{"id":353,"date":"2021-12-29T10:37:40","date_gmt":"2021-12-29T10:37:40","guid":{"rendered":"https:\/\/pkchopra.com\/blog\/?p=353"},"modified":"2024-03-12T10:15:41","modified_gmt":"2024-03-12T10:15:41","slug":"information-security-malware","status":"publish","type":"post","link":"https:\/\/pkchopra.com\/blog\/index.php\/information-security-malware\/","title":{"rendered":"Information Security & Malware"},"content":{"rendered":"

Computer security<\/strong>,\u00a0information technology security<\/strong>\u00a0(IT security<\/strong>) or\u00a0cyber security<\/strong>\u00a0is the protection of computer systems and networks from information disclosure, theft or damage to the hardware,<\/a>\u00a0software, or electronic data, as well as from the disruption or misdirection of the services they provide.<\/p>\n

\u201cCyber security\u201d<\/strong>\u00a0focuses on protecting computer systems from unauthorised access or being otherwise damaged or made inaccessible.<\/p>\n

\u201cInformation technology security\u201d<\/strong>\u00a0is a broader category which looks at protecting all information assets, whether in hard copy or digital form.<\/p>\n

A big impact on information security in organizations can be\u00a0Employee behaviour<\/strong>. During a research it was observed that employees often do not see themselves as part of their organization\u2019s information security effort and take actions which impede organizational changes.<\/p>\n

To\u00a0manage information security culture<\/strong>\u00a0effectively some steps are suggested:<\/p>\n

Step 1: Pre-Evaluation<\/strong>
\nUnderstand the level of awareness of information security amongst employees and analyse existing security policies.<\/p>\n

Step 2: Strategic planning
\n<\/strong>A team of skilled professionals should be used to set clear targets and to come up with a better awareness program.<\/p>\n

Step 3: Operative planning
\n<\/strong>Using internal communication, security awareness and a training program a good security culture can be established.<\/p>\n

Step 4: Implementation
\n<\/strong>The information security culture is implemented in four stages:
\nI. Commitment by the management
\nII. Communication with organizational members
\nIII. Training for all organizational members
\nIv. Commitment of the employees<\/p>\n

Step 5: Post-evaluation
\n<\/strong>Assess success of planning & implementation and identify unresolved areas of concern.<\/p>\n

Cost of Security Breaches
\n<\/strong>Serious financial damage has been caused by security breaches, but as there is no standard model for estimating the cost of an incident, the only data available is what is made public by the companies involved. Several IT security consulting firms produce estimates of total worldwide losses attributable to virus and worm attacks and to hostile digital acts in general. The 2003 loss estimates range from $13 billion (worms and viruses only) to $226 billion (for all forms of covert attacks).<\/p>\n

Reasonable estimates of the financial cost of security breaches can actually help organizations make rational investment decisions. It is concluded that the amount a firm spends to protect information would be a small fraction of the expected loss (expected value of the loss resulting from a cyber\/information security breach)<\/p>\n

Lack of Global Laws & Regulations
\n<\/strong>International legal issues of cyber-attacks are complicated in nature because there are no global common rules to judge and punish cybercrimes and cybercriminals. At times when security firms\/ agencies are able to locate the cybercriminal behind a cyber-attack or a particular piece of malware,<\/a>\u00a0often the local authorities cannot take action due to lack of laws under which to prosecute.<\/p>\n

In addition, there is another major problem for law enforcement agencies is to prove attribution. Computer viruses switch from one country to another, from one jurisdiction to another \u2013 moving around the world, using the fact that we don\u2019t have capabilities for globally police operations in the similar manner.<\/p>\n

Role of Governments
\n<\/strong>Currently government\u2019s role is to make regulations so that companies and organizations protect their systems, infrastructure and information from cyber-attacks. The government\u2019s regulatory role in cyberspace is not clear. There is an opinion that cyberspace is a virtual space which should remain free of government intervention and that can be seen in many of today\u2019s libertarian block chain and bitcoin discussions.<\/p>\n

However, many government officials and experts think that the government should do more as there is a crucial need for improved regulations. The emergency is due to the failure of the private sector to efficiently address cyber security problems.<\/p>\n

On 22 May 2020, the UN Security Council held its second ever informal meeting on cyber security to focus on cyber challenges to international peace. According to the then UN Secretary-General new technologies are often used to violate rights.<\/p>\n

Cyber security<\/strong>\u00a0is a fast-growing field. According to a research 46% of organizations say that they have a \u201cproblematic shortage\u201d of cyber security skills in 2016, up from 28% in 2015.Commercial, government and non-governmental organizations all employ cyber security professionals. The fastest increases in demand for cyber security workers are in industries managing increasing volumes of consumer data such as finance, health care, and retail.<\/p>\n

Computer security can be achieved using\u00a0threat prevention, detection, and response processes<\/strong>. These processes are based on policies related to different system components. For ex:<\/p>\n