TITLE: CYBER SECURITY, THREATS AND CYBER CRIMES IN

TECHNOLOGY

STUDENT NAME: DHAHABU GALGALO DUBA

REG NUMBER: DIT/356/22

UNIT CODE: DCU 1008

UNIT TITLE: RESEARCH METHODOLOGY

COURSE NAME: INFORMATION COMMUNICATION TECHNOLOGY

LECTURER: SYLVIA NYAWIRA

 ABSTRACT

This research study is based on proper understanding of the term cyber security, how it came
into existence and its importance in our day to day. The research will give guide lines on how
to follow, use and apply different security measures planned down. The research will outline
different crimes, threats and vulnerabilities that criminals use to cause harm.

The research will help firms plot policies and guidelines that will govern their organization
against external attacks and cyber crimes with their threats. The research will give the bit
history of when these security measures started to be stressed for use and action.
 CHAPTER ONE

1.0 INTRODUCTION

In this research, I will try and explain the meaning of different terms of study in the topic
cyber security, threats and cyber bullying. Threats and cyber bullying/ wrong use of the
internet cause computer and other systems to be prone to different attacks thus the
introduction and use of cyber security measures.

1.1 Background of study

In this study, Cyber security is the practice of defending computers, servers, mobile
devices, electronic systems, networks and data from malicious attacks and other threats.
Cyber security is a developed topic of global significance and value as most countries have
already published and laid down some form of strategy paper or policies outlining their
official stance on cyberspace, cybercrime and cyber security. Cyber security targets the
safety measures which are the availability, Integrity, which includes authenticity and
authorizations, Confidentiality.

As computers got connected to the internet and began exchanging messages, cybercrime
has overtime changed. Even if the amount of risk is usually higher now than it was back
then, computer users have been understandably concerned about these threats for a long
time. Cyber risks can change as technology develops. Cyber criminals are always
developing new ways to access systems and steal data.

1.2 Statement of study

In this study, we will explain cyber security history as it all started and where it is currently.
In 1940s that is the Time before Cybercrime, Cyber attacks were challenging to execute
for about 20 years after the first digital computer was built in 1943. Small groups of
people had access to the enormous electronic machines, which weren't networked and
only a few people knew how to operate them, making the threat essentially nonexistent.

The 1950s which is The Phone Phreaks gave those with a particular interest in how
phones function, power to tamper with the protocols that permitted telecom experts to
operate on the network remotely to place free calls and avoid paying long-distance
charges.

The 1960s, all quiet on the Western Front, Even by the middle of the 1960s, most
computers were massive mainframes kept in temperature-controlled, safe environments.
Access remained restricted, even for programmers, due to the high expense of these bulky
devices.

The 1970s, the era of Advanced Research Projects Agency Network (ARPANET)

The 1980s, The Birth of Commercial Antivirus, this was due to numerous high attacks
frequently though out the 1980s.For example, In the 1983 movie War Games, a malicious
computer software commands nuclear missile systems while pretending to be a game. In
this year computer virus and worms like Trojan horse and a computer virus were
discovered. As the world finally goes online in the 1990s, the attacks and crimes
intensified massively hence massive plots for extensive cyber security in the 2000s.

1.3 Objectives

i. To determine the various cyber security safety measures to cyber attacks and bullying.
ii. To find out vulnerabilities a computer, system and internet users are prone to.
iii. To determine the different cyber crimes users and criminals involve in.
 CHAPTER TWO

2.0 LITERATURE REVIEW

2.1 INTRODUCTION TO CYBER SECURITY REVIEW
Knowing and being ready is the first line of protection against cyber threats and cybercrimes,
e.g. by information security training. two forms can be taken for training, the first, aimed at
security professionals and aims to improve understanding of the latest threats and to increase
skill levels in defending and mitigating against them. This research is aimed to find the idea of
a cyber range, and to include a comprehensive analysis of literature covering unclassified cyber
ranges and safety test beds. In this study, we establish a taxonomy for cyber range systems and
analyze existing literature that focuses on architecture and scenarios, but also capacities,
functions, resources etc.

