SlideShare a Scribd company logo

Health information security 3 vulnerability threat and risk

Download as PPTX, PDF
Dr. Lasantha Ranwala
Dr. Lasantha Ranwala

The document discusses common cybersecurity concepts including vulnerabilities, threats, and exploits. It defines vulnerabilities as weaknesses that can be exploited, threats as potential events that can harm systems or data, and exploits as techniques used to breach security. Examples of threats include natural disasters, human threats from insiders like employees or hackers, and technology threats such as malware, denial of service attacks, and social engineering. Common types of malware are discussed like viruses, worms, Trojans, and ransomware, as well as attack methods like backdoors, brute force attacks, spoofing, and man-in-the-middle assaults. Social engineering tricks people using phishing, baiting, pretexting, and scareware.

Health & Medicine
1 of 31
Vulnerability , Threat & Exploit Dr. Lasantha Ranwala MBBS, MD- Health Informatics Cert. in Ethical Hacking & Cyber Forensic Senior Registrar in Health Informatics Health information security session 03
Vulnerability A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.
Threat A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
Exploit A technique to breach the security of a network or information system in violation of security policy. A program or technique that takes advantage of a vulnerability to remotely access or attack a program, computer or server.
Vulnerability ,Threat & Exploit Ex: Asset: digital document: vulnerability: access control scheme is not properly defined (potential loss of confidentiality, integrity and availability) Threat: unauthorized access;
Threat agent Specific object, person who poses such a danger (by carrying out an attack) e.g.: DDoS attack from a Hacker DDOS attack >> Threat Hacker >> Threat Agent
Types of Threats Natural treats Human threats Technology threats
Natural treats
Human Threats: Insiders Employees are among the greatest threats to an organization’s data 3 Types 1. Non-malicious insider 2. Malicious insider 3. Compromised insider
Non-malicious Insider  Acts of Human Error  Acts performed without malicious intent but cause harm to an organization  due to :  Inexperience  Improper training  Incorrect assumptions  carelessness  Shadow IT users (using non-approved tools) Eg:use a application such as a file-sharing app to increase productivity, but inadvertently expose the company to threats
Non- malicious Insider Continu..... • Revelation of classified data • Entry of erroneous data • Accidental data deletion or modification • Data storage in unprotected areas • Failure to protect information Employee mistakes can cause
Malicious Insider  Aware of their actions and the negative implications on the organization, yet still pursue that course of action.  What insiders can do  Espionage: The act of using a position of trust or an individual within an organization to the benefit of a third party  Sabotage: Disrupting the normal course of operations of an organization by damaging or otherwise adversely affecting a process, equipment, or other property  Embezzlement: Theft of money or appropriating company resources for personal use  Vandalism: Willful destruction of company property  Violence: Can be threats of violence or physical violence
Compromised Insider A person with no malicious intent who becomes an unknowing accomplice of third parties who gain access to their device and/or user credentials. • credentials have been guessed or captured as part of a targeted attack • actor behind the account is not an employee - the use of legitimate credentials would show up as if it were an employee
Technology threats  Act or action that exploits vulnerability in controlled system  Accomplished by threat agent which damages or steals organization’s information Attacks
Common Attacks Types 1.MALWARE : any malicious software designed to harm a computer without the user’s permission VIRUS  computer program designed to copy itself and attach itself to other files stored  moves from computer to computer /can be sent through a network  Almost all viruses are attached to an executable file,  which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program.
WORM  self replicating computer program that uses a network to send copies of itself to other computers on the network  It replicates and eats up the computer storage  Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage  In contrast to viruses, worms are standalone software and do not require a host program or human help to propagate.  To spread, worms either exploit a vulnerability on the target system or use some kind of social engineering to trick users into executing them.
TROJAN  They appear to be harmless but secretly gather information about the user.  They upload hidden and malicious programs on the computer without the user’s knowledge.  Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an e- mail attachment or downloading and running a file from the Internet.  .
Ransomware:  a type of malicious software designed to block access to a computer system until a sum of money is paid.  Video : https://www.youtube.com/watch?v=d_ dyi9CWieo&t=62s
Browser Hijacker unwanted software that modifies a web browser's settings without a user's permission,  inject unwanted advertising into the user's browser.  may replace the existing home page, error page, or search page with its own.  increasing its advertising revenue.  Some browser hijackers also contain spy ware.
2.Backdoor gaining access to system or network using known or previously unknown/newly discovered access mechanism
3.Brute force:  A password and cryptography attack that does not attempt to decrypt any information, but continue to try a list of different passwords, words, or letters.  The higher the type of encryption used (64-bit, 128-bit or 256-bit encryption), the longer it can take
4: Denial-of-service (DoS)  Attempts to prevent legitimate users from accessing information or services.  may be able to prevent you from accessing  does not usually result in the theft of information or other security loss,  Typically the loss of service is the inability of a particular network service  email, websites, online accounts (banking, etc.),
5.Distributed denial- of-service (DDoS):  multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack.  botnets—large clusters of connected devices  Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.  http://www.digitalattackmap.com Video
6.Spoofing impersonation of a user, device or client on the Internet. It's often used during a cyberattack to disguise the source of attack traffic. DNS server spoofing – Modifies a DNS server in order to redirect a domain name to a different IP address. It's typically used to spread viruses. ARP spoofing – Links a perpetrator’s MAC address to a legitimate IP address through spoofed ARP messages. It's typically used in denial of service (DoS) and man-in-the-middle assaults. IP address spoofing – Disguises an attacker’s origin IP. It's typically used in DoS assaults.
7.Man-in-the- middle  attack where a user gets between the sender and receiver of information and sniffs any information being sent.  If user send unencrypted data, man-in-the-middle (MITM) can obtain any unencrypted information.  If user send encrypted data he may able to obtain information from the attack, but have to decrypt the information before it can be read
7.Man-in-the-middle continu.....
8. Social engineering www.Facebok.com
8.social engineering Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. Phishing: Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware. Baiting: Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware. Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient Scareware: Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware.
8.Social engineering Phishing: Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware. Baiting: Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware. Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient Scareware: Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware. Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.
Phishing Eg:
Thank you lasantha13@gmail.com

