Cyber Security in Parallel and Distributed Computing E-Book

Contents

Cover

Title page

Copyright page

Dedication

List of Figures

List of Tables

Foreword

Preface

Acknowledgement

Acronyms

Part I: Cybersecurity Concept

Chapter 1: Introduction on Cybersecurity

1.1 Introduction to Cybersecurity

1.2 Cybersecurity Objectives

1.3 Cybersecurity Infrastructure and Internet Architecture (NIST)

1.4 Cybersecurity Roles

1.5 Cybercrimes

1.6 Security Models

1.7 Computer Forensics

1.8 Cyber Insurance

1.9 Future of Cybersecurity

1.10 Conclusion

References

Chapter 2: Steganography and Steganalysis

2.1 Introduction

2.2 Steganography

2.3 Steganalysis

2.4 Conclusion

References

Chapter 3: Security Threats and Vulnerabilities in E-business

3.1 Introduction to e-Business

3.2 Security Issues in e-Business

3.3 Common Vulnerabilities in e-Business

3.4 Threats in e-Business

3.5 Prevention Mechanism

3.6 Conclusion

References

Chapter 4: e-Commerce Security: Threats, Issues, and Methods

4.1 Introduction

4.2 Literature Review

4.3 e-Commerce

4.4 Security Overview in e-Commerce

4.5 Security Issues in e-Commerce

4.6 Security Threats in e-Commerce

4.7 Security Approaches in e-Commerce

4.8 Comparative Analysis of Various Security Threats in e-Commerce

4.9 e-Commerce Security Life-Cycle Model

4.10 Conclusion

References

Chapter 5: Cyberwar is Coming

5.1 Introduction

5.2 Ransomware Attacks

5.3 Are Nations Ready?

5.4 Conclusion

References

Part II: Cybersecurity in Parallel and Distributed Computing Techniques

Chapter 6: Introduction to Blockchain Technology

6.1 Introduction

6.2 Need for Blockchain Security

6.3 Characteristics of Blockchain Technology

6.4 Types of Blockchains

6.5 The Architecture of Blockchain Technology

6.6 How Blockchain Technology Works

6.7 Some Other Case Studies for Blockchain Technology

6.8 Challenges Faced by Blockchain Technology

6.9 The Future of Blockchain Technology

6.10 Conclusion

References

Chapter 7: Cyber-Security Techniques in Distributed Systems, SLAs and other Cyber Regulations

7.1 Introduction

7.2 Identifying Cyber Requirements

7.3 Popular security mechanisms in Distributed Systems

7.4 Service Level Agreements

7.5 The Cuckoo’s Egg in the Context of IT Security

7.6 Searching and Seizing Computer-Related Evidence

7.7 Conclusion

References

Chapter 8: Distributed Computing Security: Issues and Challenges

8.1 Introduction

8.2 Security Issues and Challenges

8.3 Security Issues and Challenges in Advanced Areas

8.4 Conclusion

References

Chapter 9: Organization Assignment in Federated Cloud Environments based on Multi-Target Optimization of Security

9.1 Introduction

9.2 Background Work Related to Domain

9.3 Architectural-Based Cloud Security Implementation

9.4 Expected Results of the Process

9.5 Conclusion

References

Chapter 10: An On-Demand and User-Friendly Framework for Cloud Data Centre Networks with Performance Guarantee

10.1 Introduction

10.2 Difficulties from a Cloud Adoption Perspective

10.3 Security and Privacy

10.4 Conclusion and Future Work

References

Part III: Cybersecurity Applications and Case Studies

Chapter 11: Cybersecurity at Organizations: A Delphi Pilot Study of Expert Opinions About Policy and Protection

11.1 Introduction

11.2 Shocking Statistics of Cybercrime

11.3 Cybersecurity Policies for Organizations

11.4 Blockchain Technology

11.5 Research Methodology

11.6 Results of the Cybersecurity Delphi Study

11.7 Conclusion

References

Chapter 12: Smartphone Triggered Security Challenges - Issues, Case Studies and Prevention

12.1 Introduction

12.2 Classification of Mobile Security Threats

12.3 Smartphones as a Tool of Crime

12.4 Types of Mobile Phone-Related Crimes

12.5 Types of Mobile Fraud

12.6 Case Studies

12.7 Preventive Measures and Precautions

12.8 Conclusion

References

Chapter 13: Cybersecurity: A Practical Strategy Against Cyber Threats, Risks with Real World Usages

13.1 Introduction

13.2 Cyberwar

13.3 Arms Control in Cyberwar

13.4 Internet Security Alliance

13.5 Cybersecurity Information Sharing Act

13.6 Market for Malware

13.7 Mobile Cybersecurity

13.8 Healthcare

13.9 Human Rights

13.10 Cybersecurity Application in Our Life

13.11 Conclusion

References

Chapter 14: Security in Distributed Operating System: A Comprehensive Study

14.1 Introduction to Security and Distributed Systems

14.2 Relevant Terminology

14.3 Types of External Attacks

14.4 Globus Security Architecture

14.5 Distribution of Security Mechanism

14.6 Conclusions

References

Chapter 15: Security in Healthcare Applications Based on Fog and Cloud Computing

15.1 Introduction

15.2 Security Needs of Healthcare Sector

15.3 Solutions to Probable Attacks in e-Healthcare

15.4 Emerging Threats in Cloud- and Fog-Based Healthcare System

15.5 Conclusion

References

Chapter 16: Mapping of e-Wallets with Features

16.1 Introduction

16.2 Review of Literature

16.3 Market Share of e-Wallet

16.4 Research Methodology

16.5 Result Analysis

16.6 Conclusions and future work

References

End User License Agreement

Guide

Cover

Copyright

Table of Contents

Begin Reading

List of Illustrations

Chapter 2

Figure 2.1

Classification of Steganography.

Chapter 3

Figure 3.1

Product flow structure in traditional business.

Figure 3.2

Communication cycle in e-business, from manufacturer to customer

Chapter 4

Figure 4.1

Two-tier e-commerce architecture.

Figure 4.2

Three-tier e-commerce architecture.

Figure 4.3

DDOS attack.

Figure 4.4

SQL injection attack.

Figure 4.5

Price manipulation.

Figure 4.6

Session hijacking attack.

Figure 4.7

Cross-site scripting attack.

Figure 4.8

Security engineering life cycle.

Chapter 5

Figure 5.1

Virus alert!

Figure 5.2

Petya ransomware.

Figure 5.3

WannaCry ransomware.

Figure 5.4

Motives of the attackers over the years.

Chapter 6

Figure 6.1

Blockchain architecture diagram.

Figure 6.2

Network architecture of blockchain.

