While in traditional cybersecurity (IT) the protection model is based on the triad CID (Confidentiality, Integrity and Availability), in industrial control systems and real-time (OT) systems, priorities are often reversed towards the AIC model (Availability, Integrity and Confidentiality).[1]​.

This is because, in critical environments such as power grids, nuclear plants or medical devices (cyber-physical systems), service interruption (low availability) or delay in data transmission (latency) can have catastrophic physical consequences, unlike the loss of data confidentiality that prevails in corporate environments. Therefore, heavy encryption protocols that introduce latency (jitter) are sometimes not viable in Hard Real-Time systems.

With the Internet and other major technological advances in recent years, cybersecurity has become a more well-known term. In 1967, representatives of the RAND Corporation and the National Security Agency were the first to publish research on security threats in the field of computer time-sharing.[4]​.

Computer security aims to establish standards and measures that minimize risks to information and computer infrastructure. These standards include aspects such as operating hours, access restrictions, authorizations, denials, user profiles, emergency plans, protocols and everything necessary to guarantee an adequate level of computer security without compromising the performance of workers and the organization in general, and as the main contributor to the use of programs made by programmers.

In terms of protected assets, computer security is designed to protect computer assets, which include the following:.

• - Computational infrastructure: is a fundamental part for the storage and management of information, as well as for the operation of the organization itself. The function of computer security in this area is to ensure that the equipment works properly and anticipate failures, theft, fires, sabotage, natural disasters, power failures and any other factor that threatens the computer infrastructure.

• - Users: are the people who use the technological structure, communications area and who manage the information. The system in general must be protected so that its use cannot call into question the security of the information nor so that the information they handle or store is vulnerable.

• - Information: this is the main asset. It uses and resides in the computing infrastructure and is used by users. Computer security is concerned with protecting the confidentiality, integrity and availability of information.

Within the field of cybersecurity, it is essential to have clearly defined roles and responsibilities to ensure effective management of information security. In this sense, the National Security Scheme (ENS) establishes the basic roles that must exist in organizations to ensure the protection of information.

According to the ICT Security Guide CCN-STIC 801, in addition to the three main figures mentioned in article 10 of the ENS (Information Manager, Service Manager and Security Manager), there are other important roles that can play a relevant role in information security management.

One of these roles is the so-called Information System Manager, whose responsibility can be located within the organization itself or compartmentalized between the organization and third parties, whether public or private service providers, in the case of outsourced information systems. The Information System Manager has the responsibility of guaranteeing the proper use and functioning of the information systems, as well as implementing the necessary security measures.

It is important to note that the competencies and responsibilities of the aforementioned roles may vary depending on the organization and its specific context. However, it is essential that these roles are clearly defined and that there is effective coordination between them to ensure comprehensive information security management.

The ENS Framework provides guidance and reference for organizations in implementing information security measures. Establishes the minimum security requirements that the systems and services used by public administrations must meet, as well as the guidelines to evaluate and manage the risks associated with information security.

Contenido

No solamente las amenazas que surgen de la programación y el funcionamiento de un dispositivo de almacenamiento, transmisión o proceso deben ser consideradas, también hay otras circunstancias no informáticas que deben ser tomadas en cuenta. Muchas son a menudo imprevisibles o inevitables, de modo que las únicas protecciones posibles son las redundancias y la descentralización, por ejemplo mediante determinadas estructuras de redes en el caso de las comunicaciones o servidores en clúster "Clúster (informática)") para la disponibilidad.

Las amenazas pueden ser causadas por:.

• - Usuarios: causa del mayor problema ligado a la seguridad de un sistema informático. En algunos casos sus acciones causan problemas de seguridad, si bien en la mayoría de los casos es porque tienen permisos sobredimensionados, no se les han restringido acciones innecesarias, etc.

• - Programas maliciosos: programas destinados a perjudicar o a hacer un uso ilícito de los recursos del sistema. Es instalado en el ordenador, abriendo una puerta a intrusos o bien modificando los datos. Estos programas pueden ser un virus informático, un gusano informático, un troyano "Troyano (informática)"), una bomba lógica, un programa espía o spyware, en general conocidos como malware.

• - Errores de programación: la mayoría de los errores de programación que se pueden considerar como una amenaza informática es por su condición de poder ser usados como exploits por los crackers, aunque se dan casos donde el mal desarrollo es, en sí mismo, una amenaza. La actualización de parches de los sistemas operativos y aplicaciones permite evitar este tipo de amenazas.

• - Intrusos: personas que consiguen acceder a los datos o programas a los cuales no están autorizados (crackers, defacers, hackers, script kiddie o script boy, viruxers, etc.).

• - Un siniestro (robo, incendio, inundación): una mala manipulación o mala intención derivan en la pérdida del material o de los archivos.

• - Personal técnico interno: técnicos de sistemas, administradores de bases de datos, técnicos de desarrollo, etc. Los motivos que se encuentran entre los habituales son: disputas internas, problemas laborales, despidos, fines lucrativos, espionaje, etc.

• - Fallos electrónicos o lógicos de los sistemas informáticos en general.

Social engineering

Social engineering is the practice of obtaining confidential information through the manipulation of legitimate users. It is a technique that certain people can use to obtain information, access or privileges in information systems, with results similar to an attack through the network, bypassing the entire infrastructure created to combat malicious programs. In addition, it is a more efficient attack, because it is more complex to calculate and predict.

The principle that underpins social engineering is that in any system "users are the weak link."

Types of threats

There are countless ways to classify an attack and each attack can receive more than one classification. For example, a case of phishing can involve stealing the password of a social network user and with it carrying out identity theft for subsequent harassment, or the theft of the password can simply be used to change the profile photo and leave it all as a joke (without ceasing to be a crime in both cases, at least in countries with legislation for the case, such as Spain).

The fact of connecting a system to an external environment gives us the possibility that an attacker can enter it and steal information or alter the operation of the network. However, the fact that the network is not connected to an external environment, such as the Internet, does not guarantee its security. According to the Computer Security Institute (CSI) of San Francisco, approximately between 60 and 80 percent of network incidents are caused from within the network. Based on the origin of the attack we can say that there are two types of threats:

• - Internal threats: generally these threats can be more serious than external ones, for several reasons such as:.

• - External threats: These are threats that originate outside the network. By not having accurate information about the network, an attacker has to take certain steps to know what is on it and find a way to attack it. The advantage in this case is that the network administrator can prevent a good part of external attacks. It is at this point where perimeter cybersecurity becomes important, because it helps protect an organization's network and computer systems against external attacks.

The type of threats according to the effect they cause on the person receiving the attacks could be classified as:

• - Theft of information.

• - Destruction of information.

• - Cancellation of the operation of the systems or effects that tend to do so.

• - Identity theft, advertising of personal or confidential data, change of information, sale of personal data, etc.

• - Money theft, scams...

They can be classified by the modus operandi of the attacker, although the effect may be different for the same type of attack:.

• - Computer virus: malware that aims to alter the normal functioning of the computer, without the permission or knowledge of the user. Viruses usually replace executable files with others infected with its code. Viruses can intentionally destroy the data stored on a computer, although there are also more harmless ones, which are only characterized by being annoying.

• - Phishing.[5]​.

• - Social engineering "Social engineering (computer security)").

• - Denial of service.

Cyber ​​threat of the future

If at one time the objective of the attacks was to change technological platforms, now cybercriminal trends indicate that the new modality is to manipulate the certificates that contain digital information. The semantic area, which was reserved for humans, now became the core of attacks due to the evolution of Web 2.0 and social networks, factors that led to the birth of generation 3.0.

It is said that "Web 3.0 provides content and meanings in such a way that they can be understood by computers, which - through artificial intelligence techniques - are capable of emulating and improving the obtaining of knowledge, until now reserved for people." That is, it is about giving meaning to web pages, and hence the name semantic web or knowledge society, as an evolution of the already past information society.

In this sense, the computer threats that come in the future are no longer with the inclusion of Trojans in the systems or spy software, but with the fact that the attacks have become professionalized and manipulate the meaning of virtual content.

• - “Web 3.0, based on concepts such as elaboration, sharing and meaning, is representing a challenge for hackers who no longer use conventional attack platforms, but instead choose to modify the meanings of digital content, thus causing logical confusion for the user and thus allowing intrusion into systems.” capital.”

• - Obtaining user profiles through, in principle, lawful means: monitoring of searches carried out, browsing history, monitoring with geopositioning of mobile phones, analysis of digital images uploaded to the Internet, etc.

To avoid falling prey to this new wave of more subtle attacks, it is recommended:.

