Professional Documents
Culture Documents
Sas#3 Ite305
Sas#3 Ite305
Module #3
Productivity Tip:
“Take a time to rest, the topics here can be a bit mind opening, and if there are things you cannot understand, ask your
teacher”
A. LESSON PREVIEW/REVIEW
1) Introduction (2 mins)
Hello! I hope you are all doing well
Do not be intimidated by the module title, we are not going to threaten. We will be introducing you the
introductory knowledge of these threats in information security. With this knowledge you will be ready to know
the different kinds of threats an organization can encounter.
This module will of course further improve your understanding of threats from the previous lesson.
Please take note that in the future lessons we will be focusing on attacks. But we need to understand both threats
and attacks to be able to defend against further attacks.
A good introduction to this threats thing is to give you a saying from Sun Tzu Wu, who wrote the Art of War. He
is a military expert during his age. And he said in his book: “If you know the enemy and know yourself, you need
not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will
also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
In our case. For our organization to be successful we must know ourselves and our enemy. Enemy here means the
threats such as person, object, or entity that presents an ongoing danger to an asset. In other words we must
understand these threats to ensure our victory against them.
1
FLM 1.0
ITE 305: Information Assurance and Security 2
Module #3
B.MAIN LESSON
1) Activity 2: Content Notes (13 mins)
Here we will be discussing Threats and Attacks. There is a common misunderstanding about them and some
people cannot distinguish the 2. But for the IT industry it is needed to know the difference between the two, also
their similarities.
Threats
In the context of information security, a threat is an object, person, or other entity that presents an ongoing danger
to an asset.
According to researchers, with the number of internet users continuously grows, the number of threats from
external sources also grows, and by the time this year (2020) it is estimated that 59% of the global population has
access to the internet, we can safely assume that there is a huge external sources of threats.
Categories of Threats
We will be focusing on the 14 category of threats:
Compromises to intellectual property or assets
Deliberate Software attacks
Deviations in quality of service
Espionage or trespass
Forces of nature
2
FLM 1.0
ITE 305: Information Assurance and Security 2
Module #3
4. Espionage or Trespass
Espionage or trespass is a well-known and broad category of electronic and human activities that can
breach the confidentiality of information. When an unauthorized individual gains access to the information an
organization is trying to protect, that act is categorized as espionage or trespass.
3
FLM 1.0
ITE 305: Information Assurance and Security 2
Module #3
Attackers can use many different methods to access the information stored in an information system. One
of which is direct stealing from the company through physical means, another common one is through hacking.
5. Forces of Nature
Forces of nature, or acts of God, can present some of the most dangerous threats, because they usually
occur with very little warning and are beyond the control of people. These threats, which include events such as
fires, floods, earthquakes, and lightning as well as volcanic eruptions and insect infestations, can disrupt not only
the lives of individuals but also the storage, transmission, and use of information.
Even recent day’s COVID 19 Pandemic is considered as this.
7. Information Extortion
Information extortion occurs when an attacker or trusted insider steals information from a computer
system and demands compensation for its return or for an agreement not to disclose it.
4
FLM 1.0
ITE 305: Information Assurance and Security 2
Module #3
For example, if a small organization installs its first network using small office/home office (SOHO)
equipment (which is similar to the equipment you might have on your home network) and fails to upgrade its
network equipment as it becomes larger, the increased traffic can affect performance and cause information loss.
11. Theft
The threat of theft—the illegal taking of another’s property, which can be physical, electronic, or
intellectual—is a constant. The value of information is diminished when it is copied without the owner’s
knowledge.
In other words, stealing, is the easiest term for this. And anyone is under threat of this.
5
FLM 1.0
ITE 305: Information Assurance and Security 2
Module #3
Everything gets old, even machines. And with the rate that our machines/hardware/software update, it can
even be said that they get older faster, and thus get obsolete faster.
Before it was a big highlight that your flashdrive can handle 16gb, now you can see 1tb flashdrives. Good
thing 16gb is not yet considered as obsolete. A good example of obsolete is if you are still using old operating
systems that are no longer supported by Microsoft.
2) Activity 3: Skill-building Activities (with answer key) (18 mins + 2 mins checking)
Now that we know the common terms used in IAS 2. Let’s practice what we understood so far.
Exercise 1: Matching type. Match the phrases/words to below to the appropriate description further below by writing
corresponding letter.
___ 1. They are considered to be the most dangerous threats, because they give little to know warning and deliver
devastating damage to assets.
___ 2. These threats occur when a manufacturer distributes equipment containing a known or unknown flaw.
___ 3. A very good example of these are loss of electricity and internet service provider.
___ 4. Threats occur when large quantities of computer code are written, debugged, published, and sold before all their
bugs are detected and resolved.
___ 5. This category of threat involves the deliberate sabotage of a computer system or business, or acts of vandalism to
either destroy an asset or damage the image of an organization.
___ 6. A very common procedure in this type of threat is hacking
___ 7. This category includes acts performed without intent or malicious purpose by an authorized user. Commonly
known as natural mistakes.
___ 8. This threat occurs when an attacker or trusted insider steals information from a computer system and demands
compensation for its return or for an agreement not to disclose it.
___ 9. This occurs when tools and technologies gets old to catch up to the trend and speed of the Industry’s needs.
___ 10. This threat makes an organization vulnerable to loss, damage, or disclosure of information assets when other
threats lead to attacks.
___ 11. Common example of this type of threat is violating software licenses and pirating software.
___ 12. This threat makes an organization vulnerable to loss, damage, or disclosure of information assets when other
threats lead to attacks.
___ 13. This threat is stealing assets of a an organization, it can be physical, electronic or even intellectual, as long as it
has value and it can be stolen.
___ 14. This threat focuses on the fact this attack occurs when an individual or group designs and deploys software to
attack a system.
2
FLM 1.0
ITE 305: Information Assurance and Security 2
Module #3
2
FLM 1.0
ITE 305: Information Assurance and Security 2
Module #3
C. LESSON WRAP-UP
1) Activity 6: Thinking about Learning (5 mins)
You are done with this session! Let’s track your progress. Shade the session number you just completed.
Did you have challenges learning the common terms in IAS? If none, which parts of the module helped you learn the
terms? Did you enjoy the modules?
FAQs
1. Are there other categories of threats?
Answer: There could be more from other companies, or perhaps they have their own way of categorizing these threats.
But the ones listed here are the most common way of categorizing threats
3
FLM 1.0