In this study, the IoT-based smart grid's risks and future approaches are analyzed and focus on
forms of cyber threats and include an in-depth of the smart grid's cyber-security environment.
In particular, we concentrate on addressing and analyzing vulnerabilities in the network,
challenging countermeasures, and requiring protection. We strive to provide a deep
understanding of cyber-security vulnerabilities and solutions, and provide a roadmap to future
cyber-security research directions in smart grid applications.

A cyber security control process model is built in this study to solve the problem, based on the
principle of adaptive focusing testing. Additionally, a quantitative approach is built to define
and prioritize fault-prone information security controls. It has been verified that the model built
may provide an additional and more reliable framework for expert subjective judgment. This
research focuses on the importance of different cyber defense standards, and cyber security
framework architecture. This study discusses the requirements required for the Federal
Government's evaluation of cybersecurity policies for the United States Department of Health
and Human Services. The overarching aim of cybersecurity policies and procedures is enabled
by compliance with established Federal regulations and standards to protect the operational
resources and goals of the United States Department of Health and Human Resources and to
encourage best practices of security in the defense of information systems against unauthorized
actors and cyber threats. This automation reduces human errors in order processing, and
increases order delivery performance. However, attacks from cyberspace, particularly from the
Internet, can disrupt that. In this paper, we propose a novel attacker-defender model against an
adversary of the quantum response (QR) to protect critical assets by considering the defending
budget and the reliance on properties. The protection level of each asset in the solution
indicates its desirability to be secured.

Machine learning techniques are commonly used in the creation of an intrusion detection
system (IDS) for the timely and automated detection and classification of cyberattacks at
network and host rates. However, when malicious attacks are continuously evolving and occur
in very large quantities requiring a scalable solution, several problems come up. There are
numerous databases of malware publicly accessible for further study by the information
security community. The ultimate goal of this study is to automatically and efficiently learn
useful feature representations from large quantities of unlabeled raw network traffic data by
using deep learning approaches. Development of the detection engine with multiple advanced
deep learning models and performing a quantitative and comparative evaluation of these
models, we research the feasibility of off-line deep learning based NIDSes. First, we present
the general technique of deep learning and its theoretical consequences for the issue of network
intrusion detection. We then analyze several machine learning solutions for two tasks of
network intrusion detection

2.2 UTILITY THEORY TO EXPLAIN CYBERCRIME

Victims of cybercrime will not report cybercrime if the expected utility from this reporting is
low. (Maras, 2016, p. 25). However, anyone or any individual willing to report cybercrime
depends on the type of the cybercrime.

There are several reasons as to why cybercrime is underreported, they include;

1. Shame and embarrassment associated with being a victim of certain cybercrime

2. Reputational risks associated with publicizing cybercrime
3. Being unaware that victimization occurred.
4. Low confidence or an expectation that law enforcement can assist them
5. Too much time and effort to report cybercrime.
6. Lack of awareness on where to report cybercrime.
Therefore, the underreporting cybercrimes, government and nongovernmental organizations
have implemented initiatives designed to increase reporting by streamlining the cybercrime
reporting by streamlining the cybercrime reporting process which can normally involve
numerous agencies depending on the type of cybercrime committed and drawing attention to
cybercrime reporting mechanisms e.g. websites and hotlines.

The impact of these initiatives on cybercrime reporting needs to be assessed. In Australia, the
Australian cybercrime online reporting network (ACORN) was created to simplify cybercrime
reporting. In 2016 the Australian institute of criminology published a report evaluating
ACORN, which revealed that this initiative had little effects on cybercrime reporting and
public awareness on where to report cybercrime.

The assessment of this initiative is important as it enable government to invest in project that
produce desired results and assist in the modification and supplementation of programs and
initiatives that are not producing expected output (for information on evaluation mechanism).

