SRA221 Chapter 1

Flashcard maker : Lily Taylor
attacks or attackers that can do harm.
the types of attackers and attacks companies face.
Threat environment
“Understanding the threat environment”
is a fancy way of saying *** know your enemy***
any resources valuable to an organization to conduct its business
Examples of Assets
an asset could be a human resource too.
assets can be data,hardware, information and etc
any weakness in you security system
when a threat succeeds in causing harm to a business, this is called an incident, breach, or compromise.
Synonyms for Compromise
tools used to thwart attacks (also called safeguards, protections, and controls)
ways to either reduce or remove the possibility of a threat getting materialized
the possibility /probability of a threat getting materialized
the consequence/damage done to the asset
Types of countermeasures
help get the business process back on track after the attack has been successful <
identify when a threat is attacking and when they are succeeding // fast detection can minimize damage.
keeps attacks from succeeding // most controls are preventative.
Threat Environments
internal threats
external threats
attack and attackers originating from the organization itself
this could be both intentional or accidental
internal threats
attacks and attackers originating from the outside of the organization
Rogue nations
external threats
means that people cannot read sensitive information, either while it is on a computer or while it is traveling across a network.
computing resources/data/info only accessible to the authorized users
means that attackers cannot change or destroy information, either while it is on a computer or while it is traveling across a network. Or, at least, if information is changed or destroyed, then the receiver can detect the change or restore data.
computing resources/data only modifiable or removable by the authorized users
means that people who are authorized to use information are not prevented from doing so.
Computing resources/data/info accessible when needed by the authorized user
Employees and ex-employees are very dangerous because they have extensive knowledge of systems, have the credentials needed to access sensitive parts of systems, often know how to avoid detection, and can benefit from the trust that usually is accorded to “our people.”
Insider threat
Why are insider threarts more dangerous
security controls and how to avoid them
people to look for are security professionals and IT people
Forms of insider threats
Employee hacking // Authorization is key
Employer financial theft and theft of intellectual property (IP)
Employee Extortion
Sexual or Racial Harassment of Other Employees
Employee Computer and Internet Abuse
Date Loss
Other “Internal” Attackers
destruction of hardware, data, software, and the planting of time bomb or logic bomb
embezzle money
steal intellectual property
trade secrets- pieces of sensitive information that a firm acts to keep secret.
Employee hacking // Authorization is key
information owned by the company and protected by law.
misappropriation of assets
theft of money
Employer financial theft and theft of intellectual property (IP)
Against the victim’s interest
Employee Extortion
via email
displaying pornographic material
Sexual or Racial Harassment of Other Employees
Use policies
Ethnic policies
Legal consequence
Non-internet abuse
**unauthorized access
Employee Computer and Internet Abuse
Lost: laptops, storage media, usb, optical disks
Average cost of data breach in 2010 << might not be lost could have just been changed as well 4,000,000
Date Loss
Other “Internal” Attackers
contract workers << the know everything that there and are able to leave
a generic term for evil software.
require help from another program and a person (trigger) // programs that attach themselves to legitimate programs on the victim’s machine.
can spread on their own // stand-alone programs that do not attach themselves to other programs
many times viruses and worms are combined into a single program posting a bigger threat // propagate both as viruses and worms.
Blended threats
the pieces of code that do damage. // malicious payloads can do extreme damage, for example, by randomly deleting files from the victim’s hard disk drive or by installing some of the other types of malware described later in this section.
pretend to be one thing
a programs that hides itself by deleting a systems file and taking on its name
this makes it difficult to detect
downloads -programs the download malicious malware
spyware-program that collects sensitive information on a person’s program
rootkit-changes the OS
Trojan horses
mobile refers to the portable program
portable in turn means that the malicious code can be running on multiple platforms
Alot of mobile codes are web based
Mobile Codes
Benign Advertisement
Spear Phishing<< at a single group of people
goal: find out weaknesses <
scripts that allows hackers to deface website
Script kiddies
find host that are active
Internet control message protocol ICMP
waits for the echo to find that IP message
IP address scanning
no response
Port Scanning
Well known Port Number
More information about
operating systems
The exploit
goal: weaknesses found and exploit or attack <
once exploit succeeds each packet carries a source IP address and is dangerous for hackers because it allows companies to find them. Spoofing allows some packets to avoid this by changing the IP address.
using a fake IP address instead of the real one so the hacker does not get identifies
objective is so the hacker is not found
the clever manipulation of the natural human tendency to trust
Social Engineering
someone has access
Shoulder Surfing
actually watching someone type in their password
pretending to be someone and try to get information
Attempts to make a server or network unusable to other legitimate servers or attacks on availability
do this by flooding the system with attack packets
Denial of Service (DoS) Attacks
What aspect of security control does DoS affect the most
Servers and networks because the are flooded and legitimate users are not able to use it
How does DoS attacks work?
attacker floods the server with TCP
connection requests
flooded requests
affect of DoS attack
cpu and memory loss
new functionalities
cannot fix bugs
increased spam
unable to software update
Distributed DoS
place programs called bots onto internet servers or host
bot master sends message to all the bots to attack
bots start to sending out attack packets to victim and flood them
Why is it important for firms to understand threat environment?
So that firms are able to prepare for different attacks/threats. It is the idea of “knowing your enemy”
Name three common security goals ?
Confidentiality, Integrity, and Availability
What is an incident?
when a threat succeeds in causing harm to a firm or business
What are synonyms for incidents?
breach or compromise
What are some synonyms for countermeasure?
safeguards, protections, or controls

Get instant access to
all materials

Become a Member