Figure 6.3

How transactions get converted to blocks.

Figure 6.4

Cryptocurrency transaction using blockchain technology.

Figure 6.5

How double spending may occur.

Figure 6.6

Blockchain generation from unordered transactions.

Chapter 7

Figure 7.1

Challenges of a distributed system.

Figure 7.2

Shared secret key-based authentication.

Figure 7.3

Role of KDC in authentication.

Figure 7.4

Public key encryption based on mutual authentication.

Figure 7.5

Digital signature.

Figure 7.6

Schematic of a sandbox and a playground.

Chapter 9

Figure 9.1

Overview of MQMCE.

Figure 9.2

MQMCE scheduler process.

Figure 9.3

Obtained non-dominated solutions for the parallel workflow.

Figure 9.4

Obtained non-dominated solutions for the hybrid workflow.

Figure 9.5

Obtained non-dominated solutions for the synthetic workflow.

Chapter 11

Figure 11.1

Internet Crime Complaint Center(IC3) public value of overall statistics 2016.

Figure 11.2

Pyramid of cybersecurity 2017.

Figure 11.3

Expert-level-awareness of cybersecurity.

Figure 11.4

Effective incident response plans.

Figure 11.5

Federal Government cybersecurity initiatives.

Figure 11.6

Blockchain secure Internet transactions.

Chapter 12

Figure 12.1

Classification of mobile security threats.

Figure 12.2

Various mobile phone-related crimes.

Figure 12.3

The schematic sequence of a SMiShing attack.

Figure 12.4

Types of mobile frauds.

Chapter 13

Figure 13.1

Issues of cybersecurity [4].

Figure 13.2

Cybersecurity attacks occurring in different years [8].

Figure 13.3

Malware attacks on smartphone OSes.

Chapter 14

Figure 14.1

Logical organization of distributed systems into various layers.

Figure 14.2

Basic elements of information system security.

Figure 14.3

Schematic showing the exchange of information in distributed systems.

Figure 14.4

Types of external attacks.

Figure 14.5

Types of DoS attacks.

Figure 14.6

Globus security policy architecture.

Chapter 15

Figure 15.1

General architecture of healthcare monitoring systems.

Figure 15.2

Categorization of attacks in healthcare system.

Figure 15.3

Schematic diagram of a captured communication by an eavesdropper in fog environ...

Figure 15.4

Schematic diagram of a distributed denial of service attack.

Figure 15.5

Masquerade attack.

Chapter 16

Figure 16.1

Ecosystem for setting up of an Open, closed and semi-closed e-wallet respective...

Figure 16.2

Research Model for the mapping of features of E-wallets with the types of e-wal...

List of Tables

Chapter 2

Table 2.1

Relationship between PSNR and MOS values.

Chapter 4

Table 4.1

Advantages of e-commerce.

Table 4.2

Disadvantages of e-commerce

Table 4.3

Comparative analysis of various security threats in e-commerce.

Chapter 9

Table 9.1

Reasons for the federation of cloud.

Chapter 10

Table 10.1

Graph theory in computer networks.

Table 10.2

Grap theory in cloud

Chapter 11

Table 11.1

The major findings from Round 1 and the 4 key insights presented to the respondents.

Table 11.2

Cybersecurity policy within an organization.

Table 11.3

Effective cyber incident response plan mandates.

Table 11.4

Federal Government cybersecurity initiatives.

Table 11.5

Blockchain technology for secure Internet transactions.

Chapter 13

Table 13.1

A contrast of the smartphone oses market share over the era of 2011-2017

Chapter 15

Table 15.1

Security attacks and their existing solutions.

Chapter 16

Table 16.1

Examples of types of e-wallets.

Table 16.2

Electronic cash payment systems.

Table 16.3

Technological features of e-wallets in India.

Table 16.4

Legal features of e-wallets in India.

Table 16.5

Operational features of e-wallets in India.

Table 16.6

Security features of e-wallets in India.

Table 16.7

Mapping framework of e-wallet features.

Pages

ii

iii

iv

v

xv

xvi

xvii

xviii

xix

xx

xxi

xxii

xxiii

xxiv

xxv

xxvi

xxvii

xxviii

xxix

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

Scrivener Publishing100 Cummings Center, Suite 541JBeverly, MA 01915-6106

Publishers at ScrivenerMartin Scrivener ([email protected])Phillip Carmical ([email protected])

Managing Editors: Sachin Mishra, S. Patra and Anshuman Mishra

Cyber Security in Parallel and Distributed Computing

Concepts, Techniques, Applications and Case Studies

Edited by

This edition first published 2019 by John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA and Scrivener Publishing LLC, 100 Cummings Center, Suite 541J, Beverly, MA 01915, USA© 2019 Scrivener Publishing LLCFor more information about Scrivener publications please visit www.scrivenerpublishing.com.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.

Wiley Global Headquarters111 River Street, Hoboken, NJ 07030, USA

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.

Limit of Liability/Disclaimer of WarrantyWhile the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials, or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read.

Library of Congress Cataloging-in-Publication DataISBN 978-1-119-48805-7

To our parents

List of Figures

2.1 Classification of Steganography

3.1 Product flow structure in traditional business

3.2 Communication cycle in e-business, from manufacturer to customer

4.1 Two-tier e-commerce architecture

4.2 Three-tier e-commerce architecture

4.3 DDOS attack

4.4 SQL injection attack

4.5 Price manipulation

4.6 Session hijacking attack

4.7 Cross-site scripting attack

4.8 Security engineering life cycle

5.1 Virus alert!

5.2 Petya ransomware

5.3 WannaCry ransomware

5.4 Motives of the attackers over the years

6.1 Blockchain architecture diagram

6.2 Network architecture of blockchain

6.3 How transactions get converted to blocks

6.4 Cryptocurrency transaction using blockchain technology

6.5 How double spending may occur

6.6 Blockchain generation from unordered transactions

7.1 Challenges of a distributed system

7.2 Shared secret key-based authentication

7.3 Role of KDC in authentication

7.4 Public key encryption based on mutual authentication

7.5 Digital signature

7.6 Schematic of a sandbox and a playground

9.1 Overview of MQMCE

9.2 MQMCE scheduler process

9.3 Obtained non-dominated solutions for the parallel workflow

9.4 Obtained non-dominated solutions for the hybrid workflow

9.5 Obtained non-dominated solutions for the synthetic workflow

11.1 Internet Crime Complaint Center(IC3) public value of overall statistics 2016

11.2 Pyramid of cybersecurity 2017

11.3 Expert-level-awareness of cybersecurity

11.4 Effective incident response plans

11.5 Federal government cybersecurity initiatives

11.6 Blockchain secure Internet transactions

12.1 Classification of mobile security threats

12.2 Various mobile phone-related crimes

12.3 The schematic sequence of a SMiShing attack

12.4 Types of mobile frauds

13.1 Issues of cybersecurity [4]

13.2 Cybersecurity attacks occurring in different years [8]

13.3 Malware attacks on smartphone OSes

14.1 Logical organization of distributed systems into various layers

14.2 Basic elements of information system security

14.3 Schematic showing the exchange of information in distributed systems

14.4 Types of external attacks

14.5 Types of DoS attacks

14.6 Globus security policy architecture

15.1 General architecture of healthcare monitoring systems

15.2 Categorization of attacks in healthcare system

15.3 Schematic diagram of a captured communication by an eavesdropper in fog environment

15.4 Schematic diagram of a distributed denial of service attack

15.5 Masquerade attack

16.1 Ecosystem for setting up of an Open, closed and semi-closed e-wallet respectively [2]

16.2 Research Model for the mapping of features of E-wallets with the types of e-wallets

List of Tables

2.1 Relationship between PSNR and MOS values

4.1 Advantages of e-commerce

4.2 Disadvantages of e-commerce

4.3 Comparative analysis of various security threats in e-commerce

9.1 Reasons for the federation of cloud

10.1 Graph theory in computer networks

10.2 Grap theory in cloud

11.1 The major findings from Round 1 and the 4 key insights presented to the respondents

11.2 Cybersecurity policy within an organization

11.3 Effective cyber incident response plan mandates

11.4 Federal government cybersecurity initiatives

11.5 Blockchain technology for secure Internet transactions

13.1 A contrast of the smartphone oses market share over the era of 2011-2017

15.1 Security attacks and their existing solutions

16.1 Examples of types of e-wallets

16.2 Electronic cash payment systems

16.3 Technological features of e-wallets in India

16.4 Legal features of e-wallets in India

16.5 Operational features of e-wallets in India

16.6 Security features of e-wallets in India

16.7 Mapping framework of e-wallet features

Foreword

With the widespread applicability of cyberspace in today’s world, malefic activities like hacking, cracking or other malicious use of cyberspace have become more sophisticated and so critical that, absent a proper and organized plan to protect against such activities, overcoming them is impossible.

Today cybersecurity is one of the prime concerns for any organization, whether governmental or private sector; and for the sake of security and safety, it may be considered of national importance for a country. Many components of cyberspace are disreputable and therefore vulnerable to an expanding range of attacks by a spectrum of hackers, criminals, terrorists, and state actors. For example, both government agencies as well as private sector companies, irrespective of their size and nature, may suffer from cyber thefts, cyber vandalism and attacks like denial-of-service or other service-related attacks, since they incorporate sensitive information. Many of a nation’s critical infrastructures, like the electric power grid, air traffic control system, financial systems, and communication networks, depend extensively on information technology for their operation. Nowadays, threats posed by the vulnerabilities of information technology and its malicious use have increased along with technological advancements. Following the infamous September 11, 2001 attacks against the United States, the importance of maintaining a properly fashioned security environment has been realized in light of increased cyber espionage directed at private companies and government agencies. National policy makers have become increasingly concerned that adversaries backed by considerable resources will attempt to exploit cyber vulnerabilities in the critical infrastructure, thereby inflicting substantial harm on a nation.

Numerous policy proposals have been suggested in the past and a number of bills have been introduced to tackle the challenges of cybersecurity. Although the larger public discourse sometimes treats the topic of cybersecurity as a new one, the Computer Science and Telecommunications Board (CSTB) of the National Research Council has extensively recognized cybersecurity as being a major challenge for public policy. Therefore, for over more than two decades the CSTB has offered a wealth of information on practical measures, technical and nontechnical challenges, as well as potential policy concerning cybersecurity. Drawing on past insights developed in the body of work of the CSTB, a committee has produced a report entitled Cybersecurity Primer: Leveraging Two Decades of National Academies Work, which acts as a concise primer on the fundamentals of cybersecurity and the nexus between cybersecurity and public policy.

Full Professor Valentina E. BalasDepartment of Automatics and Applied Software Aurel Vlaicu University of Arad, Romania

Preface

The main objective of this book is to explore the concept of cybersecurity in parallel and distributed computing along with recent research developments in the field. Also included are various real-time/offline applications and case studies in the fields of engineering and computer science and the modern tools and technologies used. Information concerning various topics relating to cybersecurity technologies is organized within the sixteen chapters of this book.

Chapter 1 discusses the difference between traditional and contemporary computer crimes observed over the last few years. The general evolution of cybercrimes has led to internet-based risks affecting businesses, organizations, etc., exposing them to potential liability. The recent concept of cyber insurance, which promises coverage when organizations suffer as a result of internet-based risk, is discussed in this chapter. Later on in the chapter, readers will become familiarized with security policies and various security models, such as the Bell-LaPadula and Biba models, that enforce them. Furthermore, readers will also become acquainted with the concepts of network neutrality and human rights, as they go hand in hand. With the risks and aftereffects of cybercrimes in mind, we also explore the legal aspect of cybercrimes by analyzing the concept of computer forensics. Some best practices pertaining to countermeasures to information warfare are also discussed.

Chapter 2 presents an overview of the research and solutions relating to the problem of hidden image detection.

Chapter 3 focuses on the security aspects of data mining and possible techniques to prevent it. Moreover, some privacy issues due to data mining, such as intrusion detection, are also highlighted.

Chapter 4 addresses different types of specific security threats, security challenges, and vulnerabilities at various levels of the system. Furthermore, it throws light on how to deal with these various security threats and issues, and presents a comparative analysis of various methods used in e-commerce security, including how to perform secure payment transactions in an efficient manner.

Chapter 5 notes that although the likelihood of conventional warfare has been reduced due to diplomatic efforts, the fear of reduced resources and monetary greed are still very much in evidence. With resources becoming increasingly digitalized due to the development of technologies like 5G, the internet of things, smartphones, smarter cities, etc., cyberattacks from ransomware such as WannaCry, NotPetya, Bad Rabbit, etc., are also on the rise. With everything connected to the internet, it has become a battlefield on which the civilians of all nations are connected, unwittingly placing them on the battlefield. This connectivity is a bigger threat, as it can cause massive devastation in rising digital economies, affecting everyone and everything, even our brains, which, along with the internet’s ever-encroaching war on human emotions, is evidence that a war is coming – a cyberwar.

Chapter 6 introduces the concept of blockchain technology and how it is crucial to the security industry. We delve into the details concerning the characteristics of blockchain technology, its structure, types, architecture and workings. Since Bitcoin is one of the most widespread applications of blockchain technology, this chapter also highlights its workings. The chapter concludes with a few of the challenges facing this technology and its future scope.

