Читать книгу Getting an Information Security Job For Dummies - Gregory Peter H. - Страница 8

Many technologists think that an information security program is all about technology: That technology is the root of the problem and technology will solve those problems. If this describes you, I appeal to you to open your mind to other ways of thinking about information security. Even if the aspect of information security that fascinates you the most is technology (and we need a lot more people like you), understanding the people behind technology-related issues can be helpful.

Information security involves a lot of technology but is at its root a people issue. Information security professionals are responsible for protecting assets against people: careless insiders, malicious outsiders, and many in between. Our vocabulary includes a lot of terms for things, including the different sorts of actors and their unique behaviors that we all eschew. I describe them in this section.

Hobbyists and enthusiasts

Because the term hacker has been maligned in recent years, I prefer to use the term computer hobbyist to describe computer enthusiasts who love to explore computers to understand more about how they work. Hackers, hobbyists, and enthusiasts – let’s agree that they’re all about the same.

Hobbyists are curious, peaceful folk who love technology, love to figure out how things work, and love to improve their electronic gadgets. Hobbyists and inventors are similar. Both enjoy making things better for themselves and others by taking things apart (logically or literally) to see how they work, and then modifying them to make them better. The world is full of people who like to tinker with their cars, motorcycles, radios, and computers. Think of early computer overclockers or musicians whose amps go up to 11.

Hobbyists with good judgment and discipline are our friends.

The fall of hackerdom

Before most people in the world were even born, the term hacker was generally a positive one. A hacker was a hobbyist who was curious about how electronic-ish things worked and would implement customizations to improve or enhance their performance. In the early days of computers, a computer hacker was one who sought to understand how computers worked and to employ changes to improve them.

Then as now, some hackers would explore computer systems – still seeking how they worked and ways of making modifications – but for malicious purposes.

The term hacker as a benevolent hobbyist has fallen into disuse and the dominant meaning of the term is a malicious person. And good hackers are generally known as computer hobbyists so they can distance themselves from the others.

Script kiddies

A deservedly maligned bunch, script kiddies are teenage troublemakers with too much time on their hands who use tools created by others to attack computers and networks. Typical script kiddies have little or no understanding of the inner workings of the tools they use.

Early in my career, script kiddies were typically the most significant problem for us – there were a lot of them and the tools they used could cause quite a bit of damage. But in retrospect, they were like gnats that swarmed around our faces, irritating and bothersome but usually not very harmful.

Like a lot of technologists, some script kiddies start as novices but build their knowledge and skills. They improve the tools they use and, eventually, write hacking tools of their own.

Hacktivists

Hackivist is a blend of the words hacker and activist (think Greenpeace or PETA). Hacktivists are generally known for disrupting computers and networks belonging to organizations and governments with whom they disagree politically or ideologically.

It’s a big crowded world, and the Internet is a never-ending fount of information about every sort of organization. For every organization, you'll likely find people who oppose what the organization does or stands for.

Some noteworthy examples of hacktivist activities follow:

✓ PGP (pretty good privacy): A popular email encryption program, PGP was thought to be released in response to a U.S. Senate bill that demanded government access to the plain text contents of voice, data, and other communications.

✓ Website mirroring: When an organization or a government blocks access to a particular website, a hacktivist will mirror (copy) the contents of the blocked site to another site, so that its contents can remain available.

✓ Wikileaks: This website publishes leaked industry and government documents.

Corporate spies

Companies spying on each other to obtain commercial secrets is nothing new. However, the migration of paper records to computers and the Internet has provided new opportunities and methods for companies to spy on each other. The Internet provides the means for spies to discover target systems and to steal their data for further analysis and exploitation.

The future is bright for information security jobs

There is a critical worldwide shortage of workers with information security skills. For the most part, these jobs pay well, with pretty good working conditions and a good standard of living.

In January 2014, the Ponemon Institute conducted a survey of information security managers and developed several key findings, including:

✓ 70 percent of respondents said that they don’t have enough IT security staff.

