Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

Course Introduction: Cyber Security

Lesson 1 of 15 in the free Cyber Security notes on Siksha Sarovar, written by Rohit Jangra.

Course Introduction: Cyber Security

Cyber Security is the discipline of protecting digital assets — computers, networks, programs, and data — from unauthorized access, damage, theft, or attack. In today's hyper-connected world, cyber security is not optional; it is a fundamental requirement for every individual, organization, and government entity.

This BCA course covers the complete university syllabus across four units: foundational concepts and cybercrimes (Unit I), attack tools and methods (Unit II), cryptography and web security (Unit III), and cyber forensics (Unit IV). By the end, you will be able to identify cyber threats, apply cryptographic protections, secure web applications, and conduct basic digital forensics investigations.

---

The CIA Triad — The Cornerstone of Cyber Security

Every security decision maps back to the CIA Triad: Confidentiality, Integrity, and Availability. These three properties define what it means for a system to be secure.

PropertyDefinitionReal-World ExamplePrimary ThreatCountermeasure
ConfidentialityData is accessible only to authorized partiesMedical records in a hospitalData breach, eavesdroppingEncryption, access control lists
IntegrityData remains accurate and unalteredBank transaction recordsTampering, man-in-the-middle attackHashing (SHA-256), digital signatures
AvailabilitySystems and data are accessible when neededATM uptime 24/7DoS/DDoS attackRedundancy, load balancing, failover

Extended beyond the triad, the PAIN model adds four more properties:

PropertyFull FormDescriptionLegal StandardExample
PPrivacyProtecting personal data from misuseGDPR, IT Act 2000Anonymizing user data
AAuthenticationVerifying the identity of a user or systemNIST 800-63Two-factor authentication
IIntegritySame as CIA — data must not be tamperedISO 27001Digital signature on email
NNon-repudiationEnsuring actions cannot be denied laterITU-T X.509Legally binding e-signature

---

Why Cyber Security Matters — Real-World Scale

Cybercrime costs the global economy over $8 trillion annually (Cybercrime Magazine, 2023). A cyber attack occurs every 39 seconds. Notable breaches illustrate the real stakes:

  • Yahoo (2013–2014): 3 billion accounts compromised — the largest data breach in history
  • Equifax (2017): 147 million citizens' personal data stolen; settled for $700M
  • SolarWinds (2020): Supply chain attack compromised 18,000+ organizations including US federal agencies
  • WannaCry (2017): Ransomware crippled 200,000 systems in 150 countries; total damage exceeded $4 billion
  • AIIMS Delhi (2022): Ransomware attack paralyzed India's premier hospital for 15+ days
Exam Tip: The CIA Triad is the MOST fundamental concept in cyber security. Every security question can be mapped to at least one of these three properties. Confidentiality → encryption; Integrity → hashing/signatures; Availability → redundancy/failover.

---

Layers of Cyber Security (Defense-in-Depth)

No single security control is sufficient. A layered approach — Defense-in-Depth — uses multiple overlapping controls:

LayerFocus AreaKey TechnologiesAttack AddressedExample Tool
PhysicalHardware and premisesCCTV, biometrics, security locksPhysical theft, tailgatingHID badge readers
NetworkData in transitFirewalls, IDS/IPS, VPNIntrusion, sniffing, spoofingSnort IDS, pfSense
ApplicationSoftware securityWAF, SAST, code reviewSQL injection, XSS, CSRFOWASP ZAP, Burp Suite
DataStored data protectionEncryption, DLP, backupExfiltration, ransomwareVeraCrypt, Veeam
IdentityUser access managementMFA, SSO, IAM, PAMCredential theft, privilege escalationAzure AD, Okta

---

Study Deep: CIA Triad and Security Foundations

  1. Confidentiality vs Privacy: Confidentiality protects organizational data from unauthorized access; privacy protects individual personal data. Both use encryption but serve different legal frameworks — HIPAA for healthcare data, GDPR for EU citizen data, and India's IT Act 2000 for Indian context.
  1. Integrity goes beyond file hashing: While SHA-256 ensures file integrity, digital signatures provide both integrity AND non-repudiation. A signed document proves the content has not changed AND identifies who signed it — the sender cannot later deny sending it.
  1. Availability is the forgotten pillar: Most security budgets over-index on confidentiality and integrity. Yet availability failures (downtime) are often most costly. Amazon reportedly loses approximately $220,000 per minute of downtime during peak periods.
  1. Zero Trust extends the CIA Triad: Traditional perimeter-based security assumed that internal network users could be trusted. Zero Trust architecture challenges this: "Never trust, always verify." Every request — even from inside the network — must be authenticated, authorized, and continuously validated.
  1. Security is a process, not a product: Buying a firewall does not make you secure. Security requires continuous risk assessment, patch management, user training, and incident response planning. The NIST Cybersecurity Framework describes this as: Identify → Protect → Detect → Respond → Recover.

---

Career Paths in Cyber Security

RoleCore ResponsibilityKey ToolsAverage Salary (India)Top Certification
Security AnalystMonitor SIEM, triage alerts, respond to incidentsSplunk, ELK Stack, QRadar₹6–12 LPACompTIA Security+
Penetration TesterEthically test systems for vulnerabilitiesKali Linux, Metasploit, Burp Suite₹8–18 LPACEH, OSCP
Forensic AnalystInvestigate cyber incidents, preserve evidenceAutopsy, FTK, Volatility₹5–10 LPACHFI
CryptographerDesign and analyze encryption schemesPython, SageMath, OpenSSL₹12–25 LPACISSP
Security ArchitectDesign organization-wide security postureCloud platforms, TOGAF₹15–35 LPACISSP, SABSA
Exam Tip: Know the full form CIA = Confidentiality, Integrity, Availability. Also remember PAIN = Privacy, Authentication, Integrity, Non-repudiation. Availability failure = DoS/DDoS attack.