Scribd Logo
Upload

Welcome to Scribd!

  • HND - SEC - W2 - IT Security Risks

    Uploaded by

    Anojan Anoj
    4 views19 pages

    Original Title

    HND_SEC_W2_ IT Security Risks

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views19 pages

    HND - SEC - W2 - IT Security Risks

    Uploaded by

    Anojan Anoj

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    Unit 5 –Security

    LO1. Assess risks to IT security.


    2. IT Security Risks.

    1
    Vulnerability

     A weakness which can be exploited by a cyber attack to


    gain unauthorized access to or perform unauthorized
    actions on a computer system.
     Vulnerabilities can allow attackers to run code, access a
    system's memory, install malware, and steal, destroy or
    modify sensitive data.

    2
    Threats
     Security Threat is defined as a risk that which can potentially
    harm computer systems and organization.
     There are three main types of threats:
     Natural threats, such as floods, hurricanes, or tornadoes
     Unintentional threats, like an employee mistakenly accessing the
    wrong information
     Intentional threats, such as spyware, malware, adware
    companies, or the actions of a disgruntled employee

    3
    Risk

     This is the probability that a particular threat would


    exploit a particular vulnerability.

    4
    Countermeasure

     An action or method that is applied to prevent, reduce


    potential threats to computers, servers, networks,
    operating systems (OS) or information systems (IS).
     Countermeasure tools include anti-virus software and
    firewalls.

    5
    Threats
     Virus – A computer virus is a malicious software
    program loaded onto a user’s computer without the
    user’s knowledge and performs malicious actions.

    6
    Virus
    A computer virus works in much the same way:
     A computer virus requires a host program.
     A computer virus requires user action to transmit from
    one system to another.
     A computer virus attaches bits of its own malicious code
    to other files or replaces files outright with copies of
    itself.

    7
    How do computer viruses spread?

     In a constantly connected world, you can contract a


    computer virus in many ways, some more obvious than
    others.
     Viruses can be spread through email and text message
    attachments, Internet file downloads, and social media
    scam links.

    8
    How do computer viruses spread?

    9
    Threats

     Worms – A computer worm is a type of malware that


    spreads copies of itself from computer to computer.
     A worm can replicate itself without any human
    interaction, and it does not need to attach itself to a
    software program in order to cause damage.

    10
    Types of computer worms
     A computer virus or worm hybrid is a piece of
    malware that spreads like a worm, but that also
    modifies program code like a virus -- or else carries
    some sort of malicious payload, such as a virus,
    ransomware or some other type of malware.

    11
    Types of computer worms

     Instant messaging, or IM worms propagate through


    instant messaging services and exploit access to
    contact lists on victim computers.
     Email worms are usually spread as
    malicious executable files attached to what appear to be
    ordinary email messages.

    12
    A Trojan horse, or Trojan, is a type of malicious code or
    software that looks legitimate but can take control of your
    computer.
    A Trojan is designed to damage, disrupt, steal, or in
    general inflict some other harmful action on your data or
    network.

    13
     Denial of Service- The main aim of this attack is to
    bring down the targeted network and make it to deny
    the service for legitimate users.
    DoS attacks typically fall in 2 categories:
     Buffer overflow attacks
     Flood attacks

    14
     Zero-day attacks, also called zero-hour attacks - an
    attack that occurs on the first day that a vulnerability
    becomes known.
     Identity theft - an attack to steal the login credentials of
    a user in order to access private data. Types of identity
    theft include criminal, medical, financial and child
    identity theft.

    15
    Risk Management and Risk Assessment
     Risk management is the ongoing process of
    discovering, correcting, and preventing security
    problems.
     Risk assessment is an integral part of an organization’s
    risk management process, designed to provide
    appropriate levels of security for its information systems
    and data.

    16
    Risk Management - Five Principles
    I. Assess risk and determine needs.

    II. Establish a central management focus.

    III. Implement appropriate policies and related controls.

    IV. Promote awareness.

    V. Monitor and evaluate policy and control effectiveness.


    17
    Risk Analysis

     A tool for risk management


     It is a method of identifying vulnerabilities and threats
    and assessing the possible damage to determine where
    to implement security safeguards.
     Risk analysis helps companies priorities their risks and
    shows management the amount of money that should
    be applied to protecting against those risks in a sensible
    manner.

    18
    Lesson Summary

     Common terms(Threats, Vulnerabilities, Risks,


    and Counter-measures)
     Threats
     Risks
    Risk Management and Risk assessment
    Risk Management - Five Principles
    Risk Analysis

    19

    You might also like