Cybersecurity, often unthought-of when browsing the web because passwords should be able to protect information. However, how does one know their passwords are as secure as they can be? And how does one take the best precautions when it comes to their safety online?

Cybersecurity must play an important role in protecting one’s information, this includes creating and memorizing secure password to prevent the many different ways hackers can steal sensitive information.

Cyber security is when someone keeps their online information safe by “preventing, detecting, and responding to cyber-attacks” correctly [CITATION NCC18 \l 1033]. Having good cyber security is what separates those who become victims to cyber-attacks and those who do not. To have good cyber security, one must learn the dangers of cyber-attacks. Cyber security is made up of five main categories, the first is Critical Infrastructure Security [CITATION Inf19 \l 1033]. Infrastructure is the basic structure of something complex, therefore, Critical Infrastructure Security consists of the palpable and cyber systems that allow for physical and or economical safety[ CITATION Inf19 \l 1033 ]. Critical Infrastructure Security is used by many, more importantly, it is used by the United States government and is handled by the Cybersecurity and Infrastructure security Agency (CISA) to make sure that any important information remains protected as well as possible[ CITATION Inf19 \l 1033 ].

The second type of cyber security is Application Security. Application Security contains six security details that must be considered when creating an application [CITATION Kou13 \l 1033]. These six security details are confidentiality, integrity, availability, authentication, authorization, and non-repudiation [CITATION Kou13 \l 1033]. These six security details are meant to be treated as the “cornerstones” when designing an application that has to be secure [ CITATION Kou13 \l 1033 ]. Once these cornerstones are in place the next steps in Application Security are important design concepts to consider [CITATION Kou13 \l 1033]. These concepts include attack resilience, attack tolerance, and attack resistance [CITATION Kou13 \l 1033]. Attack resilience makes sure that an application has the capabilities to control what happens during an attack; to be able to compartmentalize the situation [CITATION Kou13 \l 1033]. Attack tolerance is when the application has the ability to endure a breakdown [CITATION Kou13 \l 1033]. Attack resistance is an application’s ability to hinder from an attack [CITATION Kou13 \l 1033].

The third type of cyber security is Network Security [CITATION Sha14 \l 1033].

Network Security is the multiple systems that allow for data to remain secure [CITATION Sha14\l 1033]. This includes Firewall Technology, Data Encryption Technology, Intrusion Detection Technology, and Anti-virus Technology [CITATION Sha14 \l 1033]. Firewall technology allows for certain measures or percussions to take place for certain procedures such as data transfers between a one network and another [CITATION Sha14 \l 1033]. Data Encryption technology protect things such as data storage, data transfer, data integrity, authentication and key management techniques [CITATION Sha14 \l 1033]. Key management techniques including key generation, distribution, storage, destruction and more [CITATION Sha14 \l 1033]. Intrusion detection technology is protects the design and rational allocation which means it looks for any abnormalities in a system and can then report it or even deal with it[ CITATION Sha14 \l 1033 ]. Anti-virus technology, not only referring to software, but can also be a network that centers it’s attention towards viruses that may come forth in a network connection and once it is detected it can be eliminated[ CITATION Sha14 \l 1033 ].

The fourth category of cyber security is Cloud Security [CITATION Edi15 \l 1033].

Cloud Security is the protection of data and user authentication mainly using encryption systems [CITATION Edi15 \l 1033]. Cloud security can include infrastructure security, data privacy, data management, and integrity and reactive security [CITATION Edi15 \l 1033]. It protects one’s right to privacy which can be considered immensely important to most [CITATION Edi15 \l 1033]. Cloud security also assures that data is in a secure location and that there are transaction logs of any data transfers. This is done so that one may know where their data is going using filtering and sometimes “Real time Security Monitoring” to make sure that a cloud stays protected[ CITATION Edi15 \l 1033 ].

The last category of cyber security is the Internet of Things (IoT) security [CITATION Fer17 \l 1033]. IoT security involves all devices or machines that have access to an online network [CITATION Fer17 \l 1033]. These types of cyber security all contribute to the safety of data within the internet.

