Cyber is a prefix derived from the word cybernetics and has acquired the general meaning of through the use of a computer which is also termed as cyberspace. The word security in general usage is synonymous with being safe, but as a technical term security means not only that something is secure, but that it has been secured. Joining the two words together form the word cybersecurity is concerned with making cyberspace safe from threats, namely cyber threats. The information and communications technology (ICT) industry has evolved greatly over the last half century. With the advent of the internet, security becomes a major concern. ICT devices and components are generally inter dependable and vulnerable to the security attacks. The act of protecting ICT systems and their contents has come to be known as cybersecurity. Cybersecurity is an important tool in protecting and preventing unauthorized surveillance. As commonly used, the term cybersecurity refers to three things:
• A set of activities and other measures, technical and non-technical, intended to protect computers, computer networks, related hardware and devices software, and the information they contain and communicate, including software and data, as well as other elements of cyberspace, from all threats, including threats to the national security.
• The degree of protection resulting from the application of these activities and measures.
• The associated field of professional endeavor, including research and analysis, aimed at implementing and those activities and improving their quality
To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified as below (from wikipedia);
Backdoor attacks Denial of service attack
• Direct Access attack
• Eavesdropping
• Spoofing
• Phishing
Technology for cybersecurity
• Cryptographic systems : A widely used cybersecurity system involves the use of codes and ciphers to transform information into unintelligible data.
• Firewall : Use to block traffic from outside, but it could be also used to block traffic from inside.
• An Intrusion Detection System (IDS): IDS is an additional protection measure used to detect attack.
• AntiMalware Software and scanners : Viruses, worms and Trojan horses are all examples of malicious software, or Malware for short. Special so called antiMalware tools are used to detect them and cure an infected system.
• Secure Socket Layer (SSL) : It is a suite of protocols that is a standard way to achieve a good level of security between web browser and websites.
• Research Areas in cyber Security [17,18, 19, 20]
• Identity, Privacy and Trust Management
• Malware
• Biometrics.
• Cloud Security
• Computer Forensics
• Data protection legislation and security
• Cryptography and Formal Methods
The cyber security research initiative is an attempt to define a national R&D agenda that is required to enable the country to get ahead of adversaries and produce the technologies. These futuristic technologies can protect information systems and networks. The research, development, test, evaluation and other life cycle considerations required are far reaching from technologies that secure individuals and their information to technologies that will ensure National Critical Infrastructures are much more resilient [17][18]. The R&D investments recommended in this initiative must tackle the vulnerabilities of today and envision those of the future. The initiative is a platform to work together to foster R&D to evolve transformative solutions and address critical cyber security challenges, through partnerships among academics, Industry and Govt.
Broad research areas
1. Information Security
1. Computer Network Security
2. Application Security
3. Web Services Security
4. Mobile Security
5. Protective Security
6. Software Security
7. Wireless & Sensor Network Security
8. Software Coding Security
9. Data Capturing devices and Security
10. Security in Middleware, Interface and Interaction
11. Security Services in Authentication, Authorisation, Accountability, Automation, Availability, Integrity and Non-repudiation
12. Security Management
13. Security Operations
14. Digital Trust and Reputation
15. Spatial Location (Geo-location) and Cyber Travel
16. spatial Intelligence Networks (Centralised, Distributed & Hybrid)
17. Policy, Legal, Legislation & Compliance
18. Security Standardisation
19. Law, Legal and Ethical issues
2. Digital Services
1. Web Services, Internet Banking, E-Booking
2. E-Government, Electronic Commerce
3. Citizens Public Online Services
4. Mobile Commerce
5. E-Postal Services, E-Health, E-Learning and Online & Virtual Education
6. Secure Protocols, Coding and Development
7. Security Principles, Theory and Analysis
8. Security Policy, Standards and Procedures
9. Security in Business Processes
10. Security Enforcing Function (SEF) Gateways
11. Intrusion Detection Systems
12. Intrusion Prevention Systems
13. Firewalls & Spam identification and protection
14. Anti-Virus and Anti-Malware Gateways
15. Data Loss Prevention and Encryption Services
3. Protection of Digital Services
1. Protection of Business Information Systems
2. Protection of Online Services
3. Public Online Services
4. Internet Banking
5. Security, Trust, Privacy
6. Security in Online Gaming Systems
7. Security in e-Government and Electoral Systems
8. Content Security
9. Protection of Public Online Content Distribution Systems
10. Secure practices, processes and procedures in Public Online Services
11. Cryptography -PKI, HSMs, Symmetric and Asymmetric Crypto, Crypto Custodian & Crypto Standards and Practices
12. Digital Forensics and Investigations
13. HoneyPots and Honey Nets
14. National Information Infrastructure (NII) protection
15. National Critical Infrastructures (NCI) protection
16. Critical Network Systems (CNS)
No comments:
Post a Comment