Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Computer security
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Reducing vulnerabilities=== The act of assessing and reducing vulnerabilities to cyber attacks is commonly referred to as [[information technology security assessment]]s. They aim to assess systems for risk and to predict and test for their vulnerabilities. While [[formal verification]] of the correctness of computer systems is possible,<ref>{{cite conference |last1=Harrison |first1=J. |year=2003 |title=Formal verification at Intel |conference=18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings |pages=45β54 |doi=10.1109/LICS.2003.1210044 |isbn=978-0-7695-1884-8 |s2cid=44585546}}</ref><ref>{{cite conference |last1=Umrigar |first1=Zerksis D. |last2=Pitchumani |first2=Vijay |year=1983 |title=Formal verification of a real-time hardware design |url=http://portal.acm.org/citation.cfm?id=800667 |conference=Proceeding DAC '83 Proceedings of the 20th Design Automation Conference |publisher=IEEE Press |pages=221β227 |isbn=978-0-8186-0026-5}}</ref> it is not yet common. Operating systems formally verified include [[seL4]],<ref>{{cite web |title=Abstract Formal Specification of the seL4/ARMv6 API |url=https://sel4.systems/Docs/seL4-spec.pdf |archive-url=https://web.archive.org/web/20150521171234/https://sel4.systems/Docs/seL4-spec.pdf |archive-date=21 May 2015 |access-date=19 May 2015}}</ref> and [[SYSGO]]'s [[PikeOS]]<ref>{{cite conference |last1=Baumann |first1=Christoph |last2=Beckert |first2=Bernhard |last3=Blasum |first3=Holger |last4=Bormer |first4=Thorsten |title=Ingredients of Operating System Correctness? Lessons Learned in the Formal Verification of PikeOS |url=http://www-wjp.cs.uni-saarland.de/publikationen/Ba10EW.pdf |conference=Embedded World Conference, Nuremberg, Germany |archive-url=https://web.archive.org/web/20110719110932/http://www-wjp.cs.uni-saarland.de/publikationen/Ba10EW.pdf |archive-date=19 July 2011}}</ref><ref>{{cite web |last=Ganssle |first=Jack |title=Getting it Right |url=http://www.ganssle.com/rants/gettingitright.htm |archive-url=https://web.archive.org/web/20130504191958/http://www.ganssle.com/rants/gettingitright.htm |archive-date=4 May 2013}}</ref> β but these make up a very small percentage of the market. It is possible to reduce an attacker's chances by keeping systems up to date with security patches and updates and by hiring people with expertise in security. Large companies with significant threats can hire Security Operations Centre (SOC) Analysts. These are specialists in cyber defences, with their role ranging from "conducting threat analysis to investigating reports of any new issues and preparing and testing disaster recovery plans."<ref>{{Cite web |title=Everything you need for a career as a SOC analyst |url=https://www.cybersecurityjobsite.com/staticpages/10300/everything-you-need-for-a-career-as-a-soc-analyst/ |access-date=2023-12-19 |website=www.cybersecurityjobsite.com}}</ref> Whilst no measures can completely guarantee the prevention of an attack, these measures can help mitigate the damage of possible attacks. The effects of data loss/damage can be also reduced by careful [[backup|backing up]] and [[insurance]]. Outside of formal assessments, there are various methods of reducing vulnerabilities. [[Two factor authentication]] is a method for mitigating unauthorized access to a system or sensitive information.<ref>{{Cite web |title=Turn on 2-step verification (2SV) |url=https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/activate-2-step-verification-on-your-email |access-date=2023-12-19 |website=www.ncsc.gov.uk |language=en}}</ref> It requires ''something you know:'' a password or PIN, and ''something you have'': a card, dongle, cellphone, or another piece of hardware. This increases security as an unauthorized person needs both of these to gain access. Protecting against social engineering and direct computer access (physical) attacks can only happen by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Training is often involved to help mitigate this risk by improving people's knowledge of how to protect themselves and by increasing people's awareness of threats.<ref>{{Cite web |title=NCSC's cyber security training for staff now available |url=https://www.ncsc.gov.uk/blog-post/ncsc-cyber-security-training-for-staff-now-available |access-date=2023-12-19 |website=www.ncsc.gov.uk |language=en}}</ref> However, even in highly disciplined environments (e.g. military organizations), social engineering attacks can still be difficult to foresee and prevent. Inoculation, derived from [[inoculation theory]], seeks to prevent social engineering and other fraudulent tricks and traps by instilling a resistance to persuasion attempts through exposure to similar or related attempts.<ref>{{cite conference |last1=Treglia |first1=J. |last2=Delia |first2=M. |year=2017 |title=Cyber Security Inoculation |conference=NYS Cyber Security Conference, Empire State Plaza Convention Center, Albany, NY, 3β4 June}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)