Scribd
Upload
10 views13 pages

Week#02 Lecture#02

Uploaded by

graphicsra41
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
10 views13 pages

Week#02 Lecture#02

Uploaded by

graphicsra41
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 13

Information Security

SE-308
Week 2 (Lecture
#02)
Need for security and
understanding the threats

– Introduction
– Understanding the Threats
– Different types of Threats
– Attack
– Different types of Attacks
6. Acts of Human Error or
Failure
• Acts of human error or failure are mistakes
made by people that cause problems or
negative outcomes.

• These errors can happen due to various


reasons like lack of knowledge,
carelessness, or miscommunication.

• Organizations need to train their


employees and implement policies to
reduce the risks associated with human
error.
7. Information Extortion
(Blackmail)

• Information extortion is when someone


threatens to reveal private or sensitive
information unless they are paid money.

• It's like blackmail but in the digital world.


8. Ineffective, Missing, or Incomplete
Organizational Planning or Policy

• If a company doesn't have clear rules or


plans to keep its information safe, it faces
the risk of losing or exposing important
data when attacks happen.

• Leaders must ensure that effective plans


are implemented to safeguard information.
9. Missing, Inadequate, or
Incomplete Security Controls
• "Missing, Inadequate, or Incomplete
Security Controls" refers to the absence,
insufficiency, or lack of effectiveness of
security controls in an organization's
information security program.

• This can lead to weaknesses that can be


exploited by threats, resulting in security
violations, and data losses.
10.Sabotage or Vandalism
• Sabotage or vandalism means doing
intentional damages.

• "Sabotage" is when someone intentionally


messes up or damages something for a
reason (political, military, or economic), like
stopping a factory from working properly.

• "Vandalism" is when someone intentionally


damages property just to cause trouble, like
car scratches, or breaking glass of windows,
and graffiti on a wall.
11. Theft
• Theft, whether it's physical, electronic, or
intellectual, is always a risk.

• Physical theft can be prevented with locks


and alarms, but electronic theft is harder
to detect.

• When electronic information is stolen, it's


not easily noticeable, especially if the
thieves cover their tracks or marks well.
12. Technical Hardware Failures or Errors:
Technical hardware failures or errors refer to problems
in the physical components of computer systems or
devices.

13. Technical Software Failures or Errors:


Technical software failures or errors occur when there
are flaws or bugs in computer programs or
applications.

14. Technological Outdatedness :


It happens when equipment or software becomes old
and unreliable.
Good management should keep an eye on technology
Attack
• An attack is any action that destroys security.

• An "attack" refers to any intentional and


unauthorized attempt to affect the
confidentiality, integrity, or availability of a
system or its data.

• Attackers use various methods to take


advantage of system, network, or application
weaknesses to achieve their objectives.
Types of Attacks
Active Attack:
The attacker tries to change or modify the content of
messages. Active Attack is dangerous to Integrity as
well as availability. This can damage the system and
make it not work properly.

Example: • Spoofing
• Malicious Code • Man-in-the-Middle
• Hoaxes • Spam
• Back Doors • Mail Bombing
• Password crack • Social Engineering
• Brute Force
• Pharming
• Dictionary
• Phishing
• Denial-of-Service (DoS)
• Distributed Denial-of-Service (DDoS)
Types of Attacks (Cont’d)
Passive Attack:
Passive attack involve monitoring or overhear on
communication channels, system activities and data
exchanges without altering or changing the data and
disturbing the communication flow.

Example:
• Traffic Analysis
• Release of message content
• Sniffers
• Timing Attack
• Shoulder Surfing
• Video Surveillance
Thank you!

You might also like