Cyber Security Threats and Suggestions to Protect Their Attack
Ahamed Dubian Aljuhani, Department of Computing & Information Systems, University of Tabuk, Tabuk, Saudi Arabia.
A cyber security attacks are a major concern in critical systems of organizations and other businesses. With the fast growth of the technology, different challenges may influence data security. Cyber-attacks cause huge damages in critical systems, such as data breaches for sensitive data, denial of service, cost of attacks and further more damages. Therefore, organizations and big companies work hard in order to keep their critical systems secured from any potential attacks. This paper will discuss some common security issues and protections that help keep critical systems secured. In addition, two examples of attacks were given to show how important is to pay attention for cyber-attacks. Furthermore, this paper gives the suitable suggested solutions for these security issues in order to face any potential threats.
Cyber Security, Threats, Security Issues, Critical Systems, Aramco, Shamoon, Data Classification, Firewalls
Lipscombe, J. (2014). Fallout from the Saudi Aramco breach continues. Bloomberg Business Week. Retrieved from http://goo.gl/xItuQY
Lee, T. B. (2014). The Sony hack: How it happened, who is responsible, and what we've learned. Retrieved from http://www.vox.com/2014/12/14/7387945/sony-hack-explained
Federal Communications Commission (2015). Cyber Security Planning Guide. Retrieved from https://transition.fcc.gov/cyber/cyberplanner.pdf
Stallings, W. (2011). Network security essentials: Applications and standard (4ed). Pearson education inc. Paper, 432 pp.
Health and Social Care Information Centre (2015). Destruction and disposal of sensitive data. Retrieved from http://goo.gl/8EgeDZ
Privacy Technical Assistance Center. (2015). Best practices for data destruction. Retrieved from http://ptac.ed.gov.
Olender-Fildman LLP. (2016). How to prepare for and respond to a cyber-attack: Have a disaster recovery plan. Retrieved from http://goo.gl/wPWlnz
Abram, B. (2012). 5 Tips to build an effective disaster recovery plan. Retrieved from http://www.smallbusinesscomputing.com.
The Official Website of the Executive Office for Administration and Finance. (2014). Enterprise information security standards: Data classification. Retrieved from http://goo.gl/jVhl14
Reardon, J., Basin, D., & Capkun, S. (2013). SoK: Secure data deletion. IEEE Symposium on Security and Privacy, pp 301-315. DOI 10.1109/SP.2013.28
Dark Matters. (2015). NSA releases defensive best practices for destructive malware. Retrieved from http://goo.gl/UtdEF5
Pagliery, J. (2015). The inside story of the biggest hack in history. Retrieved from http://goo.gl/Jjy2QW
Leyden, J. (2012). Hack on saudi aramco hit 30,000 workstations, oil firm admits. Retrieved from http://goo.gl/eHVuRk
MacKenzie, H. (2012). Shamoon – Malicious Malware Harms 30,000+ Computers. Retrieved from http://goo.gl/8dedIV
PERLROTH, N. (2012). In cyberattack on Saudi firm, U. S. sees Iran firing back. Retrieved from http://goo.gl/2VjfgR
Service Catalog Toolkit. (2016). Disaster recovery plan – Objectives. Retrieved from http://goo.gl/47ZtPw
Bedford, M. (2012). Top tips for deleting data permanently. Retrieved from http://goo.gl/60Xtnl
ROBOFF, G, (2014). Data breaches and third party risk. Retrieved from http://goo.gl/DQEGQM
WAHAB, S. (2012). Saudi Aramco restores all network services. Retrieved from http://goo.gl/4knUfu
Kumar, M. (2012). Saudi Aramco Oil Producer's 30,000 workstations victim of Cyber Attack. Retrieved from http://goo.gl/aA2FQh
Peterson, A. (2014). The SonypPictures hack, explained. Retrieved from https://goo.gl/Apjguk
Kaplan, J. (2011). Meeting the cybersecurity challenge. Retrieved from http://goo.gl/alQhWh
Rajagopal, N.; Prasad, K.V.; Shah, M.; Rukstales, C., A new data classification methodology to enhance utility data security, in Innovative Smart Grid Technologies Conference (ISGT), 2014 IEEE PES, vol., no., pp.1-5, 19-22 Feb. 2014 doi: 10.1109/ISGT.2014.6816451
“Data Classification Methodology, Version 1.3” Department of Information Technology, February, 2010.
“Standards for Security Categorization of Federal Information and Information Systems” Federal Information Processing Standards Publication FIPS, 2004.
Huang Ling-Fang, "The Firewall Technology Study of Network Perimeter Security," in Services Computing Conference (APSCC), 2012 IEEE Asia-Pacific, vol., no., pp.410-413, 6-8 Dec. 2012 doi: 10.1109/APSCC.2012.23
Ardagna, Claudio Agostino, Zhou, Jianying. (2011). IFIP 5th. International Workshop, WISTP 2011, Heraklion, Crete, Greece, 253 pp.