1 / 18

IT255 Introduction to Information Systems Security Unit 2

IT255 Introduction to Information Systems Security Unit 2 Application of Security Countermeasures to Mitigate Malicious Attacks. Learning Objective. Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure. Key Concepts.

phuoc
Download Presentation

IT255 Introduction to Information Systems Security Unit 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT255 Introduction to Information Systems Security Unit 2 Application of Security Countermeasures to Mitigate Malicious Attacks

  2. Learning Objective Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.

  3. Key Concepts • Attacks, threats, and vulnerabilities in a typical IT infrastructure • Common security countermeasures typically found in an IT infrastructure • Risk assessment approach to securing an IT infrastructure • Risk mitigation strategies to shrink the information security gap

  4. EXPLORE: CONCEPTS

  5. Definitions • Risk: Probability that an intentional or unintentional act will harm resources • Threat: Any accidental or intentional event that negatively impacts company resources • Vulnerability: Inherent weakness that may enable threats to harm system or networks Risks, threats, and vulnerabilities affect confidentiality, integrity, and availability (CIA).

  6. Types of Threats • Malicious software • Device failure • Application failure • Natural disaster • Intrusive cracker

  7. Types of Vulnerabilities • Insecure servers or services • Exploitable applications and protocols • Unprotected system or network resources • Traffic interception and eavesdropping • Lack of preventive and protective measures against malware or automated attacks

  8. Identify the Criminal Criminal Profile #1 • Victimizes people through unsolicited e-mail messages to get victim’s money • Does not rely on intrusive methods to commit crimes • Is motivated by financial gain

  9. Answer… Internet scammer

  10. Identify the Criminal (Continued) Criminal Profile #2 • Enters systems without permission to raise awareness of security issues • Does not work for the company or its clients • Does not intend harm, just tries to be “helpful” • Is motivated by impulse

  11. Answer… Gray-hat hacker

  12. Identify the Criminal (Continued) Criminal Profile #3 • Engages in illegal black market transactions on the Internet • Traffics drugs, weapons, or banned materials • Is motivated by financial gain

  13. Answer… Terrorists or traffickers

  14. Identify the Criminal (Continued) Criminal Profile #4 • Enters systems without permission to take advantage of security issues • Does not work for the company or its clients • Does not intend to help, only wants to cause harm • Is motivated by peer acceptance

  15. Answer… Black-hat hacker or cracker

  16. Identify the Criminal (Continued) Criminal Profile #5 • Intrudes upon systems to verify and validate security issues • Works for the company or one of its clients • Does not intend harm, just tries to be “helpful”

  17. Answer… White-hat hacker

  18. Summary • Threats are controllable. • Risks are manageable. • Vulnerabilities are unavoidable. • All of these negatively affect the CIA triad. • Not all threats are intentional.

More Related