Computer security

Computer security (also cybersecurity, digital security, or information technology (IT)

security) is t he prot ect ion of comput er soft ware, syst ems and net works from t hreat s t hat can lead
t o unaut horized informat ion disclosure, t heft or damage t o hardware, soft ware, or dat a, as well as
from t he disrupt ion or misdirect ion of t he services t hey provide.[1][2]

An example of a physical security

measure: a metal lock on the back of
a personal computer to prevent
hardware tampering.

The significance of t he field st ems from t he expanded reliance on comput er syst ems, t he
Int ernet ,[3] and wireless net work st andards. It s import ance is furt her amplified by t he growt h of
smart devices, including smart phones, t elevisions, and t he various devices t hat const it ut e t he
Int ernet of t hings (IoT). Cybersecurit y has emerged as one of t he most significant new challenges
facing t he cont emporary world, due t o bot h t he complexit y of informat ion syst ems and t he
societ ies t hey support . Securit y is part icularly crucial for syst ems t hat govern large-scale syst ems
wit h far-reaching physical effect s, such as power dist ribut ion, elect ions, and finance.[4][5]

Alt hough many aspect s of comput er securit y involve digit al securit y, such as elect ronic passwords
and encrypt ion, physical securit y measures such as met al locks are st ill used t o prevent
unaut horized t ampering. IT securit y is not a perfect subset of informat ion securit y, t herefore does
not complet ely align int o t he securit y convergence schema.
Vulnerabilities and attacks

A vulnerabilit y refers t o a flaw in t he st ruct ure, execut ion, funct ioning, or int ernal oversight of a
comput er or syst em t hat compromises it s securit y. Most of t he vulnerabilit ies t hat have been
discovered are document ed in t he Common Vulnerabilit ies and Exposures (CVE) dat abase.[6] An
exploitable vulnerabilit y is one for which at least one working at t ack or exploit exist s.[7] Act ors
maliciously seeking vulnerabilit ies are known as threats . Vulnerabilit ies can be researched, reverse-
engineered, hunt ed, or exploit ed using aut omat ed t ools or cust omized script s.[8][9]

Various people or part ies are vulnerable t o cyber at t acks; however, different groups are likely t o
experience different t ypes of at t acks more t han ot hers.[10]

In April 2023, t he Unit ed Kingdom Depart ment for Science, Innovat ion & Technology released a
report on cyber at t acks over t he previous 12 mont hs.[11] They surveyed 2,263 UK businesses, 1,174
UK regist ered charit ies, and 554 educat ion inst it ut ions. The research found t hat "32% of businesses
and 24% of charit ies overall recall any breaches or at t acks from t he last 12 mont hs." These figures
were much higher for "medium businesses (59%), large businesses (69%), and high-income charit ies
wit h £500,000 or more in annual income (56%)."[11] Yet , alt hough medium or large businesses are more
oft en t he vict ims, since larger companies have generally improved t heir securit y over t he last
decade, small and midsize businesses (SMBs) have also become increasingly vulnerable as t hey
oft en "do not have advanced t ools t o defend t he business."[10] SMBs are most likely t o be affect ed
by malware, ransomware, phishing, man-in-t he-middle at t acks, and Denial-of Service (DoS)
At t acks.[10]

Normal int ernet users are most likely t o be affect ed by unt arget ed cyberat t acks.[12] These are
where at t ackers indiscriminat ely t arget as many devices, services, or users as possible. They do t his
using t echniques t hat t ake advant age of t he openness of t he Int ernet . These st rat egies most ly
include phishing, ransomware, wat er holing and scanning.[12]

To secure a comput er syst em, it is import ant t o underst and t he at t acks t hat can be made against it ,
and t hese t hreat s can t ypically be classified int o one of t he following cat egories:

Backdoor

A backdoor in a comput er syst em, a crypt osyst em, or an algorit hm is any secret met hod of
bypassing normal aut hent icat ion or securit y cont rols. These weaknesses may exist for many
reasons, including original design or poor configurat ion.[13] Due t o t he nat ure of backdoors, t hey are
of great er concern t o companies and dat abases as opposed t o individuals.

Backdoors may be added by an aut horized part y t o allow some legit imat e access or by an at t acker
for malicious reasons. Criminals oft en use malware t o inst all backdoors, giving t hem remot e
administ rat ive access t o a syst em.[14] Once t hey have access, cybercriminals can "modify files, st eal
personal informat ion, inst all unwant ed soft ware, and even t ake cont rol of t he ent ire comput er."[14]

Backdoors can be very hard t o det ect and are usually discovered by someone who has access t o
t he applicat ion source code or int imat e knowledge of t he operat ing syst em of t he comput er.

Denial-of-service attack

Denial-of-service at t acks (DoS) are designed t o make a machine or net work resource unavailable t o
it s int ended users.[15] At t ackers can deny service t o individual vict ims, such as by deliberat ely
ent ering a wrong password enough consecut ive t imes t o cause t he vict im's account t o be locked, or
t hey may overload t he capabilit ies of a machine or net work and block all users at once. While a
net work at t ack from a single IP address can be blocked by adding a new firewall rule, many forms of
dist ribut ed denial-of-service (DDoS) at t acks are possible, where t he at t ack comes from a large
number of point s. In t his case, defending against t hese at t acks is much more difficult . Such at t acks
can originat e from t he zombie comput ers of a bot net or from a range of ot her possible t echniques,
including dist ribut ed reflect ive denial-of-service (DRDoS), where innocent syst ems are fooled int o
sending t raffic t o t he vict im.[15] Wit h such at t acks, t he amplificat ion fact or makes t he at t ack easier
for t he at t acker because t hey have t o use lit t le bandwidt h t hemselves. To underst and why
at t ackers may carry out t hese at t acks, see t he 'at t acker mot ivat ion' sect ion.

Physical access attacks

A direct -access at t ack is when an unaut horized user (an at t acker) gains physical access t o a
comput er, most likely t o direct ly copy dat a from it or st eal informat ion.[16] At t ackers may also
compromise securit y by making operat ing syst em modificat ions, inst alling soft ware worms,
keyloggers, covert list ening devices or using wireless microphones. Even when t he syst em is
prot ect ed by st andard securit y measures, t hese may be bypassed by boot ing anot her operat ing
syst em or t ool from a CD-ROM or ot her boot able media. Disk encrypt ion and t he Trust ed Plat form
Module st andard are designed t o prevent t hese at t acks.
Direct service at t ackers are relat ed in concept t o direct memory at t acks which allow an at t acker t o
gain direct access t o a comput er's memory.[17] The at t acks "t ake advant age of a feat ure of modern
comput ers t hat allows cert ain devices, such as ext ernal hard drives, graphics cards, or net work
cards, t o access t he comput er's memory direct ly."[17]

Eavesdropping

Eavesdropping is t he act of surrept it iously list ening t o a privat e comput er conversat ion
(communicat ion), usually bet ween host s on a net work. It t ypically occurs when a user connect s t o a
net work where t raffic is not secured or encrypt ed and sends sensit ive business dat a t o a colleague,
which, when list ened t o by an at t acker, could be exploit ed.[18] Dat a t ransmit t ed across an open
network allows an at t acker t o exploit a vulnerabilit y and int ercept it via various met hods.

Unlike malware, direct -access at t acks, or ot her forms of cyber at t acks, eavesdropping at t acks are
unlikely t o negat ively affect t he performance of net works or devices, making t hem difficult t o
not ice.[18] In fact , "t he at t acker does not need t o have any ongoing connect ion t o t he soft ware at
all. The at t acker can insert t he soft ware ont o a compromised device, perhaps by direct insert ion or
perhaps by a virus or ot her malware, and t hen come back some t ime lat er t o ret rieve any dat a t hat is
found or t rigger t he soft ware t o send t he dat a at some det ermined t ime."[19]

Using a virt ual privat e net work (VPN), which encrypt s dat a bet ween t wo point s, is one of t he most
common forms of prot ect ion against eavesdropping. Using t he best form of encrypt ion possible for
wireless net works is best pract ice, as well as using HTTPS inst ead of an unencrypt ed HTTP.[20]

Programs such as Carnivore and NarusInSight have been used by t he Federal Bureau of Invest igat ion
(FBI) and NSA t o eavesdrop on t he syst ems of int ernet service providers. Even machines t hat
operat e as a closed syst em (i.e., wit h no cont act wit h t he out side world) can be eavesdropped upon
by monit oring t he faint elect romagnet ic t ransmissions generat ed by t he hardware. TEMPEST is a
specificat ion by t he NSA referring t o t hese at t acks.

Malware

Malicious soft ware (malware) is any soft ware code or comput er program "int ent ionally writ t en t o
harm a comput er syst em or it s users."[21] Once present on a comput er, it can leak sensit ive det ails
such as personal informat ion, business informat ion and passwords, can give cont rol of t he syst em t o
t he at t acker, and can corrupt or delet e dat a permanent ly.[22] Anot her t ype of malware is
ransomware, which is when "malware inst alls it self ont o a vict im's machine, encrypt s t heir files, and
t hen t urns around and demands a ransom (usually in Bit coin) t o ret urn t hat dat a t o t he user."[23]

Types of malware include some of t he following:

Viruses are a specific t ype of malware, and are normally a malicious code t hat hijacks soft ware
wit h t he int ent ion t o "do damage and spread copies of it self." Copies are made wit h t he aim t o
spread t o ot her programs on a comput er.[21]

Worms are similar t o viruses, however viruses can only funct ion when a user runs (opens) a
compromised program. Worms are self-replicat ing malware t hat spread bet ween programs, apps
and devices without t he need for human int eract ion.[21]

Trojan horses are programs t hat pret end t o be helpful or hide t hemselves wit hin desired or
legit imat e soft ware t o "t rick users int o inst alling t hem." Once inst alled, a RAT (remot e access
t rojan) can creat e a secret backdoor on t he affect ed device t o cause damage.[21]

Spyware is a t ype of malware t hat secret ly gat hers informat ion from an infect ed comput er and
t ransmit s t he sensit ive informat ion back t o t he at t acker. One of t he most common forms of
spyware are keyloggers, which record all of a user's keyboard input s/keyst rokes, t o "allow hackers
t o harvest usernames, passwords, bank account and credit card numbers."[21]

Scareware, as t he name suggest s, is a form of malware which uses social engineering

(manipulat ion) t o scare, shock, t rigger anxiet y, or suggest t he percept ion of a t hreat in order t o
manipulat e users int o buying or inst alling unwant ed soft ware. These at t acks oft en begin wit h a
"sudden pop-up wit h an urgent message, usually warning t he user t hat t hey've broken t he law or
t heir device has a virus."[21]

Man-in-the-middle attacks

Man-in-t he-middle at t acks (MITM) involve a malicious at t acker t rying t o int ercept , surveil or modify
communicat ions bet ween t wo part ies by spoofing one or bot h part y's ident it ies and inject ing
t hemselves in-bet ween.[24] Types of MITM at t acks include:

IP address spoofing is where t he at t acker hijacks rout ing prot ocols t o rerout e t he t arget s t raffic
t o a vulnerable net work node for t raffic int ercept ion or inject ion.

Message spoofing (via email, SMS or OTT messaging) is where t he at t acker spoofs t he ident it y or
carrier service while t he t arget is using messaging prot ocols like email, SMS or OTT (IP-based)
messaging apps. The at t acker can t hen monit or conversat ions, launch social at t acks or t rigger
zero-day-vulnerabilit ies t o allow for furt her at t acks.
 WiFi SSID spoofing is where t he at t acker simulat es a WIFI base st at ion SSID t o capt ure and
modify int ernet t raffic and t ransact ions. The at t acker can also use local net work addressing and
reduced net work defenses t o penet rat e t he t arget 's firewall by breaching known vulnerabilit ies.
Somet imes known as a Pineapple at t ack t hanks t o a popular device. See also Malicious
associat ion.

DNS spoofing is where at t ackers hijack domain name assignment s t o redirect t raffic t o syst ems
under t he at t ackers cont rol, in order t o surveil t raffic or launch ot her at t acks.

SSL hijacking, t ypically coupled wit h anot her media-level MITM at t ack, is where t he at t acker
spoofs t he SSL aut hent icat ion and encrypt ion prot ocol by way of Cert ificat e Aut horit y inject ion in
order t o decrypt , surveil and modify t raffic. See also TLS int ercept ion[24]

Multi-vector, polymorphic attacks

Surfacing in 2017, a new class of mult i-vect or,[25] polymorphic [26] cyber t hreat s combine several
t ypes of at t acks and change form t o avoid cybersecurit y cont rols as t hey spread.

Mult i-vect or polymorphic at t acks, as t he name describes, are bot h mult i-vect ored and
polymorphic.[27] First ly, t hey are a singular at t ack t hat involves mult iple met hods of at t ack. In t his
sense, t hey are "mult i-vect ored (i.e. t he at t ack can use mult iple means of propagat ion such as via
t he Web, email and applicat ions." However, t hey are also mult i-st aged, meaning t hat "t hey can
infilt rat e net works and move lat erally inside t he net work."[27] The at t acks can be polymorphic,
meaning t hat t he cyberat t acks used such as viruses, worms or t rojans "const ant ly change ("morph")
making it nearly impossible t o det ect t hem using signat ure-based defences."[27]
Phishing

An example of a phishing email,

disguised as an official email from a
(fictional) bank. The sender is
attempting to trick the recipient into
revealing confidential information by
confirming it at the phisher's website.
Note the misspelling of the words
received and discrepancy as recieved
and discrep ency, respectively.
Although the URL of the bank's
webpage appears to be legitimate,
the hyperlink points at the phisher's
webpage.

Phishing is t he at t empt of acquiring sensit ive informat ion such as usernames, passwords, and credit
card det ails direct ly from users by deceiving t he users.[28] Phishing is t ypically carried out by email
spoofing, inst ant messaging, t ext message, or on a phone call. They oft en direct users t o ent er
det ails at a fake websit e whose look and feel are almost ident ical t o t he legit imat e one.[29] The fake
websit e oft en asks for personal informat ion, such as login det ails and passwords. This informat ion
can t hen be used t o gain access t o t he individual's real account on t he real websit e.

Preying on a vict im's t rust , phishing can be classified as a form of social engineering. At t ackers can
use creat ive ways t o gain access t o real account s. A common scam is for at t ackers t o send fake
elect ronic invoices[30] t o individuals showing t hat t hey recent ly purchased music, apps, or ot hers, and
inst ruct ing t hem t o click on a link if t he purchases were not aut horized. A more st rat egic t ype of
phishing is spear-phishing which leverages personal or organizat ion-specific det ails t o make t he
at t acker appear like a t rust ed source. Spear-phishing at t acks t arget specific individuals, rat her t han
t he broad net cast by phishing at t empt s.[31]
Privilege escalation

Privilege escalat ion describes a sit uat ion where an at t acker wit h some level of rest rict ed access is
able t o, wit hout aut horizat ion, elevat e t heir privileges or access level.[32] For example, a st andard
comput er user may be able t o exploit a vulnerabilit y in t he syst em t o gain access t o rest rict ed dat a;
or even become root and have full unrest rict ed access t o a syst em. The severit y of at t acks can
range from at t acks simply sending an unsolicit ed email t o a ransomware at t ack on large amount s of
dat a. Privilege escalat ion usually st art s wit h social engineering t echniques, oft en phishing.[32]

Privilege escalat ion can be separat ed int o t wo st rat egies, horizont al and vert ical privilege
escalat ion:

Horizont al escalat ion (or account t akeover) is where an at t acker gains access t o a normal user
account t hat has relat ively low-level privileges. This may be t hrough st ealing t he user's username
and password. Once t hey have access, t hey have gained a foothold, and using t his foot hold t he
at t acker t hen may move around t he net work of users at t his same lower level, gaining access t o
informat ion of t his similar privilege.[32]

Vert ical escalat ion however t arget s people higher up in a company and oft en wit h more
administ rat ive power, such as an employee in IT wit h a higher privilege. Using t his privileged
account will t hen enable t he at t acker t o invade ot her account s.[32]

Side-channel attack

Any comput at ional syst em affect s it s environment in some form. This effect it has on it s
environment can range from elect romagnet ic radiat ion, t o residual effect on RAM cells which as a
consequence make a Cold boot at t ack possible, t o hardware implement at ion fault s t hat allow for
access or guessing of ot her values t hat normally should be inaccessible. In Side-channel at t ack
scenarios, t he at t acker would gat her such informat ion about a syst em or net work t o guess it s
int ernal st at e and as a result access t he informat ion which is assumed by t he vict im t o be secure.
The t arget informat ion in a side channel can be challenging t o det ect due t o it s low amplit ude when
combined wit h ot her signals [33]

Social engineering

Social engineering, in t he cont ext of comput er securit y, aims t o convince a user t o disclose secret s
such as passwords, card numbers, et c. or grant physical access by, for example, impersonat ing a
senior execut ive, bank, a cont ract or, or a cust omer.[34] This generally involves exploit ing people's
t rust , and relying on t heir cognit ive biases. A common scam involves emails sent t o account ing and
finance depart ment personnel, impersonat ing t heir CEO and urgent ly request ing some act ion. One of
t he main t echniques of social engineering are phishing at t acks.

In early 2016, t he FBI report ed t hat such business email compromise (BEC) scams had cost US
businesses more t han $2 billion in about t wo years.[35]

In May 2016, t he Milwaukee Bucks NBA t eam was t he vict im of t his t ype of cyber scam wit h a
perpet rat or impersonat ing t he t eam's president Pet er Feigin, result ing in t he handover of all t he
t eam's employees' 2015 W-2 t ax forms.[36]

Spoofing

Spoofing is an act of pret ending t o be a valid ent it y t hrough t he falsificat ion of dat a (such as an IP
address or username), in order t o gain access t o informat ion or resources t hat one is ot herwise
unaut horized t o obt ain. Spoofing is closely relat ed t o phishing.[37][38] There are several t ypes of
spoofing, including:

Email spoofing, is where an at t acker forges t he sending (From, or source) address of an email.

IP address spoofing, where an at t acker alt ers t he source IP address in a net work packet t o hide
t heir ident it y or impersonat e anot her comput ing syst em.

MAC spoofing, where an at t acker modifies t he Media Access Cont rol (MAC) address of t heir
net work int erface cont roller t o obscure t heir ident it y, or t o pose as anot her.

Biomet ric spoofing, where an at t acker produces a fake biomet ric sample t o pose as anot her
user.[39]

Address Resolut ion Prot ocol (ARP) spoofing, where an at t acker sends spoofed address resolut ion
prot ocol ont o a local area net work t o associat e t heir Media Access Cont rol address wit h a
different host 's IP address. This causes dat a t o be sent t o t he at t acker rat her t han t he int ended
host .

In 2018, t he cybersecurit y firm Trellix published research on t he life-t hreat ening risk of spoofing in
t he healt hcare indust ry.[40]

Tampering

Tampering describes a malicious modificat ion or alt erat ion of dat a. It is an int ent ional but
unaut horized act result ing in t he modificat ion of a syst em, component s of syst ems, it s int ended
behavior, or dat a. So-called Evil Maid at t acks and securit y services plant ing of surveillance capabilit y
int o rout ers are examples.[41]

HTML smuggling

HTML smuggling allows an at t acker t o smuggle a malicious code inside a part icular HTML or web
page.[42] HTML files can carry payloads concealed as benign, inert dat a in order t o defeat cont ent
filt ers. These payloads can be reconst ruct ed on t he ot her side of t he filt er.[43]

When a t arget user opens t he HTML, t he malicious code is act ivat ed; t he web browser t hen
decodes t he script , which t hen unleashes t he malware ont o t he t arget 's device.[42]

Information security practices

Employee behavior can have a big impact on informat ion securit y in organizat ions. Cult ural concept s
can help different segment s of t he organizat ion work effect ively or work against effect iveness
t oward informat ion securit y wit hin an organizat ion. Informat ion securit y cult ure is t he "...t ot alit y of
pat t erns of behavior in an organizat ion t hat cont ribut es t o t he prot ect ion of informat ion of all
kinds."[44]

Andersson and Reimers (2014) found t hat employees oft en do not see t hemselves as part of t heir
organizat ion's informat ion securit y effort and oft en t ake act ions t hat impede organizat ional
changes.[45] Indeed, t he Verizon Dat a Breach Invest igat ions Report 2020, which examined 3,950
securit y breaches, discovered 30% of cybersecurit y incident s involved int ernal act ors wit hin a
company.[46] Research shows informat ion securit y cult ure needs t o be improved cont inuously. In
"Informat ion Securit y Cult ure from Analysis t o Change", aut hors comment ed, "It 's a never-ending
process, a cycle of evaluat ion and change or maint enance." To manage t he informat ion securit y
cult ure, five st eps should be t aken: pre-evaluat ion, st rat egic planning, operat ive planning,
implement at ion, and post -evaluat ion.[47]

Pre-evaluat ion: To ident ify t he awareness of informat ion securit y wit hin employees and t o analyze
t he current securit y policies.

St rat egic planning: To come up wit h a bet t er awareness program, clear t arget s need t o be set .
Assembling a t eam of skilled professionals is helpful t o achieve it .

Operat ive planning: A good securit y cult ure can be est ablished based on int ernal communicat ion,
management buy-in, securit y awareness and a t raining program.[47]
 Implement at ion: Four st ages should be used t o implement t he informat ion securit y cult ure. They
are:
1. Commit ment of t he management

2. Communicat ion wit h organizat ional members

3. Courses for all organizat ional members

4. Commit ment of t he employees[47]

Post -evaluat ion: To assess t he success of t he planning and implement at ion, and t o ident ify
unresolved areas of concern.

Computer protection (countermeasures)

In comput er securit y, a count ermeasure is an act ion, device, procedure or t echnique t hat reduces a
t hreat , a vulnerabilit y, or an at t ack by eliminat ing or prevent ing it , by minimizing t he harm it can cause,
or by discovering and report ing it so t hat correct ive act ion can be t aken.[48][49][50]

Some common count ermeasures are list ed in t he following sect ions:

Security by design

Securit y by design, or alt ernat ely secure by design, means t hat t he soft ware has been designed
from t he ground up t o be secure. In t his case, securit y is considered a main feat ure.

The UK government 's Nat ional Cyber Securit y Cent re separat es secure cyber design principles int o
five sect ions:[51]

1. Before a secure syst em is creat ed or updat ed, companies should ensure t hey underst and t he
fundament als and t he cont ext around t he syst em t hey are t rying t o creat e and ident ify any
weaknesses in t he syst em.

2. Companies should design and cent re t heir securit y around t echniques and defences which
make at t acking t heir dat a or syst ems inherent ly more challenging for at t ackers.

3. Companies should ensure t hat t heir core services t hat rely on t echnology are prot ect ed so
t hat t he syst ems are essent ially never down.

4. Alt hough syst ems can be creat ed which are safe against a mult it ude of at t acks, t hat does not
mean t hat at t acks will not be at t empt ed. Despit e one's securit y, all companies' syst ems
 should aim t o be able t o det ect and spot at t acks as soon as t hey occur t o ensure t he most
effect ive response t o t hem.

5. Companies should creat e secure syst ems designed so t hat any at t ack t hat is successful has
minimal severit y.

These design principles of securit y by design can include some of t he following t echniques:

The principle of least privilege, where each part of t he syst em has only t he privileges t hat are
needed for it s funct ion. That way, even if an at t acker gains access t o t hat part , t hey only have
limit ed access t o t he whole syst em.

Aut omat ed t heorem proving t o prove t he correct ness of crucial soft ware subsyst ems.

Code reviews and unit t est ing, approaches t o make modules more secure where formal
correct ness proofs are not possible.

Defense in dept h, where t he design is such t hat more t han one subsyst em needs t o be violat ed t o
compromise t he int egrit y of t he syst em and t he informat ion it holds.

Default secure set t ings, and design t o fail secure rat her t han fail insecure (see fail-safe for t he
equivalent in safet y engineering). Ideally, a secure syst em should require a deliberat e, conscious,
knowledgeable and free decision on t he part of legit imat e aut horit ies in order t o make it insecure.

Audit t rails t rack syst em act ivit y so t hat when a securit y breach occurs, t he mechanism and
ext ent of t he breach can be det ermined. St oring audit t rails remot ely, where t hey can only be
appended t o, can keep int ruders from covering t heir t racks.

Full disclosure of all vulnerabilit ies, t o ensure t hat t he window of vulnerability is kept as short as
possible when bugs are discovered.

Security architecture

Securit y archit ect ure can be defined as t he "pract ice of designing comput er syst ems t o achieve
securit y goals."[52] These goals have overlap wit h t he principles of "securit y by design" explored
above, including t o "make init ial compromise of t he syst em difficult ," and t o "limit t he impact of any
compromise."[52] In pract ice, t he role of a securit y archit ect would be t o ensure t he st ruct ure of a
syst em reinforces t he securit y of t he syst em, and t hat new changes are safe and meet t he securit y
requirement s of t he organizat ion.[53][54]

Similarly, Techopedia defines securit y archit ect ure as "a unified securit y design t hat addresses t he
necessit ies and pot ent ial risks involved in a cert ain scenario or environment . It also specifies when
and where t o apply securit y cont rols. The design process is generally reproducible." The key
at t ribut es of securit y archit ect ure are:[55]

t he relat ionship of different component s and how t hey depend on each ot her.

det erminat ion of cont rols based on risk assessment , good pract ices, finances, and legal mat t ers.

t he st andardizat ion of cont rols.

Pract icing securit y archit ect ure provides t he right foundat ion t o syst emat ically address business, IT
and securit y concerns in an organizat ion.

Security measures

A st at e of comput er securit y is t he concept ual ideal, at t ained by t he use of t hree processes: t hreat
prevent ion, det ect ion, and response. These processes are based on various policies and syst em
component s, which include t he following:

Limit ing t he access of individuals using user account access cont rols and using crypt ography can
prot ect syst ems files and dat a, respect ively.

Firewalls are by far t he most common prevent ion syst ems from a net work securit y perspect ive as
t hey can (if properly configured) shield access t o int ernal net work services and block cert ain kinds
of at t acks t hrough packet filt ering. Firewalls can be bot h hardware and soft ware-based. Firewalls
monit or and cont rol incoming and out going t raffic of a comput er net work and est ablish a barrier
bet ween a t rust ed net work and an unt rust ed net work.[56]

Int rusion Det ect ion Syst em (IDS) product s are designed t o det ect net work at t acks in-progress
and assist in post -at t ack forensics, while audit t rails and logs serve a similar funct ion for individual
syst ems.

Response is necessarily defined by t he assessed securit y requirement s of an individual syst em

and may cover t he range from simple upgrade of prot ect ions t o not ificat ion of legal aut horit ies,
count er-at t acks, and t he like. In some special cases, t he complet e dest ruct ion of t he
compromised syst em is favored, as it may happen t hat not all t he compromised resources are
det ect ed.

Cyber securit y awareness t raining t o cope wit h cyber t hreat s and at t acks.[57]

Forward web proxy solut ions can prevent t he client t o visit malicious web pages and inspect t he
cont ent before downloading t o t he client machines.
Today, comput er securit y consist s mainly of prevent ive measures, like firewalls or an exit procedure.
A firewall can be defined as a way of filt ering net work dat a bet ween a host or a net work and anot her
net work, such as t he Int ernet . They can be implement ed as soft ware running on t he machine,
hooking int o t he net work st ack (or, in t he case of most UNIX-based operat ing syst ems such as
Linux, built int o t he operat ing syst em kernel) t o provide real-t ime filt ering and blocking.[56] Anot her
implement at ion is a so-called physical firewall, which consist s of a separat e machine filt ering
net work t raffic. Firewalls are common amongst machines t hat are permanent ly connect ed t o t he
Int ernet .

Some organizat ions are t urning t o big dat a plat forms, such as Apache Hadoop, t o ext end dat a
accessibilit y and machine learning t o det ect advanced persist ent t hreat s.[58]

In order t o ensure adequat e securit y, t he confident ialit y, int egrit y and availabilit y of a net work,
bet t er known as t he CIA t riad, must be prot ect ed and is considered t he foundat ion t o informat ion
securit y.[59] To achieve t hose object ives, administ rat ive, physical and t echnical securit y measures
should be employed. The amount of securit y afforded t o an asset can only be det ermined when it s
value is known.[60]

Vulnerability management

Vulnerabilit y management is t he cycle of ident ifying, fixing or mit igat ing vulnerabilit ies,[61] especially
in soft ware and firmware. Vulnerabilit y management is int egral t o comput er securit y and net work
securit y.

Vulnerabilit ies can be discovered wit h a vulnerabilit y scanner, which analyzes a comput er syst em in
search of known vulnerabilit ies,[62] such as open port s, insecure soft ware configurat ion, and
suscept ibilit y t o malware. In order for t hese t ools t o be effect ive, t hey must be kept up t o dat e
wit h every new updat e t he vendor release. Typically, t hese updat es will scan for t he new
vulnerabilit ies t hat were int roduced recent ly.