Chapter 7 focuses on the need for service level agreements (SLAs) to prevail between a service provider and a client in relation to certain aspects of the service such as quality, availability and responsibilities. The Cuckoo’s Egg lessons on cybersecurity by Clifford Stoll, as well as various amendments to curb fraud, data breaches, dishonesty, deceit and other such cybercrimes, are also thoroughly discussed.

Chapter 8 examines various security issues and challenges in distributed computing security, along with security issues in advanced areas like heterogeneous computing, cloud computing, fog computing, etc. Moreover, we present the methods/schemes/protocols used to address various security issues and possible methods of implementation.

Chapter 9 demonstrates the administration task issue in unified cloud situations as a multi-target enhancement issue in light of security. The model enables shoppers to consider an exchange between three security factors—cost, execution, and hazard—when appointing their administrations to CSPs. The cost and execution of the conveyed security administrations are assessed utilizing an arrangement of quantitative measurements which we propose. We then address utilization of the preemptive streamlining technique to assess clients’ needs. Reproductions have demonstrated that this model aides in decreasing the infringement rate of security and execution.

Chapter 10 investigates chart hypothesis applications in PC systems with a particular spotlight on diagram hypothesis applications in distributed computing. Included in this chapter are the fundamental asset provisioning issues that emerge in distributed computing situations along with some applied hypothetical diagram recommendations to address these issues.

Chapter 11 explores the concepts of cybercrime and cybersecurity, and presents the statistical impact they have on organizations, demonstrating the importance of an effective cybersecurity policy manual. It also describes the methodology used for this research, analyzes the data provided by expert testimonials, and introduces the development of a new innovative technological method (blockchain) to minimize the risks of the cyber world. The analyses cover the extent to which Blockchain applications could help strengthen cybersecurity and protect organizations against cyberattacks, and what kind of research directions are essential for the future.

Chapter 12 classifies and details the various types of smartphone device security threats. Further case studies about the exploitation of smartphones by terrorists, user data theft and smartphone-based fraud are presented. The chapter concludes with measures to improve the security of mobile devices and prevent user data from being exploited by attacks.

Chapter 13 highlights some strategies for maintaining the privacy, integrity, confidentiality and availability of cyber information and its real-world impacts such as mobile security software for secure email and online banking, cyber health check programs for business, cyber incident response management, cybersecurity risk management and cyber security schemes and services.

Chapter 14 discusses security policies and mechanisms, various categories of attacks (e.g., denial-of-service) and Globus security architecture, along with distribution of security mechanisms. Furthermore, the various attack strategies that frequently occur in any information system under consideration are also investigated.

Chapter 15 lists some of the security issues which have arisen in the healthcare sector and also discusses existing solutions and emerging threats.

Chapter 16 presents and analyzes various types of models operating in the e-commerce/ebusiness domains in India. This chapter tries to give a brief insight into the various technological, operational, legal and security features available in different types of e-Wallets. It can be concluded from the information presented that all three wallets have the same security features, which include Anti-fraud, 3D SET or SSL, P2P, data encryption and OTP.

Among those who have influenced this project are our family and friends, who have sacrificed a lot of their time and attention to ensure that we remained motivated throughout the time devoted to the completion of this crucial book.

Dac-Nhuong LeRaghvendra KumarBrojo Kishore MishraManju KhariJyotir Moy Chatterjee

Acknowledgments

We would like to acknowledge the most important people in our lives, our grandfathers and grandmothers, and thank our wives. This book has been our longcherished dream which would not have been turned into reality without the support and love of these amazing people. They have encouraged us despite our failing to give them the proper time and attention. We are also grateful to our best friends, who have encouraged and blessed this work with their unconditional love and patient.

Dr. Dac-Nhuong LeDeputy Head, Faculty of Information Technology Haiphong University, Haiphong, Vietnam

