Cybersecurity information technology list

Last updated

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

Contents

Cybersecurity is a major endeavor in the IT industry. There are a number of professional certifications given for cybersecurity training and expertise. [1] Although billions of dollars are spent annually on cybersecurity, no computer or network is immune from attacks or can be considered completely secure. The single most expensive loss due to a cybersecurity exploit was the ILOVEYOU or Love Bug email worm of 2000, which cost an estimated 10 billion dollars. [2]

This article attempts to list all the important Wikipedia articles about cybersecurity. There are a number of minor articles that can be reached by means of links in the listed articles.

General

Introductory articles about cybersecurity subjects:

Cryptography

The art of secret writing or code. A "plaintext" message is converted by the sender to "ciphertext" by means of a mathematical algorithm that uses a secret key. The receiver of the message then reverses the process and converts the ciphertext back to the original plaintext. [7]

Steganography

The art of hidden writing. The secret message is hidden within another object, such as a digital photograph. [9]

Authentication and access

The process by which a potential client is granted authorized use of an IT facility by proving its identity. [11]

Public Key Infrastructure (PKI)

A framework for managing digital certificates and encryption keys.

Tools

Computerized utilities designed to study and analyze the security of IT facilities and/or break into them on an unauthorized and potentially criminal basis. [12]

Threats

Modes of potential attacks on IT facilities. [13]

Exploits

Security exploits affecting computers. [14]

Criminal activity

Violation of the law by means of breaking into and/or misusing IT facilities. Laws that attempt to prevent these crimes. [15]

Nation states

Countries and their governments that use, misuse, and/or violate IT facilities to achieve national goals. [16]

End-point protection

The securing of networked computers, mobile devices and terminals. [17]

Network protection

The protection of the means by which data is moved from one IT facility to another. [18]

Processing protection

The securing of IT facilities that manipulate data, such as computer servers, often by means of specialized cybersecurity hardware. [19]

Storage protection

The protection of data in its non-moving state, usually on magnetic or optical media or in computer memory. [20]

Management of security

The processes by which security technology is monitored for faults, deployed and configured, measured for its usage, queried for performance metrics and log files, and/or monitored for intrusions. [21]

Standards, frameworks, & requirements

Officially agreed architectures and conceptual structures for designing, building, and conducting cybersecurity. [22] [23]

See also

Related Research Articles

In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called blocks. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage and exchange of data, where such data is secured and authenticated via encryption.

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that may result in unauthorized information disclosure, theft of hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Encryption</span> Process of converting plaintext to ciphertext

In cryptography, encryption is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Despite its goal, encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

Articles related to cryptography include:

<span class="mw-page-title-main">Cryptographic hash function</span> Hash function that is suitable for use in cryptography

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

Cryptography, the use of codes and ciphers to protect secrets, began thousands of years ago. Until recent decades, it has been the story of what might be called classical cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids. In the early 20th century, the invention of complex mechanical and electromechanical machines, such as the Enigma rotor machine, provided more sophisticated and efficient means of encryption; and the subsequent introduction of electronics and computing has allowed elaborate schemes of still greater complexity, most of which are entirely unsuited to pen and paper.

Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Below is a timeline of notable events related to cryptography.

Information security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

In cryptography, key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources it takes to test each possible key. Passwords or passphrases created by humans are often short or predictable enough to allow password cracking, and key stretching is intended to make such attacks more difficult by complicating a basic step of trying a single password candidate. Key stretching also improves security in some real-world applications where the key length has been constrained, by mimicking a longer key length from the perspective of a brute-force attacker.

Computer security software or cybersecurity software is any computer program designed to influence information security. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically for subverting computer systems due to their significant overlap, and the adage that the best defense is a good offense.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

The following outline is provided as an overview of and topical guide to cryptography:

A Master of Science in Cyber Security is a type of postgraduate academic master's degree awarded by universities in many countries. This degree is typically studied for in cyber security. What is offered by many institutions is actually called a Master in Strategic Cyber Operations and Information Management (SCOIM) which is commonly understood to be a Master in Cybersecurity. This degree is offered by at least some universities in their Professional Studies program so that it can be accomplished while students are employed - in other words it allows for "distance learning" or online attendance. Requirements for the Professional Studies program include: 3.0 or better undergrad GPA, professional recommendations letters and an essay.

