The Need for Security

Overview

This chapter examines the business drivers behind the information security
analysis design process.
It examines current organizational and technological security needs, and
emphasizes and builds on the concepts presented in the previous chapter.
This chapter also examines the various threats facing organizations and present
methods for ranking these threats that organizations can use when they begin
their security planning process.
Learning Objectives

Demonstrate that organizations have a business need for information security 

Explain why a successful information security program is the responsibility of both an
organization’s general management and IT management 
Identify the threats posed to information security and the more common attacks
associated with those threats, and differentiate threats to the information within systems
form attacks against the information within systems 
Describe the issues facing software developers, as well as the common errors made by
developers, and explain how software development programs can create software that is
more secure and reliable.
 Business Needs First

There are four (4) important functions of an organization that the information security
performs:
1. Protecting the organization’s ability to function
 Shared responsibility between general management and IT management.
 Address information security in terms of Business impact, Cost of business interruption

2. Enabling the safe operation of applications running on the organization’s IT systems
 Operation requires integrated, efficient, and capable applications
 A modern organization needs to create an environment that protect critical applications such as, Operating
system platforms, Electronic mail, Instant messaging
 These can be acquired by outsourcing to a service provider or can be developed internally.
 Protection of the infrastructure must be overseen by management.
 Business Needs First

There are four (4) important functions of an organization that the information security
performs:
3. Protecting the data the organization collects and uses
Data provides : Record of transactions (e.g. banking), Ability to deliver value to customers, Enable
creation and movement of goods and services
4. Safeguarding the organization’s technology asset
Organizations must have secure infrastructure services based on the size and scope of the enterprise.
 Threats to Information Security
Information Security threats can be many like Software
attacks, theft of intellectual property, identity theft, theft
of equipment or information, sabotage, and information
extortion.
Vulnerability: Weaknesses or gaps in a security
program that can be exploited by threats to gain
unauthorized access to an asset.
Threat: can be anything that can take advantage of a
vulnerability to breach security and negatively alter,
erase, harm object or objects of interest.
Anything that can exploit a vulnerability, intentionally or
accidentally, and obtain, damage, or destroy an asset.
Threats to Information Security
Threat: Any circumstance or event with the
potential to adversely impact organizational
operations (including mission, functions,
image, or reputation), organizational assets,
or individuals through an information system
via unauthorized access, destruction,
disclosure, modification of information,
and/or denial of service. Also, the potential
for a threat-source to successfully exploit a
particular information system vulnerability.
 Threats to Information Security
Attack: An intentional or unintentional act
that can cause damage to or otherwise
compromise information and/or the systems
that support it.
Attacks can be active or passive, intentional or
unintentional, and direct or indirect. A direct
attack is a hacker using a personal computer to
break into a system. An indirect attack is a
hacker compromising a system and using it to
attack other systems
 14 Categories of Threat

1. Compromises to Intellectual Property

Intellectual Property – defined as “the ownership of ideas and control over the
tangible or virtual representation of those ideas. Use of another person’s
intellectual property may or may not involve royalty payments or permission,
but should always include proper credit to the source.” These can be trade
secrets, copyrights, trademarks, and patents.
 14 Categories of Threat

1. Compromises to Intellectual Property

Software piracy – Unlawful use or duplication of software-based intellectual
property. It is also the most common IP breach.
License agreement – a window that usually pops up during the installation of
new software. This is the most common tool used to establish that the user has
read and agrees to the license agreement.
Online registration process – Another effort to combat piracy. Individuals
who install software are often asked or even required to register their software
to obtain technical support or the use of all features.
 14 Categories of Threat

