INFORMATION SECURITY SYSTEM

Student Name
Part 1:

1. A pathogen known as ransomware encrypts a victim's data and demands money to

recover them. Ransomware has grown to be both a dangerous issue in recent times due to
multiple rising assaults.
2. Phishing: Phishing is a sort of social engineering attack in which a malicious party tries
to trick a victim into disclosing sensitive information, such as login credentials or
financial information. Phishing efforts are typically made by text messages or email and
might be difficult to detect.
3. Malware: The term "malware" refers of malicious software that is designed either
damage or take down computer systems. Unwanted websites, email, and hackers that
make advantage of key weaknesses have all been used this to spread malware.
4. SQL Injection: In this method of attack, a bad attacker used by the hacker tries to perform
SQL commands on a DBMS. SQL injection has the ability to edit, delete, or gain access
to private information.
5. Denial of Service: In a denial of service, an adversarial agent tries to block access by
users to the malware. Conflict of service attacks can be carried out by flooding a domain
wit updates or by hitting a server due to design faults.

Part 2:

The three were five threats to Aim High University:

1. Malware
2. phishing
3. Ransomware
4. Using social engineering
5. internal risks

Code in the malware category seeks to damage or destroy computers and computer systems.
Phishing, a type of online fraud, involves tricking users into disclosing personal data. App inside
this ransomware category encrypts user files and demands money to decrypt them. Using
personal interactions, social engineering is a type of assault that gets individuals to reveal
information or do things they otherwise wouldn't. "Insider threats" are made by individuals who
are employed by a corporation, such as employees or contractors.

These dangers remain increasingly common due to their constant growth and rise in complexity.
Furthermore, as more individuals use computers and computer systems, their use is increasing.
These risks are important because they have the ability to significantly damage an organization's
finances and image.

The main dangers posed by software, phishing, ransomware, thought control, & attacks must all
be comprehended by Aim Higher University.

Malware:

Software designed to damage or render unusable computers and computer systems is known as
malware. Viruses, Trojans, and spyware are just a few examples of the many different types of
malwares. There are several ways that malware may spread, and through downloads, websites,
and email attachments. These dangers are increasingly popular due to the repetitive growth and
rise in complexity. Furthermore, as more individuals use computers and computer systems, their
use is increasing. These risks are important because they have the ability to significantly damage
an organization's finances and image.

The main dangers posed by malware, phishing, ransomware, social engineering, other threats
must still be understood at Aim Higher University.

Phishing

The phrase refers to the employment of more intricate lures to "fish" for consumers' sensitive
data. It's a fishing-related concept that was popularized by phreaking. Legislation, information
services, community outreach, & computer protection mechanisms are all attempts to reduce or
lessen the consequences of phishing occurrences.

Ransomware

Ransomware is a type of malware that encrypts a user's files and demands payment in order to
decrypt them. Ransomware may be communicated that use the same techniques used only to
spread other types of malwares. After encrypting a user's data, the ransomware will display a
notification seeking payment to decrypt the contents.

Social engineering

Social engineering is a sort of attack that involves using human contact to get people to provide
information or perform steps they normally wouldn't. Social control attacks can be carried out in
person, online, or over the phone. A call that pretends to be from technical help would be an
illustration of social engineering.

Insider risk

Threats originating within a company, such as those posed by workers or contractors, are
referred to as "insider threats." When an employee gets access to information they shouldn't,
insider threats might happen. For instance, a worker could have access to client credit card
details. A worker who lacks the necessary skills to do their job may potentially pose an insider
danger. This may cause them to make errors that endanger the organization's security.

Malware, phishing, and ransomware remain a continual threat from year to year due to their
steady development and rising complexity. Insider and social manipulation dangers are also
ongoing problems because they feed on persistent human faults.

Malware, phishing, and blackmail are more common because they are ever-evolving and become
more sophisticated. Social engineering and insider threats are now more common when they stay
ahead of basic flaws and weaknesses.

The five threats listed below are most likely to get worse during the course of the upcoming year:

1. Virus
2. phishing
3. Ransomware
4. social engineering
5. Internal threats

Some hazards remain significantly important as devices grow and grow more advanced over life.
As science progresses, so do the approaches that adversaries take to exploit weaknesses.
Malware: Botnet is software that has been created to damage or bring down computers and
computer systems. Antivirus poses a serious threat to Aim Higher Colleges since it has the power
to access personal information, modify important files, and now even destroy it.

Ransomware: A form of software known as new malware encrypts a user's files and demands
payment to decrypt them. Ransomware is still a grave hazard of Strive High University since it
can result in the loss of important data and indeed the interruption of business activities.

Social engineering: This sort of fraud is tricking others into disclosing personal information or
doing particular tasks. Social engineering is a serious danger to Aspire Higher University as it
may lead to cybercrime, loss of income, and the compromise of personal information.

Insider threats: A company's own employees, subcontractors, or business partners might be a

security risk. Insider threats, which provide a risk for the loss of critical material, financial loss,
and reputational damage, might also result in Aim Higher University is at a very high danger.

This infection would undoubtedly have always had an effect on Aim Upper University. This is
due to the fact that Aim Higher University uses a variety of operating systems, which makes it
more vulnerable to attacks. The software packages that are most frequently attacked are
Windows and Linux. This is as a result of these two operating systems being the most widely
used globally.

A subtype of harmful software called malware attacks computers and computer systems with the
goal of harming or rendering them useless. Phishing is a type of cyberattack that uses email or
text messages to trick its targets into divulging sensitive data like passwords or credit card
numbers. A type of malware known as ransomware encrypts a user's files and demands money to
decrypt them. XX’s is a sort of cyberattack and manipulates people's minds to coerce them into
disclosure of information or engaging in risky behavior. Insider threats can be created and
someone with access rights to an organization's systems and systems.

These dangers were picked because they represent some of the most pervasive and dangerous
cyberthreats that businesses today must deal with. Malware, phishing, and ransomware become
the three forms of trojan that could cause data leakage, which can lead to the loss of personal
information as well as financial and reputational harm. Social engineering and insider attacks can
eventually result in intrusions and operations disruptions.
Part 3:

Describe ISO 27002.

The European Organizations for Standardization (ISO) and the Federal Energy regulatory
Conference (IEC) together released comprehensive data protection standard known as ISO/IEC
27002:2022. (IEC). ISO 27002 and ISO 27001 are closely related. In general, it offers advice on
how to establish an ISO 27001 ISMS.

The ISO/IEC 27002 standard offers a reference collection of controls for data protection, cyber
security, and privacy protection, as well as implementation advice based on widely accepted best
practices.

What makes ISO 27002 significant?

Data protection risks and dangers will indeed exist if your institution collects, analyzes, or
analyses data. You should implement a Security Management System (ISMS) to guarantee the
confidentiality, accessibility, and integrity of all information and information assets in order to
mitigate these threats.

Businesses that are new to information security management must primarily overcome its
enormous reach. Most managers are unsure of where start when it comes to establishing and
keeping an ISMS because it encompasses such a wide range of subjects.