The following outline is provided as an overview of and topical guide to computer security:

In cryptography, security level is a measure of the strength that a cryptographic primitive — such as a cipher or hash function — achieves. Security level is usually expressed as a number of "bits of security", where n-bit security means that the attacker would have to perform 2n operations to break it, but other methods have been proposed that more closely model the costs for an attacker. This allows for convenient comparison between algorithms and is useful when combining multiple primitives in a hybrid cryptosystem, so there is no clear weakest link. For example, AES-128 is designed to offer a 128-bit security level, which is considered roughly equivalent to a RSA using 3072-bit key.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

References

  1. "CompTIA Career Roadmap". CompTIA. Retrieved 20 Aug 2019.
  2. Ciampia, Mark (2018). Security+ Guide to Network Security Fundamentals. Cengage. ISBN   978-1337288781.
  3. Stallings & Brown (2017). Computer Security: Principles and Practice (4 ed.). Pearson. ISBN   978-0134794105.
  4. Stallings, William (1995). Network and Internetwork Security: Principles and Practice . IEEE Press. ISBN   0-7803-1107-8.
  5. The Open University (2016). Network security. Kindle.
  6. Merkow & Breithaupt (2014). Information Security: Principles and Practice (2 ed.). Pearson. ISBN   978-0789753250.
  7. Stallings, William (2016). Cryptography and Network Security (7th ed.). Pearson. ISBN   978-0134444284.
  8. Kahn, David (1967). The Code Breakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet. Scribner. ISBN   0-684-83130-9.
  9. Fridrich, Jessica (2009). Steganography in Digital Media. Cambridge. ISBN   978-0521190190.
  10. Macrakis, Kristie (2014). Prisoners, Lovers, and Spies: The Story of Invisible Ink from Herodotus to Al-Qaeda. Yale University Press. ISBN   978-0300179255.
  11. Kao, I Lung (2019). Effective and Efficient Authentication and Authorization in Distributed Systems. University of Florida. ISBN   978-0530003245.
  12. ICT School (2019). Hacking Tools for Computers. ICT School. ISBN   9781088521588.
  13. Diogenes & Ozkaya (2018). Cybersecurity--Attack and Defense Strategies. Packt Publishing. ISBN   978-1-78847-529-7.
  14. Andes, Thomas (8 April 2016). The Encyclopedia of Computer Security Exploits. ISBN   9781530944682.
  15. Britz, Marjie (2013). Computer Forensics and Cyber Crime (3 ed.). Pearson. ISBN   978-0132677714.
  16. Kaplan, Fred (2016). Dark Territory: The Secret History of Cyber War. Simon & Schuster. ISBN   978-1476763262.
  17. Lopez & Setola (2012). Critical Infrastructure Protection. Springer-Verlog. ISBN   978-3642289194.
  18. Stewart, Michael (2013). Network Security, Firewalls, and VPNs (2 ed.). James & Bartlett Learning. ISBN   978-1284031676.
  19. Grasser, Michael (2008). Secure CPU: A Secure Processor Architecture for Embedded Systems. VDM Verlag. ISBN   978-3639027839.
  20. Jacobs & Rudis (2014). Data-Driven Security. Wiley. ISBN   978-1118793725.
  21. Campbell, T. (2016). Practical Information Security Management: A Complete Guide to Planning and Implementation. APress. ISBN   9781484216859.
  22. Calder, Alan (28 September 2018). NIST Cybersecurity Framework: A Pocket Guide. IT Governance Publishing Ltd. ISBN   978-1787780422.
  23. Alsmatti, Izzat (2019). The NICE Cybersecurity Framework. Springer. ISBN   978-3030023591.
  24. NIST. "Framework for Improving Critical Infrastructure Cybersecurity v1.1" (PDF). NIST. Retrieved 19 Aug 2019.
  25. NIST (12 November 2013). "Cybersecurity Framework Page". NIST. Retrieved 19 Aug 2019.
  26. NIST. "NIST SP 800-181: NICE Cybersecurrity Workforce Framework" (PDF). NIST. Retrieved 19 Aug 2019.
  27. U.S. Congress. "Cybersecurity Enhancement Act of 2014". U.S. Congress. Retrieved 19 Aug 2019.
  28. Center for Internet Security. CIS Controls V7.1.
  29. NIST. Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations (PDF).
  30. Talabis & Martin (2013). Information Security Risk Assessment Toolkit. Syngress. ISBN   978-1597497350.
  31. ISACA. The Risk IT Practitioner Guide.
  32. Kosseff, Jeff (2017). Cyber Security Law. Wiley. ISBN   978-1119231509.
  33. Taylor, Laura (2013). FISMA Compliance Handbook (2 ed.). Elsevier. ISBN   978-0124058712.