Recommended

Health information security 2 : Basic concepts
Health information security 2 : Basic conceptsHealth information security 2 : Basic concepts
Health information security 2 : Basic concepts
Dr. Lasantha Ranwala
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
Manoj VNV
 
External Attacks Against Pivileged Accounts
External Attacks Against Pivileged AccountsExternal Attacks Against Pivileged Accounts
External Attacks Against Pivileged Accounts
Lindsay Marsh
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
BeyondTrust
 
Website security
Website securityWebsite security
Website security
RIPPER95
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
International Journal of Engineering Inventions www.ijeijournal.com
 
Malicion software
Malicion softwareMalicion software
Malicion software
A. Shamel
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
A. Shamel
 

Recommended

Health information security 2 : Basic concepts
Health information security 2 : Basic conceptsHealth information security 2 : Basic concepts
Health information security 2 : Basic concepts
Dr. Lasantha Ranwala
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
Manoj VNV
 
External Attacks Against Pivileged Accounts
External Attacks Against Pivileged AccountsExternal Attacks Against Pivileged Accounts
External Attacks Against Pivileged Accounts
Lindsay Marsh
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
BeyondTrust
 
Website security
Website securityWebsite security
Website security
RIPPER95
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
International Journal of Engineering Inventions www.ijeijournal.com
 
Malicion software
Malicion softwareMalicion software
Malicion software
A. Shamel
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
A. Shamel
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack
newbie2019
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
Emmanuel Gbenga Dada (BSc, MSc, PhD)
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
banerjeea
 
Cyber security
Cyber securityCyber security
Cyber security
Akdu095
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authentication
mbadhi
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Јаѓќеѕн Јажѕшаф
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_Intindolo
John Intindolo
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
EC-Council
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
123aleena
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)
Patrick Garrett
 
A field guide to insider threat helps manage the risk
A field guide to insider threat helps manage the riskA field guide to insider threat helps manage the risk
A field guide to insider threat helps manage the risk
Priyanka Aash
 
Computer security
Computer securityComputer security
Computer security
sruthiKrishnaG
 
basics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attackbasics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attack
PILAMPIRAYAsstProfes
 

More Related Content

What's hot

Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack
newbie2019
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
Emmanuel Gbenga Dada (BSc, MSc, PhD)
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
banerjeea
 
Cyber security
Cyber securityCyber security
Cyber security
Akdu095
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authentication
mbadhi
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Јаѓќеѕн Јажѕшаф
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_Intindolo
John Intindolo
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
EC-Council
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
123aleena
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)
Patrick Garrett
 
A field guide to insider threat helps manage the risk
A field guide to insider threat helps manage the riskA field guide to insider threat helps manage the risk
A field guide to insider threat helps manage the risk
Priyanka Aash
 

What's hot (20)

Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authentication
 
Security threats
Security threatsSecurity threats
Security threats
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_Intindolo
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)
 
A field guide to insider threat helps manage the risk
A field guide to insider threat helps manage the riskA field guide to insider threat helps manage the risk
A field guide to insider threat helps manage the risk
 

Similar to Health information security 3 vulnerability threat and risk

Computer security
Computer securityComputer security
Computer security
sruthiKrishnaG
 
basics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attackbasics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attack
PILAMPIRAYAsstProfes
 
IT Security.pdf
IT Security.pdfIT Security.pdf
IT Security.pdf
ManassahIjudigal
 
Cyber security
Cyber security Cyber security
Cyber security
ankit yadav
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz)
Komal Mehfooz
 
Guest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptxGuest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptx
GudipudiDayanandam
 
Security
Security Security
Security
chian417
 
Cyber-Security-20211013105857 (1).ppt
Cyber-Security-20211013105857 (1).pptCyber-Security-20211013105857 (1).ppt
Cyber-Security-20211013105857 (1).ppt
ssuser8fdae3
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering students
DrPraveenKumar37
 
Cyber-Security.ppt
Cyber-Security.pptCyber-Security.ppt
Cyber-Security.ppt
SeniorGaming
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
Nitesh Dubey
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
TanushreeChakraborty27
 
social engineering attacks.docx
social engineering attacks.docxsocial engineering attacks.docx
social engineering attacks.docx
MehwishAnsari11
 
Computer security
Computer securityComputer security
Computer security
EktaVaswani2
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
A. Shamel
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.ppt
Anoop Mishra
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.ppt
faadu1
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.ppt
HArshMangasuli
 
cs0123.ppt
cs0123.pptcs0123.ppt
cs0123.ppt
HeroZero12
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.ppt
mohan jena
 

Similar to Health information security 3 vulnerability threat and risk (20)

Computer security
Computer securityComputer security
Computer security
 
basics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attackbasics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attack
 
IT Security.pdf
IT Security.pdfIT Security.pdf
IT Security.pdf
 
Cyber security
Cyber security Cyber security
Cyber security
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz)
 
Guest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptxGuest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptx
 
Security
Security Security
Security
 
Cyber-Security-20211013105857 (1).ppt
Cyber-Security-20211013105857 (1).pptCyber-Security-20211013105857 (1).ppt
Cyber-Security-20211013105857 (1).ppt
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering students
 
Cyber-Security.ppt
Cyber-Security.pptCyber-Security.ppt
Cyber-Security.ppt
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
 
social engineering attacks.docx
social engineering attacks.docxsocial engineering attacks.docx
social engineering attacks.docx
 
Computer security
Computer securityComputer security
Computer security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.ppt
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.ppt
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.ppt
 
cs0123.ppt
cs0123.pptcs0123.ppt
cs0123.ppt
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.ppt
 

More from Dr. Lasantha Ranwala

Health information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information securityHealth information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information security
Dr. Lasantha Ranwala
 
Health information security session 4 risk management
Health information security session 4 risk managementHealth information security session 4 risk management
Health information security session 4 risk management
Dr. Lasantha Ranwala
 
Health information security 1 overview
Health information security 1 overviewHealth information security 1 overview
Health information security 1 overview
Dr. Lasantha Ranwala
 
Online application for drug stock management
Online application for drug stock managementOnline application for drug stock management
Online application for drug stock management
Dr. Lasantha Ranwala
 
Common Foot Problems
Common Foot ProblemsCommon Foot Problems
Common Foot Problems
Dr. Lasantha Ranwala
 
Foss for Health Care
Foss for Health CareFoss for Health Care
Foss for Health Care
Dr. Lasantha Ranwala
 

More from Dr. Lasantha Ranwala (6)

Health information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information securityHealth information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information security
 
Health information security session 4 risk management
Health information security session 4 risk managementHealth information security session 4 risk management
Health information security session 4 risk management
 
Health information security 1 overview
Health information security 1 overviewHealth information security 1 overview
Health information security 1 overview
 
Online application for drug stock management
Online application for drug stock managementOnline application for drug stock management
Online application for drug stock management
 
Common Foot Problems
Common Foot ProblemsCommon Foot Problems
Common Foot Problems
 
Foss for Health Care
Foss for Health CareFoss for Health Care
Foss for Health Care
 

Recently uploaded

Abortion PG Seminar Power point presentation
Abortion PG Seminar Power point presentationAbortion PG Seminar Power point presentation
Abortion PG Seminar Power point presentation
AksshayaRajanbabu
 
