Cyber Crime Fundamental Report 2022

Verified

Added on 2022/08/29

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CYBER CRIME FUNDAMENTAL
Cyber Crime Fundamental
Name of the Student
Name of the University

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1CYBER CRIME FUNDAMENTAL
Table of Contents
Introduction......................................................................................................................................2
Types of risks in IT system..............................................................................................................2
Mechanism for Authentication and Access Control........................................................................3
Protection of Internet System..........................................................................................................5
Security in System Design...............................................................................................................5
Reflection on the Completed Labs..................................................................................................6
Conclusion.......................................................................................................................................7
References........................................................................................................................................8

2CYBER CRIME FUNDAMENTAL
Introduction
The process of protecting devices, systems, and networks from digital threats is known as
cybersecurity. These cyber-attacks are typically intended to access, change or steal the private
information; ransom user’s money or disrupt regular business processes. “Implementing the new
security concepts is especially difficult at present times as there are more advance computers as
well as the people, who are becoming more creative attackers nowadays” (Singer and Friedman
2014). Therefore, this report aims to discuss the cybersecurity attacks, which can threaten the IT
system and also recommends suitable measures, which can be taken to secure the IT system.
This report also presents a reflection of my completed labs on the topics “Malicious behaviour”
“Defence toolkits” and “Methods of access control and integrity control”, which will give an
overview of the classes and the knowledge that I have gained from the lab classes.
Types of risks in IT system
Information technology or the IT risks pose some threat to the business records, critical
infrastructure, and the business process. This is the cost of using, owning, and running, affecting,
manipulating and implementing IT within the organization. IT risks are potentially harmful to
business profitability, and often arise from inadequate process and the event management. The
several types of risks associated with the IT system are:
Physical Risks
“Physical threats can come from persons or organizations that operate from outside of an
organization" (Jouini, Rabai and Aissa 2014). This may involve theft, flood or fire damage, or
unauthorized access by any employee or any outsider to the confidential or sensitive data.

3CYBER CRIME FUNDAMENTAL
Technical failures
“Technical errors like software errors that the developer can face are computer
malfunction or massive failure of different components of a computer” (Dwivedi et al. 2015). A
technological failure can be disastrous leading to permanent loss of data. For instance, data is
permanently lost if a user cannot recover data on a faulty hard drive and there is no copy of
backup with him as well.
Electronic threats
Electronic threats are aimed at accessing the business information, for example, a hacker
may be able to access the website. According to Alhassan et al. (2016), “The IT device may
become infected with a computer virus, or the user may be the victim of fraudulent website or
email”. Commonly these are illegal.
Infrastructure failure
Failures in infrastructure such as the loss of the internet connection can disrupt the
business. As a result, “the user may miss a significant purchase order” (Ouyang 2014).
Human error
“Human error is a major danger" (Evans et al. 2019). For example, somebody might
unintentionally delete essential data or fail to adequately follow the security procedures.
Mechanism for Authentication and Access Control
General access control in information security requires authentication, authorization, and
auditing. A more specific concept of access control includes access approval, in which the device

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4CYBER CRIME FUNDAMENTAL
makes the decision to approve or deny a request for access from the “authenticated subject”
based on which the subject is allowed to access (Mattos and Duarte 2016). Access control and
authentication are also merged into one process to allow access based on positive authentication
or the anonymous access token. As stated by Lindholm et al. (2014), “the authentication methods
and the tokens include passwords, physical keys, biometric analysis, hidden paths, electronic
keys and devices, social barriers and human and automation monitoring systems.” These
authentication systems deal with volumes of data and thus can be said to as vulnerable to cyber
attacks. For mitigating the security threats in network or system, a host credential-based
authentication and the “access control mechanism” are there (Ranjan and Somani 2016). There
are three aspects for the control mechanism such as:
 A host authentication protocol in the OpenFlow network above the MAC layer that
ensures the low overhead and guarantees the fine-grained access control
 A credential-based authentication for performing the access control as per the privilege
level of every host, by mapping the credentials of the hosts to the collection of flows
which belong to the host
 The new framework for the control applications, allowing software-defined network
controllers for using the host identity as the new flow field for determining
the forwarding rules.
On top of the network controller, the prototype of the network or system has been
implemented. Then the host’s access can be either with permission revoked or without valid
credentials. The scheme requires specific rates of access to the network services for each host, as
per the credentials.