Beyond vulnerabilit y scanning, many organizat ions cont ract out side securit y audit ors t o run regular
penet rat ion t est s against t heir syst ems t o ident ify vulnerabilit ies. In some sect ors, t his is a
cont ract ual requirement .[63]
Reducing vulnerabilities

The act of assessing and reducing vulnerabilit ies t o cyber at t acks is commonly referred t o as
informat ion t echnology securit y assessment s. They aim t o assess syst ems for risk and t o predict
and t est for t heir vulnerabilit ies. While formal verificat ion of t he correct ness of comput er syst ems is
possible,[64][65] it is not yet common. Operat ing syst ems formally verified include seL4,[66] and
SYSGO's PikeOS [67][68] – but t hese make up a very small percent age of t he market .

It is possible t o reduce an at t acker's chances by keeping syst ems up t o dat e wit h securit y pat ches
and updat es and by hiring people wit h expert ise in securit y. Large companies wit h significant t hreat s
can hire Securit y Operat ions Cent re (SOC) Analyst s. These are specialist s in cyber defences, wit h
t heir role ranging from "conduct ing t hreat analysis t o invest igat ing report s of any new issues and
preparing and t est ing disast er recovery plans."[69]

Whilst no measures can complet ely guarant ee t he prevent ion of an at t ack, t hese measures can help
mit igat e t he damage of possible at t acks. The effect s of dat a loss/damage can be also reduced by
careful backing up and insurance.

Out side of formal assessment s, t here are various met hods of reducing vulnerabilit ies. Two fact or
aut hent icat ion is a met hod for mit igat ing unaut horized access t o a syst em or sensit ive
informat ion.[70] It requires something you know: a password or PIN, and something you have: a card,
dongle, cellphone, or anot her piece of hardware. This increases securit y as an unaut horized person
needs bot h of t hese t o gain access.

Prot ect ing against social engineering and direct comput er access (physical) at t acks can only
happen by non-comput er means, which can be difficult t o enforce, relat ive t o t he sensit ivit y of t he
informat ion. Training is oft en involved t o help mit igat e t his risk by improving people's knowledge of
how t o prot ect t hemselves and by increasing people's awareness of t hreat s.[71] However, even in
highly disciplined environment s (e.g. milit ary organizat ions), social engineering at t acks can st ill be
difficult t o foresee and prevent .

Inoculat ion, derived from inoculat ion t heory, seeks t o prevent social engineering and ot her fraudulent
t ricks and t raps by inst illing a resist ance t o persuasion at t empt s t hrough exposure t o similar or
relat ed at t empt s.[72]
Hardware protection mechanisms

Hardware-based or assist ed comput er securit y also offers an alt ernat ive t o soft ware-only
comput er securit y. Using devices and met hods such as dongles, t rust ed plat form modules, int rusion-
aware cases, drive locks, disabling USB port s, and mobile-enabled access may be considered more
secure due t o t he physical access (or sophist icat ed backdoor access) required in order t o be
compromised. Each of t hese is covered in more det ail below.

USB dongles are t ypically used in soft ware licensing schemes t o unlock soft ware capabilit ies,[73]
but t hey can also be seen as a way t o prevent unaut horized access t o a comput er or ot her
device's soft ware. The dongle, or key, essent ially creat es a secure encrypt ed t unnel bet ween t he
soft ware applicat ion and t he key. The principle is t hat an encrypt ion scheme on t he dongle, such
as Advanced Encrypt ion St andard (AES) provides a st ronger measure of securit y since it is harder
t o hack and replicat e t he dongle t han t o simply copy t he nat ive soft ware t o anot her machine and
use it . Anot her securit y applicat ion for dongles is t o use t hem for accessing web-based cont ent
such as cloud soft ware or Virt ual Privat e Net works (VPNs).[74] In addit ion, a USB dongle can be
configured t o lock or unlock a comput er.[75]

Trust ed plat form modules (TPMs) secure devices by int egrat ing crypt ographic capabilit ies ont o
access devices, t hrough t he use of microprocessors, or so-called comput ers-on-a-chip. TPMs
used in conjunct ion wit h server-side soft ware offer a way t o det ect and aut hent icat e hardware
devices, prevent ing unaut horized net work and dat a access.[76]

Comput er case int rusion det ect ion refers t o a device, t ypically a push-but t on swit ch, which
det ect s when a comput er case is opened. The firmware or BIOS is programmed t o show an alert
t o t he operat or when t he comput er is boot ed up t he next t ime.

Drive locks are essent ially soft ware t ools t o encrypt hard drives, making t hem inaccessible t o
t hieves.[77] Tools exist specifically for encrypt ing ext ernal drives as well.[78]

Disabling USB port s is a securit y opt ion for prevent ing unaut horized and malicious access t o an
ot herwise secure comput er. Infect ed USB dongles connect ed t o a net work from a comput er
inside t he firewall are considered by t he magazine Net work World as t he most common hardware
t hreat facing comput er net works.

Disconnect ing or disabling peripheral devices (like camera, GPS, removable st orage, et c.), t hat are
not in use.[79]

Mobile-enabled access devices are growing in popularit y due t o t he ubiquit ous nat ure of cell
phones.[80] Built -in capabilit ies such as Bluet oot h, t he newer Bluet oot h low energy (LE), near-field
communicat ion (NFC) on non-iOS devices and biomet ric validat ion such as t humbprint readers, as
 well as QR code reader soft ware designed for mobile devices, offer new, secure ways for mobile
phones t o connect t o access cont rol syst ems. These cont rol syst ems provide comput er securit y
and can also be used for cont rolling access t o secure buildings.[81]

IOMMUs allow for hardware-based sandboxing of component s in mobile and deskt op comput ers
by ut ilizing direct memory access prot ect ions.[82][83]

Physical Unclonable Funct ions (PUFs) can be used as a digit al fingerprint or a unique ident ifier t o
int egrat ed circuit s and hardware, providing users t he abilit y t o secure t he hardware supply chains
going int o t heir syst ems.[84][85]

Secure operating systems

One use of t he t erm computer security refers t o t echnology t hat is used t o implement secure
operat ing syst ems. Using secure operat ing syst ems is a good way of ensuring comput er securit y.
These are syst ems t hat have achieved cert ificat ion from an ext ernal securit y-audit ing organizat ion,
t he most popular evaluat ions are Common Crit eria (CC).[86]

Secure coding

In soft ware engineering, secure coding aims t o guard against t he accident al int roduct ion of securit y
vulnerabilit ies. It is also possible t o creat e soft ware designed from t he ground up t o be secure. Such
syst ems are secure by design. Beyond t his, formal verificat ion aims t o prove t he correct ness of t he
algorit hms underlying a syst em;[87] import ant for crypt ographic prot ocols for example.

Capabilities and access control lists

Wit hin comput er syst ems, t wo of t he main securit y models capable of enforcing privilege separat ion
are access cont rol list s (ACLs) and role-based access cont rol (RBAC).

An access-cont rol list (ACL), wit h respect t o a comput er file syst em, is a list of permissions
associat ed wit h an object . An ACL specifies which users or syst em processes are grant ed access t o
object s, as well as what operat ions are allowed on given object s.

Role-based access cont rol is an approach t o rest rict ing syst em access t o aut horized users,[88][89][90]
used by t he majorit y of ent erprises wit h more t han 500 employees,[91] and can implement mandat ory
access cont rol (MAC) or discret ionary access cont rol (DAC).
A furt her approach, capabilit y-based securit y has been most ly rest rict ed t o research operat ing
syst ems. Capabilit ies can, however, also be implement ed at t he language level, leading t o a st yle of
programming t hat is essent ially a refinement of st andard object -orient ed design. An open-source
project in t he area is t he E language.

User security training

The end-user is widely recognized as t he weakest link in t he securit y chain[92] and it is est imat ed
t hat more t han 90% of securit y incident s and breaches involve some kind of human error.[93][94]
Among t he most commonly recorded forms of errors and misjudgment are poor password
management , sending emails cont aining sensit ive dat a and at t achment s t o t he wrong recipient , t he
inabilit y t o recognize misleading URLs and t o ident ify fake websit es and dangerous email
at t achment s. A common mist ake t hat users make is saving t heir user id/password in t heir browsers
t o make it easier t o log in t o banking sit es. This is a gift t o at t ackers who have obt ained access t o a
machine by some means. The risk may be mit igat ed by t he use of t wo-fact or aut hent icat ion.[95]

As t he human component of cyber risk is part icularly relevant in det ermining t he global cyber risk[96]
an organizat ion is facing, securit y awareness t raining, at all levels, not only provides formal
compliance wit h regulat ory and indust ry mandat es but is considered essent ial[97] in reducing cyber
risk and prot ect ing individuals and companies from t he great majorit y of cyber t hreat s.

The focus on t he end-user represent s a profound cult ural change for many securit y pract it ioners,
who have t radit ionally approached cybersecurit y exclusively from a t echnical perspect ive, and
moves along t he lines suggest ed by major securit y cent ers[98] t o develop a cult ure of cyber
awareness wit hin t he organizat ion, recognizing t hat a securit y-aware user provides an import ant line
of defense against cyber at t acks.

Digital hygiene

Relat ed t o end-user t raining, digital hygiene or cyber hygiene is a fundament al principle relat ing t o
informat ion securit y and, as t he analogy wit h personal hygiene shows, is t he equivalent of
est ablishing simple rout ine measures t o minimize t he risks from cyber t hreat s. The assumpt ion is
t hat good cyber hygiene pract ices can give net worked users anot her layer of prot ect ion, reducing
t he risk t hat one vulnerable node will be used t o eit her mount at t acks or compromise anot her node
or net work, especially from common cyberat t acks.[99] Cyber hygiene should also not be mist aken for
proact ive cyber defence, a milit ary t erm.[100]
The most common act s of digit al hygiene can include updat ing malware prot ect ion, cloud back-ups,
passwords, and ensuring rest rict ed admin right s and net work firewalls.[101] As opposed t o a purely
t echnology-based defense against t hreat s, cyber hygiene most ly regards rout ine measures t hat are
t echnically simple t o implement and most ly dependent on discipline [102] or educat ion.[103] It can be
t hought of as an abst ract list of t ips or measures t hat have been demonst rat ed as having a posit ive
effect on personal or collect ive digit al securit y. As such, t hese measures can be performed by
laypeople, not just securit y expert s.

Cyber hygiene relat es t o personal hygiene as comput er viruses relat e t o biological viruses (or
pat hogens). However, while t he t erm computer virus was coined almost simult aneously wit h t he
creat ion of t he first working comput er viruses,[104] t he t erm cyber hygiene is a much lat er invent ion,
perhaps as lat e as 2000[105] by Int ernet pioneer Vint Cerf. It has since been adopt ed by t he
Congress[106] and Senat e of t he Unit ed St at es,[107] t he FBI,[108] EU inst it ut ions[99] and heads of
st at e.[100]

Difficulty of responding to breaches

Responding t o at t empt ed securit y breaches is oft en very difficult for a variet y of reasons, including:

Ident ifying at t ackers is difficult , as t hey may operat e t hrough proxies, t emporary anonymous dial-
up account s, wireless connect ions, and ot her anonymizing procedures which make back-t racing
difficult – and are oft en locat ed in anot her jurisdict ion. If t hey successfully breach securit y, t hey
have also oft en gained enough administ rat ive access t o enable t hem t o delet e logs t o cover t heir
t racks.

The sheer number of at t empt ed at t acks, oft en by aut omat ed vulnerabilit y scanners and
comput er worms, is so large t hat organizat ions cannot spend t ime pursuing each.

Law enforcement officers oft en lack t he skills, int erest or budget t o pursue at t ackers.
Furt hermore, ident ifying at t ackers across a net work may necessit at e collect ing logs from
mult iple locat ions wit hin t he net work and across various count ries, a process t hat can be bot h
difficult and t ime-consuming.

Where an at t ack succeeds and a breach occurs, many jurisdict ions now have in place mandat ory
securit y breach not ificat ion laws.

Types of security and privacy

Access cont rol

 Ant i-keyloggers

Ant i-malware

Ant i-spyware

Ant i-subversion soft ware

Ant i-t amper soft ware

Ant i-t heft

Ant ivirus soft ware

Crypt ographic soft ware

Comput er-aided dispat ch (CAD)

Dat a loss prevent ion soft ware

Firewall

Int rusion det ect ion syst em (IDS)

Int rusion prevent ion syst em (IPS)

Log management soft ware

Parent al cont rol

Records management

Sandbox

Securit y informat ion management

Securit y informat ion and event management (SIEM)

Soft ware and operat ing syst em updat ing

Vulnerabilit y Management

Systems at risk

The growt h in t he number of comput er syst ems and t he increasing reliance upon t hem by individuals,
businesses, indust ries, and government s means t hat t here are an increasing number of syst ems at
risk.
Financial systems

The comput er syst ems of financial regulat ors and financial inst it ut ions like t he U.S. Securit ies and
Exchange Commission, SWIFT, invest ment banks, and commercial banks are prominent hacking
t arget s for cybercriminals int erest ed in manipulat ing market s and making illicit gains.[109] Websit es
and apps t hat accept or st ore credit card numbers, brokerage account s, and bank account
informat ion are also prominent hacking t arget s, because of t he pot ent ial for immediat e financial gain
from t ransferring money, making purchases, or selling t he informat ion on t he black market .[110] In-
st ore payment syst ems and ATMs have also been t ampered wit h in order t o gat her cust omer
account dat a and PINs.

The UCLA Int ernet Report : Surveying t he Digit al Fut ure (2000) found t hat t he privacy of personal
dat a creat ed barriers t o online sales and t hat more t han nine out of 10 int ernet users were
somewhat or very concerned about credit card securit y.[111]

The most common web t echnologies for improving securit y bet ween browsers and websit es are
named SSL (Secure Socket s Layer), and it s successor TLS (Transport Layer Securit y), ident it y
management and aut hent icat ion services, and domain name services allow companies and
consumers t o engage in secure communicat ions and commerce. Several versions of SSL and TLS
are commonly used t oday in applicat ions such as web browsing, e-mail, int ernet faxing, inst ant
messaging, and VoIP (voice-over-IP). There are various int eroperable implement at ions of t hese
t echnologies, including at least one implement at ion t hat is open source. Open source allows anyone
t o view t he applicat ion's source code, and look for and report vulnerabilit ies.

The credit card companies Visa and Mast erCard cooperat ed t o develop t he secure EMV chip which
is embedded in credit cards. Furt her development s include t he Chip Aut hent icat ion Program where
banks give cust omers hand-held card readers t o perform online secure t ransact ions. Ot her
development s in t his arena include t he development of t echnology such as Inst ant Issuance which
has enabled shopping mall kiosks act ing on behalf of banks t o issue on-t he-spot credit cards t o
int erest ed cust omers.

Utilities and industrial equipment

Comput ers cont rol funct ions at many ut ilit ies, including coordinat ion of t elecommunicat ions, t he
power grid, nuclear power plant s, and valve opening and closing in wat er and gas net works. The
Int ernet is a pot ent ial at t ack vect or for such machines if connect ed, but t he St uxnet worm
demonst rat ed t hat even equipment cont rolled by comput ers not connect ed t o t he Int ernet can be
vulnerable. In 2014, t he Comput er Emergency Readiness Team, a division of t he Depart ment of
Homeland Securit y, invest igat ed 79 hacking incident s at energy companies.[112]

Aviation

The aviat ion indust ry is very reliant on a series of complex syst ems which could be at t acked.[113] A
simple power out age at one airport can cause repercussions worldwide,[114] much of t he syst em
relies on radio t ransmissions which could be disrupt ed,[115] and cont rolling aircraft over oceans is
especially dangerous because radar surveillance only ext ends 175 t o 225 miles offshore.[116] There
is also pot ent ial for at t ack from wit hin an aircraft .[117]

Implement ing fixes in aerospace syst ems poses a unique challenge because efficient air
t ransport at ion is heavily affect ed by weight and volume. Improving securit y by adding physical
devices t o airplanes could increase t heir unloaded weight , and could pot ent ially reduce cargo or
passenger capacit y.[118]

In Europe, wit h t he (Pan-European Net work Service)[119] and NewPENS,[120] and in t he US wit h t he
Next Gen program,[121] air navigat ion service providers are moving t o creat e t heir own dedicat ed
net works.

Many modern passport s are now biomet ric passport s, cont aining an embedded microchip t hat
st ores a digit ized phot ograph and personal informat ion such as name, gender, and dat e of birt h. In
addit ion, more count ries are int roducing facial recognit ion t echnology t o reduce ident it y-relat ed
fraud. The int roduct ion of t he ePassport has assist ed border officials in verifying t he ident it y of t he
passport holder, t hus allowing for quick passenger processing.[122] Plans are under way in t he US, t he
UK, and Aust ralia t o int roduce Smart Gat e kiosks wit h bot h ret ina and fingerprint recognit ion
t echnology.[123] The airline indust ry is moving from t he use of t radit ional paper t icket s t owards t he
use of elect ronic t icket s (e-t icket s). These have been made possible by advances in online credit
card t ransact ions in part nership wit h t he airlines. Long-dist ance bus companies are also swit ching
over t o e-t icket ing t ransact ions t oday.

The consequences of a successful at t ack range from loss of confident ialit y t o loss of syst em
int egrit y, air t raffic cont rol out ages, loss of aircraft , and even loss of life.
Consumer devices

Deskt op comput ers and lapt ops are commonly t arget ed t o gat her passwords or financial account
informat ion or t o const ruct a bot net t o at t ack anot her t arget . Smart phones, t ablet comput ers,
smart wat ches, and ot her mobile devices such as quant ified self devices like act ivit y t rackers have
sensors such as cameras, microphones, GPS receivers, compasses, and acceleromet ers which could
be exploit ed, and may collect personal informat ion, including sensit ive healt h informat ion. WiFi,
Bluet oot h, and cell phone net works on any of t hese devices could be used as at t ack vect ors, and
sensors might be remot ely act ivat ed aft er a successful breach.[124]

The increasing number of home aut omat ion devices such as t he Nest t hermost at are also pot ent ial
t arget s.[124]

Healthcare

Today many healt hcare providers and healt h insurance companies use t he int ernet t o provide
enhanced product s and services. Examples are t he use of t ele-healt h t o pot ent ially offer bet t er
qualit y and access t o healt hcare, or fit ness t rackers t o lower insurance premiums. Pat ient records
are increasingly being placed on secure in-house net works, alleviat ing t he need for ext ra st orage
space.[125]

Large corporations

Large corporat ions are common t arget s. In many cases at t acks are aimed at financial gain t hrough
ident it y t heft and involve dat a breaches. Examples include t he loss of millions of client s' credit card
and financial det ails by Home Depot ,[126] St aples,[127] Target Corporat ion,[128] and Equifax.[129]

Medical records have been t arget ed in general ident ify t heft , healt h insurance fraud, and
impersonat ing pat ient s t o obt ain prescript ion drugs for recreat ional purposes or resale.[130] Alt hough
cyber t hreat s cont inue t o increase, 62% of all organizat ions did not increase securit y t raining for
t heir business in 2015.[131]

Not all at t acks are financially mot ivat ed, however: securit y firm HBGary Federal had a serious series
of at t acks in 2011 from hackt ivist group Anonymous in ret aliat ion for t he firm's CEO claiming t o have
infilt rat ed t heir group,[132][133] and Sony Pict ures was hacked in 2014 wit h t he apparent dual mot ive
of embarrassing t he company t hrough dat a leaks and crippling t he company by wiping workst at ions
and servers.[134][135]
Automobiles

Vehicles are increasingly comput erized, wit h engine t iming, cruise cont rol, ant i-lock brakes, seat belt
t ensioners, door locks, airbags and advanced driver-assist ance syst ems on many models.
Addit ionally, connect ed cars may use WiFi and Bluet oot h t o communicat e wit h onboard consumer
devices and t he cell phone net work.[136] Self-driving cars are expect ed t o be even more complex. All
of t hese syst ems carry some securit y risks, and such issues have gained wide at t ent ion.[137][138][139]

Simple examples of risk include a malicious compact disc being used as an at t ack vect or,[140] and
t he car's onboard microphones being used for eavesdropping. However, if access is gained t o a car's
int ernal cont roller area net work, t he danger is much great er[136] – and in a widely publicized 2015
t est , hackers remot ely carjacked a vehicle from 10 miles away and drove it int o a dit ch.[141][142]

Manufact urers are react ing in numerous ways, wit h Tesla in 2016 pushing out some securit y fixes
over the air int o it s cars' comput er syst ems.[143] In t he area of aut onomous vehicles, in Sept ember
2016 t he Unit ed St at es Depart ment of Transport at ion announced some init ial safet y st andards, and
called for st at es t o come up wit h uniform policies.[144][145][146]

Addit ionally, e-Drivers' licenses are being developed using t he same t echnology. For example,
Mexico's licensing aut horit y (ICV) has used a smart card plat form t o issue t he first e-Drivers'
licenses t o t he cit y of Mont errey, in t he st at e of Nuevo León.[147]

Shipping

Shipping companies[148] have adopt ed RFID (Radio Frequency Ident ificat ion) t echnology as an
efficient , digit ally secure, t racking device. Unlike a barcode, RFID can be read up t o 20 feet away.
RFID is used by FedEx[149] and UPS.[150]

Government

Government and milit ary comput er syst ems are commonly at t acked by act ivist s[151][152][153] and
foreign powers.[154][155][156][157] Local and regional government infrast ruct ure such as t raffic light
cont rols, police and int elligence agency communicat ions, personnel records, as well as st udent
records.[158]

The FBI, CIA, and Pent agon, all ut ilize secure cont rolled access t echnology for any of t heir buildings.
However, t he use of t his form of t echnology is spreading int o t he ent repreneurial world. More and
more companies are t aking advant age of t he development of digit ally secure cont rolled access
t echnology. GE's ACUVision, for example, offers a single panel plat form for access cont rol, alarm
monit oring and digit al recording.[159]

Internet of things and physical vulnerabilities

The Int ernet of t hings (IoT) is t he net work of physical object s such as devices, vehicles, and
buildings t hat are embedded wit h elect ronics, soft ware, sensors, and net work connect ivit y t hat
enables t hem t o collect and exchange dat a.[160] Concerns have been raised t hat t his is being
developed wit hout appropriat e considerat ion of t he securit y challenges involved.[161][162]

While t he IoT creat es opport unit ies for more direct int egrat ion of t he physical world int o comput er-
based syst ems,[163][164] it also provides opport unit ies for misuse. In part icular, as t he Int ernet of
Things spreads widely, cyberat t acks are likely t o become an increasingly physical (rat her t han simply
virt ual) t hreat .[165] If a front door's lock is connect ed t o t he Int ernet , and can be locked/unlocked
from a phone, t hen a criminal could ent er t he home at t he press of a but t on from a st olen or hacked
phone. People could st and t o lose much more t han t heir credit card numbers in a world cont rolled by
IoT-enabled devices. Thieves have also used elect ronic means t o circumvent non-Int ernet -
connect ed hot el door locks.[166]

An at t ack aimed at physical infrast ruct ure or human lives is oft en called a cyber-kinet ic at t ack. As
IoT devices and appliances become more widespread, t he prevalence and pot ent ial damage of
cyber-kinet ic at t acks can increase subst ant ially.

Medical systems

Medical devices have eit her been successfully at t acked or had pot ent ially deadly vulnerabilit ies
demonst rat ed, including bot h in-hospit al diagnost ic equipment [167] and implant ed devices including
pacemakers[168] and insulin pumps.[169] There are many report s of hospit als and hospit al
organizat ions get t ing hacked, including ransomware at t acks,[170][171][172][173] Windows XP
exploit s,[174][175] viruses,[176][177] and dat a breaches of sensit ive dat a st ored on hospit al
servers.[178][171][179][180] On 28 December 2016 t he US Food and Drug Administ rat ion released it s
recommendat ions for how medical device manufact urers should maint ain t he securit y of Int ernet -
connect ed devices – but no st ruct ure for enforcement .[181][182]
Energy sector

In dist ribut ed generat ion syst ems, t he risk of a cyber at t ack is real, according t o Daily Energy Insider.
An at t ack could cause a loss of power in a large area for a long period of t ime, and such an at t ack
could have just as severe consequences as a nat ural disast er. The Dist rict of Columbia is considering
creat ing a Dist ribut ed Energy Resources (DER) Aut horit y wit hin t he cit y, wit h t he goal being for
cust omers t o have more insight int o t heir own energy use and giving t he local elect ric ut ilit y, Pepco,
t he chance t o bet t er est imat e energy demand. The D.C. proposal, however, would "allow t hird-part y
vendors t o creat e numerous point s of energy dist ribut ion, which could pot ent ially creat e more
opport unit ies for cyber at t ackers t o t hreat en t he elect ric grid."[183]

Telecommunications

Perhaps t he most widely known digit ally secure t elecommunicat ion device is t he SIM (Subscriber
Ident it y Module) card, a device t hat is embedded in most of t he world's cellular devices before any
service can be obt ained. The SIM card is just t he beginning of t his digit ally secure environment .

The Smart Card Web Servers draft st andard (SCWS) defines t he int erfaces t o an HTTP server in a
smart card.[184] Test s are being conduct ed t o secure OTA ("over-t he-air") payment and credit card
informat ion from and t o a mobile phone. Combinat ion SIM/DVD devices are being developed t hrough
Smart Video Card t echnology which embeds a DVD-compliant opt ical disc int o t he card body of a
regular SIM card.

Ot her t elecommunicat ion development s involving digit al securit y include mobile signat ures, which
use t he embedded SIM card t o generat e a legally binding elect ronic signat ure.

Cost and impact of security breaches

Serious financial damage has been caused by securit y breaches, but because t here is no st andard
model for est imat ing t he cost of an incident , t he only dat a available is t hat which is made public by
t he organizat ions involved. "Several comput er securit y consult ing firms produce est imat es of t ot al
worldwide losses at t ribut able t o virus and worm at t acks and t o host ile digit al act s in general. The
2003 loss est imat es by t hese firms range from $13 billion (worms and viruses only) t o $226 billion
(for all forms of covert at t acks). The reliabilit y of t hese est imat es is oft en challenged; t he
underlying met hodology is basically anecdot al."[185]
However, reasonable est imat es of t he financial cost of securit y breaches can act ually help
organizat ions make rat ional invest ment decisions. According t o t he classic Gordon-Loeb Model
analyzing t he opt imal invest ment level in informat ion securit y, one can conclude t hat t he amount a
firm spends t o prot ect informat ion should generally be only a small fract ion of t he expect ed loss
(i.e., t he expect ed value of t he loss result ing from a cyber/informat ion securit y breach).[186]

Attacker motivation

As wit h physical securit y, t he mot ivat ions for breaches of comput er securit y vary bet ween
at t ackers. Some are t hrill-seekers or vandals, some are act ivist s, ot hers are criminals looking for
financial gain. St at e-sponsored at t ackers are now common and well resourced but st art ed wit h
amat eurs such as Markus Hess who hacked for t he KGB, as recount ed by Clifford St oll in The
Cuckoo's Egg.

At t ackers mot ivat ions can vary for all t ypes of at t acks from pleasure t o polit ical goals.[15] For
example, hackt ivist s may t arget a company or organizat ion t hat carries out act ivit ies t hey do not
agree wit h. This would be t o creat e bad publicit y for t he company by having it s websit e crash.

High capabilit y hackers, oft en wit h larger backing or st at e sponsorship, may at t ack based on t he
demands of t heir financial backers. These at t acks are more likely t o at t empt more serious at t ack.
An example of a more serious at t ack was t he 2015 Ukraine power grid hack, which report edly ut ilised
t he spear-phising, dest ruct ion of files, and denial-of-service at t acks t o carry out t he full
at t ack.[187][188]

Addit ionally, recent at t acker mot ivat ions can be t raced back t o ext remist organizat ions seeking t o
gain polit ical advant age or disrupt social agendas.[189] The growt h of t he int ernet , mobile
t echnologies, and inexpensive comput ing devices have led t o a rise in capabilit ies but also t o t he risk
t o environment s t hat are deemed as vit al t o operat ions. All crit ical t arget ed environment s are
suscept ible t o compromise and t his has led t o a series of proact ive st udies on how t o migrat e t he
risk by t aking int o considerat ion mot ivat ions by t hese t ypes of act ors. Several st ark differences
exist bet ween t he hacker mot ivat ion and t hat of nat ion st at e act ors seeking t o at t ack based on an
ideological preference.[190]

A key aspect of t hreat modeling for any syst em is ident ifying t he mot ivat ions behind pot ent ial
at t acks and t he individuals or groups likely t o carry t hem out . The level and det ail of securit y
measures will differ based on t he specific syst em being prot ect ed. For inst ance, a home personal
comput er, a bank, and a classified milit ary net work each face dist inct t hreat s, despit e using similar
underlying t echnologies.[191]
Computer security incident management

Comput er securit y incident management is an organized approach t o addressing and managing t he

aft ermat h of a comput er securit y incident or compromise wit h t he goal of prevent ing a breach or
t hwart ing a cyberat t ack. An incident t hat is not ident ified and managed at t he t ime of int rusion
t ypically escalat es t o a more damaging event such as a dat a breach or syst em failure. The int ended
out come of a comput er securit y incident response plan is t o cont ain t he incident , limit damage and
assist recovery t o business as usual. Responding t o compromises quickly can mit igat e exploit ed
vulnerabilit ies, rest ore services and processes and minimize losses.[192] Incident response planning
allows an organizat ion t o est ablish a series of best pract ices t o st op an int rusion before it causes
damage. Typical incident response plans cont ain a set of writ t en inst ruct ions t hat out line t he
organizat ion's response t o a cyberat t ack. Wit hout a document ed plan in place, an organizat ion may
not successfully det ect an int rusion or compromise and st akeholders may not underst and t heir
roles, processes and procedures during an escalat ion, slowing t he organizat ion's response and
resolut ion.