Acronyms

APIs

Application Programming Interfaces

AR

Post-Traumatic Stress Disorder

AES

Advance Encryption Algorithm

ACL

Access Control Lists

APT

Advanced Persistent Threats

ATM

Automated Teller Machine

AS

Autonomous System

ACE

Access Control Entries

B2B

Business-to-Business

B2C

Business-to-Consumer

BAN

Body Area Networks

CA

Certifying Authority

C2B

Consumer-to-Business

C2C

Consumer-to-Consumer

C2G

Consumer-to-Government

CSPs

Cloud Service Providers

CV

Consumer Version

CPPS

Cyber-Physical Production System

COMSEC

Communications Security

CDI

Constrained Data Item

COI

Conflict of Interest

CDMA

Code-Division Multiple Access

CDC

Cloud Data Center

CISA

Cybersecurity Information Sharing Act

C3I

Command, Control, Communications and Intelligence

CFOs

Chief Financial Officers

CPU

Central Processing Unit

CoF

Cloud based Card-on File

CRC

Cyclic Redundancy Checksum

DAC

Discretionary Access Control

DAO

Decentralized Autonomous Organizations

DMZ

Demilitarized Zone

DFD

Degree of Security Deficiency

DDoS

Distributed Denial of Service

DoS

Denial of Service

DSC

Digital Signature Certificate

DHS

Department of Homeland Security

ETG

Enterprise Topology Graphs

ECMA

European Computer Manufacturers Association

ECDA

Elliptic Curve Diffie-Hellman

ECC

Elliptic Curve Cryptography

ESN

Electronic Serial Number

EPROM

Erasable Programmable Read-Only Memory

EWF

Energy Web Foundation

FBI

Federal Bureau of Investigation

FIPB

Foreign Investment Promotion Board

FC

Fog Computing

FI

Financial Institution

FEMA

Foreign Exchange Management Act

GUI

Graphical User Interface

GPS

Global Positioning System

HTML

Hypertext Markup Language

HMI

Human-Machine Interface

HAIL

High-Availability and Integrity Layer

HTTPS

Hypertext Transfer Protocol Secure

IoT

Internet of Things

ICCPR

International Covenant on Civil and Political Rights

ICMP

Internet Control Message Protocol

IPS

Intrusion Prevention Systems

IDS

Intrusion Detection System

IMPS

Immediate Payment Service

IP

Internet Protocol

ISP

Internet Service Provider

IT

Information Technology

IC3

Internet Crime Complaint Center

ISA

Instruction Set Architecture

IaaS

Infrastructure as a Service

ICERT

Indian Computer Emergency Response Team

IE

Internet Explorer

IEEE

Institute of Electrical and Electronics Engineers

KDC

Key Distribution Center

KYC

Know Your Customer

LAN

Local-Area Network

LSB

Least Significant Bit

MAC

Mandatory Access Control

MBR

Master Boot Record

MTBF

Mean Time Between Failures

MTTR

Mean Time to Recovery, Response, or Resolution

MIN

Mobile Identification Number

MiM

Man-in-the-middle Attack

NCSA

National Cyber Security Alliance

NCP

Network Control Protocol

NFC

Near Field Communication

NBFC

Non-Banking FinancialCompanie

NIST

National Institute of Standards and Technology

OS

Operating System

OTP

One-Time Password

PLC

Programmable Logic Controller

PIN

Personal Identification Number

PGP

Pretty Good Privacy

PwC

PricewaterhouseCoopers

PC

Personal Computer

POS

Point-on Scale

PKI

Public Key Infrastructure

P2P

Peer-to-Peer

PPI

Prepaid Payment Instruments

PaaS

Platform as a Service

PDA

Personal Digital Assistant

QoS

Quality of Service

RFID

Radio-Frequency Identification

RBAC

Role-Based Access Control

RBI

Reserve Bank of India

RSA

Rivest-Shamir-Adleman

SCADA

Supervisory Control and Data Acquisition

SET

Secure Electronic Transaction

SLA

Service Level Agreement

SMB

Server Message Block

SYN

Synchronization

SSID

Service Set Identifier

SQL

Structured Query Language

SSL

Secure Sockets Layer

SMS

Short Message Service

SIM

Subscriber Identity Module

SPV

Simple Payment Verification

TCPAC

Trusted Computing Platform Alliance

TCB

Trusted Computing Base

UDI

Unconstrained Data Item

UDP

User Datagram Protocol

UDHR

Universal Declaration of Human Rights

VM

Virtual Machine

VPN

Virtual Private Network

XSS

Cross-Site Scripting

XML

eXtensible Markup Language

XACML

eXtensible Access Control Markup Language

PART ICybersecurity Concept

Chapter 1Introduction on Cybersecurity

Ishaani Priyadarshini

University of Delaware, Newark, Delaware, USA

Email: [email protected]

Abstract

In a world ruled by speed and perfection, technology relies primarily on computer science. Be it a simple act of sending an email or a critical act of conveying billions of dollars, almost everything is merely a click away. The world of computer science keeps people engaged in activities like gaming, website surfing, social media, banking, digital citizenship, etc., with a grip spanning many domains such as hardware, software, network, data, etc. Because so many activities rely on computers, they attract criminals, which ultimately leads to cybercrime, which could be as elementary as basic hacking or as elaborate as ransomware attacks or financial cybercrimes. The consequences may vary from loss of personal or sensitive information to loss of massive amounts of money. Thus, the need to ensure cybersecurity is paramount. In this chapter, we will take a look at the concept of cybersecurity, its causes, consequences and principles. The idea of cybersecurity is not only limited to small firms and educational institutions, but also spreads across various industries and governments, making it one of the most significant areas of study. In the past, certain objectives have been proposed to safeguard such critical cyber infrastructures. Certain standards, guidelines and practices have found their place in cybersecurity frameworks to ensure that the cyber infrastructure and architecture is secure. Since the operations are multiple as well as insightful, they must be carried out by accountable personnel, such as the security administrator or incident response team, who are usually given roles in the cyber infrastructure depending on the nature of their work. Some of the anticipated roles of accountable personnel are defined in this chapter. The nature of cybercrimes over the last few years has changed drastically owing to the change in motives behind the crimes, tools and techniques involved and the overall consequences. We have observed the contrast between traditional and contemporary computer crimes over the last few years. The general evolution of cybercrimes has led to internet-based risks affecting businesses, organizations, etc,. which are potential liabilities that are harmful to property. The concept of cyber insurance is recent and promises coverage when organizations suffer internet based risks, which we have essayed in this chapter. In the later part of the chapter we will familiarize ourselves with the concept of security policies and various security models that enforce them. Few security models like the Bell La Padula and the Biba model will be discussed in this section. Further, we will acquaint ourselves with the concept of network neutrality and human rights as they go hand in hand. Keeping in mind the risks and after effects of cybercrimes, we will also explore the the legal aspect of cybercrimes by analyzing the concept of computer forensics. Some best practices pertaining to countermeasures for information warfare have also been discussed.

In a world ruled by speed and perfection, technology relies primarily on computer science. Be it a simple act of sending an email or a critical act of conveying billions of dollars, almost everything is merely a click away. The world of computer science keeps people engaged in activities like gaming, website surfing, social media, banking, digital citizenship, etc., with a grip spanning many domains such as hardware, software, network, data, etc. Because so many activities rely on computers, they attract criminals, which ultimately leads to cybercrime, which could be as elementary as basic hacking or as elaborate as ransomware attacks or financial cybercrimes. The consequences may vary from loss of personal or sensitive information to loss of massive amounts of money. Thus, the need to ensure cybersecurity is paramount. In this chapter, we will take a look at the concept of cybersecurity, its causes, consequences and principles. The idea of cybersecurity is not only limited to small firms and educational institutions, but also spreads across various industries and governments, making it one of the most significant areas of study. In the past, certain objectives have been proposed to safeguard such critical cyber infrastructures. Certain standards, guidelines and practices have found their place in cybersecurity frameworks to ensure that the cyber infrastructure and architecture is secure. Since the operations are multiple as well as insightful, they must be carried out by accountable personnel who are usually given roles in the cyber infrastructure depending on their nature of their work such as the security administrator or the incident response team. We will look forward to some of the roles in this chapter. The nature of cybercrimes over the last few years has changed drastically owing to the change in motive behind the crimes, tools and techniques involved and the overall consequences. We observe the contrast between traditional computer crimes and contemporary computer crimes over the last few years. General evolution of cybercrimes has led to internet based risks affecting businesses, organizations etc. which have the potential to harm liability and properties. Therefore, cyber insurance is discussed in this chapter, which is a recent concept that promises coverage when organizations suffer internet-based risks. Later on in the chapter, security policies and various security models that enforce them are explained. A few security models, such as the Bell-LaPadula and Biba models, will be discussed in this section. Furthermore, the reader will become acquainted with the concepts of network neutrality and human rights, as they go hand in hand. Keeping in mind the risks and aftereffects of cybercrimes, we also explore the legal aspects of cybercrimes by analyzing the concept of computer forensics. Some best practices pertaining to countermeasures for information warfare are also discussed.

