The CIA tried- Cyber Security
Definition, Components and Threats
The term cyber security refers to the process of protecting computer systems, networks, data and programs from being stolen, disclosure, attacked, or damaged to their software or hardware. It stops websites from crashing, increase the productivity while inspiring users confident. In general it helps to protect CIA tried of computer systems.
What is CIA??
CIA is a measure of information security which is used to develop security policies that contributes to identify problem areas with necessary solutions. It controls the way an organization handles data when they are storing, transmitting and processing. And it improves infrastructure in the system and makes data more accessible to those in need.
CIA stands for,
Confidentiality
Information and functions can be accessed only by authorized party. The system can determine who has the right to access which data. Here, information is categorized according to the potential harm if it comes to unexpected individuals. Security measures are also implemented according to that. Volume and file encryption, biometric verification, two factor authentication, security tokens and Unix file permissions are the most common ways to establish confidentiality. Keeping hardcopy data behind lock and key is a non-technical way to establish confidentiality.
As every piece of information contained in a system has value, it must to keep all data confidential. Lack of confidentiality in any way can lead to serious destruction. Encryption cracking, man-in-the-middle attacks, malicious insiders are some common threats against confidentiality. Most of the times confidentiality can be compromised by cracking poorly encrypted data and disclosing sensitive data.
Integrity
Prevent the deletion or modification of data made by any unauthorized party and ensures that the damage is reversible if a change is made which should not be done by an authorized person. Integrity ensures that the information is authentic and does not change its original purpose. Data encryptions, backups, cryptographic checksums, uninterrupted power supplies are the common methods to ensure integrity. Integrity can be affected by physical compromise to device and because of the human errors.
Availability
Refers to the actual availability of the data. This ensures that information and resources are available to authorized parties when needed. High availability systems are computer resources, designed specifically to enhance availability, allowing multiple network interferences to be managed, as well as being able to navigate through various network interruptions. Availability is implemented using methods such as data reentrancy, firewalls, hardware maintenance, off-site backups, server clustering and virtualization.
Threats to CIA
A potential risk or damage that can be occurred to the asserts of a computer system is called a threat. Cybercrime and hacking are the two different parameters of threats to CIA tried.
Cybercrime
Any criminal activity which carried out against a computer, a computer network or any networked device in order to damage them or disable or steal information or spread malware often for the purpose of generate profit for the cyber criminals.
Cybercrime can be categorized as crimes against people (human trafficking, spoofing, credit card fraud), crimes against property (virus transmission, copyright infringement, DDOS attacks, IPR violations) and crimes against government (accessing confidential information, cyber warfare, pirated, cyber terrorism).
Three major types of cyber crimes
Computer assisted crimes: Criminal activities that use computers as mere tools and are not computer specific. Ex: Fraud, DOS
Computer as the target crime: criminal activities that Aimed at computer systems, networks, servers and data and information stored in the systems EX: Sniffing, viruses
Computer incidental to the crime: Computer related or incidental crime but not necessary to use a computer. EX: money laundering, child photography for traffickers
Hacking
Hacking is an attempt to gain unauthorized access to a computer system, a privet network inside a computer or a group of computer systems. In such a case, control of a computer is obtained without permission for an illegal activity through cracking of passwords and codes which gives access to the system.
Types of hackers
Black hat: Individuals who hack to gain control of the system for personal gain. Once the weaknesses and vulnerabilities are identified, they enter the system and restore system data to malicious or destructive activity. They are able to steal valuable information from the system and prevent authorized users from accessing the system.
Grey hat: Individuals who may violate ethical norms or principles but often operating for the common good and do not have the malicious behaviors as black hat hackers. They work both offensively and defensively at various times. They have enough computer language skills to detect loopholes in the network security system. But They differ from black hat hackers because they do not hack for their personal gain
White hat: Individuals who use their skills to protect their security systems against attacks and to make them more hack-proof. They can also called as ethical computer hackers or information security professionals. They use their skills to detect security vulnerabilities in advance to prevent attacks They also known as security analysts.
Suicide hacker: individuals who hack for some purpose and even don’t worried about facing jail terms or any other punishment. They can be bad as well as good. Often they hack for the sake of destruction.
Script kiddie: Unskilled hackers who use scripts, programs and tools previously developed by real hackers to attack a website or a network. They lacks the knowledge to exploit vulnerabilities.
Cyber terrorist: Individuals with a wide range of skills who illegally attack and threaten state computers, networks and the information stored on them in order to advance religious, political or social goals. Cyber terrorism is the combination of cyberspace and terrorism.
State sponsored hacker: people who employed by the government for various political reasons, to attack computer systems or networks to spy and gain top secrete information of other states.
Hacktvist: People who carry out cyber attacks for political purposes. They often attack specific organizations that do not match their political views or practices. Their job is to promote a political agenda by disabling computer systems.
All of the above hackers are illegal except white hat hackers.
Malware attack, Pishing, Passwords attack, Man in the middle, Birthday attack, Drive by attack, AQL injection attack, Cross-site scripting attack, Denial of service, Eavesdropping attack are the most common attacks in cyber security.
Cyber attack prevention is essential for every computer system and network. One of the best ways to protect information from any cyber attack is to install a firewall to the system. And also cyber attacks often occur because the system is not up to date. Systems should therefore be updated regularly. It is important to have system data backed up to prevent serious downtime and data loss during a cyber attack. There should be strong and different passwords setup for every application in the system. Also, every user of the system should have their own login for each application and program.
