Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.
Security through obscurity is the reliance on secrecy as the main method of providing security to a system or component, specifically in security engineering, whether on design or implementation.
The Bureau of Industry and Security (BIS) is an agency of the United States Department of Commerce that deals with issues involving national security and high technology. A principal goal for the bureau is helping stop the proliferation of weapons of mass destruction, while furthering the growth of United States exports. The Bureau is led by the Under Secretary of Commerce for Industry and Security.
The Communications Security Establishment, formerly called the Communications Security Establishment Canada (CSEC), is the Government of Canada's national cryptologic agency. It is responsible for foreign signals intelligence (SIGINT) and communications security (COMSEC), protecting federal government electronic information and communication networks, and is the technical authority for cyber security and information assurance.
The arms industry, also known as the defense industry, military industry, or the arms trade, is a global industry which manufactures and sells weapons and military technology. Public sector and private sector firms conduct research and development, engineering, production, and servicing of military material, equipment, and facilities. Customers are the armed forces of states, and civilians. An arsenal is a place where arms and ammunition – whether privately or publicly owned – are made, maintained and repaired, stored, or issued, in any combination. Products of the arms industry include weapons, munitions, weapons platforms, military communications and other electronics, and more. The arms industry also provides other logistical and operational support.
In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In the case of operating systems, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices, etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object is tested against the set of authorization rules to determine if the operation is allowed. A database management system, in its access control mechanism, can also apply mandatory access control; in this case, the objects are tables, views, procedures, etc.
A penetration test, colloquially known as a pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.
Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.
The Federal Office for Information Security is the German upper-level federal agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility include the security of computer applications, critical infrastructure protection, Internet security, cryptography, counter eavesdropping, certification of security products and the accreditation of security test laboratories. It is located in Bonn and as of 2020 has about 1,100 employees. Its current president, since 1 February 2016, is former business executive Arne Schönbohm, who took over the presidency from Michael Hange.
The Joint Worldwide Intelligence Communication System is the United States Department of Defense's secure intranet system that houses top secret and sensitive compartmented information. JWICS superseded the earlier DSNET2 and DSNET3, the Top Secret and SCI levels of the Defense Data Network based on ARPANET technology.
Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.
The Department of Defense Cyber Crime Center (DC3) is designated as a Federal Cyber Center by National Security Presidential Directive 54/Homeland Security Presidential Directive 23, as a Department of Defense (DoD) Center Of Excellence for Digital and Multimedia (D/MM) forensics by DoD Directive 5505.13E, and serves as the operational focal point for the Defense Industrial Base (DIB) Cybersecurity program. DC3 operates as a Field Operating Agency (FOA) under the Inspector General of the Department of the Air Force.
A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).
Astra Linux is a Russian Linux-based computer operating system (OS) that is being widely deployed in the Russian Federation in order to replace Microsoft Windows. Initially it was created and developed to meet the needs of the Russian army, other armed forces and intelligence agencies. It provides data protection up to the level of "top secret" in Russian classified information grade by featuring mandatory access control. It has been officially certified by Russian Defense Ministry, Federal Service for Technical and Export Control and Federal Security Service.
The following outline is provided as an overview of and topical guide to computer security:
Lazarus Group is a cybercrime group made up of an unknown number of individuals run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and Zinc. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.
Election cybersecurity or election security refers to the protection of elections and voting infrastructure from cyberattack or cyber threat – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.
The Data Security Threats Database is the Russian Federation's national vulnerability database. It is maintained by the Russian Federal Service for Technical and Export Control. As of 2018, the BDU contained only roughly one-tenth of the number of entries of the corresponding U.S. National Vulnerability Database.
RPA RusBITech JSC is a Russian technology company specializing in production of high technology solutions for Russian state enforcement structures, mainly for the Russian Army. The most known product is the computer operating system called Astra Linux which is nowadays used almost totally throughout Russian military forces. The main Russian Army headquarters, The National Defense Management Center's, information systems are based on Astra Linux. The Director General of RusBITech is Alexei Bocharov.
