Cyber Terrorism

No individual or organization, either in the private or public sector, is immune to the complex threats of the digital era. With more than 1.5 billion users worldwide connected to the Internet and the number of users and Web sites growing at an exponential rate, the Internet has had a revolutionary impact on how we learn, interact, and communicate with each other (Ciampa, 2010, p. 74). Ever since the internet entered consumer computers in the early 1990's it has made a huge impact and flooded nearly all aspects of our lives. We live in a society where security is one of our main goals and concerns. Just like physical terrorist attacks have become more prevalent in today's society, attacks on our computers and the information they contain have become targeted by attackers. This paper will go over and identify the challenges of securing information, identify attackers that are common today, list the basic steps of an attack, and describe the steps in a defense and a comprehensive defense strategy.

Defining Information Security

Information security is the constant method used that exercises due care and due diligence to protect information and systems, from unauthorized access, use, disclosure, destruction, modification, or disruption. Information security is defined as "Safe-guarding an organization's data from unauthorized access or modification to ensure its availability, confidentiality, and integrity." (http://www.businessdictionary.com/definition/information-security.html). nInformation Security makes sure that all protective measures are being used properly. The working of Information Security is a creation of some kind of defense that attempts to fight off attacks and prevent any kind of downfall of the system if and when an attack transpires. The intentions of Information Security are to protect information that has value to the people or the organizations. When looking into what makes the information valuable and why it must be protected by information security comes down the three different types of characteristics of the said information. The three characteristics are confidentiality, integrity, availability. Confidentiality ensures that only the authorized users or parties can view the information. Integrity ensures that the information is correct and makes sure that no unauthorized persons or malicious software has tampered or altered with the data. Availability ensures that the data is accessible to the authorized users. Protecting these characteristics is another portion of the job that information security holds.

The reason Information Security is so important is because it is known to be such a critical aspect to all businesses and is paramount to the success of any organization in today's digital world. With the ongoing and never ending growth of the internet and the digital era, vital information is constantly placed in harm's way. The information can vary from being personal in matter all the way to dealing with national security. This is why there is a high need of information security and protection of all users of digital equipment.

Challenges

The challenges we face in securing our computers and the information they hold in today's day in age is more difficult than it has ever been. The difficulties aren't just coming from the number of attacks; the difficulties are presented when defending against an attack. The difficulties are comprised of the knowledge, tools, and abilities possessed by attackers. The number and variety of computer security attacks in today's world was called "mind-numbing" by Mark Ciampa author of Security Awareness: Applying Practical Security in Your World. The reasons for the difficulties in defending against attacks are:

* Speeds of attacks- With the availability of modern tools attackers have the ability to scan systems to find its weaknesses and launch attacks with unmatched speed.

* Greater sophistication of attacks- Attack tools has the ability to vary their behavior making the same attack to appear different each time.

* Simplicity of attack tools- The tools available for attackers have become easier to use so the skill level is no longer an issue.

* Detect vulnerabilities quicker- Attackers can discover security holes in hardware or software more quickly.

* Delay in patching- Vendors are overwhelmed trying to keep pace by updating their products against attacks.

* Distributed attacks- Attackers use thousands of computers in an attack against a single computer of network.

* User confusion- Users are required to make difficult security decisions with little or no instruction.

(Ciampa, 2010, p. 3)

Today's Attackers

The attackers that are responsible for computer attacks today are divided into numerous categories. The categories are: hackers, script kiddies, spies, employees, cyber criminals, and cyber terrorists.

Hacker was used as a slang term for a computer enthusiast in the past, but in today's world the term is becoming more prominent largely because the popular press has co-opted the term to refer to individuals who gain unauthorized access to computer systems for the purpose of stealing and corrupting data (http://www.webopedia.com/TERM/C/crack.html).

Script kiddies is a person that utilizes existing and frequently well-known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the internet, often randomly and with little regard or perhaps even understanding of the potentially harmful consequences (http://searchmidmarketsecurity.techtarget.com/definition/script-kiddy).

In the computer world the term "spies" is used to describe a person who is hired to break into a computer and steal information. The differences between spies and hackers and script kiddies is that spies do not randomly search for unsecured computers to attack. Instead they are hired to attack and steal from a specific computer or system.

One of the largest information security threats to a business comes from its employees. Employees do not just act in negative ways, sometimes employees just want to show the weaknesses their company has. But on the other hand there are the employees

...