SlideShare a Scribd company logo

Lesson 2

Download as PPT, PDF
M
MLG College of Learning, Inc

The document discusses various threats to information security that organizations must be aware of and protect against. It describes threats such as malware infections, system penetrations by outsiders, software piracy breaching intellectual property, internet service disruptions, power outages, espionage, hacking, human error, social engineering, information extortion, and sabotage/vandalism. The threats can originate from hackers, employees, forces of nature, errors, or other sources; and they pose risks to an organization's data, systems, services, and reputation. An effective information security program requires awareness of the threats and implementing appropriate controls and response plans.

Education
1 of 26
Principles of Information Security, Fifth Edition Chapter 2 The Need for Security Lesson 2 – Threats
Learning Objectives • Upon completion of this material, you should be able to: – Explain why a successful information security program is the shared responsibility of an organization’s general management and IT management – List and describe the threats posed to information security Principles of Information Security, Fifth Edition 2
Threats • Threat: a potential risk to an asset’s loss of value • Management must be informed about the various threats to an organization’s people, applications, data, and information systems. • Overall security is improving, so is the number of potential hackers. • The 2010–2011 CSI/FBI survey found – 67.1 percent of organizations had malware infections. – 11 percent indicated system penetration by an outsider. Principles of Information Security, Fifth Edition 3
Principles of Information Security, Fifth Edition 4
Principles of Information Security, Fifth Edition 5
Principles of Information Security, Fifth Edition 6
Compromises to Intellectual Property • Intellectual property (IP): creation, ownership, and control of original ideas as well as the representation of those ideas • The most common IP breaches involve software piracy. • Two watchdog organizations investigate software abuse: – Software & Information Industry Association (SIIA) – Business Software Alliance (BSA) • Enforcement of copyright law has been attempted with technical security mechanisms. Principles of Information Security, Fifth Edition 7
Deviations in Quality of Service • Information system depends on the successful operation of many interdependent support systems. • Internet service, communications, and power irregularities dramatically affect the availability of information and systems. Principles of Information Security, Fifth Edition 8
Deviations in Quality of Service (cont’d) • Internet service issues – Internet service provider (ISP) failures can considerably undermine the availability of information. – Outsourced Web hosting provider assumes responsibility for all Internet services as well as for the hardware and Web site operating system software. • Communications and other service provider issues – Other utility services affect organizations: telephone, water, wastewater, trash pickup. – Loss of these services can affect organization’s ability to function. Principles of Information Security, Fifth Edition 9
Principles of Information Security, Fifth Edition 10
Deviations in Quality of Service (cont’d) • Power irregularities – Commonplace – Lead to fluctuations such as power excesses, power shortages, and power losses – Sensitive electronic equipment vulnerable to and easily damaged/destroyed by fluctuations – Controls can be applied to manage power quality. Principles of Information Security, Fifth Edition 11
Espionage or Trespass • Access of protected information by unauthorized individuals • Competitive intelligence (legal) versus industrial espionage (illegal) • Shoulder surfing can occur anywhere a person accesses confidential information. • Controls let trespassers know they are encroaching on organization’s cyberspace. • Hackers use skill, guile, or fraud to bypass controls protecting others’ information. Principles of Information Security, Fifth Edition 12
Principles of Information Security, Fifth Edition 13
Espionage or Trespass (cont’d) • Expert hacker – Develops software scripts and program exploits – Usually a master of many skills – Will often create attack software and share with others • Unskilled hacker – Many more unskilled hackers than expert hackers – Use expertly written software to exploit a system – Do not usually fully understand the systems they hack Principles of Information Security, Fifth Edition 14
Principles of Information Security, Fifth Edition 15
Espionage or Trespass (cont’d) • Other terms for system rule breakers: – Cracker: “cracks” or removes software protection designed to prevent unauthorized duplication – Phreaker: hacks the public telephone system to make free calls or disrupt services • Password attacks – Cracking – Brute force – Dictionary – Rainbow tables – Social engineering Principles of Information Security, Fifth Edition 16
Principles of Information Security, Fifth Edition 17
Forces of Nature • Forces of nature can present some of the most dangerous threats. • They disrupt not only individual lives, but also storage, transmission, and use of information. • Organizations must implement controls to limit damage and prepare contingency plans for continued operations. Principles of Information Security, Fifth Edition 18
Human Error or Failure • Includes acts performed without malicious intent or in ignorance • Causes include: – Inexperience – Improper training – Incorrect assumptions • Employees are among the greatest threats to an organization’s data. Principles of Information Security, Fifth Edition 19
Principles of Information Security, Fifth Edition 20
Human Error or Failure (cont’d) • Employee mistakes can easily lead to: – Revelation of classified data – Entry of erroneous data – Accidental data deletion or modification – Data storage in unprotected areas – Failure to protect information • Many of these threats can be prevented with training, ongoing awareness activities, and controls. • Social engineering uses social skills to convince people to reveal access credentials or other valuable information to an attacker. Principles of Information Security, Fifth Edition 21
Social Engineering • “People are the weakest link. You can have the best technology; firewalls, intrusion-detection systems, biometric devices ... and somebody can call an unsuspecting employee. That's all she wrote, baby. They got everything.”—Kevin Mitnick • Advance-fee fraud: indicates recipient is due money and small advance fee/personal banking information required to facilitate transfer • Phishing: attempt to gain personal/confidential information; apparent legitimate communication hides embedded code that redirects user to third-party site Principles of Information Security, Fifth Edition 22
Principles of Information Security, Fifth Edition 23
Information Extortion • Attacker steals information from a computer system and demands compensation for its return or nondisclosure. Also known as cyberextortion. • Commonly done in credit card number theft Principles of Information Security, Fifth Edition 24
Sabotage or Vandalism • Threats can range from petty vandalism to organized sabotage. • Web site defacing can erode consumer confidence, diminishing organization’s sales, net worth, and reputation. • Threat of hacktivist or cyberactivist operations is rising. • Cyberterrorism/Cyberwarfare: a much more sinister form of hacking Principles of Information Security, Fifth Edition 25
Principles of Information Security, Fifth Edition 26