✓ 58 percent of senior security staff positions and 36 percent of staff security positions went unfilled in 2013.

In 2014, Burning Glass Technologies market overview on information security jobs cited that job listings in cybersecurity have grown by 74 percent from 2007–2013, more than twice the growth rate for IT jobs overall.

Unlike the dot com bubble in the late 1990s, the growth rate in information security jobs is not a flash in the pan but a response to painful advances by cybercriminal organizations as well as increasing regulation on information security and privacy. Short of a miraculous discovery in data protection that cybercriminal organizations are unable to overcome (yeah, right!), the demand for information security jobs should remain strong for many years.

Malicious insiders

Take good care of your employees and they’ll take good care of you. However, companies that don’t treat employees so nicely sometimes pay a heavy price. Employees who are bored, angry, unhappy, or who think that they will soon be fired or laid off often use revenge to settle the score.

Now and then, we hear a tale in which an employee who believed that his or her job was about to end decided to exact revenge on the employer. The popular cult movie Office Space explores this theme in detail.

Careless insiders

A careless insider is a legitimate user in an organization but, well, careless. Perhaps the person lacks judgment, or is working too fast, or needs training, or is not paying attention.

Careless insiders can be especially damaging to an organization because they possess what intruders lack: issued login credentials.

Fraudsters

Fraudster is a broad label that includes people who deceive and steal. How they deceive and what they steal varies, but invariably they perform some kind of a trick to steal money.

Typical fraud cases in the broad category of cybercrime include the following:

✓ Credit card fraud: Fraudsters steal credit card numbers and use them to buy stuff they want. You might still get the frequent flyer miles or other rewards, but you’re out the money, and that hurts.

✓ Wire fraud: Fraudsters employ malware that steals login credentials, and target a company with lots of money in the bank, in hopes that they can capture online banking and online wire transfer login codes. If they do, that giant sucking sound is the organization’s money being transferred to an offshore account.

✓ Identity theft: These actors use a variety of ways to obtain enough personal information about people to permit the opening of credit cards and lines of credit in the name of the victim. (By the way, they aren't actually stealing your identity; they're borrowing it.)

Organized crime

Organized crime used to be known for sex and drug trafficking, illegal gambling, and protection rackets. Today, however, organized crime makes more money perpetrating online fraud and other Internet-based schemes. These organizations are in all corners of the world, but particularly in Eastern Europe, the Middle East, and Africa.

The sophistication of a lot of today’s malware points to organizations with large, formal research and development budgets. Most of the easy hacks have been written; now more work (and bigger organizations) and better planning are required to build the tools necessary to break into systems and networks.

Rogue nation-states

The governments of several countries understand that state sponsorship is one way to develop malware and other techniques to break into networks and steal valuable information.

Nation-states sponsor cybercriminal activities for a number of reasons, such as to

✓ Steal political secrets

✓ Steal military secrets

✓ Aid local industries through industrial espionage

✓ Conduct industrial or military sabotage

If this sounds like traditional espionage – you’re right! Today’s spies have moved into cyberspace to do their work. If the information they want is online, many will use online means to try and steal it.

Cyberwarfare rules of engagement

If you’re on the side of the white hats, cyberwarfare is not a lot of fun. If it seems like adversaries have the upper hand, it’s because adversaries have the upper hand.

Cyberware is said to be asymmetric. In other words, a single individual can wield the same amount of attack effectiveness as the largest country in the world. With the right tools, an individual can cripple a large military organization.

The following lists some rules of engagement for attackers and defenders:

✓ Defenders must protect against all types of attacks, whereas an attacker can attack in any manner desired.

✓ Defenders must protect all systems against attack, whereas an attacker can attack any system of choice.

✓ Defenders must protect systems at all hours of the day and night, whereas an attacker can attack at a time of his or her choosing.

✓ Defenders must conform to policies and obey all applicable laws, whereas an attacker can break any law at any time.