Cyber security can be seen as group of defensive processes, technologies, and practices that are specifically designed to protect internet connected machines. More specifically software on those machines. Conventional approaches to cyber defense are firewalls, authentication tools, and network software that monitors, tracks, and blocks viruses and other malicious cyber attacks. These methods create a protective shield for the infrastructure. However, threats are created by the vulnerabilities in applications. Which in turn are caused by bugs in the design and implementation of software and networks.
Fixes have been and are being developed to protect the systems from threats, but attackers continuously exploit newly discovered flaws. The attack landscape is constantly evolving new threats. Which means that if you build your protection against discovered attacks it is simply not going be enough. New methodologies are also required to discover the embedded and lurking intrusions, so that a more reliable security infrastructure can be taken into use. Machine learning and data mining play significant roles in the future of cyber security.
It is safe to say that software is everywhere, and it needs to be secure. Security can be hard to achieve, but many methodologies for securing systems exist today. All try to answer the same fundamental set of questions.
- What is being protected?
- Are there any known threats and vulnerabilities?
- What are the impacts to the organization if the data is lost or leaked?
- What is the value of the data to the organization?
- What can be done to mitigate the risks?
Asset, threat, vulnerability, and exploit are the most commonly-used terms in the cyber security lingo. Depending on the literature some of these terms overlap and are sometimes used synonymously.
- An asset is what is being protected, something that has some value to its owner. Its value can be tangible (e.g. gold or a running server) or intangible (data)
- A threat is an intention to cause damage. For cyber security this can be defined as a hostile act aimed by an attacker at an asset. Regardless of the attacker's intent to do no harm, a threat is still a threat. The attacker posing a threat is commonly called a threat actor.
- A vulnerability is a defect in the target system. This defect may be a bug in application code, or a flaw in the design of the system. A vulnerabilities can also be a consequence of improper configuration or user action.
- An exploit is a way to take advantage of a known vulnerability. The usual objective is to take control over the asset. (Social engineering, commonly considered a simple scam, is one kind of exploit.)
Remember to check your points from the ball on the bottom-right corner of the material!