When we begin to know this topic the first questions that arise into our mind is
What is Computer security and why this is a challenge?
As mention in Wikipedia
Computer security, also known as cybersecurity or IT security is the protection of computer systems from the theft or damage to the hardware, software or the information on them, as well as from disruption or misdirection of the services they provide.
There are several models to represent security in computer
A simple but widely applicable security model is the CIA triad; standing for Confidentiality, Integrity, and Availability; three key principles which should be guaranteed in any kind of secure system. This principle is applicable to the whole subject of Security Analysis, from access to a user's internet history to security of encrypted data across the internet. If any one of the three can be breached it can have serious consequences for the parties concerned.
Confidentiality
Confidentiality is the ability to hide information from those people unauthorized to view it. It is perhaps the most obvious aspect of the CIA triad when it comes to security; but correspondingly, it is also the one which is attacked most often.
Integrity
The ability to ensure that data is an accurate and unchanged representation of the original secure information. One type of security attack is to intercept some important data and make changes to it before sending it on to the intended receiver.
Availability
It is important to ensure that the information concerned is readily accessible to the authorized viewer at all times. Some types of security attack attempt to deny access to the appropriate user, either for the sake of inconveniencing them, or because there is some secondary effect. For example, by breaking the website for a particular search engine, a rival may become more popular.
There are several models to represent security in computer
The CIA principle
A simple but widely applicable security model is the CIA triad; standing for Confidentiality, Integrity, and Availability; three key principles which should be guaranteed in any kind of secure system. This principle is applicable to the whole subject of Security Analysis, from access to a user's internet history to security of encrypted data across the internet. If any one of the three can be breached it can have serious consequences for the parties concerned.
Confidentiality
Confidentiality is the ability to hide information from those people unauthorized to view it. It is perhaps the most obvious aspect of the CIA triad when it comes to security; but correspondingly, it is also the one which is attacked most often.
Integrity
The ability to ensure that data is an accurate and unchanged representation of the original secure information. One type of security attack is to intercept some important data and make changes to it before sending it on to the intended receiver.
Availability
It is important to ensure that the information concerned is readily accessible to the authorized viewer at all times. Some types of security attack attempt to deny access to the appropriate user, either for the sake of inconveniencing them, or because there is some secondary effect. For example, by breaking the website for a particular search engine, a rival may become more popular.
Nowadays information security has become a high priority for all organizations, no matter how big it is. However, there are still many challenges that these businesses and associations facing to truly protect data from hackers as well as major cybercriminal groups.
Let's see some of those.
Let's see some of those.
worms, viruses, and Trojans
A computer virus is a piece of malicious code that attaches to or infects executable programs. Unlike worms, viruses rely on users to execute or launch an infected program to replicate or deliver their payloads. A virus' payload can delete data or damage system files.
A Trojan(named after the Trojan horse in Greek mythology) is a malicious program disguised as something innocuous, often a utility or screensaver.Like viruses, Trojans rely on unsuspecting users to activate them by launching the program to which the Trojan is attached.Trojans have many functions, some delete or steal data, whereas others install backdoors that enable a hacker to take control of a system.Unlike viruses, Trojans do not replicate.
Early computer viruses were often contained in individual users' systems.They attract individually in one system.However, present-day blended threats, such as Code Red and Nimda, present multiple security threats at the same time, causing major disruptions and billions of dollars of damage to enterprises. A blended threat combines different types of malicious code to exploit known security vulnerabilities. Blended threats use the characteristics of worms, viruses, and Trojans to automate attacks, spread without intervention, and attack systems from multiple points
The threats are expected to continue to grow in magnitude, speed, and complexity, making prevention and clean-up even more difficult. These factors contribute to the need for a proper plan to address information security issues within every company.
Mobile Workforce and Wireless Computing
The arrival of mobile computing devices has had a significant impact on everyday life. Wireless communications liberate employees and consumers from relying on phone lines to communicate. Looking for a phone booth to make a call or going to the office to access email is quickly becoming a fading memory. Information availability and communications have greatly increased due to mobile computing devices. With the convenience of these devices, information security concerns increase because the confidential information stored on them needs to be protected.
These information security risks include all the mobile devices such as cell phones, personal digital assistants, and so on that contain valuable information. As a result, companies need to ensure that their information security program extends to all devices that frequently leave the office and that are easily lost or stolen. They can no longer count on safely locking computers in the offices when employees go home at night. Wireless communication offers many compelling advantages over traditional wired communications, but controls must be in place to ensure that the company's most valuable secrets are secure.
Security Hacker
A security hacker is someone who seeks to breach defenses and exploit weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or to evaluate system weaknesses to assist in formulating defenses against potential hackers. The subculture that has evolved around hackers is often referred to as the computer underground.
Security Hacker
A security hacker is someone who seeks to breach defenses and exploit weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or to evaluate system weaknesses to assist in formulating defenses against potential hackers. The subculture that has evolved around hackers is often referred to as the computer underground.
Shortage of Information Security Staff
Finding qualified information security staff is a difficult task, which will likely continue to be the case in the near future. Driving the hiring challenge is the immaturity of the solutions from information security vendors, the limited number of qualified staff available, and the unique blend of information security skills required
These risks will not go away, and successful companies will adopt strategies to minimize them and offer unique solutions to their customers.
Reference:
wikipedia.org
scmagazine.com/top-10-security-challenges-for-2013/article/542937/
certesnetworks.com/3-biggest-information-security-challenges-of-2016/
doc.ic.ac.uk/~ajs300/security/CIA.htm
No comments:
Post a Comment