IT255 Introduction to Information Systems Security
Download
1 / 18

IT255 Introduction to Information Systems Security Unit 2 - PowerPoint PPT Presentation


  • 502 Views
  • Uploaded on

IT255 Introduction to Information Systems Security Unit 2 Application of Security Countermeasures to Mitigate Malicious Attacks. Learning Objective. Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure. Key Concepts.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' IT255 Introduction to Information Systems Security Unit 2' - phuoc


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

IT255 Introduction to Information Systems Security

Unit 2

Application of Security Countermeasures to Mitigate Malicious Attacks


Learning Objective

Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.


Key concepts
Key Concepts

  • Attacks, threats, and vulnerabilities in a typical IT infrastructure

  • Common security countermeasures typically found in an IT infrastructure

  • Risk assessment approach to securing an IT infrastructure

  • Risk mitigation strategies to shrink the information security gap



Definitions
Definitions

  • Risk: Probability that an intentional or unintentional act will harm resources

  • Threat: Any accidental or intentional event that negatively impacts company resources

  • Vulnerability: Inherent weakness that may enable threats to harm system or networks

    Risks, threats, and vulnerabilities affect confidentiality, integrity, and availability (CIA).


Types of threats
Types of Threats

  • Malicious software

  • Device failure

  • Application failure

  • Natural disaster

  • Intrusive cracker


Types of vulnerabilities
Types of Vulnerabilities

  • Insecure servers or services

  • Exploitable applications and protocols

  • Unprotected system or network resources

  • Traffic interception and eavesdropping

  • Lack of preventive and protective measures against malware or automated attacks


Identify the criminal
Identify the Criminal

Criminal Profile #1

  • Victimizes people through unsolicited e-mail messages to get victim’s money

  • Does not rely on intrusive methods to commit crimes

  • Is motivated by financial gain


Answer
Answer…

Internet scammer


Identify the criminal continued
Identify the Criminal (Continued)

Criminal Profile #2

  • Enters systems without permission to raise awareness of security issues

  • Does not work for the company or its clients

  • Does not intend harm, just tries to be “helpful”

  • Is motivated by impulse


Answer1
Answer…

Gray-hat hacker


Identify the criminal continued1
Identify the Criminal (Continued)

Criminal Profile #3

  • Engages in illegal black market transactions on the Internet

  • Traffics drugs, weapons, or banned materials

  • Is motivated by financial gain


Answer2
Answer…

Terrorists or traffickers


Identify the criminal continued2
Identify the Criminal (Continued)

Criminal Profile #4

  • Enters systems without permission to take advantage of security issues

  • Does not work for the company or its clients

  • Does not intend to help, only wants to cause harm

  • Is motivated by peer acceptance


Answer3
Answer…

Black-hat hacker or cracker


Identify the criminal continued3
Identify the Criminal (Continued)

Criminal Profile #5

  • Intrudes upon systems to verify and validate security issues

  • Works for the company or one of its clients

  • Does not intend harm, just tries to be “helpful”


Answer4
Answer…

White-hat hacker


Summary
Summary

  • Threats are controllable.

  • Risks are manageable.

  • Vulnerabilities are unavoidable.

  • All of these negatively affect the CIA triad.

  • Not all threats are intentional.


ad