Page 26 - CDM-Cyber-Warnings-January-2014
P. 26
How to Get Cyber Safe? Milica Djekic, Online Marketing Coordinator at Dejan SEO As computer and communication technology development and progress go rapidly, the special attention should be paid to security issues. Requirements related to information security within some organization have been significantly changed during the past few decades. Before the popularity of computing devices has increased, data vital for some organization were protected physically. With the introduction of computers, the need for new and automatic tools for information protection has appeared. Introduction Before we start explaining how to get cyber protected, we should define basic terms and concepts. First of all, we should clarify what security is. By definition, security is a process of maintaining an acceptable level of risk. In other words, it is a process, not the final state or product. In cyber terms, we can say that security covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unauthorized access, change or destruction, as well as unplanned events and natural disasters. Finally, we come to the question: “How to get cyber safe?” Well, there is no one universal answer to that question. In principle, there is a set of measures and method that should be applied in order to maintain security. Generally, the best practice in cyber security recommends the following defense-oriented measures: (1) Creating Demilitarized Zone Creating, (2) Software Testing, (3) Enterprise Data Protection, (4) Blocking Transmission Control Protocol, (5) Using Passwords, (6) Patching Software, (7) Information Protection Policy. Listed measures are explained in the further text. 1. Creating Demilitarized Zone In cyber security, a Demilitarized Zone (DMZ) is a physical or logical sub-network that contains and exposes an external-facing services to a larger and untrusted network. The purpose of a DMZ is to add a layer of security to local area network (LAN). A DMZ configuration provides security from external attacks, but it typically has no effect on internal attacks. It is also a good practice to configure separate Classified Militarized Zone (CMZ) which is a highly monitored militarized zone comprising mostly of web servers that are not in the DMZ but contain sensitive information about accessing servers within LAN. Creating this zone enables a great cyber security. 2. Software Testing Software testing is an important component of software quality assurance which implies that many software organizations are spending up to 40% of their resources on testing. For life-critical software testing can be highly expensive. It is a component of software quality control (SQC). SQC means control the quality of software engineering products, which is conducted using tests of the software system. These tests can be: (1) unit tests (check each coded module for the presence of bugs), (2) integration tests (interconnect sets of previously tested modules to ensure that the sets behave as well as they did as independently tested modules), or (3) system tests (check that the entire software system embedded in its actual hardware environment behaves according to the requirements). 3. Enterprise Data Protection Data is practically everywhere. Corporate data, partner data, customer data, and employee data increase exponentially every day. Data has spread out of data centers, databases, remote file servers, and so on to new and more vulnerable locations such as laptops and removable storage devices. Data must be controlled and protected to maintain the privacy, confidentiality and + % %! ! & , ! . !( %+ ' "! "#+% ' - + % !& , ! % '& % & %) *"% *
