Cyber Security, refers to the protection of computer systems and networks from information disclosure, theft or damage to the hardware, software, and electronic data, as well as from the problems or misdirection of the services provided.
The field is outstandingly increasing due to the continuous expanding reliance on computer systems, the Internet and wireless network standards such as Bluetooth and Wi-Fi, and due to the growth of smart devices, such as smartphones, televisions, and the wide range of devices that constitute the "Internet of things". Cyber security is also one of the significant challenges in the existing world, due to its complexity, both in terms of political usage and technology.
Since the arrival of internet with the digital transformation initiated in recent years, the concept of cyber security training has become a familiar subject in our professional as well as personal lives. Cyber security and cyber threats have been constant for the last 50 years of technological change.
For example, in 2007, the United States and Israel started exploiting security flaws in the Microsoft Windows operating system to attack and damage equipments used in Iran to refine nuclear materials. Iran responded by heavily investing in their own cyberwarfare capability, which they started using against the United States.
Vulnerabilities and attacks
A vulnerability is defined as weakness in design, implementation, operation, and internal control. Most of the vulnerabilities discovered are documented in the Common Vulnerabilities and Exposures database. An exploitable vulnerability is the one for which atleast one working attack or "exploit" exists. Vulnerabilities are often researched, reverse-engineered, hunted, or exploited using automated tools or customized scripts. To secure a computer system, it is important to understand that the attacks are made against it, and these threats can typically be classified into one of these categories below:
- Backdoor
- Denial-of-service attack
- Direct-access attacks
- Eavesdropping
- Multi-vector or polymorphic attacks
- Phishing
- Privilege escalation
- Reverse engineering
- Side-channel attack
- Social engineering
- Spoofing
- Tampering
- Malware
To manage the information security culture, five steps are neccessary:
- Pre-evaluation: identifying the awareness of information security within employees and also analyse the current security policies.
- Strategic planning: To come up with a better awareness program, clear targets need to be set. Assembling a team of skilled professionals is useful to realize it.
- Operative planning: A good security culture can be established based on internal communication, management-buy-in, security awareness and a training program.
- Implementation: Four stages should be used to implement the information security culture. They are:
- Commitment of the management
- Communicating with organizational members
- Providing courses for all organizational members
- Commitment of the employees
- Post-evaluation: To assess the success of the planning and implementation, and to identify unresolved areas of concern.
The growth in the number of computer systems and the increasing reliance upon them by individuals, businesses, industries, and governments means there is an increasing number of systems at risk.
Computer protection (countermeasures)
In computer security, a countermeasure is an action to reduce a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that measures should be taken.
Some common computer protections are listed below:
- Security by design
- Security architecture
- Security measures
- Vulnerability management
- Reducing vulnerabilities
- Hardware protection mechanisms
- Secure operating systems
- Secure coding
- Capabilities and access control lists
- End user security training
- Digital hygiene
- Response to breach
Follow for more information and to apply: https://www.brillicaservices.com/
#datasecurity #linux #ransomware #phishing #ethicalhacking #cybersecuritytraining #cybersecurityawareness #malware #informationsecurity #infosec#cybercrip #hacker #cybercrime #cybersecurityengineer #android #ios #networking #cyberattack #kalilinux #anonymous