Some Terms Used in the Field of Cyber ​​Security

Estimated read time 7 min read

In this article, we want to briefly explain some expressions and terms used in the field of Cyber ​​Security. The expressions and explanations here can be expanded. We prepared this article to summarize briefly.

What is Information as Asset?

Nowadays, institutions and companies have become dependent on high level of information and analysis to continue their activities. In addition to the need for accurate analysis and information to make the right decisions, information is also the most important need for the implementation of the decisions made.

Institutional memory and the preservation of past information have become critically important at every level. For this reason, it is very important to take all kinds of precautions, especially for the protection of information stored in information environments, without wasting time. The term information as an asset refers to information stored and processed in an electronic environment.

In addition to protecting our personal information as individuals, it is also critical to protect the information of the institutions and companies we are a part of. For this purpose, it is necessary to increase the information security awareness level of employees.

What is Cyber ​​Security?

Cyber: The concept expressed by the English word Cyber ​​is considered a prefix and is used to express electronic concepts such as technology and the internet. By adding it to the front of a word, it adds meanings related to technology and informatics to that word.

Security: It refers to the measures taken and to be taken to preserve all kinds of tangible or intangible assets that need to be protected. Today’s developments prove that the concept of Security is closely related to the virtual environment as well as the physical environment.

The term cyber security emphasizes the part of security related to cyber environments (information environments).

Advanced Persistent Threat (APT) Nedir?

These are threats prepared using complex programming techniques to avoid detection by measures such as Antivirus, Firewall, IDS, IPS, etc. that are installed and operated for the security of IT infrastructures. These types of threats, which are usually developed as software-based, can also be designed as hardware by some manufacturers.

Their development, transmission and operational use are carried out for a specific target, not for multi-purpose use. For this reason, its development and implementation takes a long time and requires advanced expertise. APT systems, which are the product of careful and systematic work, are considered pests that are very difficult to detect.

Discovering that it exists in a system also takes a long time and requires going beyond classical methods. Experts who can discover such threats also need to have a wide infrastructure. APT is among the types of threats that institutions and companies should focus on the most.

What is Ransomware?

Software such as ransomware has been widely used in recent years. It is based on the process of encrypting existing data using high-level encryption mechanisms if it can log into the system. It works by demanding a certain amount of ransom from institutions and companies that want their data back and giving the decoding password.

Such threatening software is infecting systems by using circumvention techniques designed to take precautions developed by IT experts. According to 2014 data, the amount paid as a result of ransomware attacks is around $21 Million. This amount is the part that appears to be disclosed by structures that follow a transparency policy.

They are distributed largely through phishing emails and websites containing malicious code. They are transmitted to systems as a compressed file or PDF document in an e-mail attachment. The most important precaution that can be taken in this regard is to increase the awareness level of individuals and employees and to try to prevent clicking on emails from unknown sources. Being prepared for disaster scenarios against the possibility of a threat is also very important in minimizing the damage. According to information disclosed by a company, the rate of clicking on such links containing malicious code has decreased from 15% to 1% as a result of serious training given to employees. [ Source ]

You can watch the video demonstration of a Phishing attack aimed at those who want to upgrade their Operating Systems to Windows 10 as soon as possible and the ransom demand to open their encrypted files as a result, from the link below.

What is Penetration Testing?

The concept expressed as Turkish Penetration Testing refers to the approach of detecting the status of an information system and the vulnerabilities it contains. The owner of the information system may want to have a penetration and security test performed to determine how secure they are and what additional precautions need to be taken.

There are different approaches and software used in this case. The situation that emerges as a result of tests conducted with classical software and approaches may not fully reflect the truth. For example, systems that are detected as secure as a result of classical testing software and approaches may contain a vulnerability that is not defined in any catalog or index and is used for the first time.

For this reason, penetration tests should be a starting point for system security and should be used to guide more detailed analysis. In particular, system security teams must be aware of the most up-to-date detections by following news systems that make global announcements and warnings, and they must keep their own systems under constant surveillance.

What is Vulnerability?

Vulnerabilities are points that can be exploited and can be caused by errors in the design and production of a system, as well as by algorithmic logic errors in the software. Considering that no system can be perfect, weak points should be constantly investigated and necessary precautions should be taken before they are exploited by malicious people.

Vulnerability can be caused by hardware and software as well as human factors. Human resources should be considered as the weakest link in the chain and continuous training should not be abandoned.

What is a Cyber ​​Incident Response Team?

It describes a team consisting of trained human resources on the steps to be taken after the attack, starting from the moment the signs of a cyber attack are seen. Such teams should be composed of qualified people who are trained in NETWORK and WEB issues and have sufficient training to analyze possible or actual events.

They also perform consultancy duties on all matters, including the preparation of an exercise document in which reaction measures are planned, at all levels, starting from preliminary recommendations to what needs to be done after the attack.

For example, what will a corporate employee do first when he notices that a file has been deleted or added senselessly on his computer?

When a technical staff who monitors the daily load on the server system notices an abnormal increase in traffic outside normal hours, how will he react and where will he look first?

It is observed in many institutions and companies that the policies and procedures that will be put forward as a result of scenarios and plans that clearly answer such questions will increase the level of security considerably. Attackers want to carry out their transactions as quickly as possible without being noticed. Making systems difficult and challenging at every layer is the most important deterrent measure.

In addition to the cyber security definitions we tried to explain in this article, you can let us know the topics you would like to be prepared.

İbrahim Korucuoğlu

Yazar, bilişim ve teknoloji alanında derlediği faydalı içerikleri bu blogta paylaşmaktadır.