The 5 Ws of cyber security

Published Oct. 24, 2014
By Ray Bowden
U.S. Air Force Academy Public Affairs

U.S. AIR FORCE ACADEMY, Colo -- The Academy is actively engaged in National Cyber Security Awareness Month, a federal event to raise cyber security awareness, but Academy Airmen can benefit by making it a year-round issue, said an Academy official.

Angela Thorpe, the Academy's Information System Security manager, said Academy all Airmen and staff need to practice cyber security and recognize its inherent risks and vulnerabilities.

"By considering the 'who, what, when, where and why' aspects of computer security, you can really increase your security posture on computer files or folders that might not be adequately protected," she said.

The "who" are those with malicious intent hoping to cause harm in cyberspace, such as a hacker stealing personal information, Thorpe said.

"Even those without malicious intent can harm a network or system, such as an Airman who accidentally downloads malware onto their installation's network," she said.

The "what" are those with malicious intent trying to exploit the anonymity and vulnerabilities of the Internet by using methods range from botnets to viruses, Thorpe said.

"Computer users can introduce threats simply by clicking an unknown link or using an unauthorized USB drive," she said.

The "when" signifies that it's impossible to predict when a cyber event will occur, Thorpe said.

"Cyberspace, interchangeable with the Internet, is created by, and accessible through, computer networks sharing information and facilitating communication," Thorpe said. "Unlike the physical world, cyberspace has no boundaries."

The "why" goes to the motives of computer users who unintentionally and unknowingly cause harm, those with malicious intent may have a range of motives, including seeking confidential information, money, credit, prestige or revenge, she said.

As for the "where," Thorpe said, cyber awareness should occur anywhere and everywhere.

"We should remind ourselves of cyber security no matter where we are, every time we turn any computer on," she said.

Password protection, use of anti-virus software such as Symantec or McAfee, application of patches and fixes, and encryption of data, such as the Windows7-embedded 'Bitlocker' application, can go far in protecting personal and sensitive information, if the user's home network or PC is compromised, Thorpe said.

"If you suspect you're the victim of a cyber event, immediately call the Information Assurance Office here at 333-9880," she said.

Visit www.dhs.gov/national-cyber-security-awareness-month-2014 or www.stopthinkconnect.org for more information.