SlideShare ist ein Scribd-Unternehmen logo

Need for security

Als PPT, PDF herunterladen
University of Central Punjab
University of Central Punjab

Describes the security purpose and its importance.

Leadership & Management
1 von 48
Need for Security Information security performs four important functions for an organization: 1.Protecting the organization’s ability to function 2.Enabling the safe operation of applications running on the organization’s IT systems 3.Protecting the data the organization collects and uses 4.Safeguarding the organization’s technology assets
Business need Protecting the Functionality of an Organization Both general management and IT management are responsible for implementing information security that protects the organization’s ability to function. Enabling the Safe Operation of Applications A modern organization needs to create an environment that safeguards these applications, particularly those that are important elements of the organization’s infrastructure— operating system platforms, electronic mail (e-mail), and instant messaging (IM) applications
Business need Protecting Data that Organizations Collect and Use protecting data in motion and data at rest are both critical aspects of information security. The value of data motivates attackers to steal, sabotage, or corrupt it. An effective information security program implemented by management protects the integrity and value of the organization’s data Safeguarding Technology Assets in Organizations To perform effectively, organizations must employ secure infrastructure services appropriate to the size and scope of the enterprise. Like encryption (Private and Public key Cryptography)
Threats
Threats Compromises to Intellectual Property: “the ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another person’s intellectual property may or may not involve royalty payments or permission, but should always include proper credit to the sour
Threats Deliberate Software Attacks: Deliberate software attacks occur when an individual or group designs and deploys software to attack a system. Most of this software is referred to as malicious code or malicious software, or sometimes malware. These software components or programs are designed to damage, destroy, or deny service to the target systems. Some of the more common instances of malicious code are viruses and worms, Trojan horses, logic bombs, and back doors.
Threats Virus : A computer virus consists of segments of code that perform malicious actions. The code attaches itself to an existing program and takes control of that program’s access to the targeted computer. The virus- controlled target program then carries out the virus’s plan by replicating itself into additional targeted systems. Many times users unwittingly help viruses get into a system..
Threats Worms : The complex behavior of worms can be initiated with or without the user downloading or executing the file. Once the worm has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system. Furthermore, a worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. Worms also take advantage of open shares found on the network in which an infected system is located, placing working copies of the worm code onto the server so that users of those shares are likely to become infected.
Threats Trojan Horses Trojan horses are software programs that hide their true nature and reveal their designed behavior only when activated. Trojan horses are frequently disguised as helpful, interesting, or necessary pieces of software, such as readme.exe files often included with shareware or freeware packages.
Threats Back Door or Trap Door A virus or worm can have a payload that installs a back door or trap door component in a system, which allows the attacker to access the system at will with special privileges.
Threats Polymorphic Threats : One of the biggest challenges to fighting viruses and worms has been the emergence of polymorphic threats. A polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. These viruses and worms actually evolve, changing their size and other external file characteristics to elude detection by antivirus software programs
Threats Virus and Worm Hoaxes: As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus hoaxes. Well-meaning people can disrupt the harmony and flow of an organization when they send group e-mails warning of supposedly dangerous viruses that don’t exist. When people fail to follow virus-reporting procedures, the network becomes overloaded, and much time and energy is wasted as users forward the warning message to everyone they know, post the message on bulletin boards, and try to update their antivirus protection software.
Threats Deviations in Quality of Service: Deviations in quality of service can result from incidents such as a backhoe taking out a fiber-optic link for an ISP. The backup provider may be online and in service, but may be able to supply only a fraction of the bandwidth the organization needs for full service. This degradation of service is a form of availability disruption. Irregularities in Internet service, communications, and power supplies can dramatically affect the availability of information and systems..
Threats Internet Service Issues: Many organizations have sales staff and telecommuters working at remote locations. When these offsite employees cannot contact the host systems, they must use manual procedures to continue operations. Web hosting services are usually arranged with an agreement providing minimum service levels known as a Service Level Agreement (SLA). When a service provider fails to meet the SLA, the provider may accrue fines to cover losses incurred by the client, but these payments seldom cover the losses generated by the outage
Threats Communications and Other Service Provider Issues: Other utility services can affect organizations as well. Among these are telephone, water, wastewater, trash pickup, cable television, natural or propane gas, and custodial services. The loss of these services can impair the ability of an organization to function. For instance, most facilities require water service to operate an air- conditioning system
Threats Power Irregularities: Irregularities from power utilities are common and can lead to fluctuations such as power excesses, power shortages, and power losses. This can pose problems for organizations that provide inadequately conditioned power for their information systems equipment.
Threats Espionage or Trespass: Espionage or trespass is a well-known and broad category of electronic and human activities that can breach the confidentiality of information. When an unauthorized individual gains access to the information an organization is trying to protect, that act is categorized as espionage or trespass. Attackers can use many different methods to access the information stored in an information system. Some information gathering techniques are quite legal, for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive intelligence.
Threats Forces of Nature: Forces of nature, force majeure, or acts of God can present some of the most dangerous threats, because they usually occur with very little warning and are beyond the control of people. Fire Flood Lightning Landslide or mudslide Tornado or severe windstorm Hurricane or typhoon Tsunami Electrostatic discharge (ESD): Dust contamination
Threats Human Error or Failure: This category includes acts performed without intent or malicious purpose by an authorized user. When people use information systems, mistakes happen. Inexperience, improper training, and the incorrect assumptions are just a few things that can cause these misadventures. Regardless of the cause, even innocuous mistakes can produce extensive damage.
Threats Information Extortion: Information extortion occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. Extortion is common in credit card number theft.
Threats Missing, Inadequate, or Incomplete Organizational Policy or Planning: Missing, inadequate, or incomplete organizational policy or planning makes an organization vulnerable to loss, damage, or disclosure of information assets when other threats lead to attacks. Information security is, at its core, a management function. The organization’s executive leadership is responsible for strategic planning for security as well as for IT and business functions—a task known as governance.
Threats Missing, Inadequate, or Incomplete Controls: Missing, inadequate, or incomplete controls—that is, security safeguards and information asset protection controls that are missing, misconfigured, antiquated, or poorly designed or managed—make an organization more likely to suffer losses when other threats lead to attacks..
Threats Sabotage or Vandalism: This category of threat involves the deliberate sabotage of a computer system or business, or acts of vandalism to either destroy an asset or damage the image of an organization. These acts can range from petty vandalism by employees to organized sabotage against an organization.
