Outline of computer security

Last updated October 23, 2024

The following outline is provided as an overview of and topical guide to computer security:

Computer security (also cybersecurity, digital security, or information technology (IT) security) is the protection of computer software, systems and networks from threats that can lead to unauthorized information disclosure, theft or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

The significance of the field stems from the expanded reliance on computer systems, the Internet, and wireless network standards. Its importance is further amplified by the growth of smart devices, including smartphones, televisions, and the various devices that constitute the Internet of things (IoT). Cybersecurity has emerged as one of the most significant new challenges facing the contemporary world, due to both the complexity of information systems and the societies they support. Security is particularly crucial for systems that govern large-scale systems with far-reaching physical effects, such as power distribution, elections, and finance.

Essence of computer security

Computer security can be described as all of the following:

a branch of security
Network security
application security

Areas of computer security

Access control – selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.

Computer access control – includes authorization, authentication, access approval, and audit.

Authentication

Knowledge-based authentication

Integrated Windows Authentication

Password

Cyber security and countermeasure
Device fingerprint
- Physical security – protecting property and people from damage or harm (such as from theft, espionage, or terrorist attacks). It includes security measures designed to deny unauthorized access to facilities, (such as a computer room), equipment (such as your computer), and resources (like the data storage devices, and data, in your computer). If a computer gets stolen, then the data goes with it. In addition to theft, physical access to a computer allows for ongoing espionage, like the installment of a hardware keylogger device, and so on.
Data security – protecting data, such as a database, from destructive forces and the unwanted actions of unauthorized users.^[1]
Information privacy – relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. Privacy concerns exist wherever personally identifiable information or other sensitive information is collected and stored – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues.
- Internet privacy – involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet. Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors relate to a specific person.
Mobile security – security pertaining to smartphones, especially with respect to the personal and business information stored on them.
Network security – provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator.
- Network Security Toolkit
- Internet security – computer security specifically related to the Internet, often involving browser security but also network security on a more general level as it applies to other applications or operating systems on a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. Different methods have been used to protect the transfer of data, including encryption.
World Wide Web Security – dealing with the vulnerabilities of users who visit websites. Cybercrime on the Web can include identity theft, fraud, espionage and intelligence gathering. For criminals, the Web has become the preferred way to spread malware.

Computer security threats

Methods of Computer Network Attack and Computer Network Exploitation

Social engineering is a frequent method of attack, and can take the form of phishing, or spear phishing in the corporate or government world, as well as counterfeit websites.