Keywords: Cyber infrastructure, cybercrimes, cyber insurance, computer forensics, security models

1.1 Introduction to Cybersecurity

Cybersecurity may be defined as the ability to defend against and recover from cyberattacks. According to the National Institute of Standards and Technology (NIST), cybersecurity is the ability to protect or defend the use of cyberspace from cyberattacks [1]. The entire cyberspace consists of several interdependent networks of the information systems infrastructure which could be the internet, telecommunications network, computer systems, embedded systems or controllers. Thus, cybersecurity is concerned with critical infrastructure, network security, cloud security, application security, the internet of things and several other domains where the need to ensure security is paramount.

Critical infrastructure

: Security in critical infrastructure deals with cyber physical systems and real-world deployments. Industries like automation, aviation, healthcare, traffic lights, electricity grids etc are prone to cyberattacks like eavesdropping, compromised key attacks, man-in-the-middle attacks and denial-of-service attacks [2].

Network security

: Network security deals with measures and concerns to protect information systems. It guards against unauthorized intrusions and protects the usability and integrity of network and data. cyberattacks on networks could be passive like port scanning, wiretapping and encryption, and active, like phishing, cross-site scripting and denial of service attacks.

Cloud security

: Cloud security takes into account several control-based technologies and policies to protect information, data applications and infrastructure within the cloud. Since cloud is a shared resource, cyberattacks on clouds may lead to data breaches, system vulnerabilities, malicious insiders, data loss and shared technology vulnerabilities. Some attacks on the cloud computing environment are account hijacking, phishing, denial-of-service attacks and compromised credentials.

Application security

: Security of an application is ensured by mitigating security vulnerabilities. Since an application development has several stages, like design, development, deployment, upgrade and maintenance, each stage being susceptible to cyberattacks. Common attacks pertaining to web application security are cross-site scripting, SQL injection, buffer overflows and distributed denial-of-service attacks. In mobile applications, attacks like spyware, botnets, ad hoc and click fraud and malware infections take place.

Internet of Things security

: The internet of things (IoT) consists of computing, mechanical and digital devices with unique identifiers capable of transferring data over the network without human interference. IoT security safeguards these connected devices and networks in IoT. The attacks include spyware and botnets.

The CIA (Confidentiality, Integrity, Availability) triad is the unifying attribute for cybersecurity which is used to evaluate security of an organization using the three key areas related to security namely confidentiality, integrity and availability. These three attributes have specific requirements and operations.

Confidentiality

: Fairly similar to privacy, confidentiality ensures that information is accessed by authorized personnel. The idea is to prevent sensitive information from being accessed by unathorized people. Attacks on confidentiality could be credit card fraud, identity theft, wiretapping, phishing, and social engineering. User IDs, passwords, encrypted data, access control lists (ACL) and policy-based security measures evade attacks against confidentiality.

Integrity

: Integrity ensures consistency, trustworthiness and accuracy of data. The idea is to prevent modification of data by those who are unathorized to do so. It also ensures data authenticity and nonrepudiation. Some attacks on integrity are man-in-the-middle attacks, session hijacking attacks and salami attacks. Establishing user access controls, checksums, data encryption and hashing are some means to ensure data integrity.

Availability

: Availability refers to timely and reliable access to resources. The information concerned should be readily accessible to authorized personnel. Some attacks against availability are denial-of-service attacks, SYN attacks and ICMP (

Internet Control Message Protocol

) flood attacks.

Cybersecurity revolves around the human and operational side of technology. It takes into account 3Ps, namely people, plan and practice.

People

: The main idea about people being involved in cybersecurity is to prepare human resources against cyber threats and for data protection. It is not uncommon for organizations to be victims of phishing. Educating masses and awareness efforts in the form of classroom training, emails, tips and tricks can lead to constituting such a compelling environment.

Plan

: In order to respond to a cyber incident, there should be a plan that answers significant questions like “

Is there a technical way to deal with some issue.

” Using a plan could assist in recovering data and restoring operations. It can guide, establish protocols and organize the approach to certain responses.

Practice

: Testing of plans requires exercises. Practicing refers to preparing the team with exercises in order to identify weaknesses in the plan. Exercises may incorporate hypothetical situations, series of clues, implementations, decision making and response processes.

1.2 Cybersecurity Objectives

The concept of cybersecurity strives to maintain a secure cyberspace so as to safeguard the critical infrastructure. To recover from cyber incidents and attacks, there should be appropriate response, resolution and recovery. A legal framework ensures secure cyberspace. Following are a few objectives that lead to prevention from cyber threats and protection against cyberattacks.

Prevent threats

: In order to prevent threats, it is important to analyze the attacks and ensure designing, deployment and operation of required network control protocols (NCP). Threat indicators must be identified and certain incident reporting guidelines must be established. Adopting best practices and identifying malicious technology combined with research may be used to avert certain threats.

Identification and system hardening

: One of the primary objectives of cybersecurity is to identify threats in order to harden the system. The process ensures risk assessment and adoption of security measures. The purpose of system hardening is to mitigate certain risks associated with security. Sometimes an advanced system hardening approach is used, which incorporates reformatting of hard disks and installing only specific programs into the system.

Conduct operational, architectural and technical innovations

: Introducing dynamic approaches towards cyber risk management protects cyber infrastructure from specific cyberattacks.

Prepare for contingencies

: The idea of contingency planning is basically preparedness for cyberattacks. It may contain policies, best practices, procedures and recovery plans.

Allocation of information

: The information that is supposed to be circulated in the entire system must be effective. Cyber threats, vulnerabilities and incidents could be reported by issuing alerts. The information may be successfully distributed among several platforms.

Specialized security training

: The workforce must be equipped with specialized security training. The information and services must be provided to the joint federal partners so that the workforce is strong enough during cyber incidents.

Strengthen system fault tolerance

: Fault tolerance of a system may be computed by performing vulnerability assessment. High-assurance systems may possibly withstand cyberattacks.

Reduce vulnerabilities

: Several security practices assist in reducing vulnerabilities. Patching, use of firewalls and using strong passwords can prevent malicious access to the systems.

Improve usability

: The term usability is defined as the degree to which something is easy to use. Usability requirements may be incorporated into the systems along with trusted technology.

Authentication in cyberspace

: Verification of the identity of a user or process is an important process in cybersecurity. Depending on the device, one factor or multifactor authentication may be deployed. Authentication supports what we have, what we are and what we know.

Automate security procedure

: Automation leads to efficiency, better prediction of behavior and faster execution. Appropriate implementation of automation leads to prevention of cyberattacks. Automation can correlate data, promote prevention quicker than the spreading of attacks and identify network infections.

Guarantee interoperability among devices

: Interoperability is the ability of systems to coordinate in order to work together or across organizations. Ensuring interoperability leads to information being distributed effectively in the organization.

