Yonas Tibebu

  Ransomware as a service (RaaS) is the offering of pay-for-use malware. It is created for extortion over stolen or encrypted data, known as ransomware. The author of the ransomware makes the software available to customers called affiliates, who use the software to hold people's data hostage with little technical skill. The use of RaaS enables affiliates to enter an area of extortion practices that was previously exclusive to the authors themselves. For the malware author, this business model enables them to scale their earnings from their software with less personal risk than incurred if using it themselves. Offering their software to others removes them from the final crime by having another perform the act of ransom. Like ransomware itself, RaaS is typically a criminal exercise that is almost always illegal anywhere around the world. How does ransomware as a service work? RaaS is all about providing ransomware in software as a service (SaaS) model. A...

  Cyberterrorism is any premeditated, politically motivated attack against information systems, programs and data that results in violence. The details of cyberterrorism and the parties involved are viewed differently by various organizations. The U.S. Federal Bureau of Investigation (FBI) defines cyberterrorism as any "premeditated, politically motivated attack against information, computer systems, computer programs and data which results in violence against noncombatant targets by subnational groups or clandestine agents." Unlike a nuisance virus or computer attack that results in a denial of service (DoS), the FBI distinguishes a cyberterrorist attack as a type of cybercrime explicitly designed to cause physical harm. However, there is no current consensus between various governments and the information security community on what qualifies as an act of cyberterrorism. Other organizations and experts suggest that less harmful attacks can also be conside...

  Supply chain security is the part of supply chain management that focuses on the risk management of external suppliers, vendors, logistics and transportation. Its goal is to identify, analyze and mitigate the risks inherent in working with other organizations as part of a supply chain. Supply chain security involves both physical security relating to products and cybersecurity for software and services. Because supply chains can vary greatly from group to group, and many different organizations may be involved, there is no single set of established supply chain security guidelines or best practices. A complete supply chain security strategy requires following risk management principles and cyberdefense in depth. Physical supply chain security and integrity In the past, supply chain security primarily focused on physical security and integrity. Physical threats encompass risks with internal and external sources, such as theft, sabotage and terrorism. Organization...

An ethical hacker, also referred to as a white hat hacker, is an information security (InfoSec) expert who penetrates a computer system, network, application or other computing resource on behalf of its owners -- and with their authorization. Organizations call on ethical hackers to uncover potential security vulnerabilities that malicious hackers could exploit. The purpose of ethical hacking is to evaluate the security of and identify vulnerabilities in target systems, networks or system infrastructure. The process entails finding and then attempting to exploit vulnerabilities to determine whether unauthorized access or other malicious activities are possible. What is ethical hacking? An ethical hacker needs deep technical expertise in InfoSec to recognize potential attack vectors that threaten business and operational data. People employed as ethical hackers typically demonstrate applied knowledge gained through recognized industry certificatio...

  Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation and maintain a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it. Computer forensics -- which is sometimes referred to as computer forensic science -- essentially is data recovery with legal compliance guidelines to make the information admissible in legal proceedings. The terms digital forensics and cyber forensics are often used as synonyms for computer forensics. Digital forensics starts with the collection of information in a way that maintains its integrity. Investigators then analyze the data or system to determine if it was changed, how it was changed and who made the changes. The use of computer for...

  RAID 10, also known as RAID 1+0, is a RAID configuration that combines disk mirroring and disk striping to protect data. It requires a minimum of four disks and stripes data across mirrored pairs. As long as one disk in each mirrored pair is functional, data can be retrieved. If two disks in the same mirrored pair fail, all data will be lost because there is no parity in the striped sets. RAID, which stands for redundant array of independent disks, comes in several different configurations. A RAID 1 configuration copies data from one drive to another, mirroring and duplicating data to provide improved fault tolerance and data protection. Data is fully protected as the mirror copy is available if the originating drive is disabled or unavailable. Because it makes a full duplicate of the data, RAID 1 requires twice as much storage capacity as the original data. RAID 0 doesn't provide any data protection; its sole purpose is to enhance driv...