• - Keep solutions activated and updated.

• - Avoid carrying out commercial operations on public computers or on open networks.

• - Check attachments of suspicious messages and avoid downloading them if in doubt.

• - DMS in the Data Center.

El análisis de riesgos informáticos es un proceso que comprende la identificación de activos informáticos, sus vulnerabilidades y amenazas a los que se encuentran expuestos así como su probabilidad de ocurrencia y el impacto de las mismas, a fin de determinar los controles adecuados para aceptar, disminuir, transferir o evitar la ocurrencia del riesgo.

Teniendo en cuenta que la explotación de un riesgo causaría daños o pérdidas financieras o administrativas a una empresa u organización, se tiene la necesidad de poder estimar la magnitud del impacto del riesgo a que se encuentra expuesta mediante la aplicación de controles. Dichos controles, para que sean efectivos, deben ser implementados en conjunto formando una arquitectura de seguridad con la finalidad de preservar las propiedades de confidencialidad, integridad y disponibilidad de los recursos objetos de riesgo.

Elements of a risk analysis

The risk analysis process usually generates a document known as a risk matrix. This document shows the elements identified, the way they are related and the calculations performed. This risk analysis is essential to achieve correct risk management. Risk management refers to the management of the organization's resources.

There are different types of risks such as residual risk and total risk as well as risk treatment, risk evaluation and risk management among others. The formula to determine the total risk is:.

From this formula we will determine its treatment and after applying the controls we will be able to obtain the residual risk.

Types of risk

It is associated with the way the organization is managed. Strategic risk management focuses on global issues related to the mission and the fulfillment of strategic objectives, the clear definition of the design policies and conceptualization of the organization by senior management.

It is related to the perception and trust of society towards the organization.

They include risks arising from the functioning and operability of information systems, the definition of business processes, the structure of the organization and the articulation between areas or dependencies.

They relate to the management of the organization's resources that include:

• - Budget execution.

• - The preparation of financial statements.

• - Payments.

• - Surplus management and asset management.

They are associated with the organization's ability to comply with legal, structural, ethical requirements and in general with its commitment to society and the state.

They are related to the technological capacity of the organization to meet its current and future needs, and the fulfillment thereof.

The challenge is to strategically allocate resources for each security team and assets involved, based on the potential impact for the business, regarding the various incidents that must be resolved.[6]​.

To determine prioritization, the incident management system needs to know the value of information systems that can potentially be affected by security incidents. This may involve someone within the organization assigning a monetary value to each computer and file on the network or assigning a relative value to each system and the information about it. Within the values ​​for the system we can distinguish: confidentiality of the information, integrity (applications and information) and finally the availability of the system. Each of these values ​​is an independent system of the business, suppose the following example, a public web server can have the characteristic of low confidentiality (since all the information is public) but needs high availability and integrity, to be reliable. In contrast, an enterprise resource planning (ERP) system is usually a system that has a high score on all three variables.

Individual incidents can vary widely in terms of scope and importance.

Un mecanismo de seguridad (también llamado herramienta de seguridad o control) es una técnica que se utiliza para implementar un servicio, es decir, es aquel mecanismo que está diseñado para detectar, prevenir o recobrarse de un ataque de seguridad. Los mecanismos de seguridad implementan varios servicios básicos de seguridad o combinaciones de estos servicios básicos, los servicios de seguridad especifican "qué" controles son requeridos y los mecanismos de seguridad especifican "cómo" deben ser ejecutados los controles.

Dentro de las diferentes categorías de mecanismos de seguridad, uno de los aspectos relevantes es la ciberseguridad perimetral. La ciberseguridad perimetral se enfoca en proteger el perímetro de una red contra amenazas y ataques cibernéticos. Consiste en establecer medidas de seguridad en los puntos de entrada y salida de la red, como firewalls, sistemas de detección y prevención de intrusiones (IDS/IPS), sistemas de prevención de pérdida de datos (DLP) y otros dispositivos y técnicas de seguridad.

No existe un único mecanismo capaz de proveer todos los servicios, sin embargo, la mayoría de ellos hace uso de técnicas criptográficas basadas en el cifrado de la información. Los mecanismos de seguridad son acciones llevadas a cabo con el objetivo de reducir el riesgo asociado a las vulnerabilidades. Estas acciones pueden ser preventivas, detectivas, y recuperables.

Federación.

Uno de los riesgos más ignorados en la era de la digitalización es el robo de ventajas competitivas, sobre todo en áreas corporativas con alta rotación de empleados. En el extremo, la propiedad intelectual (PI) dedepartamentos basados en algoritmos está a un solo copiar y pegarde caer en manos de un competidor.[7]​.

1. • Protección de algoritmos: Las tecnologías tradicionales no diseñadas para proteger intrínsecamente contra este tipo de robo de PI, a menudo requieren protocolos ad hoc forzados para proteger la información sensible. Pero aquí es donde entra la lógica de Data MAPs, basados en tecnología federada entra en juego. En microservicios de software en unidades aún más pequeñas y distribuyéndolas entre varias aplicaciones, los algoritmos son fragmentados en piezas que residen en diferentes nodos a través de servidores. De este modo, varios equipos pueden contribuir a la evolución iterativa de un algoritmo masivo sin que ningún equipo tenga una visión completa de todo el sistema mientras es orquestado de forma nativa. Los protocolos federados dificultan exponencialmente el robo de la propiedad intelectual.

2. • Protección de datos: En lo que respecta a los datos, los protocolos de federación incompletos presentan un problema importante. Se podría decir que, en el contexto de la digitalización, la federación no ha sido lo suficientemente ambiciosa: la mera distribución de datos entre servidores departamentales para garantizar la calidad y la disponibilidad no es suficiente para brindar una protección integral. En lugar de esto, los datos departamentales deben distribuirse entre varios servidores de tal manera que, si se produce una violación, solo se vean comprometidas recopilaciones de datos aleatorias y no relacionadas. Por ejemplo, una violación podría exponer el nombre de un cliente, la dirección de una oficina, los comentarios de RR. HH. de un empleado y el costo de una campaña de marketing, pero no lo suficiente como para causar un daño probable. Una estrategia de gestión de datos basada en algoritmos garantizaría la disponibilidad de los datos, mientras que la reorganización continua de recopilaciones de datos entre nodos agregaría ruido a cualquier servidor comprometido. La implementación de la algoritmización en el núcleo I ofrece un mecanismo de defensa sólido a través de la federación de algoritmos en varios nodos. Esta estructura no solo protege contra el hackeo y la explotación externa, sino que también mitiga los riesgos operativos. Ya sea a través de las ventajas inherentes del modelo federado o al aprovechar este marco para crear nuevas tecnologías de seguridad adaptables, las empresas ahora pueden proteger sus operaciones de maneras que los sistemas tradicionales no son capaces de proporcionar.[7]​.

Classification by function and purpose

There are different types of security mechanisms, which are classified according to their function and objective. In general, they are divided into two categories:

These mechanisms are directly related to the required security levels and some of them are related to security management. They allow determining the degree of security of the system, since they are applied to comply with the general security policy.

They define the implementation of specific services. The most important are the following:

• - Confidentiality: guarantees that the information is only accessible by authorized people.

• - Non-repudiation: ensures that an entity cannot deny the authorship or receipt of a communication.

• - Integrity: protects information against unauthorized modifications.

• - Authentication: verifies the identity of a user or system.

• - Access control: regulates access to information resources.

• - Availability: guarantees that systems and resources are available when required.

Classification by actions they perform

Security mechanisms can also be classified according to the actions they perform:

These controls reduce the likelihood of a deliberate attack by implementing measures that deter potential attackers.

Preventative controls protect vulnerabilities and cause an attack to fail or reduce its impact. These controls include implementing security policies, applying patches and updates, securely configuring systems, and using technologies such as firewalls and intrusion prevention systems (IPS).

Corrective controls reduce the effect of an attack once it has occurred. They include data recovery, system restoration, and implementing corrective measures to prevent future security incidents.

These controls focus on discovering attacks and activating the corresponding preventive or corrective controls. They include intrusion detection systems (IDS), log analysis and security monitoring systems.

There is no exact definition of artificial intelligence, however, according to the report by the National Cryptologic Center (CNN) published in October 2023, artificial intelligence is considered a specialized branch within the field of computing. Its main purpose is to develop systems capable of executing tasks that traditionally have human intelligence. (Martín Martín, M. 2024, p.28).[8]​.

The research and analysis platform Deloitte Insights (2021) highlights that, in cybersecurity, artificial intelligence acts as a clear multiplier of capabilities: it allows security teams to react faster than attackers and, in addition, anticipate and foresee types of attacks to design responses in advance.[8]​.

