The Bold Voice of J&K

Information Security

57

Anshumali

World has changed, truly, yes it has, thoughts, expressions, opinions and rather individuality has been adapted by the information technology surrounding us, that an individual is constantly busy in right projection of himself or herself is correct.
Cyberspace is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information and communication technol ed and is the company/agency assuring the information. Information assurance may be understood as the measures/steps taken by the agency to protect and secure the data by ensuring the availability, integrity, authentication, confidentially. This means inbuilt mechanism for restoration of information systems through protection, identification of issues and time based reaction capabilities.
Many times whenever we are adding or submitting our data into any application or website, the said application puts up a marker messages that the data shall be protected by 128 Bit encrypted key or else. This is one of the type of branding by the said application to assure the user that his/her data shall remain encrypted and safe with the application. It simply entails in keeping the confidence of customers, suppliers, partners and shareholders.
Information protection relates to mitigating risks through secure systems and architecture that eliminate or reduce vulnerabilities.
At the institutional level various processes are constantly occurring like cyber-warfare, espionage, sabotage, denial of service attacks etc. According to Richard a Clarke Cyber warfare may be termed as actions by a nation state to penetrate another nation computer or networks for the purposes of causing damage or disruption.
Most of the developed nations have strategized the defence mechanism of cyber issues, attacks, right in their respective military strategy, it primarily focuses on prevent cyber-attacks against critical infrastructures, reducing national vulnerability to cyber-attacks, minimize damage & recovery time from cyber-attacks.
Espionage software, sabotage software is deliberately prepared to achieve a specific purpose. There are also Denial of service attacks, which is an attempt to make a machine or network resource unavailable to its intended users. The attackers particularly of Denial of service aim typically target sites or services hosted on high-profile web services such as banks, payments gateways.
In India, the Ministry of Electronics & information Technology created the Indian Computer Emergency response team(CERT) in 2004 to thwart cyber-attacks in India, also a sub division, the national critical information infrastructure protection centre(NCIIPC) to thwart attacks against banking, telecom, defence, space and other sensitive areas.
Various hacking attacks on various government websites, banking sites, hospitals( recently on the servers of AIIMS Delhi), Grid Stations have been taking place since long. One has to understand that cyber attacks have their own economy where data varying on content has different prices. The sellers of that data get paid for the malicious operations and buyers are ready to negotiate the prices for various types of information which includes personal identifiable information like mass email lists, full identities, organisational information like intellectual capital/property, non- public internal data, internal operational details. Individual information like username and passwords, unauthorised withdrawals from accounts or charges against credit.
There are various types of cyber threats like Backdoor attacks where an algorithm is used to bypass the normal authentication or security controls. Direct Access attacks whereby an unauthorised user gaining physical access to a computer is most likely to directly copy data from it or may modify the operating systems, installing software norms, covert listening devices, eavesdropping , whereby private conversation is secretly listened typically between hosts on a network. Programs such as carnivore and others have been used by agencies, similarly spoofing is a fraudulent practice in which communications is sent from an unknown source disguised as a source known to the receiver. Phishing is an attempt to acquire usernames, passwords, cards details, this is mostly carried out by the email spoofing or instant messaging which directs users to enter details into a fake websites which looks identical to original one. Most common form of cyber attacks are through malwares which actually is an inclusive term that covers all types of software like viruses, worms, Trojans, botnets etc.
Recently the “Cyber Swachhta Kendra” has been established by the Indian computer emergency response team(CERT) as a part of India’s digital initiatives which is primarily a botnet cleaning and malware analysis centre.
Recently it was reported in the news that hackers have hacked into the systems of AIIMS and demanded Rs. 200 crores for allowing the access to the servers. Due to this all the records of the AIIMS has been held at ransome. Now we will talk about the countermeasures which are to be taken necessarily. The very first step is the creation of the design, means that the software has been designed from the ground up to be secure. Ideally as secure system should require a deliberate, conscious, knowledgeable and free decisions on the part of the legitimate authorities in order to make it insecure. Audit trails tracking system activity, so that when a security breach can be determined. After the security design comes the security architecture, which may be defined as the design artefacts that describe how the security controls are positioned and how they relate to the overall information technology architecture. These controls serve the purpose to maintain the systems quality attributes like integrity, availability, accountability and assurance services.
Threat prevention, detection and response like user account access controls and cryptography can protect systems files and data respectively. Firewalls are by far the most common preventive system from a network security prespective as they can shield access to internal network services, and block certain kinds of attacks through packet filtering. Many organisations go for vulnerability management which is a system of identifying and mitigating vulnerabilities especially in software. Subjects like data forensics have emerged which examines the digital media in a forensically sound manner with the aim of identifying , preserving, recovering, analysing and presenting facts and courses about the digital information.
Due to the numerous benefits brought about by technological advancements, the cyberspace today is a common pool used by citizens, businesses, critical information infrastructure, military and governments in a manner that makes it difficult to draw clear boundaries among these different groups. The cyberspace is expected to be more complex in the foreseeable future, with many fold increase in networks and devices connected to it.
National cyber security Policy 2013 is a policy framework by Department of electronics and information Technology. It aims at protecting the public and private infrastructure from cyber attacks. The policy also intends to safeguards information related to individuals, financial and banking information and soverign data. The Indian growth story is led by the information technology, in addition, this sector is also positively influencing the lives of its people through direct and indirect contribution to the various socio economic parameters such as employment, standard of living. It has played significant role in transforming India’s image as global software solution provider. Due to the advancement of this sector the Government has been able to block the loopholes in the various government schemes. It has truly brought the knowledge at the door steps of every individual.
Individuals, groups form the building blocks of the society and have an important role to play in protecting the cyber space and particularly their own data, thay should follow cyber hygiene while interacting on the internet, they should be aware of the ever changing threats and adopt the safety measures, learn to properly identify and report the threats in a timely manner, have an understanding on how to safeguard their own data and digital footprint.
Government both at centre and state are making considerable efforts in making the cyberspace safe and sound. Recently the Government of Jammu and Kashmir has released its Cyber security policy which defines various parameter of security apparatus in great detail and is a welcome step. However it has to be understood by all of us that it is the joint conscious effort at all the levels of society which will help us save our own selves from the unnecessary cyber attacks and thus help our beloved nation grow manifolds.
(Sources: Information from
accessible domains of web).

WP Twitter Auto Publish Powered By : XYZScripts.com