Password sharing and insecure password practices
Poor patch management
Computer crime –
- Computer criminals –
  - Hackers – in the context of computer security, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network.
    - Password cracking –
    - Software cracking –
    - Script kiddies –
  - List of computer criminals –
- Identity theft –
Computer malfunction –
- Operating system failure and vulnerabilities
- Hard disk drive failure – occurs when a hard disk drive malfunctions and the stored information cannot be accessed with a properly configured computer. A disk failure may occur in the course of normal operation, or due to an external factor such as exposure to fire or water or high magnetic fields, or suffering a sharp impact or environmental contamination, which can lead to a head crash. Data recovery from a failed hard disk is problematic and expensive. Backups are essential
Computer and network surveillance –
- Man in the Middle
- Loss of anonymity – when one's identity becomes known. Identification of people or their computers allows their activity to be tracked. For example, when a person's name is matched with the IP address they are using, their activity can be tracked thereafter by monitoring the IP address.
  - HTTP Cookie
    - Local Shared Object
    - Web bug
  - Spyware
    - Adware
- Cyber spying – obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of cracking techniques and malicious software including Trojan horses and spyware. It may be done online from by professionals sitting at their computer desks on bases in far away countries, or it may involve infiltration at home by computer trained conventional spies and moles, or it may be the criminal handiwork of amateur malicious hackers, software programmers, or thieves.
  - Computer and network eavesdropping
    - Lawful Interception
    - War Driving
    - Packet analyzer (aka packet sniffer) – mainly used as a security tool (in many ways, including for the detection of network intrusion attempts), packet analyzers can also be used for spying, to collect sensitive information (e.g., login details, cookies, personal communications) sent through a network, or to reverse engineer proprietary protocols used over a network. One way to protect data sent over a network such as the Internet is by using encryption software.
Cyberwarfare –
Exploit – piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack.
- Trojan
- Computer virus
- Computer worm
- Denial-of-service attack – an attempt to make a machine or network resource unavailable to its intended users, usually consisting of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable.
  - Distributed denial-of-service attack (DDoS) – DoS attack sent by two or more persons.
Hacking tool
Malware
- Computer virus
- Computer worm
- Keylogger – program that does keystroke logging, which is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.^[2] There are also HID spoofing hardware keyloggers, like a USB device inserting stored keystores when connected.
- Rootkit – stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.^[3] The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool).
- Spyware
- Trojan
Data loss –
- File deletion –
- Data loss prevention software
Natural disasters – fire, flood, etc. can cause loss of computers and data. Either fire or water can cause a hard disk drive failure, for example. Earthquakes can cause a data center to go down. For this reason large web businesses use load balancing and failover techniques to ensure business continuity.
Payload - malicious code that is delivered to a vulnerable computer, often masquerading as something else
Physical loss – losing a computer (for example due to fire, or leaving one's laptop on a bus), results in data loss, unless there is a backup.
- Physical theft – when someone takes property without authorization as his or her own. When a computer is stolen, the data is gone too, unless there is a backup.
  - Laptop theft – stealing a laptop computer. Victims of laptop theft can lose hardware, software, and essential data that has not been backed up. Thieves also may have access to sensitive data and personal information. Some systems authorize access based on credentials stored on the laptop including MAC addresses, web cookies, cryptographic keys and stored passwords.
Vulnerabilities
- Exploitable vulnerability – vulnerability for which an exploit exists
- Open port – TCP or UDP port number that is configured to accept packets. Ports are an integral part of the Internet's communication model — they are the channel through which applications on the client computer can reach the software on the server. Services, such as web pages or FTP, require their respective ports to be "open" on the server in order to be publicly reachable. "Open" (reachable) is not enough for a communication channel to be established. There needs to be an application (service) listening on that port, accepting the incoming packets and processing them. Open ports are vulnerable when there is a service listening and there is no firewall filtering incoming packets to them.
- Security bug
Zero-day attack
Hackers

Computer defenses and security measures

Access control

Access control – selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.

Computer access control – includes authorization, authentication, access approval, and audit.
- Authorization – function of specifying access rights to computer resources. "To authorize" is to define an access policy. For example, human resources staff is normally authorized to access employee records and this policy is may be formalized as access control rules in a computer system. During operation, the computer system uses the access control rules to decide whether access requests from (authenticated) consumers shall be approved (granted) or disapproved (rejected). Resources include individual files or an item's data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer programs and other devices attempting to access data that is on a computer.
- Authentication – act of confirming the identity of a consumer. In this context, a consumer is a computer user, computer program, or other device attempting to access data that is on a computer
  - User account – system ID unique to each user. It allows a user to authenticate (log in) to a system and to be granted authorization to access resources provided by or connected to that system; however, authentication does not imply authorization. To log in to an account, a user is typically required to authenticate oneself with a password or other credentials for the purposes of accounting, security, logging, and resource management.
  - Password – word or string of characters used for user authentication to prove identity or access approval to gain access to a resource (example: an access code is a type of password), which should be kept secret from those not allowed access.
- Access approval (computer access control) –
- Audit –
Physical security – protecting property and people from damage or harm (such as from theft, espionage, or terrorist attacks). It includes security measures designed to deny unauthorized access to facilities, (such as a computer room), equipment (such as your computer), and resources (like the data storage devices, and data, in your computer). If a computer gets stolen, then the data goes with it. In addition to theft, physical access to a computer allows for ongoing espionage, like the installment of a hardware keylogger device, and so on. Examples of physical security system components include:
- Locks – locks may be used to secure a building or room that a computer is in. They may also be used on computer casings to prevent opening computers to remove or swap out parts, or install unauthorized components. And they may be used on a computer to disallow it from being turned on or used without a physical key. There are also locks to attach cables to laptops to prevent them from being taken.
  - Computer lock –
- Security alarms –
- Security barriers – such as fences and walls.
- Security guards –
- Theft recovery software – as LoJack is to cars, theft recovery software is to desktop and laptop computers.

