DEV Community: AryanKoundal

"Cybersecurity Education In a Developing Nation"

AryanKoundal — Thu, 06 Apr 2023 10:23:22 +0000

ABSTRACT

The ability to prevent successful cyber attacks against a nation’s critical infrastructure depends on the availability of a skilled cyber-literate workforce, and therefore, on an educational system that can build such capabilities.

INTRODUCTION

Many recent reports of cybersecurity attacks highlight the prevalence of a wide range of malicious activity and point to the growing sophistication of cyber threats. Frameworks designed to address the cybersecurity challenge at a national level focus on the need to build cybersecurity capabilities to achieve greater cyber readiness.
Accordingly, nations have designed strategies to develop essential human talent, including cybersecurity education, training, and certifications.
what are the challenges that universities face in order to provide cybersecurity education in a developing country?
How can this country enhance cybersecurity education to support national cybersecurity capabilities?
Over the last decade,the country has been experiencing a transformation of its educational system. The government has implemented a regulatory framework to assess, control, and improve the quality of higher education. Universities have been standardizing and updating their academic programs to comply with government requirements. However, these efforts are focused on improving general education, and are not specifically linked to education in cybersecurity methods
and strategies. While some educational institutions have
not even started initiatives in cybersecurity, others struggle, mainly because of a lack of instructors with the necessary skills.

LITERATURE REVIEW

(i) countries at the forefront in cybersecurity, such as the USA, Canada, the UK, and Australia incorporate cybersecurity education at every stage of academic instruction;
(ii) cybersecurity education has strong ties with military
and security agencies––predominantly in the USA.
(iii) there is a gap in both domains of education (formal and informal), and some countries have not even started their cyber educational development.

CURRENT CYBER SECURITY EDUCATION

ACADEMIC INSTRUCTION

Many computer science students are educated in a combination of software engineering and systems engineering. Teaching at most universities has focused on computing applications development and computing networks.
Often, security courses are offered during the final semesters of a student’s program. In some cases, a security course is an elective, which produces an unwanted effect because students avoid taking it during the last semester (when for example they are concerned with searching for a job).
In approximate order of frequency, the topics respondents
mentioned were:
Generalizations of information security
Security management
Security in operating systems
Network security (e.g., Wi-Fi)
Perimeter security (e.g., firewalls)
Attacks on applications (e.g., SQL injection)
Auditing
Legal informatics
Ethical hacking
Security in databases
Security awareness
Cryptography

PROFESSIONAL CERTIFICATIONS

no university in our sample supports training that leads
to cybersecurity certifications. Access to security equipment necessary to support such initiatives was reported to be expensive.

RESEARCH

Although there had been a few research initiatives, we saw very little evidence of academic cybersecurity research.

SELF ASSESSMENT

one academic department indicates security teaching is improving, another department at the same university thinks this is not the case, which indicates that some departments
(Computer Science, Computer Networks, and Electronics Engineering) at the same universities have different levels of expectation and preparation in security

ONGOING CHANGES

FACTORS DRIVING CYBERSECURITY EDUCATION

LACK OF SECURITY SPECIALISTS

There are few educators with formal education in cybersecurity. however, some specialists are
not necessarily teaching security because they are pursuing higher degrees or teaching something else. As a result of this shortage, security instruction and supply of
cybersecurity skills suffer. Cybersecurity courses cannot be incorporated into the curricula when desired, and the quality of security courses is compromised when taught by non-experts since security content is often constrained in scope and lacks integration of theory with practice.

LACK OF INTERACTION WITH THE INDUSTRY

As a result of this lack of communication, opportunities for
academia-industrial partnerships and understanding of cybersecurity demand have not developed. This barrier prevents collaboration concerning technical support and research funding. Also, universities have experienced difficulties learning what the industry needs in terms of cybersecurity skills.

