What Weaknesses Did the Attacker Exploit in “How to Think About Security”?
Cyber Security also called computer security and IT security, is the assurance of data from theft or any harm to the gadget, the product and information stored on hardware. It incorporates controlling physical access to the equipment and additionally ensuring against code or data injection or via network access. The field is of developing significance because of the expanding dependence of PC frameworks in most societies. Computer frameworks now incorporate a wide assortment of "keen" gadgets, including cell phones, TVs and little gadgets as a major aspect of the Internet of Things – and systems incorporate the Internet and private information systems, as well as Bluetooth, Wi-Fi and different remote system.
The digital security industry is in desperate need of perceptual shift. Countermea- sures are sold as ways to avoid threats. Good encryption is sold as a way to prevent eavesdropping. A good firewall is marketed as a way to prevent network attacks. PKI is sold as trust management, so you can avoid mistakenly trusting people you really don't. And so on. This type of thinking is completely backward. Security is old, older than computers. And the old-guard security industry thinks of countermeasures as ways to avoid risk. This distinction is enormous. Avoiding threats is black and white: either you avoid the threat, or you don't. Avoiding risk is continuous: there is some amount of risk you can accept, and some amount you can't. Security processes are how you avoid risk. Just as businesses use the processes of double-entry bookkeeping, businesses need to use a series of security processes to protect their networks. Security processes are not a replacement for products. Rather, they're a way of using security products effectively. They're a way to mitigate the risks. Network security products will have flaws; processes are necessary to catch attackers exploiting those flaws, and to fix the flaws once they become public. Insider attacks will occur; processes are necessary to detect the attacks, repair the damages and prosecute the attackers. Large systemwide flaws will compromise entire products and services (think digital cellphones, Microsoft Windows NT password protocols or DVD); processes are necessary to recover from the compromise and stay in business. Microsoft also knows that real security is not cost-effective. They get whacked with a new security vulnerability several times a week. They fix the ones they can, write misleading press releases about the ones they can't, and wait for the press fervor to die down (which it always does). And six months later, they issue the next software version with new features and all sorts of new insecurities, because users prefer cool features to security.
By and large, cybersecurity is proving to be a major crime in the US. Alongside terrorism cybercrime is the major threat facing the U.S today. Hackers are stealing important information from Fortune 500 firms apart from breaking into government networks. This calls for a proactive approach to control cybercrime. The lack of consensus among industry players and legislators in the management of cybercrime is a worrying trend. The acts need to be passed to help manage the cyber space. Innovative research and programs need to be carried out to ensure pragmatic solutions to the dynamic cyber threats.
B.S. Bloom, Taxonomy of Educational Objectives, Handbook I: The Cognitive Domain, David McKay Co., 1956.
D.R. Krathwohl, B.S. Bloom, and B.M. Bertram, Taxonomy of Educational Objectives, the Classification of Educational Goals. Handbook II