1. Types of Security Threats
2. Structured threats
2.1. from hackers that are more highly motivated and technically competent
2.1.1. system vulnerabilities, and can understand and develop exploit-code and scripts
2.1.1.1. , develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses.
3. Internal threats
3.1. when someone has authorized access to the network with either an account on a server or physical access to the network
3.1.1. a disgruntled employee, an opportunistic employee, or an unhappy past employee whose access is still active.
3.1.1.1. they could be using a compromised account or one they set up before leaving for just this purpose.
4. External threats
4.1. from individuals or organizations working outside of a company.
4.1.1. They do not have authorized access to the computer systems or network
4.1.1.1. They work their way into a network mainly from the Internet or dialup access servers
5. Unstructured threats
5.1. an external company Web site is hacked, the integrity of the company is damaged.
5.1.1. external Web site is separate from the internal information that sits behind a protective firewall, the public does not know that
6. Type of attacks to computer security
7. Physical – Events or attacks that steal, damage, or destroy equipment, such as servers, switches, and wiring
8. Data – Events or attacks that remove, corrupt, deny access to authorized users, allow access to unauthorized users, or steal information
9. Data Wiping
9.1. Deleting files from a hard drive does not remove them completely from the computer.
9.1.1. This data is not completely removed until the hard drive stores other data in the same location, overwriting the previous data.
9.1.1.1. as secure erase is a software-based method of overwriting the data that aims to completely destroy all electronic data residing on a hard disk drive
10. Hard Drive Recycling
10.1. Standard format - Also called high-level formatting, a boot sector is created and a file system is set up on the disk. A standard format can only be performed after a low-level format has been completed
10.1.1. Low-level format - The surface of the disk is marked with sector markers to indicate where data will be stored physically on the disk, and tracks are created. Low-level formatting is most often performed at the factory after the hard drive is built.
11. Security Hardware
11.1. Use cable locks with equipment
11.1.1. Keep telecommunication rooms locked
11.1.1.1. Fit equipment with security screws
11.1.1.1.1. Use security cages around equipment
12. confidentiality
12.1. Preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information
12.1.1. It is important that only approved individuals are able to access important information. For example, the credit card number used to make an online purchase
12.1.1.1. Providing confidentiality can involve several different security tools, ranging from software to “scramble” the credit card
13. integrity
13.1. Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
13.1.1. In the example of the online purchase, an attacker who could change the amount of a purchase from RM10,000.00 to RM1.00
14. availability,
14.1. Ensuring timely and reliable access to and use of information
14.1.1. Availability ensures that data is accessible to authorized users.
14.1.1.1. Information has value if the authorized parties who are assured of its integrity can access the information.