Professional Documents
Culture Documents
INFORMATION SYSTEMS IN
BUSINESS
What does Threat mean?
A threat refers to anything that has the potential to cause serious harm to a
computer system. A threat is something that may or may not happen, but has the
potential to cause serious damage. Threats can lead to attacks on computer
systems, networks and more.
Threats are potentials for vulnerabilities to turn into attacks on computer
systems, networks, and more. They can put individuals’ computer systems and
business computers at risk, so vulnerabilities have to be fixed so that attackers
cannot infiltrate the system and cause damage.
Threats can include everything from viruses, trojans, back doors to outright
attacks from hackers. Often, the term blended threat is more accurate, as the
majority of threats involve multiple exploits. For example, a hacker might use a
phishing attack to gain information about a network and break into a network.
Types of Computer Security Threats
1. Computer virus
We’ve all heard about them, and we all have our fears. For everyday Internet
users, computer viruses are one of the most common threats to
cybersecurity.
Computer viruses are pieces of software that are designed to be spread from
one computer to another. They’re often sent as email attachments or
downloaded from specific websites with the intent to infect your computer
— and other computers on your contact list — by using systems on your
network. Viruses are known to send spam, disable your security settings,
corrupt and steal data from your computer including personal information
such as passwords, even going as far as to delete everything on your hard
drive.
Leveraging the fear of computer viruses, scammers have a found a new
way to commit Internet fraud.
Rogue security software is malicious software that mislead users to
believe there is a computer virus installed on their computer or that
their security measures are not up to date. Then they offer to install
or update users’ security settings. They’ll either ask you to download
their program to remove the alleged viruses, or to pay for a tool.
Both cases lead to actual malware being installed on your computer.
3. Trojan horse
Metaphorically, a “Trojan horse” refers to tricking someone into inviting
an attacker into a securely protected area. In computing, it holds a
very similar meaning — a Trojan horse, or “Trojan,” is a malicious
bit of attacking code or software that tricks users into running it
willingly, by hiding behind a legitimate program.
They spread often by email; it may appear as an email from someone you
know, and when you click on the email and its included attachment,
you’ve immediately downloaded malware to your computer. Trojans
also spread when you click on a false advertisement.
Once inside your computer, a Trojan horse can record your passwords by
logging keystrokes, hijacking your webcam, and stealing any sensitive
data you may have on your computer.
4. Rootkit
You can't depend on users to be responsible for all their configurations, but if
you're using Microsoft's Active Directory service, you can use group policies
to lock down desktops across your enterprise.
Group policies allow a security manager to set configuration details for the OS
and its components (Internet Explorer, Windows Media Player, etc), as well
as other apps. For example, you can change the settings for each of IE's
security zones, enforce the use of your organization's content filtering
Internet proxy, and even forbid the use of unsigned third-party macros in MS
Office apps. Windows itself comes with a number of sample template files,
and more are available from Microsoft's Web site or from the Windows or
Office Resource Kits. In addition, make sure access rights to network folders
are applied on a strict need-only basis.
4. Segment LANs
Sensitive information can flow out of your organization through e-mail, printed
copies, instant messaging or by people simply talking about things they should
keep to themselves. Combine security policy and technology to stanch the
bleeding.
First, make sure your policy details restrictions on disseminating confidential data.
Technology can help, starting with the IDSes. Scan your business plan for unique
phrases that you wouldn't expect to find anywhere else and configure your IDS
to alert you whenever it sees these telltale snippets on the network.
E-mail firewalls, such as CipherTrust's IronMail and Tumbleweed Communication
's MMS, can scan the full text of all outgoing e-mail.
Vidius' PortAuthority, applys a digital signature to each protected document and
blocks access based on user-generated policy.
Digital rights management tools, such as SealedMedia and Authentica's Recall
series of products, restrict distribution of documents by assigning access rights
and permissions.
6. Monitor for Misuse
It can seem a difficult task to keep track of all the network security threats
that are out there, and the new ones that just keep emerging. Whether the
media is creating a culture of fear out of being online and placing trust in
leaving our information out for all to see, or whether the threats that wait in
the dark corners of the Internet are truly serious and can happen to anyone,
the best thing we can all do is to be prepared. There is no way to be
completely sure that a system is impenetrable by cybersecurity threat. We
need to ensure that our systems are as secure as possible.
THANK YOU AND BE SAFE !