According to experts, AI will facilitate the identification, prevention or neutralization of threats, evolving from reactive measures to proactive strategies by stopping anomalies in real time, intelligent authentication and automated response.[9]​.

AI in general and related technologies will help cyber defenders enhance the detention, response and identification of attackers at scale, in addition to streamlining analysis and other tedious tasks. Meaningful use of AI will allow organizations to reduce work by summarizing large volumes of data and aggregating it into threat intelligence, generating actionable detections and analysis.[9]​.

On the other hand, machine learning from artificial intelligence is transforming cybersecurity by improving and strengthening the detection, prevention and response to digital threats.[8]​.

Currently, the national legislation of the States obliges companies and public institutions to implement a security policy. For example, in Spain, the Organic Law on the Protection of Personal Data (LOPD) "Organic Law on the Protection of Personal Data (Spain)") and its implementing regulations, protects this type of data by stipulating basic measures and needs that prevent the loss of quality of the information or its theft. Also in that country, the National Security Scheme establishes technological measures to allow the computer systems that provide services to citizens to comply with security requirements in accordance with the type of availability of the services provided.

Generally, it is exclusively concerned with ensuring access rights to data and resources with control tools and identification mechanisms. These mechanisms allow us to know that operators have only the permissions that were given to them.

Computer security must be studied so that it does not impede the work of operators in what is necessary and that they can use the computer system with complete confidence. That is why when it comes to developing a security policy, it is advisable to:.

• - Develop rules and procedures for each service of the organization.

• - Define the actions to be taken and choose the people to contact if a possible intrusion is detected.

• - Raise awareness among operators about the problems linked to the security of computer systems.

The access rights of the operators must be defined by the hierarchical managers and not by the IT administrators, who must ensure that the resources and access rights are consistent with the defined security policy. Furthermore, as the administrator is usually the only one who knows the system perfectly, he or she has to refer any problem and relevant information about security to management, and finally advise strategies to implement, as well as be the entry point for communicating to workers about problems and recommendations in terms of computer security.

El activo más importante que se posee es la información y, por lo tanto, deben existir técnicas que la aseguren, más allá de la seguridad física que se establezca sobre los equipos en los cuales se almacena. Estas técnicas las brinda la seguridad lógica que consiste en la aplicación de barreras y procedimientos que resguardan el acceso a los datos y solo permiten acceder a ellos a las personas autorizadas para hacerlo.

Cada tipo de ataque y cada sistema requiere de un medio de protección o más (en la mayoría de los casos es una combinación de varios de ellos).

A continuación se enumeran una serie de medidas que se consideran básicas para asegurar un sistema tipo, si bien para necesidades específicas se requieren medidas extraordinarias y de mayor profundidad:.

• - Utilizar técnicas de desarrollo que cumplan con los criterios de seguridad al uso para todo el software que se implante en los sistemas, partiendo de estándares y de personal suficientemente capacitado y comprometido con la seguridad.

• - Implantar medidas de seguridad físicas: sistemas antincendios, vigilancia de los centros de proceso de datos, sistemas de protección contra inundaciones, protecciones eléctricas contra apagones y sobretensiones "Sobretensión (electricidad)"), sistemas de control de accesos, etc.

• - Codificar la información: criptología, criptografía y . Esto se debe realizar en todos aquellos trayectos por los que circule la información que se quiere proteger, no solo en aquellos más vulnerables. Por ejemplo, si los datos de una base muy confidencial se han protegido con dos niveles de cortafuegos, se ha cifrado todo el trayecto entre los clientes y los servidores y entre los propios servidores, se utilizan certificados y sin embargo se dejan sin cifrar las impresiones enviadas a la impresora de red, tendríamos un punto de vulnerabilidad. En términos de encriptación, para una mayor protección ante un posible ataque se recomienda utilizar los algoritmos más actualizados. Actualmente, uno de los algoritmos más usados es Advance Encryption Standard (AES), también conocido como AES-256. De acuerdo con el proveedor de red privada virtual NordVPN, solo sería posible romper este encriptado tras probar 2^256 combinaciones diferentes, lo que lo hace virtualmente imposible. Otros protocolos de encriptación son IKEv2/IPsec o OpenVPN.

• - Contraseñas difíciles de averiguar que, por ejemplo, no puedan ser deducidas a partir de los datos personales del individuo o por comparación con un diccionario, y que se cambien con la suficiente periodicidad. Las contraseñas, además, deben tener la suficiente complejidad como para que un atacante no pueda deducirla por medio de programas informáticos. El uso de certificados digitales mejora la seguridad frente al simple uso de contraseñas.

• - Vigilancia de red. Las redes transportan toda la información, por lo que además de ser el medio habitual de acceso de los atacantes, también son un buen lugar para obtener la información sin tener que acceder a las fuentes de la misma. Por la red no solo circula la información de ficheros informáticos como tal, también se transportan por ella: correo electrónico, conversaciones telefónicas (VoIP), mensajería instantánea, navegación por Internet, lecturas y escrituras a bases de datos, etc. Por todo ello, proteger la red es una de las principales tareas para evitar robo de información. Existen medidas que abarcan desde la seguridad física de los puntos de entrada hasta el control de equipos conectados, por ejemplo 802.1x. En el caso de redes inalámbricas la posibilidad de vulnerar la seguridad es mayor y deben adoptarse medidas adicionales.

• - Redes perimetrales de seguridad "Zona desmilitarizada (informática)"), o DMZ, permiten generar reglas de acceso fuertes entre los usuarios y servidores no públicos y los equipos publicados. De esta forma, las reglas más débiles solo permiten el acceso a ciertos equipos y nunca a los datos, que quedarán tras dos niveles de seguridad.

• - Tecnologías repelentes o protectoras: cortafuegos "Cortafuegos (informática)"), sistema de detección de intrusos - antispyware, antivirus, llaves para protección de software, etc.

• - Mantener los sistemas de información con las actualizaciones que más impacten en la seguridad.

• - Copias de seguridad e, incluso, sistemas de respaldo remoto que permiten mantener la información en dos ubicaciones de forma asíncrona.

• - Controlar el acceso a la información por medio de permisos centralizados y mantenidos (tipo Active Directory, LDAP, listas de control de acceso, etc.). Los medios para conseguirlo son:.

• - Restringir el acceso (de personas de la organización y de las que no lo son) a los programas y archivos.

• - Asegurar que los operadores puedan trabajar pero que no puedan modificar los programas ni los archivos que no correspondan (sin una supervisión minuciosa).

• - Asegurar que se utilicen los datos, archivos y programas correctos en/y/por el procedimiento elegido.

• - Asegurar que la información transmitida sea la misma que reciba el destinatario al cual se ha enviado y que no le llegue a otro y que existan sistemas y pasos de emergencia alternativos de transmisión entre diferentes puntos.

• - Organizar a cada uno de los empleados por jerarquía informática, con claves distintas y permisos bien establecidos, en todos y cada uno de los sistemas o aplicaciones empleadas.

• - Actualizar constantemente las contraseñas de accesos a los sistemas de cómputo, como se ha indicado más arriba, e incluso utilizando programa que ayuden a los usuarios a la gestión de la gran cantidad de contraseñas que tienen gestionar en los entornos actuales, conocidos habitualmente como gestores de identidad.

• - Redundancia y descentralización.

• - Candado Inteligente: USB inalámbrico utilizado para brindarle seguridad a la computadora. La misma se bloquea cuando el usuario que tiene este aparato se aleja más de tres metros. El kit contiene un USB inalámbrico y un software para instalar que detecta cuando el usuario está lejos y cuando está más cerca de los tres metros, habilitando nuevamente la computadora.

Information backup

Information constitutes the most important asset of companies, and can be affected by many factors such as theft, fires, disk failures, viruses and others. From the company's point of view, one of the most important problems it must solve is the permanent protection of its critical information.

The most efficient measure for data protection is to determine a good backup policy. This should include full backups (data is stored in its entirety the first time) and incremental backups (only files created or modified since the last backup are copied). It is vital for companies to develop a backup plan based on the volume of information generated and the number of critical equipment.

A good backup system must have certain essential characteristics:

• - Continuous: Data backup must be completely automatic and continuous. It must work transparently, without intervening in the tasks that the user is performing.

• - Secure: Many backup software include data encryption, which must be done locally on the computer before sending the information.

• - Remote: The data must be hosted in offices far from the company.

• - Maintenance of previous versions of the data: There must be a system that allows the recovery of, for example, daily, weekly and monthly versions of the data.