There are four key component s of a comput er securit y incident response plan:

1. Preparat ion: Preparing st akeholders on t he procedures for handling comput er securit y incident s
or compromises

2. Det ect ion and analysis: Ident ifying and invest igat ing suspicious act ivit y t o confirm a securit y
incident , priorit izing t he response based on impact and coordinat ing not ificat ion of t he incident

3. Cont ainment , eradicat ion and recovery: Isolat ing affect ed syst ems t o prevent escalat ion and
limit impact , pinpoint ing t he genesis of t he incident , removing malware, affect ed syst ems and
bad act ors from t he environment and rest oring syst ems and dat a when a t hreat no longer
remains

4. Post incident act ivit y: Post mort em analysis of t he incident , it s root cause and t he
organizat ion's response wit h t he int ent of improving t he incident response plan and fut ure
response effort s.[193]

Notable attacks and breaches

Some illust rat ive examples of different t ypes of comput er securit y breaches are given below.
Robert Morris and the first computer worm

In 1988, 60,000 comput ers were connect ed t o t he Int ernet , and most were mainframes,
minicomput ers and professional workst at ions. On 2 November 1988, many st art ed t o slow down,
because t hey were running a malicious code t hat demanded processor t ime and t hat spread it self t o
ot her comput ers – t he first int ernet comput er worm.[194] The soft ware was t raced back t o 23-year-
old Cornell Universit y graduat e st udent Robert Tappan Morris who said "he want ed t o count how
many machines were connect ed t o t he Int ernet ".[194]

Rome Laboratory

In 1994, over a hundred int rusions were made by unident ified crackers int o t he Rome Laborat ory, t he
US Air Force's main command and research facilit y. Using t rojan horses, hackers were able t o obt ain
unrest rict ed access t o Rome's net working syst ems and remove t races of t heir act ivit ies. The
int ruders were able t o obt ain classified files, such as air t asking order syst ems dat a and furt hermore
able t o penet rat e connect ed net works of Nat ional Aeronaut ics and Space Administ rat ion's Goddard
Space Flight Cent er, Wright -Pat t erson Air Force Base, some Defense cont ract ors, and ot her privat e
sect or organizat ions, by posing as a t rust ed Rome cent er user.[195]

TJX customer credit card details

In early 2007, American apparel and home goods company TJX announced t hat it was t he vict im of
an unaut horized comput er syst ems int rusion[196] and t hat t he hackers had accessed a syst em t hat
st ored dat a on credit card, debit card, check, and merchandise ret urn t ransact ions.[197]

Stuxnet attack

In 2010, t he comput er worm known as St uxnet report edly ruined almost one-fift h of Iran's nuclear
cent rifuges.[198] It did so by disrupt ing indust rial programmable logic cont rollers (PLCs) in a t arget ed
at t ack. This is generally believed t o have been launched by Israel and t he Unit ed St at es t o disrupt
Iran's nuclear program[199][200][201][202] – alt hough neit her has publicly admit t ed t his.
Global surveillance disclosures

In early 2013, document s provided by Edward Snowden were published by The Washington Post and
The Guardian [203][204] exposing t he massive scale of NSA global surveillance. There were also
indicat ions t hat t he NSA may have insert ed a backdoor in a NIST st andard for encrypt ion.[205] This
st andard was lat er wit hdrawn due t o widespread crit icism.[206] The NSA addit ionally were revealed
t o have t apped t he links bet ween Google's dat a cent ers.[207]

Target and Home Depot breaches

A Ukrainian hacker known as Rescat or broke int o Target Corporat ion comput ers in 2013, st ealing
roughly 40 million credit cards,[208] and t hen Home Depot comput ers in 2014, st ealing bet ween 53
and 56 million credit card numbers.[209] Warnings were delivered at bot h corporat ions, but ignored;
physical securit y breaches using self checkout machines are believed t o have played a large role.
"The malware ut ilized is absolut ely unsophist icat ed and unint erest ing," says Jim Walt er, direct or of
t hreat int elligence operat ions at securit y t echnology company McAfee – meaning t hat t he heist s
could have easily been st opped by exist ing ant ivirus soft ware had administ rat ors responded t o t he
warnings. The size of t he t heft s has result ed in major at t ent ion from st at e and Federal Unit ed
St at es aut horit ies and t he invest igat ion is ongoing.

Office of Personnel Management data breach

In April 2015, t he Office of Personnel Management discovered it had been hacked more t han a year
earlier in a dat a breach, result ing in t he t heft of approximat ely 21.5 million personnel records handled
by t he office.[210] The Office of Personnel Management hack has been described by federal officials
as among t he largest breaches of government dat a in t he hist ory of t he Unit ed St at es.[211] Dat a
t arget ed in t he breach included personally ident ifiable informat ion such as Social Securit y numbers,
names, dat es and places of birt h, addresses, and fingerprint s of current and former government
employees as well as anyone who had undergone a government background check.[212][213] It is
believed t he hack was perpet rat ed by Chinese hackers.[214]

Ashley Madison breach

In July 2015, a hacker group is known as The Impact Team successfully breached t he ext ramarit al
relat ionship websit e Ashley Madison, creat ed by Avid Life Media. The group claimed t hat t hey had
t aken not only company dat a but user dat a as well. Aft er t he breach, The Impact Team dumped
emails from t he company's CEO, t o prove t heir point , and t hreat ened t o dump cust omer dat a unless
t he websit e was t aken down permanent ly.[215] When Avid Life Media did not t ake t he sit e offline t he
group released t wo more compressed files, one 9.7GB and t he second 20GB. Aft er t he second dat a
dump, Avid Life Media CEO Noel Biderman resigned; but t he websit e remained t o funct ion.

Colonial Pipeline ransomware attack

In June 2021, t he cyber at t ack t ook down t he largest fuel pipeline in t he U.S. and led t o short ages
across t he East Coast .[216]

Legal issues and global regulation

Int ernat ional legal issues of cyber at t acks are complicat ed in nat ure. There is no global base of
common rules t o judge, and event ually punish, cybercrimes and cybercriminals - and where securit y
firms or agencies do locat e t he cybercriminal behind t he creat ion of a part icular piece of malware or
form of cyber at t ack, oft en t he local aut horit ies cannot t ake act ion due t o lack of laws under which
t o prosecut e.[217][218] Proving at t ribut ion for cybercrimes and cyberat t acks is also a major problem
for all law enforcement agencies. "Comput er viruses swit ch from one count ry t o anot her, from one
jurisdict ion t o anot her – moving around t he world, using t he fact t hat we don't have t he capabilit y t o
globally police operat ions like t his. So t he Int ernet is as if someone [had] given free plane t icket s t o
all t he online criminals of t he world."[217] The use of t echniques such as dynamic DNS, fast flux and
bullet proof servers add t o t he difficult y of invest igat ion and enforcement .

Role of government

The role of t he government is t o make regulat ions t o force companies and organizat ions t o prot ect
t heir syst ems, infrast ruct ure and informat ion from any cyberat t acks, but also t o prot ect it s own
nat ional infrast ruct ure such as t he nat ional power-grid.[219]

The government 's regulat ory role in cyberspace is complicat ed. For some, cyberspace was seen as a
virt ual space t hat was t o remain free of government int ervent ion, as can be seen in many of t oday's
libert arian blockchain and bit coin discussions.[220]

Many government officials and expert s t hink t hat t he government should do more and t hat t here is a
crucial need for improved regulat ion, mainly due t o t he failure of t he privat e sect or t o solve
efficient ly t he cybersecurit y problem. R. Clarke said during a panel discussion at t he RSA Securit y
Conference in San Francisco, he believes t hat t he "indust ry only responds when you t hreat en
regulat ion. If t he indust ry doesn't respond (t o t he t hreat ), you have t o follow t hrough."[221] On t he
ot her hand, execut ives from t he privat e sect or agree t hat improvement s are necessary, but t hink
t hat government int ervent ion would affect t heir abilit y t o innovat e efficient ly. Daniel R. McCart hy
analyzed t his public-privat e part nership in cybersecurit y and reflect ed on t he role of cybersecurit y in
t he broader const it ut ion of polit ical order.[222]

On 22 May 2020, t he UN Securit y Council held it s second ever informal meet ing on cybersecurit y t o
focus on cyber challenges t o int ernat ional peace. According t o UN Secret ary-General Ant ónio
Gut erres, new t echnologies are t oo oft en used t o violat e right s.[223]

International actions

Many different t eams and organizat ions exist , including:

The Forum of Incident Response and Securit y Teams (FIRST) is t he global associat ion of
CSIRTs.[224] The US-CERT, AT&T, Apple, Cisco, McAfee, Microsoft are all members of t his
int ernat ional t eam.[225]

The Council of Europe helps prot ect societ ies worldwide from t he t hreat of cybercrime t hrough
t he Convent ion on Cybercrime.[226]

The purpose of t he Messaging Ant i-Abuse Working Group (MAAWG) is t o bring t he messaging
indust ry t oget her t o work collaborat ively and t o successfully address t he various forms of
messaging abuse, such as spam, viruses, denial-of-service at t acks and ot her messaging
exploit at ions.[227] France Telecom, Facebook, AT&T, Apple, Cisco, Sprint are some of t he
members of t he MAAWG.[228]

ENISA : The European Net work and Informat ion Securit y Agency (ENISA) is an agency of t he
European Union wit h t he object ive t o improve net work and informat ion securit y in t he European
Union.

Europe

On 14 April 2016, t he European Parliament and t he Council of t he European Union adopt ed t he

General Dat a Prot ect ion Regulat ion (GDPR). The GDPR, which came int o force on 25 May 2018,
grant s individuals wit hin t he European Union (EU) and t he European Economic Area (EEA) t he right t o
t he prot ect ion of personal dat a. The regulat ion requires t hat any ent it y t hat processes personal
dat a incorporat e dat a prot ect ion by design and by default . It also requires t hat cert ain organizat ions
appoint a Dat a Prot ect ion Officer (DPO).
The IT Securit y Associat ion TeleTrusT exist in Germany since June 1986, which is an int ernat ional
compet ence net work for IT securit y.

National actions

Computer emergency response teams

Most count ries have t heir own comput er emergency response t eam t o prot ect net work securit y.

Canada

Since 2010, Canada has had a cybersecurit y st rat egy.[229][230] This funct ions as a count erpart
document t o t he Nat ional St rat egy and Act ion Plan for Crit ical Infrast ruct ure.[231] The st rat egy has
t hree main pillars: securing government syst ems, securing vit al privat e cyber syst ems, and helping
Canadians t o be secure online.[230][231] There is also a Cyber Incident Management Framework t o
provide a coordinat ed response in t he event of a cyber incident .[232][233]

The Canadian Cyber Incident Response Cent re (CCIRC) is responsible for mit igat ing and responding
t o t hreat s t o Canada's crit ical infrast ruct ure and cyber syst ems. It provides support t o mit igat e
cyber t hreat s, t echnical support t o respond & recover from t arget ed cyber at t acks, and provides
online t ools for members of Canada's crit ical infrast ruct ure sect ors.[234] It post s regular
cybersecurit y bullet ins[235] & operat es an online report ing t ool where individuals and organizat ions
can report a cyber incident .[236]

To inform t he general public on how t o prot ect t hemselves online, Public Safet y Canada has
part nered wit h STOP.THINK.CONNECT, a coalit ion of non-profit , privat e sect or, and government
organizat ions,[237] and launched t he Cyber Securit y Cooperat ion Program.[238][239] They also run t he
Get CyberSafe port al for Canadian cit izens, and Cyber Securit y Awareness Mont h during Oct ober.[240]

Public Safet y Canada aims t o begin an evaluat ion of Canada's cybersecurit y st rat egy in early
2015.[231]

Australia

Aust ralian federal government announced an $18.2 million invest ment t o fort ify t he cybersecurit y
resilience of small and medium ent erprises (SMEs) and enhance t heir capabilit ies in responding t o
cyber t hreat s. This financial backing is an int egral component of t he soon-t o-be-unveiled 2023-2030
Aust ralian Cyber Securit y St rat egy (ht t ps://www.homeaffairs.gov.au/about -us/our-port folios/cyber-
securit y/st rat egy/2023-2030-aust ralian-cyber-securit y-st rat egy) , slat ed for release wit hin t he
current week. A subst ant ial allocat ion of $7.2 million is earmarked for t he est ablishment of a
volunt ary cyber healt h check program, facilit at ing businesses in conduct ing a comprehensive and
t ailored self-assessment of t heir cybersecurit y upskill.

This avant -garde healt h assessment serves as a diagnost ic t ool, enabling ent erprises t o ascert ain
t he robust ness of Aust ralia's cyber securit y regulat ions (ht t ps://www.homeaffairs.gov.au/report s-an
d-pubs/files/st rengt hening-aust ralias-cyber-securit y-submissions/nsw-young-lawyers.pdf) .
Furt hermore, it affords t hem access t o a reposit ory of educat ional resources and mat erials,
fost ering t he acquisit ion of skills necessary for an elevat ed cybersecurit y post ure. This
groundbreaking init iat ive was joint ly disclosed by Minist er for Cyber Securit y Clare O'Neil and
Minist er for Small Business Julie Collins.[241]

India

Some provisions for cybersecurit y have been incorporat ed int o rules framed under t he Informat ion
Technology Act 2000.[242]

The Nat ional Cyber Securit y Policy 2013 is a policy framework by t he Minist ry of Elect ronics and
Informat ion Technology (Meit Y) which aims t o prot ect t he public and privat e infrast ruct ure from
cyberat t acks, and safeguard "informat ion, such as personal informat ion (of web users), financial and
banking informat ion and sovereign dat a". CERT- In is t he nodal agency which monit ors t he cyber
t hreat s in t he count ry. The post of Nat ional Cyber Securit y Coordinat or has also been creat ed in t he
Prime Minist er's Office (PMO).

The Indian Companies Act 2013 has also int roduced cyber law and cybersecurit y obligat ions on t he
part of Indian direct ors. Some provisions for cybersecurit y have been incorporat ed int o rules framed
under t he Informat ion Technology Act 2000 Updat e in 2013.[243]

South Korea

Following cyberat t acks in t he first half of 2013, when t he government , news media, t elevision
st at ions, and bank websit es were compromised, t he nat ional government commit t ed t o t he t raining
of 5,000 new cybersecurit y expert s by 2017. The Sout h Korean government blamed it s nort hern
count erpart for t hese at t acks, as well as incident s t hat occurred in 2009, 2011,[244] and 2012, but
Pyongyang denies t he accusat ions.[245]

United States

Cyber Plan

The Unit ed St at es has it s first fully formed cyber plan in 15 years, as a result of t he release of t his
Nat ional Cyber plan.[246] In t his policy, t he US says it will: Prot ect t he count ry by keeping net works,
syst ems, funct ions, and dat a safe; Promot e American wealt h by building a st rong digit al economy
and encouraging st rong domest ic innovat ion; Peace and safet y should be kept by making it easier
for t he US t o st op people from using comput er t ools for bad t hings, working wit h friends and
part ners t o do t his; and increase t he Unit ed St at es' impact around t he world t o support t he main
ideas behind an open, safe, reliable, and compat ible Int ernet .[247]

The new U.S. cyber st rat egy[248] seeks t o allay some of t hose concerns by promot ing responsible
behavior in cyberspace, urging nat ions t o adhere t o a set of norms, bot h t hrough int ernat ional law
and volunt ary st andards. It also calls for specific measures t o harden U.S. government net works
from at t acks, like t he June 2015 int rusion int o t he U.S. Office of Personnel Management (OPM),
which compromised t he records of about 4.2 million current and former government employees. And
t he st rat egy calls for t he U.S. t o cont inue t o name and shame bad cyber act ors, calling t hem out
publicly for at t acks when possible, along wit h t he use of economic sanct ions and diplomat ic
pressure.[249]

Legislat ion

The 1986 18 U.S.C. § 1030 (ht t ps://www.law.cornell.edu/uscode/t ext /18/1030) , t he Comput er

Fraud and Abuse Act is t he key legislat ion. It prohibit s unaut horized access or damage of protected
computers as defined in 18 U.S.C. § 1030(e)(2) (ht t ps://www.law.cornell.edu/uscode/t ext /18/1030#
e_ 2) . Alt hough various ot her measures have been proposed[250][251] – none have succeeded.

In 2013, execut ive order 13636 Improving Critical Infrastructure Cybersecurity was signed, which
prompt ed t he creat ion of t he NIST Cybersecurit y Framework.

In response t o t he Colonial Pipeline ransomware at t ack[252] President Joe Biden signed Execut ive
Order 14028[253] on May 12, 2021, t o increase soft ware securit y st andards for sales t o t he
government , t ight en det ect ion and securit y on exist ing syst ems, improve informat ion sharing and
t raining, est ablish a Cyber Safet y Review Board, and improve incident response.

St andardized government t est ing services

The General Services Administ rat ion (GSA) has st andardized t he penetration test service as a pre-
vet t ed support service, t o rapidly address pot ent ial vulnerabilit ies, and st op adversaries before t hey
impact US federal, st at e and local government s. These services are commonly referred t o as Highly
Adapt ive Cybersecurit y Services (HACS).

Agencies

The Depart ment of Homeland Securit y has a dedicat ed division responsible for t he response
syst em, risk management program and requirement s for cybersecurit y in t he Unit ed St at es called
t he Nat ional Cyber Securit y Division.[254][255] The division is home t o US-CERT operat ions and t he
Nat ional Cyber Alert Syst em.[255] The Nat ional Cybersecurit y and Communicat ions Int egrat ion
Cent er brings t oget her government organizat ions responsible for prot ect ing comput er net works and
net worked infrast ruct ure.[256]

The t hird priorit y of t he FBI is t o: "Prot ect t he Unit ed St at es against cyber-based at t acks and high-
t echnology crimes",[257] and t hey, along wit h t he Nat ional Whit e Collar Crime Cent er (NW3C), and t he
Bureau of Just ice Assist ance (BJA) are part of t he mult i-agency t ask force, The Int ernet Crime
Complaint Cent er, also known as IC3.[258]

In addit ion t o it s own specific dut ies, t he FBI part icipat es alongside non-profit organizat ions such as
InfraGard.[259][260]

The Comput er Crime and Int ellect ual Propert y Sect ion (CCIPS) operat es in t he Unit ed St at es
Depart ment of Just ice Criminal Division. The CCIPS is in charge of invest igat ing comput er crime and
int ellect ual propert y crime and is specialized in t he search and seizure of digit al evidence in
comput ers and net works.[261] In 2017, CCIPS published A Framework for a Vulnerabilit y Disclosure
Program for Online Syst ems t o help organizat ions "clearly describe aut horized vulnerabilit y
disclosure and discovery conduct , t hereby subst ant ially reducing t he likelihood t hat such described
act ivit ies will result in a civil or criminal violat ion of law under t he Comput er Fraud and Abuse Act (18
U.S.C. § 1030)."[262]

The Unit ed St at es Cyber Command, also known as USCYBERCOM, "has t he mission t o direct ,
synchronize, and coordinat e cyberspace planning and operat ions t o defend and advance nat ional
int erest s in collaborat ion wit h domest ic and int ernat ional part ners."[263] It has no role in t he
prot ect ion of civilian net works.[264][265]

The U.S. Federal Communicat ions Commission's role in cybersecurit y is t o st rengt hen t he prot ect ion
of crit ical communicat ions infrast ruct ure, t o assist in maint aining t he reliabilit y of net works during
disast ers, t o aid in swift recovery aft er, and t o ensure t hat first responders have access t o effect ive
communicat ions services.[266]

The Food and Drug Administ rat ion has issued guidance for medical devices,[267] and t he Nat ional
Highway Traffic Safet y Administ rat ion[268] is concerned wit h aut omot ive cybersecurit y. Aft er being
crit icized by t he Government Account abilit y Office,[269] and following successful at t acks on airport s
and claimed at t acks on airplanes, t he Federal Aviat ion Administ rat ion has devot ed funding t o
securing syst ems on board t he planes of privat e manufact urers, and t he Aircraft Communicat ions
Addressing and Report ing Syst em.[270] Concerns have also been raised about t he fut ure Next
Generat ion Air Transport at ion Syst em.[271]
The US Depart ment of Defense (DoD) issued DoD Direct ive 8570 in 2004, supplement ed by DoD
Direct ive 8140, requiring all DoD employees and all DoD cont ract personnel involved in informat ion
assurance roles and act ivit ies t o earn and maint ain various indust ry Informat ion Technology (IT)
cert ificat ions in an effort t o ensure t hat all DoD personnel involved in net work infrast ruct ure
defense have minimum levels of IT indust ry recognized knowledge, skills and abilit ies (KSA).
Andersson and Reimers (2019) report t hese cert ificat ions range from CompTIA's A+ and Securit y+
t hrough t he ICS2.org's CISSP, et c.[272]

Comput er emergency readiness t eam

Computer emergency response team is a name given t o expert groups t hat handle comput er
securit y incident s. In t he US, t wo dist inct organizat ions exist , alt hough t hey do work closely
t oget her.

US-CERT: part of t he Nat ional Cyber Securit y Division of t he Unit ed St at es Depart ment of
Homeland Securit y.[273]

CERT/CC: creat ed by t he Defense Advanced Research Project s Agency (DARPA) and run by t he
Soft ware Engineering Inst it ut e (SEI).

U.S. NRC, 10 CFR 73.54 Cybersecurity

In t he cont ext of U.S. nuclear power plant s, t he U.S. Nuclear Regulat ory Commission (NRC) out lines
cybersecurit y requirement s under 10 CFR Part 73, specifically in §73.54.[274]

NEI 08-09: Cybersecurity Plan for Nuclear Power Plants

The Nuclear Energy Inst it ut e's NEI 08-09 document , Cyber Security Plan for Nuclear Power
Reactors ,[275] out lines a comprehensive framework for cybersecurit y in t he nuclear power indust ry.
Draft ed wit h input from t he U.S. NRC, t his guideline is inst rument al in aiding licensees t o comply wit h
t he Code of Federal Regulat ions (CFR), which mandat es robust prot ect ion of digit al comput ers and
equipment and communicat ions syst ems at nuclear power plant s against cyber t hreat s.[276]

Modern warfare

There is growing concern t hat cyberspace will become t he next t heat er of warfare. As Mark Clayt on
from The Christian Science Monitor wrot e in a 2015 art icle t it led "The New Cyber Arms Race":
 In the future, wars will not just be fought by soldiers with guns or with planes that
drop bombs. They will also be fought with the click of a mouse a half a world away
that unleashes carefully weaponized computer programs that disrupt or destroy
critical industries like utilities, transportation, communications, and energy. Such
attacks could also disable military networks that control the movement of troops,
the path of jet fighters, the command and control of warships.[277]

This has led t o new t erms such as cyberwarfare and cyberterrorism. The Unit ed St at es Cyber
Command was creat ed in 2009[278] and many ot her count ries have similar forces.

There are a few crit ical voices t hat quest ion whet her cybersecurit y is as significant a t hreat as it is
made out t o be.[279][280][281]

Careers

Cybersecurit y is a fast -growing field of IT concerned wit h reducing organizat ions' risk of hack or
dat a breaches.[282] According t o research from t he Ent erprise St rat egy Group, 46% of organizat ions
say t hat t hey have a "problemat ic short age" of cybersecurit y skills in 2016, up from 28% in 2015.[283]
Commercial, government and non-government al organizat ions all employ cybersecurit y
professionals. The fast est increases in demand for cybersecurit y workers are in indust ries managing
increasing volumes of consumer dat a such as finance, healt h care, and ret ail.[284] However, t he use of
t he t erm cybersecurity is more prevalent in government job descript ions.[285]

Typical cybersecurit y job t it les and descript ions include:[286]

Security analyst

Analyzes and assesses vulnerabilit ies in t he infrast ruct ure (soft ware, hardware, net works),
invest igat es using available t ools and count ermeasures t o remedy t he det ect ed vulnerabilit ies
and recommends solut ions and best pract ices. Analyzes and assesses damage t o t he
dat a/infrast ruct ure as a result of securit y incident s, examines available recovery t ools and
processes, and recommends solut ions. Test s for compliance wit h securit y policies and
procedures. May assist in t he creat ion, implement at ion, or management of securit y solut ions.

Security engineer

Performs securit y monit oring, securit y and dat a/logs analysis, and forensic analysis, t o det ect
securit y incident s, and mount t he incident response. Invest igat es and ut ilizes new t echnologies
 and processes t o enhance securit y capabilit ies and implement improvement s. May also review
code or perform ot her securit y engineering met hodologies.

Security architect

Designs a securit y syst em or major component s of a securit y syst em, and may head a securit y
design t eam building a new securit y syst em.[287]

Chief Information Security Officer (CISO)

A high-level management posit ion responsible for t he ent ire informat ion securit y division/st aff.
The posit ion may include hands-on t echnical work.[288]

Chief Security Officer (CSO)

A high-level management posit ion responsible for t he ent ire securit y division/st aff. A newer
posit ion is now deemed needed as securit y risks grow.

Data Protection Officer (DPO)

A DPO is t asked wit h monit oring compliance wit h dat a prot ect ion laws (such as GDPR), dat a
prot ect ion policies, awareness-raising, t raining, and audit s.[289]

Security Consultant/Specialist/Intelligence

Broad t it les t hat encompass any one or all of t he ot her roles or t it les t asked wit h prot ect ing
comput ers, net works, soft ware, dat a or informat ion syst ems against viruses, worms, spyware,
malware, int rusion det ect ion, unaut horized access, denial-of-service at t acks, and an ever-
increasing list of at t acks by hackers act ing as individuals or as part of organized crime or foreign
government s.

St udent programs are also available for people int erest ed in beginning a career in
cybersecurit y.[290][291] Meanwhile, a flexible and effect ive opt ion for informat ion securit y
professionals of all experience levels t o keep st udying is online securit y t raining, including
webcast s.[292][293] A wide range of cert ified courses are also available.[294]

In t he Unit ed Kingdom, a nat ionwide set of cybersecurit y forums, known as t he U.K Cyber Securit y
Forum, were est ablished support ed by t he Government 's cybersecurit y st rat egy[295] in order t o
encourage st art -ups and innovat ion and t o address t he skills gap[296] ident ified by t he U.K
Government .
In Singapore, t he Cyber Securit y Agency has issued a Singapore Operat ional Technology (OT)
Cybersecurit y Compet ency Framework (OTCCF). The framework defines emerging cybersecurit y
roles in Operat ional Technology. The OTCCF was endorsed by t he Infocomm Media Development
Aut horit y (IMDA). It out lines t he different OT cybersecurit y job posit ions as well as t he t echnical
skills and core compet encies necessary. It also depict s t he many career pat hs available, including
vert ical and lat eral advancement opport unit ies.[297]

Terminology

The following t erms used wit h regards t o comput er securit y are explained below:

Access aut horizat ion rest rict s access t o a comput er t o a group of users t hrough t he use of
aut hent icat ion syst ems. These syst ems can prot ect eit her t he whole comput er, such as t hrough
an int eract ive login screen, or individual services, such as a FTP server. There are many met hods
for ident ifying and aut hent icat ing users, such as passwords, ident ificat ion cards, smart cards, and
biomet ric syst ems.

Ant i-virus soft ware consist s of comput er programs t hat at t empt t o ident ify, t hwart , and eliminat e
comput er viruses and ot her malicious soft ware (malware).

Applicat ions are execut able code, so general corporat e pract ice is t o rest rict or block users t he
power t o inst all t hem; t o inst all t hem only when t here is a demonst rat ed need (e.g. soft ware
needed t o perform assignment s); t o inst all only t hose which are known t o be reput able (preferably
wit h access t o t he comput er code used t o creat e t he applicat ion,- and t o reduce t he at t ack
surface by inst alling as few as possible. They are t ypically run wit h least privilege, wit h a robust
process in place t o ident ify, t est and inst all any released securit y pat ches or updat es for t hem.
For example, programs can be inst alled int o an individual user's account , which limit s t he
program's pot ent ial access, as well as being a means cont rol which users have specific
except ions t o policy. In Linux, FreeBSD, OpenBSD, and ot her Unix-like operat ing syst ems
t here is an opt ion t o furt her rest rict an applicat ion using chroot or ot her means of rest rict ing
t he applicat ion t o it s own 'sandbox'. For example. Linux provides namespaces, and Cgroups t o
furt her rest rict t he access of an applicat ion t o syst em resources.

Generalized securit y frameworks such as SELinux or AppArmor help administ rat ors cont rol
access.

Java and ot her languages which compile t o Java byt e code and run in t he Java virt ual machine
can have t heir access t o ot her applicat ions cont rolled at t he virt ual machine level.

