passive attacks are very hard to detect because they do not damaged or changed the information.
So you can not tell they have been attacked.
Types of Passive Threats
There are main two types of passive attack.
1. Release of message content: It is easy to grasp just from it name and what it does it easily figureout also. In this type of passive attack a mail message, phone call any transferred message pretty much of sensitive information that would be intercepted.
2. Traffic analysis: Traffic analysis is little more complicated and it is very subtle and hard to detect. It would be like this if we had a way to hide the information on a message and the hacker still viewed the information’
Active threats
Active threats attempt to change the system it is attacking. Active threats always involve a modification of data stream. There are four main categories of attacks –
- Masquerade: - It is a term used when an attacking network personates a valid device. It is the ideal approach. If an attacker wants to remain undetected. If the device can successfully fool the target network into validating it as an authorized device the attacker gets all the access rights that the authorized device stabilized during log on.
- Replay: - Replay attack capture information sent by an unwary client and later attempts to reuse, replay that information in order to gain access to protected data.
- Modification: - It changes the information included in messages being processed between two of more entities.
- Denial of Service: - In a DOS attack, an attacker attempt to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, network of sites you are tiring to use, an attacker may be able to prevent you from accessing emails, web sites, online accounts; other services that relay on the affected computer.
Information Assurance
Information Assurance assures that authorized users have access to authorized information at the authorized time. It does not matter whether the information is in storage, processing. The session provides an introduction to information Assurance as well as details that will help storage personal better understand its applicability in their own environments.
Measures that protect and defend information and information system by ensuring their availability, integrity, authentication, confidentialit
Information Assurance defines and applies a collection of policies, standards, methodologies, services and mechanisms to maintain mission integrity with respect to people, process, technology, information and supporting infrastructure.
Information Assurance provides for confidentiality, integrity, availability, utility, authenticity, no repudiation, authorized use and privacy of information in all forms.
Information Security Principles
Confidentiality
Confidentiality ensures that information can be access to only for authorized user.
Integrity
Integrity ensures that, information remains same in its original form.
Availability
Availability ensures that, information resource is ready for use within stated operational parameters.
Possession
Possession ensures that, resource remains in the custody of authorized personal.
Authenticity
Authenticity ensures that, information confirms to reality, it is not misrepresented as something it is not.
Privacy
Privacy ensures that, protection of personal information from observation or intrusion as well as adherence to relevant privacy compliances.
Questions
Q.1. What are the needs of Information Security. Explain it?
Q.2. What is information system threats/attacks and what are the types of information system threats?
Q.3. Write a