Threats Theft: The threat of theft, the illegal taking of another’s property, which can be physical, electronic, or intellectual is a constant. The value of information is diminished when it is copied without the owner’s knowledge. Physical theft can be controlled quite easily by means of a wide variety of measures, from locked doors to trained security personnel and the installation of alarm systems. Electronic theft, however, is a more complex problem to manage and control. When someone steals a physical object, the loss is easily detected; if it has any importance at all, its absence is noted. When electronic information is stolen, the crime is not always readily apparent. If thieves are clever and cover their tracks carefully, no one may ever know of the crime until it is far too late..
Threats Technical Hardware Failures or Errors: Technical hardware failures or errors occur when a manufacturer distributes equipment containing a known or unknown flaw. These defects can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability. Some errors are terminal—that is, they result in the unrecoverable loss of the equipment. Some errors are intermittent, in that they only periodically manifest themselves, resulting in faults that are not easily repeated, and thus, equipment can sometimes stop working, or work in unexpected ways..
Threats Technical Software Failures or Errors: Large quantities of computer code are written, debugged, published, and sold before all their bugs are detected and resolved. Sometimes, combinations of certain software and hardware reveal new bugs. These failures range from bugs to untested failure conditions. Sometimes these bugs are not errors, but rather purposeful shortcuts left by programmers. Collectively, shortcut access routes into programs that bypass security checks are called trap doors and can cause serious security breaches.
Threats Technological Obsolescence: Antiquated or outdated infrastructure can lead to unreliable and untrustworthy systems. Management must recognize that when technology becomes outdated, there is a risk of loss of data integrity from attacks. Like old antiviruses etc
Threats
Attacks Malicious Code: The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. The state-of-the-art malicious code attack is the polymorphic, or multivector, worm. These attack programs use up to six known attack vectors to exploit a variety of vulnerabilities in commonly found information system devices. Other forms of malware include covert software applications— bots, spyware, and adware— that are designed to work out of sight of users or via an apparently harmless user.
Attacks Malicious Code: six vectors
Attacks Hoaxes : A more devious attack on computer systems is the transmission of a virus hoax with a real virus attached. When the attack is masked in a seemingly legitimate message, unsuspecting users more readily distribute it. Even though these users are trying to do the right thing to avoid infection, they end up sending the attack on to their coworkers and friends and infecting many users along the way..
Attacks Back Doors : Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource through a back door. Sometimes these entries are left behind by system designers or maintenance staff, and thus are called trap doors.34 A trap door is hard to detect, because very often the programmer who puts it in place also makes the access exempt from the usual audit logging features of the system...
Attacks Password Crack : Attempting to reverse-calculate a password is often called cracking. A cracking attack is a component of many dictionary attacks . It is used when a copy of the Security Account Manager (SAM) data file, which contains hashed representation of the user’s password, can be obtained. A password can be hashed using the same algorithm and compared to the hashed results. If they are the same, the password has been cracked.
Attacks Brute Force : The application of computing and network resources to try every possible password combination is called a brute force attack. Since the brute force attack is often used to obtain passwords to commonly used accounts, it is sometimes called a password attack. Password attacks are rarely successful against systems that have adopted the manufacturer’s recommended security practices. Controls that limit the number of unsuccessful access attempts allowed per unit of elapsed time are very effective against brute force attacks.
Attacks Dictionary : The dictionary attack is a variation of the brute force attack which narrows the field by selecting specific target accounts and using a list of commonly used passwords (the dictionary) instead of random combinations. Rules requiring numbers and/or special characters in passwords make the dictionary attack less effective.
Attacks Denial-of-Service (DoS) : In a denial-of-service (DoS) attack, the attacker sends a large number of connection or information requests to a target. So many requests are made that the target system becomes overloaded and cannot respond to legitimate requests for service. The system may crash or simply become unable to perform ordinary functions.. Distributed Denial-of-Service (DDoS) : Is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. Most DDoS attacks are preceded by a preparation phase in which many systems, perhaps thousands, are compromised. The compromised machines are turned into zombies, machines that are directed remotely (usually by a transmitted command) by the attacker to participate in the attack.
Attacks
Attacks Spoofing : Spoofing is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host. To engage in IP spoofing, hackers use a variety of techniques to obtain trusted IP addresses, and then modify the packet headers to insert these forged addresses. Newer routers and firewall arrangements can offer protection against IP spoofing.
Attacks Spoofing :
Attacks Man-in-the-Middle : In the well-known man-in-the-middle or TCP hijacking attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. This type of attack uses IP spoofing to enable an attacker to impersonate another entity on the network. It allows the attacker to eavesdrop as well as to change, delete, reroute, add, forge, or divert data. A variant of TCP hijacking, involves the interception of an encryption key exchange, which enables the hacker to act as an invisible man-in-the-middle—that is, an eavesdropper—on encrypted communications. Figure 2-13 illustrates these attacks by showing how a hacker uses public and private encryption keys to intercept messages.
Attacks Man-in-the-Middle :
Attacks Spam : Spam is unsolicited commercial e-mail. While many consider spam a slight irritation rather than an attack, it has been used as a means of enhancing malicious code attacks. The most significant consequence of spam, however, is the waste of computer and human resources. Many organizations attempt to cope with the flood of spam by using e-mail filtering technologies. Other organizations simply tell the users of the mail system to delete unwanted messages.
Attacks Mail Bombing : Another form of e-mail attack that is also a DoS is called a mail bomb, in which an attacker routes large quantities of e-mail to the target. This can be accomplished by means of social engineering or by exploiting various technical flaws in the Simple Mail Transport Protocol (SMTP). The target of the attack receives an unmanageably large volume of unsolicited e-mail. By sending large e-mails with forged header information, attackers can take advantage of poorly configured e- mail systems on the Internet and trick them into sending many e- mails to an address chosen by the attacker. If many such systems are tricked into participating in the event, the target e-mail address is buried under thousands or even millions of unwanted e- mails.
Attacks Sniffers : A sniffer is a program or device that can monitor data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information. Sniffers often work on TCP/IP networks, where they’re sometimes called packet sniffers. Sniffers add risk to the network, because many systems and users send information on local networks in clear text. A sniffer program shows all the data going by, including passwords, the data inside files—such as word- processing documents—and screens full of sensitive data from applications.
Attacks Social Engineering : In the context of information security, social engineering is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker. There are several social engineering techniques, which usually involve a perpetrator posing as a person higher in the organizational hierarchy than the victim. To prepare for this false representation, the perpetrator may have used social engineering tactics against others in the organization to collect seemingly unrelated information that, when used together, makes the false representation more credible
Attacks Phishing : Phishing is an attempt to gain personal or financial information from an individual, usually by posing as a legitimate entity. Phishing attacks use three primary techniques, often in combination with one another: URL manipulation, Web site forgery, and phone phishing
Attacks Pharming : Pharming is “the redirection of legitimate Web traffic (e.g., browser requests) to an illegitimate site for the purpose of obtaining private information. Pharming often uses Trojans, worms, or other virus technologies to attack the Internet browser’s address bar so that the valid URL typed by the user is modified to that of the illegitimate Web site. Pharming may also exploit the Domain Name System (DNS) by causing it to transform the legitimate host name into the invalid site’s IP address; this form of pharming is also known as DNS cache poisoning.”

