Advancedinternet security and threats are at the forefront of today’s computertechnology revolution. While computer and communication advancements progressand develop, individual users and business organizations must keep current andapprised of all the latest internet protocols and procedures for maintainingsecure connections when dealing with potential external and internal dangersand harm. To accomplish of preventing and eliminating possible damage to asystems network integrity, one must first become aware or informed of theproblem’s nature and source, the cause, which will, in turn, allow for thehigher likelihood of determining or finding the proper solution. The followinginformation will provide a basis or foundation as to what could be done tostrengthen internet security as well as avoid, prevent, and eliminate potentialthreats.Accordingto the article titled, “Cyber Espionage: The Harsh Reality of Advanced SecurityThreats,” advanced persistent threats are a form of malware, or/and spyware,more automated than traditional espionage. APTs utilize cyber techniques thatare modeled after those in the physical world to steal information andproprietary data in the virtual realm.
(Deloitte, 2011) APTs are also a type ofadvanced security threat in that they are far more difficult to detect andcombat than the more common kinds or types. An example of an APT would be theStuxnet worm, where there was a collaboration of multiple cybercriminal cellswhere the hackers involved each contributed their specific portion to theoverall system attack, in a de-compartmentalized fashion. (Deloitte, 2011) The articlegoes on to offer various solutions and strategies for prevention and correctionof internet network infiltration and malicious exploitation of vulnerabilities.Examples include security control updates, authentication decisions, riskassessment intelligence, technology investment Intel, and vendor selection andHR decisions. A forward-looking cyber threat intelligence capability wouldconsist of conducting emerging threat research, establishing partnerships toshare intelligence, assigning threat focus areas, establishing live, dynamicintel feeds, and continuously improving automation capabilities (Deloitte,2011). The conclusion reached by the author is that far more than just thesimple use or implementation of an antivirus program is necessary to protect,defend, safeguard, and maintain a system network’s integrity, particularlyagainst ever-evolving and advanced internet security threats.Accordingto the article of Cisco System’s John N.
Stewart, “AdvancedTechnologies/Tactics Techniques, Procedures: Closing the Attack Window, andThresholds for Reporting and Containment, there are three areas that reduceattack surface, lower adversarial opportunity, and tip the scales in thedefense’s favor, which are must master the basics, creating doubt in theadversaries mind, and analyzing data and traffic for Indicators of Compromise(or IOCs)” (Stewart, 2014). Each group contains three subcategories: thefirst consists of patching, identity, and eliminating dark spaces, the secondof moving targets, honey tokens, misinformation, while the third includes localdata analytics, global grids, and analysis of non-conformant protocol traffic(Stewart, 2014). The primary characteristic each area shares is that they allattempt to identify, prevent, and eliminate potential threats by strengtheningvulnerabilities and susceptibilities in the system network with advancedinternet security protocols. Securityattacks necessitate the implementation of mechanisms to secure and maintaininternet and network integrity, confidentiality, and availability, known as theCIA triad, which are concepts that “embody the fundamental security objectivesfor both data and information and computing services (Stallings, 2011). Thevarious strategies for securing a network include security services such as authentication,access control, data confidentiality, data integrity, and non-repudiation, orspecific security mechanisms such as encipherment, digital signature, trafficpadding, and routing control (Stallings, 2011).
The “Cyber Espionage” article,appears to explain that even with all the previously mentioned countermeasuresat their disposal, advanced security threats could still be able to cause harm,damage, or infiltrate a seemingly secure network, which is why moresophisticated secularization is required. What I have learned and how I intendto this knowledge to my personal and professional life is to be alwaysvigilant, on guard, and proactive when it comes to internet and networksecurity, and that merely because something appears to be fine does notnecessarily mean that is the case.However,many believe that one of the best ways to protect oneself or one’s data from asystem hack is to have a resilient encryption service. To encrypt informationis to encipher it, or to use mathematical algorithms to transform data into aform that is not readily intelligible, and which is recoverable through the useof an algorithm and zero or more encryption keys (Stallings, 2011). The articledid not mention the varying levels or the value of encryption, and how a highlevel can have a substantial effect upon the strength of one’s internet ornetwork security.
In both personal and professional life, I would make it ahabit of finding the best and most powerful forms of encryption, especiallythrough the use of Virtual Private Networks, to at least mask or anonymize thedata that is sent. The stronger the encryption, the less likely a hacker willbe able to gain access to any vulnerable information. Virtual Private Networksare also generally recommended for IP security, along with securing remoteaccess over the internet, establishing extranet and internet connectivity withpartners, and enhancing electronic commerce security (Stallings, 2011).The ethicsof computer security are general moral imperatives, such as contributing tosociety and human well-being, avoiding harm, being honest and trustworthy,fair, and respecting the honoring the property and privacy of others.Professional ethics include striving to achieve the highest quality of work,acquiring and maintaining professional competence, adherence to the law,honoring contracts, and improving public understanding of computing and itsconsequences. Finally, there are the organizational leadership imperatives,which command the managers to inform their personnel about any and allresponsibilities and how to perform optimally (Stallings, 2011). The articledid not mention ethics very much, other than the fact that it is essential whoto hire or involve with an organization because allowing someone in who is incompetentor not very well informed could lead to disastrous consequences.
Therefore,being a good judge of character is of high importance when determining who canor cannot have access to the network, or who would potentially leave it opensto attacks. In conclusion, learning theethics involved in computer and internet security will allow me to avoid andprevent the cause of unnecessary danger and harm. Internet security and threatsare ever evolving and changing, and it is important to stay current on thelatest updates concerning the prevention and elimination of potential unwantedattacks. It is essential to stay updated and knowledgeable of how to maintain asecured network and put into practice many of the theories so that I can gainexperience in knowing what does or doesn’t work best. I can then become a topexpert in my field and be one of the higher values for my ability provides thebest computer security available for any online business, company, ororganization.