Application security

Data security

Data security – protecting data, such as a database, from destructive forces and the unwanted actions of unauthorized users.^[1]

Information privacy

Information privacy – relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. Privacy concerns exist wherever personally identifiable information or other sensitive information is collected and stored – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues.
- Internet privacy – involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet. Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors relate to a specific person.

Mobile security

Mobile security – security pertaining to smartphones, especially with respect to the personal and business information stored on them.

Network security

Network security – provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator.
- Internet security – computer security specifically related to the Internet, often involving browser security but also network security on a more general level as it applies to other applications or operating systems on a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. Different methods have been used to protect the transfer of data, including encryption.
  - Virtual private network (VPN) – extends a private network across a public network, such as the Internet. It enables a computer or network-enabled device to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network.^[4] A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryptions.
    - IPsec – protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).
    - OpenVPN – open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).

World Wide Web Security

World Wide Web Security – dealing with the vulnerabilities of users who visit websites. Cybercrime on the Web can include identity theft, fraud, espionage and intelligence gathering. For criminals, the Web has become the preferred way to spread malware.

History of computer security

Timeline of computer security hacker history

Computer security industry

Computer security software

Antivirus software
- List of antivirus software (and comparison)
Encryption software
- List of cryptographic file systems
- Pretty Good Privacy
Firewall
- List of firewalls (and comparison)
- List of router and firewall distributions

Testing labs

AV-TEST – independent organization which evaluates and rates antivirus and security suite software ^[5] for Microsoft Windows and Android operating systems,^[6] according to a variety of criteria. Every other month, the researchers publish the results of their testing,^[7]^[8] where they list which products they awarded their certification.^[9] The organisation is based in Magdeburg, in Germany.^[7]^[9]
ICSA Labs – independent division of Verizon Business that tests and certifies computer security software (including anti-spyware, anti-virus, and firewall products), for a fee.
Virus Bulletin – magazine that conducts tests of anti-virus software. The magazine itself is about the prevention, detection and removal of malware and spam. It regularly features analyses of the latest virus threats, articles exploring new developments in the fight against viruses, interviews with anti-virus experts, and evaluations of current anti-malware products.
West Coast Labs – tests computer security products for a fee. Its Checkmark Certification program reports test results to the public.^[10]

Computer security companies

McAfee, Inc. (Intel Security) – American global computer security software company headquartered in Santa Clara, California, and the world's largest dedicated security technology company.^[11] On February 28, 2011, McAfee became a wholly owned subsidiary of Intel.^[12]^[13] In early 2014, Intel announced it would rebrand McAfee as Intel Security in 2014.^[14]
Secunia – American computer security company with software offerings in vulnerability management, PC security and patch management.

Computer security publications

Journals and magazines

2600: The Hacker Quarterly – technical and political articles of interest to the internet security community
Virus Bulletin – magazine about the prevention, detection and removal of malware and spam. It regularly features analyses of the latest virus threats, articles exploring new developments in the fight against viruses, interviews with anti-virus experts, and evaluations of current anti-malware products.