Nowadays, online information backup systems and remote backup services are gaining ground in companies and government agencies. Most modern online information backup systems have maximum security measures and data availability. These systems allow companies to grow in volume of information, deriving the need for backup growth from the service provider.

Virus protection

Viruses are one of the most traditional means of attacking systems and the information they support. In order to avoid its contagion, the equipment and the means of access to it must be monitored, mainly the network.

Having only the necessary software installed on the machine reduces risks. Likewise, having the software under control ensures the quality of its origin (software obtained illegally or without guarantees increases the risks). In any case a software inventory provides a correct method of ensuring reinstallation in the event of a disaster. Software with quick installation methods also facilitates reinstallation in case of contingency.

The entry points into the network are generally email, web pages and the entry of files from disks, or from other people's computers such as laptops.

Keeping the number of network resources in read-only mode to the maximum prevents infected computers from spreading viruses. In the same sense, user permissions can be reduced to a minimum.

Data can be centralized so that virus detectors in batch mode can work during machine downtime.

Controlling Internet access can detect, in recovery phases, how the virus has been introduced.

Physical protection of network access

Regardless of the measures taken to protect computers on a local area network and the software that resides on them, measures must be taken to prevent unauthorized users from gaining access. The usual measures depend on the physical environment to be protected.

Some of the methods are listed below, without going into the topic of protecting the network against attacks or intrusion attempts from external networks, such as the Internet.

Building connection rosettes must be protected and monitored. A basic measure is to avoid having network points connected to the switches "Switch (network device)"). Even so, a device can always be replaced by another unauthorized device, which requires additional measures: 802.1x access standard, access control lists by MAC addresses, DHCP servers by reserved assignment, etc.

In this case, physical control becomes more difficult, although measures can be taken to contain the electromagnetic emission to limit it to those places that we consider appropriate and safe. Additionally, the use of encryption (WPA, WPA v.2, use of digital certificates, etc.), shared passwords and, also in this case, MAC address filters, are several of the common measures that when applied together increase security considerably compared to the use of a single method.

Sanitization

Logical or physical process by which information considered sensitive or confidential is removed from a medium, whether physical or magnetic, either with the aim of declassifying it, reusing the medium or destroying the medium in which it is located.

Use of reliable hardware

Reliable hardware is known as any device designed to offer a series of facilities that allow critical information to be safely handled. It is not necessary to understand that since they are reliable, they have infallible security mechanisms, they have their limitations. The only thing it wants to indicate is that they provide certain facilities that improve security and make attacks more difficult. The Trusted Computing Group is a group of companies that define hardware specifications with the aim of having more secure platforms.[10]​.

Security information collection and analysis

To maintain a secure system, it is necessary to establish mechanisms that monitor the different events and information that are related to the security of the system. It is very useful to have a centralized view of this type of information so that it can be analyzed in a single location. For this purpose, security information management systems (SIM) have been developed, responsible for long-term storage, analysis and communication of security data, security event management systems (SEM), responsible for real-time monitoring, correlation of events, notifications and console views of security information, and finally security information and event management systems, which group the functionalities of the two types of systems. previous.[11]​.

Existen organismos oficiales encargados de asegurar servicios de prevención de riesgos y asistencia a los tratamientos de incidencias, tales como el Computer Emergency Response Team Coordination Center del Software Engineering Institute de la Universidad Carnegie Mellon, que es un centro de alerta y reacción frente a los ataques informáticos, destinados a las empresas o administradores, pero generalmente estas informaciones son accesibles a todo el mundo.

Spain

The National Cybersecurity Institute (INCIBE) is an organization dependent on Red.es and the Ministry of Energy, Tourism and Digital Agenda of Spain.[12]​.

European Union

The European Commission has decided to create the European Cybercrime Center (EC3) as a focal point of the EU police fight against cybercrime, contributing to a faster reaction to online crimes. This center effectively opened on 1 January 2013 and aims to support Member States and EU institutions in building operational and analytical capacity for research, as well as cooperation with international partners.

Germany

On June 16, 2011, the German Minister of the Interior officially opened the new National Cyber ​​Defense Center (NCAZ, or National Cyber-Abwehrzentrum) located in Bonn. The NCAZ cooperates closely with the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI); the Federal Criminal Investigation Office "Federal Criminal Investigation Office (Germany)") (Bundeskriminalamt, BKA); the Federal Intelligence Service (Bundesnachrichtendienst, or BND); the Military Intelligence Service (Amt für den Militärischen Abschirmdienst, or MAD) and other national organizations in Germany. According to the minister, the primary task of the new organization founded on February 23, 2011, is to detect and prevent attacks against national infrastructure.

USA

On May 1, 2009, Senator Jay Rockefeller (D-WV) introduced the "Cybersecurity Act of 2009 - S. 773" (full text) in the Senate; the bill, co-authored with Senators Evan Bayh (D-IL), Barbara Mikulski (D-MD), Bill Nelson (D-FL), and Olympia Snowe (R-ME), was referred to the Committee. Commerce, Science, and Transportation, which passed a revised version of the same bill (the "Cybersecurity Act of 2010") on March 24, 2010. The bill seeks to increase collaboration between the public sector and the private sector on cybersecurity issues, especially private entities that own infrastructure that are critical to national security interests (quotes says John Brennan, the Assistant to the President for Homeland Security and Counterterrorism: "our nation's security and economic prosperity depends on the security, stability and integrity of communications and information infrastructure that are largely private operating globally" and speaks to the country's response to a "cyber-Katrina"), increase public awareness of cybersecurity issues, and encourage cybersecurity research and background. Some of the most controversial points of the bill include paragraph 315, which gives the President the right to "request the limitation or shutdown of Internet traffic to and from the compromised Federal Government or United States information system or critical network infrastructure." The Electronic Frontier Foundation, a nonprofit digital rights advocacy and legal organization based in the United States, characterized the bill as promoting a "potentially dangerous approach that favors dramatic over sober response."

Mexico

UNAM-CERT is a group of professionals who are in charge of evaluating the vulnerabilities of Information systems in Mexico.

Colombia

On April 11, 2016, the National Council of Economic and Social Policy of the Republic of Colombia officially publishes document CONPES 3854[13]​ within which the national digital security policy is stipulated, in which the MINTIC is designated as in charge of carrying out awareness days on digital security, as well as designing a digital security risk management model.

On the other hand, the Ministry of National Defense MINDEFENSA "Ministry of Defense (Colombia)") must carry out a plan to strengthen the operational, administrative, human, scientific, physical and technological infrastructure capabilities of colCERT.

The National Planning Department DNP "National Planning Department (Colombia)") will be the general coordinator of the implementation of digital security in all public entities of the state and voluntary adoption of private entities and will have the support of the Administrative Department of Public Function (DAFP).

The professional or job opportunities of Cybersecurity are very varied and increasingly in demand due to the continuous changes in the digital age and due to the constant attacks that companies, governments and users suffer daily on their data. This has also been reinforced due to the new data protection law of 2018.[14]​ Among the professional opportunities we can find:.

• - Network security administrators.

Mainly focused on protecting network infrastructure from threats and unauthorized access.

• - Application security.

It mainly focuses on ensuring that applications are secure against vulnerabilities and attacks (Penetration testing, static code analysis).

• - Cryptography.

Using mathematical techniques, information and communications are secured through authentication tests or digital signatures.

• - Identity and Access Management.

Access to certain resources within a specific organization is controlled through multi-factor authentication, identity management, and role-based access control.

• - Incident response.

It is the detection and mitigation of attacks to minimize the impact they can cause, protecting the confidentiality and integrity of data, from initial detection using event management and security information systems, to eliminating threats, restoring systems and effective internal and external communication about the incident.

• - Cloud security.

They are the measures and practices that must be followed to protect the systems, data and applications found in computing environments. It goes from managing identities and access to planning data retention.

• - Forensic analysis.

Cyber ​​incidents are investigated by collecting and analyzing evidence that is found, for example network analysis and data recovery.

• - Security engineering.

It is the design and construction of secure systems, using security architecture, security testing and automation.

What are the skills required for these positions?[15]​.

• - Management of different operating systems, networks and programming languages.

• - Implement cryptographic protocols.

• - Analyze threats and develop prevention techniques.

• - Knowledge of regulations.

• - Security in defense infrastructures and system audits.

• - Forensic and malware analysis.

• - Knowledge of technological environments such as SCADA or Smart GRid.

• - Incident management through networking, IDS, IPS, log and network traffic analysis.

• - Wikilibros hosts a book or manual on Computer Security.

