Professional Documents
Culture Documents
Research Project Cybersecurity PDF
Research Project Cybersecurity PDF
Introduction
Security industry has emerged as response to the threats of different kind that follow
humanity from its birth. The need in protection from animals and then from other tribes made
first people think about their security. Through the ages, security issues started to become more
and more sophisticated. Therefore, security measures changed as well. The technology era has
changed everything. However, it did not change the desire of some people to get something
illegally that others have. Thus, the new era of challenge between security and its counterparts
has begun.
Technology has brought many innovations and advances into the world of security. At
first, there were code locks and highly sophisticated mechanical solutions that allowed making
security breaches rather difficult. Then, different wired electronic devices provided security
protectors with opportunities to have distant access to the security control systems and thus be
able to control them better. Despite all these advances, their counterparts have always been close
in this race. The third parties with criminal or other intent that wanted to get unauthorized access
to something that was protected have always been inventive and that allowed them creating
mechanisms and devices for security breaches (Guan and Huck 2012).
2
in different areas. Electronic means of communication, like wired networks, wireless, and mobile
technologies have made the process of information transfer as quick and easy as never before.
Such state of things required new approaches in terms of security measures because criminals
have always been a threat. However, there are reasons to believe that the greatest threats to the
Why it is so? It is rather easy to explain. At first, think about the following: IT specialists,
CIOs, security teams, etc. are all focused on development and implementation of the most
sophisticated and advanced security measures because they do realize the significance of the
consequences that security breaches might have. Then, these people within any organization
oppose the other side (criminals) that play by the same rules, meaning the approaches, ideas, and
concepts both side exploit. Therefore, security specialists generally know how to stop criminals,
Meanwhile, employees, in most cases, have rather poor computer literacy. It means that a
normal IT related individual will not write down the password from highly-secured enterprise
database on the back side of keyboard. It also means that such kind of individual realizes in full
that it is not appropriate to store pricy, secured, important data on mobile phone, laptop, thumb
Therefore, sloppiness, foolishness, careless, and, in some cases, anger of employees are
the greatest threats to the security plans and measures of any company. The greatest challenge
for an IT security specialist is to try to think like regular users do and then develop such security
3
measures that would consider all imaginable actions, theoretically possible to be performed by a
Limitations
Unauthorized access to the protected network, such as Ministry of Interior could have, is
the biggest issue today. Mobile devices are more and more popular these days so it is very
important to implement protection for such devices as well. Thus, encryption and smart cards
Protection of sensitive information has always been an issue. People have tried to protect
important data for centuries and used rather different methods in order to achieve this goal. The
most useful and efficient method was encryption. A sender (or keeper) altered information using
a specific key. No one else was able to understand such encrypted message without having and
applying the key. Therefore, the main goal to protect the data was achieved in this way.
was the only way to assure protection. With the advent of information technologies as we know
them today, the need in protecting data grew drastically. Computers provided us with substantial
computational capability that allowed developing new, more advanced and powerful encryption
algorithms. Such achievement made encryption a more reliable and widespread method of data
At first, encryption was used by military in order to not allow enemies understand
intercepted messages. Later, business community realized that encryption could be used for
protection business secrets and internal information from the third parties. Thus, encryption tools
became commonly used not only for military and business purposes but also in day-to-day life of
regular people.
New encryption algorithms were developed. The old ones were improved. However, the
contemporary era of the Internet, smartphones, laptops, and mobile data storages required new
5
approaches in data protection. Business required solutions that were able to protect sensitive
(algorithms) were developed. AES, DES, algorithms with symmetric and asymmetric keys, SSL,
and many others were developed to assure that data was safe and could not be acquired by the
third parties without permission. Even the full disk encryption technique was created to provide
Modern business industry can be called customer-driven. It is rather easy to agree with
this statement if we just look at the current situation on nearly any market. However, this
tendency is easier to follow using the market of financial services as an example. This market
grew substantially after the advent of information technologies (IT) and their rapid development.
The reasons for such drastic increase were more than obvious. Banks and other financial
institutions got the opportunity to provide their customers with usual services via the
achievements of informational era, such as global network (the Internet), mobile terminals
(smartphones and other mobile devices), smart chips in credit cards, etc. (Benzel 2011;
Along with the rapid development of financial products’ and services lines, oriented on
the online distribution, the need in securing such kind of transactions grew as well. It was clear
that people would not entrust such sensitive information as financial to the channels they were
not sure about. Therefore, at the beginning of information era the number of financial services
was small but they were rather secure. Credit cards, checks, other financial instruments were
protected comparatively well because the customers’ personal financial data (personal
identification numbers, for example) was not transferred via unsecured networks, including
wireless ones.
6
With the advent of such technologies, as wireless networks, instant access to the Internet
from mobile devices, contactless access to smart cards based on radio frequency identification
(RFID), and many others, the number of opportunities to provide financial services grew
substantially. However, there is an opinion that it has been done at the expense of customer
security. The aim of this paper is to discuss this issue in order to understand whether it is true or
not.
