Cyber security is a practice of defending computers, servers, mobile devices, electronic systems, networks and data from malicious attacks. It is also known as information technology security or electronic information security.
Major areas covered in cyber security are:-
- Application Security
Application security encompasses measures or counter- measures that are taken during the development life- cycle to protect applications from threats that can come through flaws in the application design, development, deployment, upgrade or maintenance.
Some basic techniques used for application security are:-
- Input parameter validation
- User/role authentication & authorization
- Session management, parameter manipulation & exception management
- Auditing and logging
Information security protects information from unauthorized access to avoid identify theft and to protect privacy.
Major techniques used to cover this are:
- Identification, authentication & authorization of user
Disaster recovery planning is a process that includes performing risk assessment, establishing priorities, developing recovery strategies in case of a disaster.
Network security includes activities to protect the usability, reliability, integrity and safety of the network. Effective network security targets a variety of threats and stops them from entering pr spreading on the network.
Network security components includes:
- Anti-virus and anti-spyware
- Intrusion Prevention System (IPS)
- Virtual Private Network (VPN)
Types of cyber threats:-
- Cybercrime includes single actors or groups targeting systems for financial gain or to cause disruption.
- Cyber-attack often involves politically motivated information gathering.
- Cyber terrorism is intened to undermine electronic systems to cause panic or fear.
- Malware (Virus)
- Trojans (Spywares, Adware,Ransomware & Botnets)
- SQL injection
Cyber safety tips:-
- Use anti-virus software
- Use strong password
- Do not open email attachments from unknown senders.
- Avoid using unsecure WiFi networks in public places.
Organizations and Institutions that Address International Cybersecurity
|United Nations Internet Governance Forum||Global|
|United Nations Group of Governmental Experts||Global|
|Anti- Abuse Working Group||Global|
|European Network Information Security Agency||Regional|
|Internet Society (ISOC)||Global|
|Inter- American Cooperation Portal on Cyber- Crime||Regional|
|United States Technology Training Institute (USTTI)||Global|
A number of laws have been passed in recent years, such as:-
- The Comprehensive National Cybersecurity Initiative of 2008.
- The Cybersecurity Workforce Act of 2014.
- The National Cybersecurity and Critical Infrastructure Protection Act of 2014.
- The Cybersecurity Information Sharing Act of 2015.