Professional Documents
Culture Documents
Asset. A resource of value such as the data in a database or on the file system,
or a system resource.
Threat. Anything that can exploit a vulnerability and obtain, damage, or destroy
an asset.
Vulnerability. A weakness or gap in security program that can be exploited by
threats to gain unauthorized access to an asset.
Attack (or exploit). An action taken to harm an asset.
Countermeasure. A safeguard that addresses a threat and mitigates risk.
Physical damage- Fire, water, vandalism, power loss, and natural disasters
Human interaction- Accidental or intentional action or inaction that can disrupt productivity
Equipment malfunction- Failure of systems and peripheral devices
Inside and outside attacks- Hacking, cracking, and attacking
Misuse of data- Sharing trade secrets, fraud, espionage, and theft
Loss of data- Intentional or unintentional loss of information through destructive means
Application error- Computation errors, input errors, and buffer overflows
Social Status- Loss of Customer base and reputatio
A risk management team should have the ability and follow the best practices, some of them
which include
Electronic data storage requires electrical power to store and retrieve that data.
Most storage devices that do not require vision and a brain to read data fall into
this category. Electromagnetic data may be stored in either an
analog data or digital dataformat on a variety of media. This type of data is
considered to be electronically encoded data, whether it is electronically stored in
a semiconductor device, for it is certain that a semiconductor device was used to
record it on its medium. Most electronically processed data storage media
(including some forms of computer data storage) are considered permanent
(non-volatile) storage, that is, the data will remain stored when power is removed
from the device. In contrast, most electronically stored information within most
types of semiconductor (computer chips) microcircuits are volatile memory, for it
vanishes if power is removed. Paper card storage
Punched card (mechanical)
Cams and tracers (pipe organ combination-action memory memorizing stop
selections)
Tape storage (long, thin, flexible, linearly moving bands)
Paper tape (mechanical)
Magnetic tape (a tape passing one or more read/write/erase heads)
Disk storage (flat, round, rotating object)
Gramophone record (used for distributing some 1980s home computer
programs) (mechanical)
Carousel memory (magnetic rolls)
Floppy disk, ZIP disk (removable) (magnetic)
Holographic
Optical disc such as CD, DVD, Blu-ray Disc
Minidisc
Hard disk drive (magnetic)
Magnetic bubble memory
Flash memory/memory card (solid state semiconductor memory)
xD-Picture Card
MultiMediaCard
USB flash drive (also known as a "thumb drive" or "keydrive")
SmartMedia
CompactFlash I and II
Secure Digital
Sony Memory Stick (Std/Duo/PRO/MagicGate versions)
Solid-state drive
CCTV:
Closed-circuit television (CCTV), also known as video surveillance, is the use
of video cameras to transmit a signal to a specific place, on a limited set of monitors.
It differs from broadcast television in that the signal is not openly transmitted, though
it may employ point to point (P2P), point to multipoint (P2MP), or mesh wireless
links. Though almost all video cameras fit this definition, the term is most often
applied to those used for surveillance in areas that may need monitoring such as
banks, casinos, airports, military installations, and convenience
stores. Videotelephony is seldom called "CCTV" but the use of video in distance
education, where it is an important tool, is often so called.[1][2]
Many sporting events in the United States use CCTV inside the venue for fans to
see the action while they are away from their seats. This use of CCTV is not used
for surveillance purposes.
In industrial plants, CCTV equipment may be used to observe parts of a process
from a central control room, for example when the environment is not suitable for
humans. CCTV systems may operate continuously or only as required to monitor a
particular event. A more advanced form of CCTV, utilizing digital video recorders,
(DVRs), provides recording for possibly many years, with a variety of quality and
performance options and extra features (such as motion detection and email alerts).
More recently, decentralized IP cameras, some equipped with megapixel sensors,
support recording directly to network-attached storage devices, or internal flash for
completely stand-alone operation. Surveillance of the public using CCTV is
particularly common in many areas around the world. In recent years, the use
of body worn video cameras has been introduced as a new form of surveillance.
IDS:
An intrusion detection system (IDS) is a device or software application that
monitors a network or systems for malicious activity or policy violations. Any
detected activity or violation is typically reported either to an administrator or
collected centrally using a security information and event management (SIEM)
system. A SIEM system combines outputs from multiple sources, and uses alarm
filtering techniques to distinguish malicious activity from false alarms.
TYPES:
Network intrusion detection systems[edit]
Network intrusion detection systems (NIDS) are placed at a strategic point or points
within the network to monitor traffic to and from all devices on the network. It
performs an analysis of passing traffic on the entire subnet, and matches the traffic
that is passed on the subnets to the library of known attacks. Once an attack is
identified, or abnormal behavior is sensed, the alert can be sent to the administrator
Host intrusion detection systems[edit]
Main article: Host-based intrusion detection system
Host intrusion detection systems (HIDS) run on individual hosts or devices on the
network. A HIDS monitors the inbound and outbound packets from the device only
and will alert the user or administrator if suspicious activity is detected. It takes a
snapshot of existing system files and matches it to the previous snapshot. If the
critical system files were modified or deleted, an alert is sent to the administrator to
investigate. An example of HIDS usage can be seen on mission critical machines,
which are not expected to change their configurations.
Classification[edit]
Intrusion prevention systems can be classified into four different types:[6][11]
1. Network-based intrusion prevention system (NIPS): monitors the entire
network for suspicious traffic by analyzing protocol activity.
2. Wireless intrusion prevention systems (WIPS): monitor a wireless network
for suspicious traffic by analyzing wireless networking protocols.
3. Network behavior analysis (NBA): examines network traffic to identify
threats that generate unusual traffic flows, such as distributed denial of
service (DDoS) attacks, certain forms of malware and policy violations.
4. Host-based intrusion prevention system (HIPS): an installed software
package which monitors a single host for suspicious activity by analyzing events
occurring within that host.
Detection methods[edit]
The majority of intrusion prevention systems utilize one of three detection methods:
signature-based, statistical anomaly-based, and stateful protocol analysis.[8]:301[12]
1. Signature-Based Detection: Signature based IDS monitors packets in the
Network and compares with pre-configured and pre-determined attack patterns
known as signatures.
2. Statistical anomaly-based detection: An IDS which is anomaly based will
monitor network traffic and compare it against an established baseline. The
baseline will identify what is "normal" for that network – what sort of bandwidth is
generally used, what protocols are used that it may raise a False Positive alarm
for a legitimate use of bandwidth if the baselines are not intelligently
configured.[13]
3. Stateful Protocol Analysis Detection: This method identifies deviations of
protocol states by comparing observed events with “predetermined profiles of
generally accepted definitions of benign activity.”[8]