At first, it is necessary to understand what these financial services are and what features
they have. Thus, it would be easier to obtain broader view on the main issue. Online financial
services are usually provided via online banking. It is also sometimes called Internet banking.
Online (Internet) banking gives an opportunity to conduct various financial transactions using
Most of the common operations performed via online services can be addressed to
management of numerous users that have different levels of authority, approval process of
transactions. In addition, online banking could include such unique services as personal financial
management support and account aggregation that would allow customers monitoring numerous
personal accounts via the Internet (El-Khatib et al. 2010; Seltsikas 2010).
Now, it is important to clarify the major concern of every transaction or simply action
related to financial activities – security. Security in such kind of transactions is issue number one
beyond any doubts. Usual banking services are provided with rigid security measures, such as
combination of different authentication methods, secured cards, heavily guarded safes, etc.
However, in case of online banking, there are no opportunities to provide these security
measures.
7
Solutions
Online services provided regular people with tools that make their life easier and
comfortable. Security specialists of different sectors developed various systems that should
secure online transactions and make them as secure as it would be in the real bank, for example.
However, considering the level of technology, it is not wise for anyone to feel entirely safe
entering PIN from personal account into mobile banking application (for example). This data
goes though different nodes and wireless networks so it can be intercepted, decrypted, and then
Online banking indeed provided customers with numerous services that were unreachable
before. However, it lowered the overall secureness of financial transactions conducted over the
Internet. It is true that customers either accept such state of thing or not. Some of them use online
banking intensively, other prefer going to the nearest bank because it is more secure. In any case,
it is the choice of each person whether to use online services provided by the financial
institutions or not.
Therefore, the implementation of online services was a very significant step. People begin
entrusting their financial and other information to the Internet medium and it has its advantages
and deficits. The number of services that banks can offer via online is much bigger but such
freedom of choice is connected with increased risks. It could be said that such variety of services
caused the overall simplification of customer security in order to provide these service to as
many customers as possible. However, it cannot be said that these services were imposed. The
development of the internet technologies inevitable led to the changes in many industries and the
banking industry simply could not ignore it (El-Khatib et al. 2010; Seltsikas 2010).
8
Reflection
In order to realize how dependent we are from the technologies, I chose morning to go
without using information systems and technologies. Morning is the busiest time of the day in
this matter – checking the emails, news, twitts, Facebook messages, etc. so it was decided to do
so to see how long my mind will be disturbed by the absence of this data. I normally use tablet
and smartphone to browse the Internet and socialize, use emails and various IMs to
communicate. Considering the situation, it was nearly impossible to even think that I was not
able to visit Facebook – there are my friends and lots of information I need to see and share from
It was obvious that communication in the old-school regime (like over the wired phone,
for example or a simple meeting in a café) could not been applied in this case. Simple process of
information transfer became utterly difficult – people were not nearby the phone and of course
had no time for meetings. Communication – this is the most difficult task to complete without IT.
Based on this one-time-short experience, it is sad to conclude that we cannot live without
technologies. Well, we can survive, but our life will change completely. Social connections will
Conclusion
Analyzing the current paradox when the number of tools to assure cyber security grows
but we are less secured in this area, it becomes clear that something should be changed on the
deeper levels and in the broader scope. People should learn to accept the need in technologies in
every area of day-to-day activities and that the technologies should be treated accordingly.
Therefore, since we know that we must look on the road when we cross it, we must realize the
It is necessary to teach young people how to assure cyber security on the most primitive
level from the school desk. Organizations must accept the truth that it is important to teach
employees to be “cyber conscious” and qualified in this area to assure the secureness of the data
at every desk and workplace. Societies need to change the attitude towards cyber security, alter
laws and increase the responsibility for the cyber-related crimes, pay more attention to the
References
Benzel, T. 2011. “The Science of Cyber Security Experimentation: The DETER Project.”
El-Khatib, K., Hung, P., Thorpe, J., and Rjaibi, W. 2010. “Cybersecurity issues for businesses.”
CASCON’ 10, Proceedings of the 2010 Conference of the Center for Advanced Studies on
Guan, J. and Huck, J. 2012. “Children in the digital age: exploring issues of Cybersecurity.”
iConference’ 12, Proceedings of the 2012 iConference, ACM, 506-507. New York, NY, USA.
Hoffmann, L. “Risky business.” Magazine Communications of the ACM, 54(11), 20-22. New
Oehmen, C., Peterson, E., and Dowson, S. 2010. “An Organic Model for Detecting Cyber-
Seltsikas, P., Marsh, G., Frazier-McElveen, M., and Smedinghoff, T. J. 2011. “Secure
government in cyberspace?” DG.O’ 11, Proceedings of the 12th Annual International Digital
Ten, C.-W., Liu, C.-C., and Govindarasu, M. 2008. “Cyber-Vulnerability of Power Grid
Monitoring and Control Systems.” CSIIRW '08, Proceedings of the 4th annual workshop on
Cyber security and information intelligence research: developing strategies to meet the cyber
security and information intelligence challenges ahead, 43, ACM. New York, NY, USA.