BCOM CA FIT 5

5.1 Cloud Computing: 

Concepts, characteristics, advantages

Definition:
Cloud computing is a model for delivering computing services (like servers, storage, databases, software, etc.) over the Internet (“the cloud”), enabling users to access resources on-demand without owning or maintaining physical infrastructure

• Examples of Services:

• Storage (Google Drive, Dropbox)

• Applications (Google Docs, Microsoft 365)

• Hosting (AWS, Azure, GCP)

Core Characteristics

Characteristic	Description
On-Demand Self-Service	Users can provision resources as needed automatically—no human intervention needed[1][2].
Broad Network Access	Services are accessible over the Internet, from any device (laptop, phone, tablet)[1][2].
Resource Pooling	Physical or virtual resources are pooled and shared among users with privacy/security[1][2][3].
Rapid Elasticity (Scalability)	Resources can be scaled up/down instantly as required by workload[1][4][5].
Measured Service (Pay-as-you-go)	Usage is tracked, and users only pay for what they use[1][4][6].

Key Advantages

• Cost Savings: No need for large upfront investment in hardware/software. Pay only for actual usage.[7][6][8]

• Scalability: Instantly add or remove resources based on demand, ideal for fluctuating workloads.[5][1][7]

• High Availability & Reliability: Built-in backup, failover, and disaster recovery keep data and apps available even during network/system outages.[6][3][7]

• Accessibility & Collaboration: Enables remote work and global collaboration—access files, apps, and tools from anywhere.[3][7]

• Productivity: Automates infrastructure management and maintains hardware/software, reducing IT workload.[7][6]

• Security: Leading providers offer advanced protection (encryption, identity management, monitoring) often superior to in-house solutions.[4][6][7]

• Agility & Innovation: Fast deployment of new applications and features encourages experimentation and rapid development.[8][4][5]

Summary Table

Feature	Student Benefit
On-demand Access	Use powerful tools/software anytime
Cost Effective	No need for expensive hardware
Scalable	Grow/shrink resources easily
Collaborative	Work from anywhere, share easily
Secure	Data safety and privacy

------

5.2 Service Models: SaaS, PaaS, IaaS

1. SaaS – Software as a Service

• Definition:
  Provides ready-to-use software applications over the internet. Users access them via web browser/app; no installation or maintenance needed.[1][2][3]

• Provider Manages: Everything (servers, applications, updates).

• User Manages: Just usage/data.

• Examples: Gmail, Google Workspace, Microsoft 365, Salesforce, Zoom.

• Advantages: Easy access, automatic updates, scalable by user count.[2][1]

• Ideal For: End-users needing tools for communication, productivity, collaboration.

2. PaaS – Platform as a Service

• Definition:
  Provides a cloud platform for developing, testing, and deploying applications. Developers do not worry about the underlying infrastructure.[4][3][2]

• Provider Manages: Servers, storage, networking, OS, runtime, dev tools.

• User Manages: Code, applications, and sometimes databases.

• Examples: Google App Engine, AWS Elastic Beanstalk, Microsoft Azure App Service.

• Advantages: Simplifies development/deployment, no hardware/software management.

• Ideal For: Developers building custom software and web apps.

3. IaaS – Infrastructure as a Service

• Definition:
  Provides basic computing resources like virtual machines, storage, and networks. Users have maximum control over OS and applications.[3][4][2]

• Provider Manages: Physical servers, storage, networking hardware.

• User Manages: OS, applications, middleware, data.

• Examples: Amazon Web Services EC2, Microsoft Azure Virtual Machines, Google Compute Engine.

• Advantages: High flexibility/control, scalable resources, cost-effective for enterprise IT.[4][2]

• Ideal For: IT administrators and organizations wanting to manage their infrastructure without upfront hardware cost.

Summary Table

Model	User Controls	Provider Controls	Example	Use Case
SaaS	Only usage/data	Software, platform, infrastructure	Gmail, Office365	Email, docs, CRM
PaaS	Code, apps, data	Platform, infrastructure	Google App Engine	App development
IaaS	OS, apps, data, middleware	Infrastructure	AWS EC2, Azure VM	Custom IT systems

In summary:
SaaS delivers software, PaaS delivers platforms for developers, and IaaS delivers core infrastructure resources. Choosing the right model depends on technical needs, user roles, and the required level of control.[1][2][3][4]

----

5.3 Deployment Models: Public, Private, Hybrid

1. Public Cloud

• Definition:
  Cloud services offered over the Internet and shared among multiple organizations (the general public).

• Provider: Third-party vendors (AWS, Azure, Google Cloud).

• Access: Anyone can sign up and use resources; pay-as-you-go.

• Advantages:

• Cost-effective (no hardware purchase)

• Scalable and elastic

• Easy setup and maintenance

• Limitations:

• Less control over security and compliance

• Shared (multi-tenant) infrastructure

2. Private Cloud

• Definition:
  Cloud infrastructure operated solely for a single organization, either on-premises or hosted by a third-party.