While in traditional cybersecurity (IT) the protection model is based on the triad CID (Confidentiality, Integrity and Availability), in industrial control systems and real-time (OT) systems, priorities are often reversed towards the AIC model (Availability, Integrity and Confidentiality).[1]​.

This is because, in critical environments such as power grids, nuclear plants or medical devices (cyber-physical systems), service interruption (low availability) or delay in data transmission (latency) can have catastrophic physical consequences, unlike the loss of data confidentiality that prevails in corporate environments. Therefore, heavy encryption protocols that introduce latency (jitter) are sometimes not viable in Hard Real-Time systems.

With the Internet and other major technological advances in recent years, cybersecurity has become a more well-known term. In 1967, representatives of the RAND Corporation and the National Security Agency were the first to publish research on security threats in the field of computer time-sharing.[4]​.

Computer security aims to establish standards and measures that minimize risks to information and computer infrastructure. These standards include aspects such as operating hours, access restrictions, authorizations, denials, user profiles, emergency plans, protocols and everything necessary to guarantee an adequate level of computer security without compromising the performance of workers and the organization in general, and as the main contributor to the use of programs made by programmers.

In terms of protected assets, computer security is designed to protect computer assets, which include the following:.

• - Computational infrastructure: is a fundamental part for the storage and management of information, as well as for the operation of the organization itself. The function of computer security in this area is to ensure that the equipment works properly and anticipate failures, theft, fires, sabotage, natural disasters, power failures and any other factor that threatens the computer infrastructure.

• - Users: are the people who use the technological structure, communications area and who manage the information. The system in general must be protected so that its use cannot call into question the security of the information nor so that the information they handle or store is vulnerable.

• - Information: this is the main asset. It uses and resides in the computing infrastructure and is used by users. Computer security is concerned with protecting the confidentiality, integrity and availability of information.

Within the field of cybersecurity, it is essential to have clearly defined roles and responsibilities to ensure effective management of information security. In this sense, the National Security Scheme (ENS) establishes the basic roles that must exist in organizations to ensure the protection of information.

According to the ICT Security Guide CCN-STIC 801, in addition to the three main figures mentioned in article 10 of the ENS (Information Manager, Service Manager and Security Manager), there are other important roles that can play a relevant role in information security management.

One of these roles is the so-called Information System Manager, whose responsibility can be located within the organization itself or compartmentalized between the organization and third parties, whether public or private service providers, in the case of outsourced information systems. The Information System Manager has the responsibility of guaranteeing the proper use and functioning of the information systems, as well as implementing the necessary security measures.

It is important to note that the competencies and responsibilities of the aforementioned roles may vary depending on the organization and its specific context. However, it is essential that these roles are clearly defined and that there is effective coordination between them to ensure comprehensive information security management.

The ENS Framework provides guidance and reference for organizations in implementing information security measures. Establishes the minimum security requirements that the systems and services used by public administrations must meet, as well as the guidelines to evaluate and manage the risks associated with information security.

Contenido

No solamente las amenazas que surgen de la programación y el funcionamiento de un dispositivo de almacenamiento, transmisión o proceso deben ser consideradas, también hay otras circunstancias no informáticas que deben ser tomadas en cuenta. Muchas son a menudo imprevisibles o inevitables, de modo que las únicas protecciones posibles son las redundancias y la descentralización, por ejemplo mediante determinadas estructuras de redes en el caso de las comunicaciones o servidores en clúster "Clúster (informática)") para la disponibilidad.

Las amenazas pueden ser causadas por:.

• - Usuarios: causa del mayor problema ligado a la seguridad de un sistema informático. En algunos casos sus acciones causan problemas de seguridad, si bien en la mayoría de los casos es porque tienen permisos sobredimensionados, no se les han restringido acciones innecesarias, etc.

• - Programas maliciosos: programas destinados a perjudicar o a hacer un uso ilícito de los recursos del sistema. Es instalado en el ordenador, abriendo una puerta a intrusos o bien modificando los datos. Estos programas pueden ser un virus informático, un gusano informático, un troyano "Troyano (informática)"), una bomba lógica, un programa espía o spyware, en general conocidos como malware.

• - Errores de programación: la mayoría de los errores de programación que se pueden considerar como una amenaza informática es por su condición de poder ser usados como exploits por los crackers, aunque se dan casos donde el mal desarrollo es, en sí mismo, una amenaza. La actualización de parches de los sistemas operativos y aplicaciones permite evitar este tipo de amenazas.

• - Intrusos: personas que consiguen acceder a los datos o programas a los cuales no están autorizados (crackers, defacers, hackers, script kiddie o script boy, viruxers, etc.).

• - Un siniestro (robo, incendio, inundación): una mala manipulación o mala intención derivan en la pérdida del material o de los archivos.

• - Personal técnico interno: técnicos de sistemas, administradores de bases de datos, técnicos de desarrollo, etc. Los motivos que se encuentran entre los habituales son: disputas internas, problemas laborales, despidos, fines lucrativos, espionaje, etc.

• - Fallos electrónicos o lógicos de los sistemas informáticos en general.

Social engineering

Social engineering is the practice of obtaining confidential information through the manipulation of legitimate users. It is a technique that certain people can use to obtain information, access or privileges in information systems, with results similar to an attack through the network, bypassing the entire infrastructure created to combat malicious programs. In addition, it is a more efficient attack, because it is more complex to calculate and predict.

The principle that underpins social engineering is that in any system "users are the weak link."

Types of threats

There are countless ways to classify an attack and each attack can receive more than one classification. For example, a case of phishing can involve stealing the password of a social network user and with it carrying out identity theft for subsequent harassment, or the theft of the password can simply be used to change the profile photo and leave it all as a joke (without ceasing to be a crime in both cases, at least in countries with legislation for the case, such as Spain).

The fact of connecting a system to an external environment gives us the possibility that an attacker can enter it and steal information or alter the operation of the network. However, the fact that the network is not connected to an external environment, such as the Internet, does not guarantee its security. According to the Computer Security Institute (CSI) of San Francisco, approximately between 60 and 80 percent of network incidents are caused from within the network. Based on the origin of the attack we can say that there are two types of threats:

• - Internal threats: generally these threats can be more serious than external ones, for several reasons such as:.

• - External threats: These are threats that originate outside the network. By not having accurate information about the network, an attacker has to take certain steps to know what is on it and find a way to attack it. The advantage in this case is that the network administrator can prevent a good part of external attacks. It is at this point where perimeter cybersecurity becomes important, because it helps protect an organization's network and computer systems against external attacks.

The type of threats according to the effect they cause on the person receiving the attacks could be classified as:

• - Theft of information.

• - Destruction of information.

• - Cancellation of the operation of the systems or effects that tend to do so.

• - Identity theft, advertising of personal or confidential data, change of information, sale of personal data, etc.

• - Money theft, scams...

They can be classified by the modus operandi of the attacker, although the effect may be different for the same type of attack:.

• - Computer virus: malware that aims to alter the normal functioning of the computer, without the permission or knowledge of the user. Viruses usually replace executable files with others infected with its code. Viruses can intentionally destroy the data stored on a computer, although there are also more harmless ones, which are only characterized by being annoying.

• - Phishing.[5]​.

• - Social engineering "Social engineering (computer security)").

• - Denial of service.

Cyber ​​threat of the future

If at one time the objective of the attacks was to change technological platforms, now cybercriminal trends indicate that the new modality is to manipulate the certificates that contain digital information. The semantic area, which was reserved for humans, now became the core of attacks due to the evolution of Web 2.0 and social networks, factors that led to the birth of generation 3.0.

It is said that "Web 3.0 provides content and meanings in such a way that they can be understood by computers, which - through artificial intelligence techniques - are capable of emulating and improving the obtaining of knowledge, until now reserved for people." That is, it is about giving meaning to web pages, and hence the name semantic web or knowledge society, as an evolution of the already past information society.

In this sense, the computer threats that come in the future are no longer with the inclusion of Trojans in the systems or spy software, but with the fact that the attacks have become professionalized and manipulate the meaning of virtual content.

• - “Web 3.0, based on concepts such as elaboration, sharing and meaning, is representing a challenge for hackers who no longer use conventional attack platforms, but instead choose to modify the meanings of digital content, thus causing logical confusion for the user and thus allowing intrusion into systems.” capital.”

• - Obtaining user profiles through, in principle, lawful means: monitoring of searches carried out, browsing history, monitoring with geopositioning of mobile phones, analysis of digital images uploaded to the Internet, etc.

To avoid falling prey to this new wave of more subtle attacks, it is recommended:.

