ITI (Trade-COPA) Day- 21

ITI COPA (Computer Operator & Programming Assistant) – Basic Notes

Topic - CYBER SECURITY

1. Introduction to Cyber Security

1.1 Meaning of Cyber Security

Cyber Security refers to the practice of protecting computers, networks, servers, mobile devices, programs, and data from unauthorized access, attacks, damage, or theft. It involves using technologies, processes, and policies to ensure the safety of information systems.

In simple words, cyber security means protecting digital information and systems from cyber threats.

With the increasing use of:

  • Internet

  • Online banking

  • E-commerce

  • Social media

  • Cloud computing

cyber security has become very important.

1.2 Need for Cyber Security

Cyber security is required to:

  • Protect personal information

  • Protect business data

  • Prevent financial loss

  • Avoid identity theft

  • Ensure safe online transactions

  • Protect government and national data

2. Information Security

2.1 Meaning of Information Security

Information Security (InfoSec) is the practice of protecting information from unauthorized access, disclosure, modification, or destruction, whether the information is stored digitally or physically.

2.2 Objectives of Information Security (CIA Triad)

The main objectives of information security are explained by the CIA Triad:

1. Confidentiality

  • Information should be accessible only to authorized users.

  • Example: Password-protected files.

2. Integrity

  • Information should not be altered without permission.

  • Example: Protecting data from unauthorized modification.

3. Availability

  • Information should be available when required.

  • Example: Server uptime and backups.

2.3 Importance of Information Security

  • Protects sensitive data

  • Prevents data breaches

  • Ensures trust of users

  • Maintains business continuity

  • Required by law and regulations

3. SSL and HTTPS

3.1 SSL (Secure Sockets Layer)

SSL is a security technology used to encrypt data transmitted between a web browser and a web server.

  • It protects data such as:

    • Login details

    • Credit card numbers

    • Personal information

3.2 How SSL Works

  1. Browser connects to server

  2. Server sends SSL certificate

  3. Browser verifies certificate

  4. Encrypted connection established

3.3 HTTPS (Hypertext Transfer Protocol Secure)

HTTPS is the secure version of HTTP that uses SSL/TLS encryption.

  • Websites using HTTPS show:

    • 🔒 Lock symbol in address bar

  • Example:

    • https://www.bank.com

3.4 Advantages of HTTPS

  • Secure data transfer

  • Protects against hacking

  • Builds user trust

  • Improves website ranking

4. Security Threats

4.1 Meaning of Security Threat

A security threat is any activity or event that can harm a computer system or data.

4.2 Types of Security Threats

1. Malware

Malicious software designed to damage systems.

Types:

  • Virus

  • Worm

  • Trojan

  • Spyware

  • Ransomware

2. Phishing

Fake emails or websites that trick users into revealing personal information.

3. Hacking

Unauthorized access to computer systems.

4. Denial of Service (DoS) Attack

Overloading a system to make it unavailable.

5. Man-in-the-Middle Attack

Attacker secretly intercepts communication.

6. Password Attacks

Cracking weak passwords.

4.3 Effects of Security Threats

  • Data loss

  • Financial loss

  • System downtime

  • Reputation damage

  • Legal penalties

5. Information Security Vulnerability

5.1 Meaning of Vulnerability

A vulnerability is a weakness in a system that can be exploited by attackers.

5.2 Types of Vulnerabilities

  • Weak passwords

  • Outdated software

  • Poor system configuration

  • Lack of antivirus

  • Unsecured Wi-Fi networks

5.3 Difference Between Threat and Vulnerability

ThreatVulnerability
Potential dangerWeakness in system
Example: VirusExample: No antivirus

6. Risk Management

6.1 Meaning of Risk

Risk is the possibility that a threat may exploit a vulnerability and cause damage.

6.2 Risk Management Process

  1. Risk Identification

    • Identify threats and vulnerabilities

  2. Risk Assessment

    • Evaluate impact and likelihood

  3. Risk Control

    • Apply security measures

  4. Risk Monitoring

    • Continuous review

6.3 Risk Control Methods

  • Avoid risk

  • Reduce risk

  • Transfer risk

  • Accept risk

7. Directory Services

7.1 Meaning of Directory Services

Directory Services store and manage information about users, computers, and resources in a network.

