The Community for Technology Leaders
RSS Icon
Issue No.03 - May/June (2009 vol.11)
pp: 14-21
Simon Liu , US National Library of Medicine, National Institutes of Health
Bruce Cheng , Computer Sciences Corporation
Enterprises rely extensively on computerized information systems and electronic data in cyberspace to perform their daily activities and business. Today, virtually all public and private organizations connect to and live in cyberspace. As computers, information systems, and networking have become more ubiquitous, cybersecurity has become more critical for the continuity of business operations. To better understand cybersecurity, this article discusses the four "W's" of cyberattacks. It starts with an overview of the cause of cybersecurity problems, analyzes the challenges associated with it, outlines the cyberattacker profile, discusses cyberattack patterns, and finally summarizes recent cyberattack trends.
Cyberattacks, vulnerability, cyberattackers, attack patterns, IT professional
Simon Liu, Bruce Cheng, "Cyberattacks: Why, What, Who, and How", IT Professional, vol.11, no. 3, pp. 14-21, May/June 2009, doi:10.1109/MITP.2009.46
1. C.E. Lindner, Information Security Primer, SANS Inst., 2001; 443.php.
2. I.M. Boyd, The Fundamentals of Computer Hacking, SANS Inst., 2000; 956.php.
3. M. Poulin, Hacking: The Basics, SANS Inst., 2006; 955.php.
4. H. Ju, K. Honkaniemi, and T. Svangård, "Wired Equivalent Privacy: A Memorandum in Secure Computer Systems," Uppsala Univ., 2009; edu/course/homepage/ sakdat/vt09/pm/programmewep.pdf+Wired+Equivalent+Privacy+CRC32&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a .
5. National Information Assurance Glossary, CNSSI-4009, Committee on Nat'l Security Systems, June 2006;
6. M. Allen, Social Engineering: A Means to Violate a Computer System, SANS Inst., 2007; 529.php.
7. R. Kissel, Glossary of Key Information Security Terms, NIST IR 7298, US Nat'l Inst. Standards and Tech., 2006; NISTIR-298_Glossary_Key_Infor_Security_Terms.pdf .
8. Technology Assessment: Cybersecurity for Critical Infrastructure Protection, GAO-04-0321, US Gov't Accountability Office, 2004;
9. M. Rogers, Preliminary Findings: Understanding Criminal Computer Behavior: A Personality Trait and Moral Choice Analysis, Purdue Univ., 2003;
10. M. Rogers, A New Hacker Taxonomy, Purdue Univ., 2000;
11. Technology Assessment: Cybersecurity for Critical Infrastructure Protection, tech. report GAO-04-0321, US Government Accountability Office, 2004;
12. T. Wilson, "Eight Faces of a Hacker," Information Week,29 Mar. 2007; www.darkreading.comdocument.asp?doc_id=120800&page_number=1,29 .
13. M. Shepherd, "Windows Security Patch Management Case Study: Using Software Update Services to Deploy Critical Windows Updates," SANS Inst., 2005; windows_security_patch_management_case_study_using_software_update_services_to_deploy_critical_windows_updates_1588 .
14. D. Scott and R. Sharp, "Specifying and Enforcing Application-Level Web Security Policies," IEEE Trans. Knowledge and Data Eng., vol. 15, no. 4, 2003, pp. 771–783.
15. J. Wheatman and P.E. Proctor, "Highlights from Black Hat 2008: Virtualization and Web Applications Remain High-Profile Security Issues," Gartner Group, 2008; www.gartner.comDisplayDocument?doc_cd=160889&ref=g_rss .
63 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool