Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

Unit I Overview: Cyberspace, Layers & Threat Landscape

Lesson 2 of 15 in the free Cyber Security notes on Siksha Sarovar, written by Rohit Jangra.

Unit I Overview: Cyberspace, Layers & Threat Landscape

Unit I introduces the foundational vocabulary and conceptual framework of cyber security. Before you can defend a system, you must understand what you are defending, who is attacking, and why. This unit covers the definition of cyberspace, the layered architecture of cyber security, the spectrum of cybercrimes, and the key actors behind attacks.

---

What is Cyberspace?

Cyberspace is the virtual environment created by interconnected computer networks, systems, devices, and the internet. The term was coined by science fiction author William Gibson in his 1984 novel Neuromancer, but it has since become the authoritative term for the global digital infrastructure.

Cyberspace has three distinct layers that are both interdependent and separately vulnerable:

LayerDefinitionComponentsAttack SurfaceProtection Strategy
Physical LayerTangible hardware infrastructureServers, routers, cables, satellitesPhysical theft, hardware tamperingPhysical locks, guards, CCTV
Logical LayerSoftware, protocols, data flowsTCP/IP, DNS, web services, databasesExploits, malware, protocol attacksPatches, firewalls, encryption
Social LayerHuman users and their behaviorEmployees, administrators, customersSocial engineering, insider threatsTraining, policy, access controls

---

Layers of Cyber Security

A holistic cyber security strategy addresses all threats across all layers using the OSI Security Model and industry frameworks like NIST and ISO 27001:

Security LayerObjectiveThreats CounteredTechnologiesStandard
PhysicalPrevent unauthorized physical accessTheft, vandalism, natural disasterBiometrics, security guards, UPSISO 27001 A.11
Perimeter / NetworkControl traffic entering/leaving networksIntrusions, port scanning, DDoSFirewall, IDS/IPS, DMZNIST SP 800-41
HostHarden individual computersMalware, rootkits, privilege escalationAntivirus, EDR, OS hardeningCIS Benchmarks
ApplicationSecure software from vulnerabilitiesXSS, SQLi, buffer overflowSAST, DAST, WAFOWASP Top 10
DataProtect data at rest and in transitExfiltration, ransomwareAES-256, TLS 1.3, DLPFIPS 140-2
Mission / BusinessAlign security with business goalsAPT, insider threatsGRC tools, risk assessmentISO 31000

---

The Cyber Threat Landscape

A cyber threat is any potential malicious action that aims to disrupt, damage, steal, or gain unauthorized access to information systems. Threats are classified by:

By origin:

  • Insider threats — Malicious or negligent actions by employees, contractors, or business partners with authorized access
  • External threats — Attacks from outside the organization: hackers, cybercriminals, nation-states, hacktivists
  • Supply chain threats — Attacks through third-party vendors or software (SolarWinds, Log4Shell)

By motivation:

  • Financial — Ransomware, fraud, cryptocurrency theft
  • Espionage — Nation-state actors stealing intellectual property or government secrets
  • Disruption — Hacktivists, terrorists targeting critical infrastructure
  • Notoriety — Script kiddies seeking fame
Exam Tip: Know the difference between a threat, a vulnerability, and a risk: Threat = potential harm; Vulnerability = weakness that can be exploited; Risk = Threat × Vulnerability × Impact. This is the risk equation.

---

Key Terminology Quick Reference

TermDefinitionExampleRelated ConceptCategory
CybercrimeCriminal activity involving computers/networksIdentity theft, ransomwareCyber law, IT ActLegal
CybercriminalPerson who commits cybercrimesHacker, cracker, script kiddieAPT groupsActor
Cyber threatPotential for unauthorized action causing harmPhishing email, malwareAttack vectorRisk
CyberspaceGlobal digital infrastructureInternet, intranets, IoTCyberwarfareEnvironment
CyberwarfareState-sponsored digital attacksStuxnet (US/Israel vs Iran)APT, nation-stateWarfare
BotnetNetwork of infected computers controlled remotelyMirai botnet (IoT DDoS)C2 server, zombieInfrastructure
CyberstalkingUsing technology to harass or stalkTracking via social mediaHarassment lawsCybercrime

---

Study Deep: Unit I Foundational Concepts

  1. Cyberspace is not just the internet: Cyberspace encompasses all digital infrastructure — military networks (intranet), industrial control systems (SCADA), IoT devices, and private corporate networks. Securing cyberspace means securing ALL these interconnected systems, not just websites.
  1. The threat landscape evolves daily: New vulnerabilities (CVEs) are published every day by MITRE. In 2023, over 28,000 CVEs were published — approximately 77 per day. Security professionals must stay continuously updated through sources like CERT-In (India), US-CERT, and SANS Internet Storm Center.
  1. Human error causes 95% of breaches (IBM): Technical controls alone cannot prevent all attacks. The weakest link is almost always human — clicking phishing emails, reusing passwords, misconfiguring servers. This is why security awareness training is considered as important as any technical control.
  1. Attack surfaces are expanding: With cloud computing, remote work, IoT devices, and mobile apps, the attack surface an organization must defend has expanded enormously. Each connected device is a potential entry point. The average enterprise has 135,000 exposed assets (Randori, 2022).
  1. Regulations are driving security investment: India's IT Act 2000 (amended 2008), GDPR, HIPAA, and PCI-DSS create legal obligations for security. Data breaches can result in fines of up to 4% of global annual revenue under GDPR. This regulatory pressure is a major driver of the cyber security market growing to $266 billion by 2027.
Exam Tip: The three layers of cyberspace are: Physical, Logical, and Social. Attacks can target any of the three. Social engineering attacks target the Social layer — the human element — which is often the weakest.