Empfohlen

Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Network security model.pptx
Network security model.pptxNetwork security model.pptx
Network security model.pptxssuserd24233
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 

Empfohlen

Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Network security model.pptx
Network security model.pptxNetwork security model.pptx
Network security model.pptxssuserd24233
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
Information security
Information securityInformation security
Information securitySina Bagherinezhad
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
Information security threats
Information security threatsInformation security threats
Information security threatscomplianceonline123
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
system Security
system Security system Security
system Security Gaurav Mishra
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxPrinceKumar851167
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecuritydivyanshigarg4
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Types of Cyber Attacks
Types of Cyber AttacksTypes of Cyber Attacks
Types of Cyber AttacksRubal Sagwal
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and StandardsDirectorate of Information Security | Ditjen Aptika
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityarun alfie
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Civils & Lintels - Civil Engineering Products
Civils & Lintels - Civil Engineering Products Civils & Lintels - Civil Engineering Products
Civils & Lintels - Civil Engineering Products Thorne & Derrick International
 
Taller de revocos de tierra 2012 paredes de nava palencia españa organizado...
Taller de revocos de tierra 2012 paredes de nava palencia españa organizado...Taller de revocos de tierra 2012 paredes de nava palencia españa organizado...
Taller de revocos de tierra 2012 paredes de nava palencia españa organizado...RUBÉN LAGUNAS TELLO
 

Weitere ähnliche Inhalte

Was ist angesagt?

Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxPrinceKumar851167
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Types of Cyber Attacks
Types of Cyber AttacksTypes of Cyber Attacks
Types of Cyber AttacksRubal Sagwal
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityarun alfie
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 

Was ist angesagt? (20)

Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Information security
Information securityInformation security
Information security
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
Information security threats
Information security threatsInformation security threats
Information security threats
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
system Security
system Security system Security
system Security
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
Information security management
Information security managementInformation security management
Information security management
 
Types of Cyber Attacks
Types of Cyber AttacksTypes of Cyber Attacks
Types of Cyber Attacks
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 

Andere mochten auch

Taller de revocos de tierra 2012 paredes de nava palencia españa organizado...
Taller de revocos de tierra 2012 paredes de nava palencia españa organizado...Taller de revocos de tierra 2012 paredes de nava palencia españa organizado...
Taller de revocos de tierra 2012 paredes de nava palencia españa organizado...RUBÉN LAGUNAS TELLO
 
Memoria ambiental Enara-3
Memoria ambiental Enara-3Memoria ambiental Enara-3
Memoria ambiental Enara-3Frackingezaraba
 
Digital Rights campaigning in the EU, Yana Breindl ECF 2012
Digital Rights campaigning in the EU, Yana Breindl ECF 2012Digital Rights campaigning in the EU, Yana Breindl ECF 2012
Digital Rights campaigning in the EU, Yana Breindl ECF 2012Jess Day
 
Unlocking the Value of Delivering Services Event – Monday 18th March 2013 – A...
Unlocking the Value of Delivering Services Event – Monday 18th March 2013 – A...Unlocking the Value of Delivering Services Event – Monday 18th March 2013 – A...
Unlocking the Value of Delivering Services Event – Monday 18th March 2013 – A...Arrow ECS UK
 
Etiqueta y traje de novio tradicional con abrigos para hombres
Etiqueta y traje de novio tradicional con abrigos para hombresEtiqueta y traje de novio tradicional con abrigos para hombres
Etiqueta y traje de novio tradicional con abrigos para hombresparahombreusa
 
Enterprise Europe Network Slovenia & Josef Stefan Institute
Enterprise Europe Network Slovenia & Josef Stefan InstituteEnterprise Europe Network Slovenia & Josef Stefan Institute
Enterprise Europe Network Slovenia & Josef Stefan InstituteAREA Science Park
 
Winbond W99702 WBNDS02357-1
Winbond W99702 WBNDS02357-1Winbond W99702 WBNDS02357-1
Winbond W99702 WBNDS02357-1Dorian Yeh
 
Cuatrimestral Afiches Publicidad 11
Cuatrimestral Afiches Publicidad 11Cuatrimestral Afiches Publicidad 11
Cuatrimestral Afiches Publicidad 11Marcelo Molina
 
ORYX F1 Packages 2015
ORYX F1 Packages 2015ORYX F1 Packages 2015
ORYX F1 Packages 2015Zohaib Hassan
 
Hotel paraiso del mar ( NERJA)
Hotel paraiso del mar ( NERJA)Hotel paraiso del mar ( NERJA)
Hotel paraiso del mar ( NERJA)g.alix
 
Bilancio di fine anno 2013 Comune di Torino
Bilancio di fine anno 2013 Comune di TorinoBilancio di fine anno 2013 Comune di Torino
Bilancio di fine anno 2013 Comune di TorinoQuotidiano Piemontese
 
Davis Instruments 6490 ultraviolet sensor
Davis Instruments 6490 ultraviolet sensorDavis Instruments 6490 ultraviolet sensor
Davis Instruments 6490 ultraviolet sensordegarden
 
Molecula Naltrexone Trabajo Producto Acabado
Molecula Naltrexone Trabajo Producto AcabadoMolecula Naltrexone Trabajo Producto Acabado
Molecula Naltrexone Trabajo Producto AcabadoSocratesCastilloFelizMD
 
Opportunities For Service Providers In Indian Offshore
Opportunities For Service Providers In Indian OffshoreOpportunities For Service Providers In Indian Offshore
Opportunities For Service Providers In Indian Offshoremantrana
 

Andere mochten auch (20)

Civils & Lintels - Civil Engineering Products
Civils & Lintels - Civil Engineering Products Civils & Lintels - Civil Engineering Products
Civils & Lintels - Civil Engineering Products
 
Taller de revocos de tierra 2012 paredes de nava palencia españa organizado...
Taller de revocos de tierra 2012 paredes de nava palencia españa organizado...Taller de revocos de tierra 2012 paredes de nava palencia españa organizado...
Taller de revocos de tierra 2012 paredes de nava palencia españa organizado...
 
Memoria ambiental Enara-3
Memoria ambiental Enara-3Memoria ambiental Enara-3
Memoria ambiental Enara-3
 
About hubraum Krakow
About hubraum KrakowAbout hubraum Krakow
About hubraum Krakow
 
Digital Rights campaigning in the EU, Yana Breindl ECF 2012
Digital Rights campaigning in the EU, Yana Breindl ECF 2012Digital Rights campaigning in the EU, Yana Breindl ECF 2012
Digital Rights campaigning in the EU, Yana Breindl ECF 2012
 
Unlocking the Value of Delivering Services Event – Monday 18th March 2013 – A...
Unlocking the Value of Delivering Services Event – Monday 18th March 2013 – A...Unlocking the Value of Delivering Services Event – Monday 18th March 2013 – A...
Unlocking the Value of Delivering Services Event – Monday 18th March 2013 – A...
 
Etiqueta y traje de novio tradicional con abrigos para hombres
Etiqueta y traje de novio tradicional con abrigos para hombresEtiqueta y traje de novio tradicional con abrigos para hombres
Etiqueta y traje de novio tradicional con abrigos para hombres
 
Folleto campana
Folleto campanaFolleto campana
Folleto campana
 
Enterprise Europe Network Slovenia & Josef Stefan Institute
Enterprise Europe Network Slovenia & Josef Stefan InstituteEnterprise Europe Network Slovenia & Josef Stefan Institute
Enterprise Europe Network Slovenia & Josef Stefan Institute
 
Winbond W99702 WBNDS02357-1
Winbond W99702 WBNDS02357-1Winbond W99702 WBNDS02357-1
Winbond W99702 WBNDS02357-1
 
Cuatrimestral Afiches Publicidad 11
Cuatrimestral Afiches Publicidad 11Cuatrimestral Afiches Publicidad 11
Cuatrimestral Afiches Publicidad 11
 
Why radiodeck
Why radiodeckWhy radiodeck
Why radiodeck
 
WIKI WEB 2.0
WIKI WEB 2.0WIKI WEB 2.0
WIKI WEB 2.0
 
ORYX F1 Packages 2015
ORYX F1 Packages 2015ORYX F1 Packages 2015
ORYX F1 Packages 2015
 
Dante eduteam presentation
Dante eduteam presentationDante eduteam presentation
Dante eduteam presentation
 
Hotel paraiso del mar ( NERJA)
Hotel paraiso del mar ( NERJA)Hotel paraiso del mar ( NERJA)
Hotel paraiso del mar ( NERJA)
 
Bilancio di fine anno 2013 Comune di Torino
Bilancio di fine anno 2013 Comune di TorinoBilancio di fine anno 2013 Comune di Torino
Bilancio di fine anno 2013 Comune di Torino
 
Davis Instruments 6490 ultraviolet sensor
Davis Instruments 6490 ultraviolet sensorDavis Instruments 6490 ultraviolet sensor
Davis Instruments 6490 ultraviolet sensor
 
Molecula Naltrexone Trabajo Producto Acabado
Molecula Naltrexone Trabajo Producto AcabadoMolecula Naltrexone Trabajo Producto Acabado
Molecula Naltrexone Trabajo Producto Acabado
 
Opportunities For Service Providers In Indian Offshore
Opportunities For Service Providers In Indian OffshoreOpportunities For Service Providers In Indian Offshore
Opportunities For Service Providers In Indian Offshore
 

Ähnlich wie Need for security

Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptxmuskaangoel15
 
computer security and its relationship to computer forensic
computer security and its relationship to computer forensic computer security and its relationship to computer forensic
computer security and its relationship to computer forensicShabnamkhan113
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfsrtwgwfwwgw
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityAliyuMuhammadButu
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptxSibyJames1
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.angelaag98
 
Website security
Website securityWebsite security
Website securityRIPPER95
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxjoellemurphey
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxmalbert5
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4Anne ndolo
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 

Ähnlich wie Need for security (20)

Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challenges
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptx
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
 
computer security and its relationship to computer forensic
computer security and its relationship to computer forensic computer security and its relationship to computer forensic
computer security and its relationship to computer forensic
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdf
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptx
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.
 
Website security
Website securityWebsite security
Website security
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
 
Mis 1
Mis 1Mis 1
Mis 1
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Module 4.pdf
Module 4.pdfModule 4.pdf
Module 4.pdf
 
Module 4 Cyber Security Vulnerabilities& Safe Guards
Module 4 Cyber Security Vulnerabilities& Safe GuardsModule 4 Cyber Security Vulnerabilities& Safe Guards
Module 4 Cyber Security Vulnerabilities& Safe Guards
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
 

Mehr von University of Central Punjab

Mehr von University of Central Punjab (7)

3G,4G
3G,4G3G,4G
3G,4G
 
Microsoft windows
Microsoft windowsMicrosoft windows
Microsoft windows
 
Firewalls
FirewallsFirewalls
Firewalls
 
Remote desktop and print server
Remote desktop and print serverRemote desktop and print server
Remote desktop and print server
 
Social and ethical issues in commerce
Social and ethical issues in commerceSocial and ethical issues in commerce
Social and ethical issues in commerce
 
Security of information asset
Security of information assetSecurity of information asset
Security of information asset
 
VIOP , SKYPE and OOVOO
VIOP , SKYPE and OOVOOVIOP , SKYPE and OOVOO
VIOP , SKYPE and OOVOO
 

Kürzlich hochgeladen

GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607dollysharma2066
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentNimot Muili
 
Strategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal AnalsysisStrategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal Analsysistanmayarora45
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic managementharfimakarim
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxalinstan901
 
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Pooja Nehwal
 
International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdfAlejandromexEspino
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Pooja Nehwal
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampPLCLeadershipDevelop
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field ArtilleryKennethSwanberg
 
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Hedda Bird
 
Reviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxReviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxAss.Prof. Dr. Mogeeb Mosleh
 

Kürzlich hochgeladen (15)

GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable development
 
Strategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal AnalsysisStrategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal Analsysis
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic management
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptx
 
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
 
International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdf
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field Artillery
 
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
 
Intro_University_Ranking_Introduction.pptx
Intro_University_Ranking_Introduction.pptxIntro_University_Ranking_Introduction.pptx
Intro_University_Ranking_Introduction.pptx
 
Reviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxReviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptx
 

Need for security

  • 1.
  • 2. Need for Security Information security performs four important functions for an organization: 1.Protecting the organization’s ability to function 2.Enabling the safe operation of applications running on the organization’s IT systems 3.Protecting the data the organization collects and uses 4.Safeguarding the organization’s technology assets
  • 3. Business need Protecting the Functionality of an Organization Both general management and IT management are responsible for implementing information security that protects the organization’s ability to function. Enabling the Safe Operation of Applications A modern organization needs to create an environment that safeguards these applications, particularly those that are important elements of the organization’s infrastructure— operating system platforms, electronic mail (e-mail), and instant messaging (IM) applications
  • 4. Business need Protecting Data that Organizations Collect and Use protecting data in motion and data at rest are both critical aspects of information security. The value of data motivates attackers to steal, sabotage, or corrupt it. An effective information security program implemented by management protects the integrity and value of the organization’s data Safeguarding Technology Assets in Organizations To perform effectively, organizations must employ secure infrastructure services appropriate to the size and scope of the enterprise. Like encryption (Private and Public key Cryptography)
  • 6. Threats Compromises to Intellectual Property: “the ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another person’s intellectual property may or may not involve royalty payments or permission, but should always include proper credit to the sour
  • 7. Threats Deliberate Software Attacks: Deliberate software attacks occur when an individual or group designs and deploys software to attack a system. Most of this software is referred to as malicious code or malicious software, or sometimes malware. These software components or programs are designed to damage, destroy, or deny service to the target systems. Some of the more common instances of malicious code are viruses and worms, Trojan horses, logic bombs, and back doors.
  • 8. Threats Virus : A computer virus consists of segments of code that perform malicious actions. The code attaches itself to an existing program and takes control of that program’s access to the targeted computer. The virus- controlled target program then carries out the virus’s plan by replicating itself into additional targeted systems. Many times users unwittingly help viruses get into a system..
  • 9. Threats Worms : The complex behavior of worms can be initiated with or without the user downloading or executing the file. Once the worm has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system. Furthermore, a worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. Worms also take advantage of open shares found on the network in which an infected system is located, placing working copies of the worm code onto the server so that users of those shares are likely to become infected.
  • 10. Threats Trojan Horses Trojan horses are software programs that hide their true nature and reveal their designed behavior only when activated. Trojan horses are frequently disguised as helpful, interesting, or necessary pieces of software, such as readme.exe files often included with shareware or freeware packages.
  • 11. Threats Back Door or Trap Door A virus or worm can have a payload that installs a back door or trap door component in a system, which allows the attacker to access the system at will with special privileges.
  • 12. Threats Polymorphic Threats : One of the biggest challenges to fighting viruses and worms has been the emergence of polymorphic threats. A polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. These viruses and worms actually evolve, changing their size and other external file characteristics to elude detection by antivirus software programs
  • 13. Threats Virus and Worm Hoaxes: As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus hoaxes. Well-meaning people can disrupt the harmony and flow of an organization when they send group e-mails warning of supposedly dangerous viruses that don’t exist. When people fail to follow virus-reporting procedures, the network becomes overloaded, and much time and energy is wasted as users forward the warning message to everyone they know, post the message on bulletin boards, and try to update their antivirus protection software.
  • 14. Threats Deviations in Quality of Service: Deviations in quality of service can result from incidents such as a backhoe taking out a fiber-optic link for an ISP. The backup provider may be online and in service, but may be able to supply only a fraction of the bandwidth the organization needs for full service. This degradation of service is a form of availability disruption. Irregularities in Internet service, communications, and power supplies can dramatically affect the availability of information and systems..
  • 15. Threats Internet Service Issues: Many organizations have sales staff and telecommuters working at remote locations. When these offsite employees cannot contact the host systems, they must use manual procedures to continue operations. Web hosting services are usually arranged with an agreement providing minimum service levels known as a Service Level Agreement (SLA). When a service provider fails to meet the SLA, the provider may accrue fines to cover losses incurred by the client, but these payments seldom cover the losses generated by the outage
  • 16. Threats Communications and Other Service Provider Issues: Other utility services can affect organizations as well. Among these are telephone, water, wastewater, trash pickup, cable television, natural or propane gas, and custodial services. The loss of these services can impair the ability of an organization to function. For instance, most facilities require water service to operate an air- conditioning system
  • 17. Threats Power Irregularities: Irregularities from power utilities are common and can lead to fluctuations such as power excesses, power shortages, and power losses. This can pose problems for organizations that provide inadequately conditioned power for their information systems equipment.
  • 18. Threats Espionage or Trespass: Espionage or trespass is a well-known and broad category of electronic and human activities that can breach the confidentiality of information. When an unauthorized individual gains access to the information an organization is trying to protect, that act is categorized as espionage or trespass. Attackers can use many different methods to access the information stored in an information system. Some information gathering techniques are quite legal, for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive intelligence.
  • 19. Threats Forces of Nature: Forces of nature, force majeure, or acts of God can present some of the most dangerous threats, because they usually occur with very little warning and are beyond the control of people. Fire Flood Lightning Landslide or mudslide Tornado or severe windstorm Hurricane or typhoon Tsunami Electrostatic discharge (ESD): Dust contamination
  • 20. Threats Human Error or Failure: This category includes acts performed without intent or malicious purpose by an authorized user. When people use information systems, mistakes happen. Inexperience, improper training, and the incorrect assumptions are just a few things that can cause these misadventures. Regardless of the cause, even innocuous mistakes can produce extensive damage.
  • 21. Threats Information Extortion: Information extortion occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. Extortion is common in credit card number theft.
  • 22. Threats Missing, Inadequate, or Incomplete Organizational Policy or Planning: Missing, inadequate, or incomplete organizational policy or planning makes an organization vulnerable to loss, damage, or disclosure of information assets when other threats lead to attacks. Information security is, at its core, a management function. The organization’s executive leadership is responsible for strategic planning for security as well as for IT and business functions—a task known as governance.
  • 23. Threats Missing, Inadequate, or Incomplete Controls: Missing, inadequate, or incomplete controls—that is, security safeguards and information asset protection controls that are missing, misconfigured, antiquated, or poorly designed or managed—make an organization more likely to suffer losses when other threats lead to attacks..
  • 24. Threats Sabotage or Vandalism: This category of threat involves the deliberate sabotage of a computer system or business, or acts of vandalism to either destroy an asset or damage the image of an organization. These acts can range from petty vandalism by employees to organized sabotage against an organization.
  • 25. Threats Theft: The threat of theft, the illegal taking of another’s property, which can be physical, electronic, or intellectual is a constant. The value of information is diminished when it is copied without the owner’s knowledge. Physical theft can be controlled quite easily by means of a wide variety of measures, from locked doors to trained security personnel and the installation of alarm systems. Electronic theft, however, is a more complex problem to manage and control. When someone steals a physical object, the loss is easily detected; if it has any importance at all, its absence is noted. When electronic information is stolen, the crime is not always readily apparent. If thieves are clever and cover their tracks carefully, no one may ever know of the crime until it is far too late..
  • 26. Threats Technical Hardware Failures or Errors: Technical hardware failures or errors occur when a manufacturer distributes equipment containing a known or unknown flaw. These defects can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability. Some errors are terminal—that is, they result in the unrecoverable loss of the equipment. Some errors are intermittent, in that they only periodically manifest themselves, resulting in faults that are not easily repeated, and thus, equipment can sometimes stop working, or work in unexpected ways..
  • 27. Threats Technical Software Failures or Errors: Large quantities of computer code are written, debugged, published, and sold before all their bugs are detected and resolved. Sometimes, combinations of certain software and hardware reveal new bugs. These failures range from bugs to untested failure conditions. Sometimes these bugs are not errors, but rather purposeful shortcuts left by programmers. Collectively, shortcut access routes into programs that bypass security checks are called trap doors and can cause serious security breaches.
  • 28. Threats Technological Obsolescence: Antiquated or outdated infrastructure can lead to unreliable and untrustworthy systems. Management must recognize that when technology becomes outdated, there is a risk of loss of data integrity from attacks. Like old antiviruses etc
  • 30. Attacks Malicious Code: The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. The state-of-the-art malicious code attack is the polymorphic, or multivector, worm. These attack programs use up to six known attack vectors to exploit a variety of vulnerabilities in commonly found information system devices. Other forms of malware include covert software applications— bots, spyware, and adware— that are designed to work out of sight of users or via an apparently harmless user.
  • 32. Attacks Hoaxes : A more devious attack on computer systems is the transmission of a virus hoax with a real virus attached. When the attack is masked in a seemingly legitimate message, unsuspecting users more readily distribute it. Even though these users are trying to do the right thing to avoid infection, they end up sending the attack on to their coworkers and friends and infecting many users along the way..
  • 33. Attacks Back Doors : Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource through a back door. Sometimes these entries are left behind by system designers or maintenance staff, and thus are called trap doors.34 A trap door is hard to detect, because very often the programmer who puts it in place also makes the access exempt from the usual audit logging features of the system...
  • 34. Attacks Password Crack : Attempting to reverse-calculate a password is often called cracking. A cracking attack is a component of many dictionary attacks . It is used when a copy of the Security Account Manager (SAM) data file, which contains hashed representation of the user’s password, can be obtained. A password can be hashed using the same algorithm and compared to the hashed results. If they are the same, the password has been cracked.
  • 35. Attacks Brute Force : The application of computing and network resources to try every possible password combination is called a brute force attack. Since the brute force attack is often used to obtain passwords to commonly used accounts, it is sometimes called a password attack. Password attacks are rarely successful against systems that have adopted the manufacturer’s recommended security practices. Controls that limit the number of unsuccessful access attempts allowed per unit of elapsed time are very effective against brute force attacks.
  • 36. Attacks Dictionary : The dictionary attack is a variation of the brute force attack which narrows the field by selecting specific target accounts and using a list of commonly used passwords (the dictionary) instead of random combinations. Rules requiring numbers and/or special characters in passwords make the dictionary attack less effective.
  • 37. Attacks Denial-of-Service (DoS) : In a denial-of-service (DoS) attack, the attacker sends a large number of connection or information requests to a target. So many requests are made that the target system becomes overloaded and cannot respond to legitimate requests for service. The system may crash or simply become unable to perform ordinary functions.. Distributed Denial-of-Service (DDoS) : Is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. Most DDoS attacks are preceded by a preparation phase in which many systems, perhaps thousands, are compromised. The compromised machines are turned into zombies, machines that are directed remotely (usually by a transmitted command) by the attacker to participate in the attack.
  • 39. Attacks Spoofing : Spoofing is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host. To engage in IP spoofing, hackers use a variety of techniques to obtain trusted IP addresses, and then modify the packet headers to insert these forged addresses. Newer routers and firewall arrangements can offer protection against IP spoofing.
  • 41. Attacks Man-in-the-Middle : In the well-known man-in-the-middle or TCP hijacking attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. This type of attack uses IP spoofing to enable an attacker to impersonate another entity on the network. It allows the attacker to eavesdrop as well as to change, delete, reroute, add, forge, or divert data. A variant of TCP hijacking, involves the interception of an encryption key exchange, which enables the hacker to act as an invisible man-in-the-middle—that is, an eavesdropper—on encrypted communications. Figure 2-13 illustrates these attacks by showing how a hacker uses public and private encryption keys to intercept messages.
  • 43. Attacks Spam : Spam is unsolicited commercial e-mail. While many consider spam a slight irritation rather than an attack, it has been used as a means of enhancing malicious code attacks. The most significant consequence of spam, however, is the waste of computer and human resources. Many organizations attempt to cope with the flood of spam by using e-mail filtering technologies. Other organizations simply tell the users of the mail system to delete unwanted messages.
  • 44. Attacks Mail Bombing : Another form of e-mail attack that is also a DoS is called a mail bomb, in which an attacker routes large quantities of e-mail to the target. This can be accomplished by means of social engineering or by exploiting various technical flaws in the Simple Mail Transport Protocol (SMTP). The target of the attack receives an unmanageably large volume of unsolicited e-mail. By sending large e-mails with forged header information, attackers can take advantage of poorly configured e- mail systems on the Internet and trick them into sending many e- mails to an address chosen by the attacker. If many such systems are tricked into participating in the event, the target e-mail address is buried under thousands or even millions of unwanted e- mails.
  • 45. Attacks Sniffers : A sniffer is a program or device that can monitor data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information. Sniffers often work on TCP/IP networks, where they’re sometimes called packet sniffers. Sniffers add risk to the network, because many systems and users send information on local networks in clear text. A sniffer program shows all the data going by, including passwords, the data inside files—such as word- processing documents—and screens full of sensitive data from applications.
  • 46. Attacks Social Engineering : In the context of information security, social engineering is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker. There are several social engineering techniques, which usually involve a perpetrator posing as a person higher in the organizational hierarchy than the victim. To prepare for this false representation, the perpetrator may have used social engineering tactics against others in the organization to collect seemingly unrelated information that, when used together, makes the false representation more credible
  • 47. Attacks Phishing : Phishing is an attempt to gain personal or financial information from an individual, usually by posing as a legitimate entity. Phishing attacks use three primary techniques, often in combination with one another: URL manipulation, Web site forgery, and phone phishing
  • 48. Attacks Pharming : Pharming is “the redirection of legitimate Web traffic (e.g., browser requests) to an illegitimate site for the purpose of obtaining private information. Pharming often uses Trojans, worms, or other virus technologies to attack the Internet browser’s address bar so that the valid URL typed by the user is modified to that of the illegitimate Web site. Pharming may also exploit the Domain Name System (DNS) by causing it to transform the legitimate host name into the invalid site’s IP address; this form of pharming is also known as DNS cache poisoning.”