INSUFFICIENT UNDERSTANDING OF CYBERSECURITY DEMAND

Comprehensive knowledge about labor market demand for cybersecurity is not available, and there are different perceptions in universities across the country. Respondents
(42%) felt that today demand for security in the business sector is very low, so they fear that creating security programs for specialists may saturate the labor market rapidly. We feel the need, but there is little demand. It is less than demand for software engineers. Most visible and potential sources of cybersecurity demand are in
the financial services and government.

Local demand for cybersecurity should be understood in two
ways. First, institutions in the market need graduates with security knowledge incorporated into CS and CN training, which will allow them to perform their primary jobs while applying security principles. For instance, in the financial sector software engineers familiar with secure coding and systems engineers knowing secure implementation of IT infrastructure are desired [21]. Second, security know-
ledge at the specialization level is wanted for positions such as security engineer. Most respondents believe specialization is more feasible at the MS graduate level as opposed to undergraduate level, but accurate knowledge about demand is necessary before this MS process can begin.
While some employers are discovering
that they need individuals with cybersecurity skills, especially because they have already had harmful security experiences, others do not know what they need in terms of cybersecurity workforce. As long as the market demand for security is not clear, it will be difficult to advocate for cybersecurity academic programs, even if resources become available. Hence, it is essential that employers and educators collaborate to identify the workforce competencies needed in the workplace.

LACK OF RESOURCES

Most universities do not have a well-equipped laboratory to teach cybersecurity practice. Interviewees argued that specialized equipment suitable to teach security is very expensive, but they also recognized availability of open source tools to solve particular needs.
Moreover, given economic limitations, ability to temporarily incorporate specialists to teach security content is even harder. Universities cannot match business sector salaries. On a few occasions, however, a few universities have obtained specialized support—especially for seminars or talks—because some specialists had motivations other than income.

LACK OF AWARENESS

universities reported having academic programs dating
from 10 years ago, when cybersecurity was not a prominent issue. Nevertheless, they emphasized that this fact has recently been changing.

OTHER FACTORS

Idiosyncrasy

A tendency to simply accept cyber risk was occasionally mentioned. This is consistent with Target’s (2010) findings regarding attitude toward risk in developing countries.

Internal university policies

Some university policies prevent improvements in cybersecurity teaching and collaboration

DISCUSSION OF FINDINGS

It has recently been suggested that no country is fully prepared to meet the cybersecurity challenge. While some developed nations with a higher level of national cybersecurity performance have already started stronger workforce and educational programs to foster such preparation, studies suggest that many less developed nations
have moved slowly to develop cyber capacity. The challenges
that cybersecurity education currently faces mainly involve structural capabilities (e.g., skills), community integration, uncertainty of demand, lack of awareness, economic resources, and governance. In undergraduate programs, most security content is integrated
across several courses in CS and CN, but such integration is informal since, very often, academic instruction depends on instructors’ decisions, knowledge and security skills. Lack of coordination among faculty can foster redundancies and/or gaps in security content. Although some security courses do exist, in many cases they were reported to be incomplete in scope or depth, especially because of lack of expertise or resources such as labs.

The results of the interviews suggest that there is a shared perception that university priorities, lack of specialists, lack of institutional flexibility, and lack of understanding of demand prevent academics from advancing cybersecurity education. In addition, introducing security content in curricula competes for resources and time allocation with other academic content inherent to CS or CN programs, which also discourages augmenting cybersecurity knowledge.
although universities with the most advanced preparation have developed particular strategies to address aspects of cybersecurity (e.g., MS programs, research initiatives, and specialized security courses), substantial efforts to strengthen cybersecurity education need to be pursued nationwide. These efforts need to take into account multiple areas in which cybersecurity education evolves.

Strategies for advancing cybersecurity education

The successful improvement of cybersecurity education cannot be achieved as an isolated effort pursued only by universities. Rather a community-based effort will be required. Examination of relevant literature shows that national initiatives to advance cybersecurity education (and workforce capabilities) involve six dimensions: capacity governance, academic programs, training, certification, research and development (R&D), and cybersecurity awareness.

Relevant content must be strengthened in both approaches for formal education in undergrad programs: (i) cybersecurity content integrated across core courses of CS and CN; and (ii) security topics addressed in cybersecurity courses.