2. Deliberate Software Attacks - Deliberate software attacks occur

when an individual or group designs and deploys software to attack a
system.
Malicious code (sometimes known as malicious software or malware) –
software components or programs designed to damage, destroy, or deny
service to the target systems. The following are some common instances of
malicious code.
Virus
Worm
Trojan Horses
Types of Attacks
Software attacks means attack by Viruses, Worms,
Trojan Horses etc.
Malware, short for malicious software, consists of
programming (code, scripts, active content, and other
software).
Designed to disrupt operation and gather information
that leads to loss of privacy or exploitation. It also gain
unauthorized access to system resources, and other
abusive behavior.
Malware can be divided in 2 categories: Infection Methods
and Malware Actions
Infection
Methods of
Malware
 VIRUSES
a computer virus is a type of malicious code or program written
to alter the way a computer operates.
It also designed to spread from one computer to another and the
ability to replicate themselves by hooking them to the program
like songs, videos etc.
A virus operates by inserting or attaching itself to a legitimate
program or document that supports macros in order to execute
its code.
In the process, a virus has the potential to cause unexpected or
damaging effects, such as harming the system software by
corrupting or destroying data.
 WORMS
A computer worm is a type of malware that spreads
copies of itself from computer to computer.
A worm can replicate itself without any human
interaction, and it does not need to attach itself to a
software program in order to cause damage.
Often, it uses a computer network to spread itself,
relying on security failures on the target computer to
access it.
 BOTS
Malware bots and internet bots can be
programmed/hacked to break into user accounts, scan
the internet for contact information, to send spam, or
perform other harmful acts.
It can be seen as advanced form of worms.
To carry out these attacks and disguise the source of the
attack traffic, attackers may distribute bad bots in a
botnet – i.e., a bot network.
 TROJANS
A Trojan horse or Trojan is a type of malware that is
often disguised as legitimate software.
Trojans can be employed by cyber-thieves and
hackers trying to gain access to users' systems.
Once activated, Trojans can enable cyber-criminals to
spy on you, steal your sensitive data, and gain
backdoor access to your system. These actions can
include: Deleting data, Blocking data, Modifying data
and Copying data.
Malware
Actions
 SPYWARE
Spyware is loosely defined as malicious software
designed to monitors your activities on computer and
reveal collected information to an interested party.
Spyware can capture information like Web browsing
habits, e-mail messages, usernames and passwords,
and credit card information. If left unchecked, the
software can transmit this data to another person's
computer over the Internet.
 RANSOMWARE
Ransomware is malicious software that infects
your computer and displays messages demanding a
fee to be paid for your system to work again.
This class of malware is a criminal moneymaking
scheme that can be installed through deceptive
links in an email message, instant message or
website.
It can lock a computer screen or encrypt
important, predetermined files with a password.
 ROOTKITS
Are designed to gain root access or we can say
administrative privileges in the user system. Once
gained the root access, the exploiter can do
anything from stealing private files to private data.
 KEYLOGGERS
A keylogger is a type of surveillance
software that has the capability to record
every keystroke you make to a log file,
usually encrypted.
A keylogger is a type of surveillance
software (considered to be
either software or spyware) that has the
capability to record every keystroke you
make to a log file, usually encrypted.
Review Questions

Why is information security a management problem? What can

management do that technology cannot?

Why is data the most important asset an organization possesses?

What other assets in the organization require protection?
HOW THE MALWARE
INFECT OUR
COMPUTER
 How the malware infect our computer

Bundled Free Software Programs

Free when it comes to software and apps- there is
always some trade-off. Frequently, free software
companies will partner with other companies and
bundle additional software within the download.
 How the malware infect our computer

File Sharing services and BitTorrent

Downloading content illegally is bad, but it’s a highly popular activity.
Usually using a BitTorrent client, users can download media via peer-to-
peer file sharing.
However, these files tend to travel across multiple computers, which
probably don’t all have Internet security software, so they are easily
infected with malware.
 How the malware infect our computer

Removable Media
Flash drive or memory stick, external hard drives, CDs and
DVDs can contain malware if they have been connected to an
infected computer.
 How the malware infect our computer

Spam emails
Malware authors often use tricks to try to convince you to download
malicious files. This can be an email with a file attached that tells you it
is a receipt for a delivery, a tax refund, or an invoice for a ticket.
Sometimes a malicious email will be easy to spot—it could have bad
spelling and grammar, or come from an email address you've never seen
before.
 How the malware infect our computer

Hacked or compromised webpages

When you go to a website, it can try to use those vulnerabilities to infect
your PC with malware. The website might be malicious or it could be a
legitimate website that has been compromised or hacked.
• What are you going to do to prevent
infecting of your computer in malware?
Explain your answer
 How to prevent your device from malware?

 Install Anti-virus
software
 How to prevent your device from malware?

 Regularly update
software
 How to prevent your device from malware?

 Only buy Apps

from trusted
sources
 How to prevent your device from malware?

 Don’t click on
suspicious links or
download any
attachments from
unknown sources
 How to prevent your device from malware?

 Back up data
regularly
 Case Exercises

The next day at SLS found everyone in technical support busy restoring computer systems
to their former state and installing new virus and worm control software. Amy found herself
learning how to install desktop computer operating systems and applications as SLS made a
heroic effort to recover from the attack of the previous day.
Questions:
1. Do you think this event was caused by an insider or outsider? Why do you think of this?
2. Other than installing virus and worm control software, what can SLS do to prepare for
the next incident?
3. Do you think this attack was the result of a virus or a worm? Why do you think of this?
• Reference
• https://us.norton.com/internetsecurity-malware-what-is-a-computer-worm.html
• https://www.kaspersky.com/resource-center/threats/spyware
• https://www.malwarebytes.com/backdoor/
• https://us.norton.com/internetsecurity-malware-malware-101-how-do-i-get-mal
ware-simple-attacks.html
• https://www.metacompliance.com/blog/what-is-malware-and-how-to-prevent-a
gainst-it/