Some soft ware can be run in soft ware cont ainers which can even provide t heir own set of
syst em libraries, limit ing t he soft ware's, or anyone cont rolling it , access t o t he server's
 versions of t he libraries.

Aut hent icat ion t echniques can be used t o ensure t hat communicat ion end-point s are who t hey
say t hey are.

Aut omat ed t heorem proving and ot her verificat ion t ools can be used t o enable crit ical algorit hms
and code used in secure syst ems t o be mat hemat ically proven t o meet t heir specificat ions.

Backups are one or more copies kept of import ant comput er files. Typically, mult iple copies will
be kept at different locat ions so t hat if a copy is st olen or damaged, ot her copies will st ill exist .

Capabilit y and access cont rol list t echniques can be used t o ensure privilege separat ion and
mandat ory access cont rol. Capabilit ies vs. ACLs discusses t heir use.

Chain of t rust t echniques can be used t o at t empt t o ensure t hat all soft ware loaded has been
cert ified as aut hent ic by t he syst em's designers.

Confident ialit y is t he nondisclosure of informat ion except t o anot her aut horized person.[298]

Crypt ographic t echniques can be used t o defend dat a in t ransit bet ween syst ems, reducing t he
probabilit y t hat t he dat a exchange bet ween syst ems can be int ercept ed or modified.

Cyber at t ribut ion, is an at t ribut ion of cybercrime, i.e., finding who perpet rat ed a cyberat t ack.

Cyberwarfare is an Int ernet -based conflict t hat involves polit ically mot ivat ed at t acks on
informat ion and informat ion syst ems. Such at t acks can, for example, disable official websit es and
net works, disrupt or disable essent ial services, st eal or alt er classified dat a, and cripple financial
syst ems.

Dat a int egrit y is t he accuracy and consist ency of st ored dat a, indicat ed by an absence of any
alt erat ion in dat a bet ween t wo updat es of a dat a record.[299]

Cryptographic techniques involve transforming

information, scrambling it, so it becomes
unreadable during transmission. The intended
recipient can unscramble the message; ideally,
eavesdroppers cannot.

Encrypt ion is used t o prot ect t he confident ialit y of a message. Crypt ographically secure ciphers
are designed t o make any pract ical at t empt of breaking t hem infeasible. Symmet ric-key ciphers
are suit able for bulk encrypt ion using shared keys, and public-key encrypt ion using digit al
cert ificat es can provide a pract ical solut ion for t he problem of securely communicat ing when no
key is shared in advance.

Endpoint securit y soft ware aids net works in prevent ing malware infect ion and dat a t heft at
net work ent ry point s made vulnerable by t he prevalence of pot ent ially infect ed devices such as
lapt ops, mobile devices, and USB drives.[300]

Firewalls serve as a gat ekeeper syst em bet ween net works, allowing only t raffic t hat mat ches
defined rules. They oft en include det ailed logging, and may include int rusion det ect ion and
int rusion prevent ion feat ures. They are near-universal bet ween company local area net works and
t he Int ernet , but can also be used int ernally t o impose t raffic rules bet ween net works if net work
segment at ion is configured.

A hacker is someone who seeks t o breach defenses and exploit weaknesses in a comput er
syst em or net work.

Honey pot s are comput ers t hat are int ent ionally left vulnerable t o at t ack by crackers. They can
be used t o cat ch crackers and t o ident ify t heir t echniques.

Int rusion-det ect ion syst ems are devices or soft ware applicat ions t hat monit or net works or
syst ems for malicious act ivit y or policy violat ions.

A microkernel is an approach t o operat ing syst em design which has only t he near-minimum amount
of code running at t he most privileged level – and runs ot her element s of t he operat ing syst em
such as device drivers, prot ocol st acks and file syst ems, in t he safer, less privileged user space.

Pinging. The st andard ping applicat ion can be used t o t est if an IP address is in use. If it is,
at t ackers may t hen t ry a port scan t o det ect which services are exposed.

A port scan is used t o probe an IP address for open port s t o ident ify accessible net work services
and applicat ions.

A key logger is spyware t hat silent ly capt ures and st ores each keyst roke t hat a user t ypes on t he
comput er's keyboard.

Social engineering is t he use of decept ion t o manipulat e individuals t o breach securit y.

Logic bombs is a t ype of malware added t o a legit imat e program t hat lies dormant unt il it is
t riggered by a specific event .

A unikernel is a comput er program t hat runs on a minimalist ic operat ing syst em where a single
applicat ion is allowed t o run (as opposed t o a general purpose operat ing syst em where many
applicat ions can run at t he same t ime). This approach t o minimizing t he at t ack surface is adopt ed
most ly in cloud environment s where soft ware is deployed in virt ual machines.
 Zero t rust securit y means t hat no one is t rust ed by default from inside or out side t he net work,
and verificat ion is required from everyone t rying t o gain access t o resources on t he net work.

History

Since t he Int ernet 's arrival and wit h t he digit al t ransformat ion init iat ed in recent years, t he not ion of
cybersecurit y has become a familiar subject in bot h our professional and personal lives.
Cybersecurit y and cyber t hreat s have been consist ent ly present for t he last 60 years of
t echnological change. In t he 1970s and 1980s, comput er securit y was mainly limit ed t o academia
unt il t he concept ion of t he Int ernet , where, wit h increased connect ivit y, comput er viruses and
net work int rusions began t o t ake off. Aft er t he spread of viruses in t he 1990s, t he 2000s marked
t he inst it ut ionalizat ion of organized at t acks such as dist ribut ed denial of service.[301] This led t o t he
formalizat ion of cybersecurit y as a professional discipline.[302]

The April 1967 session organized by Willis Ware at t he Spring Joint Comput er Conference, and t he
lat er publicat ion of t he Ware Report , were foundat ional moment s in t he hist ory of t he field of
comput er securit y.[303] Ware's work st raddled t he int ersect ion of mat erial, cult ural, polit ical, and
social concerns.[303]

A 1977 NIST publicat ion[304] int roduced t he CIA triad of confident ialit y, int egrit y, and availabilit y as a
clear and simple way t o describe key securit y goals.[305] While st ill relevant , many more elaborat e
frameworks have since been proposed.[306][307]

However, in t he 1970s and 1980s, t here were no grave comput er t hreat s because comput ers and
t he int ernet were st ill developing, and securit y t hreat s were easily ident ifiable. More oft en, t hreat s
came from malicious insiders who gained unaut horized access t o sensit ive document s and files.
Alt hough malware and net work breaches exist ed during t he early years, t hey did not use t hem for
financial gain. By t he second half of t he 1970s, est ablished comput er firms like IBM st art ed offering
commercial access cont rol syst ems and comput er securit y soft ware product s.[308]

One of t he earliest examples of an at t ack on a comput er net work was t he comput er worm Creeper
writ t en by Bob Thomas at BBN, which propagat ed t hrough t he ARPANET in 1971.[309] The program
was purely experiment al in nat ure and carried no malicious payload. A lat er program, Reaper, was
creat ed by Ray Tomlinson in 1972 and used t o dest roy Creeper.

Bet ween Sept ember 1986 and June 1987, a group of German hackers performed t he first
document ed case of cyber espionage.[310] The group hacked int o American defense cont ract ors,
universit ies, and milit ary base net works and sold gat hered informat ion t o t he Soviet KGB. The group
was led by Markus Hess, who was arrest ed on 29 June 1987. He was convict ed of espionage (along
wit h t wo co-conspirat ors) on 15 Feb 1990.

In 1988, one of t he first comput er worms, called t he Morris worm, was dist ribut ed via t he Int ernet . It
gained significant mainst ream media at t ent ion.[311]

Net scape st art ed developing t he prot ocol SSL, short ly aft er t he Nat ional Cent er for
Supercomput ing Applicat ions (NCSA) launched Mosaic 1.0, t he first web browser, in 1993.[312][313]
Net scape had SSL version 1.0 ready in 1994, but it was never released t o t he public due t o many
serious securit y vulnerabilit ies.[312] However, in 1995, Net scape launched Version 2.0.[314]

The Nat ional Securit y Agency (NSA) is responsible for t he prot ect ion of U.S. informat ion syst ems
and also for collect ing foreign int elligence.[315] The agency analyzes commonly used soft ware and
syst em configurat ions t o find securit y flaws, which it can use for offensive purposes against
compet it ors of t he Unit ed St at es.[316]

NSA cont ract ors creat ed and sold click-and-shoot at t ack t ools t o US agencies and close allies, but
event ually, t he t ools made t heir way t o foreign adversaries.[317] In 2016, NSAs own hacking t ools
were hacked, and t hey have been used by Russia and Nort h Korea. NSA's employees and cont ract ors
have been recruit ed at high salaries by adversaries, anxious t o compet e in cyberwarfare. In 2007, t he
Unit ed St at es and Israel began exploit ing securit y flaws in t he Microsoft Windows operat ing syst em
t o at t ack and damage equipment used in Iran t o refine nuclear mat erials. Iran responded by heavily
invest ing in t heir own cyberwarfare capabilit y, which it began using against t he Unit ed St at es.[316]

Notable scholars

Ross J. Anderson Pet er J. Denning

Annie Ant on Cynt hia Dwork

Adam Back Chuck East t om

Daniel J. Bernst ein Deborah Est rin

Mat t Blaze Joan Feigenbaum

St efan Brands Ian Goldberg

L. Jean Camp Shafi Goldwasser

Lorrie Cranor Lawrence A. Gordon

Dorot hy E. Denning Pet er Gut mann

 Paul Kocher Paul C. van Oorschot

Monica S. Lam Roger R. Schell

But ler Lampson Bruce Schneier

Brian LaMacchia Dawn Song

Susan Landau Gene Spafford

Carl Landwehr Salvat ore J. St olfo

Kevin Mit nick Willis Ware

Pet er G. Neumann Mot i Yung

Susan Nycum

See also

At t ack t ree – Concept ual diagrams showing how an asset , or t arget , might be at t acked

Bicycle at t ack – Met hod of discovering password lengt h

CAPTCHA – Test t o det ermine whet her a user is human

Cent er for Int ernet Securit y – Nonprofit organizat ion focused on cybersecurit y

Cloud comput ing securit y – Met hods used t o prot ect cloud based asset s

Comparison of ant ivirus soft ware

Cont ent Disarm & Reconst ruct ion – Policy-based removal of component s

Cont ent Securit y Policy – Comput er securit y st andard t o prevent cross-sit e script ing and relat ed
at t acks

Count ermeasure (comput er) – Process t o reduce a securit y t hreat

Cyber insurance – Informat ion t echnology risk insurance

Cyber self-defense – Prot ect ion of comput er syst ems from informat ion disclosure, t heft or
damage

Cyberbiosecurit y – Emerging field of comput er securit y

Cybersecurit y informat ion t echnology list

Dancing pigs – Users' disregard for IT securit y

Dat a securit y – Prot ect ion of digit al dat a

 Defense st rat egy (comput ing) – Concept t o reduce comput er securit y risks

Fault t olerance – Resilience of syst ems t o component failures or errors

Hardware securit y – Securit y archit ect ure implement ed in hardware

Human–comput er int eract ion (securit y) – Academic discipline st udying t he relat ionship bet ween
comput er syst ems and t heir users

Ident it y management – Technical and Policy syst ems t o give users appropriat e access

Ident it y-based securit y – Access cont rol by aut hent icat ed ID

Informat ion securit y awareness – part of informat ion securit y t hat focuses on raising
consciousness regarding pot ent ial risks of t he rapidly evolving forms of informat ion and t he
accompanying t hreat s

Int ernet privacy – Right or mandat e of personal privacy concerning t he int ernet

Int ernet safet y – Being aware of safet y and securit y risks on t he Int ernet

Int ernet securit y – Branch of comput er securit y

IT risk – Any risk relat ed t o informat ion t echnology

IT securit y st andards – Technology st andards and t echniques

Cyber kill chain – Process of carrying out a cyberat t ack

List of comput er securit y cert ificat ions

List of cyber warfare forces

Open securit y – Open source approach t o comput er securit y

Out line of comput er securit y – Overview of and t opical guide t o comput er securit y

OWASP – Comput er securit y organizat ion

Physical informat ion securit y – Common ground of physical and informat ion securit y

Privacy soft ware – Layer t o prot ect users' privacy

Securit y engineering – Process of incorporat ing securit y cont rols int o an informat ion syst em

Securit y t hrough obscurit y – Reliance on design or implement at ion secrecy for securit y

Soft ware-defined perimet er – Met hod of enhancing comput er securit y

References
1. Schat z, Daniel;
of Cyber SecuritBashroush, Rabih; Wall, Julie (2017). "Towards a More Represent
y" (ht t ps://commons.erau.edu/jdfsl/vol12/iss2/8/) . Journal ofatDigital
ive Definit ion
Forensics, Security and Law. 12 (2). ISSN 1558-7215 (ht t ps://search.worldcat .org/issn/1558-7
215) .

2. Comput er securit y (ht t ps://www.brit annica.com/EBchecked/t opic/130682) at t he

Encyclopædia Britannica

3. Tat e, Nick (7 May 2013). "Reliance spells end of road for ICT amat eurs" (ht t ps://www.t heaust ra
lian.com.au/news/reliance-spells-end-of-road-for-ict -amat eurs/news-st ory/6f84ad403b87211
00f5957a472a945eb) . The Australian.

4. Kianpour, Mazaher; Kowalski, St ewart ; Øverby, Harald (2021). "Syst emat ically Underst anding
Cybersecurit y Economics: A Survey" (ht t ps://doi.org/10.3390%2Fsu132413677) .
Sustainability. 13 (24): 13677. doi:10.3390/su132413677 (ht t ps://doi.org/10.3390%2Fsu132413
677) . hdl:11250/2978306 (ht t ps://hdl.handle.net /11250%2F2978306) . ISSN 2071-1050 (ht t
ps://search.worldcat .org/issn/2071-1050) .

5. St evens, Tim (11 June 2018). "Global Cybersecurit y: New Direct ions in Theory and Met hods" (ht
t ps://kclpure.kcl.ac.uk/port al/files/97261726/PaG_ 6_ 2_ Global_ Cybersecurit y_ New_ Direct ions
_ in_ Theory_ and_ Met hods.pdf) (PDF). Politics and Governance. 6 (2): 1–4.
doi:10.17645/pag.v6i2.1569 (ht t ps://doi.org/10.17645%2Fpag.v6i2.1569) . Archived (ht t ps://w
eb.archive.org/web/20190904151257/ht t ps://kclpure.kcl.ac.uk/port al/files/97261726/PaG_ 6_
2_ Global_ Cybersecurit y_ New_ Direct ions_ in_ Theory_ and_ Met hods.pdf) (PDF) from t he
original on 4 Sept ember 2019.

6. "About t he CVE Program" (ht t ps://www.cve.org/About /Overview) . www.cve.org. Ret rieved

12 April 2023.

7. Zlat anov, Nikola (3 December 2015). Computer Security and Mobile Security Challenges (ht t p
s://www.researchgat e.net /publicat ion/298807979) . Tech Securit y Conference At : San
Francisco, CA.

8. "Ghidra" (ht t ps://web.archive.org/web/20200815201448/ht t ps://www.nsa.gov/resources/every

one/ghidra/) . nsa.gov . 1 August 2018. Archived from t he original (ht t ps://www.nsa.gov/resour
ces/everyone/ghidra/) on 15 August 2020. Ret rieved 17 August 2020.

9. Larabel, Michael (28 December 2017). "Syzbot : Google Cont inuously Fuzzing The Linux Kernel"
(ht t ps://www.phoronix.com/scan.php?page=news_ it em&px=Syzbot -Linux-Kernel-Fuzzing/) .
www.phoronix.com/. Ret rieved 25 March 2021.
10. "Cyber at t acks on SMBs: Current St at s and How t o Prevent Them" (ht t ps://www.crowdst rike.c
om/solut ions/small-business/cyber-at t acks-on-smbs/) . crowdstrike.com. Ret rieved
30 November 2023.

11. "Cyber securit y breaches survey 2023" (ht t ps://www.gov.uk/government /st at ist ics/cyber-secu
rit y-breaches-survey-2023/cyber-securit y-breaches-survey-2023) . GOV.UK. Ret rieved
30 November 2023.

12. "How cyber at t acks work" (ht t ps://www.ncsc.gov.uk/informat ion/how-cyber-at t acks-work) .

www.ncsc.gov.uk. Ret rieved 30 November 2023.

13. "What is a backdoor at t ack? Definit ion and prevent ion | NordVPN" (ht t ps://nordvpn.com/blog/b
ackdoor-at t ack/) . nordvpn.com. 30 November 2023. Ret rieved 3 January 2024.

14. "What is a backdoor at t ack?" (ht t ps://www.mcafee.com/learn/backdoor-t hreat /) . McAfee. 4

December 2023. Ret rieved 4 December 2023.

15. "Denial of Service (DoS) guidance" (ht t ps://www.ncsc.gov.uk/collect ion/denial-service-dos-gui

dance-collect ion) . www.ncsc.gov.uk. Ret rieved 4 December 2023.

16. "Comput er Securit y" (ht t ps://www.int erelect ronix.com/comput er-securit y.ht ml) .
www.interelectronix.com. Ret rieved 30 November 2023.

17. "What Is a DMA At t ack? Analysis & Mit igat ion" (ht t ps://www.kroll.com/en/insight s/publicat ion
s/cyber/what -is-dma-at t ack-underst anding-mit igat ing-t hreat ) . Kroll. Ret rieved 4 December
2023.

18. "What Are Eavesdropping At t acks?" (ht t ps://www.fort inet .com/resources/cyberglossary/eaves

dropping) . Fortinet. Ret rieved 5 December 2023.

19. York, Dan (1 January 2010), York, Dan (ed.), "Chapt er 3 – Eavesdropping and Modificat ion" (ht t p
s://www.sciencedirect .com/science/art icle/pii/B978159749547900003X) , Seven Deadliest
Unified Communications Attacks , Bost on: Syngress, pp. 41–69, ISBN 978-1-59749-547-9,
ret rieved 5 December 2023

20. "What Are Eavesdropping At t acks & How To Prevent Them" (ht t ps://ent erprise.verizon.com/res
ources/art icles/s/what -are-eavesdropping-at t acks/) . Verizon Enterprise. Ret rieved
5 December 2023.

21. "What is Malware? | IBM" (ht t ps://www.ibm.com/t opics/malware) . www.ibm.com. 14 April

2022. Ret rieved 6 December 2023.
22. Bendovschi, Andreea (2015). "Cyber-At t acks – Trends, Pat t erns and Securit y
Count ermeasures" (ht t ps://doi.org/10.1016%2FS2212-5671%2815%2901077-1) . Procedia
Economics and Finance. 28: 24–31. doi:10.1016/S2212-5671(15)01077-1 (ht t ps://doi.org/10.1
016%2FS2212-5671%2815%2901077-1) .

23. "What is malware?" (ht t ps://www.mcafee.com/en-gb/ant ivirus/malware.ht ml) . McAfee.

Ret rieved 30 November 2023.

24. "What is a man-in-t he-middle at t ack and how can I prot ect my organizat ion?" (ht t ps://www.veriz
on.com/business/resources/art icles/s/what -is-a-man-in-t he-middle-at t ack-and-how-can-i-pro
t ect -my-organizat ion/) . verizon.com.

25. "Mult i-Vect or At t acks Demand Mult i-Vect or Prot ect ion" (ht t ps://www.msspalert .com/analysi
s/mult i-vect or-at t acks-demand-mult i-vect or-prot ect ion) . MSSP Alert. 24 July 2017.

26. Millman, Renee (15 December 2017). "New polymorphic malware evades t hree-quart ers of AV
scanners" (ht t ps://www.scmagazineuk.com/new-polymorphic-malware-evades-t hree-quart ers-
of-av-scanners/art icle/718757/) . SC Magazine UK.

27. Tounsi, Wiem (15 May 2019), Tounsi, Wiem (ed.), "What is Cyber Threat Int elligence and How is
it Evolving?" (ht t ps://onlinelibrary.wiley.com/doi/10.1002/9781119618393.ch1) , Cyber-
Vigilance and Digital Trust (1 ed.), Wiley, pp. 1–49, doi:10.1002/9781119618393.ch1 (ht t ps://doi.
org/10.1002%2F9781119618393.ch1) , ISBN 978-1-78630-448-3, S2CID 187294508 (ht t ps://
api.semant icscholar.org/CorpusID:187294508) , ret rieved 6 December 2023

28. "Ident ifying Phishing At t empt s" (ht t ps://web.archive.org/web/20150913200707/ht t p://www.ca

se.edu/it s/kba/it s-kba-27196-phishing-at t empt /) . Case. Archived from t he original (ht t ps://w
ww.case.edu/it s/kba/it s-kba-27196-phishing-at t empt /) on 13 Sept ember 2015. Ret rieved
4 July 2016.

29. "Prot ect yourself from phishing – Microsoft Support " (ht t ps://support .microsoft .com/en-us/wi
ndows/prot ect -yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44) .
support.microsoft.com. Ret rieved 6 December 2023.

30. Lazarus, Ari (23 February 2018). "Phishers send fake invoices" (ht t ps://www.consumer.ft c.gov/bl
og/2018/02/phishers-send-fake-invoices) . Consumer Information. Ret rieved 17 February
2020.

31. "Email Securit y" (ht t ps://web.archive.org/web/20220522081555/ht t ps://www.t rellix.com/en-u

s/plat form/email-securit y.ht ml) . Trellix. 17 May 2022. Archived from t he original (ht t ps://www.
t rellix.com/en-us/plat form/email-securit y.ht ml) on 22 May 2022. Ret rieved 24 Oct ober 2022.
32. "What is Privilege Escalat ion? – CrowdSt rike" (ht t ps://www.crowdst rike.com/cybersecurit y-10
1/privilege-escalat ion/) . crowdstrike.com. Ret rieved 7 December 2023.

33. Spence, Aaron; Bangay, Shaun (June 2022). "Securit y beyond cybersecurit y: side-channel
at t acks against non-cyber syst ems and t heir count ermeasures" (ht t ps://link.springer.com/10.10
07/s10207-021-00563-6) . International Journal of Information Security. 21 (3): 437–453.
doi:10.1007/s10207-021-00563-6 (ht t ps://doi.org/10.1007%2Fs10207-021-00563-6) .
ISSN 1615-5262 (ht t ps://search.worldcat .org/issn/1615-5262) .

34. Arcos Sergio. "Social Engineering" (ht t p://upcommons.upc.edu/pfc/bit st ream/2099.1/12289/1/

73827.pdf) (PDF). upc.edu. Archived (ht t ps://web.archive.org/web/20131203043630/ht t p://u
pcommons.upc.edu/pfc/bit st ream/2099.1/12289/1/73827.pdf) (PDF) from t he original on 3
December 2013. Ret rieved 16 April 2019.

35. Scannell, Kara (24 February 2016). "CEO email scam cost s companies $2bn" (ht t ps://web.archiv
e.org/web/20160623105523/ht t p://www.ft .com/int l/cms/s/0/83b4e9be-db16-11e5-a72f-1e
7744c66818.ht ml#axzz41pN5YBV4) . Financial Times . No. 25 February 2016. Archived from
t he original (ht t ps://www.ft .com/int l/cms/s/0/83b4e9be-db16-11e5-a72f-1e7744c66818.ht m
l#axzz41pN5YBV4) on 23 June 2016. Ret rieved 7 May 2016.

36. "Bucks leak t ax info of players, employees as result of email scam" (ht t ps://www.espn.com/nb
a/st ory/_ /id/15615363/milwaukee-bucks-leak-t ax-informat ion-players-employees-result -emai
l-scam) . Associat ed Press. 20 May 2016. Archived (ht t ps://web.archive.org/web/2016052014
4908/ht t p://espn.go.com/nba/st ory/_ /id/15615363/milwaukee-bucks-leak-t ax-informat iopn-p
layers-employees-result -email-scam) from t he original on 20 May 2016. Ret rieved 20 May
2016.

37. "What is Spoofing? – Definit ion from Techopedia" (ht t ps://www.t echopedia.com/definit ion/539
8/spoofing) . techopedia.com. Archived (ht t ps://web.archive.org/web/20160630134737/ht t p
s://www.t echopedia.com/definit ion/5398/spoofing) from t he original on 30 June 2016.
Ret rieved 16 January 2022.

38. But t erfield, Andrew; Ngondi, Gerard Ekembe, eds. (21 January 2016). "spoofing" (ht t p://www.oxf
ordreference.com/view/10.1093/acref/9780199688975.001.0001/acref-9780199688975-e-4
987) . A Dictionary of Computer Science. Oxford Universit y Press.
doi:10.1093/acref/9780199688975.001.0001 (ht t ps://doi.org/10.1093%2Facref%2F978019968
8975.001.0001) . ISBN 978-0199688975. Ret rieved 8 Oct ober 2017.
39. Marcel, Sébast ien; Nixon, Mark; Li, St an, eds. (2014). Handbook of Biometric Anti-Spoofing:
Trusted Biometrics under Spoofing Attacks . Advances in Comput er Vision and Pat t ern
Recognit ion. London: Springer. doi:10.1007/978-1-4471-6524-8 (ht t ps://doi.org/10.1007%2F97
8-1-4471-6524-8) . ISBN 978-1447165248. ISSN 2191-6594 (ht t ps://search.worldcat .org/iss
n/2191-6594) . LCCN 2014942635 (ht t ps://lccn.loc.gov/2014942635) . S2CID 27594864 (ht t
ps://api.semant icscholar.org/CorpusID:27594864) .

40. "80 t o 0 in Under 5 Seconds: Falsifying a Medical Pat ient 's Vit als" (ht t ps://www.t rellix.com/en-u
s/about /newsroom/st ories/research/80-t o-0-in-under-5-seconds-falsifying-a-medical-pat ient
s-vit als.ht ml) . www.trellix.com. Ret rieved 9 February 2023.

41. Gallagher, Sean (14 May 2014). "Phot os of an NSA "upgrade" fact ory show Cisco rout er get t ing
implant " (ht t ps://arst echnica.com/t ech-policy/2014/05/phot os-of-an-nsa-upgrade-fact ory-sh
ow-cisco-rout er-get t ing-implant /) . Ars Technica . Archived (ht t ps://web.archive.org/web/201
40804130416/ht t p://arst echnica.com/t ech-policy/2014/05/phot os-of-an-nsa-upgrade-fact or
y-show-cisco-rout er-get t ing-implant /) from t he original on 4 August 2014. Ret rieved
3 August 2014.

42. Int elligence, Microsoft Threat (11 November 2021). "HTML smuggling surges: Highly evasive
loader t echnique increasingly used in banking malware, t arget ed at t acks" (ht t ps://www.microso
ft .com/en-us/securit y/blog/2021/11/11/ht ml-smuggling-surges-highly-evasive-loader-t echniq
ue-increasingly-used-in-banking-malware-t arget ed-at t acks/) . Microsoft Security Blog.
Ret rieved 7 December 2023.

43. "Obfuscat ed Files or Informat ion: HTML Smuggling, Sub-t echnique T1027.006 – Ent erprise |
MITRE ATT&CK®" (ht t ps://at t ack.mit re.org/t echniques/T1027/006/) . attack.mitre.org.
Ret rieved 22 February 2023.

44. Lim, Joo S.; Chang, Shant on; Maynard, Sean; Ahmad, At if (2009). "Exploring t he Relat ionship
bet ween Organizat ional Cult ure and Informat ion Securit y Cult ure" (ht t p://ro.ecu.edu.au/ism/1
2) . Proceedings of the 7th Australian Information Security Management Conference. Pert h.
Securit y Research Inst it ut e (SRI), Edit h Cowan Universit y: 1st t o 3rd December 2009.
doi:10.4225/75/57B4065130DEF (ht t ps://doi.org/10.4225%2F75%2F57B4065130DEF) .

45. Reimers, Karl; Andersson, David (2017). Post-secondary Education Network Security: the End
User Challenge and Evolving Threats (ht t ps://library.iat ed.org/view/REIMERS2017POS) .
ICERI2017 Proceedings. Vol. 1. IATED. pp. 1787–1796. doi:10.21125/iceri.2017.0554 (ht t ps://do
i.org/10.21125%2Ficeri.2017.0554) . ISBN 978-84-697-6957-7. ISSN 2340-1095 (ht t ps://searc
h.worldcat .org/issn/2340-1095) .
46. Verizon Dat a Breach Invest igat ions Report 2020 (ht t ps://ent erprise.verizon.com/resources/rep
ort s/2020-dat a-breach-invest igat ions-report .pdf) (PDF). verizon.com (Report ). Archived (ht t
ps://web.archive.org/web/20200519161153/ht t ps://ent erprise.verizon.com/resources/report
s/2020-dat a-breach-invest igat ions-report .pdf) (PDF) from t he original on 19 May 2020.
Ret rieved 17 Sept ember 2021.

47. Schlienger, Thomas; Teufel, St ephanie (2003). "Informat ion securit y cult ure-from analysis t o
change". South African Computer Journal. 31: 46–52. hdl:10520/EJC27949 (ht t ps://hdl.handle.n
et /10520%2FEJC27949) .