• - Keep solutions activated and updated.

• - Avoid carrying out commercial operations on public computers or on open networks.

• - Check attachments of suspicious messages and avoid downloading them if in doubt.

• - DMS in the Data Center.

El análisis de riesgos informáticos es un proceso que comprende la identificación de activos informáticos, sus vulnerabilidades y amenazas a los que se encuentran expuestos así como su probabilidad de ocurrencia y el impacto de las mismas, a fin de determinar los controles adecuados para aceptar, disminuir, transferir o evitar la ocurrencia del riesgo.

Teniendo en cuenta que la explotación de un riesgo causaría daños o pérdidas financieras o administrativas a una empresa u organización, se tiene la necesidad de poder estimar la magnitud del impacto del riesgo a que se encuentra expuesta mediante la aplicación de controles. Dichos controles, para que sean efectivos, deben ser implementados en conjunto formando una arquitectura de seguridad con la finalidad de preservar las propiedades de confidencialidad, integridad y disponibilidad de los recursos objetos de riesgo.

Elements of a risk analysis

The risk analysis process usually generates a document known as a risk matrix. This document shows the elements identified, the way they are related and the calculations performed. This risk analysis is essential to achieve correct risk management. Risk management refers to the management of the organization's resources.

There are different types of risks such as residual risk and total risk as well as risk treatment, risk evaluation and risk management among others. The formula to determine the total risk is:.

From this formula we will determine its treatment and after applying the controls we will be able to obtain the residual risk.

Types of risk

It is associated with the way the organization is managed. Strategic risk management focuses on global issues related to the mission and the fulfillment of strategic objectives, the clear definition of the design policies and conceptualization of the organization by senior management.

It is related to the perception and trust of society towards the organization.

They include risks arising from the functioning and operability of information systems, the definition of business processes, the structure of the organization and the articulation between areas or dependencies.

They relate to the management of the organization's resources that include:

• - Budget execution.

• - The preparation of financial statements.

• - Payments.

• - Surplus management and asset management.

They are associated with the organization's ability to comply with legal, structural, ethical requirements and in general with its commitment to society and the state.

They are related to the technological capacity of the organization to meet its current and future needs, and the fulfillment thereof.

The challenge is to strategically allocate resources for each security team and assets involved, based on the potential impact for the business, regarding the various incidents that must be resolved.[6]​.

To determine prioritization, the incident management system needs to know the value of information systems that can potentially be affected by security incidents. This may involve someone within the organization assigning a monetary value to each computer and file on the network or assigning a relative value to each system and the information about it. Within the values ​​for the system we can distinguish: confidentiality of the information, integrity (applications and information) and finally the availability of the system. Each of these values ​​is an independent system of the business, suppose the following example, a public web server can have the characteristic of low confidentiality (since all the information is public) but needs high availability and integrity, to be reliable. In contrast, an enterprise resource planning (ERP) system is usually a system that has a high score on all three variables.

Individual incidents can vary widely in terms of scope and importance.

Un mecanismo de seguridad (también llamado herramienta de seguridad o control) es una técnica que se utiliza para implementar un servicio, es decir, es aquel mecanismo que está diseñado para detectar, prevenir o recobrarse de un ataque de seguridad. Los mecanismos de seguridad implementan varios servicios básicos de seguridad o combinaciones de estos servicios básicos, los servicios de seguridad especifican "qué" controles son requeridos y los mecanismos de seguridad especifican "cómo" deben ser ejecutados los controles.

Dentro de las diferentes categorías de mecanismos de seguridad, uno de los aspectos relevantes es la ciberseguridad perimetral. La ciberseguridad perimetral se enfoca en proteger el perímetro de una red contra amenazas y ataques cibernéticos. Consiste en establecer medidas de seguridad en los puntos de entrada y salida de la red, como firewalls, sistemas de detección y prevención de intrusiones (IDS/IPS), sistemas de prevención de pérdida de datos (DLP) y otros dispositivos y técnicas de seguridad.

No existe un único mecanismo capaz de proveer todos los servicios, sin embargo, la mayoría de ellos hace uso de técnicas criptográficas basadas en el cifrado de la información. Los mecanismos de seguridad son acciones llevadas a cabo con el objetivo de reducir el riesgo asociado a las vulnerabilidades. Estas acciones pueden ser preventivas, detectivas, y recuperables.

Federación.

Uno de los riesgos más ignorados en la era de la digitalización es el robo de ventajas competitivas, sobre todo en áreas corporativas con alta rotación de empleados. En el extremo, la propiedad intelectual (PI) dedepartamentos basados en algoritmos está a un solo copiar y pegarde caer en manos de un competidor.[7]​.

1. • Protección de algoritmos: Las tecnologías tradicionales no diseñadas para proteger intrínsecamente contra este tipo de robo de PI, a menudo requieren protocolos ad hoc forzados para proteger la información sensible. Pero aquí es donde entra la lógica de Data MAPs, basados en tecnología federada entra en juego. En microservicios de software en unidades aún más pequeñas y distribuyéndolas entre varias aplicaciones, los algoritmos son fragmentados en piezas que residen en diferentes nodos a través de servidores. De este modo, varios equipos pueden contribuir a la evolución iterativa de un algoritmo masivo sin que ningún equipo tenga una visión completa de todo el sistema mientras es orquestado de forma nativa. Los protocolos federados dificultan exponencialmente el robo de la propiedad intelectual.

2. • Protección de datos: En lo que respecta a los datos, los protocolos de federación incompletos presentan un problema importante. Se podría decir que, en el contexto de la digitalización, la federación no ha sido lo suficientemente ambiciosa: la mera distribución de datos entre servidores departamentales para garantizar la calidad y la disponibilidad no es suficiente para brindar una protección integral. En lugar de esto, los datos departamentales deben distribuirse entre varios servidores de tal manera que, si se produce una violación, solo se vean comprometidas recopilaciones de datos aleatorias y no relacionadas. Por ejemplo, una violación podría exponer el nombre de un cliente, la dirección de una oficina, los comentarios de RR. HH. de un empleado y el costo de una campaña de marketing, pero no lo suficiente como para causar un daño probable. Una estrategia de gestión de datos basada en algoritmos garantizaría la disponibilidad de los datos, mientras que la reorganización continua de recopilaciones de datos entre nodos agregaría ruido a cualquier servidor comprometido. La implementación de la algoritmización en el núcleo I ofrece un mecanismo de defensa sólido a través de la federación de algoritmos en varios nodos. Esta estructura no solo protege contra el hackeo y la explotación externa, sino que también mitiga los riesgos operativos. Ya sea a través de las ventajas inherentes del modelo federado o al aprovechar este marco para crear nuevas tecnologías de seguridad adaptables, las empresas ahora pueden proteger sus operaciones de maneras que los sistemas tradicionales no son capaces de proporcionar.[7]​.

Classification by function and purpose

There are different types of security mechanisms, which are classified according to their function and objective. In general, they are divided into two categories:

These mechanisms are directly related to the required security levels and some of them are related to security management. They allow determining the degree of security of the system, since they are applied to comply with the general security policy.

They define the implementation of specific services. The most important are the following:

• - Confidentiality: guarantees that the information is only accessible by authorized people.

• - Non-repudiation: ensures that an entity cannot deny the authorship or receipt of a communication.

• - Integrity: protects information against unauthorized modifications.

• - Authentication: verifies the identity of a user or system.

• - Access control: regulates access to information resources.

• - Availability: guarantees that systems and resources are available when required.

Classification by actions they perform

Security mechanisms can also be classified according to the actions they perform:

These controls reduce the likelihood of a deliberate attack by implementing measures that deter potential attackers.

Preventative controls protect vulnerabilities and cause an attack to fail or reduce its impact. These controls include implementing security policies, applying patches and updates, securely configuring systems, and using technologies such as firewalls and intrusion prevention systems (IPS).

Corrective controls reduce the effect of an attack once it has occurred. They include data recovery, system restoration, and implementing corrective measures to prevent future security incidents.

These controls focus on discovering attacks and activating the corresponding preventive or corrective controls. They include intrusion detection systems (IDS), log analysis and security monitoring systems.

There is no exact definition of artificial intelligence, however, according to the report by the National Cryptologic Center (CNN) published in October 2023, artificial intelligence is considered a specialized branch within the field of computing. Its main purpose is to develop systems capable of executing tasks that traditionally have human intelligence. (Martín Martín, M. 2024, p.28).[8]​.

The research and analysis platform Deloitte Insights (2021) highlights that, in cybersecurity, artificial intelligence acts as a clear multiplier of capabilities: it allows security teams to react faster than attackers and, in addition, anticipate and foresee types of attacks to design responses in advance.[8]​.

