Cybersecurity Forum - What is Cybersecurity? …

What is cybersecurity?
Cybersecurity is the collection of technologies, processes, and practices that protect networked computer systems from unauthorized use or harm. Broadly speaking, cybersecurity topics can be subdivided into two complementary areas: cyber attacks, which are essentially offensive and emphasize network penetration techniques; and cyber defenses, which are essentially protective and emphasize counter-measures intended to eliminate or mitigate cyber attacks.

Cyber attacks can take aim at the enterprise, government, military, and other infrastructural assets of a nation or its citizens, where these assets can include physical infrastructure (e.g., power grids, nuclear reactors) as well as computational infrastructure (e.g., computers, networks). Cyber attacks can be classified by their participating actors (states vs. non-states) and their attack mechanisms (e.g., direct attack, malware, exploits). See the Cyber Attack Classifications and Cyber Attack Mechanism Taxonomy sections on the Cyber Threats page for more information.

Correspondingly, cyber defenses must protect the enterprise, government, military, and other infrastructural assets of a nation or its citizens. As is the case with cyber attacks, cyber defenses can be classified by their participating actors (states vs. non-states) and their attack mechanisms (e.g., direct attack, malware, exploits). See the Cyber Defense Classifications and Cyber Defense Countermeasure Taxonomy sections on the Cyber Defenses page for more information.
For further information about Cybersecurity check out the Cybersecurity Overview and Cybersecurity FAQ sections, and subscribe to the Cybersecurity Discussion Group.

CyberSecurity Forum™ is a web community dedicated to Cybersecurity technologies, processes, and their practical applications.

Cybersecurity is a key technology for technology experts and technology users (basically everyone) to understand, so that everyone can collaborate to improve the security of our networked information-based society.
Here you will find information related to cyber attacks (cyber crime, cyber warfare, cyber terrorism, etc.), cyber defenses, cybersecurity standards, cybersecurity tools, cybersecurity training, and other cybersecurity resources.

YEAR

TOTAL# BREACHES†

AVG# IDS EXPOSED†

TOTAL# IDS EXPOSED†

WEB ATTACKS BLOCKED/DAY†

2016

1,209

927K

1.1B

229K

2015

1,211

466K

564M

340K

2014

1,523

805K

1.2B

493K

2013

253

2.2M

552M

569K

2012

156

604K

93M

247K


Why do we need cybersecurity?
The increasing reliance of our information age economies and governments on cyber (computer-based) infrastructure makes them progressively more vulnerable to cyber attacks on our computer systems, networks and data. In their most disruptive form, cyber attacks target the enterprise, government, military, or other infrastructural assets of a nation or its citizens. Both the volume and sophistication of cyber threats (cyber warfare, cyber terrorism, cyber espionage and malicious hacking) are monotonically increasing, and pose potent threats to our enterprise, government, military, or other infrastructural assets. Knowing that to be forewarned is to be forearmed, we are well advised to effect strong Cybersecurity defenses that will thwart rapidly evolving cyber threats.

Recent newsworthy cyber attacks on critical cyber infrastructure (e.g., Target data breach, Mt. Gox bitcoin hacker attacks, NSA data leaks and subsequent PRISM revelations) demonstrate the urgent need for improved cybersecurity. As cyber threats grow, so must our abilities to neutralize them. Towards that end the U.S. government issued an Executive Order for Improving Critical Infrastructure Cybersecurity in February 2013, and the 2014 President's Budget devotes over $13B to cyber-related programs and activities [Federal Information Technology FY 2014 Budget Priorities, p. 15]. The European Union Agency for Network and Information Security (ENISA) lists all known public documents of National Cyber Security Strategies in the EU as well as the rest of the world.
For further information about Cybersecurity check out the Cybersecurity Overview and Cybersecurity FAQ sections, and subscribe to the Cybersecurity Discussion Group.

What is cyber hygiene?
Cyber hygiene refers to activities that computer system administrators and users can undertake to improve their cybersecurity while online. The term cyber hygiene was coined by Vinton Cerf, an Internet pioneer, who used that the expression in his statement to the United States Congress Joint Economic Committee on 23 February 2000, where italics are added for emphasis:

It is my judgment that the Internet itself is for the most part secure, though there are steps we know can be take to improve security and resilience. Most of the vulnerabilities arise from those who use the Internet--companies, governments, academic institutions, and individuals alike--but who do not practice what I refer to as good cyber hygiene. They are not sufficiently sensitive to the need to protect the security of the Internet community of which they are a part. The openness of the Internet is both its blessing and its curse when it comes to security.

Cyber hygiene related activities for computer system administrators include, but are not limited to, segmenting networks, enforcing compartmentalized ("need to know") user permissions, enforcing strong password rules and bi- or multi-authorization procedures, ensuring that firewalls are properly installed, updating both “white lists" and "black lists", ensuring that all antivirus and spam ware protection software is properly installed, removing all unauthorized software, ensuring that all firmware and software patches are current.

Cyber hygiene related activities for computer system users include using strong passwords which are changed frequently and not written down, avoid accessing cybersecure systems on unauthorized and/or non-secure BYODs (Bring Your Own Devices), avoid mixing personal with cybersecure email and/or work documents.
For further information about Cybersecurity check out the Cybersecurity Overview and Cybersecurity FAQ sections, and subscribe to the Cybersecurity Discussion Group.

Those who surrender freedom for security will not have, nor do they deserve, either one.Benjamin Franklin
Google Groups
Subscribe to Cybersecurity Forum
Email:
Visit this group
For further information about Cybersecurity check out the Cybersecurity Overview and Cybersecurity FAQ sections, and subscribe to the Cybersecurity Discussion Group.

CYBERSECURITY FORUM and CyberSecurityForum.com are trademarks of PivotPoint Technology Corporation. All other product and service names mentioned are the trademarks of their respective companies.