Cyber ​​Security: What is it and how is it carried out?

El Rincón del Conocimiento

14 minutes

Learn throughout this article, such as the cyber security it has become the technological backbone of computer systems around the world.

cyber-security-1

Protection of the cyber world

Cyber ​​security: Protecting information

Computer security, cyber security or simply cyber security, consists of the protection of data and vital programs for the operation of technologies such as computers, cell phones or the so-called clouds.

In general, cybersecurity is responsible for defending essential information (software, computer networks, files, etc.) contained in a computer system, from the onslaught of malware that harm systems and users.

It differs from "information security" because it focuses on data stored on computer media, while, to speak of information security, we must refer to the privacy of each individual.

To minimize the risks to the computing infrastructure or information, cyber security allows establishing guidelines such as restrictions or protocols, to guarantee their protection.

The main objective of this technology is to protect the computing infrastructure, guaranteeing the proper functioning of the equipment and anticipating any eventuality (failures, power outages, sabotage, among others) that affects the computer systems.

The protection of the infrastructure, in turn, allows users to use it safely and without vulnerabilities in the information used, which stands out as a central element of cyber security.

If you want to learn about the cloud and how to secure it, go to the following link and become an expert: Security in the cloud What is it? How does it work? And more.

cyber-security-2

Threats

The risk factors that affect the data do not originate solely from the activity of the equipment or the programs that they manage.

There are other threats beyond the computer, some cannot be foreseen. In these cases, the structuring of computer networks in which information is shared is the best protection option.

Causes of threats

Users

They are the main cause of security flaws that occur in devices, commonly due to having improper authorizations that do not limit the actions in activities in which users are not supposed to participate.

malicious programs

These files are developed with the purpose of entering computers illegally, without the consent of the user or the organization, accessing the stored information and modifying it.

Malicious programs are called malware, the best known are: software or computer viruses, logic bomb, Trojans, spyware, among others.

programming errors

Programming errors arise from the manipulation of programs by people who are in charge of violating security systems, better known as crackers.

As a main goal, crackers get computers to behave the way they want, harming both the device and the users.

Sometimes, the programs have flaws originating during their manufacture, this also compromises the security of the devices. To prevent these failures, companies release updates for operating systems and stored applications from time to time.

cyber-security-3

Intruders

They are people who are dedicated to violating the security of computer systems, managing to access stored information without any authorization. The best known are hackers and crackers.

On the other hand, social engineering is used by individuals who, through the Internet or cell phones, trick users into providing the necessary data to access their confidential information.

Accidents

An accident is a fortuitous event that causes the partial or total loss of data stored on storage devices and guarded by cybersecurity.

Technical staff

When we talk about technical staff, we mean the people who work to ensure the cyber security of computers. The technical staff can sabotage the system for various reasons, for example, labor disagreements, espionage or dismissals.

Types of threats

Although threats can be grouped in different ways, there are currently three main types of attacks: by origin, by effect, by the means used.

Threats from the origin

According to the Computer Security Institute (CSI), between 60 and 80% of attacks on storage devices come from within, that is, from themselves.

Insider threats pose more of a danger because they can directly access data that pinpoints the locations of an organization's critical information, such as its major upcoming projects.

To the above, we must add the fact that intrusion prevention systems are not designed to react to internal threats but to external ones.

External threats occur when an attacker decides to modify the way the network works in order to obtain and steal data. This usually happens when establishing an external system connection.

Threats due to the effect

We call threats by effect, those grouped according to the degree of deterioration or damage caused to the system. Theft or destruction of information, alteration of system operation or fraud are examples of this type of attack.

Threats by the medium used

We can classify threats according to the way the attacker produces them. Within this category we place malware, Phishing (techniques that seek to deceive users), social engineering and denial of service attacks.

Computer threat of the future

Nowadays, technological evolution has allowed the wide development of the semantic web, thus arousing the interest of cyber attackers.

With Web 3.0, devices have been able to understand the meaning of Web pages, thanks to the use of artificial intelligence as a means to modernize the acquisition of information.

It is because of what was said above that modern attackers are focusing their efforts on altering virtual content. To avoid these attacks, avoid downloading suspicious attachments, using trusted computers, etc.

Risk analysis

Risk analysis consists of continuously verifying computer systems and ensuring that they have the necessary controls to identify vulnerabilities.

In addition, a risk analysis includes the calculation of the probability that a threat will appear, as well as the influence that it will exert on the system.

Ideally, the controls selected to address risks should work together to support data security.

The identified risks, calculations, implemented controls and results are recorded in a document called Risk Matrix, which allows verifying the process followed to eliminate the threat.

Business impact analysis

It consists of determining the value of each system and the information contained in it. These values ​​are assigned depending on the impact that the teams have on the business.

The values ​​are: confidentiality, integrity and availability. A system must have one low value (for example, low integrity) and the other two high (high confidentiality and availability) or all three high to be considered reliable.

Security policy

Security policies govern the rights of users and companies to access information, in addition to establishing control mechanisms that ensure compliance with these policies by organizations.

Organizations must have standards that regulate their services. Also, they are advised to have well-developed plans to react in time to any threat.

To develop a security policy, we need IT administrators, since they are the ones who know the system in depth and establish communication between managers and workers.

Cyber ​​security techniques

Implement high difficulty passwords, monitor the network, encrypt information, are some of the recommended actions to secure information.

It is important that data access permissions are limited within the organization, as well as the restriction of such access to information that users should not handle.