Recommended

chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.
Aksum Institute of Technology(AIT, @Letsgo)
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
MLG College of Learning, Inc
 
Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-security
Milinda Wickramasinghe
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 

Recommended

chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.
Aksum Institute of Technology(AIT, @Letsgo)
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
MLG College of Learning, Inc
 
Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-security
Milinda Wickramasinghe
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
Sachin Darekar
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security
Sammer Qader
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
MLG College of Learning, Inc
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Operating system security
Operating system securityOperating system security
Operating system security
Rachel Jeewa
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
Nada G.Youssef
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
Aravind R
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Computer security design principles
Computer security design principlesComputer security design principles
Computer security design principles
Shaishav Dahal
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
Carl Ceder
 
information security technology
information security technologyinformation security technology
information security technology
garimasagar
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
chauhankapil
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
Abou Bakr Ashraf
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
Network security policies
Network security policiesNetwork security policies
Network security policies
Usman Mukhtar
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptx
JhaiJhai6
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.ppt
IbrahimAl22
 

More Related Content

What's hot

Operating system security
Operating system securityOperating system security
Operating system security
Rachel Jeewa
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
information security technology
information security technologyinformation security technology
information security technology
garimasagar
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
Network security policies
Network security policiesNetwork security policies
Network security policies
Usman Mukhtar
 

What's hot (20)

Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Network security
Network securityNetwork security
Network security
 
Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
Computer security design principles
Computer security design principlesComputer security design principles
Computer security design principles
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
 
information security technology
information security technologyinformation security technology
information security technology
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Network security policies
Network security policiesNetwork security policies
Network security policies
 

Similar to Lesson 2

2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
EndAlk15
 

Similar to Lesson 2 (20)

Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptx
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.ppt
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.ppt
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
DATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptDATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.ppt
 
Network security
Network securityNetwork security
Network security
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Cyber Security Briefing
Cyber Security BriefingCyber Security Briefing
Cyber Security Briefing
 
Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and security
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
needforsecurity
needforsecurityneedforsecurity
needforsecurity
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 

More from MLG College of Learning, Inc

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
AnaAcapella
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
Our Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdfOur Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdf
 
How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Economic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food AdditivesEconomic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food Additives
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17
 

Lesson 2

  • 1. Principles of Information Security, Fifth Edition Chapter 2 The Need for Security Lesson 2 – Threats
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Explain why a successful information security program is the shared responsibility of an organization’s general management and IT management – List and describe the threats posed to information security Principles of Information Security, Fifth Edition 2
  • 3. Threats • Threat: a potential risk to an asset’s loss of value • Management must be informed about the various threats to an organization’s people, applications, data, and information systems. • Overall security is improving, so is the number of potential hackers. • The 2010–2011 CSI/FBI survey found – 67.1 percent of organizations had malware infections. – 11 percent indicated system penetration by an outsider. Principles of Information Security, Fifth Edition 3
  • 4. Principles of Information Security, Fifth Edition 4
  • 5. Principles of Information Security, Fifth Edition 5
  • 6. Principles of Information Security, Fifth Edition 6
  • 7. Compromises to Intellectual Property • Intellectual property (IP): creation, ownership, and control of original ideas as well as the representation of those ideas • The most common IP breaches involve software piracy. • Two watchdog organizations investigate software abuse: – Software & Information Industry Association (SIIA) – Business Software Alliance (BSA) • Enforcement of copyright law has been attempted with technical security mechanisms. Principles of Information Security, Fifth Edition 7
  • 8. Deviations in Quality of Service • Information system depends on the successful operation of many interdependent support systems. • Internet service, communications, and power irregularities dramatically affect the availability of information and systems. Principles of Information Security, Fifth Edition 8
  • 9. Deviations in Quality of Service (cont’d) • Internet service issues – Internet service provider (ISP) failures can considerably undermine the availability of information. – Outsourced Web hosting provider assumes responsibility for all Internet services as well as for the hardware and Web site operating system software. • Communications and other service provider issues – Other utility services affect organizations: telephone, water, wastewater, trash pickup. – Loss of these services can affect organization’s ability to function. Principles of Information Security, Fifth Edition 9
  • 10. Principles of Information Security, Fifth Edition 10
  • 11. Deviations in Quality of Service (cont’d) • Power irregularities – Commonplace – Lead to fluctuations such as power excesses, power shortages, and power losses – Sensitive electronic equipment vulnerable to and easily damaged/destroyed by fluctuations – Controls can be applied to manage power quality. Principles of Information Security, Fifth Edition 11
  • 12. Espionage or Trespass • Access of protected information by unauthorized individuals • Competitive intelligence (legal) versus industrial espionage (illegal) • Shoulder surfing can occur anywhere a person accesses confidential information. • Controls let trespassers know they are encroaching on organization’s cyberspace. • Hackers use skill, guile, or fraud to bypass controls protecting others’ information. Principles of Information Security, Fifth Edition 12
  • 13. Principles of Information Security, Fifth Edition 13
  • 14. Espionage or Trespass (cont’d) • Expert hacker – Develops software scripts and program exploits – Usually a master of many skills – Will often create attack software and share with others • Unskilled hacker – Many more unskilled hackers than expert hackers – Use expertly written software to exploit a system – Do not usually fully understand the systems they hack Principles of Information Security, Fifth Edition 14
  • 15. Principles of Information Security, Fifth Edition 15
  • 16. Espionage or Trespass (cont’d) • Other terms for system rule breakers: – Cracker: “cracks” or removes software protection designed to prevent unauthorized duplication – Phreaker: hacks the public telephone system to make free calls or disrupt services • Password attacks – Cracking – Brute force – Dictionary – Rainbow tables – Social engineering Principles of Information Security, Fifth Edition 16
  • 17. Principles of Information Security, Fifth Edition 17
  • 18. Forces of Nature • Forces of nature can present some of the most dangerous threats. • They disrupt not only individual lives, but also storage, transmission, and use of information. • Organizations must implement controls to limit damage and prepare contingency plans for continued operations. Principles of Information Security, Fifth Edition 18
  • 19. Human Error or Failure • Includes acts performed without malicious intent or in ignorance • Causes include: – Inexperience – Improper training – Incorrect assumptions • Employees are among the greatest threats to an organization’s data. Principles of Information Security, Fifth Edition 19
  • 20. Principles of Information Security, Fifth Edition 20
  • 21. Human Error or Failure (cont’d) • Employee mistakes can easily lead to: – Revelation of classified data – Entry of erroneous data – Accidental data deletion or modification – Data storage in unprotected areas – Failure to protect information • Many of these threats can be prevented with training, ongoing awareness activities, and controls. • Social engineering uses social skills to convince people to reveal access credentials or other valuable information to an attacker. Principles of Information Security, Fifth Edition 21
  • 22. Social Engineering • “People are the weakest link. You can have the best technology; firewalls, intrusion-detection systems, biometric devices ... and somebody can call an unsuspecting employee. That's all she wrote, baby. They got everything.”—Kevin Mitnick • Advance-fee fraud: indicates recipient is due money and small advance fee/personal banking information required to facilitate transfer • Phishing: attempt to gain personal/confidential information; apparent legitimate communication hides embedded code that redirects user to third-party site Principles of Information Security, Fifth Edition 22
  • 23. Principles of Information Security, Fifth Edition 23
  • 24. Information Extortion • Attacker steals information from a computer system and demands compensation for its return or nondisclosure. Also known as cyberextortion. • Commonly done in credit card number theft Principles of Information Security, Fifth Edition 24
  • 25. Sabotage or Vandalism • Threats can range from petty vandalism to organized sabotage. • Web site defacing can erode consumer confidence, diminishing organization’s sales, net worth, and reputation. • Threat of hacktivist or cyberactivist operations is rising. • Cyberterrorism/Cyberwarfare: a much more sinister form of hacking Principles of Information Security, Fifth Edition 25
  • 26. Principles of Information Security, Fifth Edition 26