Skip to ContentGo to accessibility pageKeyboard shortcuts menu
OpenStax Logo
Introduction to Computer Science

Summary

Introduction to Computer ScienceSummary

Summary

14.1 Cyber Resources Management Frameworks

  • Cyber refers to anything relating to computers or information technology. At the same time, cyber resources are cyber tools, platforms, and solutions that store, process, and manage data and other assets electronically and make them available via networks, including the policies and procedures for handling cyber.
  • The qualities that comprise cyber resources include security, safety, performance, usability, reliability, and autonomy.
  • The security and control of a company start with an information security policy, which should outline security practices for employees and systems and apply to all architectural buckets in an organization, including its business, applications, data, pyramid of knowledge layers, and infrastructure.
  • To create an information security policy, organizations need the Technical Reference Model (TRM), which applies to their needs.
  • In 2022, IBM and Dell formed the Responsible Computing Framework, a systematic approach to design and development that addresses the soft skills needed in the industry. The framework stresses the developer to be wary of potential harm from their development. It puts a lot of responsibility onto the developer to know how to code securely and properly develop systems with an adversarial mindset.
  • Traditional architectural styles like OMA and SOA are generic models that can be applied to the TOGAF TRM.
  • The OMA applies to creating and assembling components that can be used for information systems, including interfaces. At the same time, the SOA relates to the assembly of services that can be applied to the TOGAF TRM.
  • The TOGAF and the TRM provide a good framework for analyzing most system challenges.
  • Different architectural styles have been used for different project managerial styles. Different software development models like the waterfall model and the Agile development style exist.
  • Cyber resource qualities are developed and measured within software models. The ISO standard 35733, which is part of the ISO/IEC 25010 standard, details different software quality models and provides a strong definition for the “ilities.”
  • The OMA RM, OMA Guide (OMG), and TOGAF TRM help guide functional and non-functional requirements by creating a taxonomy of service qualities. TOGAF recommends a combination of quantitative and qualitative methodologies to measure any system properly.
  • Web platforms have had to change continuously in direction and architectural design. Knowing that the Internet had to change was a design principle.
  • The biggest challenge to the modern web is the growth and variety of technology found on the Internet.
  • A major challenge for the workforce is the lack of qualified professionals in the right position.
  • The threat landscape is a significant challenge. The Web platforms and technology are growing at alarming rates. The use of cloud technology provides its own set of challenges, as well as the lack of engineers who can adequately secure those environments.

