Chi-Square test in R Language

Chi-Square test is a statistical method to determine if two categorical variables have a significant correlation between them. Both those variables should be from same population and they should be categorical like − Yes/No, Male/Female, Red/Green etc.

For example, we can build a data set with observations on people's ice-cream buying pattern and try to correlate the gender of a person with the flavor of the ice-cream they prefer. If a correlation is found we can plan for appropriate stock of flavors by knowing the number of gender of people visiting.

Syntax

The function used for performing chi-Square test is chisq.test().

The basic syntax for creating a chi-square test in R is −

chisq.test(data)

Following is the description of the parameters used −

• data is the data in form of a table containing the count value of the variables in the observation.

Example

We will take the Cars93 data in the "MASS" library which represents the sales of different models of car in the year 1993.

library("MASS")
print(str(Cars93))

When we execute the above code, it produces the following result −

'data.frame':   93 obs. of  27 variables: 
 $ Manufacturer      : Factor w/ 32 levels "Acura","Audi",..: 1 1 2 2 3 4 4 4 4 5 ... 
 $ Model             : Factor w/ 93 levels "100","190E","240",..: 49 56 9 1 6 24 54 74 73 35 ... 
 $ Type              : Factor w/ 6 levels "Compact","Large",..: 4 3 1 3 3 3 2 2 3 2 ... 
 $ Min.Price         : num  12.9 29.2 25.9 30.8 23.7 14.2 19.9 22.6 26.3 33 ... 
 $ Price             : num  15.9 33.9 29.1 37.7 30 15.7 20.8 23.7 26.3 34.7 ... 
 $ Max.Price         : num  18.8 38.7 32.3 44.6 36.2 17.3 21.7 24.9 26.3 36.3 ... 
 $ MPG.city          : int  25 18 20 19 22 22 19 16 19 16 ... 
 $ MPG.highway       : int  31 25 26 26 30 31 28 25 27 25 ... 
 $ AirBags           : Factor w/ 3 levels "Driver & Passenger",..: 3 1 2 1 2 2 2 2 2 2 ... 
 $ DriveTrain        : Factor w/ 3 levels "4WD","Front",..: 2 2 2 2 3 2 2 3 2 2 ... 
 $ Cylinders         : Factor w/ 6 levels "3","4","5","6",..: 2 4 4 4 2 2 4 4 4 5 ... 
 $ EngineSize        : num  1.8 3.2 2.8 2.8 3.5 2.2 3.8 5.7 3.8 4.9 ... 
 $ Horsepower        : int  140 200 172 172 208 110 170 180 170 200 ... 
 $ RPM               : int  6300 5500 5500 5500 5700 5200 4800 4000 4800 4100 ... 
 $ Rev.per.mile      : int  2890 2335 2280 2535 2545 2565 1570 1320 1690 1510 ... 
 $ Man.trans.avail   : Factor w/ 2 levels "No","Yes": 2 2 2 2 2 1 1 1 1 1 ... 
 $ Fuel.tank.capacity: num  13.2 18 16.9 21.1 21.1 16.4 18 23 18.8 18 ... 
 $ Passengers        : int  5 5 5 6 4 6 6 6 5 6 ... 
 $ Length            : int  177 195 180 193 186 189 200 216 198 206 ... 
 $ Wheelbase         : int  102 115 102 106 109 105 111 116 108 114 ... 
 $ Width             : int  68 71 67 70 69 69 74 78 73 73 ... 
 $ Turn.circle       : int  37 38 37 37 39 41 42 45 41 43 ... 
 $ Rear.seat.room    : num  26.5 30 28 31 27 28 30.5 30.5 26.5 35 ... 
 $ Luggage.room      : int  11 15 14 17 13 16 17 21 14 18 ... 
 $ Weight            : int  2705 3560 3375 3405 3640 2880 3470 4105 3495 3620 ... 
 $ Origin            : Factor w/ 2 levels "USA","non-USA": 2 2 2 2 2 1 1 1 1 1 ... 
 $ Make              : Factor w/ 93 levels "Acura Integra",..: 1 2 4 3 5 6 7 9 8 10 ... 

