---
title: "03-threats-social-engineering-and-failures"
aliases: 
tags: 
- comp210
---

# News
- kiwis urged to get new passwords by government cybersecurity agency (big password energy)
- ukraine cyber agency reports cyber attack surge
- plymouth households hit by clarion housing cyber attack
- facebook "unintentionally uploaded" 1.5 million peoles email contacts without their consent
- threat maps: https://threatmap.checkpoint.com/ThreatPortal/livemap.html

# Threats
events are circumstances that has the potential (risk) to adversely affect assets (reducing their value)
- e.g., possibility of text messages stop working -> phone loses value

# Attack
intentional or unintentional (e.g., lightning) acts that can damage or compromise assets.
- the actual act of attacking
- can be passive attack: e.g., stumble accross information accidentaly

# Exploits
- the techniques used

# Vulnerabilities
- the potential weaknesses in assets or in their defensive control systems
- e.g., try to find weakpoints in a castle

# Arms race
security is a never ending arms race. Security is improving but so are the number of potential exploits

# 12 groups of threats
![](https://i.imgur.com/d5i1wpA.png)

## Intellectual property
- creation ownership and control of original ideas
- common breaches include software priracy
- two organisatons investigate software abuse
	- software and information industry association (SIIA)
	- business software alliance (BSA)
- enforcement of copyright laws has been attempted with technical security mechanisms (e.g., watermark, you need an account, must register the software, etc)

## deviations in quality of service
- when a product is not delivered as expected
- info systems depend of successful operation of many interdependent support systems
- internet, communications, power irregularities, all affect the availability of information systems
- internet:
	- ISP failures can considerably undermine the availability of information
	- outsourced web hosting assumes responsibility for all internet service as well as for the hardware and the web site operaing system software. 
	- terms of service ensure that these services are guaranteed
- communication and other provider service issues include
	- other untilities: telephone, water, wastewater, garbage collection
	- these all affect the companies ability to function
- power irregularities
	- pwer exess, shortages, losses
	- sensitive equipment vulnerable to and easily damaged by fluctuations
	- controls can be applied to manage power quality e.g., UPS

## espionage or trespass 
- unauthorized attempts to gain illegal access to information