5CYBER CRIME FUNDAMENTAL
Protection of Internet System
Internet security is the computer security branch primarily concerned not only with the
Internet, mostly involving browser protection and the World Wide Web, but also with network
security, as applied to other software or operating systems as a whole. The goal is to lay down
rules and measures for the use against “Internet threats” (Samani, Ghenniwa and Wahaishi
2015). The Internet is an unreliable medium for information exchange, resulting in a high risk of
infringement or theft, such as phishing, digital viruses, Trojans, worms, malware and more.
Many techniques, like encryption and from-the-ground-up technologies, are used to secure data
transmission. According to Soomro, Shah and Ahmed (2016), “Information Security is an
important aspect to be taken into account in ensuring safe information technology systems and
services”. As of the advent of the philosophy of information technology, there has also been a
significant interest in the security strategies aimed at securing digital data or confidential
information. The growth of internet and mobile technology in particular has led to the search for
new solutions, strategies, and techniques that aim to provide safe online contact sessions over the
mobile for computer users.
Security in System Design
The design of security systems is the mechanism that helps clients to monitor the
exposure that people have to the assets of their companies through an organized and prioritized
approach for designing the asset protection. According to Shan and Liao (2016), “The security
system designers collaborate with the clients, developers and engineers to integrate protection
into the entire design of the system”. The customer outcomes involve security levels based on
asset worth, efficiency, efficiencies, and the cost savings. Having a well-designed security

6CYBER CRIME FUNDAMENTAL
system involves the security evaluation to understand the methodology, operating assets and
anticipated outcomes of our clients, so that the user can properly formulate and write
requirements for different systems, build models, produce the strong system, analyze solutions
and execute projects based on the needs of the client. According to Sikula et al. (2015), “The
security system design will identify the risks” that can threaten the system and after the risk
evaluation process is complete, the security system will create an integrated and detailed design
for the safety and protection systems. As a matter of priority, the security system design will be
planned to be discreet, aesthetically friendly and consistent with safety requirements, while being
fully successful.
Reflection on the Completed Labs
In my lab classes, I have covered the lessons:
 Malicious behaviour: In this lesson, I have learned:
 Information Articulation on the cyber incidents
 Comparison between Various types of Malware
 Description about Ransomware and Botnets
 Protection mechanism for the Malwares
 Social engineering attacks
 Defence toolkits 1: In this lesson, I have learned:
 Three states of the data
 Data Handling, Retention and Destruction
 Obfuscations and its application to confidentiality
 How a MITM attack works

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7CYBER CRIME FUNDAMENTAL
 Comparison between Symmetric and Asymmetric encryption
 Comparison between functions and access control roles
 Defence toolkits 2: In this lesson, I have learned:
 How secure hash function provides integrity
 Uses of hash function
 Comparison between encryption to hashing
 AAA model
 Spanning tree protocol
 Method of access control and integrity control
From these topics, I have learned about the cybersecurity and its significance. In the lab
classes, I also gained knowledge about the risks and threats that can occur in the IT system
because of a lack of security and protection, which can be mitigated by the “cybersecurity
protection” (Ben-Asher and Gonzalez 2015). I have learned about the cybersecurity defence
tools, which will provide a secure system and can mitigate the risks that can occur because of
any malicious behaviour in the system. From these classes, I also gained knowledge about the
“method of access control and integrity control”, which will protect the system from any
unauthorized or malicious access by providing multiple control strategies. This is the technology
period that is emerging strongly, and rapidly. According to Oliveira, Thomas and Espadanal
(2014), “Any organization is in the process of adopting new technologies and is thus using
information technology as their key business requirements”. Learning experience is successful
and my classmates helped me a lot to understand the topics in the right way. From these classes,
I also gained knowledge about the “integrity control and access control method, which will
protect the system from any unauthorized or malicious access” by providing multiple control