How to Install Obsidian On Linux | Set it's $PATH variable

AryanKoundal — Tue, 07 Mar 2023 10:09:42 +0000

In this blog we will learn about

How to download Obsidian App Image.
How to install and set up the $PATH for obsidian.

Let's get started.

Downloading

First of all, install the AppImage from the link. This file will probably be downloaded in your Home/Downloads folder.

Installing

Now open a terminal in your Home/Downloads folder.
You have to make this AppImage an executable file by using

sudo chmod +x Obsidian-1.1.9.AppImage

After that you have to rename the Obsidian-1.1.9.AppImage to obsidian using

mv Obsidian-1.1.9.AppImage obsidian

Then you'll have to create a new folder for obsidian at usr/bin and then copy the obsidian file to that folder.

sudo mkdir /usr/bin/obsidian
sudo cp obsidian /usr/bin/obsidian/obsidian

Now to add the PATH. You have to set the variable name in ~/.profile. This can be done by using

gedit ~/.profile (any text precessor)
export PATH=$PATH:/usr/bin/obsidian

in the terminal to open the file. Then adding line export PATH=$PATH:/usr/bin/obsidian at the end of your ~/.profile file.

Save and then close the file. You also have to restart the device to use these changes.
Now you can run obsidian from Application Launcher by Alt + F2 then typing obsidian. And from terminal by Ctrl + Alt + T then typing obsidian.

Computer Graphics | Program to Draw Graphics Objects using built-in C++ functions

AryanKoundal — Thu, 23 Feb 2023 14:40:44 +0000

By the end of this blog you will be able to draw Pixels, Lines, Circles, Rectangles and Ellipses. To get started with Computer Graphics using C++, you have to import the graphics library.

// Graphics Library for C++
#include <graphics.h>

After this. you can start the methods/functions available in this graphics library.
Inside main() function before using the functions for all those objects you have to initialize the Graphics mode on your computer. This is necessary step, so that you can change your computer display mode to generate image.

        // gm is Graphics mode, a computer display mode to
    // generate image
    // DETECT is a macro defined in "graphics.h" header file
    int gd = DETECT, gm;

    // initgraph initializes the graphics system by loading a
    // graphics driver from disk, path can be empty
    initgraph(&gd, &gm, "");

This completes your setup for using any of the methods listed in graphics library. Let’s draw a pixel first.

        // putpixel(x,y,color): plots a pixel at location (x, y)
    // of specified color
    putpixel(50, 100, YELLOW);

This will create a new window on your screen on which a pixel a drawn. In addition to it, you can also print a string on the screen using,

// outtextxy(x,y,"string"):  displays the text or
    // string at a specified point (x, y) on the screen
    outtextxy(35, 55, "PIXEL");

For drawing a line along a string “LINE” above it, you’ll need,

        // line(x1, y1, x2, y2):  draws a line from a point(x1,y1) to point(x2,y2)
    line(120, 90, 170, 170);
    outtextxy(130, 55, "LINE");

For drawing a circle along a string “CIRCLE” above it, you’ll need,

        // circle(x,y,r): Draws a circle having center at x,y and having radius as r
    circle(240, 120, 40);
    outtextxy(215, 55, "CIRCLE");

For drawing a rectangle along a string “RECTANGLE” above it, you’ll need,

        // rectangle(left, top, right, bottom): Draws a rectangle
    // having coordinates of left top and right bottom corner
    rectangle(300, 90, 400, 140);
    outtextxy(310, 55, "RECTANGLE");

For drawing a ellipse along a string “ELLIPSE” above it, you’ll need,

        // ellipse(xCenter, yCenter, startAngle, endAngle, xRadius, yRadius):
    // Draws an ellipse for a given center, starting and ending angle
    // and horizontal and vertical radius.
    ellipse(500, 120, 0, 360, 70, 35);
    outtextxy(470, 55, "ELLIPSE");

After these function calls, you will need two additional function calls. First one is getch() and another one is closegraph()

        // getch() is a nonstandard function and is present in
    // conio.h header file
    // it pauses the Output Console until a key is pressed
    getch();

    // closegraph function closes the graphics
    // mode and deallocates all memory allocated
    // by graphics system .
    closegraph();

That’s all you need to draw these objects. The complete code is below,

#include <iostream>
// Graphics Library for C++
#include <graphics.h>
#include <conio.h>
#include <dos.h>
using namespace std;
int main()
{   
    int gd = DETECT, gm;
    initgraph(&gd, &gm, "");

    putpixel(50, 100, YELLOW);
    outtextxy(35, 55, "PIXEL");

    line(120, 90, 170, 170);
    outtextxy(130, 55, "LINE");

    circle(240, 120, 40);
    outtextxy(215, 55, "CIRCLE");

    rectangle(300, 90, 400, 140);
    outtextxy(310, 55, "RECTANGLE");

    ellipse(500, 120, 0, 360, 70, 35);
    outtextxy(470, 55, "ELLIPSE");
    getch();
    closegraph();

    return 0;
}

The output produced will be:

Presentation on Cyber Security

AryanKoundal — Thu, 02 Feb 2023 16:28:08 +0000

IT Fundamentals of Cyber Security

Introduction

The Internet in India is growing rapidly. There are two sides to a coin. Internet also has it’s own disadvantages is cyber crime-illegal activity committed on the Internet.
Crime committed using a computer and the internet to steal a person’s identity or illegal imports or malicious programs. Cyber crime is an activity done using computers and the internet.
Cyber security refers to the technologies and processes designed to protect computers,networks and data from unauthorized access and attacks delivered via the internet by
cyber criminals. Though, cyber security is important for the network, data and application security.
The objective of cyber security is to establish rules and measure to use against attacks over the internet.

WHAT IS CYBER SECURITY?

Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks.
In a computing context, security comprises cybersecurity and physical security -- both are used by enterprises to protect against unauthorized access to data centers and other computerized systems.
Information security, which is designed to maintain the
confidentiality, integrity and availability of data, is a subset of cybersecurity.

THE CIA TRIAD OF INFORMATION SECURITY

Confidentiality:

Ensures that data or an information system is accessed by only an authorized person.

Integrity:

Integrity assures that the data or information system can be trusted. Ensures that it is edited by only authorized persons and remains in its original state when at rest.

Availability:

Data and information systems are available when required.

Categories of Cyber crime

We can categorize cyber crime in two ways:-

The computer as a target:

Using a computer to attacks other computer e.g. Hacking, Virus/Worms attacks, DoS attack etc.

The computer as a weapon:

Using a computer to commit real world crime e.g. credit card fraud etc.

Types of Cyber crime

Hacking
Phishing
Types of Cyber Crime
Denial of Service
Spam Email
Spyware, Adware
Malware (Trojan, Virus, Worms etc.)
ATM Skimming and Point of Scale Crimes
Ransomware

Types of Cyber Attack by Percentage

(Source-FBI)
Financial fraud 11%
Sabotage of data/networks 17%
Theft of proprietary information 20%System penetration from the outside 25%
Denial of Service 27%
Unauthorized access by insiders 71%
Employee abuse of internet privileges 79%
Viruses 85%

Types of Security tools

Understanding CVE, CWE, CVSS, OWASP Top 10, SANS Top 25.
Wireshark demonstration.
Nmap demonstration.
Nessus - Vulnerability Assessment scanning tool.

Advantage of Cybersecurity

It will defend us from hacks and virus. It helps us to browse the safe website.
Internet Security process all the incoming and outgoing data on our computer.
The cyber security will defend us from critical attacks.
The application of cyber security used in our PC needs update every week.
The security developers will update their database every week once. Hence the new virus also detected.

Safety tips to Cyber crime

Use Antivirus Software.
Insert Firewalls.
Uninstall unnecessary software.
Maintain backup.
Check security settings.
Never give your full name or address to strangers.
Learn more about the internet privacy.