Books on computer security

The Art of Deception
The Art of Intrusion
Crypto: How the Code Rebels Beat the Government—Saving Privacy in the Digital Age
The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage – 1989 book written by Clifford Stoll. First person account of the hunt for a hacker who broke into a computer at the Lawrence Berkeley National Laboratory.
Cypherpunks
Firewalls and Internet Security: Repelling the Wily Hacker
The Hacker Crackdown
The Hacker's Handbook
Hacking: The Art of Exploitation
Out of the Inner Circle
The Plot to Hack America
The Ransomware Hunting Team
Reverse Deception
Underground

Books on cryptography

Books on cryptography

Cyber security community

Cyber security communities

UK cyber security community –

Computer security organizations

Academic

CERIAS – a center for research and education of information security for computing and communication infrastructures located at Purdue University.^[15]
CERT Coordination Center – A program of Carnegie-Mellon University that develops advanced methods and technologies to counter large-scale, sophisticated cyber threats in partnership with other academic programs and with government and law enforcement agencies. The Cert Knowledgebase compiles information on information security incidents.^[16]
Georgia Tech Information Security Center – department of Georgia Tech that deals with information security issues such as cryptography, network security, trusted computing, software reliability, privacy, and internet governance.^[17]
Oulu University Secure Programming Group – studies, evaluates and develops methods of implementing and testing application and system software in order to prevent, discover and eliminate implementation level security vulnerabilities in a pro-active fashion. The focus is on implementation level security issues and software security testing.

Commercial

Australian Information Security Association – also known as AISA with paid members in branches located throughout Australia to monitor the condition of information security.^[18]
Microsoft Digital Crimes Unit – a Microsoft sponsored team of international legal and technical experts to stop or interfere with cyber crime and cyber threats.^[19]

Government agencies

ARNES – Academic and Research Network of Slovenia, which is responsible for development, operation and management of the communication and information network for education and research. It includes the SI-CERT, the Slovenian Computer Emergency Response Team.
Canadian Cyber Incident Response Centre – also known as CCIRC, a Canadian government program under the Ministry of Public Safety. The program monitors threats, coordinates national responses, and protects national critical infrastructure against cyber incidents.^[20]
Norwegian Cyber Defence Force – the branch of the Norwegian Armed Forces responsible for military communications and offensive and defensive cyberwarfare in Norway.^[21]

Law enforcement agencies

Internet police – police and secret police departments and other law enforcement agencies in charge of policing the Internet. The major purposes of Internet police, depending on the state, are fighting cybercrime, as well as censorship, propaganda, and monitoring and manipulating the online public opinion.

Air Force Cyber Command (Provisional) – a proposed U.S. Air Force command that existed in provisional status. On 6 October 2008, the Air Force's cyberspace mission was transferred to USCYBERCOM.^[22]
Department of Defense Cyber Crime Center – also known as DC3, is a United States Department of Defense agency that provides digital forensics support to the DoD and to other law enforcement agencies. DC3's main focus is in criminal, counterintelligence, counterterrorism, and fraud investigations.^[23]
FBI Criminal, Cyber, Response, and Services Branch – also known as CCRSB, is a service within the Federal Bureau of Investigation responsible for investigating certain crimes including all computer-based crime related to counterterrorism, counterintelligence, and criminal threats against the United States.^[24]
FBI Cyber Division – Federal Bureau of Investigation division that heads the national effort to investigate and prosecute internet crimes, including "cyber based terrorism, espionage, computer intrusions, and major cyber fraud." This division of the FBI uses the information it gathers during investigation to inform the public of current trends in cyber crime.^[25] It focuses around three main priorities: computer intrusion, identity theft, and cyber fraud. It was created in 2002.^[26]
National Security Agency – The United States Bureau responsible for national cybersecurity and military communications protection.^[27]
US-CERT – also known as the United States Computer Emergency Readiness Team, organization within the Department of Homeland Security's (DHS) National Protection and Programs Directorate (NPPD); a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC).^[28] US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities.^[29]
USCYBERCOM – is an armed forces sub-unified command subordinate to United States Strategic Command. The unit centralizes command of cyberspace operations, organizes existing cyber resources and synchronizes defense of U.S. military networks.^[30]

Independent non-profits

Australian Information Security Association – organisation for individuals rather than companies that aims to maintain an unbiased view of information security in Australia. Hosts 2 conferences annually.
Information Card Foundation – created by Equifax, Google, Microsoft, Novell, Oracle Corporation, PayPal and others, to promote the Information Card approach. Information Cards are personal digital identities that people can use online, and the key component of Identity metasystems.
Information Systems Security Association –
International Computer Security Association –
Internet Watch Foundation –
OWASP –

Independent web-sites

Attrition – information security-related website, updated at least weekly by an all-volunteer staff. The "Errata" section is devoted to pointing out inaccuracies, omissions, and other problems with mainstream media related to computer security and hacking. Additionally, staff members publish opinion pieces such as "Security Rants" pointing out problems with the computer security industry.

