Course Introduction: Cyber Security
Cyber Security is the discipline of protecting digital assets — computers, networks, programs, and data — from unauthorized access, damage, theft, or attack. In today's hyper-connected world, cyber security is not optional; it is a fundamental requirement for every individual, organization, and government entity.
This BCA course covers the complete university syllabus across four units: foundational concepts and cybercrimes (Unit I), attack tools and methods (Unit II), cryptography and web security (Unit III), and cyber forensics (Unit IV). By the end, you will be able to identify cyber threats, apply cryptographic protections, secure web applications, and conduct basic digital forensics investigations.
---
The CIA Triad — The Cornerstone of Cyber Security
Every security decision maps back to the CIA Triad: Confidentiality, Integrity, and Availability. These three properties define what it means for a system to be secure.
| Property | Definition | Real-World Example | Primary Threat | Countermeasure |
|---|---|---|---|---|
| Confidentiality | Data is accessible only to authorized parties | Medical records in a hospital | Data breach, eavesdropping | Encryption, access control lists |
| Integrity | Data remains accurate and unaltered | Bank transaction records | Tampering, man-in-the-middle attack | Hashing (SHA-256), digital signatures |
| Availability | Systems and data are accessible when needed | ATM uptime 24/7 | DoS/DDoS attack | Redundancy, load balancing, failover |
Extended beyond the triad, the PAIN model adds four more properties:
| Property | Full Form | Description | Legal Standard | Example |
|---|---|---|---|---|
| P | Privacy | Protecting personal data from misuse | GDPR, IT Act 2000 | Anonymizing user data |
| A | Authentication | Verifying the identity of a user or system | NIST 800-63 | Two-factor authentication |
| I | Integrity | Same as CIA — data must not be tampered | ISO 27001 | Digital signature on email |
| N | Non-repudiation | Ensuring actions cannot be denied later | ITU-T X.509 | Legally binding e-signature |
---
Why Cyber Security Matters — Real-World Scale
Cybercrime costs the global economy over $8 trillion annually (Cybercrime Magazine, 2023). A cyber attack occurs every 39 seconds. Notable breaches illustrate the real stakes:
- Yahoo (2013–2014): 3 billion accounts compromised — the largest data breach in history
- Equifax (2017): 147 million citizens' personal data stolen; settled for $700M
- SolarWinds (2020): Supply chain attack compromised 18,000+ organizations including US federal agencies
- WannaCry (2017): Ransomware crippled 200,000 systems in 150 countries; total damage exceeded $4 billion
- AIIMS Delhi (2022): Ransomware attack paralyzed India's premier hospital for 15+ days
Exam Tip: The CIA Triad is the MOST fundamental concept in cyber security. Every security question can be mapped to at least one of these three properties. Confidentiality → encryption; Integrity → hashing/signatures; Availability → redundancy/failover.
---
Layers of Cyber Security (Defense-in-Depth)
No single security control is sufficient. A layered approach — Defense-in-Depth — uses multiple overlapping controls:
| Layer | Focus Area | Key Technologies | Attack Addressed | Example Tool |
|---|---|---|---|---|
| Physical | Hardware and premises | CCTV, biometrics, security locks | Physical theft, tailgating | HID badge readers |
| Network | Data in transit | Firewalls, IDS/IPS, VPN | Intrusion, sniffing, spoofing | Snort IDS, pfSense |
| Application | Software security | WAF, SAST, code review | SQL injection, XSS, CSRF | OWASP ZAP, Burp Suite |
| Data | Stored data protection | Encryption, DLP, backup | Exfiltration, ransomware | VeraCrypt, Veeam |
| Identity | User access management | MFA, SSO, IAM, PAM | Credential theft, privilege escalation | Azure AD, Okta |
---
Study Deep: CIA Triad and Security Foundations
- Confidentiality vs Privacy: Confidentiality protects organizational data from unauthorized access; privacy protects individual personal data. Both use encryption but serve different legal frameworks — HIPAA for healthcare data, GDPR for EU citizen data, and India's IT Act 2000 for Indian context.
- Integrity goes beyond file hashing: While SHA-256 ensures file integrity, digital signatures provide both integrity AND non-repudiation. A signed document proves the content has not changed AND identifies who signed it — the sender cannot later deny sending it.
- Availability is the forgotten pillar: Most security budgets over-index on confidentiality and integrity. Yet availability failures (downtime) are often most costly. Amazon reportedly loses approximately $220,000 per minute of downtime during peak periods.
- Zero Trust extends the CIA Triad: Traditional perimeter-based security assumed that internal network users could be trusted. Zero Trust architecture challenges this: "Never trust, always verify." Every request — even from inside the network — must be authenticated, authorized, and continuously validated.
- Security is a process, not a product: Buying a firewall does not make you secure. Security requires continuous risk assessment, patch management, user training, and incident response planning. The NIST Cybersecurity Framework describes this as: Identify → Protect → Detect → Respond → Recover.
---
Career Paths in Cyber Security
| Role | Core Responsibility | Key Tools | Average Salary (India) | Top Certification |
|---|---|---|---|---|
| Security Analyst | Monitor SIEM, triage alerts, respond to incidents | Splunk, ELK Stack, QRadar | ₹6–12 LPA | CompTIA Security+ |
| Penetration Tester | Ethically test systems for vulnerabilities | Kali Linux, Metasploit, Burp Suite | ₹8–18 LPA | CEH, OSCP |
| Forensic Analyst | Investigate cyber incidents, preserve evidence | Autopsy, FTK, Volatility | ₹5–10 LPA | CHFI |
| Cryptographer | Design and analyze encryption schemes | Python, SageMath, OpenSSL | ₹12–25 LPA | CISSP |
| Security Architect | Design organization-wide security posture | Cloud platforms, TOGAF | ₹15–35 LPA | CISSP, SABSA |
Exam Tip: Know the full form CIA = Confidentiality, Integrity, Availability. Also remember PAIN = Privacy, Authentication, Integrity, Non-repudiation. Availability failure = DoS/DDoS attack.