Highlight unfavorable events in cyberspace

: It is important to highlight unfavorable events in cyberspace so as to find solutions in order to prevent the systems from being vandalized. Information regarding the cause, extent and impact of unfavorable events may be listed for future use.

Introduce security measures

: By introducing security measures, one can detect cyberattacks, prevent them and correct them. Some security measures are network segmentation and use of firewalls, secure remote access, access controls, password protection, ensuring training programs and defining policies [3].

1.3 Cybersecurity Infrastructure and Internet Architecture (NIST)

Since cyberattacks are becoming more and more sophisticated, there is a need to introduce standardized practices to ensure security. The National Institute of Standards and Technology (NIST) incorporates certain policies, standards, guidelines and best practices to address cybersecurity issues [4]. This framework is divided into framework core, implementation tiers and profiles.

Framework core

: The framework core comprises of certain schemes leading to specific outcomes. It may be in the form of functions, categories, subcategories and informative references.

Functions

: In order to secure systems and respond to attacks, the five basic functions are to identify, protect, detect, respond and recover, which we will be discussing later in this section.

Categories

: Different functions have corresponding categories for identifying different operations and activities. For example, in order to protect, one can make use of access control, software updates and anti-malware programs.

Subcategories

: Categories with specific goals are termed as subcategories. For example, the process of software updating could have specific operations like proper configuration or manual updating of machines.

Informative references

: Informative references include policies, standards and guidelines. For example, certain steps that require manually updating Windows system.

Implementation tiers

: Following are the four tiers of information:

Tier 1 or Partial Implementation handles organizational risks inconsistently due to ad hoc cybersecurity infrastructure.

Tier 2 implementation deals with risks, plans and resources to protect cyber infrastructure at a deeper level than partial implementation.

Tier 3 or Repeatable Implementation can repeatedly tend to cyber crises. Policies may be implemented at the same level and cybersecurity awareness can minimize cyber-related risks.

Tier 4 or Adaptive Implementation is responsible for detecting threats and predicting issues with respect to the security infrastructure.

Profiles

: A cybersecurity framework has some specific goals. Profiles summarize the status of an organization’s cybersecurity. Multiple profiles in a cybersecurity framework ensure identification of several weak spots that are a part of the cybersecurity implementation. They can also support the connection among functions, categories and subcategories to resources and risk tolerance of organizations.

As discussed before, we will now take a look at the functions of the framework core. They are as follows:

Identify

: Identification refers to development of understanding in order to manage cybersecurity risks to systems, assets, data and capabilities. The identify function has the following categories:

Asset management

: Identification of data, devices and systems that assist an organization for business purposes.

Business environment

It prioritizes the objectives, mission and activities of an organization. The information plays a key role in decision making for cybersecurity roles, responsibilities and risk management.

Governance

: These are the mandatory guidelines essential for managing an organization’s environment and identifying the cybersecurity risks.

Risk assessment

: The organization must be able to infer the risks related to its operations and infrastructure.

Risk management strategy

: Several constraints, tolerances and assumptions affect security risk decisions.

Protect

: Organizations must be equipped with several defense mechanisms during a cybersecurity event. Ensuring controlled access, awareness, training, proper network configuration, deploying protective tools and technology, etc., can ensure protection of cybersecurity infrastructure and systems. Following are a few of the categories for protection:

Access control

: Authorized users may access devices, processes, activities and transactions.

Awareness and training

: Awareness and training of the employees of the organization along with policies and guidelines can ensure protection from cyber issues.

Data security

: Confidentiality, integrity and availability of data should be maintained throughout its lifetime.

Information protection

: Policies, procedures, guidelines and processes can protect information.

Maintenance

: Maintenance of the system could be performed using certain policies and procedures.

Protective technology

: Policies, procedures and agreements, along with technical solutions, lead to system security.

Detect

: To identify cybersecurity events, proper measures must be adopted by organizations. Monitoring and threat identification are a few ways to detect security issues in systems. The following categories pertain to detection:

Events and anomalies

: Analyzing the events in a timely manner can ensure detection of anomalous activities.

Monitoring

: Monitoring the system at different intervals can assist in identifying issues and also verify the effectiveness of solutions proposed.

Other detection techniques

: Several processes and procedures may be tested to detect malicious behavior in a system.

Respond

: In the case of cyber incidents occurring, organizations must be able to contain the impact. Chalking out response plans, establishing communication lines, and collecting and analyzing information are several response strategies. We look at a few categories.

Response planning

: Execution of processes and procedures to detect cybersecurity events.

Communication

: Information and response activities across the organization can be coordinated if communicated properly.

Analysis

: Analyzing data ensures proper response and recovery.

Mitigation

: Several events which have the potential to cause security issues in the system must be mitigated. The cyber incidents and their aftereffects must be mitigated.

Improvement

: Analyzing the current and previous detection-response activities can greatly enhance future response activities.

Recover

: Cybersecurity events have the potential to affect services and capabilities of systems. Therefore, organizations must introduce effective strategies or recovery plans to restore the system. Following are some categories that do the same:

Recovery planning

: Execution of recovery processes and procedures and maintenance leads to timely restoration of systems affected by malicious events.

Improvements

: Upgradation of current processes and procedures leads to improvement in future systems for recovery.

Communications

: Communication within an organization ensures coordination of restoration activities.

1.4 Cybersecurity Roles

As discussed in the previous sections, we know that cybersecurity spans a vast domain. In order to secure an organizational infrastructure, checkpoints are introduced at every step, thereby making security a significant element throughout the organization. Since security in an organization is introduced from top to bottom, there are several roles and responsibilities that are undertaken by cybersecurity professionals. In this section we will take a look at all the roles that are a part of cybersecurity. For that we must categorize the specific operations that take place in a cyber infrastructure. We will further specify the important fields that are a part of the operations involved. Based on the fields we will highlight the corresponding roles [5]. The cybersecurity operations that take place in a cyber infracture are presented below.

Secure provisioning:: Involved in the process of secure provisioning are secure configuration, deployment and management of the incorporated resources. Following are some specialty areas for secure provisioning in cybersecurity:

Risk management

: The risk management process is used to identify threats and vulnerabilities, so that specific solutions may be adopted to secure a system. The roles pertaining to this specialization are:

Authorizing official

: These officials are responsible for functioning of the overall system with tolerable risk to organization and individuals.

Security control assessor

: These officials assess operations, technicality and management of the system controls deployed in the organization.

Software Development

: Developing software from a cybersecurity perspective results in secure software design. The idea is to identify weakness in the software development life cycle so that it does not affect the software. Following are the security roles pertaining to software development:

Software developer

: Responsible for creating, coding and maintaining software.

