The emergence of the information technology and the increase in the use of Information Technology and Communications (ICT) makes information and management of computing resources an essential factor in the economic social and cultural activities. Associated with this growth is also increasing the number of threats and attacks that occur to applications and resources. It is in this context that the information becomes a critical resource to be protected. Computer security becomes essential in order to guarantee the integrity, availability and confidentiality of information. Organizations must be prepared to protect their information assets (United States. Department of Defense, 2007). This involves knowing and properly applying the concepts, methodologies, tools, existing regulations and standards in this area, to achieve the goal of security. This requires human resources and updated appropriately trained professionals who can successfully apply the methodologies and adapt quickly to changes in technology and the demands of an area that is constantly evolving and changing.
Cyber Security is a complex issue, not well understood, much less-assimilated into current practices. It is the responsibility of the government to provide organizations with the ability securing their stored information by providing with the right combination of technologies, methodologies, standards, management tools and determination to take care of the infrastructure, increasingly become a major asset of the organization and the primary source of business continuity, so it is not always clear the way senior management should take on the problem, increasingly urgent to ensure information security.
Cyber Security is important in technological areas of domestic and international environment, therefore, on an international consensus, an expert in information security in the industry, requires not only know and properly apply technological elements such as biometrics, cryptographic techniques , formal models of security, computer architecture, operating systems and networks, computer forensics, but also management tools continuity planning, incident management and human resources, audit, security and even the proper understanding of the legal aspects of these issues (National Cybersecurity Alliance, 2010).
Improving Current CyberSecurity Programs
The first thing would be do is an analysis of the potential threats that may suffer the computer system, an estimate of the losses that these threats could pose and a study of the probability of occurrence. From this analysis will be to design a security policy setting out the responsibilities and rules to follow to avoid such threats or minimize the effects if one of these occurs. We define security policy as a "simple document that defines the organizational guidelines on security" (Maconachy, & Bosworth, 2009). The security policy is implemented through a series of security mechanisms that provide the tools for system protection. These mechanisms usually rely on regulations that cover more specific areas.
Security mechanisms are divided into three groups:
Prevention
They avoid deviations from security policy.
Example: use encryption in the transmission of information prevents an attacker can capture (and understand) information in a network system.
Detection
Detect if there are deviations, violations or attempted violation of system ...