8CYBER CRIME FUNDAMENTAL
strategies (Ali, Sabir and Ullah 2019). By completing these lessons, I have understood the
mechanism of the various types of access control and how the encryption process works to
secure the data. By completing the classes, I can say that the class experience will help to shape
my career in the future. The experiences gained from the lab classes will help me in the future in
different research programs. This can be the form of a training program or some other internship
or project work. These classes on cybersecurity let me gain cybersecurity knowledge which lets
me pursue more higher education on similar topics.
Conclusion
From my lab classes on the cybersecurity fundamentals, I have come to understand about
the dynamic concept of cybersecurity, which is a dynamic topic whose understanding includes
multidisciplinary knowledge and experience, including, but not restricted to information
technology and computer science. In practice, while technical steps are an essential aspect,
cybersecurity is not mainly a technological problem, although the technological specifics are
simple for policy analysts. Besides, what is learned about cybersecurity is frequently divided
along disciplinary lines, which limits the knowledge gained from cross-fertilization.

9CYBER CRIME FUNDAMENTAL
References
Alhassan, J.K., Abba, E., Olaniyi, O.M. and Waziri, V.O., 2016, November. Threat modeling of
electronic health systems and mitigating countermeasures. In International Conference on
Information and Communication Technology and Its Applications (ICTA 2016), Federal
University of Technology, Minna, Nigeria.
Ali, I., Sabir, S. and Ullah, Z., 2019. Internet of things security, device authentication and access
control: a review. arXiv preprint arXiv:1901.07309.
Ben-Asher, N. and Gonzalez, C., 2015. Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, pp.51-61.
Dwivedi, Y.K., Wastell, D., Laumer, S., Henriksen, H.Z., Myers, M.D., Bunker, D., Elbanna, A.,
Ravishankar, M.N. and Srivastava, S.C., 2015. Research on information systems failures and
successes: Status update and future directions. Information Systems Frontiers, 17(1), pp.143-157.
Evans, M.G., He, Y., Yevseyeva, I. and Janicke, H., 2019. Published incidents and their
proportions of human error. Information & Computer Security.
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of Security Threats in
Information Systems. ANT/SEIT, 32, pp.489-496.
Lindholm, F. and Naeslund, M., Telefonaktiebolaget LM Ericsson AB, 2014. Password-based
authentication system and method in group network. U.S. Patent 8,745,715.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10CYBER CRIME FUNDAMENTAL
Mattos, D.M.F. and Duarte, O.C.M.B., 2016. AuthFlow: authentication and access control
mechanism for software defined networking. annals of telecommunications, 71(11-12), pp.607-
615.
Oliveira, T., Thomas, M. and Espadanal, M., 2014. Assessing the determinants of cloud
computing adoption: An analysis of the manufacturing and services sectors. Information &
Management, 51(5), pp.497-510.
Ouyang, M., 2014. Review on modeling and simulation of interdependent critical infrastructure
systems. Reliability engineering & System safety, 121, pp.43-60.
Ranjan, A.K. and Somani, G., 2016. Access control and authentication in the internet of things
environment. In Connectivity Frameworks for Smart Devices (pp. 283-305). Springer, Cham.
Samani, A., Ghenniwa, H.H. and Wahaishi, A., 2015, June. Privacy in Internet of Things: A
model and protection framework. In ANT/SEIT (pp. 606-613).
Shan, Z. and Liao, B., 2016. Design and Implementation of A Network Security Management
System. arXiv preprint arXiv:1609.00099.
Singer, P.W. and Friedman, A., 2014. Cybersecurity: What everyone needs to know. oup usa.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more
holistic approach: A literature review. International Journal of Information Management, 36(2),
pp.215-225.
Sikula, N.R., Mancillas, J.W., Linkov, I. and McDonagh, J.A., 2015. Risk management is not
enough: a conceptual model for resilience and adaptation-based vulnerability
assessments. Environment Systems and Decisions, 35(2), pp.219-228.