One of the greatest dangers to computer data security is human error or ignorance. Those responsible for using or running a computer network must be carefully trained in order to avoid accidentally opening the system to hackers. In the workplace, creating a training program that includes information on existing security measures as well as permitted and prohibited computer usage can reduce breaches in internal security. Family members on a home network should be taught about running virus scans, identifying potential Internet threats, and protecting personal information online.
In business and personal behavior, the importance of maintaining information security through caution and common sense cannot be understated. A person who gives out personal information, such as a home address or telephone number, without considering the consequences may quickly find himself the victim of scams, spam, and identity theft. Likewise, a business that doesn't establish a strong chain of command for keeping data secure, or provides inadequate security training for workers, creates an unstable security system. By taking the time to ensure that data is handed out carefully and to reputable sources, the risk of a security breach can be significantly reduced.
7.2 Security Software.
Security software is computer software which is designed to enhance security for an individual computer or for a computer network. This software is meant to be used as part of a total security plan, rather than as a standalone security measure. Numerous software companies make security products, ranging from freeware which can be downloaded by individual computer users to specialty programs designed for particular networks, such as those used to store information for governments.
Security software can serve a number of security functions. Some programs are designed for a single and specific purpose, such as spyware removal, while others can accomplish several functions. Security software is used to establish firewalls, to detect and remove viruses, to secure information on a network, to detect attacks on a computer or network, and so forth. As a general rule, it runs all the time, providing background protection, and users can also run utilities to scan their computers for specific computer threats.
Such software can also be used for access filtering. With some computers and networks, access filtering may be desired to keep people away from sites which could threaten security, such as sites which automatically start downloads of malicious code. Access filtering may also be utilized to ensure that people in the workplace only access work-appropriate sites, and to protect young computer users such as children from material which could be threatening or dangerous.
Most programs are highly flexible. The program may have settings which ensure that only an administrator can execute certain tasks with the program, and the program can be configured to meet the needs of a specific system. Security software programs can also be directed to issue reports which are sent to an administrator when problems are detected. They can also be used to secure specific content on a particular computer; for example, someone can create password protected files or directories with security software to limit unauthorized access.
The term “security software” is also used to describe cryptographic software. This software is used to send and receive encoded messages, ensuring that even if a message is intercepted, it will not be readable. Truly robust cryptographic software which is extremely difficult to crack can be quite costly and resource intensive, while basic programs provide a low level of encryption for people who want moderately secure communications.
Reviews of security software are available through many reputable websites and computer magazines. Such reviews discuss the cost, ease of use, installation process, and other features to help consumers make an informed choice about which product will be most suitable.
7.3 What Is a Cyberattack?
A cyberattack is an attempt to undermine or compromise the function of a computer-based system, or attempt to track the online movements of individuals without their permission. Attacks of this type may be undetectable to the end user or network administrator, or lead to such a total disruption of the network that none of the users can perform even the most rudimentary of tasks. Because of the increasing sophistication of these kinds of network attacks, the development of effective software defenses is an ongoing process.
It is important to understand that a cyberattack can be relatively innocuous and not cause any type of damage to equipment or systems. This is the case with the clandestine downloading of spyware onto a server or hard drive without the knowledge or consent of the owner of the equipment. With this type of cyberattack, the main goal is usually to gather information that ranges from tracking the general movements and searches conducted by authorized users to copying and forwarding key documents or information that is saved on the hard drive or server. While the ultimate goal is to capture and transmit information that will help the recipient achieve some sort of financial gain, the spyware runs quietly in the background and is highly unlikely to prevent any of the usual functions of the system from taking place.
However, a cyberattack can be malevolent in its intent. This is true with viruses that are designed to disable the functionality of a network or even a single computer that is connected to the Internet. In situations of this nature, the purpose is not to gather information without anyone noticing, but to create problems for anyone who uses the attacked network or computers connected with that network. The end result can be loss of time and revenue and possibly the disruption of the delivery of goods and services to customers of the company impacted by the attack. Many businesses today take steps to ensure network security is constantly being enhanced to prevent these types of malicious computer attacks.
Attempts by cyberterrorists to interfere with the function of power grids and other means of delivering public services are also classified as cyberattacks. Because attacks of this kind can quickly cripple the infrastructure of a country, they are considered an ideal means of weakening a nation. A strategy utilizing a series of cyberattacks timed to simultaneously disrupt several different key systems can, in theory, render a nation unable to successfully overcome any of the attacks before a great deal of damage has taken place. Fortunately, many nations recognize the very real threat of cyberterrorism and take steps to protect government and public service systems from any type of Internet attack, as well as the manual introduction of software that could disrupt the systems.
Just as governments and corporations must be aware of the potential for a cyberattack to occur, individuals must also take steps to protect their home computers and related equipment from sustaining an attack. A basic preventive measure is to secure high quality anti-virus and anti-spyware software, and update it on a regular basis. End users should also make sure to scan and files or programs that are stored on a CDR or similar remote storage system before loading them onto a hard drive.
7.4 Different Types of IT Security Qualifications.
Information technology (IT) security professionals are responsible for making sure that all of an organization's software, telecommunication devices, telecommunications programs and networks are protected against intruders. They do this by installing firewalls, which block access from unauthorized locations, and by developing passwords and other deterrents. IT security professionals must keep up with new threats, such as viruses and hacking methods, so they can develop new defenses against these security risks. Some of the most common IT security qualifications are undergraduate and graduate degrees in fields such as computer science and information systems — normally with concentrations in security. Other IT security qualifications depend on the level of responsibility that is associated with a particular position.
For entry-level positions, IT security qualifications might require only some academic preparation. Many people take these positions as interns while still in their college programs. They might apply security principles that they learn in class to the work they do in an IT department under close supervision of established IT security professionals. In many cases, IT security qualifications for these lower-level positions might also include references from instructors who can attest to an individual's understanding of IT security concepts and perhaps professional references that show that an individual is able to follow instructions and work in a professional environment.
People who are interested in higher-level positions in which they might actually design security solutions and perform risk management generally must satisfy IT security qualifications that include significant amounts of technical and management experience. People in these positions have to be deeply familiar with operating systems and software. They must understand their vulnerabilities and know which solutions typically are prescribed to deal with these flaws. Project management, which includes the development and implementation of security processes and solutions, requires professionals who are able to effectively delegate tasks and complete projects in allotted periods of time and under budgetary constraints.
In most cases, IT security qualifications also include the ability to communicate clearly in various ways. Most positions require that individuals can write clear reports that describe issues such as system vulnerabilities and possible solutions. In many cases, higher-level IT security professionals must give presentations in which they use graphs and written text to convince managers and executives that certain threats exist and that only particular solutions apply.
Professional certification and membership in professional associations related to IT security might not be considered IT security qualifications by many employers, but they can help job candidates to stand apart from the competition. These credentials can show that a person keeps up with current trends and concerns. It also is common for people who have these professional connections to read trade publications and attend presentations where they can learn about new products and ideas in the field of IT security.