48. Internet Security Glossary (ht t ps://dat at racker.iet f.org/doc/ht ml/rfc2828) .

doi:10.17487/RFC2828 (ht t ps://doi.org/10.17487%2FRFC2828) . RFC 2828 (ht t ps://dat at rack
er.iet f.org/doc/ht ml/rfc2828) .

49. "CNSS Inst ruct ion No. 4009" (ht t ps://web.archive.org/web/20120227163121/ht t p://www.cnss.
gov/Asset s/pdf/cnssi_ 4009.pdf) (PDF). 26 April 2010. Archived from t he original (ht t p://ww
w.cnss.gov/Asset s/pdf/cnssi_ 4009.pdf) (PDF) on 27 February 2012.

50. "InfosecToday Glossary" (ht t p://www.infosect oday.com/Art icles/Glossary.pdf) (PDF).

Archived (ht t ps://web.archive.org/web/20141120041536/ht t p://www.infosect oday.com/Art icl
es/Glossary.pdf) (PDF) from t he original on 20 November 2014.

51. "Cyber securit y design principles" (ht t ps://www.ncsc.gov.uk/collect ion/cyber-securit y-design-p

rinciples/cyber-securit y-design-principles) . www.ncsc.gov.uk. Ret rieved 11 December 2023.

52. "How t he NCSC t hinks about securit y archit ect ure" (ht t ps://www.ncsc.gov.uk/blog-post /how-n
csc-t hinks-about -securit y-archit ect ure) . www.ncsc.gov.uk. Ret rieved 18 December 2023.

53. "Secure Syst em Archit ect ure and Design" (ht t ps://www.ukcybersecurit ycouncil.org.uk/careers-
and-learning/cyber-career-framework/secure-syst em-archit ect ure-design) . UK Cyber Security
Council. 2024. Ret rieved 4 January 2024.

54. "securit y archit ect ure – Glossary | CSRC" (ht t ps://csrc.nist .gov/glossary/t erm/securit y_ archit e
ct ure) . csrc.nist.gov . Ret rieved 18 December 2023.

55. Jannsen, Cory. "Securit y Archit ect ure" (ht t p://www.t echopedia.com/definit ion/72/securit y-archi
t ect ure) . Techopedia . Janalt a Int eract ive Inc. Archived (ht t ps://web.archive.org/web/201410
03064643/ht t p://www.t echopedia.com/definit ion/72/securit y-archit ect ure) from t he original
on 3 Oct ober 2014. Ret rieved 9 Oct ober 2014.
56. Oppliger, Rolf (1 May 1997). "Int ernet securit y: firewalls and beyond" (ht t ps://doi.org/10.1145%
2F253769.253802) . Communications of the ACM. 40 (5): 92–102.
doi:10.1145/253769.253802 (ht t ps://doi.org/10.1145%2F253769.253802) . ISSN 0001-0782
(ht t ps://search.worldcat .org/issn/0001-0782) .

57. "How t o Increase Cybersecurit y Awareness" (ht t ps://www.isaca.org/resources/isaca-journal/iss

ues/2019/volume-2/how-t o-increase-cybersecurit y-awareness) . ISACA. Ret rieved
25 February 2023.

58. Woodie, Alex (9 May 2016). "Why ONI May Be Our Best Hope for Cyber Securit y Now" (ht t p://w
ww.dat anami.com/2016/05/09/oni-may-best -hope-cyber-securit y-now/) . Archived (ht t ps://w
eb.archive.org/web/20160820015812/ht t ps://www.dat anami.com/2016/05/09/oni-may-best -h
ope-cyber-securit y-now/) from t he original on 20 August 2016. Ret rieved 13 July 2016.

59. Walkowski, Debbie (9 July 2019). "What Is The CIA Triad?" (ht t ps://www.f5.com/labs/art icles/e
ducat ion/what -is-t he-cia-t riad.ht ml) . F5 Labs . Ret rieved 25 February 2020.

60. "Knowing Value of Dat a Asset s is Crucial t o Cybersecurit y Risk Management |

Securit yWeek.Com" (ht t ps://www.securit yweek.com/knowing-value-dat a-asset s-crucial-cyber
securit y-risk-management ) . www.securityweek.com. 3 December 2018. Ret rieved
25 February 2020.

61. Foreman, Park (2009). Vulnerability Management. Boca Rat on, Fla.: Auerbach Publicat ions. p. 1.
ISBN 978-1-4398-0150-5.

62. Johnson, A. (2018). CCNA Cybersecurity Operations Companion Guide (ht t ps://books.google.co
m/books?id=FxRbDwAAQBAJ&q=Vulnerabilit ies+can+be+discovered+wit h+a+vulnerabilit y+sc
anner,+which+analyzes+a+comput er+syst em+in+search+of+known+vulnerabilit ies&pg=SA5-P
A83) . Cisco Press. ISBN 978-0135166246.

63. Calder, Alan; Williams, Geraint (2014). PCI DSS: A Pocket Guide (3rd ed.). IT Governance Limit ed.
ISBN 978-1849285544. "net work vulnerabilit y scans at least quart erly and aft er any significant
change in t he net work"

64. Harrison, J. (2003). Formal verification at Intel. 18t h Annual IEEE Symposium of Logic in
Comput er Science, 2003. Proceedings. pp. 45–54. doi:10.1109/LICS.2003.1210044 (ht t ps://doi.
org/10.1109%2FLICS.2003.1210044) . ISBN 978-0769518848. S2CID 44585546 (ht t ps://api.s
emant icscholar.org/CorpusID:44585546) .

65. Umrigar, Zerksis D.; Pit chumani, Vijay (1983). Formal verification of a real-time hardware design (h
t t p://port al.acm.org/cit at ion.cfm?id=800667) . Proceeding DAC '83 Proceedings of t he 20t h
Design Aut omat ion Conference. IEEE Press. pp. 221–227. ISBN 978-0818600265.
66. "Abst ract Formal Specificat ion of t he seL4/ARMv6 API" (ht t ps://web.archive.org/web/201505
21171234/ht t ps://sel4.syst ems/Docs/seL4-spec.pdf) (PDF). Archived from t he original (ht t p
s://sel4.syst ems/Docs/seL4-spec.pdf) (PDF) on 21 May 2015. Ret rieved 19 May 2015.

67. Baumann, Christ oph; Beckert , Bernhard; Blasum, Holger; Bormer, Thorst en. Ingredients of
Operating System Correctness? Lessons Learned in the Formal Verification of PikeOS (ht t ps://
web.archive.org/web/20110719110932/ht t p://www-wjp.cs.uni-saarland.de/publikat ionen/Ba10
EW.pdf) (PDF). Embedded World Conference, Nuremberg, Germany. Archived from t he original
(ht t p://www-wjp.cs.uni-saarland.de/publikat ionen/Ba10EW.pdf) (PDF) on 19 July 2011.

68. Ganssle, Jack. "Get t ing it Right " (ht t ps://web.archive.org/web/20130504191958/ht t p://www.ga
nssle.com/rant s/get t ingit right .ht m) . Archived from t he original (ht t p://www.ganssle.com/rant
s/get t ingit right .ht m) on 4 May 2013.

69. "Everyt hing you need for a career as a SOC analyst " (ht t ps://www.cybersecurit yjobsit e.com/st a
t icpages/10300/everyt hing-you-need-for-a-career-as-a-soc-analyst /) .
www.cybersecurityjobsite.com. Ret rieved 19 December 2023.

70. "Turn on 2-st ep verificat ion (2SV)" (ht t ps://www.ncsc.gov.uk/collect ion/t op-t ips-for-st aying-se
cure-online/act ivat e-2-st ep-verificat ion-on-your-email) . www.ncsc.gov.uk. Ret rieved
19 December 2023.

71. "NCSC's cyber securit y t raining for st aff now available" (ht t ps://www.ncsc.gov.uk/blog-post /nc
sc-cyber-securit y-t raining-for-st aff-now-available) . www.ncsc.gov.uk. Ret rieved
19 December 2023.

72. Treglia, J.; Delia, M. (2017). Cyber Security Inoculation. NYS Cyber Securit y Conference, Empire
St at e Plaza Convent ion Cent er, Albany, NY, 3–4 June.

73. "What is a license dongle?" (ht t ps://www.revenera.com/soft ware-monet izat ion/glossary/licens

e-dongle) . www.revenera.com. Ret rieved 12 June 2024.

74. "Token-based aut hent icat ion" (ht t p://www.safenet -inc.com/mult i-fact or-aut hent icat ion/aut he
nt icat ors/pki-usb-aut hent icat ion/et oken-5200-t oken-based-aut hent icat ion/) . SafeNet .com.
Archived (ht t ps://web.archive.org/web/20140320234026/ht t p://www.safenet -inc.com/mult i-fa
ct or-aut hent icat ion/aut hent icat ors/pki-usb-aut hent icat ion/et oken-5200-t oken-based-aut hent
icat ion/) from t he original on 20 March 2014. Ret rieved 20 March 2014.
75. "Lock and prot ect your Windows PC" (ht t ps://www.t hewindowsclub.com/lock-prot ect -your-win
dows-pc-using-a-usb-drive-wit h-predat or) . TheWindowsClub.com. 10 February 2010. Archived
(ht t ps://web.archive.org/web/20140320220321/ht t p://www.t hewindowsclub.com/lock-prot ec
t -your-windows-pc-using-a-usb-drive-wit h-predat or) from t he original on 20 March 2014.
Ret rieved 20 March 2014.

76. Greene, James (2012). "Int el Trust ed Execut ion Technology: Whit e Paper" (ht t p://www.int el.co
m/cont ent /dam/www/public/us/en/document s/whit e-papers/t rust ed-execut ion-t echnology-
securit y-paper.pdf) (PDF). Int el Corporat ion. Archived (ht t ps://web.archive.org/web/2014061
1161421/ht t p://www.int el.com/cont ent /dam/www/public/us/en/document s/whit e-papers/t r
ust ed-execut ion-t echnology-securit y-paper.pdf) (PDF) from t he original on 11 June 2014.
Ret rieved 18 December 2013.

77. "SafeNet Prot ect Drive 8.4" (ht t p://www.scmagazine.com/safenet -prot ect drive-84/review/259
6/) . SCMagazine.com. 4 Oct ober 2008. Archived (ht t ps://web.archive.org/web/20140320220
133/ht t p://www.scmagazine.com/safenet -prot ect drive-84/review/2596/) from t he original
on 20 March 2014. Ret rieved 20 March 2014.

78. "Secure Hard Drives: Lock Down Your Dat a" (ht t ps://www.pcmag.com/art icle2/0,2817,2342798,
00.asp) . PCMag.com. 11 May 2009. Archived (ht t ps://web.archive.org/web/20170621202140/
ht t p://www.pcmag.com/art icle2/0,2817,2342798,00.asp) from t he original on 21 June 2017.

79. Souppaya, Murugiah P.; Scarfone, Karen (2013). "Guidelines for Managing t he Securit y of Mobile
Devices in t he Ent erprise" (ht t ps://www.nist .gov/publicat ions/guidelines-managing-securit y-mo
bile-devices-ent erprise) . National Institute of Standards and Technology. Special Publicat ion
(NIST SP). Gait hersburg, MD. doi:10.6028/NIST.SP.800-124r1 (ht t ps://doi.org/10.6028%2FNIST.
SP.800-124r1) .

80. "Access Cont rol St at ist ics: Trends & Insight s" (ht t ps://ent rycare.com/access-cont rol-st at ist ic
s/) . 23 February 2024. Ret rieved 26 April 2024.

81. "Forget IDs, use your phone as credent ials" (ht t p://video.foxbusiness.com/v/2804966490001/f
orget -ids-use-your-phone-as-credent ials/?playlist _ id=937116503001#sp=show-clips) . Fox
Business Net work. 4 November 2013. Archived (ht t ps://web.archive.org/web/2014032021582
9/ht t p://video.foxbusiness.com/v/2804966490001/forget -ids-use-your-phone-as-credent ial
s/?playlist _ id=937116503001#sp=show-clips) from t he original on 20 March 2014. Ret rieved
20 March 2014.

82. "Direct memory access prot ect ions for Mac comput ers" (ht t ps://support .apple.com/guide/sec
urit y/direct -memory-access-prot ect ions-seca4960c2b5/1/web/1) . Apple. Ret rieved
16 November 2022.
83. "Using IOMMU for DMA Prot ect ion in UEFI Firmware" (ht t ps://www.int el.com/cont ent /dam/dev
elop/ext ernal/us/en/document s/int el-whit epaper-using-iommu-for-dma-prot ect ion-in-uefi-820
238.pdf) (PDF). Int el Corporat ion. Archived (ht t ps://web.archive.org/web/20211209062425/h
t t ps://www.int el.com/cont ent /dam/develop/ext ernal/us/en/document s/int el-whit epaper-usin
g-iommu-for-dma-prot ect ion-in-uefi-820238.pdf) (PDF) from t he original on 9 December
2021. Ret rieved 16 November 2022.

84. Babaei, Armin; Schiele, Gregor; Zohner, Michael (26 July 2022). "Reconfigurable Securit y
Archit ect ure (RESA) Based on PUF for FPGA-Based IoT Devices" (ht t ps://www.ncbi.nlm.nih.go
v/pmc/art icles/PMC9331300) . Sensors . 22 (15): 5577. Bibcode:2022Senso..22.5577B (ht t p
s://ui.adsabs.harvard.edu/abs/2022Senso..22.5577B) . doi:10.3390/s22155577 (ht t ps://doi.org/
10.3390%2Fs22155577) . ISSN 1424-8220 (ht t ps://search.worldcat .org/issn/1424-8220) .
PMC 9331300 (ht t ps://www.ncbi.nlm.nih.gov/pmc/art icles/PMC9331300) . PMID 35898079
(ht t ps://pubmed.ncbi.nlm.nih.gov/35898079) .

85. Hassija, Vikas; Chamola, Vinay; Gupt a, Vat sal; Jain, Sart hak; Guizani, Nadra (15 April 2021). "A
Survey on Supply Chain Securit y: Applicat ion Areas, Securit y Threat s, and Solut ion
Archit ect ures" (ht t ps://ieeexplore.ieee.org/document /9203862) . IEEE Internet of Things
Journal. 8 (8): 6222–6246. doi:10.1109/JIOT.2020.3025775 (ht t ps://doi.org/10.1109%2FJIOT.2
020.3025775) . ISSN 2327-4662 (ht t ps://search.worldcat .org/issn/2327-4662) .
S2CID 226767829 (ht t ps://api.semant icscholar.org/CorpusID:226767829) .

86. "The Most Secure OS: What is t he Safest OS Available?" (ht t ps://t ech.co/ant ivirus-soft ware/w
hat -is-t he-most -secure-os) . Tech.co. Ret rieved 19 December 2023.

87. Sanghavi, Alok (21 May 2010). "What is formal verificat ion?". EE Times_Asia .

88. Ferraiolo, D.F. & Kuhn, D.R. (Oct ober 1992). "Role-Based Access Cont rol" (ht t p://csrc.nist .gov/gr
oups/SNS/rbac/document s/ferraiolo-kuhn-92.pdf) (PDF). 15th National Computer Security
Conference: 554–563.

89. Sandhu, R; Coyne, EJ; Feinst ein, HL; Youman, CE (August 1996). "Role-Based Access Cont rol
Models" (ht t p://csrc.nist .gov/rbac/sandhu96.pdf) (PDF). IEEE Computer. 29 (2): 38–47.
Cit eSeerX 10.1.1.50.7649 (ht t ps://cit eseerx.ist .psu.edu/viewdoc/summary?doi=10.1.1.50.764
9) . doi:10.1109/2.485845 (ht t ps://doi.org/10.1109%2F2.485845) . S2CID 1958270 (ht t ps://a
pi.semant icscholar.org/CorpusID:1958270) .
90. Abreu, Vilmar; Sant in, Alt air O.; Viegas, Eduardo K.; St ihler, Maicon (2017). A multi-domain role
activation model (ht t ps://secplab.ppgia.pucpr.br/files/papers/2017-1.pdf) (PDF). 2017 IEEE
Int ernat ional Conference on Communicat ions (ICC). IEEE Press. pp. 1–6.
doi:10.1109/ICC.2017.7997247 (ht t ps://doi.org/10.1109%2FICC.2017.7997247) . ISBN 978-
1467389990. S2CID 6185138 (ht t ps://api.semant icscholar.org/CorpusID:6185138) .

91. A.C. O'Connor & R.J. Loomis (2002). Economic Analysis of Role-Based Access Control (ht t p://cs
rc.nist .gov/groups/SNS/rbac/document s/20101219_ RBAC2_ Final_ Report .pdf) (PDF).
Research Triangle Inst it ut e. p. 145.

92. "St udies prove once again t hat users are t he weakest link in t he securit y chain" (ht t ps://www.cs
oonline.com/art icle/2137210/securit y-awareness/st udies-prove-once-again-t hat -users-are-t h
e-weakest -link-in-t he-securit y-chain.ht ml) . CSO Online. 22 January 2014. Ret rieved 8 Oct ober
2018.

93. "The Role of Human Error in Successful Securit y At t acks" (ht t ps://securit yint elligence.com/t he
-role-of-human-error-in-successful-securit y-at t acks/) . IBM Security Intelligence. 2
Sept ember 2014. Ret rieved 8 Oct ober 2018.

94. "90% of securit y incident s t race back t o PEBKAC and ID10T errors" (ht t ps://www.comput erwor
ld.com/art icle/2910316/90-of-securit y-incident s-t race-back-t o-pebkac-and-id10t -errors.ht m
l) . Computerworld. 15 April 2015. Ret rieved 8 Oct ober 2018.

95. "Prot ect your online banking wit h 2FA" (ht t ps://www.nzba.org.nz/2018/10/08/prot ect -your-onli
ne-banking-wit h-2fa/) . NZ Bankers Association. 7 Oct ober 2018. Ret rieved 7 Sept ember
2019.

96. "IBM Securit y Services 2014 Cyber Securit y Int elligence Index" (ht t ps://pcsit e.co.uk/comput er
-securit y/IBM_ Securit y_ Services_ 2014_ Cyber_ Securit y_ Int elligence_ Index.pdf) (PDF).
PcSite. 2014. Ret rieved 9 Oct ober 2020.

97. Caldwell, Tracey (12 February 2013). "Risky business: why securit y awareness is crucial for
employees" (ht t ps://www.t heguardian.com/media-net work/media-net work-blog/2013/feb/12/
business-cyber-securit y-risks-employees) . The Guardian. Ret rieved 8 Oct ober 2018.

98. "Developing a Securit y Cult ure" (ht t ps://web.archive.org/web/20181009013120/ht t ps://www.c

pni.gov.uk/developing-securit y-cult ure) . CPNI – Centre for the Protection of National
Infrastructure. Archived from t he original (ht t ps://www.cpni.gov.uk/developing-securit y-cult ur
e) on 9 Oct ober 2018. Ret rieved 8 Oct ober 2018.

99. "Cyber Hygiene – ENISA" (ht t ps://www.enisa.europa.eu/publicat ions/cyber-hygiene) .

Ret rieved 27 Sept ember 2018.
100. Kaljulaid, Kerst i (16 Oct ober 2017). "President of t he Republic at t he Aft enpost en's Technology
Conference" (ht t ps://president .ee/en/official-dut ies/speeches/13671-president -of-t he-republi
c-at -t he-aft enpost ens-t echnology-conference/index.ht ml) . Ret rieved 27 Sept ember 2018.

101. "Cyber securit y breaches survey 2023" (ht t ps://www.gov.uk/government /st at ist ics/cyber-secu
rit y-breaches-survey-2023/cyber-securit y-breaches-survey-2023) . GOV.UK. Ret rieved
27 December 2023.

102. Kuchler, Hannah (27 April 2015). "Securit y execs call on companies t o improve 'cyber hygiene' "
(ht t ps://ghost archive.org/archive/20221210/ht t ps://www.ft .com/cont ent /8468cfda-e9e3-11
e4-a687-00144feab7de) . Financial Times . Archived from t he original (ht t ps://www.ft .com/co
nt ent /8468cfda-e9e3-11e4-a687-00144feab7de) on 10 December 2022. Ret rieved
27 Sept ember 2018.

103. "From AI t o Russia, Here's How Est onia's President Is Planning for t he Fut ure" (ht t ps://www.wire
d.com/st ory/from-ai-t o-russia-heres-how-est onias-president -is-planning-for-t he-fut ure/) .
Wired. Ret rieved 28 Sept ember 2018.

104. "Professor Len Adleman explains how he coined t he t erm "comput er virus" " (ht t ps://www.weliv
esecurit y.com/2017/11/01/professor-len-adleman-explains-comput er-virus-t erm/) .
WeLiveSecurity. 1 November 2017. Ret rieved 28 Sept ember 2018.

105. "St at ement of Dr. Vint on G. Cerf" (ht t ps://www.jec.senat e.gov/archive/Document s/Hearings/c
erf22300.ht m) . www.jec.senate.gov . Ret rieved 28 Sept ember 2018.

106. Promot ing Good Cyber Hygiene Act of 2017 (ht t ps://www.congress.gov/bill/115t h-congress/h
ouse-bill/3010) at Congress.gov

107. "Analysis | The Cybersecurit y 202: Agencies st ruggling wit h basic cybersecurit y despit e
Trump's pledge t o priorit ize it " (ht t ps://www.washingt onpost .com/news/powerpost /paloma/t h
e-cybersecurit y-202/2018/07/26/t he-cybersecurit y-202-agencies-st ruggling-wit h-basic-cybe
rsecurit y-despit e-t rump-s-pledge-t o-priorit ize-it /5b58a84e1b326b1e64695548/) . The
Washington Post. Ret rieved 28 Sept ember 2018.

108. "Prot ect ed Voices" (ht t ps://www.fbi.gov/invest igat e/count erint elligence/foreign-influence/pro
t ect ed-voices) . Federal Bureau of Investigation. Ret rieved 28 Sept ember 2018.

109. Lin, Tom C. W. (3 July 2017). "The New Market Manipulat ion". Emory Law Journal. 66: 1253.
SSRN 2996896 (ht t ps://papers.ssrn.com/sol3/papers.cfm?abst ract _ id=2996896) .

110. Lin, Tom C. W. (2016). "Financial Weapons of War". Minnesota Law Review. SSRN 2765010 (ht t p
s://papers.ssrn.com/sol3/papers.cfm?abst ract _ id=2765010) .
111. Cole, Jeffrey I.; Suman, Michael; Schramm, Phoebe; van Bel, Daniel; Lunn, B.; Maguire, Phyllisane;
Hanson, Koran; Singh, Rajesh; Aquino, Jedrix-Sean; Lebo, Harlan (2000). The UCLA Int ernet
report : Surveying t he digit al fut ure (ht t ps://web.archive.org/web/20030423221926/ht t p://ccp.
ucla.edu/UCLA-Int ernet -Report -2000.pdf) (PDF). ccp.ucla.edu (Report ). Archived from t he
original (ht t p://ccp.ucla.edu/UCLA-Int ernet -Report -2000.pdf) (PDF) on 23 April 2003.
Ret rieved 15 Sept ember 2023.

112. Pagliery, Jose (18 November 2014). "Hackers at t acked t he U.S. energy grid 79 t imes t his year"
(ht t ps://money.cnn.com/2014/11/18/t echnology/securit y/energy-grid-hack/) . CNN Money.
Cable News Net work. Archived (ht t ps://web.archive.org/web/20150218070238/ht t ps://money.
cnn.com/2014/11/18/t echnology/securit y/energy-grid-hack) from t he original on 18
February 2015. Ret rieved 16 April 2015.

113. Neumann, P. G. (1997). Computer Security in Aviation: Vulnerabilities, Threats, and Risks (ht t p
s://www.csl.sri.com/~neumann/air.ht ml) . Int ernat ional Conference on Aviat ion Safet y and
Securit y in t he 21st Cent ury, Whit e House Commission on Safet y and Securit y.

114. Dillingham, Gerald L. (20 Sept ember 2001). Aviat ion securit y : t errorist act s demonst rat e urgent
need t o improve securit y at t he nat ion's airport s (ht t ps://rosap.nt l.bt s.gov/view/dot /33937)
(Report ). Unit ed St at es. General Account ing Office.

115. "Air Traffic Cont rol Syst ems Vulnerabilit ies Could Make for Unfriendly Skies [Black Hat ] –
Securit yWeek.Com" (ht t p://www.securit yweek.com/air-t raffic-cont rol-syst ems-vulnerabilit ies-c
ould-make-unfriendly-skies-black-hat ) . 27 July 2012. Archived (ht t ps://web.archive.org/web/2
0150208070914/ht t p://www.securit yweek.com/air-t raffic-cont rol-syst ems-vulnerabilit ies-coul
d-make-unfriendly-skies-black-hat ) from t he original on 8 February 2015.

116. "Hacker Says He Can Break int o Airplane Syst ems Using In-Flight Wi-Fi" (ht t ps://www.npr.org/bl
ogs/allt echconsidered/2014/08/04/337794061/hacker-says-he-can-break-int o-airplane-syst e
ms-using-in-flight -wi-fi) . NPR. 4 August 2014. Archived (ht t ps://web.archive.org/web/2015020
8072554/ht t p://www.npr.org/blogs/allt echconsidered/2014/08/04/337794061/hacker-says-h
e-can-break-int o-airplane-syst ems-using-in-flight -wi-fi) from t he original on 8 February 2015.
Ret rieved 19 March 2020.

117. Finkle, Jim (4 August 2014). "Hacker says t o show passenger jet s at risk of cyber at t ack" (ht t p
s://www.reut ers.com/art icle/us-cybersecurit y-hackers-airplanes-idUSKBN0G40WQ2014080
4) . Reuters . Archived (ht t ps://web.archive.org/web/20151013061705/ht t p://www.reut ers.co
m/art icle/2014/08/04/us-cybersecurit y-hackers-airplanes-idUSKBN0G40WQ20140804) from
t he original on 13 Oct ober 2015. Ret rieved 21 November 2021.
118. Cesar, Alan (15 December 2023). "Online course bolst ers cybersecurit y in aviat ion" (ht t ps://engi
neering.purdue.edu/AAE/Aerogram/2023-2024/art icles/41-cyber-course) . Aerogram. Purdue
Universit y School of Aeronaut ics and Ast ronaut ics. Ret rieved 9 January 2024.

119. "Pan-European Net work Services (PENS) – Eurocont rol.int " (ht t ps://www.eurocont rol.int /art icle
s/pan-european-net work-services-pens) . Archived (ht t ps://web.archive.org/web/2016121217
5606/ht t ps://www.eurocont rol.int /art icles/pan-european-net work-services-pens) from t he
original on 12 December 2016.

120. "Cent ralised Services: NewPENS moves forward – Eurocont rol.int " (ht t ps://www.eurocont rol.in
t /news/cent ralised-services-newpens-moves-forward) . 17 January 2016. Archived (ht t ps://w
eb.archive.org/web/20170319025329/ht t ps://www.eurocont rol.int /news/cent ralised-services-
newpens-moves-forward) from t he original on 19 March 2017.

121. "Next Gen Dat a Communicat ion" (ht t ps://web.archive.org/web/20150313110025/ht t p://www.fa

a.gov/next gen/updat e/progress_ and_ plans/dat a_ comm/) . FAA. Archived from t he original (ht
t ps://www.faa.gov/next gen/updat e/progress_ and_ plans/dat a_ comm/) on 13 March 2015.
Ret rieved 15 June 2017.

122. "e-Passport s | Homeland Securit y" (ht t ps://www.dhs.gov/e-passport s) . www.dhs.gov .

Ret rieved 3 February 2023.

123. "The Aust ralian ePassport . Aust ralian Government Depart ment of Foreign Affairs and Trade
websit e" (ht t ps://web.archive.org/web/20150109033115/ht t p://www.dfat .gov.au/dept /passpo
rt s/) . Archived from t he original (ht t p://www.dfat .gov.au/dept /passport s/) on 9 January
2015. Ret rieved 1 May 2023.

124. "Is Your Wat ch Or Thermost at A Spy? Cybersecurit y Firms Are On It " (ht t ps://www.npr.org/blog
s/allt echconsidered/2014/08/06/338334508/is-your-wat ch-or-t hermost at -a-spy-cyber-securi
t y-firms-are-on-it ) . NPR. 6 August 2014. Archived (ht t ps://web.archive.org/web/20150211064
650/ht t p://www.npr.org/blogs/allt echconsidered/2014/08/06/338334508/is-your-wat ch-or-t h
ermost at -a-spy-cyber-securit y-firms-are-on-it ) from t he original on 11 February 2015.