The above result shows the dataset has many Factor variables which can be considered as categorical variables. For our model we will consider the variables "AirBags" and "Type". Here we aim to find out any significant correlation between the types of car sold and the type of Air bags it has. If correlation is observed we can estimate which types of cars can sell better with what types of air bags.

# Load the library.
library("MASS")

# Create a data frame from the main data set.
car.data <- data.frame(Cars93$AirBags, Cars93$Type)

# Create a table with the needed variables.
car.data = table(Cars93$AirBags, Cars93$Type) 
print(car.data)

# Perform the Chi-Square test.
print(chisq.test(car.data))

When we execute the above code, it produces the following result −

                     Compact Large Midsize Small Sporty Van
  Driver & Passenger       2     4       7     0      3   0
  Driver only              9     7      11     5      8   3
  None                     5     0       4    16      3   6

        Pearson's Chi-squared test

data:  car.data
X-squared = 33.001, df = 10, p-value = 0.0002723




Warning message:
In chisq.test(car.data) : Chi-squared approximation may be incorrect

CONCLUSION

The result shows the p-value of less than 0.05 which indicates a string correlation.

---

Read More

Survival analysis in R Language

Survival analysis deals with predicting the time when a specific event is going to occur. It is also known as failure time analysis or analysis of time to death. For example predicting the number of days a person with cancer will survive or predicting the time when a mechanical system is going to fail.

The R package named survival is used to carry out survival analysis. This package contains the function Surv() which takes the input data as a R formula and creates a survival object among the chosen variables for analysis. Then we use the function survfit() to create a plot for the analysis.

Install Package

install.packages("survival")

 

SYNTAX

 

The basic syntax for creating survival analysis in R is −

Surv(time,event)
survfit(formula)

Following is the description of the parameters used −

• time is the follow up time until the event occurs.
• event indicates the status of occurrence of the expected event.
• formula is the relationship between the predictor variables.

EXAMPLE

We will consider the data set named "pbc" present in the survival packages installed above. It describes the survival data points about people affected with primary biliary cirrhosis (PBC) of the liver. Among the many columns present in the data set we are primarily concerned with the fields "time" and "status". Time represents the number of days between registration of the patient and earlier of the event between the patient receiving a liver transplant or death of the patient.

# Load the library.
library("survival")

# Print first few rows.
print(head(pbc))

When we execute the above code, it produces the following result and chart −

  id time status trt      age sex ascites hepato spiders edema bili chol
1  1  400      2   1 58.76523   f       1      1       1   1.0 14.5  261
2  2 4500      0   1 56.44627   f       0      1       1   0.0  1.1  302
3  3 1012      2   1 70.07255   m       0      0       0   0.5  1.4  176
4  4 1925      2   1 54.74059   f       0      1       1   0.5  1.8  244
5  5 1504      1   2 38.10541   f       0      1       1   0.0  3.4  279
6  6 2503      2   2 66.25873   f       0      1       0   0.0  0.8  248
  albumin copper alk.phos    ast trig platelet protime stage
1    2.60    156   1718.0 137.95  172      190    12.2     4
2    4.14     54   7394.8 113.52   88      221    10.6     3
3    3.48    210    516.0  96.10   55      151    12.0     4
4    2.54     64   6121.8  60.63   92      183    10.3     4
5    3.53    143    671.0 113.15   72      136    10.9     3
6    3.98     50    944.0  93.00   63       NA    11.0     3

From the above data we are considering time and status for our analysis.

APPLYING SURV() AND SURVFIT() FUNCTION

 

Now we proceed to apply the Surv() function to the above data set and create a plot that will show the trend.

# Load the library.
library("survival")

# Create the survival object. 
survfit(Surv(pbc$time,pbc$status == 2)~1)

# Give the chart file a name.
png(file = "survival.png")

# Plot the graph. 
plot(survfit(Surv(pbc$time,pbc$status == 2)~1))

# Save the file.
dev.off()

When we execute the above code, it produces the following result and chart −

Call: survfit(formula = Surv(pbc$time, pbc$status == 2) ~ 1)

      n  events  median 0.95LCL 0.95UCL 
    418     161    3395    3090    3853 

 The trend in the above graph helps us predicting the probability of survival at the end of a certain number of days.

Read More

Security organisation

Organizational structure

Actual Organizational structure is not discussed here, since every company is different. Rather, roles are described. These roles can be attributed to different persons in an organization depending on it's structure, size, culture etc. 
  
Roles and Responsibility

Depending on company size, responsibility may be attributed to the following roles. What is important is that responsibility is clear and that the responsible persons can actually assume their responsibilities (i.e. the have powers necessary to take corresponding decisions an the experience/knowledge to take the right decisions).

Executives: The managing director, CEO or equivalent is ultimately responsible for security strategy and must make the necessary resources available to combat business threats. This person is also responsible for disseminating strategy and establishing a security-aware culture.

IT Security manager: is responsible for Enterprise security. The IT security manager(s) defines IT security guidelines together with the process owner. He/she is also responsible for security awareness and advising management correctly on security issues. He/she may also carry out risk analyses. It is important that this person be up-to-date on the latest security problems/risks/solutions. Co-ordination with partner companies, security organisations is also important.

Business process / data / operation owner: is directly responsible for a particular process or business unit's data and reports directly to top management. He analyses the impact of security failures and specifies classification and guidelines/processes to ensure the security of the data for which he is responsible. He should not have any influence on auditing.
 
System supplier: Installs and maintains systems. A service level agreement should exist defining the customer/supplier roles and responsibilities. The supplier may be, for example, an external contracting company or the internal datacentre or System/Security administrator. He is responsible for the correct use of security mechanisms. Often this person is root (UNIX) or dba (databases).

System designer: The persons who develop a system have a key role in ensuring that a system can be used securely. New development projects must consider security requirements at an early stage.

Project Leaders: ensure that Security guidelines are adhered to in projects.

Line Managers: ensures that his personnel are fully aware of security policies and does not provide objectives which conflict with policy. He/she enforces policy and checks actual progress.

Users: Users, or "information processors/operators" are responsible for their actions. They are aware of company security policy, understand what the consequences of their actions are and act accordingly. They have effective mechanisms at their disposal so that they can operate with the desired level of security. Should users receive confidential information that is not classified, they are responsible for classifying and distribution of this information.

Auditor: is an independent person, within or outside the company, who checks the status of IT security, much in the same way as a Financial Auditor verifies the validity of accounting records. It is important that the Auditor be independent, not being involved in security administration. Often external consultants fulfill this role, since they can offer a more objective view of policies, processes, organizations and mechanisms.
  

Processes

The security policy needs processes and people (organization) to ensure it's implementation and accordance with business needs. Typical security processes are:

• Security Hotline / Helpdesk (user management)
• Change management
• System monitoring & intruder detection
• Data backup & recovery
• System audits
• Crisis management/Firewall

  1. Security Hotline/ Helpdesk

• User account management is often available over a so-called hotline or helpdesk.
• The help-desk is where users call when they have problems. If the helpdesk cannot resolve a problem, it is responsible for escalation (and tracking) of the problem to vendors or system administrators, for example.
• Users should have access to a service hotline to unlock passwords quickly (if they forget them), otherwise users may write the passwords down.
• How can password be exchanged over the phone? How can you be sure that the correct user is asking for an allowed modification? Some kind of "authentication" is required. (Perhaps by using internal phone systems where the calling number is visible?, or by calling the user back at his desk?)

2. Change Management

• Who installs or upgrades HW and SW?
• New SW should be tested for a few weeks before being installed on production systems.
• Changes should be carefully prepared and carried out such that production is not disturbed and such that if the changes have a negative effect, they can be removed. During hardware changes ensure that anti-static wrist straps are worn, that the correct tools are available and that the power is connected or removed according to the manufacturer's instructions.
• Follow the axioms KISS (Keep it simple, stupid) and "if it isn't broken, don't fix it". Only install updates if they are necessary.

3. Systems monitoring

Who monitors what systems, where, with what utilities? Monitoring is often more effective if decentralized in very large organizations.

4. Data Backup & Restore

Processes & responsibility need to be defined to ensure reliable backups and restores when needed. The restore policy should be regularly tested.

5. System audits

• Servers should be audited regularly (e.g. once per year).
• A audit checklist should be made for each security level/OS, for simplicity.
• The auditor should be independent of the administration and be objective.
• The audit should check: Guidelines, Policies, Users, Management, IT Security managers, Administrators, IT Resources.

6. Crisis Management / "Firewall" / Emergency Response Team / Disaster Planning

Even with a solid security policy, educated users and solid system administration, an emergency response team is useful. Plan for a disaster!

• Who is on "Firewall", how should they react to a serious security breach?
• If internal personnel are not expert enough, a "emergency standby" contract could be outsourced to a specialized company.
• Decide in advance who will be in charge in the event of a security incident. Determine the chain of command (define processes & responsibility).
• Keep important names, telephone numbers, email addresses off-line. Do not assume that your on-line address book will be available in an emergency.

Security Marketing

Communications Manager: responsible for spreading security awareness in the company. 

Security Information Center

Having the right information at the right time is important.

• It is advisable to have the current books on relevant security topics available, access to Internet security Newsgroups, mailing lists, WWW servers and ftp servers.
• All corporate documents on security and the standards on which they are based should be available.
• Copies of rules, policies, documentation and addresses should be kept off-line (or even better on paper).

The following services could be offered to internal departments:

• A Security Library (as detailed above).
• Risk analysis.
• Education: Courses on IT security for users, administrators, line managers etc.
• Technical expertise (for each important OS / application / system) who follows security developments. Each specialist must be aware of all new security problems & fixes.
• Guidance in the purchasing / development of new systems.
• Testing of new systems.
• One time audits of systems & processes: do systems conform to policy, what weaknesses do they have?
• Statistical analysis: regular reporting of system usage, performance, user behaviour, technological trends, external connection usage.

 

Read More

Protection & Security in OS

Introduction

• Interference in resource utilization is a very serious threat in an OS.
• The nature of the threat depends on the nature of a resource and the manner in which it is used.
• In this session, we will discuss the issues involved in protection and security.
• It involves guarding a user's data and programs against interference by other authorized users of the system.

Facets to Protection of Information

There are two facets to protection of information

• Secrecy : Implies that only authorized users should be able to access information.
• Privacy : Implies that information should be used only for the purposes(s) for which it is intended and shared.

OS focuses on guaranteeing secrecy of information, and leaves the issue of privacy to the users and their processes.

Security and Protection : Policies and Mechanisms

Security Attributes

Security is traditionally defined by the three attributes namely:

• Confidentiality : It is the prevention of unauthorized modification of information or resources.
• Integrity : It is the prevention of unauthorized
• Availability : It is the prevention of unauthorized withholding of information or resources.

Security Threats

• Direct : This is any direct attack on your specific systems, whether from outside hackers or from disgruntled insiders.
• Indirect : This is general random attack, most commonly computer worms or Trojan horses.

Reasons for taking Security measures

• To prevent loss of data
• To prevent corruption of data
• To prevent compromise of data
• To prevent theft of data
• To prevent sabotage

Authentication

• Goal of Authentication : Reasonable assurance that anyone who attempts to access a system or a network is a legitimate user.
• 3 mechanisms

             - Password

             - Physical token or an artifact

             - Biometric measure

Security models

Security models can be discretionary or mandatory.

• Discretionary : Holders of right can be allowed to transfer them at their discretion.
• Mandatory : Only designated roles are allowed to grand rights and users cannot transfer them.

 Security policy Vs. Security Model

• Security Policy : Outlines several high level points; how the data is accessed, the amount of security required and what are the steps when these requirements are not met.
• Security Model : The mechanism to support security policy. This involves in the design of the security system.

Access Matrix Model

Consists three principal components:

• A set of passive objects (files, terminals, devices and other entities)
• A set of active subjects, which may be manipulate the objects
• A set of rules governing the manipulation of objects by subjects.
• The access matrix is a rectangular array with one row per subject and one column per object.

Role Based Access Control

• Enforces access controls depending upon a user role(s).
• Roles represent specific organization duties and are commonly mapped to job title. Ex: Administrator, Developer etc.
• Role definitions and associated access rights must be based upon a thorough understanding of an organization's security policy.

Take-Grant Model

• This model use graphs to model access control.
• The graph structure can be represented as an adjacency matrix and labels on the arcs can be coded as different values in the matrix.
• Nodes in the graph are of two types, one corresponding to subjects and the other to objects.
• The possible access rights are read(r), write(w), take(t) and grant(g).

Example of Take

Read More

OS Security Goals, Policy & Model and Access Control Techniques

 Security Goals

Secrecy (confidentiality)
- Unauthorized disclosure
- Limits the objects (files/sockets) that a process can read

Integrity
- Unauthorized modification
- Limits the objects that a process can write
 (objects may contains information that other processes depend on)

Availability
- Limits the system resources that processes (or users) may consume 
- Therefore preventing denial of service attacks
- Achieved by OS resource management techniques like fair scheduling

Confidentiality & Integrity

Achieved by Access Control

• Every access to an object in the system should be controlled
• All and Only authorized accesses can take place

Access Control Systems

Development of an access control system has three components
- Security Policy  : high level rules that define access control
- Security Model  : a formal representation of the access control security policy and its working.
       (this allows a mathematical representation of a policy; there by aid in proving that the model is secure)
- Security Mechanism  : low level (sw / hw) functional implementations of policy and model.

Security Policy

• A scheme for specifying and enforcing security policies in a system
• Driven by

         - Understanding of threat and system design

• Often take the form of a set of statements

       - Succinct statements
       - Goals are agreed upon either by
                 * The entire community
                 * Top management
                 * Or is the basis of a formal mathematical analysis


A bad security policy model of a company

Megacorp Inc security policy

1. This policy is approved by Management.
2. All staff shall obey this security policy.
3. Data shall be available only to those with a 'need-to-know'. 
4. All breaches of this policy shall be reported at once to security.

Security Model

Why have it at all?

• It is a mathematical representation of the policy.
• By proving the model is secure and that the mechanism correctly implements the model, we can argue that the system is indeed secure (w.r.t. the security policy)

Security Mechanism

• Implementing a correct mechanism is non trivial 
• Could contain bugs in implementation which would break the security
• The implementation of the security policy must work as a 'trusted base' (reference monitor)
• Properties of the implementation

           - Tamper proof

           - Non-bypassable (all access should be evaluated by the mechanism)

           - Security kernel - must be confined to a limited part of the system (scattering security functions all over the system implies that all code must be verified)

          - Small - so as to achieve rigorous verification.

Discretionary Access Control

Discretionary (DAC)

• Access based on

          - Identity of requestor

          - Access rules state what requestors are (or are not) allowed to do

• Privileges granted or revoked by an administrator
• Users can pass on their privileges to other users
• Example. Access Matrix Model.

Access Matrix Model

• By Butler Lampson, 1971
• Subjects : active elements requesting information
• Objects : passive elements storing information

States of Access Matrix 

Read More

Information Gathering

What is Information Gathering ?

The process of well knowing the target, digging details, foot printing and keep in touch with the target is called information gathering.

Types of Information Gathering

Active Information Gathering

• Information is gathered directly.
• E.g. -by phone call, interviews or by face to face meeting.

Passive Information Gathering

• Information is gathered using third party.
• E.g. - using search engine tools, websites etc.

1st Target - Person
2nd Target - Website
3rd Target - Email-id
4th Target - Web Server


Information Gathering - Website

• Before testing web application it is good to find information about that.
• WHO is Information
• Reverse IP Check
• Website Framework
• DNS Records

Information Gathering - Web Server

• Web Server provides access to internet resources

• Server Operating System
• Services running on that server
• Open Ports

Read More

Ethical Hacking

What is Hacking ?

•  Hacking is the act of finding the possible entry points that exist in a computer system or a computer network and finally entering into them.
• Hacking is usually done to gain unauthorized access to a computer system or a computer network, either to harm the systems or to steal sensitive information available on the computer.

What is Ethical Hacking ?

• Ethical Hacking is the act of doing penetration testing, finding vulnerabilities to ensure the security of an organization's information system.
• These professionals are the part of cyber security company.
• There goal in company is-
• To protect system's from attackers
• To ensure privacy of organization data
• Eliminate any potential threat 

Types of Hacker's

• Black Hat :- It is a very dangerous hacker, because there are note associate any kind of company. The actually do hacking in order to harm people or organization and also do hacking in order to steel of sensitive information.
• White Hat :- The white hat hacker the associate with particular organization and always do hacking in order to protect their company data from another hackers.
• Grey Hat :- Grey hat hacker is combination of black hat hacker and white hat hacker.So some times gray hat hacker associated with particular company and do hacking for good way but side by side they also do hacking for any legal purpose. 

