Please enable JavaScript.
Coggle requires JavaScript to display documents.
CT 201 wk 1 ch2 "The Need for Security" (Chapter Summary…
CT 201 wk 1 ch2 "The Need for Security"
Chapter Summary
Information security performs four important functions to ensure that information assets remain safe and useful:
■ Protecting the organization’s ability to function
■ Enabling the safe operation of applications implemented on the organization’s IT systems
Protecting the data an organization collects and uses
■ Safeguarding the organization’s technology assets
■ To make sound decisions about information security, management must be informed about threats to its people, applications, data, and information systems and the attacks they face.
■ Threats are any events or circumstances that have the potential to adversely affect operations and assets. An attack is an intentional or unintentional act that can damage or otherwise compromise information and the systems that support it. A vulnerability is a potential weakness in an asset or its defensive controls.
■ Threats or dangers facing an organization’s people, information, and systems fall into the following categories:
■ Compromises to intellectual property: Intellectual property, such as trade secrets, copyrights, trademarks, or patents, are intangible assets that may be attacked via software piracy or the exploitation of asset protection controls.
■ Deviations in quality of service: Organizations rely on services provided by others. Losses can come from interruptions to those services.
■ Espionage or trespass: Asset losses may result when electronic and human activi- ties breach the confidentiality of information.
■ Forces of nature: A wide range of natural events can overwhelm control systems and preparations to cause losses to data and availability.
■ Human error or failure: Losses to assets may come from intentional or accidental actions by people inside and outside the organization.
■ Information extortion: Stolen or inactivated assets may be held hostage to extract payment of ransom.
■ Sabotage or vandalism: Losses may result from the deliberate sabotage of a com- puter system or business, or from acts of vandalism. These acts can either destroy an asset or damage the image of an organization.
■ Software attacks: Losses may result when attackers use software to gain unautho- rized access to systems or cause disruptions in systems availability.
■ Technical hardware failures or errors: Technical defects in hardware systems can cause unexpected results, including unreliable service or lack of availability.
■ Technical software failures or errors: Software used by systems may have pur- poseful or unintentional errors that result in failures, which can lead to loss of availability or unauthorized access to information.
■ Technological obsolescence: Antiquated or outdated infrastructure can lead to unreliable and untrustworthy systems that may result in loss of availability or unauthorized access to information.
■ Theft: Theft of information can result from a wide variety of attacks
Review Questions
Why is information security a management problem? What can management do that technology cannot?
Why is data the most important asset an organization possesses? What other assets in the organization require protection?
Which management groups are responsible for implementing information security to protect the organization’s ability to function?
Has the implementation of networking technology created more or less risk for busi- nesses that use information technology? Why?
What is information extortion? Describe how such an attack can cause losses, using an example not found in the text.
Why are employees one of the greatest threats to information security?
How can you protect against shoulder surfing?
How has the perception of the hacker changed over recent years? What is the profile of a hacker today?
What is the difference between a skilled hacker and an unskilled hacker, other than skill levels? How does the protection against each differ?
What are the various types of malware? How do worms differ from viruses? Do Trojan horses carry viruses or worms?
Why does polymorphism cause greater concern than traditional malware? How does it affect detection?
What is the most common violation of intellectual property? How does an organization protect against it? What agencies fight it?
What are the various forces of nature? Which type might be of greatest concern to an organization in Las Vegas? Jakarta? Oklahoma City? Amsterdam? Miami? Tokyo?
How is technological obsolescence a threat to information security? How can an orga- nization protect against it?
Does the intellectual property owned by an organization usually have value? If so, how can attackers threaten that value?
What are the types of password attacks? What can a systems administrator do to pro- tect against them?
What is the difference between a denial-of-service attack and a distributed denial- of-service attack? Which is more dangerous? Why?
For a sniffer attack to succeed, what must the attacker do? How can an attacker gain access to a network to use the sniffer system?
What methods does a social engineering hacker use to gain information about a user’s login ID and password? How would this method differ if it targeted an administrator’s assistant versus a data-entry clerk?
What is a buffer overflow, and how is it used against a Web server?
Attacks
PW attacks - how are passwords stored on different platforms? How are passwords linked to hashes? "salt-to-hash"
Cracking
BRute force
dictionary
rainbow tables
SE
Linux - shadow file
Buffer Overflow
Cmd injection
cross-site scripting
Change control
TLO
Discuss the organizational need for information security
List and describe the threats posed to information security and common attacks associated with those threats
List the common development failures and errors that result from poor software security efforts
Explain why a successful information security program is the shared responsibility of an organization’s three communities of interest
Blue
Syn cookie
VPN
firewall
reroute traffic? ACL