Im working on a Computer Science exercise and need support.
Initial discussion and replies to peers, add references, NO PLAGIARISM
Discussion 1:
What is Cyber Security?
This is a process of protecting or recovering networks, devices and programs from any form of cyberattack. Cyberattacks are evolving dangers to organizations and consumers. They may be designed to access or destroy sensitive data. Cybersecurity has multiple layers of protection spread across computers, networks, and programs. Usually, cyber threats that attack your computer falls into three categories which are termed as C-I-A Triad.
Confidentiality: Confidentiality includes stealing personal information and bank or credit information. These are normally done by sending in some form of the virus to your devices like a where users are attracted to some form of ads where you dont even read the information and opt for the service. This is how you will be giving them your data and the attackers will sell the information to the dark web for others to purchase and use. confidentiality ensures that data is only accessed by those authorized to see it. Attackers use many methods to compromise confidentiality like Password Attacks where they hack users passwords to gain access to their computer or mobile devices, Wiretapping where an attacker can listen to other phone calls, Phishing emails to attack sensitive information and social engineering where users can be manipulated into performing actions like I discussed in the above example like clicking on ads that attract users.
Integrity: Data Breach where hackers break into the system and steal information and expose the data to other influencing users to lose trust and Instead of stealing information attackers hold it for ransom and modify it in place. The goals of data manipulation are to compromise the integrity of the information. Public infrastructure can be an easy target by cyberattacks.
For Example: In December 2015 about 80,000 residents in western Ukraine lost power for 6 hours following a Russian cyber-attack according to SANS ICS and insight partners. The malware shut down computer operating systems which ended up shutting down the local electrical grid. It is said to be that by the end of 2020 80% of endpoint protection platforms will include user activity monitoring and forensic capabilities.
Availability: This is defined as which exists and ready for the user or obtainable. Attacks on Availability are Denial of Service (DoS). In the DoS attack, You will be restricted to use your computer or mobile device, or you will be blocked from accessing your data until you pay a fee or ransom amount. Attacks like Ping flood, Smurf attack, SYN attack, Buffer overflow are examples of attacks on availability. In order to prevent an attack on availability check that the business operates without any disruption and ensure that data and systems are safeguarded by firewall protection and taking backups from time to time.
Attackers use one of these three categories of CIA triad. However, many other Cyber Security Frameworks came into existence such as NG911, NIST cybersecurity framework to tackle all these cybersecurity threats and minimize those threats. However, one should be careful in protecting their data which is highly sensitive. I think Confidentiality is a riskier attack as the public and other users easily fall for phishing emails and scams and give away their personal information.
References:
1.https://www.911.gov/issue_nextgeneration911.html
2.https://us.norton.com/internetsecurity-malware-wha
3.http://www.omnisecu.com/ccna-security/types-of-net
4.https://www.skyhighnetworks.com/cloud-security-blo
5.https://www.itgovernanceusa.com/blog/how-nist-can-
Discussion 2:
Confidentiality, Integrity & Availability
In the information security world, the three terms which are of prime importance is Confidentiality, Integrity and Availability; profoundly known as CIA Triad. It is important in a business setting as people deal with data over the internet or by many means. The data can be only be trusted based on these properties.
Confidentiality:
Confidentiality of a system will make sure that an authorized individual is accessing the resource wherein certain users are able to access certain resources. The resources here can be anywhere from navigation to certain page on a website, access an intellectual property, credit card information, medical information, or any sensitive information. Once an organization detects such a breach, they will have no other choice but to isolate the system from further damage resulting in denial of services to customers. These customers then will have no other choice but to look for other alternatives with a hope that such incidents may not happen again.
Integrity:
Integrity is to make sure that the data is left unaltered during transmission or retrieval. Integrity based attacks have increased over the years, the data suggest there is soar in such attack to the tune of 400%. One such famous attack is the WannaCry Ransomware which came into light in 2017. The hackers generally threatened to modify the data or delete it if the affected company fails to give a ransom money. The attack can affect the integrity of a system such that it can propagate to replication servers where the data is stored. The businesses have no other choice but to succumb to these attacks.
Availability:
The availability is one of the core features any business entity, promising as part of the service agreement, to make the system or a service available to the user 24X7 throughout the year. A server availability can be disrupted by any physical threat who try to bring the system down. Many companies have their disaster recoveries when any physical outage or a cyber-attack can disrupt a server which is a primary source serving all kinds of request.
One such recent cyber-attack was on German Automation Giant Pilz which was immobilized by ransomware attack. All the servers and PC workstations were affected, as a result, the company pulled out of all their system out of the network to avoid further damage. The availability of the system was affected worldwide as a result of this attack. The IT team were working round the clock to check the integrity and making sure if there is any loss of confidential and classified data.
It is important for a business point of view how data is handled, who views, uses, and modifies it.
References:
https://deloitte.wsj.com/cio/2018/11/19/using-the-cia-triad-to-boost-cyber-resilience/
http://www.clker.com/clipart-dynamic-triad.html
https://www.infosecurity-magazine.com/news/german-giant-pilz-down-after/
The post In your own words, explain what the following terms mean to you as they apply to information security and safe computing: Confidentiality, Integrity, and Availability. Why are these factors so important to businesses? appeared first on Learnedprofessors.