According to experts, AI will facilitate the identification, prevention or neutralization of threats, evolving from reactive measures to proactive strategies by stopping anomalies in real time, intelligent authentication and automated response.[9]​.

AI in general and related technologies will help cyber defenders enhance the detention, response and identification of attackers at scale, in addition to streamlining analysis and other tedious tasks. Meaningful use of AI will allow organizations to reduce work by summarizing large volumes of data and aggregating it into threat intelligence, generating actionable detections and analysis.[9]​.

On the other hand, machine learning from artificial intelligence is transforming cybersecurity by improving and strengthening the detection, prevention and response to digital threats.[8]​.

Currently, the national legislation of the States obliges companies and public institutions to implement a security policy. For example, in Spain, the Organic Law on the Protection of Personal Data (LOPD) "Organic Law on the Protection of Personal Data (Spain)") and its implementing regulations, protects this type of data by stipulating basic measures and needs that prevent the loss of quality of the information or its theft. Also in that country, the National Security Scheme establishes technological measures to allow the computer systems that provide services to citizens to comply with security requirements in accordance with the type of availability of the services provided.

Generally, it is exclusively concerned with ensuring access rights to data and resources with control tools and identification mechanisms. These mechanisms allow us to know that operators have only the permissions that were given to them.

Computer security must be studied so that it does not impede the work of operators in what is necessary and that they can use the computer system with complete confidence. That is why when it comes to developing a security policy, it is advisable to:.

• - Develop rules and procedures for each service of the organization.

• - Define the actions to be taken and choose the people to contact if a possible intrusion is detected.

• - Raise awareness among operators about the problems linked to the security of computer systems.

The access rights of the operators must be defined by the hierarchical managers and not by the IT administrators, who must ensure that the resources and access rights are consistent with the defined security policy. Furthermore, as the administrator is usually the only one who knows the system perfectly, he or she has to refer any problem and relevant information about security to management, and finally advise strategies to implement, as well as be the entry point for communicating to workers about problems and recommendations in terms of computer security.

El activo más importante que se posee es la información y, por lo tanto, deben existir técnicas que la aseguren, más allá de la seguridad física que se establezca sobre los equipos en los cuales se almacena. Estas técnicas las brinda la seguridad lógica que consiste en la aplicación de barreras y procedimientos que resguardan el acceso a los datos y solo permiten acceder a ellos a las personas autorizadas para hacerlo.

Cada tipo de ataque y cada sistema requiere de un medio de protección o más (en la mayoría de los casos es una combinación de varios de ellos).

A continuación se enumeran una serie de medidas que se consideran básicas para asegurar un sistema tipo, si bien para necesidades específicas se requieren medidas extraordinarias y de mayor profundidad:.

• - Utilizar técnicas de desarrollo que cumplan con los criterios de seguridad al uso para todo el software que se implante en los sistemas, partiendo de estándares y de personal suficientemente capacitado y comprometido con la seguridad.

• - Implantar medidas de seguridad físicas: sistemas antincendios, vigilancia de los centros de proceso de datos, sistemas de protección contra inundaciones, protecciones eléctricas contra apagones y sobretensiones "Sobretensión (electricidad)"), sistemas de control de accesos, etc.

• - Codificar la información: criptología, criptografía y . Esto se debe realizar en todos aquellos trayectos por los que circule la información que se quiere proteger, no solo en aquellos más vulnerables. Por ejemplo, si los datos de una base muy confidencial se han protegido con dos niveles de cortafuegos, se ha cifrado todo el trayecto entre los clientes y los servidores y entre los propios servidores, se utilizan certificados y sin embargo se dejan sin cifrar las impresiones enviadas a la impresora de red, tendríamos un punto de vulnerabilidad. En términos de encriptación, para una mayor protección ante un posible ataque se recomienda utilizar los algoritmos más actualizados. Actualmente, uno de los algoritmos más usados es Advance Encryption Standard (AES), también conocido como AES-256. De acuerdo con el proveedor de red privada virtual NordVPN, solo sería posible romper este encriptado tras probar 2^256 combinaciones diferentes, lo que lo hace virtualmente imposible. Otros protocolos de encriptación son IKEv2/IPsec o OpenVPN.

• - Contraseñas difíciles de averiguar que, por ejemplo, no puedan ser deducidas a partir de los datos personales del individuo o por comparación con un diccionario, y que se cambien con la suficiente periodicidad. Las contraseñas, además, deben tener la suficiente complejidad como para que un atacante no pueda deducirla por medio de programas informáticos. El uso de certificados digitales mejora la seguridad frente al simple uso de contraseñas.

• - Vigilancia de red. Las redes transportan toda la información, por lo que además de ser el medio habitual de acceso de los atacantes, también son un buen lugar para obtener la información sin tener que acceder a las fuentes de la misma. Por la red no solo circula la información de ficheros informáticos como tal, también se transportan por ella: correo electrónico, conversaciones telefónicas (VoIP), mensajería instantánea, navegación por Internet, lecturas y escrituras a bases de datos, etc. Por todo ello, proteger la red es una de las principales tareas para evitar robo de información. Existen medidas que abarcan desde la seguridad física de los puntos de entrada hasta el control de equipos conectados, por ejemplo 802.1x. En el caso de redes inalámbricas la posibilidad de vulnerar la seguridad es mayor y deben adoptarse medidas adicionales.

• - Redes perimetrales de seguridad "Zona desmilitarizada (informática)"), o DMZ, permiten generar reglas de acceso fuertes entre los usuarios y servidores no públicos y los equipos publicados. De esta forma, las reglas más débiles solo permiten el acceso a ciertos equipos y nunca a los datos, que quedarán tras dos niveles de seguridad.

• - Tecnologías repelentes o protectoras: cortafuegos "Cortafuegos (informática)"), sistema de detección de intrusos - antispyware, antivirus, llaves para protección de software, etc.

• - Mantener los sistemas de información con las actualizaciones que más impacten en la seguridad.

• - Copias de seguridad e, incluso, sistemas de respaldo remoto que permiten mantener la información en dos ubicaciones de forma asíncrona.

• - Controlar el acceso a la información por medio de permisos centralizados y mantenidos (tipo Active Directory, LDAP, listas de control de acceso, etc.). Los medios para conseguirlo son:.

• - Restringir el acceso (de personas de la organización y de las que no lo son) a los programas y archivos.

• - Asegurar que los operadores puedan trabajar pero que no puedan modificar los programas ni los archivos que no correspondan (sin una supervisión minuciosa).

• - Asegurar que se utilicen los datos, archivos y programas correctos en/y/por el procedimiento elegido.

• - Asegurar que la información transmitida sea la misma que reciba el destinatario al cual se ha enviado y que no le llegue a otro y que existan sistemas y pasos de emergencia alternativos de transmisión entre diferentes puntos.

• - Organizar a cada uno de los empleados por jerarquía informática, con claves distintas y permisos bien establecidos, en todos y cada uno de los sistemas o aplicaciones empleadas.

• - Actualizar constantemente las contraseñas de accesos a los sistemas de cómputo, como se ha indicado más arriba, e incluso utilizando programa que ayuden a los usuarios a la gestión de la gran cantidad de contraseñas que tienen gestionar en los entornos actuales, conocidos habitualmente como gestores de identidad.

• - Redundancia y descentralización.

• - Candado Inteligente: USB inalámbrico utilizado para brindarle seguridad a la computadora. La misma se bloquea cuando el usuario que tiene este aparato se aleja más de tres metros. El kit contiene un USB inalámbrico y un software para instalar que detecta cuando el usuario está lejos y cuando está más cerca de los tres metros, habilitando nuevamente la computadora.

Information backup

Information constitutes the most important asset of companies, and can be affected by many factors such as theft, fires, disk failures, viruses and others. From the company's point of view, one of the most important problems it must solve is the permanent protection of its critical information.

The most efficient measure for data protection is to determine a good backup policy. This should include full backups (data is stored in its entirety the first time) and incremental backups (only files created or modified since the last backup are copied). It is vital for companies to develop a backup plan based on the volume of information generated and the number of critical equipment.

A good backup system must have certain essential characteristics:

• - Continuous: Data backup must be completely automatic and continuous. It must work transparently, without intervening in the tasks that the user is performing.

• - Secure: Many backup software include data encryption, which must be done locally on the computer before sending the information.

• - Remote: The data must be hosted in offices far from the company.

• - Maintenance of previous versions of the data: There must be a system that allows the recovery of, for example, daily, weekly and monthly versions of the data.