There are many different ways cyberattacks occur, some may be extremely dangerous since they are made with the intention of stealing immensely important data. The first type of cyber-attack is Malware. Malware is software specifically created to get into any computer or program and corrupt it [CITATION Typ \l 1033]. Corrupt meaning the program can no longer be used as it may have been severely damaged by the malware. Prevention for malware includes anti-malware software [CITATION Typ \l 1033], which is software that can prevent, detect, and even remove malware [CITATION Gol14 \l 1033]. It also includes basic knowledge for safe web browsing [CITATION Typ \l 1033]. Such as being suspicious when it comes to clicking on deceptive or unreliable links because clicking on them will allow for the malware to be downloaded onto one’s computer. As well as keeping one’s operating system (OP) up to date, as this can leave a device unprotected against attacks because of the outdated defense systems [CITATION Gol14 \l 1033].

The second type of cyber-attack is called a Denial of Service (DoS) attack [CITATION Typ \l 1033]. A DoS attack is when multiple assailants rush “Traffic” into the victim’s server so that it may “overload and crash” [CITATION Typ \l 1033]. In order to prevent a DoS attack, one must have the space to hold that traffic during an attack. This would be called “having extra bandwidth” [CITATION Typ \l 1033]. Someone could also get help from “third-party services” that allow for one’s company computer to stay up and running during a Dos attack [CITATION Typ \l 1033]. These third-part services prevent DoS attacks by filtering “malicious traffic”, spreading the attacks over multiple systems so that the traffic doesn’t overload and crash a system, or even changing an IP address[ CITATION Mah17 \l 1033 ].

The third type of cyber-attack is known as Phishing [CITATION Typ \l 1033]. Phishing is best defined as an online scam artist or con [CITATION Typ \l 1033]. People who phish for victims are most likely lying about who they are, and what they promise the victims in return for money or important information such as passwords to accounts [CITATION Typ \l 1033].

Prevention for Phishing attacks include, again, mostly basic knowledge of safe web browsing [CITATION Typ \l 1033]. A couple of other types of cyber-attacks include vulnerabilities and hackers [CITATION NCC18 \l 1033]. When talking about vulnerabilities, people are referring to the vulnerabilities that often occur in computer programs when programmers make mistakes or forget to add something and cause holes in the code that allow for hackers to enter and steal valuable information[ CITATION NCC18 \l 1033 ]. In order to prevent hackers, the answer could be hiring hackers. These are known as white-hat hackers and they are hired by companies to try to hack their own companies to see if they are able to. If the hackers are able to hack the company, they are paid, and the company can then take precautions and necessary steps to fix the problem in the code or replace the code altogether to make it hacker-proof.

A fourth type of cyber-attack is called a virus. Viruses first began by getting into a computer program and then spreading itself to other programs form there, however, since then viruses have become a lot more complex [CITATION Jen16 \l 1033]. Jenab and Saeid[CITATION Jen16 \n \t \l 1033 ] then explain that hackers usually set viruses to wait and target the wealthiest, otherwise known as the top one percent, of the United States, as well as, Asia. Viruses do this by waiting for a victim to use hotel WIFI network or any other source were a network is labeled unsecure [CITATION Jen16 \l 1033]. If a network is unsecure it means it doesn’t require a password. This serves as a lure to a victim since they are trying want free WIFI, however, as soon as there is a connection the virus can then download itself and infect the victim’s device to then gain control of. There are two main types of viruses, a resident virus and a non-resident virus [CITATION Jen16 \l 1033]. A resident virus will be installed into an operating system [CITATION Jen16 \l 1033], otherwise known as an OS, which is the software within a device that is programed to handle the basic tasks the device is capable of. Non-resident viruses wait for a victim to connect to them in some way while it infects their device and then the virus will leave the system [CITATION Jen16 \l 1033].

People can get hacked in many different ways but the main theme that begins an attack is the lack of knowledge of the person browsing online. People get tricked into clicking emails or clicking download on something and end up downloading malware or allowing passage to sensitive information [CITATION Hon12 \p 74 \l 1033 ]. This is completely avoidable but can only be done with the right information and logic. Jenab and Saeid imply that strong passwords should consist of the following, “ a combination of words, characters, numbers, upper-case letters, and lower-case letters” [CITATION Jen16 \l 1033]. They say the more unique a password is, the longer it will take for someone to be able to hack into the device or profile. Jenab and Saeid also explain that there are third-party programs that are able to aid in the protection of passwords. This can help many who have to come up multiple password that have to be as secure as possible.

