Cyber Security is a protection offered to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications). To read more visit: https://www.rangtech.com/blog/cybersecurity/cyber-security-what-is-it-and-what-you-need-to-know
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
1. HOME BLOGS CYBER SECURITY: WHAT IS IT AND WHAT YOU NEED TO KNOW? BLOG LIST
Awards & Alliances
Categories
Diversity +1.732.947.4119
CYBER SECURITY: WHAT IS IT AND WHAT YOU
NEED TO KNOW?
CYBERSECURITY
Cyber Security is a protection offered to an automated information system
in order to attain the applicable objectives of preserving the integrity,
availability and confidentiality of information system resources (includes
hardware, software, firmware, information/data, and telecommunications).
WHY DO YOU NEED ONE?
Hackers intrude into system to get hold of sensitive information and sell it for
a price. There were many instances where well-established organizations like
financial institutions lost valuable information of customers. Some of them
are
• Hong Kong Stock Exchange (Aug 2011) — DDoS through BOTNET
• PenFed (Dec 2010) — Malware from infected laptop
• CitySights (Sep 2010) — SQL injection
• EU Carbon Trading Exchange (Jan 2011) — Phishing
Similarly, there are many other retail companies, government organizations
which were hacked. Loosing sensitive data is lose to any organization
towards trust.
WHAT IS CIA?
Confidentiality: Preserving authorized restrictions on information access
and disclosure, including means for protecting personal privacy and
proprietary information.A loss of confidentiality is the unauthorized
disclosure of information
Integrity: Guarding against improper information modification or
destruction, and includes ensuring information non-repudiation and
authenticity.A loss of integrity is the unauthorized modification or
destruction of information
Availability: Ensuring timely and reliable access to and use of information. A
loss of availability is the disruption of access to or use of information or an
information system
Data Science (29)
•
AI/Machine Learning (6)
•
Big Data (2)
•
Cloud (5)
•
Cybersecurity (5)
•
Salesforce CRM (2)
•
IoT (3)
•
Clinical (5)
•
Healthcare (5)
•
Life Sciences (6)
•
This & That (5)
•
Recruiting Strategy (16)
•
Diversity, Equity & Inclusion (1)
•
Software Development (1)
•
Life Sciences Healthcare Contact Us
Digital Staffing Company Knowledge Center
Life Sciences Healthcare Contact Us
Digital Staffing Company Knowledge Center
2. AND, SOME MORE:
Although the use of the CIA triad to define security objectives is well
established, some in the security field feel that additional concepts are
needed to present a complete picture:
Authenticity: The property of being genuine and being able to be verified and
trusted; confidence in the validity of a transmission, a message, or message
originator.
Accountability: The security goal that generates the requirement for actions
of an entity to be traced uniquely to that entity.
GUARD AGAINST WHAT?
There are different ways you can be posed to a security threat, here is the list
of some:
• Unauthorized Disclosure
• Exposure, Interception, Inference, Intrusion
• Deception
• Masquerade, Falsification, Repudiation
• Disruption
• Incapacitation, Corruption, Obstruction
• Usurpation
• Misappropriation, Misuse
GUARD WHAT?
Host
Hardware: A major threat is the threat to availability. Hardware is the most
vulnerable to attack and the least susceptible to automated controls.
Threats include accidental and deliberate damage to equipment as well as
theft. Theft of CDROMs and DVDs can lead to loss of confidentiality. Physical
and administrative security measures are needed to deal with these threats
Software: Includes the operating system, utilities, and application programs.
A key threat is an attack on availability. Software is often easy to delete.
Software can also be altered or damaged to render it useless. Careful
software configuration management can maintain high availability. A more
difficult problem is software modification (e.g. from virus/worm) that results in
a program that still functions but that behaves differently than before, which
is a threat to integrity/authenticity.
Data: Involves files and other forms of data controlled by individuals, groups,
and business organizations. Security concerns with respect to data are
broad, encompassing availability, confidentiality, and integrity. In the case of
availability, the concern is with the destruction of data files, which can occur
either accidentally or maliciously. The obvious concern with confidentiality is
the unauthorized reading of data files or databases. A less obvious secrecy
threat involves the analysis of data and manifests itself in the use of so-
called statistical databases, which provide summary or aggregate
information. Finally, data integrity is a major concern in most installations.
Modifications to data files can have consequences ranging from minor to
disastrous.
Network
• Involves routers, switches, and other firmware
• Must guard against passive and active attacks
• Passive attacks are eavesdropping
• Release of message contents
• Traffic analysis
• Are hard to detect, so aim to prevent
•Active attacks modify/ fake data
•Masquerade
•Replay
•Modification (Falsification)
•Denial of Service
Life Sciences Healthcare Contact Us
Digital Staffing Company Knowledge Center