Nowadays, online information backup systems and remote backup services are gaining ground in companies and government agencies. Most modern online information backup systems have maximum security measures and data availability. These systems allow companies to grow in volume of information, deriving the need for backup growth from the service provider.

Virus protection

Viruses are one of the most traditional means of attacking systems and the information they support. In order to avoid its contagion, the equipment and the means of access to it must be monitored, mainly the network.

Having only the necessary software installed on the machine reduces risks. Likewise, having the software under control ensures the quality of its origin (software obtained illegally or without guarantees increases the risks). In any case a software inventory provides a correct method of ensuring reinstallation in the event of a disaster. Software with quick installation methods also facilitates reinstallation in case of contingency.

The entry points into the network are generally email, web pages and the entry of files from disks, or from other people's computers such as laptops.

Keeping the number of network resources in read-only mode to the maximum prevents infected computers from spreading viruses. In the same sense, user permissions can be reduced to a minimum.

Data can be centralized so that virus detectors in batch mode can work during machine downtime.

Controlling Internet access can detect, in recovery phases, how the virus has been introduced.

Physical protection of network access

Regardless of the measures taken to protect computers on a local area network and the software that resides on them, measures must be taken to prevent unauthorized users from gaining access. The usual measures depend on the physical environment to be protected.

Some of the methods are listed below, without going into the topic of protecting the network against attacks or intrusion attempts from external networks, such as the Internet.

Building connection rosettes must be protected and monitored. A basic measure is to avoid having network points connected to the switches "Switch (network device)"). Even so, a device can always be replaced by another unauthorized device, which requires additional measures: 802.1x access standard, access control lists by MAC addresses, DHCP servers by reserved assignment, etc.

In this case, physical control becomes more difficult, although measures can be taken to contain the electromagnetic emission to limit it to those places that we consider appropriate and safe. Additionally, the use of encryption (WPA, WPA v.2, use of digital certificates, etc.), shared passwords and, also in this case, MAC address filters, are several of the common measures that when applied together increase security considerably compared to the use of a single method.

Sanitization

Logical or physical process by which information considered sensitive or confidential is removed from a medium, whether physical or magnetic, either with the aim of declassifying it, reusing the medium or destroying the medium in which it is located.

Use of reliable hardware

Reliable hardware is known as any device designed to offer a series of facilities that allow critical information to be safely handled. It is not necessary to understand that since they are reliable, they have infallible security mechanisms, they have their limitations. The only thing it wants to indicate is that they provide certain facilities that improve security and make attacks more difficult. The Trusted Computing Group is a group of companies that define hardware specifications with the aim of having more secure platforms.[10]​.

Security information collection and analysis

To maintain a secure system, it is necessary to establish mechanisms that monitor the different events and information that are related to the security of the system. It is very useful to have a centralized view of this type of information so that it can be analyzed in a single location. For this purpose, security information management systems (SIM) have been developed, responsible for long-term storage, analysis and communication of security data, security event management systems (SEM), responsible for real-time monitoring, correlation of events, notifications and console views of security information, and finally security information and event management systems, which group the functionalities of the two types of systems. previous.[11]​.

Existen organismos oficiales encargados de asegurar servicios de prevención de riesgos y asistencia a los tratamientos de incidencias, tales como el Computer Emergency Response Team Coordination Center del Software Engineering Institute de la Universidad Carnegie Mellon, que es un centro de alerta y reacción frente a los ataques informáticos, destinados a las empresas o administradores, pero generalmente estas informaciones son accesibles a todo el mundo.

Spain

The National Cybersecurity Institute (INCIBE) is an organization dependent on Red.es and the Ministry of Energy, Tourism and Digital Agenda of Spain.[12]​.

European Union

The European Commission has decided to create the European Cybercrime Center (EC3) as a focal point of the EU police fight against cybercrime, contributing to a faster reaction to online crimes. This center effectively opened on 1 January 2013 and aims to support Member States and EU institutions in building operational and analytical capacity for research, as well as cooperation with international partners.

Germany

On June 16, 2011, the German Minister of the Interior officially opened the new National Cyber ​​Defense Center (NCAZ, or National Cyber-Abwehrzentrum) located in Bonn. The NCAZ cooperates closely with the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI); the Federal Criminal Investigation Office "Federal Criminal Investigation Office (Germany)") (Bundeskriminalamt, BKA); the Federal Intelligence Service (Bundesnachrichtendienst, or BND); the Military Intelligence Service (Amt für den Militärischen Abschirmdienst, or MAD) and other national organizations in Germany. According to the minister, the primary task of the new organization founded on February 23, 2011, is to detect and prevent attacks against national infrastructure.

USA

On May 1, 2009, Senator Jay Rockefeller (D-WV) introduced the "Cybersecurity Act of 2009 - S. 773" (full text) in the Senate; the bill, co-authored with Senators Evan Bayh (D-IL), Barbara Mikulski (D-MD), Bill Nelson (D-FL), and Olympia Snowe (R-ME), was referred to the Committee. Commerce, Science, and Transportation, which passed a revised version of the same bill (the "Cybersecurity Act of 2010") on March 24, 2010. The bill seeks to increase collaboration between the public sector and the private sector on cybersecurity issues, especially private entities that own infrastructure that are critical to national security interests (quotes says John Brennan, the Assistant to the President for Homeland Security and Counterterrorism: "our nation's security and economic prosperity depends on the security, stability and integrity of communications and information infrastructure that are largely private operating globally" and speaks to the country's response to a "cyber-Katrina"), increase public awareness of cybersecurity issues, and encourage cybersecurity research and background. Some of the most controversial points of the bill include paragraph 315, which gives the President the right to "request the limitation or shutdown of Internet traffic to and from the compromised Federal Government or United States information system or critical network infrastructure." The Electronic Frontier Foundation, a nonprofit digital rights advocacy and legal organization based in the United States, characterized the bill as promoting a "potentially dangerous approach that favors dramatic over sober response."

Mexico

UNAM-CERT is a group of professionals who are in charge of evaluating the vulnerabilities of Information systems in Mexico.

Colombia

On April 11, 2016, the National Council of Economic and Social Policy of the Republic of Colombia officially publishes document CONPES 3854[13]​ within which the national digital security policy is stipulated, in which the MINTIC is designated as in charge of carrying out awareness days on digital security, as well as designing a digital security risk management model.

On the other hand, the Ministry of National Defense MINDEFENSA "Ministry of Defense (Colombia)") must carry out a plan to strengthen the operational, administrative, human, scientific, physical and technological infrastructure capabilities of colCERT.

The National Planning Department DNP "National Planning Department (Colombia)") will be the general coordinator of the implementation of digital security in all public entities of the state and voluntary adoption of private entities and will have the support of the Administrative Department of Public Function (DAFP).

The professional or job opportunities of Cybersecurity are very varied and increasingly in demand due to the continuous changes in the digital age and due to the constant attacks that companies, governments and users suffer daily on their data. This has also been reinforced due to the new data protection law of 2018.[14]​ Among the professional opportunities we can find:.

• - Network security administrators.

Mainly focused on protecting network infrastructure from threats and unauthorized access.

• - Application security.

It mainly focuses on ensuring that applications are secure against vulnerabilities and attacks (Penetration testing, static code analysis).

• - Cryptography.

Using mathematical techniques, information and communications are secured through authentication tests or digital signatures.

• - Identity and Access Management.

Access to certain resources within a specific organization is controlled through multi-factor authentication, identity management, and role-based access control.

• - Incident response.

It is the detection and mitigation of attacks to minimize the impact they can cause, protecting the confidentiality and integrity of data, from initial detection using event management and security information systems, to eliminating threats, restoring systems and effective internal and external communication about the incident.

• - Cloud security.

They are the measures and practices that must be followed to protect the systems, data and applications found in computing environments. It goes from managing identities and access to planning data retention.

• - Forensic analysis.

Cyber ​​incidents are investigated by collecting and analyzing evidence that is found, for example network analysis and data recovery.

• - Security engineering.

It is the design and construction of secure systems, using security architecture, security testing and automation.

What are the skills required for these positions?[15]​.

• - Management of different operating systems, networks and programming languages.

• - Implement cryptographic protocols.

• - Analyze threats and develop prevention techniques.

• - Knowledge of regulations.

• - Security in defense infrastructures and system audits.

• - Forensic and malware analysis.

• - Knowledge of technological environments such as SCADA or Smart GRid.

• - Incident management through networking, IDS, IPS, log and network traffic analysis.

• - Wikilibros hosts a book or manual on Computer Security.