Professional Documents
Culture Documents
Threats Definition: - A Threat Is An Object, Person, or Other Entity That Represents A Constant
Threats Definition: - A Threat Is An Object, Person, or Other Entity That Represents A Constant
Inadvertent acts
Deliberate acts
Acts of God
Technical failures
Management failures
This category includes acts performed without intent or malicious purpose by individual who is
an authorized user with an organization.
When an organization places its Web servers in the care of a Web hosting provider
The Web hosting services are usually arranged with an agreement providing
minimum service levels known as Service Level Agreements (SLAs).
When a service provider fails to meet the SLA, fines are levied but they seldom
cover the losses generated by the outage.
Power Irregularities
When the voltage levels spike (a momentary increase), or
surge (a prolonged increase) this voltage can severely damage or destroy equipment.
A momentary low voltage or sag or
A more prolonged drop in voltage known as a brownout can cause
Systems to shut down
Reset, or
Otherwise disrupts availability.
Complete loss of power for a moment is known as a fault
As opposed to a more lengthy loss known as a blackout.
The uninterruptible power supply (UPS) can pocket against spikes and surges as well as
against sags and even blackouts of limited duration.
Threats in which people or organizations engage in purposeful acts designed to harm the
people, the organization, or the culture.
Includes - a broad category of electronic and human activities that can breach the
confidentiality of information.
Some information gathering techniques that are quite legal are forms of research. These
techniques are called, collectively competitive intelligence.
When information gatherers employ techniques that cross the threshold of what is legal
or ethical, they enter the world of Industrial espionage.
Harm caused:
Information gatherers enter premises or systems they have not been
authorized to enter.
Encroaching on the organizations cyberspace.
Prevention:
Maintaining the basic etiquettes.
Marking the boundaries of an organizations virtual territory.
The perpetrators
Hackers:
People who use and create computer software for enjoyment or to gain
access to information illegally.
A hacker uses skill, guile, or fraud to attempt to by pass the controls
placed around information that is the property of some one else.
The two skill levels-
expert hacker, develops software script and codes exploits; the novice, or
unskilled hacker or the script kiddies who use the automated code
exploits.
Prevention- keep defensive systems up to date about the latest in exploit
scripts. Preparation and continued vigilance.
Cracker:-
an individual who cracks or removes an applications software
protection.
Harm caused- The software can be easily distributed and installed.
Phreaker-
Hacks the public telephone network to make free calls and disrupt services.
Blue boxes: free telephone calls.
Red boxes: simulate the tones of coins falling in a pay phone.
Black boxes: emulate the line voltage.
Hacktivist or cyberactivist use technology as a tool for civil disobedience and hacking
to protest the operations, policies, or actions of an organization.
Theft is the
Illegal taking of anothers physical
Electronic or
Intellectual property.
Physical theft-
Circuit boards and memory chips can be controlled using locked doors
Trained security personnel and the installation of alarm systems
Electronic theft is a more complex problem to manage and control.
Deliberate software attacks occur when an individual or group designs software to attack
an unsuspecting system using malicious code or malicious software, or malware.
Common instances of malicious code
Virus:-
The code attaches itself to the existing program and takes control of that
programs access to the targeted computer.
Replicates itself into additional targeted systems.
Types:
Macro virus:- Which is embedded in automatically executing macro
code, common in office productivity software.
Worms:-
Malicious programs that replicate themselves constantly without requiring
another program to provide a safe environment for replication.
Trojan horses:-
Software programs that hide their true nature, and reveal their designed
behavior only when activated.
Are disguised as helpful, interesting, or necessary pieces of software.
Polymorphism:-
A polymorphic threat is one that changes its apparent shape over time.
These threats not detectable by techniques that are looking for a
preconfigured signature.
Threats that result from forces of nature that cannot be prevented or controlled.
Force of Nature
These disrupt
o The lives of individuals
o Storage
o Transmission and
o Use of information
Dust contamination:-
Some environments are not friendly to the hardware components of information
systems.
Because dust contamination can shorten the life of information systems or cause
unplanned downtime, this threat can disrupt normal operations.
These defects can cause the system to perform outside of expected parameters, resulting
in unreliable service or lack of availability.
Bugtraq
Found at lists insecure.com
provides up-to-the-minute information on the latest security vulnerabilities
including software and hardware bugs.
Management must recognize that when technology becomes outdated, there is a risk of
loss of data integrity from attacks.