In order to create a strong password, it is suggested to use “action sequence” memorization using a keyboard to create a password that is complicated to guess but easy to memorize [CITATION Cip \l 1033]. This means that when creating the password, use the keyboard to create a pattern of physical movement that is easily memorable to make random numbers and letter that can act as a secure password. Another way of creating a strong password is using a mnemonic device as a password. A mnemonic device is a memorization technique used in many different applications; it usually consists of a creative sentence that makes it easily memorable. To make a password out of a mnemonic device the first letter of each world and the numbers or special characters would be used.

Computer programs can be made to guess passwords and are done relatively easy. Any experienced hacker can simply create a password guessing algorithm and it can be made in any computer language. They are many different types of computer languages the most common and the easiest to learn is known as Python. Python is well known as the simpler of the coding languages as it sets out its variables for a programmer to learn. Hackers are able to use their experience in specific coding languages to program viruses, malware, and more.

Studies show that some people are more likely to become victims to these types of attacks due to their personality traits [CITATION Van17 \l 1033]. People that have less self-control and are more impulsive are the ones who are most likely to be present in the crime being committed [ CITATION Van17 \l 1033 ]. Van De Weijer and Leukfeldt [CITATION Van17 \n

\t \l 1033] go on to say that because of the knowledge of the type of people who are committing the crimes, we can further explain who are the victims to the crimes committed. Van De Weijer and Leukfeldt then explain that the “Big Five” personality characteristics explain emotional stability, conscientiousness, and agreeableness. They conclude that people who tend to be more agreeable and more conscientious are more likely to be victims than not [CITATION Van17 \l 1033]. This proves that in order to avoid sensitive information from being stolen through viruses and such, one must be suspicious of everything they click or enter online.

In essence, it takes a good amount of effort to create a strong secure password but the if it is supposed to keep immensely important information safe then the password should be as secure as possible. Cyber security is divided into five different groups, critical infrastructure security, application security, network security, cloud security and the internet of things. Cyber- attacks can happen in many different ways, a couple of the main ones consist of malware, denial of service attacks, phishing, and viruses. All of these types of cyber-attacks and more can get into anyone’s device if not properly secured and will steal sensitive information or simply corrupt the program. To prevent this, strong passwords can be created using words, special characters, uppercase letters, lowercase letters, and numbers to create a unique password. Techniques to memorize these often completely random passwords include action sequence memorization or the use of mnemonic devices. Cyber-attacks and programs can only be made using coding languages, Python being said the easiest to learn. Cyber-attack can happen to anyone; however, studies have shown that those who are typically more agreeable tend to be victims while those who are more impulsive tend to be the one who commit the crimes.

Bibliography

• 5 main types of cyber security:. (2019, July). Retrieved from mindcore: https://mind-core.com/5- types-of-cyber-security/
• Cipresso, P., Gaggioli, A., Serino, S., Cipresso, S., & Riva, G. (2012, January 10). Journal of Medical Internet Research. (G. Eysenbach, Editor) Retrieved from How to Create Memorizable and Strong Passwords: https://libezp.nmsu.edu:2294/pmc/articles/PMC3846346/
• Edit, R. S., & Rajnai, Z. (2015, January 8). Moving towards Cloud Security. Interdisciplinary Descrioption of Complex Systems, 13(1), 9-14.
• Fernandes, E., Rahmati, A., Eykholt, K., & Prakash, A. (2017). Internet of Things Security Research: A Rehash of Old Ideas of New Intellectual Challenges? IEEE Security & Privacy, 15(4), 79-84.
• Goldsborough, R. (2014, April). When Malware Slows You Down. Teacher Librarian, 41(4), 59- 59.
• Hong, J. (2012). The State of Phishing Attacks. Association for Computing Machinery, Communications of the ACM, 55(1), 74-81. Retrieved from https://doi.org/10.1145/2063176.2063197
• Infrastructure Security. (2019, June 17). Retrieved from Homeland Security: https://www.dhs.gov/topic/critical-infrastructure-security
• Jenab, K., & Saeid, M. (2016). Cyber Security Management: A Review. Business Management Dynamics, 5(11), 16-39.
• Koussa, S. (2013, July). Q&A. Should Startups Care about Application Security? Retrieved from Technology Innovation Management Review: https://timreview.ca/article/706