Professional Documents
Culture Documents
Assignment02 Nahidur
Assignment02 Nahidur
Email : nrsium@gmail.com
Every Organization, Industry, Academical institution, Database, Portal, IT Farm even every person needs
Security. Through learning Information security, we can easily secure our Life. In Business we need security
first.
Need Security in Business : Company core business integrity and client protections are critical, and
the value and importance of information security in organizations make this a priority. All
organizations need protection against cyber attacks and security threats, and investing in those
protections is important. Data breaches are time-consuming, expensive, and bad for business.
With strong infosec, a company reduces their risk of internal and external attacks on information
technology systems. They also protect sensitive data, protect systems from cyber attacks, ensure
business continuity, and provide all stakeholders peace of mind by keeping confidential
information safe from security threats.
OrganizationSecure your organisation with strong passwords and enable two-factor authentication
Educate your teams on phishing to help prevent cyber attacks
et your business Cyber Essentials Certified
Always update and get your patch management in order
Backup your data to avoid business downtime
Protecting Data That Organizations Collect and Use : We can protect our Organization’s through
In recent years, high-profile cyber incidents at Stuxnet and Norsk Hydro caused tens of millions of dollars in
The Industrial Internet of Things (IIoT) has removed the “air-gap” that once existed between OT assets and
to combat cyber espionage (especially in the mining and energy sectors). Be wary of phishing attacks as well.
Managed cybersecurity services can provide vital protection for an organization’s OT, especially when
combined with best practices like network mapping, a zero-trust framework, and controls for identity and
access management.
Threats :
Categories of Threats to Information :Information Security threats can be many like Software attacks, theft
of intellectual property, identity theft, theft of equipment or information, sabotage, and information
extortion. Threat can be anything that can take advantage of a vulnerability to breach security and
negatively alter, erase, harm object or objects of interest. Software attacks means attack by Viruses,
Worms, Trojan Horses etc. Many users believe that malware, virus, worms, bots are all same things. But
they are not same, only similarity is that they all are malicious software that behaves
differently. Malware is a combination of 2 terms- Malicious and Software. So Malware basically means
malicious software that can be an intrusive program code or anything that is designed to perform
malicious operations on system. Malware can be divided in 2 categories:
1. Infection Methods
2. Malware Actions
Human Error or Failure : Includes acts performed without malicious intent or in ignorance
• Causes include:
– Inexperience
– Improper training
– Incorrect assumptions
Social Engineering : Social engineering is the term used for a broad range of malicious activities accomplished
through human interactions. It uses psychological manipulation to trick users into making security mistakes or
giving away sensitive information. Social engineering attacks happen in one or more steps.
Sabotage or Vandalism :
Vandalism : Vandalism is the action involving deliberate destruction of or damage to public or private
property.The term includes property damage, such as graffiti and defacement directed towards any property
without permission of the owner. The term finds its roots in an Enlightenment view that the
Germanic Vandals were a uniquely destructive people.
Software Attacks : Many software threats now target smartphones specifically, so approaches to cybersecurity
that are based on desktop computers are not always effective. While viruses that target smartphones are
simply the mobile versions of ones that target your desktop or laptop computer, man-in-the-middle attacks
take advantage of free Wi-Fi in order to place hackers between your device and a Wi-Fi hotspot and steal your
information and details from your apps. Bluejacking is the sending of unwanted or unsolicited messages to
strangers via Bluetooth technology. It can be a serious problem if obscene or threatening messages and
images are sent. Bluesnarfing is the actual theft of data from Bluetooth enabled devices (including both
mobile phones and laptops): contact lists, phonebooks, images and other data may be stolen in this way.
Mobile Ransomware is malware that locks up your device. If your device has been infected with the malware,
you lose all access to every part of your phone until you pay a ransom to the hacker/criminal who has taken
control over your device. Phishing or Smishing usually starts as an email or text claiming to be from a person
or business that you know. This email usually contains a link that asks you to verify information. This
information in turn goes straight to the scammer to steal and use your details.
Denial-of-Service Attack : A Denial-of-Service (DoS) attack is an attack meant to shut down a machine
or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the
target with traffic, or sending it information that triggers a crash.
Theft : Theft, also known as information theft – is the illegal transfer or storage of personal,
confidential, or financial information. This could include passwords, software code or algorithms, and
proprietary processes or technologies. Data theft is considered a serious security and privacy breach,
with potentially severe consequences for individuals and organizations.