125. Kruse, CB; Smit h, B; Vanderlinden, H; Nealand, A (21 July 2017). "Securit y Techniques for t he
Elect ronic Healt h Records" (ht t ps://www.ncbi.nlm.nih.gov/pmc/art icles/PMC5522514) .
Journal of Medical Systems . 41 (8): 127. doi:10.1007/s10916-017-0778-4 (ht t ps://doi.org/10.1
007%2Fs10916-017-0778-4) . PMC 5522514 (ht t ps://www.ncbi.nlm.nih.gov/pmc/art icles/PM
C5522514) . PMID 28733949 (ht t ps://pubmed.ncbi.nlm.nih.gov/28733949) .
126. Backman, Melvin (18 Sept ember 2014). "Home Depot : 56 million cards exposed in breach" (ht t p
s://money.cnn.com/2014/09/18/t echnology/securit y/home-depot -hack/) . CNNMoney.
Archived (ht t ps://web.archive.org/web/20141218221105/ht t ps://money.cnn.com/2014/09/18/
t echnology/securit y/home-depot -hack/) from t he original on 18 December 2014.

127. "St aples: Breach may have affect ed 1.16 million cust omers' cards" (ht t p://fort une.com/2014/1
2/19/st aples-cards-affect ed-breach/) . Fortune.com. 19 December 2014. Archived (ht t ps://w
eb.archive.org/web/20141221160612/ht t p://fort une.com/2014/12/19/st aples-cards-affect e
d-breach/) from t he original on 21 December 2014. Ret rieved 21 December 2014.

128. "Target : 40 million credit cards compromised" (ht t ps://money.cnn.com/2013/12/18/news/com

panies/t arget -credit -card/index.ht ml) . CNN. 19 December 2013. Archived (ht t ps://web.archiv
e.org/web/20171201035530/ht t ps://money.cnn.com/2013/12/18/news/companies/t arget -cr
edit -card/index.ht ml) from t he original on 1 December 2017. Ret rieved 29 November 2017.

129. Cowley, St acy (2 Oct ober 2017). "2.5 Million More People Pot ent ially Exposed in Equifax
Breach" (ht t ps://www.nyt imes.com/2017/10/02/business/equifax-breach.ht ml) . The New
York Times . Archived (ht t ps://web.archive.org/web/20171201054900/ht t ps://www.nyt imes.co
m/2017/10/02/business/equifax-breach.ht ml) from t he original on 1 December 2017.
Ret rieved 29 November 2017.

130. Finkle, Jim (23 April 2014). "Exclusive: FBI warns healt hcare sect or vulnerable t o cyber at t acks"
(ht t ps://www.reut ers.com/art icle/us-cybersecurit y-healt hcare-fbi-exclusiv-idUSBREA3M1Q92
0140423) . Reuters . Archived (ht t ps://web.archive.org/web/20160604120725/ht t p://www.reut
ers.com/art icle/us-cybersecurit y-healt hcare-fbi-exclusiv-idUSBREA3M1Q920140423) from
t he original on 4 June 2016. Ret rieved 23 May 2016.

131. Seals, Tara (6 November 2015). "Lack of Employee Securit y Training Plagues US Businesses" (h
t t ps://www.infosecurit y-magazine.com/news/lack-of-employee-securit y-t raining/) .
Infosecurity Magazine. Archived (ht t ps://web.archive.org/web/20171109081033/ht t ps://www.i
nfosecurit y-magazine.com/news/lack-of-employee-securit y-t raining/) from t he original on 9
November 2017. Ret rieved 8 November 2017.

132. Bright , Pet er (15 February 2011). "Anonymous speaks: t he inside st ory of t he HBGary hack" (ht t
ps://arst echnica.com/t ech-policy/news/2011/02/anonymous-speaks-t he-inside-st ory-of-t he-
hbgary-hack.ars/) . Arst echnica.com. Archived (ht t ps://web.archive.org/web/2011032704580
1/ht t p://arst echnica.com/t ech-policy/news/2011/02/anonymous-speaks-t he-inside-st ory-of-
t he-hbgary-hack.ars) from t he original on 27 March 2011. Ret rieved 29 March 2011.
133. Anderson, Nat e (9 February 2011). "How one man t racked down Anonymous – and paid a heavy
price" (ht t ps://arst echnica.com/t ech-policy/news/2011/02/how-one-securit y-firm-t racked-an
onymousand-paid-a-heavy-price.ars/) . Arst echnica.com. Archived (ht t ps://web.archive.org/we
b/20110329090824/ht t p://arst echnica.com/t ech-policy/news/2011/02/how-one-securit y-fir
m-t racked-anonymousand-paid-a-heavy-price.ars) from t he original on 29 March 2011.
Ret rieved 29 March 2011.

134. Palilery, Jose (24 December 2014). "What caused Sony hack: What we know now" (ht t ps://mon
ey.cnn.com/2014/12/24/t echnology/securit y/sony-hack-fact s/) . CNN Money. Archived (ht t p
s://web.archive.org/web/20150104195455/ht t ps://money.cnn.com/2014/12/24/t echnology/s
ecurit y/sony-hack-fact s/) from t he original on 4 January 2015. Ret rieved 4 January 2015.

135. Cook, James (16 December 2014). "Sony Hackers Have Over 100 Terabyt es Of Document s.
Only Released 200 Gigabyt es So Far" (ht t p://www.businessinsider.com/t he-sony-hackers-st ill-h
ave-a-massive-amount -of-dat a-t hat -hasnt -been-leaked-yet -2014-12) . Business Insider.
Archived (ht t ps://web.archive.org/web/20141217204735/ht t p://www.businessinsider.com/t he-
sony-hackers-st ill-have-a-massive-amount -of-dat a-t hat -hasnt -been-leaked-yet -2014-12)
from t he original on 17 December 2014. Ret rieved 18 December 2014.

136. Lee, Timot hy B. (18 January 2015). "The next front ier of hacking: your car" (ht t ps://www.vox.co
m/2015/1/18/7629603/car-hacking-dangers) . Vox. Archived (ht t ps://web.archive.org/web/20
170317212726/ht t p://www.vox.com/2015/1/18/7629603/car-hacking-dangers) from t he
original on 17 March 2017.

137. Tracking & Hacking: Securit y & Privacy Gaps Put American Drivers at Risk (ht t p://www.markey.s
enat e.gov/imo/media/doc/2015-02-06_ MarkeyReport -Tracking_ Hacking_ CarSecurit y%202.pd
f) (PDF) (Report ). 6 February 2015. Archived (ht t ps://web.archive.org/web/20161109040112/
ht t p://www.markey.senat e.gov/imo/media/doc/2015-02-06_ MarkeyReport -Tracking_ Hacking_
CarSecurit y%202.pdf) (PDF) from t he original on 9 November 2016. Ret rieved 4 November
2016.

138. "Cybersecurit y expert : It will t ake a 'major event ' for companies t o t ake t his issue seriously" (ht
t ps://www.aol.com/art icle/news/2016/12/26/expert -warns-major-event -will-need-t o-happen-
for-cybersecurit y/21632630/) . AOL.com. 5 January 2017. Archived (ht t ps://web.archive.org/w
eb/20170120180918/ht t ps://www.aol.com/art icle/news/2016/12/26/expert -warns-major-eve
nt -will-need-t o-happen-for-cybersecurit y/21632630/) from t he original on 20 January 2017.
Ret rieved 22 January 2017.
139. "The problem wit h self-driving cars: who cont rols t he code?" (ht t ps://www.t heguardian.com/t e
chnology/2015/dec/23/t he-problem-wit h-self-driving-cars-who-cont rols-t he-code) . The
Guardian . 23 December 2015. Archived (ht t ps://web.archive.org/web/20170316152605/ht t p
s://www.t heguardian.com/t echnology/2015/dec/23/t he-problem-wit h-self-driving-cars-who-c
ont rols-t he-code) from t he original on 16 March 2017. Ret rieved 22 January 2017.

140. Checkoway, St ephen; McCoy, Damon; Kant or, Brian; Anderson, Danny; Shacham, Hovav; Savage,
St efan; Koscher, Karl; Czeskis, Alexei; Roesner, Franziska; Kohno, Tadayoshi (2011).
Comprehensive Experimental Analyses of Automotive Attack Surfaces (ht t p://www.aut osec.or
g/pubs/cars-usenixsec2011.pdf) (PDF). SEC'11 Proceedings of t he 20t h USENIX conference
on Securit y. Berkeley, California, US: USENIX Associat ion. p. 6. Archived (ht t ps://web.archive.org/
web/20150221064614/ht t p://www.aut osec.org/pubs/cars-usenixsec2011.pdf) (PDF) from
t he original on 21 February 2015.

141. Greenberg, Andy (21 July 2015). "Hackers Remot ely Kill a Jeep on t he Highway – Wit h Me in It "
(ht t ps://www.wired.com/2015/07/hackers-remot ely-kill-jeep-highway/) . Wired. Archived (ht t p
s://web.archive.org/web/20170119103855/ht t ps://www.wired.com/2015/07/hackers-remot ely
-kill-jeep-highway/) from t he original on 19 January 2017. Ret rieved 22 January 2017.

142. "Hackers t ake cont rol of car, drive it int o a dit ch" (ht t ps://www.independent .co.uk/news/scienc
e/hackers-remot ely-carjack-jeep-from-10-miles-away-and-drive-it -int o-dit ch-10406554.ht m
l) . The Independent. 22 July 2015. Archived (ht t ps://web.archive.org/web/20170202061247/h
t t p://www.independent .co.uk/news/science/hackers-remot ely-carjack-jeep-from-10-miles-aw
ay-and-drive-it -int o-dit ch-10406554.ht ml) from t he original on 2 February 2017. Ret rieved
22 January 2017.

143. "Tesla fixes soft ware bug t hat allowed Chinese hackers t o cont rol car remot ely" (ht t ps://www.
t elegraph.co.uk/t echnology/2016/09/21/t esla-fixes-soft ware-bug-t hat -allowed-chinese-hack
ers-t o-cont rol/) . The Telegraph. 21 Sept ember 2016. Archived (ht t ps://web.archive.org/web/2
0170202014932/ht t p://www.t elegraph.co.uk/t echnology/2016/09/21/t esla-fixes-soft ware-bu
g-t hat -allowed-chinese-hackers-t o-cont rol/) from t he original on 2 February 2017. Ret rieved
22 January 2017.

144. Kang, Cecilia (19 Sept ember 2016). "Self-Driving Cars Gain Powerful Ally: The Government " (ht t
ps://www.nyt imes.com/2016/09/20/t echnology/self-driving-cars-guidelines.ht ml) . The New
York Times . Archived (ht t ps://web.archive.org/web/20170214045032/ht t ps://www.nyt imes.co
m/2016/09/20/t echnology/self-driving-cars-guidelines.ht ml?_ r=0) from t he original on 14
February 2017. Ret rieved 22 January 2017.
145. "Federal Aut omat ed Vehicles Policy" (ht t ps://www.t ransport at ion.gov/sit es/dot .gov/files/doc
s/AV%20policy%20guidance%20PDF.pdf) (PDF). Archived (ht t ps://web.archive.org/web/2017
0121161404/ht t ps://www.t ransport at ion.gov/sit es/dot .gov/files/docs/AV%20policy%20guida
nce%20PDF.pdf) (PDF) from t he original on 21 January 2017. Ret rieved 22 January 2017.

146. "Vehicle Cybersecurit y" (ht t ps://www.nht sa.gov/t echnology-innovat ion/vehicle-cybersecurit

y) . nhtsa.gov . Ret rieved 25 November 2022.

147. "Thales supplies smart driver license t o 4 st at es in Mexico" (ht t ps://www.t halesgroup.com/en/
market s/digit al-ident it y-and-securit y/government /cust omer-cases/mexico) . Thales Group.

148. "4 Companies Using RFID for Supply Chain Management " (ht t ps://www.at lasrfidst ore.com/rfid-i
nsider/4-companies-using-rfid-for-supply-chain-management ) . atlasRFIDstore. Ret rieved
3 February 2023.

149. "The Cut t ing Edge of RFID Technology and Applicat ions for Manufact uring and Dist ribut ion" (ht
t ps://www.supplychainmarket .com/doc/t he-cut t ing-edge-of-rfid-t echnology-and-appli-000
1) . Supply Chain Market.

150. Rahman, Mohammad Anwar; Khadem, Mohammad Mift aur; Sarder, MD. Application of RFID in
Supply Chain System. Proceedings of t he 2010 Int ernat ional Conference on Indust rial
Engineering and Operat ions Management Dhaka, Bangladesh, January 9 – 10, 2010.
Cit eSeerX 10.1.1.397.7831 (ht t ps://cit eseerx.ist .psu.edu/viewdoc/summary?doi=10.1.1.397.783
1) .

151. "Gary McKinnon profile: Aut ist ic 'hacker' who st art ed writ ing comput er programs at 14" (ht t ps://
www.t elegraph.co.uk/news/worldnews/nort hamerica/usa/4320901/Gary-McKinnon-profile-Aut i
st ic-hacker-who-st art ed-writ ing-comput er-programs-at -14.ht ml) . The Daily Telegraph.
London. 23 January 2009. Archived (ht t ps://web.archive.org/web/20100602065423/ht t p://ww
w.t elegraph.co.uk/news/worldnews/nort hamerica/usa/4320901/Gary-McKinnon-profile-Aut ist i
c-hacker-who-st art ed-writ ing-comput er-programs-at -14.ht ml) from t he original on 2 June
2010.

152. "Gary McKinnon ext radit ion ruling due by 16 Oct ober" (ht t ps://www.bbc.co.uk/news/uk-195060
90) . BBC News . 6 Sept ember 2012. Archived (ht t ps://web.archive.org/web/2012090618573
1/ht t p://www.bbc.co.uk/news/uk-19506090) from t he original on 6 Sept ember 2012.
Ret rieved 25 Sept ember 2012.

153. Mckinnon V Government of The United States of America and Another (House of Lords 16 June
2008) ("15. ... alleged t o t ot al over $700,000"), Text (ht t ps://publicat ions.parliament .uk/pa/ld20
0708/ldjudgmt /jd080730/mckinn-1.ht m) .
154. "Fresh Leak on US Spying: NSA Accessed Mexican President 's Email" (ht t ps://web.archive.org/
web/20151106193613/ht t p://www.spiegel.de/int ernat ional/world/nsa-hacked-email-account -
of-mexican-president -a-928817.ht ml) . SPIEGEL ONLINE. 20 Oct ober 2013. Archived from t he
original (ht t p://www.spiegel.de/int ernat ional/world/nsa-hacked-email-account -of-mexican-pres
ident -a-928817.ht ml) on 6 November 2015.

155. Sanders, Sam (4 June 2015). "Massive Dat a Breach Put s 4 Million Federal Employees' Records
at Risk" (ht t ps://www.npr.org/sect ions/t het wo-way/2015/06/04/412086068/massive-dat a-br
each-put s-4-million-federal-employees-records-at -risk) . NPR. Archived (ht t ps://web.archive.o
rg/web/20150605041629/ht t p://www.npr.org/sect ions/t het wo-way/2015/06/04/412086068/
massive-dat a-breach-put s-4-million-federal-employees-records-at -risk) from t he original on
5 June 2015. Ret rieved 5 June 2015.

156. Lipt ak, Kevin (4 June 2015). "U.S. government hacked; feds t hink China is t he culprit " (ht t p://ww
w.cnn.com/2015/06/04/polit ics/federal-agency-hacked-personnel-management /) . CNN.
Archived (ht t ps://web.archive.org/web/20150606063139/ht t p://www.cnn.com/2015/06/04/po
lit ics/federal-agency-hacked-personnel-management /) from t he original on 6 June 2015.
Ret rieved 5 June 2015.

157. Gallagher, Sean. "Encrypt ion "would not have helped" at OPM, says DHS official" (ht t ps://arst ec
hnica.com/securit y/2015/06/encrypt ion-would-not -have-helped-at -opm-says-dhs-official/) .
Archived (ht t ps://web.archive.org/web/20170624014751/ht t ps://arst echnica.com/securit y/20
15/06/encrypt ion-would-not -have-helped-at -opm-says-dhs-official/) from t he original on 24
June 2017.

158. Davis, Michelle R. (19 Oct ober 2015). "Schools Learn Lessons From Securit y Breaches" (ht t p://
www.edweek.org/ew/art icles/2015/10/21/lessons-learned-from-securit y-breaches.ht ml) .
Education Week. Archived (ht t ps://web.archive.org/web/20160610130749/ht t p://www.edweek.
org/ew/art icles/2015/10/21/lessons-learned-from-securit y-breaches.ht ml) from t he original
on 10 June 2016. Ret rieved 23 May 2016.

159. "GE's Int roduces ACUVision as a Single Panel Solut ion" (ht t ps://www.securit yinfowat ch.com/ac
cess-ident it y/access-cont rol/press-release/10577631/ge-infrast ruct ure-securit y-ges-int rodu
ces-acuvision-as-a-single-panel-solut ion) . www.securityinfowatch.com. Securit y Info Wat ch.
11 August 2005. Ret rieved 24 Sept ember 2019.

160. "Int ernet of Things Global St andards Init iat ive" (ht t p://www.it u.int /en/ITU-T/gsi/iot /Pages/def
ault .aspx) . ITU. Archived (ht t ps://web.archive.org/web/20150626125229/ht t p://www.it u.int /e
n/ITU-T/gsi/iot /Pages/default .aspx) from t he original on 26 June 2015. Ret rieved 26 June
2015.
161. Singh, Jat inder; Pasquier, Thomas; Bacon, Jean; Ko, Hajoon; Eyers, David (2015). "Twent y Cloud
Securit y Considerat ions for Support ing t he Int ernet of Things" (ht t ps://dash.harvard.edu/bit st re
am/1/35349952/1/iot -2016.pdf) (PDF). IEEE Internet of Things Journal. 3 (3): 269–284.
doi:10.1109/JIOT.2015.2460333 (ht t ps://doi.org/10.1109%2FJIOT.2015.2460333) .
S2CID 4732406 (ht t ps://api.semant icscholar.org/CorpusID:4732406) .

162. Clearfield, Chris. "Why The FTC Can't Regulat e The Int ernet Of Things" (ht t ps://www.forbes.co
m/sit es/chrisclearfield/2013/09/18/why-t he-ft c-cant -regulat e-t he-int ernet -of-t hings/) .
Forbes . Archived (ht t ps://web.archive.org/web/20150627090938/ht t p://www.forbes.com/sit e
s/chrisclearfield/2013/09/18/why-t he-ft c-cant -regulat e-t he-int ernet -of-t hings/) from t he
original on 27 June 2015. Ret rieved 26 June 2015.

163. "Int ernet of Things: Science Fict ion or Business Fact ?" (ht t ps://hbr.org/resources/pdfs/comm/
verizon/18980_ HBR_ Verizon_ IoT_ Nov_ 14.pdf) (PDF). Harvard Business Review. Archived (ht
t ps://web.archive.org/web/20150317052909/ht t ps://hbr.org/resources/pdfs/comm/verizon/1
8980_ HBR_ Verizon_ IoT_ Nov_ 14.pdf) (PDF) from t he original on 17 March 2015. Ret rieved
4 November 2016.

164. Vermesan, Ovidiu; Friess, Pet er. "Int ernet of Things: Converging Technologies for Smart
Environment s and Int egrat ed Ecosyst ems" (ht t p://www.int ernet -of-t hings-research.eu/pdf/Co
nverging_ Technologies_ for_ Smart _ Environment s_ and_ Int egrat ed_ Ecosyst ems_ IERC_ Book_ O
pen_ Access_ 2013.pdf) (PDF). River Publishers. Archived (ht t ps://web.archive.org/web/20161
012010519/ht t p://www.int ernet -of-t hings-research.eu/pdf/Converging_ Technologies_ for_ Sm
art _ Environment s_ and_ Int egrat ed_ Ecosyst ems_ IERC_ Book_ Open_ Access_ 2013.pdf) (PDF)
from t he original on 12 Oct ober 2016. Ret rieved 4 November 2016.

165. Clearfield, Chris (20 June 2013). "Ret hinking Securit y for t he Int ernet of Things" (ht t p://blogs.hb
r.org/2013/06/ret hinking-securit y-for-t he-in/) . Harvard Business Review. Archived (ht t ps://w
eb.archive.org/web/20130920145534/ht t p://blogs.hbr.org/2013/06/ret hinking-securit y-for-t he
-in/) from t he original on 20 Sept ember 2013.

166. "Hot el room burglars exploit crit ical flaw in elect ronic door locks" (ht t ps://arst echnica.com/sec
urit y/2012/11/hot el-room-burglars-exploit -crit ical-flaw-in-elect ronic-door-locks/) . Ars
Technica . 26 November 2012. Archived (ht t ps://web.archive.org/web/20160514002208/ht t p://
arst echnica.com/securit y/2012/11/hot el-room-burglars-exploit -crit ical-flaw-in-elect ronic-door
-locks/) from t he original on 14 May 2016. Ret rieved 23 May 2016.
167. "Hospit al Medical Devices Used As Weapons in Cyberat t acks" (ht t p://www.darkreading.com/vul
nerabilit ies---t hreat s/hospit al-medical-devices-used-as-weapons-in-cyberat t acks/d/d-id/1320
751) . Dark Reading. 6 August 2015. Archived (ht t ps://web.archive.org/web/20160529002947/
ht t p://www.darkreading.com/vulnerabilit ies---t hreat s/hospit al-medical-devices-used-as-weapo
ns-in-cyberat t acks/d/d-id/1320751) from t he original on 29 May 2016. Ret rieved 23 May
2016.

168. Kirk, Jeremy (17 Oct ober 2012). "Pacemaker hack can deliver deadly 830-volt jolt " (ht t p://www.
comput erworld.com/art icle/2492453/malware-vulnerabilit ies/pacemaker-hack-can-deliver-dea
dly-830-volt -jolt .ht ml) . Computerworld. Archived (ht t ps://web.archive.org/web/20160604201
841/ht t p://www.comput erworld.com/art icle/2492453/malware-vulnerabilit ies/pacemaker-hac
k-can-deliver-deadly-830-volt -jolt .ht ml) from t he original on 4 June 2016. Ret rieved 23 May
2016.

169. "How Your Pacemaker Will Get Hacked" (ht t p://www.t hedailybeast .com/art icles/2014/11/17/h
ow-your-pacemaker-will-get -hacked.ht ml) . The Daily Beast. Kaiser Healt h News. 17
November 2014. Archived (ht t ps://web.archive.org/web/20160520155616/ht t p://www.t hedaily
beast .com/art icles/2014/11/17/how-your-pacemaker-will-get -hacked.ht ml) from t he original
on 20 May 2016. Ret rieved 23 May 2016.

170. Leet aru, Kalev. "Hacking Hospit als And Holding Host ages: Cybersecurit y In 2016" (ht t ps://www.
forbes.com/sit es/kalevleet aru/2016/03/29/hacking-hospit als-and-holding-host ages-cybersec
urit y-in-2016/) . Forbes . Archived (ht t ps://web.archive.org/web/20161229104021/ht t p://www.
forbes.com/sit es/kalevleet aru/2016/03/29/hacking-hospit als-and-holding-host ages-cybersec
urit y-in-2016/) from t he original on 29 December 2016. Ret rieved 29 December 2016.

171. "Cyber-Angriffe: Krankenhäuser rücken ins Visier der Hacker" (ht t p://www.wiwo.de/t echnologie/
digit ale-welt /cyber-angriffe-krankenhaeuser-ruecken-ins-visier-der-hacker/14946040.ht ml) .
Wirt schaft s Woche. 7 December 2016. Archived (ht t ps://web.archive.org/web/2016122910172
4/ht t p://www.wiwo.de/t echnologie/digit ale-welt /cyber-angriffe-krankenhaeuser-ruecken-ins-vi
sier-der-hacker/14946040.ht ml) from t he original on 29 December 2016. Ret rieved
29 December 2016.

172. "Hospit als keep get t ing at t acked by ransomware – Here's why" (ht t p://www.businessinsider.co
m/hospit al-ransomware-hack-2016-5) . Business Insider. Archived (ht t ps://web.archive.org/w
eb/20161229101247/ht t p://www.businessinsider.com/hospit al-ransomware-hack-2016-5)
from t he original on 29 December 2016. Ret rieved 29 December 2016.
173. "MedSt ar Hospit als Recovering Aft er 'Ransomware' Hack" (ht t ps://www.nbcnews.com/news/us
-news/medst ar-hospit als-recovering-aft er-ransomware-hack-n548121) . NBC News . 31 March
2016. Archived (ht t ps://web.archive.org/web/20161229103355/ht t ps://www.nbcnews.com/ne
ws/us-news/medst ar-hospit als-recovering-aft er-ransomware-hack-n548121) from t he
original on 29 December 2016. Ret rieved 29 December 2016.

174. Pauli, Darren. "US hospit als hacked wit h ancient exploit s" (ht t ps://www.t heregist er.co.uk/2016/
06/28/medjack/) . The Register. Archived (ht t ps://web.archive.org/web/20161116141207/ht t
p://www.t heregist er.co.uk/2016/06/28/medjack) from t he original on 16 November 2016.
Ret rieved 29 December 2016.

175. Pauli, Darren. "Zombie OS lurches t hrough Royal Melbourne Hospit al spreading virus" (ht t ps://w
ww.t heregist er.co.uk/2016/01/19/melbourne_ hospit al_ pat hology_ wing_ splat t ered_ by_ viru
s/) . The Register. Archived (ht t ps://web.archive.org/web/20161229101019/ht t p://www.t here
gist er.co.uk/2016/01/19/melbourne_ hospit al_ pat hology_ wing_ splat t ered_ by_ virus/) from
t he original on 29 December 2016. Ret rieved 29 December 2016.

176. "Hacked Lincolnshire hospit al comput er syst ems 'back up' " (ht t ps://www.bbc.com/news/uk-en
gland-humber-37849746) . BBC News . 2 November 2016. Archived (ht t ps://web.archive.org/w
eb/20161229101819/ht t p://www.bbc.com/news/uk-england-humber-37849746) from t he
original on 29 December 2016. Ret rieved 29 December 2016.

177. "Lincolnshire operat ions cancelled aft er net work at t ack" (ht t ps://www.bbc.com/news/uk-engla
nd-humber-37822084) . BBC News . 31 Oct ober 2016. Archived (ht t ps://web.archive.org/web/
20161229101209/ht t p://www.bbc.com/news/uk-england-humber-37822084) from t he
original on 29 December 2016. Ret rieved 29 December 2016.

178. "Legion cyber-at t ack: Next dump is sansad.nic.in, say hackers" (ht t p://indianexpress.com/art icl
e/t echnology/t ech-news-t echnology/legion-hacking-no-polit ical-agenda-just -comput er-geeks
-says-hacker-4423167/) . The Indian Express . 12 December 2016. Archived (ht t ps://web.archi
ve.org/web/20161229100631/ht t p://indianexpress.com/art icle/t echnology/t ech-news-t echn
ology/legion-hacking-no-polit ical-agenda-just -comput er-geeks-says-hacker-4423167/) from
t he original on 29 December 2016. Ret rieved 29 December 2016.

179. "Former New Hampshire Psychiat ric Hospit al Pat ient Accused Of Dat a Breach" (ht t p://bost on.c
bslocal.com/2016/12/27/former-pat ient -accused-dat a-breech-new-hampshire-psychiat ric-ho
spit al/) . CBS Bost on. 27 December 2016. Archived (ht t ps://web.archive.org/web/2017092923
3237/ht t p://bost on.cbslocal.com/2016/12/27/former-pat ient -accused-dat a-breech-new-ham
pshire-psychiat ric-hospit al/) from t he original on 29 Sept ember 2017. Ret rieved
29 December 2016.
180. "Texas Hospit al hacked, affect s nearly 30,000 pat ient records" (ht t p://www.healt hcareit news.c
om/news/t exas-hospit al-hacked-affect s-nearly-30000-pat ient -records) . Healt hcare IT
News. 4 November 2016. Archived (ht t ps://web.archive.org/web/20161229171117/ht t p://ww
w.healt hcareit news.com/news/t exas-hospit al-hacked-affect s-nearly-30000-pat ient -record
s) from t he original on 29 December 2016. Ret rieved 29 December 2016.

181. Becker, Rachel (27 December 2016). "New cybersecurit y guidelines for medical devices t ackle
evolving t hreat s" (ht t ps://www.t heverge.com/2016/12/27/14095166/fda-guidance-medical-d
evice-cybersecurit y-cyberat t ack-hacking-guidelines) . The Verge. Archived (ht t ps://web.archiv
e.org/web/20161228210257/ht t p://www.t heverge.com/2016/12/27/14095166/fda-guidance-
medical-device-cybersecurit y-cyberat t ack-hacking-guidelines) from t he original on 28
December 2016. Ret rieved 29 December 2016.

182. "Post market Management of Cybersecurit y in Medical Devices" (ht t ps://www.fda.gov/downloa

ds/MedicalDevices/DeviceRegulat ionandGuidance/GuidanceDocument s/UCM482022.pdf)
(PDF). Food and Drug Administration. 28 December 2016. Archived (ht t ps://web.archive.org/we
b/20161229102808/ht t ps://www.fda.gov/downloads/MedicalDevices/DeviceRegulat ionandGu
idance/GuidanceDocument s/UCM482022.pdf) (PDF) from t he original on 29 December 2016.
Ret rieved 29 December 2016.