Reference

https://www.embroker.com/blog/cyber-attack-statistics/

Summary of THE CASE FOR DEPTH IN CYBERSECURITY EDUCATION

AryanKoundal — Thu, 02 Feb 2023 14:08:03 +0000

the People’s Liberation Army (PLA) of China has developed a
cadre of 30,000 cyberspies, who are supplemented by more than
150,000 “private sector” cyberexperts “whose mission is to steal American military and technological secrets and cause mischief in government and financial services”.

There are numerous examples in addition to literature support for the notion that cybersecurity education needs to refocus on depth as opposed to breadth. However, adding some elements of depth to the current model
of teaching cybersecurity is inadequate. We need to begin developing and measuring cybersecurity skills well before college to develop cybersecurity experts.

HOW DEPTH IS ACHIEVED TODAY

The Case for Depth in Cybersecurity Education

examples of a few people who started cybersecurity very early in life.

EXPANDING DEPTH TO MEET CURRENT NEEDS

tells how much hour of work needs to be done in order to get to the 1000 hrs time goal

tells about various competitions held for high schoolers to get started with hacking.

CyberFoundations
CyberPatriot
National Collegiate Cyber Defense Competition
National Cyber League
DC3 Forensics Challenge

ANALOGY

compares the cyber security with sports and says how every day practise results in good professionals.

INTEGRATING EXTRACURRICULAR AND CURRICULAR DEPTH IN CYBERSECURITY

Turning cybersecurity into a team competition sport has advantages of learning through real-world simulations with the ability to track performance.

THE NIST CYBERSECURITY WORKFORCE FRAMEWORK

DEPTH AND BREADTH IN CURRICULAR AND EXTRACURRICULAR DEVELOPMENT

Schwartz et al. studied more than 8,000 students at 45
universities and found compelling evidence demonstrating that
students whose high school science courses focused on depth as opposed to breadth outperformed the students whose preparation was breadth-oriented.
The selected articles
ranged in dates from 1961 to 2012 and two underlying messages
were consistent throughout, namely the fact that teachers and
some students prefer breadth but external measures indicate that depth has greater value.

DEPTH AND ITS IMPLICATIONS FOR SELF-EFFICACY

self-efficacy, a person’s belief in his or her ability to execute a task at a required level of performance, is an important factor affecting one’s ability to attain a goal. High self-efficacy also encourages increased attention and effort on a task, increased persistence when facing obstacles or adverse experiences and heightened performance accomplishment.

CONCLUSION

3.1 Finalized Orgs | GSoD 2023 Series

AryanKoundal — Tue, 27 Dec 2022 11:55:42 +0000

27/12/22

Sr	Orgs	setup	find issue
1	The R project	[]	[]	[]
2	Sym.py	[]	[]	[]
3	p5.js	[]	[]	[]

2. IMPORTANT DEADLINES | GSoD 2023 series

AryanKoundal — Wed, 14 Dec 2022 15:15:07 +0000

Eventwise

Program announcement : February 3, 2022
Organizations announced : April 14 ( Finalize organization )
Doc development begins : April 14, 2022( Consider as a deadline for hiring )
Doc development : April 14, 2022 - November 15, 2022
TW hiring deadline : May 16, 2022 at 18:00 UTC

Monthly

DECEMBER :

Choose 3 orgs came in 2022&2021
Check their proposal page

JANUARY :

Contribute
Create a proposal before organizations announced

FEBRUARY :

MARCH :

APRIL :

Absolute Deadline for proposal submission

1. Basic planning | GSoD 2023 Series

AryanKoundal — Wed, 14 Dec 2022 15:13:57 +0000

Check Deadlines/Timeline. ☑
Go through the whole website. ☑ Technical writer guide
Compare organizations. ☑
Choose any 3. ☑
Find technical writing course.(Not doing on basis of talking to others, instead working on things listed in Things todo to improve portfolio | GSoD 2023 Series
Contact the organizations. a. The R project b. sympy c. p5js
Setup project a. The R project b. sympy c. p5js
Start contributing. a. The R project b. sympy c. p5js