SCMT 455 Ch2

the primary mission of an information security program

-to ensure information assets—information and the systems that house them—remain safe and useful. -If no threats existed, resources could be used exclusively to improve systems that contain, use, and transmit information -Threat of attacks on information systems is a constant concern

Business Needs First

Information security performs four important functions for an organization: -Protecting the organization's ability to function -Protecting the data and information the organization collects and uses -Enabling the safe operation of applications running on the organization's IT systems -Safeguarding the organization's technology assets

IP adress

Internet Protocol address -an identifying number for a piece of network hardware -having an IP address allows a device to communicate with other devices over an IP-based network like the internet.

Back door

gaining access to system or network using known or previously unknown/newly discovered access mechanism

Distributed denial-of-service (DDoS)

A coordinated stream of requests is launched against a target from many locations simultaneously.

spoofing

A technique used to gain unauthorized access; intruder assumes a trusted IP address.

Man-in-the-middle

An attacker monitors the network packets, modifies them, and inserts them back into the network.

Mail bombing (also a DoS):

An attacker routes large quantities of e-mail to target to overwhelm the receiver.

Denial-of-service (DoS)

An attacker sends a large number of connection or information requests to a target -The target system becomes overloaded and cannot respond to legitimate requests for service. -It may result in the system crash or inability to perform ordinary functions.

protecting the functionality of an organization

• Management (general and IT) responsible for implementation • Information security is both management issue and people issue • Organization should address information security in terms of business impact and cost

protecting data that organizations collect and use

-Without data, an organization loses its record of transactions and ability to deliver value to customers. -Protecting data in transmission, in processing, and at rest (storage) is a critical aspect of information security.

compromises to intellectual property

-intellectual property (IP): creation, ownership, and control of original ideas as well as the representation of those ideas. -the most common IP breaches involve software piracy. -Two watchdog organizations investigate software abuse: -software & information industry association (SIIA) -business software alliance (BSA) -enforcement of copyright law has been attempted with technical security mechanisms.

enabling the safe operation of applications

-organization needs environments that safeguard applications using IT systems -Management must continue to oversee infrastructure once in place- not relegate to IT department

safeguarding tech assets in organizations

-organizations must employ secure infrastructure hardware appropriate to the size and scope of the enterprise -additional security services may be needed as the organization grows -more robust solutions should replace security programs the organization has outgrown.

Espionage or Trespass

-Access to protected information by unauthorized individuals -competitive intelligence (legal) versus industrial espionage (illegal) -shoulder surfing can occur anywhere a person accesses confidential information -controls let trespassers know they are encroaching on organization's cyberspace -Hackers use skill, guile, or fraud to bypass controls protecting others' information

social engineer

-Advance-fee fraud: indicates recipient is due money and small advance fee/personal banking information required to facilitate transfer -Phishing(网络钓鱼): attempt to gain personal/confidential information; apparent legitimate communication hides embedded code that redirects user to third-party site

technological obsolescence

-Antiquated/outdated infrastructure can lead to unreliable, untrustworthy systems. -Proper managerial planning should prevent technology obsolescence. -IT plays a large role.

Information Extortion(勒索)

-Attacker steals information from a computer system and demands compensation for its return or nondisclosure. Also known as cyberextortion -Commonly done in credit card number theft

Other terms for system rule breakers:

-Cracker: "cracks" or removes software protection designed to prevent unauthorized duplication -Phreaker: hacks the public telephone system to make free calls or disrupt services

Password attacks

-Cracking -Brute force -Dictionary -Rainbow tables -Social engineering

Expert hackers

-Develop software scripts and program exploits -Usually a master of many skills -Will often create attack software and share with others

forces of nature

-Forces of nature can present some of the most dangerous threats. -They disrupt not only individual lives but also storage, transmission, and use of information. -Organizations must implement controls to limit damage and prepare contingency plans for continued operations

Theft

-Illegal taking of another's physical, electronic, or intellectual property. -Physical theft is controlled relatively easily. -Electronic theft is a more complex problem; the evidence of crime is not readily apparent.

Human error or failure

-Includes acts performed without malicious intent or in ignorance -Causes include: -Inexperience -Improper training -Incorrect assumptions -Employees are among the greatest threats to an organization's data -Employee mistakes can easily lead to: -Revelation of classified data -Entry of erroneous data -Accidental data deletion or modification -Data storage in unprotected areas -Failure to protect information -Many of these threats can be prevented with training, ongoing awareness activities, and controls -Social engineering uses social skills to convince people to reveal access credentials or other valuable information to an attacker

Deviations in quality of service

-Information system depends on the successful operation of many interdependent support systems. -Internet service, communications, and power irregularities dramatically affect the availability of information and systems. -Internet service issues -Internet service provider (ISP) failures can considerably undermine the availability of information. -Outsourced Web hosting provider assumes responsibility for all Internet services as well as for the hardware and Web site operating system software. -Communications and other service provider issues -Other utility services affect organizations: telephone, water, wastewater, trash pickup. -Loss of these services can affect an organization's ability to function. -Power irregularities -Are commonplace -Lead to fluctuations such as power excesses, power shortages, and power losses -Sensitive electronic equipment vulnerable to and easily damaged/destroyed by fluctuations -Controls can be applied to manage power quality

software attacks

-Malicious software (malware) is used to overwhelm the processing capabilities of online systems or to gain access to protected systems via hidden means. -Software attacks occur when an individual or a group designs and deploys software to attack a system

Types of attack

-Malware (malicious code): It includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. -Virus: It consists of code segments that attach to existing program and take control of access to the targeted computer. -Worms: They replicate themselves until they completely fill available resources such as memory and hard drive space -Trojan horses: malware disguised as helpful, interesting, or necessary pieces of software. -Polymorphic threat: actually evolves to elude detection -Virus and worm hoaxes: nonexistent malware that employees waste time spreading awareness about

Unskilled hackers

-Many more unskilled hackers than expert hackers -Use expertly written software to exploit a system -Do not usually fully understand the systems they hack

Sabotage or Vandalism

-Threats can range from petty vandalism to organized sabotage. -Web site defacing can erode consumer confidence, diminishing organization's sales, net worth, and reputation. -Threat of hacktivist or cyberactivist operations is rising. -Cyberterrorism/Cyberwarfare: a much more sinister form of hacking.

pharming

It attacks a browser's address bar to redirect users to an illegitimate site for the purpose of obtaining private information.

Spam (unsolicited commercial e-mail)

It is considered more a nuisance than an attack, though is emerging as a vector for some attacks.

packet sniffer

It monitors data traveling over network; it can be used both for legitimate management purposes and for stealing information from a network

MAC address (ethernet address)

Media Access Control -a unique identification number used to identify individual devices on the network. Sometimes referred to as a hardware or physical address. -embedded into the hardware of the network device during the manufacturing process. -designed to be permanent -can be changed.

Technical Hardware Failures or Errors

They occur when a manufacturer distributes equipment containing a known or unknown flaw. -They can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability -Some errors are terminal and some are intermittent. -Intel Pentium CPU failure. -Mean time between failure measures the amount of time between hardware failures. -Large quantities of computer code are written, debugged, published, and sold before all bugs are detected and resolved. -Combinations of certain software and hardware can reveal new software bugs. -Entire Web sites are dedicated to documenting bugs. -Open Web Application Security Project (OWASP) is dedicated to helping organizations create/operate trustworthy software and publishes a list of top security risks.