183. Brandt , Jaclyn (18 June 2018). "D.C. dist ribut ed energy proposal draws concerns of increased
cybersecurit y risks" (ht t ps://dailyenergyinsider.com/feat ured/13110-d-c-dist ribut ed-4:.energy-
proposal-draws-concerns-of-increased-cybersecurit y-risks/) . Daily Energy Insider. Ret rieved
4 July 2018.

184. "Current Releases - The Open Mobile Alliance" (ht t p://www.openmobilealliance.org/Technical/r

elease_ program/scws_ v1_ 0.aspx) . openmobilealliance.org.

185. Cashell, B.; Jackson, W. D.; Jickling, M.; Webel, B. (2004). The Economic Impact of Cyber-
At t acks (ht t ps://sgp.fas.org/crs/misc/RL32331.pdf) (PDF) (Report ). Washingt on DC:
Congressional Research Service, Government , and Finance Division. RL32331.

186. Gordon, Lawrence; Loeb, Mart in (November 2002). "The Economics of Informat ion Securit y
Invest ment ". ACM Transactions on Information and System Security. 5 (4): 438–457.
doi:10.1145/581271.581274 (ht t ps://doi.org/10.1145%2F581271.581274) . S2CID 1500788 (h
t t ps://api.semant icscholar.org/CorpusID:1500788) .

187. Sanger, David E.; Barnes, Julian E. (20 December 2021). "U.S. and Brit ain Help Ukraine Prepare for
Pot ent ial Russian Cyberassault " (ht t ps://www.nyt imes.com/2021/12/20/us/polit ics/russia-ukra
ine-cyberat t acks.ht ml) . The New York Times . ISSN 0362-4331 (ht t ps://search.worldcat .org/is
sn/0362-4331) . Ret rieved 4 December 2023.
188. "Cyber-At t ack Against Ukrainian Crit ical Infrast ruct ure | CISA" (ht t ps://www.cisa.gov/news-even
t s/ics-alert s/ir-alert -h-16-056-01) . www.cisa.gov . 20 July 2021. Ret rieved 4 December 2023.

189. Han, Chen; Dongre, Rit uja (2014). "Q&A. What Mot ivat es Cyber-At t ackers?" (ht t ps://doi.org/10.2
2215%2Ft imreview%2F838) . Technology Innovation Management Review. 4 (10): 40–42.
doi:10.22215/t imreview/838 (ht t ps://doi.org/10.22215%2Ft imreview%2F838) . ISSN 1927-
0321 (ht t ps://search.worldcat .org/issn/1927-0321) .

190. Chermick, St even; Freilich, Joshua; Holt , Thomas (April 2017). "Exploring t he Subcult ure of
Ideologically Mot ivat ed Cyber-At t ackers". Journal of Contemporary Criminal Justice. 33 (3):
212–233. doi:10.1177/1043986217699100 (ht t ps://doi.org/10.1177%2F1043986217699100) .
S2CID 152277480 (ht t ps://api.semant icscholar.org/CorpusID:152277480) .

191. Anderson, Ross (2020). Security engineering : a guide to building dependable distributed systems
(3rd ed.). Indianapolis, IN: John Wiley & Sons. ISBN 978-1119642817. OCLC 1224516855 (ht t p
s://search.worldcat .org/oclc/1224516855) .

192. "The Leading Cloud Recruit ing Soft ware" (ht t ps://www.icims.com/gc/incident -response-proced
ures/) . iCIMS. Ret rieved 13 March 2021.

193. Wilcox, S. and Brown, B. (2005) 'Responding t o Securit y Incident s – Sooner or Lat er Your
Syst ems Will Be Compromised', Journal of Health Care Compliance, 7(2), pp. 41–48

194. Jonat han Zit t rain, 'The Fut ure of The Int ernet ', Penguin Books, 2008

195. Informat ion Securit y (ht t ps://fas.org/irp/gao/aim96084.ht m) Archived (ht t ps://web.archive.or

g/web/20160306140354/ht t p://fas.org/irp/gao/aim96084.ht m) 6 March 2016 at t he
Wayback Machine. Unit ed St at es Depart ment of Defense, 1986

196. "The TJX Companies, Inc. Vict imized by Comput er Syst em Int rusion; Provides Informat ion t o
Help Prot ect Cust omers" (ht t p://www.businesswire.com/news/t jx/20070117005971/en)
(Press release). The TJX Companies, Inc. 17 January 2007. Archived (ht t ps://web.archive.org/w
eb/20120927014805/ht t p://www.businesswire.com/news/t jx/20070117005971/en) from
t he original on 27 Sept ember 2012. Ret rieved 12 December 2009.

197. Largest Cust omer Info Breach Grows (ht t p://www.myfoxt wincit ies.com/myfox/pages/Home/D
et ail?cont ent Id=2804836&version=3&locale=EN-US&layout Code=TSTY&pageId=1.1.1)
Archived (ht t ps://web.archive.org/web/20070928041047/ht t p://www.myfoxt wincit ies.com/my
fox/pages/Home/Det ail?cont ent Id=2804836&version=3&locale=EN-US&layout Code=TSTY&p
ageId=1.1.1) 28 Sept ember 2007 at t he Wayback Machine. MyFox Twin Cit ies, 29 March
2007.
198. "The St uxnet At t ack On Iran's Nuclear Plant Was 'Far More Dangerous' Than Previously
Thought " (ht t p://www.businessinsider.com/st uxnet -was-far-more-dangerous-t han-previous-t ho
ught -2013-11) . Business Insider. 20 November 2013. Archived (ht t ps://web.archive.org/web/
20140509020404/ht t p://www.businessinsider.com/st uxnet -was-far-more-dangerous-t han-prev
ious-t hought -2013-11) from t he original on 9 May 2014.

199. Reals, Tucker (24 Sept ember 2010). "St uxnet Worm a U.S. Cyber-At t ack on Iran Nukes?" (ht t p
s://www.cbsnews.com/news/st uxnet -worm-a-us-cyber-at t ack-on-iran-nukes/) . CBS News .
Archived (ht t ps://web.archive.org/web/20131016133651/ht t p://www.cbsnews.com/8301-501
465_ 162-20017507-501465.ht ml) from t he original on 16 Oct ober 2013.

200. Zet t er, Kim (17 February 2011). "Cyberwar Issues Likely t o Be Addressed Only Aft er a
Cat ast rophe" (ht t ps://www.wired.com/t hreat level/2011/02/cyberwar-issues-likely-t o-be-addr
essed-only-aft er-a-cat ast rophe) . Wired. Archived (ht t ps://web.archive.org/web/2011021815
4415/ht t p://www.wired.com/t hreat level/2011/02/cyberwar-issues-likely-t o-be-addressed-onl
y-aft er-a-cat ast rophe/) from t he original on 18 February 2011. Ret rieved 18 February 2011.

201. Carroll, Chris (18 Oct ober 2011). "Cone of silence surrounds U.S. cyberwarfare" (ht t p://www.st rip
es.com/news/cone-of-silence-surrounds-u-s-cyberwarfare-1.158090) . St ars and St ripes.
Archived (ht t ps://web.archive.org/web/20120307021747/ht t p://www.st ripes.com/news/cone-
of-silence-surrounds-u-s-cyberwarfare-1.158090) from t he original on 7 March 2012.
Ret rieved 30 Oct ober 2011.

202. Bumgarner, John (27 April 2010). "Comput ers as Weapons of War" (ht t ps://web.archive.org/web/
20111219174833/ht t p://www.crows.org/images/st ories/pdf/IOI/IO%20Journal_ Vol2Iss2_ 021
0.pdf) (PDF). IO Journal. Archived from t he original (ht t p://www.crows.org/images/st ories/pd
f/IOI/IO%20Journal_ Vol2Iss2_ 0210.pdf) (PDF) on 19 December 2011. Ret rieved 30 Oct ober
2011.

203. Greenwald, Glenn (6 June 2013). "NSA collect ing phone records of millions of Verizon
cust omers daily" (ht t ps://www.t heguardian.com/world/2013/jun/06/nsa-phone-records-verizon
-court -order) . The Guardian. Archived (ht t ps://web.archive.org/web/20130816045641/ht t p://
www.t heguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court -order) from t he
original on 16 August 2013. Ret rieved 16 August 2013. "Exclusive: Top secret court order
requiring Verizon t o hand over all call dat a shows scale of domest ic surveillance under Obama"
204. Seipel, Hubert . "Transcript : ARD int erview wit h Edward Snowden" (ht t ps://www.freesnowden.is/
fr/2014/01/27/video-ard-int erview-wit h-edward-snowden/) . La Foundation Courage.
Archived (ht t ps://web.archive.org/web/20140714174333/ht t ps://www.freesnowden.is/fr/201
4/01/27/video-ard-int erview-wit h-edward-snowden/) from t he original on 14 July 2014.
Ret rieved 11 June 2014.

205. Newman, Lily Hay (9 Oct ober 2013). "Can You Trust NIST?" (ht t ps://spect rum.ieee.org/can-you-
t rust -nist ) . IEEE Spectrum. Archived (ht t ps://web.archive.org/web/20160201095426/ht t ps://
spect rum.ieee.org/t elecom/securit y/can-you-t rust -nist ) from t he original on 1 February 2016.

206. "NIST Removes Crypt ography Algorit hm from Random Number Generat or Recommendat ions" (h
t t ps://www.nist .gov/it l/csd/sp800-90-042114.cfm) . National Institute of Standards and
Technology. 21 April 2014.

207. "New Snowden Leak: NSA Tapped Google, Yahoo Dat a Cent ers" (ht t p://mashable.com/2013/1
0/30/nsa-google-yahoo-dat a-cent ers/) Archived (ht t ps://web.archive.org/web/20140709131
535/ht t p://mashable.com/2013/10/30/nsa-google-yahoo-dat a-cent ers/) 9 July 2014 at t he
Wayback Machine, 31 Oct ober 2013, Lorenzo Franceschi-Bicchierai, mashable.com

208. Riley, Michael; Elgin, Ben; Lawrence, Dune; Mat lack, Carol (17 March 2014). "Target Missed
Warnings in Epic Hack of Credit Card Dat a" (ht t ps://web.archive.org/web/20150127015928/ht t
p://www.businessweek.com/art icles/2014-03-13/t arget -missed-alarms-in-epic-hack-of-credit
-card-dat a) . Businessweek. Archived from t he original (ht t p://www.businessweek.com/art icle
s/2014-03-13/t arget -missed-alarms-in-epic-hack-of-credit -card-dat a) on 27 January 2015.

209. Rosenblat t , Set h (6 November 2014). "Home Depot says 53 million emails st olen" (ht t ps://www.
cnet .com/news/53-million-emails-st olen-in-home-depot -breach/) . CNET. CBS Int eract ive.
Archived (ht t ps://web.archive.org/web/20141209035159/ht t p://www.cnet .com/news/53-millio
n-emails-st olen-in-home-depot -breach/) from t he original on 9 December 2014.

210. "Millions more Americans hit by government personnel dat a hack" (ht t ps://www.reut ers.com/art
icle/us-cybersecurit y-usa-idUSKCN0PJ2M420150709) . Reuters . 9 July 2017. Archived (ht t p
s://web.archive.org/web/20170228005352/ht t p://www.reut ers.com/art icle/us-cybersecurit y-u
sa-idUSKCN0PJ2M420150709) from t he original on 28 February 2017. Ret rieved 25 February
2017.
211. Barret t , Devlin (4 June 2015). "U.S. Suspect s Hackers in China Breached About four (4) Million
People's Records, Officials Say" (ht t ps://www.wsj.com/art icles/u-s-suspect s-hackers-in-china-
behind-government -dat a-breach-sources-say-1433451888) . The Wall Street Journal. Archived
(ht t ps://web.archive.org/web/20150604215718/ht t p://www.wsj.com/art icles/u-s-suspect s-ha
ckers-in-china-behind-government -dat a-breach-sources-say-1433451888) from t he original
on 4 June 2015.

212. Risen, Tom (5 June 2015). "China Suspect ed in Theft of Federal Employee Records" (ht t ps://we
b.archive.org/web/20150606064331/ht t p://www.usnews.com/news/art icles/2015/06/05/chin
a-suspect ed-in-t heft -of-federal-employee-records) . U.S. News & World Report. Archived
from t he original (ht t ps://www.usnews.com/news/art icles/2015/06/05/china-suspect ed-in-t he
ft -of-federal-employee-records) on 6 June 2015.

213. Zengerle, Pat ricia (19 July 2015). "Est imat e of Americans hit by government personnel dat a
hack skyrocket s" (ht t ps://www.reut ers.com/art icle/us-cybersecurit y-usa-idUSKCN0PJ2M4201
50709) . Reuters . Archived (ht t ps://web.archive.org/web/20150710075449/ht t p://www.reut er
s.com/art icle/2015/07/09/us-cybersecurit y-usa-idUSKCN0PJ2M420150709) from t he
original on 10 July 2015.

214. Sanger, David (5 June 2015). "Hacking Linked t o China Exposes Millions of U.S. Workers" (ht t p
s://www.nyt imes.com/2015/06/05/us/breach-in-a-federal-comput er-syst em-exposes-personn
el-dat a.ht ml) . The New York Times . Archived (ht t ps://web.archive.org/web/20150605135158/
ht t p://www.nyt imes.com/2015/06/05/us/breach-in-a-federal-comput er-syst em-exposes-pers
onnel-dat a.ht ml) from t he original on 5 June 2015.

215. Mansfield-Devine, St eve (1 Sept ember 2015). "The Ashley Madison affair". Network Security.
2015 (9): 8–16. doi:10.1016/S1353-4858(15)30080-5 (ht t ps://doi.org/10.1016%2FS1353-485
8%2815%2930080-5) .

216. Turt on, W.; Mehrot ra, K. (4 June 2021). "Hackers Breached Colonial Pipeline Using Compromised
Password" (ht t ps://www.bloomberg.com/news/art icles/2021-06-04/hackers-breached-colonia
l-pipeline-using-compromised-password) . Bloomberg L.P. Ret rieved 3 December 2023.

217. "Mikko Hypponen: Fight ing viruses, defending t he net " (ht t p://www.t ed.com/t alks/mikko_ hyppo
nen_ fight ing_ viruses_ defending_ t he_ net .ht ml) . TED. Archived (ht t ps://web.archive.org/web/
20130116010603/ht t p://www.t ed.com/t alks/mikko_ hypponen_ fight ing_ viruses_ defending_ t h
e_ net .ht ml) from t he original on 16 January 2013.
218. "Mikko Hypponen – Behind Enemy Lines" (ht t ps://www.yout ube.com/wat ch?v=0TMFRO66Wv
4) . Hack in t he Box Securit y Conference. 9 December 2012. Archived (ht t ps://web.archive.or
g/web/20161125075257/ht t ps://www.yout ube.com/wat ch?v=0TMFRO66Wv4) from t he
original on 25 November 2016.

219. "Ensuring t he Securit y of Federal Informat ion Syst ems and Cyber Crit ical Infrast ruct ure and
Prot ect ing t he Privacy of Personally Ident ifiable Informat ion" (ht t p://www.gao.gov/highrisk/pro
t ect ing_ t he_ federal_ government _ informat ion_ syst ems/why_ did_ st udy) . Government
Account abilit y Office. Archived (ht t ps://web.archive.org/web/20151119221200/ht t p://www.ga
o.gov/highrisk/prot ect ing_ t he_ federal_ government _ informat ion_ syst ems/why_ did_ st udy)
from t he original on 19 November 2015. Ret rieved 3 November 2015.

220. King, Georgia (23 May 2018). "The Venn diagram bet ween libert arians and crypt o bros is so
close it 's basically a circle" (ht t ps://qz.com/1284178/almost -half-of-crypt ocurrency-and-bit co
in-bros-ident ify-as-libert arian/) . Quartz.

221. Kirby, Carrie (24 June 2011). "Former Whit e House aide backs some Net regulat ion / Clarke says
government , indust ry deserve 'F' in cyber securit y" (ht t ps://www.sfgat e.com/business/art icle/F
ormer-Whit e-House-aide-backs-some-Net -regulat ion-2729985.php) . The San Francisco
Chronicle.

222. McCart hy, Daniel (11 June 2018). "Privat izing Polit ical Aut horit y: Cybersecurit y, Public-Privat e
Part nerships, and t he Reproduct ion of Liberal Polit ical Order" (ht t ps://www.cogit at iopress.co
m/polit icsandgovernance/art icle/download/1335/800) . Politics and Governance. 6 (2): 5–12.
doi:10.17645/pag.v6i2.1335 (ht t ps://doi.org/10.17645%2Fpag.v6i2.1335) .

223. "It 's Time t o Treat Cybersecurit y as a Human Right s Issue" (ht t ps://www.hrw.org/news/2020/0
5/26/it s-t ime-t reat -cybersecurit y-human-right s-issue) . Human Rights Watch. 26 May 2020.
Ret rieved 26 May 2020.

224. "FIRST Mission" (ht t ps://www.first .org/about /mission/) . FIRST. Ret rieved 6 July 2018.

225. "FIRST Members" (ht t ps://www.first .org/members/) . FIRST. Ret rieved 6 July 2018.

226. "European council" (ht t p://www.coe.int /t /DGHL/cooperat ion/economiccrime/cybercrime/defau

lt _ en.asp) . Archived (ht t ps://web.archive.org/web/20141203223358/ht t p://www.coe.int /t /D
GHL/cooperat ion/economiccrime/cybercrime/default _ en.asp) from t he original on 3
December 2014.

227. "MAAWG" (ht t p://www.maawg.org/about _ maawg) . Archived (ht t ps://web.archive.org/web/201

40923153548/ht t p://www.maawg.org/about _ maawg) from t he original on 23 Sept ember
2014.
228. "MAAWG" (ht t p://www.maawg.org/about /rost er) . Archived (ht t ps://web.archive.org/web/2014
1017165203/ht t p://www.maawg.org/about /rost er) from t he original on 17 Oct ober 2014.

229. "Government of Canada Launches Canada's Cyber Securit y St rat egy" (ht t p://www.market wired.
com/press-release/government -of-canada-launches-canadas-cyber-securit y-st rat egy-132866
1.ht m) . Market Wired. 3 Oct ober 2010. Archived (ht t ps://web.archive.org/web/201411021759
04/ht t p://www.market wired.com/press-release/government -of-canada-launches-canadas-cyb
er-securit y-st rat egy-1328661.ht m) from t he original on 2 November 2014. Ret rieved
1 November 2014.

230. "Canada's Cyber Securit y St rat egy" (ht t p://www.publicsafet y.gc.ca/cnt /rsrcs/pblct ns/cbr-scrt
-st rt gy/index-eng.aspx) . Public Safety Canada . Government of Canada. Archived (ht t ps://web.
archive.org/web/20141102175701/ht t p://www.publicsafet y.gc.ca/cnt /rsrcs/pblct ns/cbr-scrt -
st rt gy/index-eng.aspx) from t he original on 2 November 2014. Ret rieved 1 November 2014.

231. "Act ion Plan 2010–2015 for Canada's Cyber Securit y St rat egy" (ht t p://www.publicsafet y.gc.ca/
cnt /rsrcs/pblct ns/ct n-pln-cbr-scrt /index-eng.aspx) . Public Safety Canada . Government of
Canada. Archived (ht t ps://web.archive.org/web/20141102173436/ht t p://www.publicsafet y.gc.c
a/cnt /rsrcs/pblct ns/ct n-pln-cbr-scrt /index-eng.aspx) from t he original on 2 November 2014.
Ret rieved 3 November 2014.

232. "Cyber Incident Management Framework For Canada" (ht t p://www.publicsafet y.gc.ca/cnt /rsrc
s/pblct ns/cbr-ncdnt -frmwrk/index-eng.aspx#_ Toc360619104) . Public Safety Canada .
Government of Canada. Archived (ht t ps://web.archive.org/web/20141102213822/ht t p://www.p
ublicsafet y.gc.ca/cnt /rsrcs/pblct ns/cbr-ncdnt -frmwrk/index-eng.aspx#_ Toc360619104)
from t he original on 2 November 2014. Ret rieved 3 November 2014.

233. "Act ion Plan 2010–2015 for Canada's Cyber Securit y St rat egy" (ht t p://www.publicsafet y.gc.ca/
cnt /rsrcs/pblct ns/ct n-pln-cbr-scrt /index-eng.aspx) . Public Safety Canada . Government of
Canada. Archived (ht t ps://web.archive.org/web/20141102173436/ht t p://www.publicsafet y.gc.c
a/cnt /rsrcs/pblct ns/ct n-pln-cbr-scrt /index-eng.aspx) from t he original on 2 November 2014.
Ret rieved 1 November 2014.

234. "Canadian Cyber Incident Response Cent re" (ht t p://www.publicsafet y.gc.ca/cnt /nt nl-scrt /cbr-s
crt /ccirc-ccric-eng.aspx) . Public Safety Canada . Archived (ht t ps://web.archive.org/web/2014
1008035436/ht t p://www.publicsafet y.gc.ca/cnt /nt nl-scrt /cbr-scrt /ccirc-ccric-eng.aspx)
from t he original on 8 Oct ober 2014. Ret rieved 1 November 2014.
235. "Cyber Securit y Bullet ins" (ht t p://www.publicsafet y.gc.ca/cnt /rsrcs/cybr-ct r/index-eng.aspx) .
Public Safety Canada . Archived (ht t ps://web.archive.org/web/20141008194739/ht t p://www.pu
blicsafet y.gc.ca/cnt /rsrcs/cybr-ct r/index-eng.aspx) from t he original on 8 Oct ober 2014.
Ret rieved 1 November 2014.

236. "Report a Cyber Securit y Incident " (ht t p://www.publicsafet y.gc.ca/cnt /nt nl-scrt /cbr-scrt /rprt -
eng.aspx) . Public Safety Canada . Government of Canada. Archived (ht t ps://web.archive.org/w
eb/20141111212708/ht t p://www.publicsafet y.gc.ca/cnt /nt nl-scrt /cbr-scrt /rprt -eng.aspx)
from t he original on 11 November 2014. Ret rieved 3 November 2014.

237. "Government of Canada Launches Cyber Securit y Awareness Mont h Wit h New Public
Awareness Part nership" (ht t p://www.market wired.com/press-release/government -canada-laun
ches-cyber-securit y-awareness-mont h-wit h-new-public-awareness-1706660.ht m) . Market
Wired. Government of Canada. 27 Sept ember 2012. Archived (ht t ps://web.archive.org/web/201
41103225408/ht t p://www.market wired.com/press-release/government -canada-launches-cybe
r-securit y-awareness-mont h-wit h-new-public-awareness-1706660.ht m) from t he original on 3
November 2014. Ret rieved 3 November 2014.

238. "Cyber Securit y Cooperat ion Program" (ht t p://www.publicsafet y.gc.ca/cnt /nt nl-scrt /cbr-scrt /c
prt n-prgrm/index-eng.aspx) . Public Safety Canada . Archived (ht t ps://web.archive.org/web/20
141102184754/ht t p://www.publicsafet y.gc.ca/cnt /nt nl-scrt /cbr-scrt /cprt n-prgrm/index-eng.
aspx) from t he original on 2 November 2014. Ret rieved 1 November 2014.

239. "Cyber Securit y Cooperat ion Program" (ht t p://www.publicsafet y.gc.ca/cnt /nt nl-scrt /cbr-scrt /c
prt n-prgrm/index-eng.aspx) . Public Safety Canada . 16 December 2015. Archived (ht t ps://web.
archive.org/web/20141102184754/ht t p://www.publicsafet y.gc.ca/cnt /nt nl-scrt /cbr-scrt /cprt
n-prgrm/index-eng.aspx) from t he original on 2 November 2014.

240. "Get CyberSafe" (ht t p://www.get cybersafe.gc.ca/index-eng.aspx) . Get Cyber Safe.

Government of Canada. Archived (ht t ps://web.archive.org/web/20141111210737/ht t p://www.g
et cybersafe.gc.ca/index-eng.aspx) from t he original on 11 November 2014. Ret rieved
3 November 2014.

241. "Aust ralian federal government announces cybersecurit y support for SMBs","2023-2030
Aust ralian Cyber Securit y St rat egy" (ht t ps://www.homeaffairs.gov.au/about -us/our-port folios/
cyber-securit y/st rat egy/2023-2030-aust ralian-cyber-securit y-st rat egy) . Ret rieved
22 November 2023.
242. "Need for proper st ruct ure of PPPs t o address specific cyberspace risks" (ht t p://www.orfonlin
e.org/cyfy-event /need-for-proper-st ruct ure-of-ppps-t o-address-specific-cyberspace-risk
s/) . Archived (ht t ps://web.archive.org/web/20171113165123/ht t p://www.orfonline.org/cyfy-
event /need-for-proper-st ruct ure-of-ppps-t o-address-specific-cyberspace-risks/) from t he
original on 13 November 2017.

243. "Nat ional Cyber Safet y and Securit y St andards(NCSSS)-Home" (ht t ps://web.archive.org/web/2
0180219150958/ht t ps://www.ncdrc.res.in/) . www.ncdrc.res.in. Archived from t he original (ht t
ps://www.ncdrc.res.in/) on 19 February 2018. Ret rieved 19 February 2018.

244. "Sout h Korea seeks global support in cyber at t ack probe". BBC Monitoring Asia Pacific . 7
March 2011.

245. Jun, Kwanwoo (23 Sept ember 2013). "Seoul Put s a Price on Cyberdefense" (ht t ps://blogs.wsj.c
om/korearealt ime/2013/09/23/seoul-put s-a-price-on-cyberdefense/) . The Wall Street
Journal. Dow Jones & Company, Inc. Archived (ht t ps://web.archive.org/web/20130925102342/
ht t p://blogs.wsj.com/korearealt ime/2013/09/23/seoul-put s-a-price-on-cyberdefense/) from
t he original on 25 Sept ember 2013. Ret rieved 24 Sept ember 2013.

246. Whit e, House (March 2023). "Nat ional securit y st rat egy" (ht t ps://bidenwhit ehouse.archives.gov/
wp-cont ent /uploads/2023/03/Nat ional-Cybersecurit y-St rat egy-2023.pdf) (PDF). No. March
2032. whit e house. US gov.

247. Adil, Sajid (16 Oct ober 2023). "Do You Know About Biggest Cybersecurit y Threat s In 2023?" (ht
t ps://cybernexguard.com/do-you-know-about -biggest -cybersecurit y-t hreat s-in-2023/) .
Cybernexguard. Adil Sajid. Ret rieved 18 December 2023.

248. Adil, Sajid (Sept ember 2018). "Nat ional Cyber St rat egy of t he Unit ed St at es of America" (ht t p
s://digit al.library.unt .edu/ark:/67531/met adc1259394/) . University Libraries UNT Digital Library.
Ret rieved 18 December 2023.

249. Adil, Sajid (Sept ember 2018). "Do You Know About Biggest Cybersecurit y Threat s In 2023?" (ht t
ps://digit al.library.unt .edu/ark:/67531/met adc1259394/#collect ions) . University Libraries UNT
Digital Library. Ret rieved 18 December 2023.

250. Int ernat ional Cybercrime Report ing and Cooperat ion Act (ht t ps://www.congress.gov/bill/111t h-
congress/house-bill/4962) at Congress.gov

251. "Home | Homeland Securit y & Government al Affairs Commit t ee" (ht t ps://web.archive.org/web/
20120120040012/ht t p://hsgac.senat e.gov/public/index.cfm?FuseAct ion=Files.View&FileSt ore
_ id=4ee63497-ca5b-4a4b-9bba-04b7f4cb0123) . www.hsgac.senate.gov . Archived from t he
original (ht t p://www.hsgac.senat e.gov/) on 20 January 2012.
252. "Biden Adviser On Cyber Threat s And The New Execut ive Order To Combat Them" (ht t ps://ww
w.npr.org/2021/05/13/996617560/biden-advisor-on-cyber-t hreat s-and-t he-new-execut ive-ord
er-t o-combat -t hem) . NPR.

253. Execut ive Order on Improving t he Nat ion's Cybersecurit y (ht t ps://bidenwhit ehouse.archives.go
v/briefing-room/president ial-act ions/2021/05/12/execut ive-order-on-improving-t he-nat ions-c
ybersecurit y/) (full t ext )

254. "Nat ional Cyber Securit y Division" (ht t ps://web.archive.org/web/20080611210347/ht t ps://ww

w.dhs.gov/xabout /st ruct ure/edit orial_ 0839.sht m) . U.S. Depart ment of Homeland Securit y.
Archived from t he original (ht t ps://www.dhs.gov/xabout /st ruct ure/edit orial_ 0839.sht m) on 11
June 2008. Ret rieved 14 June 2008.

255. "FAQ: Cyber Securit y R&D Cent er" (ht t p://www.cyber.st .dhs.gov/faq.ht ml) . U.S. Depart ment of
Homeland Securit y S&T Direct orat e. Archived (ht t ps://web.archive.org/web/20081006042850/
ht t p://www.cyber.st .dhs.gov/faq.ht ml) from t he original on 6 Oct ober 2008. Ret rieved
14 June 2008.

