Reply to thread

Message: <blockquote data-quote="Jolly_Roger" data-source="post: 8584674" data-attributes="member: 197784">Assets, Threats, and Vulnerabilities Objectives: Recall essential terminology List the elements of security As with any new technology topic, terminology is used that must be  learned to better understand the field. To be a security professional,  you need to understand the relationship between threats, assets, and  vulnerabilities. Risk is the probability or likelihood of the occurrence or realization  of a threat. There are three basic elements of risk: assets, threats,  and vulnerabilities. Let’s discuss each of these. An asset is any item of economic value owned by an individual or  corporation. Assets can be real — such as routers, servers, hard drives,  and laptops — or assets can be virtual, such as formulas, databases,  spreadsheets, trade secrets, and processing time. Regardless of the type  of asset discussed, if the asset is lost, damaged, or compromised,  there can be an economic cost to the organization. A threat is any agent, condition, or circumstance that could potentially  cause harm, loss, damage, or compromise to an IT asset or data asset.  From a security professional’s perspective, threats can be categorized  as events that can affect the confidentiality, integrity, or  availability of the organization’s assets. These threats can result in  destruction, disclosure, modification, corruption of data, or denial of  service. Some examples of the types of threats an organization can face  include the following: Unauthorized Access If userids and passwords to the  organization’s infrastructure are obtained and confidential information  is compromised and unauthorized, access is granted to the unauthorized  user who obtained the userids and passwords.Stolen/Lost/Damaged/Modified DataA critical threat can occur if the information is lost, damaged, or unavailable to legitimate users.Disclosure of Confidential InformationAnytimethere  is a disclosure of confidential information, it can be a critical  threat to an organization if that disclosure causes loss of revenue,  causes potential liabilities, or provides a competitive advantage to an  adversary.Hacker AttacksAn insider or outsider who is unauthorized and purposely attacks an organization’s components, systems, or data. Cyber TerrorismAttackers  whotarget critical, national infrastructures such as water plants,  electric plants, gas plants, oil refineries, gasoline refineries,  nuclear power plants, waste management plants, and so on.Viruses and MalwareAn entirecategory of software tools that are malicious and are designed to damage or destroy a system or data.Denial of Service (DoS) or Distributed Denial of Service AttacksAn  attack against availability that isdesigned to bring the network and/or  access to a particular TCP/IP host/server to its knees by flooding it  with useless traffic. Many DoSattacks, such as the Ping of Death and  Teardrop, exploit limitations in the TCP/IP protocols. Like malware,  hackers constantly develop new DoS attacks, so they form a continuous  threat.Natural Disasters, Weather, or Catastrophic DamageHurricanes,  such as Katrina that hit New Orleans in 2005, storms, weather outages,  fire, flood, earthquakes, and other natural events compose an ongoing  threat.If the organization is vulnerable to any of these threats, there is an increased risk of successful attack. A vulnerability is a weakness in the system design, implementation,  software or code, or the lack of a mechanism. A specific vulnerability  might manifest as anything from a weakness in system design to the  implementation of an operational procedure. Vulnerabilities might be  eliminated or reduced by the correct implementation of safeguards and  security countermeasures. Vulnerabilities and weaknesses are common with software mainly because  there isn’t any perfect software or code in existence. Vulnerabilities  in software can be found in each of the following: Firmware This software is usually stored in ROM and loaded during system power up.Operating SystemThis operating system software is loaded in workstations and servers.Configuration FilesThe configuration file and configuration setup for the device.Application SoftwareThe application or executable file that is run on a workstation or server.Software PatchThis  is a small piece of software or code snippet that the vendor or  developer of the software typically releases as software updates,  software maintenance, and known software vulnerabilities or weaknesses.Vulnerabilities  are not the only concern the ethical hacker will have. Exploits are a  big concern, as they are a common mechanism used to gain access. That’s  discussed next.Defining an Exploit An exploit refers to a piece of software, tool, or technique that takes  advantage of a vulnerability that leads to privilege escalation, loss of  integrity, or denial of service on a computer system. Exploits are  dangerous because all software has vulnerabilities; hackers and  perpetrators know that there are vulnerabilities and seek to take  advantage of them. Although most organizations attempt to find and fix  vulnerabilities, some organizations lack sufficient funds for securing  their networks. Even those that do are burdened with the fact that there  is a window between when a vulnerability is discovered and when a patch  is available to prevent the exploit. The more critical the server, the  slower it is typically patched. Management might be afraid of  interrupting the server or afraid that the patch might affect stability  or performance. Finally, the time required to deploy and install the  software patch on production servers and workstations exposes an  organization’s IT infrastructure to an additional period of risk.</blockquote>

Verification: Dahaya deken beduwama keeyada?

Top Bottom