Persons influential in computer security

John McAfee – founded McAfee Associates (later called McAfee, Inc.; Intel Security) in 1987, resigned from the company in 1994. At the DEF CON conference in Las Vegas, Nevada in August 2014, he warned Americans not to use smartphones, suggesting apps are used to spy on clueless consumers who do not read privacy user agreements.^[31]
Ross J. Anderson
Annie Anton
Adam Back
Daniel J. Bernstein
Stefan Brands
L. Jean Camp
Lorrie Cranor
Cynthia Dwork -- Microsoft Research cryptographer. Among other achievements, responsible for the technology behind bitcoin.
Deborah Estrin
Joan Feigenbaum
Ian Goldberg
Shafi Goldwasser
Lawrence A. Gordon
Peter Gutmann
Paul Kocher
Monica S. Lam -- Stanford University computer science professor, director of its MobiSocial Computing Laboratory, involved in Programmable Open Mobile Internet 2020 of the National Science Foundation.
Brian LaMacchia
Kevin Mitnick
Bruce Schneier
Dawn Song
Gene Spafford
Moti Yung—Israeli cryptographer currently at Google research.

Phil Zimmermann – creator of Pretty Good Privacy (PGP), the predecessor to OpenPGP. He is also known for his work in VoIP encryption protocols, notably ZRTP and Zfone. He was a principal designer of the cryptographic key agreement protocol (the "association model") for the Wireless USB standard.

Related Research Articles

Computer security is the protection of computer software, systems and networks from threats that can lead to unauthorized information disclosure, theft or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

McAfee Corp., formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American global computer security software company headquartered in San Jose, California.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the original Norton 360 security suite. The suite was once again rebranded to Norton 360 in 2019.

An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes.

Defensive computing is a form of practice for computer users to help reduce the risk of computing problems, by avoiding dangerous computing practices. The primary goal of this method of computing is to be able to anticipate and prepare for potentially problematic situations prior to their occurrence, despite any adverse conditions of a computer system or any mistakes made by other users. This can be achieved through adherence to a variety of general guidelines, as well as the practice of specific computing techniques.

Computer security software or cybersecurity software is any computer program designed to influence information security. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically for subverting computer systems due to their significant overlap, and the adage that the best defense is a good offense.

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

In computer security, a threat is a potential negative action or event enabled by a vulnerability that results in an unwanted impact to a computer system or application.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Trend Micro Internet Security is an antivirus and online security program developed by Trend Micro for the consumer market. According to NSS Lab comparative analysis of software products for this market in 2014, Trend Micro Internet Security was fastest in responding to new internet threats, but as of June 2024 based on the chat support there is no known mechanism as with Microsoft Defender Antivirus to submit false positives like "Incorrectly detected as malware/malicious" or "Incorrectly detected as PUA " which may point to cutting corners and be the cause of application mislabeling e.g. as ransomware, while the mechanism for detecting real threats is not specified.

Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

Email hacking is the unauthorized access to, or manipulation of, an account or email correspondence.

Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, and other wireless devices to corporate networks creates attack paths for security threats. Endpoint security attempts to ensure that such devices follow compliance to standards.

In cybersecurity, cyber self-defense refers to self-defense against cyberattack. While it generally emphasizes active cybersecurity measures by computer users themselves, cyber self-defense is sometimes used to refer to the self-defense of organizations as a whole, such as corporate entities or entire nations. Surveillance self-defense is a variant of cyber self-defense and largely overlaps with it. Active and passive cybersecurity measures provide defenders with higher levels of cybersecurity, intrusion detection, incident handling and remediation capabilities. Various sectors and organizations are legally obligated to adhere to cyber security standards.

