Scribd
Upload
3 views

Final Week4 (IAS101)

The document provides an overview of key concepts in Information Assurance and Security, including definitions of threats, threat actors, vulnerabilities, exploits, attacks, and countermeasures. It categorizes threats by intent, type, and impact, and discusses the implications of exposure and compromise. Additionally, it outlines the consequences of attacks and the importance of implementing security controls to reduce vulnerabilities in information systems.

Uploaded by

teacher27
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
3 views

Final Week4 (IAS101)

The document provides an overview of key concepts in Information Assurance and Security, including definitions of threats, threat actors, vulnerabilities, exploits, attacks, and countermeasures. It categorizes threats by intent, type, and impact, and discusses the implications of exposure and compromise. Additionally, it outlines the consequences of attacks and the importance of implementing security controls to reduce vulnerabilities in information systems.

Uploaded by

teacher27
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Information Assurance

and Security 1
IAS 101:
Terms: Threat and Threat Actors
A threat is a category of entities, or a circumstance, that poses
a potential danger to an asset (through unauthorized access,
destruction, disclosure, modification or denial of service).
 Threats can be categorized by intent: accidental
or purposeful (error, fraud, hostile intelligence);
 Threats can be categorized by the kind of entity
involved: human (hackers, someone flipping a
switch), processing (malicious code, sniffers),
natural (flood, earthquake);
 Threats can be categorized by impact: type of
asset, consequences.

NOTE: A threat actor is a specific instance of a threat, e.g. a


specific hacker, a particular storm, etc.
Examples of Threats
 Interruption: an asset becomes unusable, unavailable, or lost.
 Interception: an unauthorized party gains access to an
information asset.
 Modification: an unauthorized party tampers with an asset.
 Fabrication: an asset has been counterfeit.
Examples:
 Interruption: a denial of service attack on a website
 Interception: compromise of confidential data, e.g., but packet
sniffing
 Modification: hacking to deface a website
 Fabrication: spoofing attacks in a network
Terms: Environments, Enclaves

 A hostile environment for assets is one that has known


threats.
Example: locating an asset in a war zone or a flood zone, or
placing an unprotected machine on the Internet.
 A benign environment is a nonhostile environment that
may be protected from external hostile elements by
physical, personnel, and procedural countermeasures.
 An enclave is a collection of computing environments
connected by one or more internal networks under the
control of a single authority and security policy, including
personnel and physical security.
Terms: Vulnerabilities and Exploits
A vulnerability is a weakness or fault in a system
that exposes information to attack.
A bug in a computer program is a very
common vulnerability in computer security
(e.g. buffer overflow situation). A procedural
failing can subvert technology controls (e.g.
a core dump of secure information upon a
failure). A lack of controls can result in
vulnerabilities, if controls are subverted (e.g.
Enron financials).
NOTE: An exploit is a method for taking advantage of a known
vulnerability.
What’s the difference between an exploit and an
attack?
Terms: Vulnerabilities and Exploits

A dangling vulnerability is one for which


there is no known threat (vulnerability is
there but not exploitable).
A dangling threat is one that does not pose a
danger as there is no vulnerability to exploit
(threat is there, but can’t do damage).

Can you give examples of these or


situations in which they might occur?
Terms: Attacks, etc.
An attack is an attempt to gain access, cause damage to or
otherwise compromise information and/or systems that support it.

 Passive attack: an attack in which the


attacker observes interaction with the
system.
 Active attack: at attack in which the
attacker directly interacts with the
system.
 Unintentional attack: an attack where
there is not a deliberate goal of misuse
Terms: Attacks, etc. (2)
Attacks have a subject and object.

 Attack subject: the active entity, usually a threat actor, that


interacts with the system.
 Attack object: the targeted information system asset.

 The attack surface of an organization/entity is the set of ways


in which an adversary can enter the system and potentially
cause damage. For example:
The attack surface of a software environment is the code within
a computer system that can be run by unauthenticated users.
This includes, but is not limited to: user input fields, protocols,
interfaces, and services. (Wikipedia)
Terms: Exposure, Compromise

 Exposure is an instance when the system is


vulnerable to attack.
 A compromise is a situation in which the
attacker has succeeded.
 An indicator is a recognized action—specific,
generalized or theoretical—that an
adversary (threat actor) might be expected
to take in preparation for an attack.

Give an example of an
indicator
Terms: Consequences

A consequence is the outcome of an attack. In a purposeful


threat, the threat actor has typically chosen a desired
consequence for the attack, and selects the IA objective to target
to achieve this.
 Disruption: targets availability
 Corruption: targets integrity
 Exploitation: targets confidentiality
A consequence may cause the information system to lose
effectiveness, and may have other costs.
 Inadvertant disclosure is a type of consequence, involving
accidental exposure of information to an agent not authorized
access
Terms: Countermeasures
Controls, safeguards and countermeasures are any actions, devices,
procedures, techniques and other measures that reduce the vulnerability of
an information system. There are many kinds:

 technical
 policy, procedures and practices
 education, training and awareness
 cover and deception (camouflage)
 human intelligence (HUMINT), e.g. disinformation
 monitoring of data and transmissions
 surveillance countermeasures that detect or neutralize sensors, e.g.
TEMPEST
 assessments and inspections.
A security posture or security profile is the implementation (policy,
procedures, technology) of the security effort within an organization.
Assignment: Answer the highlight text …

Prepare for a
summative test next
week
END …

You might also like