Integrating Ayurveda into Parkinson’s Management: A Holistic Approach
Integrating Ayurveda into Parkinson’s Management: A Holistic ApproachIntegrating Ayurveda into Parkinson’s Management: A Holistic Approach
Integrating Ayurveda into Parkinson’s Management: A Holistic Approach
Ayurveda ForAll
 
Part II - Body Grief: Losing parts of ourselves and our identity before, duri...
Part II - Body Grief: Losing parts of ourselves and our identity before, duri...Part II - Body Grief: Losing parts of ourselves and our identity before, duri...
Part II - Body Grief: Losing parts of ourselves and our identity before, duri...
bkling
 
Best Ayurvedic medicine for Gas and Indigestion
Best Ayurvedic medicine for Gas and IndigestionBest Ayurvedic medicine for Gas and Indigestion
Best Ayurvedic medicine for Gas and Indigestion
Swastik Ayurveda
 
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdfCHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
rishi2789
 
share - Lions, tigers, AI and health misinformation, oh my!.pptx
share - Lions, tigers, AI and health misinformation, oh my!.pptxshare - Lions, tigers, AI and health misinformation, oh my!.pptx
share - Lions, tigers, AI and health misinformation, oh my!.pptx
Tina Purnat
 
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdfCHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
rishi2789
 
Histololgy of Female Reproductive System.pptx
Histololgy of Female Reproductive System.pptxHistololgy of Female Reproductive System.pptx
Histololgy of Female Reproductive System.pptx
AyeshaZaid1
 
Osteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdfOsteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdf
Jim Jacob Roy
 
Hemodialysis: Chapter 4, Dialysate Circuit - Dr.Gawad
Hemodialysis: Chapter 4, Dialysate Circuit - Dr.GawadHemodialysis: Chapter 4, Dialysate Circuit - Dr.Gawad
Hemodialysis: Chapter 4, Dialysate Circuit - Dr.Gawad
NephroTube - Dr.Gawad
 
8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx
8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx
8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx
Holistified Wellness
 
Cardiac Assessment for B.sc Nursing Student.pdf
Cardiac Assessment for B.sc Nursing Student.pdfCardiac Assessment for B.sc Nursing Student.pdf
Cardiac Assessment for B.sc Nursing Student.pdf
shivalingatalekar1
 
CBL Seminar 2024_Preliminary Program.pdf
CBL Seminar 2024_Preliminary Program.pdfCBL Seminar 2024_Preliminary Program.pdf
CBL Seminar 2024_Preliminary Program.pdf
suvadeepdas911
 
Journal Article Review on Rasamanikya
Journal Article Review on RasamanikyaJournal Article Review on Rasamanikya
Journal Article Review on Rasamanikya
Dr. Jyothirmai Paindla
 
Tests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptxTests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptx
taiba qazi
 
Role of Mukta Pishti in the Management of Hyperthyroidism
Role of Mukta Pishti in the Management of HyperthyroidismRole of Mukta Pishti in the Management of Hyperthyroidism
Role of Mukta Pishti in the Management of Hyperthyroidism
Dr. Jyothirmai Paindla
 
Adhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.comAdhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.com
reignlana06
 
Aortic Association CBL Pilot April 19 – 20 Bern
Aortic Association CBL Pilot April 19 – 20 BernAortic Association CBL Pilot April 19 – 20 Bern
Aortic Association CBL Pilot April 19 – 20 Bern
suvadeepdas911
 
Top Effective Soaps for Fungal Skin Infections in India
Top Effective Soaps for Fungal Skin Infections in IndiaTop Effective Soaps for Fungal Skin Infections in India
Top Effective Soaps for Fungal Skin Infections in India
SwisschemDerma
 
Top 10 Best Ayurvedic Kidney Stone Syrups in India
Top 10 Best Ayurvedic Kidney Stone Syrups in IndiaTop 10 Best Ayurvedic Kidney Stone Syrups in India
Top 10 Best Ayurvedic Kidney Stone Syrups in India
Swastik Ayurveda
 

Recently uploaded (20)

Abortion PG Seminar Power point presentation
Abortion PG Seminar Power point presentationAbortion PG Seminar Power point presentation
Abortion PG Seminar Power point presentation
 
Integrating Ayurveda into Parkinson’s Management: A Holistic Approach
Integrating Ayurveda into Parkinson’s Management: A Holistic ApproachIntegrating Ayurveda into Parkinson’s Management: A Holistic Approach
Integrating Ayurveda into Parkinson’s Management: A Holistic Approach
 
Part II - Body Grief: Losing parts of ourselves and our identity before, duri...
Part II - Body Grief: Losing parts of ourselves and our identity before, duri...Part II - Body Grief: Losing parts of ourselves and our identity before, duri...
Part II - Body Grief: Losing parts of ourselves and our identity before, duri...
 
Best Ayurvedic medicine for Gas and Indigestion
Best Ayurvedic medicine for Gas and IndigestionBest Ayurvedic medicine for Gas and Indigestion
Best Ayurvedic medicine for Gas and Indigestion
 
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdfCHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
 
share - Lions, tigers, AI and health misinformation, oh my!.pptx
share - Lions, tigers, AI and health misinformation, oh my!.pptxshare - Lions, tigers, AI and health misinformation, oh my!.pptx
share - Lions, tigers, AI and health misinformation, oh my!.pptx
 
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdfCHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
 
Histololgy of Female Reproductive System.pptx
Histololgy of Female Reproductive System.pptxHistololgy of Female Reproductive System.pptx
Histololgy of Female Reproductive System.pptx
 
Osteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdfOsteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdf
 
Hemodialysis: Chapter 4, Dialysate Circuit - Dr.Gawad
Hemodialysis: Chapter 4, Dialysate Circuit - Dr.GawadHemodialysis: Chapter 4, Dialysate Circuit - Dr.Gawad
Hemodialysis: Chapter 4, Dialysate Circuit - Dr.Gawad
 
8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx
8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx
8 Surprising Reasons To Meditate 40 Minutes A Day That Can Change Your Life.pptx
 
Cardiac Assessment for B.sc Nursing Student.pdf
Cardiac Assessment for B.sc Nursing Student.pdfCardiac Assessment for B.sc Nursing Student.pdf
Cardiac Assessment for B.sc Nursing Student.pdf
 
CBL Seminar 2024_Preliminary Program.pdf
CBL Seminar 2024_Preliminary Program.pdfCBL Seminar 2024_Preliminary Program.pdf
CBL Seminar 2024_Preliminary Program.pdf
 
Journal Article Review on Rasamanikya
Journal Article Review on RasamanikyaJournal Article Review on Rasamanikya
Journal Article Review on Rasamanikya
 
Tests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptxTests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptx
 
Role of Mukta Pishti in the Management of Hyperthyroidism
Role of Mukta Pishti in the Management of HyperthyroidismRole of Mukta Pishti in the Management of Hyperthyroidism
Role of Mukta Pishti in the Management of Hyperthyroidism
 
Adhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.comAdhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.com
 
Aortic Association CBL Pilot April 19 – 20 Bern
Aortic Association CBL Pilot April 19 – 20 BernAortic Association CBL Pilot April 19 – 20 Bern
Aortic Association CBL Pilot April 19 – 20 Bern
 
Top Effective Soaps for Fungal Skin Infections in India
Top Effective Soaps for Fungal Skin Infections in IndiaTop Effective Soaps for Fungal Skin Infections in India
Top Effective Soaps for Fungal Skin Infections in India
 
Top 10 Best Ayurvedic Kidney Stone Syrups in India
Top 10 Best Ayurvedic Kidney Stone Syrups in IndiaTop 10 Best Ayurvedic Kidney Stone Syrups in India
Top 10 Best Ayurvedic Kidney Stone Syrups in India
 

Health information security 3 vulnerability threat and risk

  • 1. Vulnerability , Threat & Exploit Dr. Lasantha Ranwala MBBS, MD- Health Informatics Cert. in Ethical Hacking & Cyber Forensic Senior Registrar in Health Informatics Health information security session 03
  • 2. Vulnerability A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.
  • 3. Threat A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
  • 4. Exploit A technique to breach the security of a network or information system in violation of security policy. A program or technique that takes advantage of a vulnerability to remotely access or attack a program, computer or server.
  • 5. Vulnerability ,Threat & Exploit Ex: Asset: digital document: vulnerability: access control scheme is not properly defined (potential loss of confidentiality, integrity and availability) Threat: unauthorized access;
  • 6. Threat agent Specific object, person who poses such a danger (by carrying out an attack) e.g.: DDoS attack from a Hacker DDOS attack >> Threat Hacker >> Threat Agent
  • 7. Types of Threats Natural treats Human threats Technology threats
  • 9. Human Threats: Insiders Employees are among the greatest threats to an organization’s data 3 Types 1. Non-malicious insider 2. Malicious insider 3. Compromised insider
  • 10. Non-malicious Insider  Acts of Human Error  Acts performed without malicious intent but cause harm to an organization  due to :  Inexperience  Improper training  Incorrect assumptions  carelessness  Shadow IT users (using non-approved tools) Eg:use a application such as a file-sharing app to increase productivity, but inadvertently expose the company to threats
  • 11. Non- malicious Insider Continu..... • Revelation of classified data • Entry of erroneous data • Accidental data deletion or modification • Data storage in unprotected areas • Failure to protect information Employee mistakes can cause
  • 12. Malicious Insider  Aware of their actions and the negative implications on the organization, yet still pursue that course of action.  What insiders can do  Espionage: The act of using a position of trust or an individual within an organization to the benefit of a third party  Sabotage: Disrupting the normal course of operations of an organization by damaging or otherwise adversely affecting a process, equipment, or other property  Embezzlement: Theft of money or appropriating company resources for personal use  Vandalism: Willful destruction of company property  Violence: Can be threats of violence or physical violence
  • 13. Compromised Insider A person with no malicious intent who becomes an unknowing accomplice of third parties who gain access to their device and/or user credentials. • credentials have been guessed or captured as part of a targeted attack • actor behind the account is not an employee - the use of legitimate credentials would show up as if it were an employee
  • 14. Technology threats  Act or action that exploits vulnerability in controlled system  Accomplished by threat agent which damages or steals organization’s information Attacks
  • 15. Common Attacks Types 1.MALWARE : any malicious software designed to harm a computer without the user’s permission VIRUS  computer program designed to copy itself and attach itself to other files stored  moves from computer to computer /can be sent through a network  Almost all viruses are attached to an executable file,  which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program.
  • 16. WORM  self replicating computer program that uses a network to send copies of itself to other computers on the network  It replicates and eats up the computer storage  Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage  In contrast to viruses, worms are standalone software and do not require a host program or human help to propagate.  To spread, worms either exploit a vulnerability on the target system or use some kind of social engineering to trick users into executing them.
  • 17. TROJAN  They appear to be harmless but secretly gather information about the user.  They upload hidden and malicious programs on the computer without the user’s knowledge.  Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an e- mail attachment or downloading and running a file from the Internet.  .
  • 18. Ransomware:  a type of malicious software designed to block access to a computer system until a sum of money is paid.  Video : https://www.youtube.com/watch?v=d_ dyi9CWieo&t=62s
  • 19. Browser Hijacker unwanted software that modifies a web browser's settings without a user's permission,  inject unwanted advertising into the user's browser.  may replace the existing home page, error page, or search page with its own.  increasing its advertising revenue.  Some browser hijackers also contain spy ware.
  • 20. 2.Backdoor gaining access to system or network using known or previously unknown/newly discovered access mechanism
  • 21. 3.Brute force:  A password and cryptography attack that does not attempt to decrypt any information, but continue to try a list of different passwords, words, or letters.  The higher the type of encryption used (64-bit, 128-bit or 256-bit encryption), the longer it can take
  • 22. 4: Denial-of-service (DoS)  Attempts to prevent legitimate users from accessing information or services.  may be able to prevent you from accessing  does not usually result in the theft of information or other security loss,  Typically the loss of service is the inability of a particular network service  email, websites, online accounts (banking, etc.),
  • 23. 5.Distributed denial- of-service (DDoS):  multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack.  botnets—large clusters of connected devices  Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.  http://www.digitalattackmap.com Video
  • 24. 6.Spoofing impersonation of a user, device or client on the Internet. It's often used during a cyberattack to disguise the source of attack traffic. DNS server spoofing – Modifies a DNS server in order to redirect a domain name to a different IP address. It's typically used to spread viruses. ARP spoofing – Links a perpetrator’s MAC address to a legitimate IP address through spoofed ARP messages. It's typically used in denial of service (DoS) and man-in-the-middle assaults. IP address spoofing – Disguises an attacker’s origin IP. It's typically used in DoS assaults.
  • 25. 7.Man-in-the- middle  attack where a user gets between the sender and receiver of information and sniffs any information being sent.  If user send unencrypted data, man-in-the-middle (MITM) can obtain any unencrypted information.  If user send encrypted data he may able to obtain information from the attack, but have to decrypt the information before it can be read
  • 28. 8.social engineering Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. Phishing: Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware. Baiting: Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware. Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient Scareware: Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware.
  • 29. 8.Social engineering Phishing: Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware. Baiting: Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware. Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient Scareware: Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware. Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.