Saturday, October 25, 2014

The perfect definition of IT risk

Wikipedia defines risk as the potential vulnerability to harm or damage to the units, individuals, organizations or entities. The Spanish Royal Academy of Language speaks of risk as that contingency or proximity of damage.

Either can be applied to IT risk, a daughter discipline of security governance which keeps our society stands. Both Heartbleed, such as Shellshock and POODLE are examples of vulnerabilities that have jeopardized our computer systems. And all were this year, which could lead to think that 2014 is somehow the most prolific in history for the emergence of critical security flaws date. The truth is that it does not, and indeed when compared with previous years, has significantly reduced the number. The change, therefore, comes from a redefinition of how to communicate a security breach, which has grown from one to more humane, more commercial, that past technical name (CVE-2014-4148, for example) and in turn pass with malware. That small change in philosophy, coupled with increased user interest about digital dangers.

Another risk, this time affecting the financial system itself, comes from the hand of false identities, artificially generated as if they were real people, and are used by gangs for different purposes. Since trafficking and money laundering, to identity spoofing and obfuscation of the path taken by cybercriminals with extorted bank accounts. A technique that again, is not to have increased in quantity, but in effectiveness.

Banker Trojans there are many types, but the way they take control of the victim systems is not very different. The WebInject are one of the most common attack vectors, and from ESET, are trying to determine whether there is a basic pattern that serve researchers in the laboratory to generate different evolutions of the same and as far forward as possible to the continuous new versions that appear.

And as we are Saturday, and the goal of the weekend is to relax, what better to consider if we want to start the MOOC in Spanish on industrial cyber security risk. Since the launch platform INTECO a seven units where the fundamentals and characteristics of industrial control systems course are analyzed, and different aspects of cybersecurity thereof.

A good opportunity to give a boost to the professional profile, or to specialize more so in those areas that we love.


Post a Comment