- Threat/Loss Scenario: Major elements of IS security
- Threat – person or organization seeks to obtain data or other assets illegally, without owner’s permission and often without owner’s knowledge
- Vulnerability – opportunity for threats to gain access to individual or organizational assets; for example, when you buy online, you provide your credit card data, and as data is transmitted over Internet, it is vulnerable to threats
- Safeguard – measure individuals or organizations take to block threat from obtaining an asset; not always effective, some threats achieve their goal in spite of safeguards
- Target – asset desired by threat
- Human error examples: (1) employee misunderstands operating procedures and accidentally deletes customer records; (2) employee inadvertently installs an old database on top of current one while doing backing up; (3) physical accidents, such as driving a forklift through wall of a computer room
- Computer crime – intentional destruction or theft of data or other system components
- Natural disasters – fires, floods, hurricanes, earthquakes, tsunamis, avalanches, other acts of nature; includes initial loss of capability and service, and losses recovery costs
- Unauthorized Data Disclosure
- Pretexting
- Phishing
- Spoofing
- IP spoofing
- Email spoofing
- Drive-by sniffers
- Wardrivers
- Hacking & natural disasters
- Procedures incorrectly designed or not followed
- Increasing customer’s discount or incorrectly modifying employee’s salary.
- Placing incorrect data on company Web site.
- Cause
- Improper internal controls on systems.
- System errors.
- Faulty recovery actions after a disaster.
- Viruses
- playload
- trojan horses
- worms
- spyware
- adware
What are the sources of threats?What types of security loss exists?Incorrect Data Modification



How can technical safeguards protect against security threats?


Malware types and spyware and adware symptoms


•Every organization should have an incident-response plan as part of the security program. No organization should wait until some asset has been lost or compromised before deciding what to do.
•The plan should include how employees are to respond to security problems, whom they should contact, the reports to make, and steps to reduce further loss.•Identify critical personnel and their off-hours contact information
No comments:
Post a Comment