The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.03 - May/June (2009 vol.11)
pp: 14-21
Simon Liu , US National Library of Medicine, National Institutes of Health
Bruce Cheng , Computer Sciences Corporation
ABSTRACT
Enterprises rely extensively on computerized information systems and electronic data in cyberspace to perform their daily activities and business. Today, virtually all public and private organizations connect to and live in cyberspace. As computers, information systems, and networking have become more ubiquitous, cybersecurity has become more critical for the continuity of business operations. To better understand cybersecurity, this article discusses the four "W's" of cyberattacks. It starts with an overview of the cause of cybersecurity problems, analyzes the challenges associated with it, outlines the cyberattacker profile, discusses cyberattack patterns, and finally summarizes recent cyberattack trends.
INDEX TERMS
Cyberattacks, vulnerability, cyberattackers, attack patterns, IT professional
CITATION
Simon Liu, Bruce Cheng, "Cyberattacks: Why, What, Who, and How", IT Professional, vol.11, no. 3, pp. 14-21, May/June 2009, doi:10.1109/MITP.2009.46
REFERENCES
1. C.E. Lindner, Information Security Primer, SANS Inst., 2001; www.sans.org/reading_room/whitepapers/basics 443.php.
2. I.M. Boyd, The Fundamentals of Computer Hacking, SANS Inst., 2000; www.sans.org/reading_room/whitepapers/hackers 956.php.
3. M. Poulin, Hacking: The Basics, SANS Inst., 2006; www.sans.org/reading_room/whitepapers/hackers 955.php.
4. H. Ju, K. Honkaniemi, and T. Svangård, "Wired Equivalent Privacy: A Memorandum in Secure Computer Systems," Uppsala Univ., 2009; http://74.125.93.104/search?q=cache:TcdYggXQZHUJ:www.it.uu.se/ edu/course/homepage/ sakdat/vt09/pm/programmewep.pdf+Wired+Equivalent+Privacy+CRC32&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a .
5. National Information Assurance Glossary, CNSSI-4009, Committee on Nat'l Security Systems, June 2006; www.cnss.gov/Assets/pdfcnssi_4009.pdf.
6. M. Allen, Social Engineering: A Means to Violate a Computer System, SANS Inst., 2007; www.sans.org/reading_room/whitepapers/engineering 529.php.
7. R. Kissel, Glossary of Key Information Security Terms, NIST IR 7298, US Nat'l Inst. Standards and Tech., 2006; http://csrc.nist.gov/publications/nistir NISTIR-298_Glossary_Key_Infor_Security_Terms.pdf .
8. Technology Assessment: Cybersecurity for Critical Infrastructure Protection, GAO-04-0321, US Gov't Accountability Office, 2004; www.gao.gov/new.itemsd04321.pdf.
9. M. Rogers, Preliminary Findings: Understanding Criminal Computer Behavior: A Personality Trait and Moral Choice Analysis, Purdue Univ., 2003; http://homes.cerias.purdue.edu~mkr/.
10. M. Rogers, A New Hacker Taxonomy, Purdue Univ., 2000; http://homes.cerias.purdue.edu~mkr/.
11. Technology Assessment: Cybersecurity for Critical Infrastructure Protection, tech. report GAO-04-0321, US Government Accountability Office, 2004; www.gao.gov/new.itemsd04321.pdf.
12. T. Wilson, "Eight Faces of a Hacker," Information Week,29 Mar. 2007; www.darkreading.comdocument.asp?doc_id=120800&page_number=1,29 .
13. M. Shepherd, "Windows Security Patch Management Case Study: Using Software Update Services to Deploy Critical Windows Updates," SANS Inst., 2005; www.sans.org/reading_room/whitepapers/windows windows_security_patch_management_case_study_using_software_update_services_to_deploy_critical_windows_updates_1588 .
14. D. Scott and R. Sharp, "Specifying and Enforcing Application-Level Web Security Policies," IEEE Trans. Knowledge and Data Eng., vol. 15, no. 4, 2003, pp. 771–783.
15. J. Wheatman and P.E. Proctor, "Highlights from Black Hat 2008: Virtualization and Web Applications Remain High-Profile Security Issues," Gartner Group, 2008; www.gartner.comDisplayDocument?doc_cd=160889&ref=g_rss .
15 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool