There is talk in modern literature about comprehensive security (political, economic, military, energy, information), which implies a growing number of intertwined components.
One of the fundamental elements of national security is information security (INFOSEC – information security).
Computer systems security represents the protection from unwanted use or any form of endangerment that may cause harmful consequences by data, programs, processes, or parts of a computer system.
Data security (information) is protection from various threats during their receipt, processing, storage, transmission, and use. The efficiency of a computer system is significantly determined by the state of information security or data.
Security of smart devices
With the tech growth and an increasing number of users, smartphones are becoming targets of malicious software.
In global tech connectivity, communication, increasing use of personal computers, easy access to the Internet, the emergence of modern devices, Information-Communication Technology – ICT it came to radical changes in the information society.
In computer security, there are several groups of attackers. Based on the way of behaving (ethical principles) and the goals they want to achieve, they can divide as follows:
- White Hat hackers – they find security vulnerabilities. They don’t damage the system and steal information but evaluate system security, threats, and ways to eliminate errors and omissions.
- Black Hat hackers – they compromise the security of the system without approval. They are often the creators of malware software (worms, trojans) whose goal is to steal data or damage computer systems.
- Gray Hat hackers – have excellent knowledge and usually don’t have evil intentions, but sometimes committing illegal activities while exploiting security vulnerabilities. The target activities are testing and monitoring computer systems.
- Blue Hat hackers – tech companies hire them to find security vulnerabilities to close them before releasing software packages.
Protection against threats in cyberspace
The main goal of computer system protection is to eliminate the threats to which the system is exposed. Absolute security is never possible because there will always be ways to disrupt the system. The protection system should not only apply to certain parts of the system but its entire structure.
Protection policy is defined, the necessary knowledge exists. Users want functionality, and protection is thought of later when a problem occurs.
The model of multilayer data protection, as well as other system resources, is implemented with the model of protective rings (spheres):
- Sphere of physical safety (prevents physical access of the attacker);
- Technical sphere (firewall, attack detection, and prevention systems);
- Personnel sphere (correct selection of personnel and provision of optimal working conditions);
- Organizational sphere (measures and activities, competencies and obligations of users and executors as well as access to resources);
- Normative sphere (laws, instructions, plans, and other regulations that bind and prescribe the execution of an action and the manner of execution of that action).
The Cybercrime Encyclopedia states that the FBI and The National White Collar Crime Center in the United States are also being discovered monitor the following forms of illicit behavior:
- intrusions into computer networks,
- industrial espionage,
- software piracy,
- child pornography,
- sniffing password,
- credit card theft.
To effectively counter threats in cyberspace, it is necessary to know the perpetrators and the tools they use, the characteristic attacks on computer systems. Due to their extreme complexity and dynamism, threats in cyberspace are demanding to engage the whole society. There is an emphasis on countering threats in cyberspace given to proactive action.
Preventive measures primarily prevent and make it difficult or prevent unauthorized intrusions into computer systems. Rehabilitation actions ensure that the system regains primary services (integrity, confidentiality, performance, and other qualitative properties).