Cyber security consists of all the technologies and practices that keep computer systems and electronic data safe. Most people now agree that cyber security is essential to a system’s health, and should be standard practice in business, government, and education. Some important security goals for organizations, systems, and users should be created and strengthened, while others can and should be accomplished by standardizing the management of cyber security, specially when it comes to government cyber security.
It is easy for people and organizations to implement security practices that give them a leg up on attackers. In some cases, this is usefulfor example, by creating good security policies and practicesbut other times it is a waste of time and resources. Administrators need to understand that any strategy that requires a deliberate investment of time and resources from users is not appropriate in most cases. Businesses, government agencies, schools, hospitals, and the like should hire and follow security best practices regardless of whether the security strategy is sensible or not. In the course of this article, I will summarize the five key types of security concerns and suggest measures for each one.
The Vulnerability Concerns. The first type of security concerns is the vulnerability concern. Security should always be a goal, but the primary purpose of security should be to prevent system breaches. Cyber criminals’ primary goal is to attack systems so that they can steal money or information or exploit systems to launch phishing attacks. By doing this, they increase their own profits and reduce those of legitimate organizations. In most cases, security practices can achieve this goal, if implemented in a thoughtful and effective manner.
Many people focus on security by strengthening applications against critical vulnerabilities. However, programs based on implementing user input as a security measure have shortcomings. Users can often unknowingly introduce security vulnerabilities, and users will rarely perform actions that are not actually a security risk. Preventing such vulnerabilities is easier said than done.
Risk mitigation measures, such as using software upgrades and patching, are far more effective. As noted earlier, software vulnerabilities can have devastating effects. Therefore, they should be minimized, if possible. Software updates are generally effective; however, few users are interested in re-installing programs every time they make a change. Instead, users have better things to do. In addition, updating updates are often released in near-automaticity, whereas many software applications are not available in the normal release cycle. Unless updates are made available to users, users will not actively update their systems.
Since most attacks involve the use of software vulnerabilities, it is important for users to use proper software updates. In the case of vulnerabilities affecting Internet Explorer, Microsoft regularly releases patches for these vulnerabilities. Some Windows applications, such as Internet Explorer, use this same approach. Updates for Windows applications are generally released automatically.