Cyber Security: Concepts, Classifications, Vulnerabilities & Frameworks

Cyber Security refers to the collection of technologies, processes, practices, and laws designed to protect computers, networks, systems, applications, and data from cyber threats such as unauthorized access, misuse, disruption, modification, and destruction.

It aims to ensure:

Confidentiality (data secrecy)
Integrity (accuracy & reliability)
Availability (access when needed)

This is known as the CIA Security Triad.

Global Timeline & Important Milestones

Year	Event
1960s	First mainframe security measures introduced
1969	ARPANET created — foundation of internet
1971	First computer virus Creeper Virus created
1983	First computer worm theory formed
1988	First major cyber attack: Morris Worm
1990s	Rise of email viruses (ILOVEYOU, Melissa)
2000	First major DDoS attack took down major sites
2004	First Anti-Phishing Working Group (APWG) formed
2009	Bitcoin & Blockchain introduced
2010	Stuxnet attack — first large cyber warfare usage
2013	Edward Snowden reveals global surveillance
2020–2023	AI-based attacks, ransomware surge
2024 onward	Zero-Trust security and quantum cyber defense emerging

✔ Types of Cyber Security

Category	Description	Examples
Network Security	Protects internal networks from intruders	Firewall, IDS, IPS
Application Security	Secures software & apps against vulnerabilities	Secure coding, Pen testing
Information Security (InfoSec)	Protects data confidentiality & privacy	Encryption, Digital signatures
Cloud Security	Secures cloud environments	AWS, Azure security tools
IoT Security	Protects connected devices	Smart home/device security
Operational Security (OPSEC)	Policies to secure data access and handling	User roles, access control
Endpoint Security	Secures end-user devices	Antivirus, EDR

✔ Types of Cyber Threats (Detailed Classification)

🔹 1. Malware

Malicious software designed to damage systems.

Types:

Virus
Worm
Trojan Horse
Spyware
Adware
Rootkits
Ransomware (locks system and demands money — e.g., WannaCry, Locky)

🔹 2. Social Engineering Attacks

Phishing (emails, SMS)
Spear Phishing (targeted phishing)
Baiting (USB tricks)
Pretexting (fake identity)

🔹 3. Network-Based Attacks

DDoS attack (Distributed Denial of Service)
MITM (Man-in-the-Middle attack)
Eavesdropping / Packet sniffing

🔹 4. Web-Application Attacks

SQL Injection
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Zero-Day Exploits

Cyber Attack Life Cycle (Kill Chain)

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command & Control
Actions on Objective

Security Measures & Techniques

Technique	Purpose
Firewall	Filters network traffic
Encryption	Converts data into unreadable form
Hashing	One-way data protection
IDS/IPS	Detects and prevents attacks
Zero-Trust Model	Trust nothing; verify everything
Two-Factor Authentication (2FA)	Additional security layer
Access Control	Regulates user permissions

Commonly used Security Tools

Antivirus / Anti-malware: Norton, Kaspersky, Quick Heal
Penetration Testing Tools: Kali Linux, Metasploit, Burp Suite
Network Analysis: Wireshark, Nmap
Password Cracking Tools: Hydra, John the Ripper

Important Cryptographic Concepts

Type	Explanation	Examples
Symmetric Encryption	Same key for encryption & decryption	AES, DES
Asymmetric Encryption	Public + Private keys	RSA, ECC
Hashing	Creates fixed-length hash	SHA-256, MD5
Digital Certificates	Used in secure communication	SSL, TLS

Cyber Laws & Governance (India)

Year	Law / Program
2000	IT Act, 2000 (first cyber law in India)
2008 Amendment	Added cyber terrorism, identity theft, fraud
2020	CERT-IN cybersecurity guidelines strengthened
2022	Digital Personal Data Protection (DPDP) Bill
2023	National Cybersecurity Strategy introduced

Famous Cyber Attacks

Attack	Year	Target
Morris Worm	1988	First major system shutdown
ILOVEYOU Virus	2000	Email systems globally
WannaCry Ransomware	2017	200,000+ computers worldwide
Pegasus Spyware Case	2019–2021	Mobile surveillance
Colonial Pipeline Hack	2021	U.S. energy infrastructure

Career Roles in Cyber Security

Security Analyst
Penetration Tester (Ethical Hacker)
Cyber Forensic Expert
SOC Analyst
Incident Response Specialist

Short Questions & Answers

Q: What does CIA in cyber security stand for?
A: Confidentiality, Integrity, Availability.
Q: What is ransomware?
A: Malware that locks data and demands payment.
Q: Who invented the first computer worm?
A: Robert T. Morris (Morris Worm, 1988).
Q: Name India’s cyber law.
A: Information Technology (IT) Act, 2000.
Q: Which tool is used to monitor network traffic?
A: Wireshark.
Q: What is phishing?
A: Trick users into revealing sensitive information.
Q: What is a firewall?
A: A security device/software that filters and controls network traffic.
Q: What is the strongest encryption standard widely used today?
A: AES-256.