Information Security as a Part of Curricula in Every Professional Domain, Not Just ICT's

Information Security as a Part of Curricula in Every Professional Domain, Not Just ICT's

Predrag Pale (Faculty of Electrical Engineering and Computing, University of Zagreb, Croatia)
DOI: 10.4018/978-1-4666-8793-6.ch010


Information security is gaining attention of managers, leaders and public as attacks extend from “pure” IT systems into critical infrastructure which is being expanded to food production and supply, health systems, news media, educational resources etc. All parts of social, commercial and private life are under attack. In addition, new methods of attacks are appearing: slow san attacks and hibernated attacks. Thus, dedicated cyber defense forces are necessary. In addition, ICT specialists who design, deploy and maintain systems need appropriate education in information security in order for systems to be as secure as possible, in the first place. Also, white collar social engineers, domain specialists, are now able to perform highly sophisticated attacks. ICT specialists lack the domain knowledge to predict, detect and counter fight such attacks. This chapter shows why domain professionals need security awareness, education, readiness training and exercises, continuously.
Chapter Preview

The Reasons For Increased Attacks On Information Security

It is due to ICT’s increased omnipresence and its importance in all aspects of private, industrial and social life in the first place, but it is also due to proliferation of a variety of attack tools and simplicity of their use. In the past only highly skilled ICT specialists were able to find and exploit a vulnerability of an information system. Today it is no longer true. Just anyone can download a tool from Internet and launch an attack with it against not only one, but potentially thousands of systems. Botnets, the networks of hundreds of thousands of compromised “ordinary” computers are being sold, even rented, as the platform from which to launch attacks (Botnet, 2015). The initial step of attack agent injection into the Internet can be performed from anonymous computers driving by

  • 1.

    Unprotected wireless networks belonging to individuals, or

  • 2.

    Institutions who are not-participating, or

  • 3.

    Networks intended for public use.

Even protected networks can be broken in and used to launch an attack (Chatzisofroniou, 2015).

Perhaps the greatest problem with security of information systems and information security in general, globally, is in understanding the reason why would anyone wish to attack someone’s computing and communication infrastructure and information they contain.

At the very beginning of general purpose computing and at the advent of Internet there were almost no security mechanisms and those in place were very simple (Symantec, 2009). Yet, there were almost no security issues, attacks and misuses.

The reason is in the culture of the users at that time. Majority of cyber community in 70-ies and 80-ties was situated in academia and the rest was in the government and military industry. The culture and code of conduct was well known to all members and was the core, essential to one’s profession and identity. It was clear that any security breach in this community once detected would terminate one’s career. Even worse, only the suspicion was sufficient to make one’s life very difficult.

Key Terms in this Chapter

Hibernated Attack: An attack in which successful breach and payload deployment is not followed by activating deployed payload. Rather, payload is activated by a trigger event, at specific time or by external stimuli sent by the original attacker or anyone who was granted usage of the payload by the original attacker.

White Collar Social Engineers: Domain professionals who do not possess competences of traditional social engineers but are rather leveraging automatized tools for social engineering.

Slow Scan Attack: Active scanning of computing and communication devices where two successive probe messages are spaced in time at least minutes, mostly hours and possible days.

Complete Chapter List

Search this Book: