Professional Documents
Culture Documents
1
Vulnerability
2
Threats
Security Threat is defined as a risk that which can potentially
harm computer systems and organization.
There are three main types of threats:
Natural threats, such as floods, hurricanes, or tornadoes
Unintentional threats, like an employee mistakenly accessing the
wrong information
Intentional threats, such as spyware, malware, adware
companies, or the actions of a disgruntled employee
3
Risk
4
Countermeasure
5
Threats
Virus – A computer virus is a malicious software
program loaded onto a user’s computer without the
user’s knowledge and performs malicious actions.
6
Virus
A computer virus works in much the same way:
A computer virus requires a host program.
A computer virus requires user action to transmit from
one system to another.
A computer virus attaches bits of its own malicious code
to other files or replaces files outright with copies of
itself.
7
How do computer viruses spread?
8
How do computer viruses spread?
9
Threats
10
Types of computer worms
A computer virus or worm hybrid is a piece of
malware that spreads like a worm, but that also
modifies program code like a virus -- or else carries
some sort of malicious payload, such as a virus,
ransomware or some other type of malware.
11
Types of computer worms
12
A Trojan horse, or Trojan, is a type of malicious code or
software that looks legitimate but can take control of your
computer.
A Trojan is designed to damage, disrupt, steal, or in
general inflict some other harmful action on your data or
network.
13
Denial of Service- The main aim of this attack is to
bring down the targeted network and make it to deny
the service for legitimate users.
DoS attacks typically fall in 2 categories:
Buffer overflow attacks
Flood attacks
14
Zero-day attacks, also called zero-hour attacks - an
attack that occurs on the first day that a vulnerability
becomes known.
Identity theft - an attack to steal the login credentials of
a user in order to access private data. Types of identity
theft include criminal, medical, financial and child
identity theft.
15
Risk Management and Risk Assessment
Risk management is the ongoing process of
discovering, correcting, and preventing security
problems.
Risk assessment is an integral part of an organization’s
risk management process, designed to provide
appropriate levels of security for its information systems
and data.
16
Risk Management - Five Principles
I. Assess risk and determine needs.
18
Lesson Summary
19