Backup

It consists of copying the original information contained in a computer device to be used in case it is damaged by a particular event.

The backup must be constant and safe, allowing the protection of the information in systems other than the one that hosts the original data.

Organizations that practice cyber security can use online systems, software or external storage devices such as USBs to ensure the security of their computing infrastructure.

protective technologies

As mentioned above, malware is malicious software that intentionally causes damage within computer systems.

Viruses that enter devices are executed by opening the damaged program, Trojans allow remote control of the computer, the logic bomb acts when certain conditions are met, and spyware distributes sensitive information.

To prevent computers from being harmed by this malicious code, organizations use protective anti-malware technologies.

Nowadays, it is very rare to find computers that do not have an antivirus, their success lies in their ability to detect and eliminate not only viruses but also other types of malware.

Another way to preserve our devices is through continuous monitoring of installed software, as well as control of access to the web.

If you are looking to create a web server and you want to protect it, you must first choose the most suitable one for the function you want, click on the following link and find out all these details: Characteristics of a web server: types, and much more.

Physical security of computer systems

The physical security of networks refers to the barriers that are developed to prevent threats to essential system resources and data.

In general, companies focus on preventing attacks caused by programs or virtual media, leaving aside the physical security of their equipment.

An attacker can take advantage of weaknesses in physical protection to enter an area directly and extract the information or device they want.

It should be noted that not only people can cause physical damage. Fires, earthquakes or floods are examples of factors that physically compromise systems.

One option to control who can access the computers would be to place a smart card reader connected to a system that contains the information to allow or not allow a user access to the doors of the rooms or offices.

If it is not possible to use a card reader, locating a security guard who remains in the area can supply some of the security guard's function.

Alarm systems are developed to alert in case of theft, there are even modern systems that communicate with the police immediately after the eventuality is detected.

As for natural events, every organization must have fire-fighting systems and fire extinguishers that allow timely reaction in the event of a fire.

Companies are responsible for offering their employees, including those in the IT area, civil security training. At least one or two people from each unit should have the basic knowledge necessary to deal with claims.

Sanitization or Expungement

Sanitization is a logical procedure for deleting confidential information, so that it cannot be recovered.

As a physical process, it is intended for the destruction of supports or equipment, permanently eliminating the stored data.

In the event that the information to be eliminated is found on paper, the expurgation is carried out through incineration or fragmentation.

reliable hardware

We call hardware, any physical device that is part of the structure of computers. Reliable hardware is one capable of facilitating the use of privileged information safely.

Hardware can be attacked directly, that is, by affecting and manipulating its physical structure or internal elements. Similarly, they can be damaged indirectly through covert channels.

For hardware to be truly reliable, software needs to use it correctly. Currently, these devices are designed to resist physical attacks and detect unauthorized modifications.

Cybersecurity: Collection of information

The collection of information is necessary for the classification and analysis of the relevant data. There are systems dedicated exclusively to the surveillance of information and the systems that contain it.

The first is called Information Management System, responsible for long-term storage, facilitates the communication of the data used.

The second system is the Event Management system, in charge of supervising and notifying at the moment, the contingencies that may arise.

Finally, we find the information and events management system, a combination of the two systems mentioned above.

Official organizations

Mexico

In Mexico, they have a group of professionals belonging to the IT area, who are characterized by providing a rapid response to threats or attacks on system security. The group is known as UNAM-CERT.

European Union

Inaugurated on January 11, 2013, the European Cybercrime Center (EC3) based in The Hague, is a cybersecurity organization that joins forces with police forces across Europe to eradicate cybercrime.

Spain

The National Institute of Cybersecurity (INCIBE), belonging to the Ministry of Economic Affairs and Digital Transformation, is the main person in charge of cybersecurity.

The institute advises public and private companies, as well as the Spanish public administration. They also offer their services to academic and research institutions and private citizens.

Germany

In February 2011, the German Ministry of the Interior decided to inaugurate the National Cyber ​​Defense Center, with the aim of optimizing the German interests referred to in the virtual area.

The center seeks to prevent and eliminate computer threats against its local infrastructure, such as water or electricity supply systems.

United States

The Cybersecurity and Infrastructure Security Agency (CISA) is listed as the entity responsible for the cybersecurity of United States systems.

In March 2015, the Senate approved the Cyber ​​Security Information Law, developed with the aim of renewing and improving cyber security, through the transfer of information between the government and IT companies.

This law allows federal agencies access to threat data from companies large and small. With the enactment of this law, in case of cyber attacks, companies are required to provide personal information to government agencies.

A new bill, the Cybersecurity Vulnerabilities Identification and Notification Act, recently reached the Senate with the aim of introducing new provisions inherent to cybersecurity.

With this latest bill, the CISA would obtain approval to access information on national critical infrastructures, once a threat is identified.

Cyber ​​security career opportunities

Due to the advancement of technology, the demand for professional opportunities related to the field of cybersecurity is increasing more and more.

There are many people interested in specializing in the protection of the information contained in computer systems that attacks or threats constantly try to violate.

Some of the most common cybersecurity career opportunities are:

Network security administrators

  • Security system administrators
  • security architects
  • Security consultants and risk analysis
  • Information security specialists
  • Cybersecurity instrumentation and control engineers
  • Computer security experts
  • Cybersecurity Technicians

A competent professional must handle computer language perfectly, in turn, it is important that they have the ability to develop contingency and prevention techniques or plans.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Actualidad Blog
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.