Data center security is the set of policies, precautions and practices adopted at a data center to avoid unauthorized access and manipulation of its resources. The data center houses the enterprise applications and data, hence why providing a proper security system is critical. Denial of service (DoS), theft of confidential information, data alteration, and data loss are some of the common security problems afflicting data center environments.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

References

1 2 Summers, G. (2004). Data and databases. In: Koehne, H Developing Databases with Access: Nelson Australia Pty Limited. p4-5.
↑ "Keylogger". Oxford dictionaries. Archived from the original on 2013-09-11.
↑ "Rootkits, Part 1 of 3: The Growing Threat" (PDF). McAfee. 2006-04-17. Archived from the original (PDF) on 2006-08-23.
↑ Microsoft Technet (9 December 2009). "Virtual Private Networking: An Overview". Archived from the original on 2017-09-25.
↑ Harley, David (2011). AVIEN Malware Defense Guide for the Enterprise. Elsevier. p. 487. ISBN 9780080558660. Archived from the original on 2014-01-03. Retrieved 2013-06-10.
↑ Rosenblatt, Seth (2013-03-15). "Android antivirus apps improve their grades". cnet . CBS Interactive. Archived from the original on 2013-04-13. Retrieved 2013-06-10.
1 2 Owano, Nancy (2013-01-18). "Microsoft Security Essentials misses AV-Test Certified status". PhysOrg . Douglas, Isle of Man: Omicron Technology Ltd. Archived from the original on 2013-03-10. Retrieved 2013-06-10.
↑ Rosenblatt, Seth (2013-04-08). "Windows 8's rising security tide raises all antivirus boats". cnet . CBS Interactive. Archived from the original on 2013-06-10. Retrieved 2013-06-10.
1 2 Rubenking, Neil J. (2013-01-16). "Microsoft and Others Fail Antivirus Test". PC Magazine . Ziff Davis. Archived from the original on 2013-05-11. Retrieved 2013-06-10.
↑ Dawson, Jessica; Thomson, Robert (2018-06-12). "The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance". Frontiers in Psychology. 9: 744. doi: 10.3389/fpsyg.2018.00744 . ISSN 1664-1078. PMC 6005833 . PMID 29946276.
↑ "About McAfee" (PDF). 20 September 2012. Archived (PDF) from the original on 27 January 2013.
↑ "Intel Completes Acquisition of McAfee". McAfee News. 28 February 2011. Archived from the original on 27 August 2011. Retrieved 19 November 2014.
↑ "Intel in $7.68bn McAfee takeover". BBC News. 19 August 2010. Archived from the original on 19 August 2010.
↑ Article Archived 2017-10-13 at the Wayback Machine on VentureBeat
↑ CERIAS home page Archived 2005-03-08 at the Wayback Machine
↑ "CERT Coordination Center". Archived from the original on 2015-02-27. Retrieved 2015-03-03.
↑ "Georgia Tech Information Security Center History". Archived from the original on 2007-08-11. Retrieved 2007-08-01.
↑ "About AISA". Archived from the original on 29 November 2014. Retrieved 19 November 2014.
↑ "Microsoft Digital Crimes Unit". Redmond, WA: Microsoft. Archived from the original on 2013-12-10. Retrieved 2013-11-15.
↑ "Canadian Cyber Incident Response Centre". Archived from the original on 2009-02-08. Retrieved 2009-04-25.
↑ CCIS, Center for Cyber and Information Security -. "Norwegian Cyber Defence | Center for Cyber and Information Security". Center for Cyber and Information Security. Archived from the original on 2016-08-28. Retrieved 2017-02-13.
↑ "Air Force senior leaders take up key decisions". Air Force Link. United States Air Force. 7 October 2008. Archived from the original on 17 October 2008. Retrieved 22 October 2008.
↑ "DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3)" (PDF). DoDD 5505.13E. Archived from the original (PDF) on 26 October 2011. Retrieved 18 May 2011.
↑ "Ten Years After: The FBI Since 9/11". FBI.gov. Federal Bureau of Investigation. Archived from the original on 29 November 2014. Retrieved 20 November 2014.
↑ Cyber Crime, p. 2 ( "Cyber Crime". Archived from the original on 2016-04-25. Retrieved 2016-06-20.)
↑ FBI's Ability to Address the National Security Cyber Intrusion Threat, p. 2 (PDF Archived 2013-03-11 at the Wayback Machine )
↑ "Mission & Strategy". www.nsa.gov. Archived from the original on 2017-02-14. Retrieved 2017-02-13.
↑ "About the National Cybersecurity and Communications Integration Center". Archived from the original on September 4, 2013. Retrieved September 4, 2013.
↑ "US-CERT Infosheet Version 2" (PDF). Archived (PDF) from the original on May 12, 2013. Retrieved September 4, 2013.
↑ U.S. Department of Defense, Cyber Command Fact Sheet, 21 May 2010 "U.S. Cyber Command - U.S. Strategic Command". Archived from the original on 2014-04-16. Retrieved 2014-04-16.
↑ Danny Yadron, John McAfee at Def Con: Don’t Use Smartphones Archived 2017-07-12 at the Wayback Machine , The Wall Street Journal , August 08, 2014

External links

The Layered Defense approach to Security Malay Upadhyay (Cyberoam), January 2014
Arcos Sergio. Social Engineering. Sancho Rivera.
Trends in Cyber Security Dan Geer (author), November 2013
Participating With Safety Archived 2014-09-26 at the Wayback Machine , a guide to electronic security threats from the viewpoint of civil liberties organisations. Licensed under the GNU Free Documentation License.
Article "Why Information Security is Hard — An Economic Perspective" by Ross Anderson
The Information Security Glossary
The SANS Top 20 Internet Critical Security Controls
Amit Singh: A Taste of Computer Security Archived 2015-02-02 at the Wayback Machine 2004
No slowdown in sight for cyber attacks 26.July.2012 USA Today
Cyber Security Dictionary
Cybersecurity: Authoritative Reports and Resources, by Topic Congressional Research Service

Windows 7 security

The ultimate guide to Windows 7 security

Windows 8 security

Mac security

Linux security

Security In-Depth for Linux Software: Preventing and Mitigating Security Bugs (PDF)

Threat alerts and vulnerability tracking lists

Lists of advisories by product Lists of known unpatched vulnerabilities from Secunia
Vulnerabilities from SecurityFocus, including the Bugtraq mailing list.
List of vulnerabilities maintained by the government of the USA

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[Summers,_G._2004_p4-5-1] 1 2 Summers, G. (2004). Data and databases. In: Koehne, H Developing Databases with Access: Nelson Australia Pty Limited. p4-5.

[2] "Keylogger". Oxford dictionaries. Archived from the original on 2013-09-11.

[McAfee1-3] "Rootkits, Part 1 of 3: The Growing Threat" (PDF). McAfee. 2006-04-17. Archived from the original (PDF) on 2006-08-23.

[4] Microsoft Technet (9 December 2009). "Virtual Private Networking: An Overview". Archived from the original on 2017-09-25.

[Harley_2011-5] Harley, David (2011). AVIEN Malware Defense Guide for the Enterprise. Elsevier. p. 487. ISBN 9780080558660. Archived from the original on 2014-01-03. Retrieved 2013-06-10.

[Rosenblatt_2012-03-6] Rosenblatt, Seth (2013-03-15). "Android antivirus apps improve their grades". cnet . CBS Interactive. Archived from the original on 2013-04-13. Retrieved 2013-06-10.

[phys.org_2013-01-7] 1 2 Owano, Nancy (2013-01-18). "Microsoft Security Essentials misses AV-Test Certified status". PhysOrg . Douglas, Isle of Man: Omicron Technology Ltd. Archived from the original on 2013-03-10. Retrieved 2013-06-10.

[Rosenblatt_2013-04-8] Rosenblatt, Seth (2013-04-08). "Windows 8's rising security tide raises all antivirus boats". cnet . CBS Interactive. Archived from the original on 2013-06-10. Retrieved 2013-06-10.

[Rubenking_2013-01-9] 1 2 Rubenking, Neil J. (2013-01-16). "Microsoft and Others Fail Antivirus Test". PC Magazine . Ziff Davis. Archived from the original on 2013-05-11. Retrieved 2013-06-10.

[10] Dawson, Jessica; Thomson, Robert (2018-06-12). "The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance". Frontiers in Psychology. 9: 744. doi: 10.3389/fpsyg.2018.00744 . ISSN 1664-1078. PMC 6005833 . PMID 29946276.

[11] "About McAfee" (PDF). 20 September 2012. Archived (PDF) from the original on 27 January 2013.

[12] "Intel Completes Acquisition of McAfee". McAfee News. 28 February 2011. Archived from the original on 27 August 2011. Retrieved 19 November 2014.

[13] "Intel in $7.68bn McAfee takeover". BBC News. 19 August 2010. Archived from the original on 19 August 2010.

[14] Article Archived 2017-10-13 at the Wayback Machine on VentureBeat

[15] CERIAS home page Archived 2005-03-08 at the Wayback Machine

[16] "CERT Coordination Center". Archived from the original on 2015-02-27. Retrieved 2015-03-03.

[17] "Georgia Tech Information Security Center History". Archived from the original on 2007-08-11. Retrieved 2007-08-01.

[18] "About AISA". Archived from the original on 29 November 2014. Retrieved 19 November 2014.

[Microsoft_Digital_Crimes_Unit-19] "Microsoft Digital Crimes Unit". Redmond, WA: Microsoft. Archived from the original on 2013-12-10. Retrieved 2013-11-15.

[20] "Canadian Cyber Incident Response Centre". Archived from the original on 2009-02-08. Retrieved 2009-04-25.

[21] CCIS, Center for Cyber and Information Security -. "Norwegian Cyber Defence | Center for Cyber and Information Security". Center for Cyber and Information Security. Archived from the original on 2016-08-28. Retrieved 2017-02-13.

[afnews1-22] "Air Force senior leaders take up key decisions". Air Force Link. United States Air Force. 7 October 2008. Archived from the original on 17 October 2008. Retrieved 22 October 2008.

[23] "DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3)" (PDF). DoDD 5505.13E. Archived from the original (PDF) on 26 October 2011. Retrieved 18 May 2011.

[24] "Ten Years After: The FBI Since 9/11". FBI.gov. Federal Bureau of Investigation. Archived from the original on 29 November 2014. Retrieved 20 November 2014.

[p2-25] Cyber Crime, p. 2 ( "Cyber Crime". Archived from the original on 2016-04-25. Retrieved 2016-06-20.)

[p2b-26] FBI's Ability to Address the National Security Cyber Intrusion Threat, p. 2 (PDF Archived 2013-03-11 at the Wayback Machine )

[27] "Mission & Strategy". www.nsa.gov. Archived from the original on 2017-02-14. Retrieved 2017-02-13.

[About_NCCIC-28] "About the National Cybersecurity and Communications Integration Center". Archived from the original on September 4, 2013. Retrieved September 4, 2013.

[US-CERT_Infosheet-29] "US-CERT Infosheet Version 2" (PDF). Archived (PDF) from the original on May 12, 2013. Retrieved September 4, 2013.

[30] U.S. Department of Defense, Cyber Command Fact Sheet, 21 May 2010 "U.S. Cyber Command - U.S. Strategic Command". Archived from the original on 2014-04-16. Retrieved 2014-04-16.

[31] Danny Yadron, John McAfee at Def Con: Don’t Use Smartphones Archived 2017-07-12 at the Wayback Machine , The Wall Street Journal , August 08, 2014

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

[24]

[25]

[26]

[27]

[28]

[29]

[30]

[31]