• Provider: Organization itself or a managed service provider.

• Access: Exclusive to one organization (single-tenant).

• Advantages:

• Greater security and privacy

• More control over infrastructure and data

• Customizable to meet specific requirements

• Limitations:

• Higher cost (setup, maintenance)

• Requires in-house IT expertise

3. Hybrid Cloud

• Definition:
  Combines public and private clouds, allowing data and applications to be shared between them.

• Provider: Mix of organization-owned and third-party-managed resources.

• Access: Some resources remain private, others are accessed via public clouds.

• Advantages:

• Flexibility to move workloads between clouds

• Cost-effective and secure

• Ideal for balancing scalability with data privacy

• Limitations:

• Complex management/integration

• Potential compatibility issues

Summary Table

Model	Example Providers	Access	Key Benefit	Common Use Cases
Public Cloud	AWS, Azure, Google Cloud	Open/public	Cost, scalability	Startup apps, web hosting
Private Cloud	VMware, IBM, in-house	Private/internal	Security, control	Banks, government, large firms
Hybrid Cloud	Mix of above	Mixed	Flexibility, balance	Enterprises with sensitive + public data

Summary:
Public clouds prioritize scalability and cost, private clouds prioritize security and control, and hybrid clouds offer a balance, making cloud options adaptable for varied organizational needs.

------

5.3 Cyber security Essentials:

Types of threats: Malware, Phishing, DoS attacks

Malware

Malware stands for “malicious software.” It refers to any software intentionally developed to harm, exploit, or compromise computers, networks, or users’ data. The main types of malware include:

·   Virus: Infects files and spreads between systems, often through file sharing or downloads.

    Example: File-infecting viruses.

·  Worm: Self-replicates and spreads without human action, usually through network vulnerabilities. Example: Internet worms.

·       Trojan Horse: Disguises itself as a legitimate program to trick users into installing it, then performs harmful actions. Example: Fake antivirus installers.

·        Ransomware: Encrypts files or locks systems, demanding payment to restore access. Example: CryptoLocker ransomware.

·        Spyware: Secretly gathers user information and sends it to attackers. Example: CoolWebSearch browser hijacker.

·        Adware: Displays unwanted ads and may slow down systems.

·        Rootkits: Gives attackers hidden control by modifying core system files; very hard to detect.

·        Keyloggers: Record every keystroke to steal sensitive data like passwords and banking info.

·        Bots/Botnets: Automate attacks by connecting many infected devices to perform coordinated activities, such as spam or DDoSattacks.

Malware Example (Minimal)

·        Trojans often pose as fake game installers, while ransomware like CryptoLocker will lock files and demand ransom.

Phishing:

Phishing is a social engineering threat where attackers trick users into revealing confidential information (such as passwords and bank details) by pretending to be trustworthy entities, typically through emails, fake websites, SMS, or messages.

·        Techniques include sending emails that appear genuine from banks or known services, asking users to click malicious links or download attachments.

·        Phishing can also occur through phone calls (voice phishing or “vishing”) and SMS (“smishing”)

Phishing Example (Minimal)

·       An email claims to be your bank asking you to log in via a fake link, capturing your login credentials.

DoS (Denial of Service) Attacks

A Denial of Service (DoS) attack disrupts the normal functioning of a network, service, or website by overwhelming it with excessive data, making it unavailable to legitimate users.

·        DoS is typically performed by flooding the target with requests, causing system resources to exhaust.

·        Distributed Denial of Service (DDoS) amplifies this attack by using many devices (“botnet”) to flood the target simultaneously.

DoS Attack Example (Minimal)

·        Attackers use thousands of computers to overwhelm a ticket booking website during peak times, so regular users cannot access the service.

-----

5.5 Protective Measures

1. Strong Passwords

Definition:

A password is a secret word or phrase used to gain access to a computer system, account, or data.

Importance:

Strong passwords prevent unauthorized access and protect personal and confidential information.

Tips for Creating Strong Passwords:

• Use at least 8–12 characters.
• Combine uppercase and lowercase letters, numbers, and special symbols (e.g.,@, #, $, %).
• Avoid common words or personal details like name, birth date, or “12345”.
• Use unique passwords for different accounts.
• Change passwords regularly

Example:
✅ Strong: G@ngA#2025$Pr@
❌ Weak: gangaprasad123

2. Multi-Factor Authentication (MFA)

Definition:

MFA is a security process that requires two or more verification steps to log in, making it harder for attackers to access.

Common Factors Used:

1. Something you know – Password or PIN
2. Something you have – Mobile phone or security token
3. Something you are – Fingerprint or facial recognition

Example:
When logging into your email, you enter your password (something you know) and then confirm a code sent to your phone (something you have).

Advantages:

• Adds an extra layer of protection
• Prevents unauthorized access even if passwords are stolen

3. Antivirus Software

Definition:

Antivirus is a program that detects, prevents, and removes malicious software (malware) like viruses, worms, trojans, and spyware.

Functions:

• Scans files and programs for known threats
• Blocks or quarantines infected files


• Offers real-time protection while browsing or downloading

Examples:

• Windows Defender
• Avast
• McAfee
• Quick Heal
• Kaspersky

Benefits:

• Keeps systems safe from malware
• Prevents data loss and system damage
• Improves overall system performance

4. Firewalls

Definition:

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on security rules.

Types of Firewalls:

• Hardware Firewall: Physical device between network and internet
• Software Firewall: Installed on a computer or server

Functions:

• Blocks unauthorized access from the internet
• Allows safe communication between trusted networks
• Prevents hacking and data theft

Example: Windows Firewall, Cisco Firewall

Benefits:

• Protects against hackers and malware
• Monitors suspicious network activity
• Helps maintain data privacy

🔒 Summary Table

Protective Measure	Purpose	Example
Strong Password	Prevents unauthorized access	G@ngA#2025$Pr@
MFA	Adds extra verification	OTP after login
Antivirus	Detects and removes malware	Quick Heal
Firewall	Blocks unauthorized network access	Windows Firewall

-----

🧠 Topic 5.5.1: Data Backup and Recovery

Definition:

• Data Backup means creating copies of important files or data so that it can be restored in case of data loss.
• Data Recovery is the process of restoring lost, deleted, or corrupted data from backup copies.

Need for Backup:

• Protects against data loss due to hardware failure, viruses, or accidental deletion.
• Ensures business continuity after disasters.
• Provides security against ransomware attacks.

Types of Backups:

1. Full Backup – All data is copied every time.
2. Incremental Backup – Only changes since the last backup are saved.
3. Differential Backup – Saves all changes since the last full backup.

Backup Storage Options:

• External Drives (Hard disks, USBs)
• Cloud Storage (Google Drive, OneDrive, Dropbox)
• Network Storage (NAS Servers)

Recovery Process:

1. Identify the cause of data loss.
2. Select the correct backup version.
3. Restore data using backup software or cloud service.

Example:

If a system crashes, you can restore files from Google Drive backup.

-----

🌐 Topic 5.1.2: Safe Browsing Practices

Definition:

Safe browsing means using the internet in a way that protects your personal information and avoids security risks.

Tips for Safe Browsing:

• Use HTTPS websites (they have secure connections).
• Do not click on suspicious links or pop-ups.
• Avoid downloading files from unknown or untrusted sources.
• Keep your browser and OS updated regularly.
• Use a reliable antivirus and firewall.
• Avoid sharing personal or financial information on unknown websites.
• Use strong passwords and MFA for online accounts.

Examples of Unsafe Practices:

❌ Clicking on fake lottery links
❌ Using public Wi-Fi for banking

Examples of Safe Practices:

✅ Using VPN for secure browsing
✅ Checking site URLs before entering passwords

-----

⚖️ Topic 5.1.3: Introduction to Cyber Laws & Data Privacy Regulations

1. Cyber Laws

Definition:
Cyber laws are rules and regulations that deal with crimes and disputes related to computers, the internet, and digital information.

Importance:

• Protects users from cybercrimes like hacking, fraud, and identity theft.
• Ensures proper and ethical use of digital platforms.
• Helps law enforcement track and punish cyber offenders.

Example in India:

• IT Act, 2000 (Information Technology Act):
• Recognizes digital signatures and electronic records.
• Defines cybercrimes like hacking, phishing, and cyberstalking.

-----

5.6. Data Privacy Regulations

a) GDPR (General Data Protection Regulation) – Europe

Key Points:

• Protects personal data of individuals in the European Union (EU).
• Gives users rights like:
• Access to their data
• Right to delete data
• Right to consent before data collection
• Organizations must ensure data security and transparency in how data is used.

b)India’s DPDPA (Digital Personal Data Protection Act, 2023)

Key Points:

• Protects personal data of Indian citizens.
• Requires consent before collecting or using personal information.
• Allows individuals to withdraw consent and correct their data.
• Establishes a Data Protection Board to handle violations.

Example:
A company must take your permission before collecting your name, email, or Aadhaar details.

📘 Summary Table

Topic	Purpose	Example
Data Backup & Recovery	Protects data from loss or damage	Cloud Backup, External Drive
Safe Browsing	Prevents online threats	Using HTTPS & Antivirus
Cyber Laws	Controls cybercrimes & misuse	IT Act, 2000
GDPR	Protects EU citizens’ data	Right to delete personal data
DPDPA (India)	Protects Indian citizens’ data	Consent before data collection

ALL THE BEST FOR YOUR EXAMS

Follow on LinkedIn