Download presentation
Presentation is loading. Please wait.
Published byKevin Bell Modified over 9 years ago
1
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Lesson 3 Malicious Attacks, Threats, and Vulnerabilities
2
Page 2 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.
3
Page 3 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts Attacks, threats, and vulnerabilities in a typical IT infrastructure Common security countermeasures typically found in an IT infrastructure Risk assessment approach to securing an IT infrastructure Risk mitigation strategies to shrink the information security gap
4
Page 4 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. DISCOVER: CONCEPTS
5
Page 5 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Definitions Probability that an intentional or unintentional act will harm resources Risk Accidental or intentional event that negatively impacts company resources Threat Inherent weakness that may enable threats to harm system or networks Vulnerability
6
Page 6 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Threats Brute-force password attacks Dictionary password attacks IP address spoofing Hijacking Replay attacks Man-in-the-middle attacks
7
Page 7 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Threats Masquerading Social engineering Phishing Phreaking Pharming
8
Page 8 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Vulnerabilities Insecure servers or servicesExploitable applications and protocolsUnprotected system or network resourcesTraffic interception and eavesdropping Lack of preventive and protective measures against malware or automated attacks
9
Page 9 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Identify the Criminal Criminal Profile #1 Victimizes people through unsolicited e-mail messages to get victim’s money Does not rely on intrusive methods to commit crimes Is motivated by financial gain
10
Page 10 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 10 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Identify the Criminal (Continued) Criminal Profile #2 Enters systems without permission to raise awareness of security issues Does not work for the company or its clients Does not intend harm, just tries to be “helpful” Is motivated by impulse
11
Page 11 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Identify the Criminal (Continued) Criminal Profile #3 Engages in illegal black market transactions on the Internet Traffics drugs, weapons, or banned materials Is motivated by financial gain
12
Page 12 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Identify the Criminal (Continued) Criminal Profile #4 Enters systems without permission to take advantage of security issues Does not work for the company or its clients Does not intend to help, only wants to cause harm Is motivated by peer acceptance
13
Page 13 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Identify the Criminal (Continued) Criminal Profile #5 Intrudes upon systems to verify and validate security issues Works for the company or one of its clients Does not intend harm, just tries to be “helpful”
14
Page 14 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary Threats are controllable. Risks are manageable. Vulnerabilities are unavoidable. All of these negatively affect the C-I-A triad. Not all threats are intentional.
15
Page 15 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Virtual Lab Performing a Vulnerability Assessment
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.