mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-26 22:34:06 -06:00
63 lines
2.6 KiB
Markdown
63 lines
2.6 KiB
Markdown
---
|
|
title: "03-threats-social-engineering-and-failures"
|
|
aliases:
|
|
tags:
|
|
- comp210
|
|
---
|
|
|
|
# News
|
|
- kiwis urged to get new passwords by government cybersecurity agency (big password energy)
|
|
- ukraine cyber agency reports cyber attack surge
|
|
- plymouth households hit by clarion housing cyber attack
|
|
- facebook "unintentionally uploaded" 1.5 million peoles email contacts without their consent
|
|
- threat maps: https://threatmap.checkpoint.com/ThreatPortal/livemap.html
|
|
|
|
# Threats
|
|
events are circumstances that has the potential (risk) to adversely affect assets (reducing their value)
|
|
- e.g., possibility of text messages stop working -> phone loses value
|
|
|
|
# Attack
|
|
intentional or unintentional (e.g., lightning) acts that can damage or compromise assets.
|
|
- the actual act of attacking
|
|
- can be passive attack: e.g., stumble accross information accidentaly
|
|
|
|
# Exploits
|
|
- the techniques used
|
|
|
|
# Vulnerabilities
|
|
- the potential weaknesses in assets or in their defensive control systems
|
|
- e.g., try to find weakpoints in a castle
|
|
|
|
# Arms race
|
|
security is a never ending arms race. Security is improving but so are the number of potential exploits
|
|
|
|
# 12 groups of threats
|
|
|
|
|
|
## Intellectual property
|
|
- creation ownership and control of original ideas
|
|
- common breaches include software priracy
|
|
- two organisatons investigate software abuse
|
|
- software and information industry association (SIIA)
|
|
- business software alliance (BSA)
|
|
- enforcement of copyright laws has been attempted with technical security mechanisms (e.g., watermark, you need an account, must register the software, etc)
|
|
|
|
## deviations in quality of service
|
|
- when a product is not delivered as expected
|
|
- info systems depend of successful operation of many interdependent support systems
|
|
- internet, communications, power irregularities, all affect the availability of information systems
|
|
- internet:
|
|
- ISP failures can considerably undermine the availability of information
|
|
- outsourced web hosting assumes responsibility for all internet service as well as for the hardware and the web site operaing system software.
|
|
- terms of service ensure that these services are guaranteed
|
|
- communication and other provider service issues include
|
|
- other untilities: telephone, water, wastewater, garbage collection
|
|
- these all affect the companies ability to function
|
|
- power irregularities
|
|
- pwer exess, shortages, losses
|
|
- sensitive equipment vulnerable to and easily damaged by fluctuations
|
|
- controls can be applied to manage power quality e.g., UPS
|
|
|
|
## espionage or trespass
|
|
- unauthorized attempts to gain illegal access to information
|