Question

Subject: Introduction to Cyber Security

Do not copy from internet/ web resources/. Answer should be in own opinion and minimum 250 words.

1. Explain how that the IT security engineer is responsible for ensuring that a coherent set of processes, procedures, and technologies are installed to support the day-to-day management of risks.. Discuss how operationally, the security engineer performs threat and vulnerability assessments to identify security risks, and then regularly updates the security controls identified through those assessments.Examine the tools needed by a digital forensics professional to collect digital evidence and write a brief 250 word report

Answer 1

Cyber security

————————-

​​​​​​ We are living in a digital era,weather it will be booking a hotel room,booking a movie theater even booking a cab .we are using internet and generate data.The data is generally stored in cloud,basically a huge servers or in a dataset.also we use some devices to access data.

Now for an hacker,it’s a golden age,publicly available IP address and so on.So they can exploits vulnerability and can create malicious software.

There are so many types of cyber attacks.

1.MAlWARE

   MAlWARE or malicious software,is any program or file that is harmful to computer user.malware includes computer viruses,worms,Trojan horses and spyware.These malicious programs can perform a verity of functions such as stealing,encrypting or deleting data.

2.PHISHING

   Phishing is a cyber attack , in that it tries to steal users sensitive informations such as usernames ,passwords,credit and debit card details etc.It is obtained by email spoofing or by instant messaging.Here attacker will redirect the users to a website that is look like an original website that the user want to access.And record the actions that the user doing there.and use it for unwanted purposes.

3.MAN IN THE MIDDLE ATTACK

     a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.for example Suppose Alice wishes to communicate with Bob. Meanwhile, Jenny  wishes to intercept the conversation and to deliver a false message to Bob.Jenny will secretly relay between them and alters the conversation data.But the original communicators never know this.

4. DENIAL OF SERVICE ATTACK

denial-of-service attack (DoS attack) is a cyber-attack in which a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine by sending overloaded requests and prevent some or all legitimate requests from being fulfilled

How to prevent cyber attacks

To prevent cyber attacks we must give proper training for the employees to identify the attacks and how to deal with those attacks. For that we can create a group of personals to take in charge the responsibility and give proper guidance to the team.Give special tools and methods to find the attacking.Install and use regular updated antivirus software.Take proper back up of important data.Download and install updates of operating system and applications.Controls physical access to your computer and network components.Regularly change passwords and use a strong one.