Cyber Security Threats and Suggestions to Protect Their Attack
[1]
Ahamed Dubian Aljuhani, Department of Computing & Information Systems, University of Tabuk, Tabuk, Saudi Arabia.
A cyber security attacks are a major concern in critical systems of organizations and other businesses. With the fast growth of the technology, different challenges may influence data security. Cyber-attacks cause huge damages in critical systems, such as data breaches for sensitive data, denial of service, cost of attacks and further more damages. Therefore, organizations and big companies work hard in order to keep their critical systems secured from any potential attacks. This paper will discuss some common security issues and protections that help keep critical systems secured. In addition, two examples of attacks were given to show how important is to pay attention for cyber-attacks. Furthermore, this paper gives the suitable suggested solutions for these security issues in order to face any potential threats.
Cyber Security, Threats, Security Issues, Critical Systems, Aramco, Shamoon, Data Classification, Firewalls
[1]
Lipscombe, J. (2014). Fallout from the Saudi Aramco breach continues. Bloomberg Business Week. Retrieved from http://goo.gl/xItuQY
[2]
Lee, T. B. (2014). The Sony hack: How it happened, who is responsible, and what we've learned. Retrieved from http://www.vox.com/2014/12/14/7387945/sony-hack-explained
[3]
Federal Communications Commission (2015). Cyber Security Planning Guide. Retrieved from https://transition.fcc.gov/cyber/cyberplanner.pdf
[4]
Stallings, W. (2011). Network security essentials: Applications and standard (4ed). Pearson education inc. Paper, 432 pp.
[5]
Health and Social Care Information Centre (2015). Destruction and disposal of sensitive data. Retrieved from http://goo.gl/8EgeDZ
[6]
Privacy Technical Assistance Center. (2015). Best practices for data destruction. Retrieved from http://ptac.ed.gov.
[7]
Olender-Fildman LLP. (2016). How to prepare for and respond to a cyber-attack: Have a disaster recovery plan. Retrieved from http://goo.gl/wPWlnz
[8]
Abram, B. (2012). 5 Tips to build an effective disaster recovery plan. Retrieved from http://www.smallbusinesscomputing.com.
[9]
The Official Website of the Executive Office for Administration and Finance. (2014). Enterprise information security standards: Data classification. Retrieved from http://goo.gl/jVhl14
[10]
Reardon, J., Basin, D., & Capkun, S. (2013). SoK: Secure data deletion. IEEE Symposium on Security and Privacy, pp 301-315. DOI 10.1109/SP.2013.28
[11]
Dark Matters. (2015). NSA releases defensive best practices for destructive malware. Retrieved from http://goo.gl/UtdEF5
[12]
Pagliery, J. (2015). The inside story of the biggest hack in history. Retrieved from http://goo.gl/Jjy2QW
[13]
Leyden, J. (2012). Hack on saudi aramco hit 30,000 workstations, oil firm admits. Retrieved from http://goo.gl/eHVuRk
[14]
MacKenzie, H. (2012). Shamoon – Malicious Malware Harms 30,000+ Computers. Retrieved from http://goo.gl/8dedIV
[15]
PERLROTH, N. (2012). In cyberattack on Saudi firm, U. S. sees Iran firing back. Retrieved from http://goo.gl/2VjfgR
[16]
Service Catalog Toolkit. (2016). Disaster recovery plan – Objectives. Retrieved from http://goo.gl/47ZtPw
[17]
Bedford, M. (2012). Top tips for deleting data permanently. Retrieved from http://goo.gl/60Xtnl
[18]
ROBOFF, G, (2014). Data breaches and third party risk. Retrieved from http://goo.gl/DQEGQM
[19]
WAHAB, S. (2012). Saudi Aramco restores all network services. Retrieved from http://goo.gl/4knUfu
[20]
Kumar, M. (2012). Saudi Aramco Oil Producer's 30,000 workstations victim of Cyber Attack. Retrieved from http://goo.gl/aA2FQh
[21]
Peterson, A. (2014). The SonypPictures hack, explained. Retrieved from https://goo.gl/Apjguk
[22]
Kaplan, J. (2011). Meeting the cybersecurity challenge. Retrieved from http://goo.gl/alQhWh
[23]
Rajagopal, N.; Prasad, K.V.; Shah, M.; Rukstales, C., A new data classification methodology to enhance utility data security, in Innovative Smart Grid Technologies Conference (ISGT), 2014 IEEE PES, vol., no., pp.1-5, 19-22 Feb. 2014 doi: 10.1109/ISGT.2014.6816451
[24]
“Data Classification Methodology, Version 1.3” Department of Information Technology, February, 2010.
[25]
“Standards for Security Categorization of Federal Information and Information Systems” Federal Information Processing Standards Publication FIPS, 2004.
[26]
Huang Ling-Fang, "The Firewall Technology Study of Network Perimeter Security," in Services Computing Conference (APSCC), 2012 IEEE Asia-Pacific, vol., no., pp.410-413, 6-8 Dec. 2012 doi: 10.1109/APSCC.2012.23
[27]
Ardagna, Claudio Agostino, Zhou, Jianying. (2011). IFIP 5th. International Workshop, WISTP 2011, Heraklion, Crete, Greece, 253 pp.