Phases

• Reconnaisance
• Scanning
• Gaining Access
• Maintaining Access
• Clearing Tracks

Read More

Computer Security

Computer Security or IT security is the protection of computer systems from theft of or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the service they provide.

• Hardware
• Software
• Firmware

Goals of Computer Security

1. Confidentiality
2. Data Integrity
3. Availability
4. Control
5. Audit

1. Confidentiality

Typically achieved by:

• Physical isolation
• Cryptography
• Background checks on People

2. Data Integrity

 Typically achieved by:

• Redundancy
• Backups
• Checksum & digital Signatures

3. Availability

Typically achieved by:

• Harding
• Redundancy
• Reference Checks on People

4. Control

Typically achieved by:

• Access Control lists
• Physical Security

5. Audit

Typically achieved by:

• Log Files
• Human auditors & expert systems

What to Secure? - Types of Computer Security

• Physical Security → Controlling who gets access to a computer
• OS Security → Permission controlling schemes, making sure users are authorized to perform certain actions.
• Access Control → managing who can Access what resources, from physical machines to programs to networks. 

Potential Losses due to security Attacks

Basic Computer Security Checklist

• Check if the user is password protected
• Check if the OS is updated
• Download software from reputable sources
• Check if the antivirus or antimalware is installed
• Terminate unusual service running that consumes resources
• Check if the firewall is on or not
• Check for your backups regularly
• Clear your private data from web browsers

Securing your Operating System (OS)

1. Keep your windows OS up to date
2. Update your software
3. Create a Restore point
4. Install antivirus product
5. Install a proactive security solution for multi-layered protection
6. Backup your system
7. Use a standard user account
8. Keep your user account control enabled
9. Secure your web browser before going online
10. Use an encryption software tool for your hardware

 Antivirus

→ Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

• Scanning
• Integrity
• Interception

Securing your Networks : Firewalls

A firewall i a network security system tat monitors and controls incoming and outgoing network traffic based on predetermine security rules.

• Cisco ASA Seies
• Checkpoint
• Fortinet
• Juniper
• SonicWALL
• pfSense

Securing Your  Network : IDS

An intrusion detection system (IDS) is a device or software application that monitors a network o systems for malicious activity or policy violations.

Securing Your Network : VPN

A virtual private network extends a secure and encrypted connection to share data remotely through public networks.

Read More

Network Security

Network Security is any activity designed to protect the usability and integrity of your network and data. It includes both hardware and software technologies. Effective network security manages access to the network. It targets a variety of threats and stops them from entering or spreading on your network.

Vulnerabilities in TCP/IP

1. Transfer are done in plain text
2. Weak authentication between client and web-server
3. No solution to syn-packet flooding
4. IP layer susceptible to many vulnerabilities.

The CIA Triad

• Confidentiality part of network security makes sure that the data is available only to the intended and authorized persons.
• Make sure that the data is reliable and is not changed by unauthorized persons.
• Availability is to make sure that the data, network resources/services are continuously available to the legitimate users, whenever they require.

Achieving Network Security

ENCIPHERMENT :- 
                   This mechanism provides data confidentiality services by transforming data into not-readable forms for the unauthorized persons. This mechanism uses encryption-decryption algorithm with secret keys.

DIGITAL SIGNATURE :-
                   This mechanism is the electronic is the ordinary signatures in electronic data. It provides authenticity of the data.

ACCESS CONTROL
                  This mechanism is used to provide access control services. These mechanism may use the identification and authentication of an entity to determine and enforce the access rights of the entity.

Client-Server Architecture

Email Security

• Confidentiality :- E-mail should be read by intended recipient only.
• Authentication :- E-mail recipient should be sure of the identity of sender.
• Integrity :- E-mail recipient should be sure of the identity of sender.
• Proof of Delivery :- Sender gets a confirmation that the recipient received the message.
• Non Repudiation :- Sender gets a confirmation that the recipient received the message.
• Proof of Submission :- Confirmation that message has been submitted to the mailing server.

PGP

Read More

Top 10 Reasons to Learn Cyber Security

1. Evergreen Industry

Artificial Intelligence
Chalbot
Machine Learning
Cloud computing
Cryptocurrency
Robot Assistants
Block Chain
Deep Learning
Internet of Things (IoT)
Big Data

2. The World is Your Oyster

High transferable skills mean you can move anywhere in the world.

