This document discusses various threats to information security. It defines information and information security. It explains that information security involves protecting information systems from physical, personal, operational, communications, and network security threats. The main threats discussed are inadvertent acts, deliberate acts, natural disasters, technical failures, management failure, malware like viruses, worms, Trojans, and spyware, and hacking and cracking. It provides examples and definitions for each type of threat.
2. What is information ?
• Information is a complete set of data.
• It can be called as processed data.
3. What is Information Security ?
• It is protection of information systems and
hardware that use, store and transit the
information.
• Security is the quality or state of information
• Security is always multilayered :
Physical Security
Personal Security
Operations Security
Communications Security
Network Security
4. Threats to Information Security
• A threat is an object, person, or other entity
that represents a constant danger to an asset.
• The Management should ensure that
information is given sufficient protection
through policies, proper training and proper
equipment.
• Consistent reviews andBetter information
security can be provided by recognizing and
ranking the threats to the information.
• Checks also help and Surveys also help in
keeping information safe
5. Types of Threats to Information
• Inadvertent Acts
• Deliberate Acts
• Natural Disaster (Natural Forces)
• Technical Failures
• Management Failure
6. Inadvertent Acts
• These are the acts that happen by mistake.
They are not deliberate
• The attacker does not have any ill will or
malicious intent or his attack is not proven in
categories of theft.
• Acts of Human error and failure, Deviation
from service quality, communication error,
are examples of inadvertent acts
7. Deliberate Acts
• These acts are done by people of
organizations to harm the information.
• The attackers have a malicious intent and
wish to steal or destroy the data.
• Acts of espionage, Hacking, Cracking, come
under deliberate acts.
8. Natural Disasters
• Forces of nature are dangerous because they are
unexpected and come without very little warning.
• They disrupt lives of individuals but also causes
damage to information that is stored within
computers.
• These threats can be avoided but the management
must have the necessary precautions.
9. Technical Failures
• Technical failures are classified into two types :
– Technical Hardware Failure
– Technical Software Failure
• Technical Hardware Failure: It occurs when
manufacturer distributes equipment with flaws
that may be known or unknown to the
manufacturer
• Technical Software Failure: These can cause the
system to perform in an undesirable or
unexpected way. Some of these are
unrecoverable while some occur periodically
10. Management failure
• Management must always be updated about
recent developments and technology.
• Proper planning must be done by the
management for good protection of the
information.
• IT professionals must help the management
in protecting the information, by helping the
management upgrade to the latest
technology.
11. Malware
• It is any malicious software designed to harm
a computer without the user’s consent.
• Eg. VIRUS, Worm, Trojan, Spyware
12. VIRUS
(Vital Information Resource Under Siege )
• It is a computer program designed to copy
itself and attach itself to other files stored on
a computer.
• It moves from computer to computer through
by attaching itself to files or boot records of
disks.
• It can be sent through a network or a
removable storage device.
13. Worm
• Worm is a self replicating computer program
that uses a network to send copies of itself to
other computers on the network.
• It replicates ad eats up the computer storage.
• An example is Voyager Worm
14. Trojan horse
• They appear to be harmless but secretly
gather information about the user.
• They upload hidden and malicious programs
on the computer without the user’s
knowledge.
• It does not attempt to inject itself into other
files unlike computer virus.
15. Spyware
• It secretly monitors internet surfing habits
without user’s knowledge.
• They perform actions like advertising vague
products and changing computer
configurations. These actions are very
troublesome.
• They usually do not replicate themselves.
16. Protection against Malware
• Make sure that you have updated operating
system and antivirus software. Eg. McAfee
• Do not use pirated software, or download
files from unreliable sources.
• Perform regular hard drive scans.
• Use licensed software
17. Hacking
• Hacking means finding out weaknesses in a
computer or a network and exploiting them.
• Hackers are usually motivated by profit,
protest or challenge.
18. Hacker
• He/She is a person who enjoys the challenge
of breaking into computers without the
knowledge of the user.
• Their main aim might be to know the detail
of a programmable system and how it works.
• Hackers are experts who see new ways to use
computers.
19. Cracker
• These people crack or remove the protection
mechanism of a computer system.
• Their main aim is to steal or destroy
information without the users consent
• They are much more dangerous than hackers.