Friday, July 22, 2011

Cyber security

Introduction
Cyber security standards are security standards which enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks. These guides provide general outlines as well as specific techniques for implementing cyber security. For certain specific standards, cyber security certification by an accredited body can be obtained. There are many advantages to obtaining certification including the ability to get cyber security insurance.
Types of cyber security
As Internet usage continues to rise throughout the world, the threat of cyber crime also grows. While some of these crimes are relatively harmless and commonplace, others are very serious and carry with them felony charges. Here are a few of the more common forms of cyber crime.

Spam
The most common type of cyber crime is spam. While email spam laws are fairly new, there have been laws on the books regarding "unsolicited electronic communications" for many years.

Fraud
Credit fraud is another common form of cyber crime. Certain computer viruses can log keystrokes on your keyboard and send them to hackers, who can then take your Social Security number, credit card number and home address. This information will be used by the hacker for his own means.

Cyber Bullying
Harassment, or cyber bullying, is a growing problem among teenagers. Many countries in Europe and several states in the United States have laws to punish those who consistently harass somebody over the Internet.

Drug Trafficking
Believe it or not, drug trafficking is happening over the Internet. Many traffickers use encrypted email or password-protected message boards to arrange drug deals.

Cyberterrorism
There are many forms of cyberterrorism. Sometimes it's a rather smart hacker breaking into a government website, other times it's just a group of like-minded Internet users who crash a website by flooding it with traffic. No matter how harmless it may seem, it is still illegal.

Identity Theft
Identity theft can happen online when another person takes a person's Social Security number and/ or other personal information and uses it to pretend to be somebody else. Some ways that these individuals try to steal personal information are sending out "phishing" emails (emails that look like they are from a person's bank, place of business or legitimate organization), and ask for credit card information, Social Security numbers, and other identifying information. Most banks and credit card companies will never ask for such information via email. Beware of these popular tactics.

Credit Card Fraud
According to a Gartner survey of 100 retailers, credit card fraud is the No. 1 problem in e-commerce. Ninety-three percent of purchases that are made online use credit cards as a form of payment. Credit card fraud happens when others use someone else's credit card to make purchases online. Credit card numbers can be stolen with false online forms or emails. Some red flags of a purchase made with a stolen credit card include the shipping address being different from the billing address, requesting leaving orders at the door, and ordering expensive items or many items of the same product.

Cyber-Stalking
Cyber-stalking is when another individual harasses their victim by any means online such as constant emails and messaging. After several attempts at online pursuit, they will often attempt offline stalking as well. Most stalkers know who their victims are in real life. Often these involve ex-spouses, disgruntled co-workers or bosses, or perhaps someone who they may have gone on a few dates with. If you feel you have been a victim of cyber-stalking, contact your local police to file a complaint.

Software Piracy
With the growing popularity of computer-sharing programs such as Bear-Share, torrents and LimeWire, piracy is becoming a growing problem. People can download or "share" programs instead of purchasing them or getting a license for them. Any time a friend copies software, downloads software from a sharing website or program, or a business doesn't report the numbers of computers using software, it is a form of software piracy. Being convicted of software piracy often involves jail time and large fines.

Pornography
The Internet has introduced a growing number of pornography sites that sadly include children. Pornography is a growing crime among Internet users. According to Internet Filter Review, there are 4.2 million pornographic websites. Thirty-four percent of computer users have received unwanted pornographic material on the Internet. Eighty-nine percent of youth in Internet chat rooms have received sexual solicitations. The punishment for child pornography is different in each state. Some states only require that offenders be jailed for one year, while others can impose a 15-year term.

Why Is Cyber Security Important?
The increasing volume and sophistication of cyber security threats-including targeting phasing scams, data theft, and other online vulnerabilities-demand that we remain vigilant about securing our systems and information.
The average unprotected computer (i.e. does not have proper security controls in place) connected to the Internet can be compromised in moments. Thousands of infected web pages are being discovered every day. Hundreds of millions of records have been involved in data breaches. New attack methods are launched continuously. These are just a few examples of the threats facing us, and they highlight the importance of cyber security as a necessary approach to protecting data and systems.

Threats
There are many threats, some more serious than others. Some examples of how your computer and systems could be affected by a cyber security incident - whether because of improper cyber security controls, manmade or natural disasters, or malicious users wreaking havoc-include the following:

Denial-of-service
Refers to an attack that successfully prevents or impairs the authorized functionality of networks, systems or applications by exhausting resources. What impact could a denial-of-service have if it shut down a government agency's website, thereby preventing citizens from accessing information or completing transactions? What financial impact might a denial-of-service have on a business? What would the impact be on critical services such as emergency medical systems, police communications or air traffic control? Can some of these be unavailable for a week, a day, or even an hour?

Malaria, worms, and Trojan horses
These spread by email, instant messaging, malicious websites, and infected non-malicious websites. Some websites will automatically download the malaria without the user's knowledge or intervention. This is known as a "drive-by download." Other methods will require the users to click on a link or button.

Bonnets and zombies
A bonnet, short for robot network, is an aggregation of compromised computers that are connected to a central "controller." The compromised computers are often referred to as "zombies." These threats will continue to proliferate as the attack techniques evolve and become available to a broader audience, with less technical knowledge required to launch successful attacks. Bonnets designed to steal data are improving their encryption capabilities and thus becoming more difficult to detect.

"Shareware" - fake security software warnings
This type of scam can be particularly profitable for cyber criminals, as many users believe the pop-up warnings telling them their system is infected and are lured into downloading and paying for the special software to "protect" their system.

Social Network Attacks
Social networks can be major sources of attacks because of the volume of users and the amount of personal information that is posted. Users' inherent trust in their online friends is what makes these networks a prime target. For example, users may be prompted to follow a link on someone's page, which could bring users to a malicious website.