CHAPTER 1=INTRODUCTION TO SECURITY

Information Security

1.2 SECURITY THREATS

Risk of network intrusion

Differentiate between Attackers and
Hackers

The term information security is frequently used to describe the tasks of securing information that is in a digital format

This digital information is manipulated by a microprocessor (such as on a personal computer)

Information security can be best understood by examining its goals and the process of how it is accomplished

The term “information security” also can be defined as protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide;

• CONFIDENTIALITY

• integrity

• availability,

Preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information.

Confidentiality ensures that only authorized parties can view the information.

Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.

Ensuring timely and reliable access to and use
of information

Integrity ensures that the information is correct and no unauthorized person or malicious software has altered the data

Availability ensures that data is accessible to
authorized users.

Cracker/ Intruder/ Attacker

Hackers

Work for themselves

Can easily be identified because their
actions are malicious

Referred as Black Hat

Hired by companies

Obtain advanced knowledge of operating systems and programming languages

Referred as White Hat

A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system.

Threats can lead to attacks on computer
systems, networks and more.

Various threats to computer security

Hacking

Natural Disaster

Malicious code

Theft

The effect is caused by an agent, with the
intention to cause damage.

The agent for malicious code is the writer of
the code, or any person who causes its distribution.

Hackers may use a modem or cable to
hack the targeted computers

Hacking is a source of threat to security in
computer. It is defined as unauthorized access to the computer system by a hacker

Computers are also threatened by natural or
environmental disaster. Be it at home, stores, offices and also automobiles. Examples of
natural or environmental disasters:

Fire

Earthquakes, storms and tornados

Flood

Excessive heat

Inadequate power supply

Two types of computer theft

Computer is used to steal money, goods,
information and resources.

Stealing of computer, especially notebook and
PDAs.

Once the hacker gains access to the
network, four types of threat may arise:

• Information theft

• Identity theft

• Data loss/ manipulation

• Disruption of service

Breaking into a computer to obtain confidential
information. Information can be used or sold fo various purpose. Example: stealing an
organization’s proprietary information, such as research and development information

A form of information theft where personal
information is stolen for the purpose of taking over someone’s identity. Using this information an
individual can obtain legal documents, apply for credit and make authorized online purchases.

Breaking into a computer to destroy or after
data records. Example of data loss: sending a virus that reformats a computer hard drive.
Example of data manipulation: breaking into a records system to change information, such
as the price of an item.

Preventing legitimate users from accessing
services to which they should be entitled.