Cyber Security as the Process of Different Security Measures - Essay Example

Cyber Security as the Process of Different Security Measures Introduction Cyber Security refers to the process of applying different security measures to foster integrity, confidentiality, and accessibility of data. Cyber Security primarily ensures protection of assets of an organization, including servers, data, buildings, humans, and desktops. Protection of information/data at rest and in transit is the primary goal of cyber security (Singer & Friedman, 2014, pp43). Typically, organizations employ copious countermeasures to ensure safety or security of data, which includes access control, risk assessment, accountability and audit, security authorization, and awareness training. National security, economic vitality, and daily life of individuals vastly depend on safe, resilient, and stable cyberspace. Cyber Security is a global concern because cyberspace is increasingly becoming a crucial asset to nations. However, few countries possess an arguably secure digital infrastructure – the United States no exception (Singer & Friedman, 2014). The Department of Homeland Security, for instance, is committed to improving its cyber networks and infrastructure, as well as cyber security across all key information sectors. Meanwhile, cyber attacks and intrusions have increased significantly over the last two decades, disrupting critical operations, exposing sensitive business and personal information, and imposing exorbitant costs on economies. As a result, countries must make significant advances in securing their systems from potential state-sponsored operations and intrusions and growing threat of cybercrime (Singer & Friedman, 2014, pp67). Overall, contemporary organizations must adhere to the conventional cyber security standards to curb cyber security attacks and enhance safe security techniques. Literature Survey Understanding cyber security The reasons and motivations for violations of computer security vary between hackers/crackers. For instance, some hackers are extremely skilled and vastly motivated with the goal or objective of compromising the computers of an organization for espionage or financial gain (Reveron, 2013, pp56). Other hackers are simply vandals and thrill-seekers, commonly involved or responsible for ruining websites and web pages. In most cases, attackers deface websites to make political statement. Furthermore, multiple cyber-crimes that occurred in the last decade targeted both private companies and government agencies. For instance, commercial websites such as Amazon.com, Yahoo.com, CNN.com, eBay.com, and Buy.com hit colossal DOS in the year 2000. According to the Federal Bureau of Investigations (FBI), the attacks caused massive damages estimated to be more than $1.7 billion (Reveron, 2013, pp19). In addition, a slammer worm tainted/infected over 90 percent of vulnerable computers in the year 2003. As a result, various airline companies canceled their flights, more than 13,000 ATMs of Bank of America failed, and 911 emergency systems of Seattle botched. A series of arguably coordinated cyber attacks on the US computer systems have occurred since 2003. The attacks, designated by US government as Titan Rain, compromised several computer networks of the country, including the systems at NASA, Sandia National Laboratories, and Lockheed Martin (Reveron, 2013, pp41). Since cyber security is vital to its technology-driven economy, the US government has taken necessary steps and countermeasures to curb potential threats and address the copious vulnerability challenges. Computer Security is an integral part to maintaining the safety of cyberspace and enhancing an operational industry. Malicious individuals always take advantage of the negligence and inattention of trusted individuals to regularly penetrate secure, well-designed computer systems. They may act as system administrators, sending trusted individuals messages and asking for passwords (Reveron, 2013, pp73). The attackers may also deliberate deceive trusted individuals; a critical part of social engineering. Apparently, social engineering is a type of cyber attack that affects specifically the users of computers (also referred to as the weakest link). The primary target and goal of social engineering is to successfully convince computer users, by psychological means, to disclose or send personal information, which includes card numbers, passwords, and secret codes. Some attackers/hackers use social engineering to impersonate the activities or services offered by a company. The system administrator of the organization should attempt to identify the possible motive behind the attack on its system before taking necessary steps to prevent future security breaches. The administrator should also estimate the worth of information security of the system and continued operation and the person probably motivated to violate the system (Reveron, 2013, pp89). Blocking all potential crackers or hackers may be a plausible action in an attempt to prevent security violation of an organization’s computer systems. Therefore, security is a crucial factor when designing computers systems of the organization. Dan Shoemaker and Author Conklin provide a comprehensive framework of practices that ensures information security for the company. In their book Cyber security: the essential body of knowledge (2012), Shoemaker and Conklin offers an inclusive roadmap for security, best security practices, data security competency, digital forensic skill, personnel security, and physical security (Shoemaker & Conklin, 2012, pp4). Typically, organizations adopt security measures in three phases or processes namely threat prevention, threat detection, and response. Various system components and policies guide successful implementation of the aforementioned steps (Shoemaker & Conklin, 2012, pp4). For example, cryptography and access controls (user account access control) can potentially protect data and files respectively. From network security point of view, firewalls are among the most common attack prevention systems. Through