the major difficulties in defending against cyber-attacks
-Universally connected devices
-Increased speed of attacks
- Greater sophistication of attacks
- Availability and simplicity of attack tools
- Faster detection of vulnerabilities
- Delays in security updating
- Weak security updates distribution
- Distrib
Universally connected devices
attackers from anywhere in the world can attack
Increased speed of attacks
Attackers can launch attacks against millions of computers within minutes
Greater sophistication of attacks
Attack tools vary their behavior so the same attack appears differently each time
Availability and simplicity of attack tools
Attacks are no longer limited to highly skilled attackers
Faster detection of vulnerabilities
Attackers can discover security holes in hardware or software more quickly
Delays in security updating
Vendors are overwhelmed trying to keep pace updating their products against the latest attacks.
Weak security update distribution
Many software products lack a means to distribute security updates in a timely fashion.
Distributed attacks
Attackers use thousands of computers in an attack against a single computer or network.
User confusion
Users are required to make difficult security decisions with little or no instruction
CIA Triad
Confidentiality, Integrity, Availability
Cybersecurity laws
-The Health Insurance Portability and Accountability
Act of 1996 (HIPAA)
- The Sarbanes-Oxley Act of 2002 (Sarbox)
-The Gramm-Leach-Bliley Act (GLBA)
-Payment Card Industry Data Security Standard
-The California Database Security Breach Act (2003)
four key elements to creating a practical security strategy
1. Block attacks
2. Update defenses
3. Minimize losses
4. Stay alert