Test Your Knowledge of Computer Security

Computer Security: Protecting Systems from Information Disclosure, Theft, or Damage

• Computer security, cybersecurity, digital security, or IT security is the protection of computer systems and networks from attack by malicious actors.

• Cybersecurity is vital due to the expanded reliance on computer systems, the internet, and wireless network standards such as Bluetooth and Wi-Fi, and the growth of smart devices, including smartphones, televisions, and IoT devices.

• Security is of especially high importance for systems that govern large-scale systems with far-reaching physical effects, such as power distribution, elections, and finance.

• Computer security was mainly limited to academia until the conception of the internet, where computer viruses and network intrusions began to take off.

• The National Security Agency (NSA) is responsible for the protection of US information systems and also for collecting foreign intelligence.

• Vulnerabilities can be researched, reverse-engineered, hunted, or exploited using automated tools or customized scripts.

• Backdoors, denial-of-service attacks, direct-access attacks, eavesdropping, multi-vector, polymorphic attacks, phishing, privilege escalation, reverse engineering, side-channel attack, social engineering, spoofing, tampering, malware, and HTML smuggling are the major types of attacks.

• Employee behavior can have a significant impact on information security in organizations.

• Financial systems, including financial regulators and financial institutions, are prominent hacking targets for cybercriminals interested in manipulating markets and making illicit gains.

• Websites and apps that accept or store credit card numbers, brokerage accounts, and bank account information are also prominent hacking targets.

• In-store payment systems and ATMs have also been tampered with in order to gather customer account data and PINs.

• The UCLA Internet Report 2021 found that 90% of US adults now use the internet, and there has been a significant increase in the use of social media and online shopping.Cybersecurity Threats and Countermeasures

• Surveying the Digital Future (2000) found that privacy concerns created barriers to online sales and that more than nine out of 10 internet users were concerned about credit card security.

• SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security), identity management, and authentication services, and domain name services are commonly used web technologies for improving security between browsers and websites.

• Credit card companies Visa and MasterCard developed the secure EMV chip embedded in credit cards, and the Chip Authentication Program where banks give customers hand-held card readers to perform online secure transactions.

• Computers control functions at many utilities, including coordination of telecommunications, the power grid, nuclear power plants, and valve opening and closing in water and gas networks, and are vulnerable to cyber attacks.

• Aviation industry is reliant on complex systems that could be attacked, and air navigation service providers are moving to create their own dedicated networks.

• Many modern passports are now biometric passports, containing an embedded microchip that stores a digitized photograph and personal information such as name, gender, and date of birth, and facial recognition technology is being introduced to reduce identity-related fraud.

• Desktop computers and laptops are commonly targeted to gather passwords or financial account information, and smartphones, tablet computers, and smartwatches have sensors that could be exploited to collect personal information.

• Medical devices have been successfully attacked or had potentially deadly vulnerabilities demonstrated, including both in-hospital diagnostic equipment and implanted devices.

• Large corporations are common targets for data breaches, identity theft, and cyber attacks.

• Vehicles are increasingly computerized, with advanced driver-assistance systems on many models, and all of these systems carry some security risk.

• The Internet of things (IoT) creates opportunities for more direct integration of the physical world into computer-based systems, but also provides opportunities for misuse and cyber-kinetic attacks.

• Shipping companies have adopted RFID (Radio Frequency Identification) technology as a digitally secure tracking device.

• Government and military computer systems are commonly attacked by activists and foreign powers, and local and regional government infrastructure such as traffic light controls, police and intelligence agency communications, personnel records, student records, and financial systems are also potential targets.

• Countermeasures include security by design, security architecture, access control, software development process, and incident response planning.Computer Security: A Comprehensive Overview

• IT security architecture describes the design of security controls to maintain the system's quality attributes: confidentiality, integrity, availability, accountability, and assurance services.

• Security architecture is a unified security design that addresses the necessities and potential risks involved in a certain scenario or environment.

• Security measures include threat prevention, detection, and response, which are based on various policies and system components, such as firewalls and exit procedures.

• Vulnerability management is the cycle of identifying, remediating or mitigating vulnerabilities, especially in software and firmware.

• Secure operating systems are designed to be secure, and they meet the Common Criteria of being "Methodically Designed, Tested and Reviewed."

• Incident response is an organized approach to addressing and managing the aftermath of a computer security incident or compromise.

• Computer security breaches include the first computer worm by Robert Morris, the Rome Laboratory intrusion, the TJX unauthorized computer systems intrusion, the Stuxnet attack, global surveillance disclosures, Target and Home Depot breaches, and the Office of Personnel Management data breach.

• To ensure adequate security, the confidentiality, integrity, and availability of a network must be protected and is considered the foundation of information security.

• Two-factor authentication is a method for mitigating unauthorized access to a system or sensitive information.

• Social engineering and direct computer access attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information.

• End-user security training is essential in reducing cyber risk and protecting individuals and companies from cyber threats.

• Digital hygiene or cyber hygiene is a fundamental principle relating to information security that is the equivalent of establishing simple routine measures to minimize the risks from cyber threats.Global Cybersecurity: Threats, Responses, and Careers

• The Office of Personnel Management hack in the US was one of the largest breaches of government data in the country's history, with millions of stolen personnel records.

• The Ashley Madison breach in 2015 saw a hacker group obtain company and user data and threaten to release customer data unless the website was taken down.

• The Colonial Pipeline ransomware attack in 2021 led to fuel shortages across the East Coast of the US.

• International legal issues surrounding cyberattacks are complicated, with no global base of common rules to judge or punish cybercrimes and cybercriminals.

• The government has a regulatory role in cyberspace to protect national infrastructure and make regulations to force companies to protect their systems and information from cyberattacks.

• The role of the government in regulating cyberspace is complicated, with some seeing it as a virtual space that should remain free of government intervention.

• Many government officials and experts believe there is a crucial need for improved regulation due to the private sector's failure to efficiently solve the cybersecurity problem.

• The UN Security Council held an informal meeting on cybersecurity in 2020 to focus on cyber challenges to international peace.

• Most countries have their own computer emergency response team to protect network security.

• The US has several agencies responsible for cybersecurity, including the National Cyber Security Division and the United States Cyber Command.

• There are growing concerns that cyberspace will become the next theater of warfare, leading to the creation of cyberwarfare and cyberterrorism.

• Cybersecurity is a fast-growing field with a shortage of skilled professionals, with typical job titles including security analyst, engineer, administrator, and chief information security officer.