Secure software assessor

: Sees to it that existing computer applications are secured.

Systems architecture

: System architecture specifies security design to highlight the risks involved in a system. It analyzes whether the system requires security controls. Some security roles that are involved in system architecture are as follows:

Enterprise architecture

: Involved in designing systems and processing information that is required by the system.

Security architecture

: A security architecture designs systems and ensures system security while the software is developed.

Research and development

: Due to increasing sophisticated cyber threats, it is important to research security in cyberspace and continuously develop strategies to overcome security issues. The role that falls into this category is as follows:

Research and development specialist

: Conducts research to find vulnerabilities in existing systems and also develops techniques to ensure cybersecurity in certain infrastructures.

Systems planning and development

: The process of system planning and development is initiated by gathering the requirements for the system design and based on the functionalities required, developing a system. The following roles are a part of this specialization:

Requirements planner

: Takes into account the functional requirements for the system and processes the requirements into technical solutions.

Systems developer

: Is assigned the task of designing, developing, testing and evaluating the system throughout the life-cycle of system development.

Information systems security developer

: Is assigned the task of designing, developing, testing and evaluating the system security throughout the development of the system life cycle.

Systems testing and evaluation

: This can help to understand how vulnerable a system is. It is carried out using certain tests, analysis, findings, examinations and developing combating strategies. Those taking on this role are as follows:

Testing and evaluation specialist

: The responsibility of a testing and evaluation specialist is to plan, prepare and test a system in order to evaluate results. The test results are analyzed based on specifications in order to ensure security of a system.

Operate and maintain: The process of operation and maintenance ensures support, administration and maintenance for efficient system performance and security. The specialization areas in this domain are as follows:

Database administration

: This takes into account storage, query, protection and utilization of data. Hence, sensitive data must be secured. Following are the roles that ensure security in database administration

Database administrator

: Administers databases and is concerned with data management systems.

Database analyst

: Develops and implements algorithms along with processing of data sets for data mining and research.

Knowledge management

: Refers to the analysis and technical support of cybersecurity practices. The practices include identifying, creating, depicting and conducting good practices to promote a secure environment. One of the knowledge management roles is as follows:

Knowledge manager

: Manages and administers processes and tools in order to identify, access and present information.

Customer service and support

: The aim of customer service and support is to address technical problems related to cybersecurity for a system or an organization. One of the roles is as follows:

Technical support specialist

: May assist in installing, configuring, troubleshooting and maintaining a system in order to offer technical assistance.

Network services

: The work of network services is to protect the information technology infrastructure from various threats and vulnerabilities. Network services are used to manage the network, including hardware and software. Those that perform these kinds of tasks are known by the following title:

Network security specialist

: Concerned with planning, implementing and operating network services to ensure security.

Systems administration

: This field is responsible for providing advice to organizations regarding their infrastructure and security loopholes. It usually provides information about the weaknesses in a system. Those that take on this role are known by the following title:

System administrator

: A system administrator is responsible for administering system accounts and is capable of installing, troubleshooting and maintaining a system.

Systems analysis

: This is the study of existing systems, procedures and design to come up with solutions to ensure efficiency, security and effectiveness. Those that perform this role are known by the following title:

Systems security analyst

: These officials develop and analyze integration, testing, operations and maintenance of systems in order to promote security.

Oversee and govern: The process of overseeing and governing assists in providing leadership, development, management and advocacy (law and order) for proper working of an organization. Some of the specialized fields and their corresponding roles are described as follows:

Cyber law and advocacy

: This deals with all the legal procedures in order to provide consultancy on specific information technology-based issues and acts. The laws and policies have a direct impact on human rights and may also address cybercrimes. The roles that are specific to cyber law and advocacy are as follows:

Cyber legal advisor

: Is responsible for providing legal advice and solutions to issues that pertain to cyber law.

Privacy compliance manager

: Develops privacy compliance programs which highlight privacy issues.

Training and education

: With cyberattacks growing rampantly, securing data and infrastructure requires highly trained professionals who must be academically and technically sound. The roles that form a part of this field are as follows:

Cybersecurity curriculum developer

: Chalks out and evaluates cybersecurity training and education courses and techniques.

Cybersecurity instructor

: Conducts classroom training and education of people who require cybersecurity knowledge and skills.

Cybersecurity management

: This refers to procedures, operations and functions undertaken by an organization to ensure security in its infrastructure. It is used for thwarting issues like cyberattacks, intrusions, data breaches and malware. The roles belonging to this field are as follows:

Information systems security manager

: Ensures security of a program or organization.

COMSEC manager

: Communications security (COMSEC) resources of an organization is taken care of by COMSEC manager.

Policy making

: The process of policy making ensures that a system is properly placed such that it can guard against critical attacks. This is done by implementing procedures and guidelines in order to protect a system as well as identify threats. The responsibilities of those taking on this role are as follows:

Cyber workforce developer and manager

: Develops plans and strategies to support the education and training required for staff and professionals. Those in this role can also perform changes to existing policies.

Cyber policy planner

: Develops and plans cybersecurity policies that align with the needs of security infrastructure.

Cyber leadership

: The aim of cybersecurity project management is to direct to cybersecurity activities [6]. The following role belongs to this field:

Executive cyber leadership

: These officials are responsible for conducting decision-making and directing the operations for an organization’s security.

Project management

: The aim of cybersecurity project management is to direct security projects with respect to an organization’s needs and goals. The role taken up for this field are as follows:

Program manager

: Plays a lead role in coordinating, communicating and integrating the program and is accountable for it.

Project manager

: Manages the product throughout its life cycle.

Product support manager

: Ensures that the functionalities are embedded into the system and that the system is operationally capable.

Investment manager

: Manages a portfolio that highlights the details of the system capabilities and ensures that the needs are met.

Program auditor

: Takes care of evaluations of the system and its individual components to ensure that the system is updated.

Protect and Defend: The protection and defense approach in cybersecurity is concerned with identifying and analyzing a system for threats and vulnerabilities in order to mitigate them. Following are a few areas and roles concerned with this specialization:

Defense analysis

: The idea of defense analysis is based on the use of defensive tools and techniques in order to identify, analyze and report issues in a system that might potentially serve to corrupt information or system. The responsibility for this role is taken on by the following specialist:

Defense analyst

: Collects data using defense tools like firewalls, intrusion detection systems, alerts, etc., to analyze events that may promote cyber issues in the system.

Defense infrastructure:

The defense infrastructure takes into account testing, implementation, maintenance and administration of infrastructure hardware and software. The professionals efficient in this ability assume the following role:

Defense infrastructure specialist

: Tests, implements, deploys and maintains infrastructure hardware and software.

Incident response: