1 / 15

Fundamentals of Information Systems Security Lesson 3

Fundamentals of Information Systems Security Lesson 3 Malicious Attacks, Threats, and Vulnerabilities. Learning Objective. Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure. Key Concepts.

Download Presentation

Fundamentals of Information Systems Security Lesson 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Fundamentals of Information Systems Security Lesson 3 Malicious Attacks, Threats, and Vulnerabilities

  2. Learning Objective • Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.

  3. Key Concepts • Attacks, threats, and vulnerabilities in a typical IT infrastructure • Common security countermeasures typically found in an IT infrastructure • Risk assessment approach to securing an IT infrastructure • Risk mitigation strategies to shrink the information security gap

  4. DISCOVER: CONCEPTS

  5. Definitions

  6. Types of Threats • Brute-force password attacks • Dictionary password attacks • IP address spoofing • Hijacking • Replay attacks • Man-in-the-middle attacks

  7. Types of Threats • Masquerading • Social engineering • Phishing • Phreaking • Pharming

  8. Types of Vulnerabilities

  9. Identify the Criminal Criminal Profile #1 • Victimizes people through unsolicited e-mail messages to get victim’s money • Does not rely on intrusive methods to commit crimes • Is motivated by financial gain

  10. Identify the Criminal (Continued) Criminal Profile #2 • Enters systems without permission to raise awareness of security issues • Does not work for the company or its clients • Does not intend harm, just tries to be “helpful” • Is motivated by impulse

  11. Identify the Criminal (Continued) Criminal Profile #3 • Engages in illegal black market transactions on the Internet • Traffics drugs, weapons, or banned materials • Is motivated by financial gain

  12. Identify the Criminal (Continued) Criminal Profile #4 • Enters systems without permission to take advantage of security issues • Does not work for the company or its clients • Does not intend to help, only wants to cause harm • Is motivated by peer acceptance

  13. Identify the Criminal (Continued) Criminal Profile #5 • Intrudes upon systems to verify and validate security issues • Works for the company or one of its clients • Does not intend harm, just tries to be “helpful”

  14. Summary • Threats are controllable. • Risks are manageable. • Vulnerabilities are unavoidable. • All of these negatively affect the C-I-A triad. • Not all threats are intentional.

  15. Virtual Lab • Performing a Vulnerability Assessment

More Related