First responders; They are responsible for securing digital evidence at the scene or location of
a cybercrime for the example this could be the location or target of cybercrime and/or the
information and communication technology used to commit cyber-dependent and/or cyber
enabled crime.

A first responder can be a low enforcement agent, digital forensics expert, military police
officer, private investigator, an ICT specialist or any other person for example an employee in
the workforce who is tasked with responding to incidence of cybercrime.

The above point illustrate that the public, private sectors and national security agencies conduct
cybercrime investigation to varying degrees. Irrespective of who the first responder is, search
practices for ICT must be in accordance with national laws and the methods used to obtain
digital evidence from ICT must be valid and reliable to ensure its admissibility in court law.

Criminal Justice Agencies

Criminal justice agents, such as law enforcement officers, prosecutors, and judges, are
responsible for the prevention, mitigation, detection, investigation, prosecution, and
adjudication of cybercrime. The specific agencies responsible for cybercrime cases vary by
country.

What is more, in certain countries, multiple agencies can be involved in the investigation of
same cybercrime. The agencies involved depend on the type of cybercrime being investigated.
The abilities of law enforcement to investigate cybercrime depends on the country and varies
between agencies within the country. For example, in the Kyrgyz Republic, law enforcement
agencies have limited abilities to investigate cybercrime due to a lack of specialized KSAs,
training, and human and financial resource.

Other criminal justice agents, such as prosecutors and judges, also require specialized
knowledge of cybercrime and digital forensics. Like law enforcement agencies, the sufficiency
of training of prosecutors and judges varies between and even within countries the necessary
KSAs and resources to prosecute and adjudicate cyber law, matters, and digital evidence
admittance in court.

Beyond national criminal justice agencies, regional agencies, such as the European Union
Agency for Law Enforcement Cooper and international agencies, such as INTERPOL, assist
and/or facilitate cross-border cybercrime investigation.

National Security Agencies

National security agencies may be involved in cybercrime investigations. However, national

security agencies' involvement in cybercrime investigations depends on the cybercrime under
investigation, the target of the cybercrime, and/or the perpetrators of the cybercrime. In
addition to investigating these cybercrimes, the military and other national security agencies
could be responsible for identifying, mitigating, preventing, and responding to cybercrimes
targeting the systems, networks, and data of these agencies, and systems containing classified
information.

Private Sector

The private sector plays an essential role in the detection, prevention, mitigation, and
investigation of cybercrime because it predominantly owns and manages the critical
infrastructure in countries and is one of the primary targets of many cyber-dependent i.e. those
cybercrimes that seek to compromise the confidentiality, integrity, and availability of systems,
networks, services, and data, such as hacking, malware distribution, and distributed denial of
service or DDoS attacks) and cyber-enabled crimes .

Public-Private Partnerships and Task Forces

The private sector has the human, financial, and technical resources to conduct cybercrime
investigations, and can assist national security agencies, law enforcement authorities, and other
government agencies on cybercrime matters. In light of this, internationally, numerous public
private partnerships have been developed to enhance countries' capabilities to investigate
cybercrime.

3.0 CONCLUSION
This research, argues that cyber security is not only the defense of cyberspace itself, but also
the safety of those operating in cyberspace, and all of their properties that can be accessed via
cyberspace. Cyber security and information protection are significantly similar, these two terms
are not exactly comparable. In addition, cyber security reaches beyond conventional
information security boundaries to include not only the protection of information resources, but
also that of other properties, including the individual himself. In information protection,
reference to the human factor is generally linked to human's role(s) in the process of protection.
In cyber security this aspect has a further element, namely, humans as possible targets of cyber-
attacks or even engaging unknowingly in a cyber assault.

4.0 REFERENCES
https://www.unodc.org/e4j/en/cybercrime/module-5/key-issues/who-conducts-cybercrime-
investigations.html#/top

http://www.google.com

https://www.knowledgehut.com/blog/security/history-of-cyber-security