Threats, Vulnerabilities, and Risk Exposure

About This Presentation

Title:

Description:

Number of Views:558

Avg rating:3.0/5.0

Slides: 14

Provided by: jod2

Category:

Tags: exposure | hoax | risk | threats | vulnerabilities

Transcript and Presenter's Notes

Title: Threats, Vulnerabilities, and Risk Exposure

1
Chapter 3

2
Introduction

In Security planning an organization must first
know what it needs to protect against
Companies must be aware of type and severity of
threats and vulnerabilities
Vulnerability Exposure to a risk or threat see
def on pg. 209
Could be a weakness in HW, SW, or people
Could be IP protocol exposing a computer or user
to an exploit or malware threat
What is an exploit?
Look at Cyberbrief on pg. 34 (top)

3
Classification of Computer Threats and
Vulnerabilities

The taxonomy of threats and viruses is
abbreviated (TTV)
Intrusion any type of intrusion, attack, or
exploit
Vulnerabilities exist b/c of human error
Vulnerabilities exist b/c of complexity of sw
that can result in misconfiguration, programming
errors, flaws
Most intrusions will fit into multiple categories
Hacker (external intruder) can send infected pgm
(malware) in an e-mail to an employee (internal
intermediary) who opens it b/c of enticing
subject line (social engineering) which installs
a backdoor (malware) to gain access to records
(deliberate attack) for financial gain (economic
motive)

4
Uses of TTV

The TTV is a guide to help understand an
organizations risk exposure resulting from
weaknesses in cyber defenses
Can assist in estimating expected damages
Intrusion Detection Systems introduced when
properly deployed can provide warnings indicating
that system is under attack
Can look at all traffic in and out of network
with IDS to stop internal and external intrusions
An intrusion not detected and which persist for a
long period of time can have higher expected cost
that those detected early

5
TTV (2)

Direct attacks or targeted attacks will also have
higher expected costs
B/C there is such a diverse range of threats the
design of defenses should include education,
training, strict acceptable use policies,
extensive auditing, and access controls
Look at the TTV chart on pg. 35
How would you use it to assess a virus attack on
campus?
Look too at the end of the TTV on pg. 36?
What can you think to do with this TTV if you
work in an organization?
Look at cyberbrief bottom pg. 36

6
Origin of the Intrusion or Threat

7
Problems in Dealing w/ Internal Threats

Problems in dealing w/ internal threats (read
parts of this paragraph)
Internal Threats stemming from employees or other
insiders
Read through this list
Class, provide an example (or two) of each of
these from what you know of or have heard in real
life
The list continues onto pg. 43
Briefly look at Insider threats on pg. 43

8
Wireless Threats and Vulnerabilities

9
External Threats with Internal Intervention

10
Internet Protocol Vulnerabilities and Threats

IP address forgery
The IP provides for two functions
A datagram that can be routed through the
Internet, and provides a means for fragmenting
those datagrams into packets for transport across
the Internet and then reassemble them into the
original datagrams at the destination computer
Look at last paragraph of pg. 45

11
How can IP Address Forgery Be Used

A method of deception
To Conceal - identity
To Camouflage make a site appear to be another
to convince victim attack is from a legitimate
site
To Deceive trick victim into believing that an
intrusion is somewhere else
Misdirect victimized organization into wasting
limited resources

12
Success of Hackers and Malware

13
Threats, Vulnerabilities, and First-Party and
Third-Party Risks

First-party risks are those that concern the
company itself
Third-party risks are threats to the companys
customers, suppliers, business partners or
competitors that may seek legal redress by
lawsuit
You can review the lists of First-Party Risks and
the list Third-Party Risks we have discussed most
of this already this semester
End of Chapter
Look at Review Questions
All of them are excellent!!