Cybersecurity_Group2

docx

School

Toronto Metropolitan University *

*We aren’t endorsed by this school

Course

1

Subject

Communications

Date

Jan 9, 2024

Type

docx

Pages

6

Uploaded by HighnessWaspPerson663

Report
Technical Definitions Cybersecurity Group 2: Toluwalase Kayode, Chien Truong COMM13792 Thura Aljubury
Definition ISACA (Information Systems Audit and Controls Association), an international professional association focused on IT governance, defines cybersecurity as “the protection of information assets by addressing threats to information processed, stored and transported by internetworked information systems” (Cooke, 2019). The word, “Cybersecurity” is a fusion of two independent words: Cyber and Security. Cyber is a short form of the word Cybernetics , derived from the Greek kubernētēs, a pilot or steersman, and popularized in the 1940s. Cybernetics influences game, system, and organizational theory (Dawkins, 2022) . The prefix “cyber-” has been popularized in pop culture as a description of a techno-futuristic world. The other half, “-security”, is simply the state of being free from danger or threat. History and Background Before The Internet, the US Department of Defense created a doomsday communications network called ARPANET to maintain communications after a supposed nuclear war. To test security flaws in this system, a developer named Bob Thomas created and deployed a virus called “The Creeper.” Originally intended to be harmless, the virus traveled and replicated itself to an extent that corrupted the hosted network. In response, Thomas’s colleague–Ray Thomlinson–invented the first antivirus called “Reaper Program” that sought out and nullified The Creeper (Monroe College). This event is known as the first attempt at performing cybersecurity. In other words, this was “ground zero” for the endless battle between malware (malicious software designed to harm or access computers) and defensive technologies (firewalls, antispam, antivirus, Intrusion detection systems, etc.).
Operating Principle According to the latest estimates, 328.77 million terabytes of data are created each day. A whopping 120 zettabytes of data will be generated by the end of this year (Duarte, 2023). Most of this data is miscellaneous and ephemeral, but a significant portion is sensitive data i.e. private information. Data Confidentiality, Integrity, and Availability - the CIA triad - are the three main objectives of cybersecurity. Information assets–“crown jewels” as they are referred to in the industry–are under persistent attack by bad actors, whose goals are to extort, blackmail, cripple organizations or individuals, and, in some extreme cases, carry out acts of war or terrorism. These bad actors consist of nation-states, criminal organizations, political activists, insider threats, script kiddies, etc. The global expansion of the Internet (A digital highway composed of physical internetworked data transmission and storage systems) has brought with it a widening digital threat landscape (a collection of ever-changing threats that evolve alongside technology). Analysis of Parts As technology evolves, organizations have enacted changes to their data use and sharing in parallel with rapid adoptions & advances in cloud computing, social media, and mobile computing. Such changes have simultaneously provided an exponential increase in connectivity and created larger openings for cybercrime. These openings are called vulnerabilities : weaknesses in the design, implementation, operation, or internal control of a process that could expose the system to adverse threats from threat events (Mullinger, 2022). The exploitation of vulnerabilities results in a Cybersecurity incident : an adverse event– intentional and unintentional–that negatively impacts the confidentiality, integrity, and
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
availability of data. To minimize the possibility of a breach, organizations have adopted a holistic approach tagged Defense-in-Depth –the practice of layering defenses to add protection, starting from the most sensitive network segments/data to the perimeter . This perimeter can be a well- defined virtual and/or physical boundary between the organization and the outside world. This practice significantly increases the effort required for a successful attack and creates additional opportunities to detect or delay an attacker. Privacy remains a primary concern for all parties in the digital arena. Fortunately, extensive research and testing have and will continue to be invested in. Such investments allow for tailored cybersecurity standard frameworks for individual industries to reduce cyber risk. A cybersecurity framework provides a common language and set of standards for security leaders across countries and industries to understand their security postures and those of their vendors. With a framework in place, it becomes much easier to define the processes and procedures that your organization must take to assess, monitor, and mitigate cybersecurity risk (Cisternelli, 2023). Alongside frameworks are legal regulations that hold organizations responsible for neglect and/or abuse of consumer privacy. Examples of cybersecurity standards and regulations are NIST CSF (National Institute of Standards and Technology Cyber Security Framework), COBIT (Control Objectives for Information and Related Technology) by ISACA, GDPR (General Data Protection Regulation) EU regulation, and PCIS DSS (Payment Card Industry Data Security Standard).
References Bannister, A. (2022, May 23). Blockchain bridge wormhole pays record $10m bug bounty reward. The Daily Swig . https://portswigger.net/daily-swig/blockchain-bridge-wormhole- pays-record-10m-bug-bounty-reward Cisternelli, E. (2023, March 31). 7 Cybersecurity frameworks that help reduce cyber risk (list & resources) policy and regulations . Bitsight Blog . https://www.bitsight.com/blog/7- cybersecurity-frameworks-to-reduce-cyber-risk Cooke, I., & Raghu, R. V. (2019). IS audit basics: auditing cybersecurity. ISACA Journal , 2 (2019). https://www.isaca.org/resources/isaca-journal/issues/2019/volume-2/is-audit-basics- auditing-cybersecurity Dawkins, J. (2022, July 7). What’s in a name? The origin of cyber. Ciso Blog . https://www.ciso.inc/blog-posts/origin-cyber/#:~:text=Cyber%20Can%20be%20Traced%20Back %20to%20the%2040s&text=Cybernetics%20influences%20game%2C%20system%2C %20and,governance%E2%80%9D%20and%20applies%20to%20leadership Duarte, F. (2023, April 3). Amount of data created daily (2023). Exploding Topics . https://explodingtopics.com/blog/data-generated-per-day Federal Bureau of Investigation (n.d.). FBI history - cyber crime: morris worm . FBI . https://www.fbi.gov/history/famous-cases/morris-worm Monroe College (n.d.). Cybersecurity history: hacking & data breaches . Monroe College News. https://www.monroecollege.edu/news/cybersecurity-history-hacking-data-breaches Mullinger, M., & Jayakody, S. (2022, March 10). Vulnerability management: addressing your weaknesses before they can be exploited. ISACA Now Blog . https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2022/vulnerability-
management-addressing-your-weaknesses-before-they-can-be-exploited
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

新建 Microsoft Word Document.docx
Revision Assignment COMM 140.docx
DO95 Task 2.docx
DO91 Task 4.docx
Wk9AssgnBazan_.docx
Fxp-3500 __ Assesment 4--.docx
Written Report - Week 7.docx
Final Teacher Tool Kit_1299EDN.docx
Ekueti_1299EDN- Using ICT Capabilities to Combat Cyberbullying-.docx
Assessment 2 - Justifying Assessment FINAL FINAL FINAL.docx
COMM 141 Reading and Writing Test 1 How to Play Winning Tennis Revised.docx
Exam 2.pptx