Top countries you could travel to:

• United States of America
• United Kingdom
• Japan
• Russia

3. Working for the Greater Good

As a rule, cyber-security professionals are not likely to be famous. On the contrary, they quietly provide committed, faithful and honourable service to their organizations, countries and society as a whole.

4. Work with Top Secret Agencies 

• National Security Agency
• Mossad
• Central Intelligence Agency
• Military Intelligence Section 6 

5. Non Concern for Maths

6. Unlimited Growth Potential

A good cyber-security professional works to understand as much about how about technologies and organizations work as possible. That's massive opportunity to stay engaged and challenged challenged. The possibilities for personal and career growth are endless.

7. Everyone Wants you

8. Variety of Industries

 Every industry is going through some sort of digitalisation. And where ever digitalisation occurs, cyber attacks are bound to happens, hence cyber-security professionals find jobs everywhere.

9. Dynamic and Challenging

All of the opportunities for growth stem from the variety of technologies and situations security professionals face. If it uses ones and zeros, it has a cyber security component, and some roles even extend to physical security!

• Never Gets Boring
• New and Interesting Problems
• Creativity is encouraged

10. Money Makes the World Go Round

Faced with online attacks, business and government are looking for experts who can protect their systems from cyber criminals - and they are willing to pay high salaries and provides training and development.

• Fastest Growing Salaries
• For Seniors, it surpasses the median
• Earning based only on merit

 

Read More

Cyber Law

"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb".
                      
                  National Research Council, U S A " Computers at Risk". 1991

Need of Cyber Law

• Internet has dramatically changed our life.
• Transition from paper to paperless world.
• Laws of real world cannot be interpreted in the light of emerging cyberspace.
• Internet requires an enabling and supportive legal infrastructure to tune with the times.

Cyber Law ?

• Cyber Law is the law governing cyber space.
• Cyber space includes computers. networks, software's, data storage devices (such as hard disks, USB disks etc), the Internet, websites, emails and even electronic devices such as cell phones, ATM.

Cyber Crime

• Any crime with the help of computer and telecommunication technology.
• Any crime where either the computer is used as an object or subject.

Categories of Cyber Crime

• Cybercrimes against persons
• Cybercrimes against property.
• Cybercrimes against government. 

Statistics of Cyber Crimes

IT ACT - 2000

• The Information Technology Act, 2000 (IT Act), came into force on 17 October 2000.
• The primary purpose of the Act is to provide legal recognition to electronic commerce and to facilitate filing of electronic records with the Government.
• Information Technology Act 2000 consisted of 94 sections segregated into 13 chapters.

IT ACT-2000 : Objectives

• To provide legal recognition for transactions
• To facilitate electronic filing of documents with the Government agencies.
• To amend the Indian Penal Code, The Indian Evidence Act, 1872, The Banker's Book Act, 1891 and the Reserve Bank of India Act, 1934.
• Aims to provide the legal framework to all electronic records.

IT ACT Amendment - 2008

• The Information Technology Amendment Act, 2008 (IT Act 2008) has been passed by the parliament on 23rd December 2008.
• It received the assent of President of India on 5th February, 2009.
• The IT Act 2008 has been notified on October 27, 2009.
• ITA-2008, is a new version of IT Act 2000.
• Provides additional focus on Information Security.
• Added several new sections on offences including Cyber Terrorism and Data Protection.
• 124 sections and 14 chapters.
• Schedule I and II have been replaced ^ Schedules III and I are deleted.

Importance of Cyber Law

• We are living in highly digitalized world.
• All companies depend upon their computer networks and keep their Valuable data in electronic form.
• Government forms including income tax returns company law forms etc are now filled in electronic form.
• Consumers are increasingly using credit cards for shopping.
• Most people are using email, cell phones and SMS messages for communication.
• Even in "non-cyber crime" cases, important evidence is found in computers / cell phones e.g. in cases of divorce, murder, kidnapping, organized crime, terrorist operations, counterfeit currency etc.
• Since it touches all the aspects of transactions and activities on and concerning the Internet, the World Wide Web( WWW) and Cyberspace therefore Cyber Law is extremely important.

Read More