Computer security, cybersecurity[1] or information technology security (IT security) is the

protection of computer systems from the theft of or damage to their hardware, software, or electronic
data, as well as from the disruption or misdirection of the services they provide.
The field is becoming more important due to increased reliance on computer systems,
the Internet[2] and wireless network standards such as Bluetooth and Wi-Fi, and due to the growth
of "smart" devices, including smartphones, televisions, and the various devices that constitute the
"Internet of things". Owing to its complexity, both in terms of politics and technology, cybersecurity is
also one of the major challenges in the contemporary world.[3]

Contents

 1Vulnerabilities and attacks

o 1.1Backdoor
o 1.2Denial-of-service attack
o 1.3Direct-access attacks
o 1.4Eavesdropping
o 1.5Multi-vector, polymorphic attacks
o 1.6Phishing
o 1.7Privilege escalation
o 1.8Social engineering
o 1.9Spoofing
o 1.10Tampering
 2Information security culture
 3Systems at risk
o 3.1Financial systems
o 3.2Utilities and industrial equipment
o 3.3Aviation
o 3.4Consumer devices
o 3.5Large corporations
o 3.6Automobiles
o 3.7Government
o 3.8Internet of things and physical vulnerabilities
 3.8.1Medical systems
o 3.9Energy sector
 4Impact of security breaches
 5Attacker motivation
 6Computer protection (countermeasures)
o 6.1Security by design
o 6.2Security architecture
o 6.3Security measures
o 6.4Vulnerability management
o 6.5Reducing vulnerabilities
o 6.6Hardware protection mechanisms
o 6.7Secure operating systems
o 6.8Secure coding
o 6.9Capabilities and access control lists
o 6.10End user security training
o 6.11Digital hygiene
 o 6.12Response to breaches
o 6.13Types of security and privacy
 7Incident response planning
 8Notable attacks and breaches
o 8.1Robert Morris and the first computer worm
o 8.2Rome Laboratory
o 8.3TJX customer credit card details
o 8.4Stuxnet attack
o 8.5Global surveillance disclosures
o 8.6Target and Home Depot breaches
o 8.7Office of Personnel Management data breach
o 8.8Ashley Madison breach
 9Legal issues and global regulation
 10Role of government
 11International actions
o 11.1Europe
 12National actions
o 12.1Computer emergency response teams
 12.1.1Canada
 12.1.2China
 12.1.3Germany
 12.1.4India
 12.1.5South Korea
 12.1.6United States
 12.1.6.1Legislation
 12.1.6.2Agencies
 12.1.6.3Computer emergency readiness team
 13Modern warfare
 14Careers
o 14.1Security analyst
o 14.2Security engineer
o 14.3Security architect
o 14.4Security administrator
o 14.5Chief Information Security Officer (CISO)
o 14.6Chief Security Officer (CSO)
o 14.7Security Consultant/Specialist/Intelligence
 15Terminology
 16Scholars
 17See also
 18References
 19Further reading
 20External links

Vulnerabilities and attacks[edit]

Main article: Vulnerability (computing)
A vulnerability is a weakness in design, implementation, operation or internal control. Most of the
vulnerabilities that have been discovered are documented in the Common Vulnerabilities and
Exposures (CVE) database. An exploitable vulnerability is one for which at least one working attack
or "exploit" exists.[4] Vulnerabilities are often hunted or exploited with the aid of automated tools or
manually using customized scripts. To secure a computer system, it is important to understand the
attacks that can be made against it, and these threats can typically be classified into one of these
categories below:

Backdoor[edit]
A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of
bypassing normal authentication or security controls. They may exist for a number of reasons,
including by original design or from poor configuration. They may have been added by an authorized
party to allow some legitimate access, or by an attacker for malicious reasons; but regardless of the
motives for their existence, they create a vulnerability.

Denial-of-service attack[edit]
Denial of service attacks (DoS) are designed to make a machine or network resource unavailable to
its intended users.[5] Attackers can deny service to individual victims, such as by deliberately entering
a wrong password enough consecutive times to cause the victims account to be locked, or they may
overload the capabilities of a machine or network and block all users at once. While a network attack
from a single IP address can be blocked by adding a new firewall rule, many forms of Distributed
denial of service (DDoS) attacks are possible, where the attack comes from a large number of points
– and defending is much more difficult. Such attacks can originate from the zombie computers of
a botnet, but a range of other techniques are possible including reflection and amplification attacks,
where innocent systems are fooled into sending traffic to the victim.

Direct-access attacks[edit]
An unauthorized user gaining physical access to a computer is most likely able to directly copy data
from it. They may also compromise security by making operating system modifications, installing
software worms, keyloggers, covert listening devices or using wireless mice.[6] Even when the
system is protected by standard security measures, these may be able to be by-passed by booting
another operating system or tool from a CD-ROM or other bootable media. Disk
encryption and Trusted Platform Module are designed to prevent these attacks.

Eavesdropping[edit]
Eavesdropping is the act of surreptitiously listening to a private computer "conversation"
(communication), typically between hosts on a network. For instance, programs such
as Carnivore and NarusInSight have been used by the FBI and NSA to eavesdrop on the systems
of internet service providers. Even machines that operate as a closed system (i.e., with no contact to
the outside world) can be eavesdropped upon via monitoring the faint electromagnetic transmissions
generated by the hardware; TEMPEST is a specification by the NSA referring to these attacks.