256. AFP-JiJi, "U.S. boot s up cybersecurit y cent er", 31 Oct ober 2009.

257. "Federal Bureau of Invest igat ion – Priorit ies" (ht t ps://www.fbi.gov/about -us/quick-fact s) .
Federal Bureau of Invest igat ion. Archived (ht t ps://web.archive.org/web/20160711053557/ht t p
s://www.fbi.gov/about -us/quick-fact s) from t he original on 11 July 2016.

258. "Int ernet Crime Complaint Cent er (IC3) – Home" (ht t ps://www.ic3.gov/default .aspx) . Archived
(ht t ps://web.archive.org/web/20111120021742/ht t p://www.ic3.gov/default .aspx) from t he
original on 20 November 2011.

259. "Infragard, Official Sit e" (ht t p://www.infragard.net /) . Infragard. Archived (ht t ps://web.archive.or
g/web/20100909051004/ht t p://www.infragard.net /) from t he original on 9 Sept ember 2010.
Ret rieved 10 Sept ember 2010.

260. "Robert S. Mueller, III – InfraGard Int erview at t he 2005 InfraGard Conference" (ht t ps://web.arc
hive.org/web/20110617004540/ht t p://www.infragard.net /media/files/dir_ med.mov) . Infragard
(Official Site) – "Media Room". Archived from t he original (ht t p://www.infragard.net /media/files/
dir_ med.mov) on 17 June 2011. Ret rieved 9 December 2009.

261. "CCIPS" (ht t ps://www.cybercrime.gov/) . 25 March 2015. Archived (ht t ps://web.archive.org/we

b/20060823173821/ht t p://www.cybercrime.gov/) from t he original on 23 August 2006.
262. "A Framework for a Vulnerabilit y Disclosure Program for Online Syst ems" (ht t ps://www.just ice.g
ov/criminal-ccips/page/file/983996/download) . Cybersecurit y Unit , Comput er Crime &
Int ellect ual Propert y Sect ion Criminal Division U.S. Depart ment of Just ice. July 2017. Ret rieved
9 July 2018.

263. "Mission and Vision" (ht t ps://www.cybercom.mil/About /Mission-and-Vision/) .

www.cybercom.mil. Ret rieved 20 June 2020.

264. William J. Lynn, III (12 November 2009). Remarks at the Defense Information Technology
Acquisition Summit (ht t ps://web.archive.org/web/20100415113237/ht t p://www.defense.gov/
speeches/speech.aspx?speechid=1399) (Speech). Washingt on D.C. Archived from t he original
(ht t p://www.defense.gov/speeches/speech.aspx?speechid=1399) on 15 April 2010.
Ret rieved 10 July 2010.

265. Shacht man, Noah (23 Sept ember 2010). "Milit ary's Cyber Commander Swears: "No Role" in
Civilian Net works" (ht t ps://web.archive.org/web/20101106032102/ht t p://www.brookings.edu/o
pinions/2010/0923_ milit ary_ int ernet _ shacht man.aspx) . brookings.edu. Archived from t he
original (ht t p://www.brookings.edu/opinions/2010/0923_ milit ary_ int ernet _ shacht man.aspx)
on 6 November 2010.

266. "FCC Cybersecurit y" (ht t ps://web.archive.org/web/20100527095750/ht t p://www.fcc.gov/psh

s/emergency-informat ion/cybersecurit y.ht ml) . FCC. Archived from t he original (ht t ps://www.f
cc.gov/pshs/emergency-informat ion/cybersecurit y.ht ml) on 27 May 2010. Ret rieved
3 December 2014.

267. "Cybersecurit y for Medical Devices and Hospit al Net works: FDA Safet y Communicat ion" (ht t p
s://www.fda.gov/MedicalDevices/Safet y/Alert sandNot ices/ucm356423.ht m) . Food and Drug
Administration . Archived (ht t ps://web.archive.org/web/20160528153847/ht t ps://www.fda.gov/
medicaldevices/safet y/alert sandnot ices/ucm356423.ht m) from t he original on 28 May 2016.
Ret rieved 23 May 2016.

268. "Aut omot ive Cybersecurit y – Nat ional Highway Traffic Safet y Administ rat ion (NHTSA)" (ht t ps://
web.archive.org/web/20160525195552/ht t p://www.nht sa.gov/Research/Crash+Avoidance/Aut
omot ive+Cybersecurit y) . Archived from t he original (ht t ps://www.nht sa.gov/Research/Crash+
Avoidance/Aut omot ive+Cybersecurit y) on 25 May 2016. Ret rieved 23 May 2016.

269. Air Traffic Cont rol: FAA Needs a More Comprehensive Approach t o Address Cybersecurit y As
Agency Transit ions t o Next Gen (ht t p://www.gao.gov/product s/GAO-15-370) (Report ). U. S.
Government Account abilit y Office. 14 April 2015. Archived (ht t ps://web.archive.org/web/20160
613150636/ht t p://www.gao.gov/product s/GAO-15-370) from t he original on 13 June 2016.
Ret rieved 23 May 2016.
270. St ernst ein, Aliya (4 March 2016). "FAA Working on New Guidelines for Hack-Proof Planes" (ht t
p://www.next gov.com/cybersecurit y/2016/03/faa-has-st art ed-shaping-cybersecurit y-regulat i
ons/126449/) . Nextgov . Archived (ht t ps://web.archive.org/web/20160519181332/ht t p://ww
w.next gov.com/cybersecurit y/2016/03/faa-has-st art ed-shaping-cybersecurit y-regulat ions/12
6449/) from t he original on 19 May 2016. Ret rieved 23 May 2016.

271. Elias, Bart (18 June 2015). "Prot ect ing Civil Aviat ion from Cyberat t acks" (ht t ps://www.fas.org/s
gp/crs/homesec/IN10296.pdf) (PDF). Archived (ht t ps://web.archive.org/web/201610171003
06/ht t ps://www.fas.org/sgp/crs/homesec/IN10296.pdf) (PDF) from t he original on 17
Oct ober 2016. Ret rieved 4 November 2016.

272. Anderson, David; Reimers, Karl (2019). CYBER SECURITY EMPLOYMENT POLICY AND
WORKPLACE DEMAND IN THE U.S. GOVERNMENT. EDULEARN19 Proceedings. Vol. 1. IATED.
pp. 7858–7866. doi:10.21125/edulearn.2019.1914 (ht t ps://doi.org/10.21125%2Fedulearn.2019.1
914) . ISBN 978-84-09-12031-4. ISSN 2340-1117 (ht t ps://search.worldcat .org/issn/2340-111
7) .

273. Vert on, Dan (28 January 2004). "DHS launches nat ional cyber alert syst em" (ht t p://www.comput
erworld.com/securit yt opics/securit y/st ory/0,10801,89488,00.ht ml) . Computerworld. IDG.
Archived (ht t ps://web.archive.org/web/20050831162039/ht t p://www.comput erworld.com/sec
urit yt opics/securit y/st ory/0,10801,89488,00.ht ml) from t he original on 31 August 2005.
Ret rieved 15 June 2008.

274. Det ails can be found in 10 CFR 73.54, Prot ect ion of digit al comput er and communicat ion
syst ems and net works (ht t ps://www.ecfr.gov/current /t it le-10/sect ion-73.54) .

275. Cyber Security Plan for Nuclear Power Reactors (https://www.nrc.gov/docs/ML1011/ML10118

0437.pdf) - Nuclear Energy Inst it ut e

276. Refer t o NEI 08-09 (https://www.nrc.gov/docs/ML1011/ML101180437.pdf ) for more

det ails.

277. Clayt on, Mark (7 March 2011). "The new cyber arms race" (ht t p://www.csmonit or.com/USA/Mili
t ary/2011/0307/The-new-cyber-arms-race) . The Christian Science Monitor. Archived (ht t p
s://web.archive.org/web/20150416090310/ht t p://www.csmonit or.com/USA/Milit ary/2011/030
7/The-new-cyber-arms-race) from t he original on 16 April 2015. Ret rieved 16 April 2015.
278. Nakashima, Ellen (13 Sept ember 2016). "Obama t o be urged t o split cyberwar command from
NSA" (ht t ps://archive.t oday/20161012083815/ht t ps://www.washingt onpost .com/world/nat ion
al-securit y/obama-t o-be-urged-t o-split -cyberwar-command-from-t he-nsa/2016/09/12/0ad09
a22-788f-11e6-ac8e-cf8e0dd91dc7_ st ory.ht ml) . The Washington Post. Archived from t he
original (ht t ps://www.washingt onpost .com/world/nat ional-securit y/obama-t o-be-urged-t o-split
-cyberwar-command-from-t he-nsa/2016/09/12/0ad09a22-788f-11e6-ac8e-cf8e0dd91dc7_ s
t ory.ht ml) on 12 Oct ober 2016. Ret rieved 15 June 2017.

279. Overland, Indra (1 March 2019). "The geopolit ics of renewable energy: Debunking four emerging
myt hs" (ht t ps://doi.org/10.1016%2Fj.erss.2018.10.018) . Energy Research & Social Science. 49:
36–40. Bibcode:2019ERSS...49...36O (ht t ps://ui.adsabs.harvard.edu/abs/2019ERSS...49...36O) .
doi:10.1016/j.erss.2018.10.018 (ht t ps://doi.org/10.1016%2Fj.erss.2018.10.018) .
hdl:11250/2579292 (ht t ps://hdl.handle.net /11250%2F2579292) . ISSN 2214-6296 (ht t ps://se
arch.worldcat .org/issn/2214-6296) .

280. Maness, Ryan C.; Valeriano, Brandon (11 June 2018). "How We St opped Worrying about Cyber
Doom and St art ed Collect ing Dat a" (ht t ps://doi.org/10.17645%2Fpag.v6i2.1368) . Politics and
Governance. 6 (2): 49–60. doi:10.17645/pag.v6i2.1368 (ht t ps://doi.org/10.17645%2Fpag.v6i2.13
68) . hdl:10945/60589 (ht t ps://hdl.handle.net /10945%2F60589) . ISSN 2183-2463 (ht t ps://s
earch.worldcat .org/issn/2183-2463) .

281. Maness, Ryan C.; Valeriano, Brandon (25 March 2015). "The Impact of Cyber Conflict on
Int ernat ional Int eract ions". Armed Forces & Society. 42 (2): 301–323.
doi:10.1177/0095327x15572997 (ht t ps://doi.org/10.1177%2F0095327x15572997) .
ISSN 0095-327X (ht t ps://search.worldcat .org/issn/0095-327X) . S2CID 146145942 (ht t ps://a
pi.semant icscholar.org/CorpusID:146145942) .

282. Bullard, Brit t any (2016). Style and Statistics: The Art of Retail Analytics (ht t ps://onlinelibrary.wile
y.com/doi/book/10.1002/9781119271260) . Wiley. doi:10.1002/9781119271260.ch8 (ht t ps://
doi.org/10.1002%2F9781119271260.ch8) . ISBN 978-1119270317.

283. Olt sik, Jon (18 March 2016). "Cybersecurit y Skills Short age Impact on Cloud Comput ing" (ht t p
s://web.archive.org/web/20160323042705/ht t p://www.net workworld.com/art icle/3045801/se
curit y/cybersecurit y-skills-short age-impact -on-cloud-comput ing.ht ml) . Network World.
Archived from t he original (ht t p://www.net workworld.com/art icle/3045801/securit y/cybersecu
rit y-skills-short age-impact -on-cloud-comput ing.ht ml) on 23 March 2016. Ret rieved 23 March
2016.
284. Robinson, Terry (30 May 2018). "Why is a Degree in Cyber Securit y one of t he Best ?" (ht t ps://w
eb.archive.org/web/20211010052542/ht t ps://www.degreequery.com/why-is-a-degree-in-cyber
-securit y-one-of-t he-best /) . DegreeQuery.com. Archived from t he original (ht t ps://www.degre
equery.com/why-is-a-degree-in-cyber-securit y-one-of-t he-best /) on 10 Oct ober 2021.
Ret rieved 10 Oct ober 2021.

285. de Silva, Richard (11 Oct ober 2011). "Government vs. Commerce: The Cyber Securit y Indust ry
and You (Part One)" (ht t p://www.defenceiq.com/defence-t echnology/art icles/t he-cyber-secur
it y-indust ry-and-you/) . Defence IQ. Archived (ht t ps://web.archive.org/web/20140424200253/
ht t p://www.defenceiq.com/defence-t echnology/art icles/t he-cyber-securit y-indust ry-and-yo
u/) from t he original on 24 April 2014. Ret rieved 24 April 2014.

286. "Depart ment of Comput er Science" (ht t ps://web.archive.org/web/20130603085633/ht t p://ww

w.cs.gwu.edu/academics/graduat e_ programs/mast er/cybersecurit y/cybersecurit y-jobs) .
Archived from t he original (ht t p://www.cs.gwu.edu/academics/graduat e_ programs/mast er/cyb
ersecurit y/cybersecurit y-jobs) on 3 June 2013. Ret rieved 30 April 2013.

287. "About Cyber Securit y archit ect " (ht t ps://www.cisa.gov/securit y-archit ect ) . cisa.gov . 1
August 2021. Ret rieved 1 January 2022.

288. "How t o become a Chief Informat ion Securit y Officer (CISO)?" (ht t ps://cybersecurit ycareer.org/
chief-informat ion-securit y-officer-ciso/) . cybersecuritycareer.org. 1 August 2021. Ret rieved
4 January 2022.

289. "Dat a Prot ect ion Officers" (ht t ps://ico.org.uk/for-organisat ions/guide-t o-dat a-prot ect ion/guide
-t o-t he-general-dat a-prot ect ion-regulat ion-gdpr/account abilit y-and-governance/dat a-prot ect i
on-officers/) . ico.org.uk. January 2021.

290. "St udent Cybersecurit y Resources" (ht t ps://niccs.cisa.gov/formal-educat ion/st udent s-launch-
your-cyber-career) . NICCS (US Nat ional Init iat ive for Cybercareers and St udies). Archived (ht t
ps://web.archive.org/web/20201105234726/ht t ps://niccs.cisa.gov/formal-educat ion/st udent s
-launch-your-cyber-career) from t he original on 5 November 2020.

291. "Current Job Opport unit ies at DHS" (ht t ps://www.dhs.gov/join-dhs-cybersecurit y) . U.S.
Depart ment of Homeland Securit y. Archived (ht t ps://web.archive.org/web/20130502135412/h
t t p://www.dhs.gov/join-dhs-cybersecurit y) from t he original on 2 May 2013. Ret rieved 5 May
2013.

292. "Cybersecurit y Training & Exercises" (ht t ps://www.dhs.gov/cybersecurit y-t raining-exercises) .

U.S. Depart ment of Homeland Securit y. 12 May 2010. Archived (ht t ps://web.archive.org/web/2
0150107111146/ht t p://www.dhs.gov/cybersecurit y-t raining-exercises) from t he original on 7
January 2015. Ret rieved 9 January 2015.
293. "Cyber Securit y Awareness Free Training and Webcast s" (ht t ps://msisac.cisecurit y.org/resource
s/videos/free-t raining.cfm) . MS-ISAC (Mult i-St at e Informat ion Sharing & Analysis Cent er).
Archived (ht t ps://web.archive.org/web/20150106064140/ht t p://msisac.cisecurit y.org/resource
s/videos/free-t raining.cfm) from t he original on 6 January 2015. Ret rieved 9 January 2015.

294. "DoD Approved 8570 Baseline Cert ificat ions" (ht t ps://web.archive.org/web/20161021073353/h
t t p://iase.disa.mil/iawip/Pages/iabaseline.aspx) . iase.disa.mil. Archived from t he original (ht t
p://iase.disa.mil/iawip/Pages/iabaseline.aspx) on 21 Oct ober 2016. Ret rieved 19 June 2017.

295. "The UK Cyber Securit y St rat egy: Report on Progress and Forward Plans December 2014" (ht t p
s://asset s.publishing.service.gov.uk/government /uploads/syst em/uploads/at t achment _ dat a/fil
e/386093/The_ UK_ Cyber_ Securit y_ St rat egy_ Report _ on_ Progress_ and_ Forward_ Plans_ -_ De
_ _ _ .pdf) (PDF). Unit ed Kingdom Cabinet Office. Archived (ht t ps://web.archive.org/web/20180
418230804/ht t ps://asset s.publishing.service.gov.uk/government /uploads/syst em/uploads/at t
achment _ dat a/file/386093/The_ UK_ Cyber_ Securit y_ St rat egy_ Report _ on_ Progress_ and_ For
ward_ Plans_ -_ De_ _ _ .pdf) (PDF) from t he original on 18 April 2018. Ret rieved 20 August
2021.

296. "Cyber skills for a vibrant and secure UK" (ht t ps://www.gov.uk/government /news/cyber-skills-f
or-a-vibrant -and-secure-uk) . GOV.UK.

297. "Singapore Operat ional Technology (OT) Cybersecurit y Compet ency Framework" (ht t ps://web.a
rchive.org/web/20211016185633/ht t ps://www.csa.gov.sg/News/Press-Releases/singapore-o
perat ional-t echnology-cybersecurit y-compet ency-framework) . Cyber Security Agency (Press
release). 8 Oct ober 2021. Archived from t he original (ht t ps://www.csa.gov.sg/News/Press-Rele
ases/singapore-operat ional-t echnology-cybersecurit y-compet ency-framework) on 16
Oct ober 2021. Ret rieved 23 Oct ober 2021.

298. "Confident ialit y" (ht t p://medical-dict ionary.t hefreedict ionary.com/confident ialit y) . Ret rieved
31 Oct ober 2011.

299. "Dat a Int egrit y" (ht t p://www.businessdict ionary.com/definit ion/dat a-int egrit y.ht ml) . Archived
(ht t ps://web.archive.org/web/20111106055944/ht t p://www.businessdict ionary.com/definit ion/
dat a-int egrit y.ht ml) from t he original on 6 November 2011. Ret rieved 31 Oct ober 2011.

300. "Endpoint Securit y" (ht t p://www.webopedia.com/TERM/E/endpoint _ securit y.ht ml) . 10

November 2010. Archived (ht t ps://web.archive.org/web/20140316021605/ht t p://www.webope
dia.com/TERM/E/endpoint _ securit y.ht ml) from t he original on 16 March 2014. Ret rieved
15 March 2014.
301. "A Brief Hist ory of t he Cybersecurit y Profession" (ht t ps://www.isaca.org/resources/news-and-t
rends/indust ry-news/2022/a-brief-hist ory-of-t he-cybersecurit y-profession) . ISACA.
Ret rieved 13 Oct ober 2023.

302. "One st ep ahead in comput ing securit y" (ht t ps://www.rit .edu/news/one-st ep-ahead-comput ing-
securit y) . RIT. Ret rieved 13 Oct ober 2023.

303. Misa, Thomas J. (2016). "Comput er Securit y Discourse at RAND, SDC, and NSA (1958-1970)" (ht
t ps://dl.acm.org/doi/10.1109/MAHC.2016.48) . IEEE Annals of the History of Computing. 38
(4): 12–25. doi:10.1109/MAHC.2016.48 (ht t ps://doi.org/10.1109%2FMAHC.2016.48) .
S2CID 17609542 (ht t ps://api.semant icscholar.org/CorpusID:17609542) .

304. Neumann, A. J.; St at land, N.; Webb, R. D. (1977). "Post -processing audit t ools and t echniques" (h
t t ps://nvlpubs.nist .gov/nist pubs/Legacy/SP/nbsspecialpublicat ion500-19.pdf) (PDF).
nist.gov . US Depart ment of Commerce, Nat ional Bureau of St andards. pp. 11–3–11–4. Archived
(ht t ps://web.archive.org/web/20161010044638/ht t p://nvlpubs.nist .gov/nist pubs/Legacy/SP/n
bsspecialpublicat ion500-19.pdf) (PDF) from t he original on 10 Oct ober 2016. Ret rieved
19 June 2020.

305. Irwin, Luke (5 April 2018). "How NIST can prot ect t he CIA t riad, including t he oft en overlooked
'I' – int egrit y" (ht t ps://blog.it governanceusa.com/blog/how-nist -can-prot ect -t he-cia-t riad-inclu
ding-t he-oft en-overlooked-i-int egrit y) . www.itgovernanceusa.com. Ret rieved 16 January
2021.

306. Perrin, Chad (30 June 2008). "The CIA Triad" (ht t ps://www.t echrepublic.com/blog/securit y/t he-
cia-t riad/488) . techrepublic.com. Ret rieved 31 May 2012.

307. St oneburner, G.; Hayden, C.; Feringa, A. (2004). Engineering Principles for Informat ion Technology
Securit y (ht t p://csrc.nist .gov/publicat ions/nist pubs/800-27A/SP800-27-RevA.pdf) (PDF)
(Report ). csrc.nist .gov. doi:10.6028/NIST.SP.800-27rA (ht t ps://doi.org/10.6028%2FNIST.SP.800-
27rA) . Archived (ht t ps://web.archive.org/web/20041012074937/ht t p://csrc.nist .gov/publicat i
ons/nist pubs/800-27A/SP800-27-RevA.pdf) (PDF) from t he original on 12 Oct ober 2004.
Note: this document has been superseded by later versions.

308. Yost , Jeffrey R. (April 2015). "The Origin and Early Hist ory of t he Comput er Securit y Soft ware
Product s Indust ry" (ht t ps://ieeexplore.ieee.org/document /7116464) . IEEE Annals of the
History of Computing. 37 (2): 46–58. doi:10.1109/MAHC.2015.21 (ht t ps://doi.org/10.1109%2FM
AHC.2015.21) . ISSN 1934-1547 (ht t ps://search.worldcat .org/issn/1934-1547) .
S2CID 18929482 (ht t ps://api.semant icscholar.org/CorpusID:18929482) .
309. "A Brief Hist ory of Comput er Viruses & What t he Fut ure Holds" (ht t ps://www.kaspersky.com/re
source-cent er/t hreat s/a-brief-hist ory-of-comput er-viruses-and-what -t he-fut ure-holds) .
www.kaspersky.com. 19 April 2023. Ret rieved 12 June 2024.

310. "First incident of cyber-espionage" (ht t ps://www.guinnessworldrecords.com/world-records/612

868-first -incident -of-cyber-espionage) . Guinness World Records . Ret rieved 23 January 2024.

311. FBI News (2 November 2018). "The Morris Worm - 30 Years Since First Major At t ack on t he
Int ernet " (ht t ps://www.fbi.gov/news/st ories/morris-worm-30-years-since-first -major-at t ack-on
-int ernet -110218) . fbi.gov . Ret rieved 23 January 2024.

312. Boncella, Robert J (April 2004). Bidgoli, Hossein (ed.). The Internet Encyclopedia, Volume 2
(2nd ed.). Wiley. p. 262. ISBN 978-0-471-68996-6.

313. "1993: Mosaic Launches and t he Web is Set Free" (ht t ps://webdevelopment hist ory.com/1993-
mosaic-launches-and-t he-web-is-set -free/) . Web Development History. 8 December 2021.

314. "Web Design Museum - Net scape Navigat or 2.0" (ht t ps://www.webdesignmuseum.org/web-desi
gn-hist ory/net scape-navigat or-2-0-1995) . 10 March 2023. Ret rieved 4 December 2023.

315. Nakashima, Ellen (26 January 2008). "Bush Order Expands Net work Monit oring: Int elligence
Agencies t o Track Int rusions" (ht t ps://www.washingt onpost .com/wp-dyn/cont ent /art icle/200
8/01/25/AR2008012503261_ pf.ht ml) . The Washington Post. Ret rieved 8 February 2021.

316. Perlrot h, Nicole (7 February 2021). "How t he U.S. Lost t o Hackers" (ht t ps://ghost archive.org/arc
hive/20211228/ht t ps://www.nyt imes.com/2021/02/06/t echnology/cyber-hackers-usa.ht ml) .
The New York Times . Archived from t he original (ht t ps://www.nyt imes.com/2021/02/06/t echno
logy/cyber-hackers-usa.ht ml) on 28 December 2021. Ret rieved 9 February 2021.

317. Perlrot h, Nicole; Sanger, David; Shane, Scot t (6 May 2019). "How Chinese Spies Got t he N.S.A.'s
Hacking Tools, and Used Them for At t acks" (ht t ps://www.nyt imes.com/2019/05/06/us/polit ic
s/china-hacking-cyber.ht ml) . The New York Times . Ret rieved 18 Oct ober 2024.

Further reading

Branch, Jordan (24 Sept ember 2020). "What 's in a Name? Library resources about
Met aphors and Cybersecurit y". International Organization. 75 Compute r se curity

(1). Cambridge Universit y Press (CUP): 39–70. Resources in your library (http
doi:10.1017/s002081832000051x (ht t ps://doi.org/10.1017%2 s://ftl.toolforge.org/cgi-bin/ftl?
st=wp&su=Computer+securit
Fs002081832000051x) . ISSN 0020-8183 (ht t ps://search.wo y)
rldcat .org/issn/0020-8183) . S2CID 224886794 (ht t ps://api.s Resources in other libraries (htt
ps://ftl.toolforge.org/cgi-bin/ft
emant icscholar.org/CorpusID:224886794) .
Cost igan, Sean; Hennessy, Michael (2016). Cybersecurity: A l?st=wp&su=Computer+securit
y&library=0CHOOSE0)
Generic Reference Curriculum (ht t ps://www.nat o.int /nat o_ st a
t ic_ fl2014/asset s/pdf/pdf_ 2016_ 10/20161025_ 1610-cybersecurit y-curriculum.pdf) (PDF).
NATO. ISBN 978-9284501960. Archived (ht t ps://web.archive.org/web/20170310031437/ht t p://w
ww.nat o.int /nat o_ st at ic_ fl2014/asset s/pdf/pdf_ 2016_ 10/20161025_ 1610-cybersecurit y-curric
ulum.pdf) (PDF) from t he original on 10 March 2017.

Fuller, Christ opher J (11 June 2018). "The Root s of t he Unit ed St at es' Cyber (In)Securit y" (ht t ps://
eprint s.sot on.ac.uk/407741/3/Fuller_ Root s_ of_ Cyber_ Insecurit y_ clean_ images.doc) (DOC).
Diplomatic History. 43 (1). Oxford Universit y Press (OUP): 157–185. doi:10.1093/dh/dhy038 (ht t p
s://doi.org/10.1093%2Fdh%2Fdhy038) . ISSN 0145-2096 (ht t ps://search.worldcat .org/issn/0145-
2096) .

Bob, Yonah Jeremy (21 August 2021). "Ex-IDF cyber int el. official reveals secret s behind cyber
offense" (ht t ps://www.jpost .com/israel-news/ex-idf-cyber-int el-official-how-t o-carry-out -a-cyber
-offense-at t ack-677173) . The Jerusalem Post.

Kim, Pet er (2014). The Hacker Playbook: Practical Guide To Penetration Testing. Seat t le:
Creat eSpace Independent Publishing Plat form. ISBN 978-1494932633.

Lee, Newt on (2015). Counterterrorism and Cybersecurity: Total Information Awareness (2nd ed.).
Springer. ISBN 978-3319172439.

Mont agnani, Maria Lillà; Cavallo, Mirt a Ant onella (2018). "Cybersecurit y and Liabilit y in a Big Dat a
World" (ht t ps://revist as.ucp.pt /index.php/mclawreview/art icle/view/325) . Market and
Competition Law Review. 2 (2). Elsevier BV: 71–98. doi:10.2139/ssrn.3220475 (ht t ps://doi.org/10.2
139%2Fssrn.3220475) . ISSN 1556-5068 (ht t ps://search.worldcat .org/issn/1556-5068) .
S2CID 216704215 (ht t ps://api.semant icscholar.org/CorpusID:216704215) . SSRN 3220475 (ht t p
s://papers.ssrn.com/sol3/papers.cfm?abst ract _ id=3220475) .

Shariat i, Marzieh; Bahmani, Faezeh; Shams, Fereidoon (2011). "Ent erprise informat ion securit y, a
review of archit ect ures and frameworks from int eroperabilit y perspect ive" (ht t ps://doi.org/10.101
6%2Fj.procs.2010.12.089) . Procedia Computer Science. 3. Elsevier BV: 537–543.
doi:10.1016/j.procs.2010.12.089 (ht t ps://doi.org/10.1016%2Fj.procs.2010.12.089) . ISSN 1877-
0509 (ht t ps://search.worldcat .org/issn/1877-0509) .

Singer, P. W.; Friedman, Allan (2014). Cybersecurity and Cyberwar: What Everyone Needs to Know.
Oxford Universit y Press. ISBN 978-0199918119.

Wu, Chwan-Hwa (John); Irwin, J. David (2013). Introduction to Computer Networks and
Cybersecurity. Boca Rat on: CRC Press. ISBN 978-1466572133.
Cybersecurit y Best Pract ices | Cybersecurit y and Infrast ruct ure Securit y Agency CISA. (n.d.).
Ret rieved April 24, 2024, from ht t ps://www.cisa.gov/t opics/cybersecurit y-best -pract ices

Szt yber-Bet ley, A., Syfert , M., Kościelny, J. M., & Górecka, Z. (2023). Cont roller Cyber-At t ack
Det ect ion and Isolat ion †: Sensors (14248220). Sensors (14248220), 23(5), 2778.
doi:10.3390/s23052778 (ht t ps://doi.org/10.3390%2Fs23052778)