Example:

  • Active Directory (AD)

7.2 Functions of Directory Services

  • User authentication

  • Authorization

  • Resource management

  • Centralized administration

7.3 Advantages

  • Central control

  • Better security

  • Easy user management

8. Access Control

8.1 Meaning of Access Control

Access control defines who can access what resources and at what level.

8.2 Types of Access Control

1. Discretionary Access Control (DAC)

Owner decides access.

2. Mandatory Access Control (MAC)

System enforces access rules.

3. Role-Based Access Control (RBAC)

Access based on job role.

8.3 Access Control Methods

  • Username and password

  • Biometric authentication

  • Smart cards

  • OTP (One Time Password)

9. Security and Privacy Protection

9.1 Security vs Privacy

  • Security protects data from unauthorized access.

  • Privacy protects personal information rights.

9.2 Privacy Protection Measures

  • Data encryption

  • Privacy policies

  • User consent

  • Limited data collection

9.3 Importance of Privacy Protection

  • Protects personal identity

  • Builds customer trust

  • Legal compliance

10. Audit and Security

10.1 Meaning of Security Audit

A security audit is a systematic evaluation of:

  • Security policies

  • Controls

  • System configuration

10.2 Purpose of Audit

  • Identify security gaps

  • Ensure compliance

  • Improve security

10.3 Types of Audits

  • Internal audit

  • External audit

  • Compliance audit

11. Introduction to IT Act

11.1 Information Technology Act, 2000

The IT Act 2000 is an Indian law enacted to:

  • Regulate electronic transactions

  • Provide legal recognition to electronic records

  • Prevent cyber crimes

11.2 Objectives of IT Act

  • Legal framework for e-commerce

  • Cyber crime prevention

  • Data protection

  • Digital signatures

12. Cyber Crimes and Penalties

12.1 Meaning of Cyber Crime

Cyber crime is any illegal activity performed using computers or internet.

12.2 Common Cyber Crimes

  • Hacking

  • Identity theft

  • Online fraud

  • Cyber stalking

  • Data theft

12.3 Penalties under IT Act

OffenceSectionPenalty
Hacking43Compensation
Identity theft66CImprisonment + fine
Cyber terrorism66FLife imprisonment
Cheating by personation66DImprisonment + fine

12.4 Importance of IT Act

  • Legal protection

  • Cyber law enforcement

  • Awareness and prevention

  • Digital trust

MCQ Questions (50) – CBT Exam

1. Cyber security deals with:

A) Hardware repair
B) Data protection
C) Printing
D) Networking only
Ans: B

2. Information security protects:

A) Data only
B) Hardware only
C) Information
D) Software only
Ans: C

3. CIA stands for:

A) Central Intelligence Agency
B) Confidentiality, Integrity, Availability
C) Computer Internet Access
D) Cyber Information Act
Ans: B

4. SSL is used for:

A) Speed
B) Encryption
C) Storage
D) Design
Ans: B

5. HTTPS indicates:

A) Fast website
B) Secure website
C) Offline site
D) Local site
Ans: B

6. Lock symbol in browser shows:

A) Virus free
B) SSL enabled
C) Paid website
D) Fast server
Ans: B

7. Malware is:

A) Hardware
B) Virus program
C) Antivirus
D) Firewall
Ans: B

8. Phishing is related to:

A) Fishing
B) Fraud
C) Programming
D) Printing
Ans: B

9. Hacking means:

A) Authorized access
B) Unauthorized access
C) Printing data
D) Formatting system
Ans: B

10. DoS attack affects:

A) Availability
B) Integrity
C) Confidentiality
D) Privacy
Ans: A

11. Vulnerability means:

A) Threat
B) Weakness
C) Attack
D) Virus
Ans: B

12. Weak password is an example of:

A) Threat
B) Risk
C) Vulnerability
D) Malware
Ans: C

13. Risk is combination of:

A) Virus and firewall
B) Threat and vulnerability
C) Software and hardware
D) Attack and defense
Ans: B

14. Risk management includes:

A) Identification
B) Assessment
C) Control
D) All of the above
Ans: D

15. Active Directory is a:

A) Antivirus
B) Directory service
C) Browser
D) Firewall
Ans: B

16. Access control decides:

A) Who can login
B) Who can access resources
C) Who can print
D) Who can format
Ans: B

17. RBAC stands for:

A) Random Based Access Control
B) Role Based Access Control
C) Remote Based Access Control
D) Rule Based Access Control
Ans: B

18. OTP is used for:

A) Authorization
B) Authentication
C) Printing
D) Storage
Ans: B

19. Privacy is related to:

A) Hardware safety
B) Personal data protection
C) Virus protection
D) System speed
Ans: B

20. Security audit is done to:

A) Hack system
B) Improve security
C) Slow network
D) Delete data
Ans: B

21. Audit identifies:

A) Viruses
B) Security gaps
C) Printers
D) Users
Ans: B

22. IT Act was introduced in year:

A) 1995
B) 1998
C) 2000
D) 2005
Ans: C

23. IT Act applies to:

A) Manual records
B) Electronic records
C) Paper files
D) Printed documents
Ans: B

24. Cyber crime is committed using:

A) Typewriter
B) Internet
C) Calculator
D) Printer
Ans: B

25. Identity theft means:

A) Losing ID
B) Stealing personal data
C) Changing name
D) Creating website
Ans: B

26. Section 66C deals with:

A) Hacking
B) Identity theft
C) Cyber terrorism
D) Cheating
Ans: B

27. Cyber terrorism is covered under:

A) Section 43
B) Section 66C
C) Section 66F
D) Section 72
Ans: C

28. Encryption converts data into:

A) Plain text
B) Secret code
C) Image
D) Sound
Ans: B

29. Firewall is used to:

A) Speed internet
B) Block unauthorized access
C) Store data
D) Print data
Ans: B

30. Antivirus protects against:

A) Spam
B) Malware
C) Hackers
D) Heat
Ans: B

31. Man-in-the-middle attack affects:

A) Communication
B) Hardware
C) Printer
D) Monitor
Ans: A

32. Availability means:

A) Data secrecy
B) Data correctness
C) Data access when needed
D) Data deletion
Ans: C

33. Integrity means:

A) Data is available
B) Data is correct
C) Data is secret
D) Data is encrypted
Ans: B

34. Confidentiality ensures:

A) Authorized access only
B) Data speed
C) Printing
D) Backup
Ans: A

35. Password cracking is a:

A) Feature
B) Threat
C) Protection
D) Policy
Ans: B

36. Strong password includes:

A) Only numbers
B) Only letters
C) Letters, numbers, symbols
D) Name
Ans: C

37. Audit can be:

A) Internal
B) External
C) Compliance
D) All of the above
Ans: D

38. Privacy policy tells users about:

A) Software
B) Data usage
C) Hardware
D) Speed
Ans: B

39. Cyber law helps in:

A) Hardware repair
B) Crime prevention
C) Programming
D) Networking
Ans: B

40. Data breach means:

A) Data backup
B) Data leak
C) Data delete
D) Data print
Ans: B

41. Two-factor authentication improves:

A) Speed
B) Security
C) Cost
D) Storage
Ans: B

42. SSL certificate is issued by:

A) User
B) Certificate Authority
C) Browser
D) Hacker
Ans: B

43. Cyber security is important for:

A) Students
B) Offices
C) Government
D) All of the above
Ans: D

44. Audit trail records:

A) User activities
B) Printer details
C) Hardware specs
D) Software cost
Ans: A

45. Access control list defines:

A) Virus list
B) User permissions
C) Hardware list
D) Software list
Ans: B

46. Data encryption ensures:

A) Privacy
B) Integrity
C) Confidentiality
D) Availability
Ans: C

47. Cyber crime punishment includes:

A) Fine
B) Imprisonment
C) Both
D) None
Ans: C

48. IT Act gives legal recognition to:

A) Manual records
B) Electronic records
C) Printed files
D) Handwritten notes
Ans: B

49. Regular updates help reduce:

A) Performance
B) Vulnerabilities
C) Storage
D) Cost
Ans: B

50. Cyber security awareness helps to:

A) Prevent attacks
B) Protect data
C) Use internet safely
D) All of the above
Ans: D

Posted by at

No comments:

Post a Comment

Give your valuable feedback

Subscribe to: Post Comments (Atom)

ITI (Trade - COPA) Day-23

ITI COPA (Computer Operator & Programming Assistant) – Basic Notes TOPIC- PROGRAMMING LANGUAGE – PYTHON 1. Introduction to Programming...