IT255 Introduction to Information Systems Security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

IT255 Introduction to Information Systems Security Unit 2 PowerPoint PPT Presentation


  • 406 Views
  • Uploaded on
  • Presentation posted in: General

IT255 Introduction to Information Systems Security Unit 2 Application of Security Countermeasures to Mitigate Malicious Attacks. Learning Objective. Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure. Key Concepts.

Download Presentation

IT255 Introduction to Information Systems Security Unit 2

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


It255 introduction to information systems security unit 2

IT255 Introduction to Information Systems Security

Unit 2

Application of Security Countermeasures to Mitigate Malicious Attacks


It255 introduction to information systems security unit 2

Learning Objective

Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.


Key concepts

Key Concepts

  • Attacks, threats, and vulnerabilities in a typical IT infrastructure

  • Common security countermeasures typically found in an IT infrastructure

  • Risk assessment approach to securing an IT infrastructure

  • Risk mitigation strategies to shrink the information security gap


Explore concepts

EXPLORE: CONCEPTS


Definitions

Definitions

  • Risk: Probability that an intentional or unintentional act will harm resources

  • Threat: Any accidental or intentional event that negatively impacts company resources

  • Vulnerability: Inherent weakness that may enable threats to harm system or networks

    Risks, threats, and vulnerabilities affect confidentiality, integrity, and availability (CIA).


Types of threats

Types of Threats

  • Malicious software

  • Device failure

  • Application failure

  • Natural disaster

  • Intrusive cracker


Types of vulnerabilities

Types of Vulnerabilities

  • Insecure servers or services

  • Exploitable applications and protocols

  • Unprotected system or network resources

  • Traffic interception and eavesdropping

  • Lack of preventive and protective measures against malware or automated attacks


Identify the criminal

Identify the Criminal

Criminal Profile #1

  • Victimizes people through unsolicited e-mail messages to get victim’s money

  • Does not rely on intrusive methods to commit crimes

  • Is motivated by financial gain


Answer

Answer…

Internet scammer


Identify the criminal continued

Identify the Criminal (Continued)

Criminal Profile #2

  • Enters systems without permission to raise awareness of security issues

  • Does not work for the company or its clients

  • Does not intend harm, just tries to be “helpful”

  • Is motivated by impulse


Answer1

Answer…

Gray-hat hacker


Identify the criminal continued1

Identify the Criminal (Continued)

Criminal Profile #3

  • Engages in illegal black market transactions on the Internet

  • Traffics drugs, weapons, or banned materials

  • Is motivated by financial gain


Answer2

Answer…

Terrorists or traffickers


Identify the criminal continued2

Identify the Criminal (Continued)

Criminal Profile #4

  • Enters systems without permission to take advantage of security issues

  • Does not work for the company or its clients

  • Does not intend to help, only wants to cause harm

  • Is motivated by peer acceptance


Answer3

Answer…

Black-hat hacker or cracker


Identify the criminal continued3

Identify the Criminal (Continued)

Criminal Profile #5

  • Intrudes upon systems to verify and validate security issues

  • Works for the company or one of its clients

  • Does not intend harm, just tries to be “helpful”


Answer4

Answer…

White-hat hacker


Summary

Summary

  • Threats are controllable.

  • Risks are manageable.

  • Vulnerabilities are unavoidable.

  • All of these negatively affect the CIA triad.

  • Not all threats are intentional.


  • Login