proper configuration, firewalls can block certain attacks and shield access to internal network services (Shoemaker & Conklin, 2012, pp4). In the same way, Intrusion Detection Systems play a vital role in detecting specific network attacks in progress, as well as assist in post-attack forensics. Nevertheless, audit logs and trails serve a similar function, but for individual systems. The authors point out the fact that few organizations properly maintain their computer systems with efficient detection systems (Shoemaker & Conklin, 2012, pp4). Furthermore, few companies have put in place an organized response mechanism, partially due to the costs associated with adoption and maintenance of most response mechanisms. Intent and coordination of cyber security efforts The authors emphasize the need to put in place and properly coordinate requisite countermeasures to enhance the effectiveness of the defense against potential cyber attacks. In most organizations, information protection will primarily embody safety measures that fall within the specific area of interest and expertise of the individuals or organizations responsible for the approach (Shoemaker & Conklin, 2012, pp4). As a result, most computer security administrators more often than not focus on the countermeasures they feel necessary to secure specific area of responsibility. For instance, they are more likely to install firewall and intrusion detection system if the intention is to protect the network systems of the organization. Cyber Security Policy Jennifer Bayuk (2012, pp5) focuses on the importance of policy implementation toward fostering cyber security. She emphasizes the need for modern organizations to adopt new laws and regulations concerning computer operations, private enterprise objectives, configuration variables, and information distribution (Bayuk, 2012, pp24). The guidebook provides a detailed account of cyber security, potential threats, and the countermeasures upon detection of any attacks. The goal of cyber security policy is to coordinate security objectives, supported by constituents of cyber security to modify behavior of computer users in compliance with the policy framework (Bayuk, 2012, pp 21). In addition, policy provides a foundation upon which network security administrators can prescribe rules to help achieve cyber security. The Science of Cyber Security Cyber security is a distinct new science often characterized from two distinctive perspectives – the objects or domain of study and the set of characteristic problems (Pino, 2014, pp23). It refers to the study of relations between structures, attributes, and dynamics of the network of computing devices under attack, as well as the techniques and tools of attackers and defenders (Pino, 2014, pp17). The author further acknowledges intrusion detection as one of the fundamental aspects that fall into the realm of cyber security. Cyber Threats Cyber-crimes can subject an organization or nation to massive security threats. Cyber threats to security system of a country include use of cyberspace by attackers/hackers for strategic and military purposes (Choucri, 2012, pp144). The attackers can also create fear for a nation when they gain access (unauthorized) to classified, proprietary materials. However, Nazli Choucri (2012) the response to potential cyber security threats differs from one country to another. The Obama administration, for instance, primarily focuses on bringing the cyberspace into the policy domain in an attempt to integrate cyberspace oversight into the overall calculus of national security (Choucri, 2012, pp144). Meanwhile, Umberto Gori (2009, pp65) analyzes various security constraints result from the attempts to eliminate cyber threats and improve security of the computer systems of an organization or a nation (Gori, 2009, pp34). Security constraints are restrictions related to security and safety issues of cyberspace, such as, integrity, availability, and privacy. Security issues can influence the design and analysis of a software system under development (Gori, 2009, pp 34). However, security constraints do not necessarily represent specific protocol restrictions in relation to the security of cyberspace. Cyber security transformation Cyber security transformation refers to a systematic shift from particular stable of cyberspace to another stable state of the overall system. Several changes often take place (spontaneously or in controlled manner) in the process of transforming cyber security of an organization or country (Information Systems Audit and Control Association, 2013, pp54). Despite numerous attempts by different organizations to change their cyber security, they typically experience major pitfalls such as lack of realism, blurred vision, and governance model bias. In conclusion, security breaches and other forms of cybercrime often cause severe financial damages to various organizations (Information Systems Audit and Control Association, 2013, pp54). The estimates of cyber security consulting firms reveal worldwide losses often attributable to worm and virus attacks, as well as antagonistic digital attacks. Antivirus manufacturers play a vital part to prevent possible cyber threats from reaching the private and public sectors. References Bayuk, J. L. (2012). Cyber security policy guidebook. Hoboken, N.J., Wiley. Choucri, N. (2012). Cyberpolitics in international relations. Cambridge, Mass, MIT Press. Gori, U. (2009). Modelling Cyber Security: Approaches, Methodology, Strategies. Fairfax, IOS Press, Incorporated. Information Systems Audit and Control Association. (2013). Transforming cybersecurity using COBIT 5. Rolling Meadows, Ill, ISACA. Pino, R. E. (2014). Network science and cybersecurity. New York, Springer Science+Business Media. Reveron, D. S. (2013). Cyberspace and national security: threats, opportunities, and power in a virtual world. Shoemaker, D., & Conklin, W. A. (2012). Cybersecurity: the essential body of knowledge. Boston, MA, Course Technology Cengage Learning. Singer, P. W., & Friedman, A. (2014). Cybersecurity and cyberwar: what everyone needs to know. Read More