14.2 Cybersecurity Deep Dive

  • Cybersecurity refers to the policies, procedures, technology, and other tools, including people, on which organizations rely to protect their computer systems and technological environments from digital threats. Cybersecurity focuses on five categories of security: network, application, critical infrastructure, IoT, and cloud.
  • In 2023, the average cost of a data breach was $4.45 million globally, which, in just three years, was a 15% increase over 2020. Global cybercrime financial damage likely will reach $10.5 trillion by 2025.
  • Cybersecurity domains include infrastructure, network, application, and information security.
  • An important pillar of cybersecurity assurance is nonrepudiation, which is achieved through cryptography.
  • Beyond basic securing of information systems, cybersecurity requires the creation and governance of processes that protect organizations and individuals against costly breaches. End-user education, disaster recovery/business continuity planning, and data storage are critical parts of this process.
  • Cybersecurity must include tools and procedures for responding to unplanned events—such as natural disasters, power outages, or cybersecurity incidents—with minimal disruption to key operations.
  • Cybersecurity must include data storage protection measures that promote data resilience with safeguards, including encryption and immutable and isolated data copies that can quickly be restored to recover data and minimize the impact of a cyberattack.
  • In 2001, the Open Web Application Security Project (OWASP) was launched to secure web applications. The controls were focused on securing the risks involved with the development and deployment of the applications.
  • Evolvability is an important cyber quality, but the evolution of platforms on which information systems may be deployed creates a need for new security measures.
  • Not all cybercriminals are outsiders. Many cybersecurity breaches result from malicious insiders working for themselves or in concert with outside hackers.
  • The cybersecurity risk surface is expanding, with thousands of new vulnerabilities reported in old and new applications and devices. The opportunities for human error (specifically by negligent employees or contractors who unintentionally cause a data breach) continue to increase.
  • Attack vectors are not contained, and cybercriminals constantly find new attack vectors via Linux operating systems, operational technology (OT), IoT devices, and cloud environments.
  • Never assume that the industry where you work is safe. Every industry has its share of cybersecurity risks, and cyber adversaries exploit the necessities of communication networks within almost every government and private sector organization.
  • Common cyber threats include malware, ransomware, phishing, insider threats, distributed denial-of-service (DDoS) attacks, advanced persistent threats (APTs), and man-in-the-middle attacks.
  • Key cybersecurity technology and associated best practices typically fall under three categories: identity and access management (IAM), a comprehensive data security platform, and security information and event management (SIEM).
  • A comprehensive data security platform protects sensitive information across multiple environments, including hybrid multicloud environments. The best data security platforms provide automated, real-time visibility into data vulnerabilities and ongoing monitoring that alerts them to data vulnerabilities and risks before they become data breaches; they should also simplify compliance with government and industry data privacy regulations. Backups and encryption are also vital for keeping data safe.
  • An essential tool to secure information systems is cryptography, which encrypts information and makes it accessible only to those who are authorized to decrypt and use the information. Cryptography can help ensure properties such as confidentiality (i.e., secrecy, privacy), integrity (i.e., tamper resilience), authenticity, availability, and nonreputability (or deniability).
  • Authentication, passwords, and access control are critical tools in cybersecurity. The three most common access control designs include mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC).
  • Protecting anonymity and privacy is an important aspect of cybersecurity.
  • To protect systems, software solutions architects and developers must consider security as a property of the systems they build. Security should be part of the software design process to proactively approach cyber threats and risks.
  • Cybersecurity is vital to protecting organizations as they do business via the Internet, in the cloud, and through the metaverse.
  • Cybersecurity policies and procedures must cover mobile devices, laptops, and other system components.
  • Smart ecosystems and supersociety solutions are subject to additional cybersecurity threats.

14.3 Governing the Use of Cyber Resources

  • Cyber economics refers to the sectors of the economy driven by digital information and the need for cybersecurity. This includes the risks of online economic transactions and the need for regulatory oversight to govern cybersecurity and cyber economics.
  • In cyber economics, at least three crucial aspects of cybersecurity require policy and legislation to help mitigate risks, including online identity theft, industrial espionage, and critical infrastructure.
  • Organizations can use responsible computing to help protect against cyberthreats. The pillars of responsible computing are responsible data centers, responsible infrastructure, responsible code, responsible data usage, responsible systems, and responsible impact.
  • Responsible computing can be used for solutions on the Internet, in the cloud, and in super-societies.
  • As more organizations implement responsible computing policies and procedures, jobs are being created for individuals in computer science and information security and related fields like law and public policy that support responsible computing. These jobs often focus on ethics, an important part of responsible computing.
PreviousNext
Citation/Attribution

This book may not be used in the training of large language models or otherwise be ingested into large language models or generative AI offerings without OpenStax's permission.

Want to cite, share, or modify this book? This book uses the Creative Commons Attribution License and you must attribute OpenStax.

Attribution information
  • If you are redistributing all or part of this book in a print format, then you must include on every physical page the following attribution:
    Access for free at https://openstax.org/books/introduction-computer-science/pages/1-introduction
  • If you are redistributing all or part of this book in a digital format, then you must include on every digital page view the following attribution:
    Access for free at https://openstax.org/books/introduction-computer-science/pages/1-introduction
Citation information

© Oct 29, 2024 OpenStax. Textbook content produced by OpenStax is licensed under a Creative Commons Attribution License . The OpenStax name, OpenStax logo, OpenStax book covers, OpenStax CNX name, and OpenStax CNX logo are not subject to the Creative Commons license and may not be reproduced without the prior and express written consent of Rice University.